CCTR.39.SEP.25

Monday morning cyber coffee read CCTR.39.SEP.25

Cyber operations are now tools of coercion, pressure and threshold testing across the Indo-Pacific.

China’s Salt Typhoon threat group has shifted from quiet espionage to mass-scale civilian data collection. Once thought to only target government systems, a new disclosure by ASD and partners attributed to the Ministry of State Security and PLA show the campaign may have compromised data tied to nearly every Australian household, alongside millions more globally.

The Way Forward? Intelligence sharing and partner collaboration are essential. It is time for governments to set clear boundaries on state-backed cyber operations before coercion becomes the norm.

https://www.aspistrategist.org.au/chinese-cyber-skirmishes-in-the-indo-pacific-show-emerging-patterns-of-conflict/

A critical vulnerability (CVE-2025-10035, CVSS 10) in Fortra’s GoAnywhere MFT allows attackers to potentially compromise systems.

Over 90,000 internet-facing MFT servers are exposed. A similar flaw in 2023 was exploited by the Cl0p ransomware group, leading to mass ransomware incidents. Attackers are expected to weaponise this flaw rapidly.

Patch now.

ensure GoAnywhere Admin Console is not exposed to the public internet.

Inventory any GoAnywhere servers, assume compromise if unpatched and internet-exposed.

https://www.fortra.com/security/advisories/product-security/fi-2025-012

https://www.rapid7.com/blog/post/etr-cve-2025-10035-critical-unauthenticated-rce-in-goanywhere-mft/

Radware discovered a zero-click vulnerability in ChatGPT’s Deep Research agent, triggered by an indirect prompt injection vulnerability hidden in email HTML. When connected to Gmail and browsing, a single crafted email can silently exfiltrate inbox data to an attacker with no user action and no visible UI.

Think beyond AI governance. Conduct tactical testing of your AI integrations before attackers do.

https://www.radware.com/blog/threat-intelligence/shadowleak/

A permission misconfiguration vulnerability (CVE-2025-0164) has been identified in IBM QRadar SIEM. This vulnerability requires an existing privileged account such as administrators or support engineers to exploit. Unlike the Fortra GoAnywhere MFT flaw, it cannot be abused by just anyone on the internet.

Treat your vulnerability intelligence carefully and allocate your team’s time where it will have the most impact.

https://www.ibm.com/support/pages/node/7244784

PreviousCCTR.40.SEP.25NextCCTR.38.SEP.25

Last updated