![Cybersecurity News | Daily Recap [22 May 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [22 May 2025]")
Recent international law enforcement operations have resulted in hundreds of arrests and the disruption of malware networks like Lumma Stealer, seizing domains used for credential theft. Additionally, Chinese APT groups exploited zero-day vulnerabilities in enterprise software, while Russian hackers targeted aid organizations supporting Ukraine, highlighting ongoing geopolitical cyber threats. #LummaStealer #ChineseAPT #GRU #UkraineAid
Law Enforcement Actions & Malware Disruptions
- An international operation led to 270 arrests of dark web vendors and buyers, seizing β¬184 million and illicit goods, disrupting major online criminal networks β Police arrests 270 dark web vendors, buyers in global crackdown
- FBI, Europol, Microsoft and other agencies dismantled the Lumma Stealer malware network, seizing thousands of domains and disrupting infrastructure used for global credential theft β FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections, FBI Seizes Key Domains Behind LummaC2 Malware Used in Global Credential Theft, Lumma infostealerβs infrastructure seized during US, EU, Microsoft operation, Lumma infostealer malware operation disrupted, 2,300 domains seized, Microsoft Sinkholes Domains, Disrupts Notorious βLumma Stealerβ Malware Operation
Chinese State-Sponsored Cyberespionage & Exploits
- Chinese APT groups exploited zero-day vulnerabilities in Ivanti Endpoint Manager Mobile and Trimble Cityworks GIS software to breach global government agencies and U.S. local networks, deploying advanced malware including Cobalt Strike and Rust-based loaders β Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies, Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks, Chinese hackers breach US local governments using Cityworks zero-day, Critical 0-Day: Cityworks Flaw Actively Exploited by Chinese APT UAT-6382
Russian Cyber Espionage Against Ukraine Aid & Western Supply Chains
- Russian APT28 (Fancy Bear) and GRU hackers have conducted extensive cyber espionage campaigns targeting logistics, transportation, and aid organizations supporting Ukraine, utilizing spear-phishing, vulnerability exploits, and IP camera hacks to monitor shipments and gather intelligence β Russian hackers breach orgs to track aid routes to Ukraine, CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine, Russian GRU Is Hacking IP Cameras and Logistics Firms to Spy on Aid Deliveries from Western Allies to Ukraine, Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics
Ransomware & Data Breaches
- Marlboro-Chesterfield Pathology ransomware attack compromised data of 235,000 individuals, with possible ransom payment despite delay in leak; Marks & Spencer anticipates $400 million cost from a recent ransomware incident β Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People, Marks & Spencer Expects Ransomware Attack to Cost $400 Million
- 3AM ransomware group uses spoofed IT calls and email bombing to breach networks, employing sophisticated social engineering and evasion tactics similar to Black Basta and FIN7 β 3AM ransomware uses spoofed IT calls, email bombing to breach networks
- Nearly 70,000 Coinbase users affected by a data breach involving insider bribery and $20 million ransom demand, highlighting risks in crypto platform security β Nearly 70,000 impacted by Coinbase breach involving $20 million ransom demand
- College student to plead guilty for hacking PowerSchool and extorting data affecting millions in education sector β College student to plead guilty to PowerSchool hack
- Cellcom telco faces service outages from a cyberattack disrupting voice and text for thousands in the Midwest while FBI investigates, with no confirmed ransom link β Cyberattack Hits Cellcom: Voice, Text Services Down; FBI Notified, Midwestern telco Cellcom confirms cyber incident after days of service outages
Critical Vulnerabilities & Security Patches
- Multiple high-severity vulnerabilities identified and patched in Ivanti EPMM, Versa Concerto (with outstanding unpatched critical flaws allowing auth bypass and remote code execution), Windows Server 2025 dMSA privilege escalation, Cisco ISE RADIUS DoS, GitLab and Atlassian products, Samlify SSO, and Grafana (XSS) β Ivanti EPMM flaw exploited by Chinese hackers, Versa Concerto 0-Day Flaw Enables Remote Code Execution, Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE, Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise, Cisco Identity Services RADIUS Process Vulnerability, Several GitLab Vulnerabilities Enable Attackers to Launch DoS Attacks, GitLab, Atlassian Patch High-Severity Vulnerabilities, Critical Samlify SSO flaw lets attackers log in as admin, Grafana security release: High severity security fix for CVE-2025-4123
Cybersecurity Tools & Best Practices
- ThreatLocker introduces security-first patch management focusing on controlled, testable deployments to reduce vulnerability exposure in zero trust environments β ThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability Windows
- A webinar provides guidance on building legally defensible cybersecurity programs leveraging CIS Critical Security Controls to demonstrate measurable security maturity β Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program
Privacy Enhancements & Controversies
- Signal app now blocks Microsoft Recall screenshots by default on Windows 11 to enhance user privacy amid security concerns β Signal now blocks Microsoft Recall screenshots on Windows 11
- FTC orders GoDaddy to implement strong security measures after repeated breaches, mandating MFA, API security, and regular assessments β FTC finalizes order requiring GoDaddy to secure hosting services
- Data-stealing Chrome extensions impersonating Fortinet, YouTube, and VPN tools continue to pose risks despite partial removals, stealing cookies and injecting remote scripts β Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
- Russian law requires foreigners in Moscow to install a location tracking app, raising privacy and surveillance concerns over mass data collection β Russia to enforce location tracking app on all foreigners in Moscow
- Judge rules firings of Privacy and Civil Liberties Oversight Board members were illegal, restoring oversight role in government surveillance β Firings of intelligence oversight board members were illegal, judge rules
Artificial Intelligence Developments & Debates
- Anthropic reveals testing of advanced AI models Claude Sonnet 4 and Opus 4 with enhanced reasoning, while OpenAI hints at a major upgrade to ChatGPT Operator Agent including potential GPT-5 integration β Anthropic web config hints at Claude Sonnet 4 and Opus 4, OpenAI hints at a big upgrade for ChatGPT Operator Agent
- Googleβs new Gemini AI chatbot for children under 13 faces criticism over potential COPPA violations and privacy risks, sparking calls for regulatory scrutiny β Should Children Use AI Chatbots? Google Thinks So, Critics Strongly Disagree, New Google program targeting children with AI chatbot may violate FTC privacy rules
Other Notable Security Incidents
- KrebsOnSecurity survived a 6.3 Tbps DDoS attack launched via the IoT-based Aisuru botnet, highlighting the threat of large-scale IoT-driven attacks β KrebsOnSecurity Hit with 6.3 Tbps DDoS Attack via Aisuru Botnet
- A spoofing vulnerability in the JavaScript crypto library OpenPGP.js undermines trust in encrypted messages, urging users to update promptly β JavaScript Crypto Library OpenPGP.js Hit by High-Risk Spoofing Vulnerability