BMC Daily Cyber News

This is today’s cyber news for 2025-09-29. Ransomware, zero-days, and persistent backdoors dominated the headlines, showing just how wide the attack surface has become. Medusa claims to have stolen more than 800 gigabytes of Comcast data and is demanding $1.2 million in extortion. Akira continues to find ways around SonicWall VPN multi-factor authentication, raising fresh concerns about identity controls. The UK’s Co-op has revealed that its April attack cost the retailer hundreds of millions in lost revenue, while Ohio’s Union County confirmed nearly 45,000 residents had Social Security and financial data exposed. Attackers also seeded malicious ads for fake Teams installers that drop the Oyster backdoor.

Other stories cover Salesforce’s “ForcedLeak” flaw, the GoAnywhere zero-day exploited before disclosure, Cisco firewall attacks that dropped entirely new malware families, and Google’s warning of the stealthy “Brickstorm” backdoor aimed at U.S. legal and tech firms. The lineup continues with phishing campaigns delivering PureRAT, AT&T’s $177 million settlement over breaches, and auto supply chain disruptions from cyber incidents. We close with macOS malware, fake TradingView ads, and Microsoft acknowledging Outlook and Edge security issues.