Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide
A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users’ credentials. The kit comes pre-configured with phishing domains to allow less skilled threat actors to achieve maximum results with the least effort. Since August, analysts at security awareness company KnowBe4 have noticed Quantum Route Redirect (QRR) attacks in the wild across a wide geography, although nearly three-quarters are located in the U.S.
Hackers Actively Exploiting Cisco and Citrix 0-Day in the Wild to Deploy Webshell
An advanced hacking group is actively exploiting zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix systems. These attacks, spotted in real-world operations, allow hackers to deploy custom webshells and gain deep access to corporate networks. The findings highlight how attackers are targeting key systems that manage user logins and network controls, putting businesses at high risk. The attack was uncovered by Amazon’s MadPot honeypot service, a tool designed to lure and study cyber threats. It caught attempts to exploit a Citrix flaw known as “Citrix Bleed Two” (CVE-2025-5777) before anyone knew about it publicly.
Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform
Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform called Lighthouse that has ensnared over 1 million users across 120 countries. The PhaaS kit is used to conduct large-scale SMS phishing attacks that exploit trusted brands like E-ZPass and USPS to steal people’s financial information by prompting them to click on a link using lures related to fake toll fees or package deliveries. While the scam in itself is fairly simple, it’s the industrial scale of the operation that has allowed it to illegally make more than a billion dollars over the past three years.
The airport heist isn’t over, as hackers claim to drop Collins Aerospace data
A Russian ransomware gang, which ignited chaos across Europe’s airports last month, allegedly leaked data allegedly stolen from Collins Aerospace. The Russia-linked ransomware gang has released a dataset for download, claiming it belongs to Collins Aerospace, a technology service provider used by several major European airports to manage check-in and boarding systems. The company and its MUSE check-in software had been a target of a devastating attack that froze European airports.Reportedly, the incident began on September 19th, when Collins Aerospace reported a “technical issue” to Aviation authorities.
Synnovis Confirms Patient Information Stolen in Disruptive Ransomware Attack
Pathology services provider Synnovis has confirmed that patient personal information was stolen in a June 2024 ransomware attack that disrupted the operations of several London hospitals. Formed as a partnership between King’s College Hospitals NHS Trust, Guy’s and St Thomas’ NHS Foundation Trust, and SYNLAB, the organization provides pathology laboratory services to hospitals, mainly in southeast London. The ransomware attack on Synnovis occurred on June 3 and affected all IT systems, interrupting its services and forcing hospitals to cancel operations and send patients away. Synnovis did not pay a ransom but worked with authorities and cyber experts to contain and investigate the attack. It rebuilt the affected IT infrastructure from scratch and was able to restore all impacted services by late 2024.
