Cyber Briefing: 2025.10.15
Android 2FA Flaw, Windows Zero-Days, SAP Takeover Bug, Satellite Leaks, 365 Outage, SonicWall Breach, $15B Crypto Seized, UK 429 Attacks, Cybereason Buyout
👉 What’s happening in cybersecurity today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. Android Flaw Lets Apps Steal 2FA Codes
Google and Samsung Android devices were found to be vulnerable to a new side-channel attack called Pixnapping. This attack allows a malicious app to steal sensitive data, like two-factor authentication codes and Google Maps timelines, without the user’s knowledge by exploiting a GPU compression feature and Android APIs.
2. Two New Windows Zero Days Exploited
In October 2025, Microsoft released fixes for 183 security flaws, three of which were being actively exploited. The company is also ending free support for Windows 10, requiring users to enroll in a paid security program for continued updates.
3. New Sap Netweaver Bug Enables Takeover
SAP recently released security updates to fix 13 new security vulnerabilities, including a critical deserialization flaw (CVE-2025-42944) in SAP NetWeaver AS Java with a CVSS score of 10.0. This vulnerability could let an unauthenticated attacker execute arbitrary commands. SAP also patched other critical flaws, like a directory traversal bug in SAP Print Service and an unrestricted file upload vulnerability in SAP Supplier Relationship Management.
For more alerts, click here!
💥 Cyber Incidents
4. Unencrypted Satellites Expose Data
Over half of geostationary satellites are leaking unencrypted data, exposing sensitive communications from consumers, corporations, and even the military. This vulnerability was uncovered by researchers who used an $800 satellite receiver to intercept private calls, texts, and in-flight Wi-Fi traffic.
5. Microsoft Investigates 365 App Outage
Microsoft is looking into a problem preventing some customers from accessing Microsoft 365 applications, but has not yet specified which regions are affected. This follows a series of other recent service disruptions, including two major incidents last week that impacted multiple Microsoft 365 services.
6. Sonicwall VPN Accounts Breached
Cybersecurity researchers have issued a warning about a widespread campaign where hackers have used stolen, valid credentials to breach over 100 SonicWall SSLVPN accounts. These attacks, which began around October 4, often involved network scans and attempts to access local Windows accounts, with most of the activity originating from the same IP address.
For more incidents, click here!
📢 Cyber News
7. US Seizes 15 Billion In Crypto
The U.S. Department of Justice seized $15 billion in Bitcoin from the Prince Group, a criminal organization led by Chen Zhi that ran cryptocurrency investment scams, often known as “pig butchering,” which lured victims into fake investment schemes. The group, which operated out of forced labor camps in Cambodia, used sophisticated tactics to defraud countless victims worldwide since 2015.
8. UK NSCS Reports 429 Cyberattacks
From September 2024 to August 2025, the UK’s National Cyber Security Centre (NCSC) handled 429 cyberattacks, including 204 nationally significant cases. This marks a significant increase from the previous year, with nationally significant attacks more than doubling.
9. Cybereason To Be Acquired By Levelblue
LevelBlue, a major managed security service provider, has agreed to acquire cybersecurity company Cybereason, which specializes in extended detection and response (XDR) technology. Following the acquisition, Cybereason’s XDR and incident response capabilities will be integrated into LevelBlue’s managed security services, with Cybereason’s current investors becoming investors in LevelBlue.
For more news click here
📈Cyber Stocks
On Wednesday, 15th October, cybersecurity stocks edged lower as investors took profits after a strong run earlier in the month. The broader tech market pullback, cautious earnings outlooks, and renewed focus on integration and competition risks weighed on sentiment. Despite the dip, analysts noted that long-term demand for AI-enhanced and zero-trust solutions remains solid, keeping the sector’s fundamentals intact.
CrowdStrike closed near $501, down around 1%, as investors locked in gains following its recent AI-driven rally and assessed growth sustainability.
Zscaler ended near $307, down about 1.5%, pressured by concerns over competitive headwinds and challenges in maintaining rapid revenue expansion.
Palo Alto Networks finished around $210, slipping 1.2%, amid investor caution on integration risks and tempered forward guidance post-acquisition.
Okta settled near $89, slightly lower, with mixed sentiment surrounding its identity-focused AI initiatives and ongoing competition in access management.
Fortinet closed near $84, down 0.8%, as slowing firewall upgrades and profit-taking offset steady enterprise demand for network protection.
💡 Cyber Tip
Android Flaw Lets Apps Steal 2FA Codes
A newly discovered side-channel attack called Pixnapping allows malicious Android apps to steal sensitive data such as two-factor authentication codes and Google Maps timelines. The attack exploits a GPU compression feature and Android APIs to capture on-screen pixels from other apps without special permissions. Researchers found that a 2FA code could be stolen in under 30 seconds. Google has patched the vulnerability, CVE-2025-48561, in its September 2025 Android Security Bulletin and plans a stronger follow-up fix soon.
🔐 What You Should Do
Keep your Android device updated with the latest Google and Samsung security patches.
Install apps only from the Google Play Store and avoid downloading APKs from unverified sources.
Use hardware security keys or authentication methods that do not display codes on screen.
Review and limit overlay and accessibility permissions for installed apps.
Avoid leaving 2FA codes visible and close authenticator apps immediately after use.
⚠️ Why This Matters
Pixnapping shows that even sandboxed apps can spy on others through hardware side channels. If exploited, it could expose 2FA codes and sensitive app data, leading to account takeovers. Regular updates, trusted app sources, and secure authentication practices are essential to stay protected.
📚 Cyber Book
Biohacking & Wearable Security by Zephyrion Stravos
That concludes today’s briefing . You can check the top headlines here!
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.