Mon Nov 03 07:00:00 UTC 2025: Here’s a summary of the text and a rewrite as a news article:

Summary:

This article covers several cybersecurity news items:

  • Australia’s ASD warns of “BADCANDY” malware targeting unpatched Cisco IOS XE devices. Attackers can detect and re-exploit systems even after a reboot.
  • Former defense contractor executive pleads guilty to selling sensitive cyber exploits to a Russian company.
  • Palo Alto Networks discovers “Airstalk” malware exploiting Omnissa’s (formerly VMware’s) Workspace ONE to steal data.
  • Google Chrome will soon enable “Always Use Secure Connections” by default, warning users when visiting HTTP sites.
  • LastPass users are targeted by a phishing campaign claiming a family member has submitted a death certificate to access their account.
  • WhatsApp is rolling out biometric passkey support for encrypting chat backups.

News Article:

Cybersecurity Alert: Australian Signals Directorate Warns of “BADCANDY” Cisco Exploit, Ex-Defense Exec Sells Secrets to Russia, and More

Sydney, Australia – Several critical cybersecurity concerns have emerged this week, impacting organizations and individuals alike.

The Australian Signals Directorate (ASD) issued a warning regarding a newly identified malware implant dubbed “BADCANDY” targeting unpatched Cisco IOS XE devices. This malware, exploiting the CVE-2023-20198 vulnerability, allows attackers to gain control of systems and even re-exploit them after a reboot. The ASD strongly advises patching vulnerable devices to prevent compromise.

Meanwhile, in Washington D.C., Peter Williams, a former executive at defense contractor L3Harris, pleaded guilty to selling sensitive cyber exploits to a Russian company with ties to the Kremlin. The Justice Department alleges Williams sold national-security-focused software, including protected cyber-exploit components. He faces a potential prison sentence of over 11 years.

Palo Alto Networks has also uncovered a new malware strain called “Airstalk” that targets Omnissa’s (formerly VMware’s) Workspace ONE. The malware, suspected to be the work of a nation-state actor, leverages the API to exfiltrate data and take live screenshots.

In other news, Google Chrome is set to enhance user security by enabling “Always Use Secure Connections” by default starting in Chrome 154 next October. This feature will warn users when visiting HTTP sites, aiming to promote HTTPS adoption.

LastPass users are also being targeted by a sophisticated phishing campaign. The email claims someone in their family submitted a death certificate to gain access to their account and asks users to confirm their credentials, which is a trap.

Finally, WhatsApp is rolling out biometric passkey support for encrypted chat backups, allowing users to secure their backups with fingerprint, face scan, or screen lock.

Read More