Cyber Security Headlines Russian hackers replace malware with new tools, Windows updates cause login issues, campaign targets high-profile servers
16 snips
Oct 22, 2025 Russian hackers are evolving, swapping out outdated malware for new, stealthier tools. Some recent Windows updates have created login chaos, affecting multiple PCs. A sophisticated campaign has emerged targeting high-profile servers with bespoke malware. Meanwhile, high-severity flaws have been added to CISA's exploited list, urging urgent patching. Plus, GlassWorm is spreading through VS Code extensions, stealing developer credentials, and a botnet expansion aims to compromise routers worldwide.
AI Snips
Chapters
Transcript
Episode notes
Cold River Upgrades Toolset
- Google reports Cold River developed three new malware strains after prior tools were exposed in May.
- The group now uses custom malware more aggressively to evade detection and deepen intelligence collection from already-phished victims.
Fix Duplicate-SID Login Failures
- Microsoft links failed logins to duplicate SIDs from cloned systems and recommends rebuilding affected machines.
- If rebuilding is impractical, contact Microsoft support for a temporary group policy workaround.
Passive Neuron Targets High-Value Servers
- Kaspersky links the Passive Neuron campaign to a Chinese-speaking actor using custom implants and Cobalt Strike.
- The campaign targets high-value servers and uses large disguised DLLs for persistence across Asia, Africa, and Latin America.