Daily Digest

Europol Busts 'SIMCARTEL' CaaS Network; Everest Ransomware Claims Collins Aerospace Attack

Europol Busts 'SIMCARTEL' CaaS Network; Everest Ransomware Claims Collins Aerospace Attack

October 19, 2025
6 articles (4 new, 2 updated)
18 min read

Summary

This cybersecurity brief for October 19, 2025, covers major international law enforcement actions, high-profile ransomware claims, and critical vulnerability disclosures. Key events include the dismantling of the 'SIMCARTEL' Cybercrime-as-a-Service platform in Europe, the Everest ransomware group claiming responsibility for the disruptive Collins Aerospace attack, and Microsoft's revocation of over 200 malicious certificates used by the Vanilla Tempest group. Additionally, CISA has issued warnings for two actively exploited Windows zero-day vulnerabilities, and a critical RCE flaw has been patched in Microsoft WSUS.

Filter by Category

New Articles (4)

"SIMCARTEL" CaaS Network Busted in Major European Takedown

HIGH

Europol and Partners Dismantle "SIMCARTEL" Cybercrime-as-a-Service Platform in Latvia

A coordinated international law enforcement operation codenamed "SIMCARTEL" has dismantled a massive Cybercrime-as-a-Service (CaaS) platform operating out of Latvia. The operation, involving authorities from Austria, Estonia, and Finland with support from Europol, resulted in seven arrests and the seizure of a vast infrastructure that enabled millions of euros in financial fraud. The network provided criminals with access to over 40,000 active SIM cards via SIM box devices, which were used to create approximately 49 million fraudulent online accounts, facilitating crimes like phishing, smishing, and investment fraud across Europe.

October 19, 2025
5 min read
CaaSSIM boxfraudEuropollaw enforcement +2 more
"SIMCARTEL" CaaS Network Busted in Major European Takedown
Cyberattack
Threat Actor
Policy and Compliance

Silver Fox APT Expands Reach, Targets Japan and Malaysia with New RAT

HIGH

Chinese APT Group "Silver Fox" Expands Operations to Japan and Malaysia, Deploying Winos 4.0 and HoldingHands RAT

The Chinese-nexus cybercrime group known as "Silver Fox" has expanded its targeting beyond China and Taiwan to include organizations in Japan and Malaysia. Researchers report the group is using phishing emails with malicious PDFs to distribute the HoldingHands RAT. This expansion follows previous campaigns where the group used diverse tactics, including SEO poisoning to spread the Winos 4.0 (ValleyRAT) malware and Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software. The group's evolving tactics and widening geographic scope indicate an increased threat to government and commercial entities across Asia.

October 19, 2025
5 min read
Silver FoxAPTWinos 4.0HoldingHands RATcyber espionage +2 more
Silver Fox APT Expands Reach, Targets Japan and Malaysia with New RAT
Threat Actor
Malware
Cyberattack

Panera Bread Reaches $2.5M Settlement for 2024 Data Breach

MEDIUM

Panera Bread Agrees to $2.5 Million Class-Action Settlement Over March 2024 Data Breach

Panera Bread has agreed to a $2.5 million settlement to resolve a class-action lawsuit related to a data breach that occurred in March 2024. The breach exposed the personal information, including names and Social Security numbers, of approximately 147,321 individuals, primarily current and former employees. Under the settlement, affected individuals can file claims for reimbursement of expenses and time spent dealing with the breach's aftermath, with a claim deadline of November 11, 2025.

October 19, 2025
4 min read
data breachsettlementclass actionPanera BreadPII +1 more
Panera Bread Reaches $2.5M Settlement for 2024 Data Breach
Data Breach
Regulatory
Policy and Compliance

Volkswagen Probes 8Base Ransomware Attack Claim

HIGH

Volkswagen Investigates Data Breach Claim by 8Base Ransomware Group

The Volkswagen Group is investigating a claim from the 8Base ransomware group that it has breached the automotive giant and stolen sensitive data. 8Base, a data extortion group linked to Phobos ransomware, posted a trove of allegedly stolen files on its dark web site, including accounting documents and employee contracts. Volkswagen stated its core IT systems are secure but acknowledged the possibility of a breach through a third-party supplier, highlighting the growing threat of supply chain attacks. The incident places Volkswagen under potential GDPR scrutiny.

October 19, 2025
5 min read
8BaseransomwareVolkswagendata breachsupply chain +2 more
Volkswagen Probes 8Base Ransomware Attack Claim
Ransomware
Data Breach
Supply Chain Attack

Updated Articles (2)

'Mysterious Elephant' APT Evolves, Deploys Custom Tools in Espionage Campaign

MEDIUM

'Mysterious Elephant' APT Shifts to Custom Malware in Cyber-Espionage Campaign Targeting South Asian Governments

Update:

New intelligence from Kaspersky reveals the 'Mysterious Elephant' APT has intensified its cyber espionage in 2025, with Bangladesh emerging as its second most-attacked nation after Pakistan. The group, active since at least 2023, employs a hybrid toolkit, repurposing code from groups like Confucius and Origami Elephant, rather than solely custom tools. A notable focus is intercepting communications on consumer messaging apps like WhatsApp, highlighting a new vector of compromise for government and diplomatic targets in South Asia. This update provides specific target countries and a clearer understanding of their evolving TTPs.

October 14, 2025
Updated: October 19, 2025
5 min read
APTMysterious ElephantCyber-espionageCustom MalwareSouth Asia +1 more
'Mysterious Elephant' APT Evolves, Deploys Custom Tools in Espionage Campaign
Threat Actor
Threat Intelligence

Microsoft Patches 172 Flaws, Including Three Actively Exploited Zero-Days

CRITICAL

Microsoft's October 2025 Patch Tuesday Addresses Over 172 Vulnerabilities, Three Zero-Days, and Critical WSUS Flaw

Update:

New analysis provides in-depth technical details for CVE-2025-59287, the critical WSUS RCE. The vulnerability stems from unsafe deserialization of an AuthorizationCookie object via the GetCookie() endpoint, leveraging a hardcoded AES-128-CBC key. An unauthenticated attacker can send a crafted cookie to achieve SYSTEM-level RCE. While not yet exploited in the wild, Microsoft assesses exploitation as 'more likely.' Specific detection methods include monitoring IIS logs for GetCookie() requests and EDR for w3wp.exe spawning suspicious processes.

October 17, 2025
Updated: October 19, 2025
5 min read
Patch TuesdayZero-DayRCEEoPWindows 10 +4 more
Microsoft Patches 172 Flaws, Including Three Actively Exploited Zero-Days
Patch Management
Vulnerability
Security Operations

📢 Share This Publication

Help others stay informed about cybersecurity threats