Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [29 May 2025]

admin
Cybersecurity News | Daily Recap [29 May 2025]

Recent cybersecurity reports highlight targeted attacks on retail giants like Victoria’s Secret using ransomware, along with widespread data breaches affecting millions including LexisNexis. Notable threats include Chinese APT groups APT41 and APT31 exploiting cloud and zero-day vulnerabilities, along with botnets like AyySSHush and PumaBot compromising IoT devices. #Victoria’sSecret #APT41 #AyySSHush

Retail Sector Attacks

  • Victoria’s Secret website taken offline due to a ransomware-linked cyberattack amid a surge of breaches targeting UK and US retailers like Adidas and Dior, stemming often from third-party vulnerabilities and hacking groups such as Scattered Spider. – Victoria’s Secret Outage, Adidas Breach, Victoria’s Secret Incident, Retail Cyberattacks
  • MathWorks suffers a widespread ransomware attack disrupting MATLAB services since mid-May, highlighting continued ransomware risks to software providers. – MathWorks Ransomware
  • Interlock ransomware gang deploys new NodeSnake RAT targeting universities to maintain persistent access and exfiltrate data in evolving educational sector attacks. – Interlock NodeSnake

Chinese APT Campaigns

  • APT41, a China-linked hacking group, exploits Google Calendar for stealthy malware command-and-control with ToughProgress, targeting governments using cloud services, prompting response from Google. – APT41 Calendar C2, APT41 Malware Abuse, APT41 ToughProgress
  • The Czech Republic officially attributes a 2022 cyberattack on its foreign ministry to China-linked APT31, part of broader Chinese cyber-espionage against critical infrastructure. – APT31 Attack
  • New espionage threat UTG-Q-015 intensifies attacks using zero-day exploits on government, financial, and AI infrastructure across Asia, leveraging watering holes and advanced intrusion techniques. – UTG-Q-015 Espionage

Malware & Botnet Threats

  • The AyySSHush botnet compromised over 9,000 ASUS routers via old vulnerabilities and brute-force SSH backdoors, with links to nation-state actors urging urgent firmware updates. – ASUS Botnet
  • PumaBot, a Linux-based botnet, brute forces SSH credentials on IoT devices like surveillance cameras to deploy malware and exfiltrate data, threatening corporate networks. – PumaBot Botnet
  • Attackers distributing VenomRAT infostealer malware via a fake Bitdefender website use tools like SilentTrinity and StormKitty for stealthy financial data theft campaigns. – VenomRAT Campaign
  • The global cybercrime group Dark Partners uses fake download sites to spread Poseidon and Lumma infostealers, fueling large-scale cryptocurrency theft despite partial law enforcement disruption. – Dark Partners Heists

Data Breaches & Privacy

  • LexisNexis Risk Solutions discloses a data breach affecting over 364,000 individuals, involving personal data exposure via a compromised GitHub account but no financial information stolen. – LexisNexis Breach, LexisNexis GitHub, LexisNexis Data Impact
  • Oregon becomes the second US state to ban the sale of precise geolocation data for children under 16, reinforcing privacy protections amid growing concerns over location tracking. – Oregon Geolocation Ban
  • A new “rent-a-bank-account” scam manipulates ordinary citizens into becoming money mules, endangering financial systems and national security with hundreds of thousands of accounts compromised monthly. – Money Mule Scam

Vulnerabilities & Exploits

  • A critical CVSS 10.0 flaw in the WordPress TI WooCommerce Wishlist plugin affects over 100,000 sites, allowing unauthenticated remote code execution risks. – Wishlist Plugin Flaw
  • Citrix XenServer Windows VM Tools suffer from privilege escalation vulnerabilities requiring urgent updates to prevent arbitrary code execution on affected hypervisors. – XenServer Vulnerabilities
  • Researchers warn of a Microsoft OneDrive File Picker OAuth flaw that lets malicious apps access full cloud storage content even when uploading a single file, risking data exposure and compliance failures. – OneDrive OAuth Flaw
  • Threat actors weaponize Windows COM and DCOM protocols using the RemoteMonologue tool for covert credential harvesting and lateral movement, bypassing standard security controls. – DCOM Credential Harvesting
  • The DragonForce ransomware group exploits SimpleHelp RMM vulnerabilities to conduct supply chain ransomware attacks on MSPs, emphasizing employee training and patching to prevent intrusions. – DragonForce Exploits

Cybersecurity Policy & AI

  • A new roadmap urges organizations to begin migrating to post-quantum cryptography now, as advances lower the quantum power needed to break RSA-2048 encryption, prioritizing future-proof security. – Post-Quantum Migration
  • The RSA 2025 conference spotlighted agentic AI as the emerging cybersecurity frontier, evolving beyond GenAI and SynthAI, with implications for defensive and offensive cyber operations. – Agentic AI
  • Microsoft’s Entra platform design flaw allows guest users to create and transfer Azure subscriptions, potentially enabling full cloud control, urging organizations to implement stricter governance. – Microsoft Entra Risk

Targeted Campaigns & FinCrime

  • A sophisticated spearphishing campaign targets CFOs and financial executives globally with remote access installers like NetBird aiming for persistent access to critical financial systems. – Spearphishing Financial Execs
  • Iranian hacker pleads guilty to a $19 million ransomware and extortion scheme using Robbinhood ransomware targeting Baltimore city services, illustrating the community-wide impact of cybercrime. – Robbinhood Guilty Plea
  • More than $12 million stolen from the Cork Protocol DeFi platform in a major cryptocurrency theft, halting activities and spotlighting DeFi security challenges. – Cork Protocol Theft

Microsoft Updates

  • Microsoft warns Windows 11 KB5058405 update may prevent system startup in virtual machines due to ACPI.sys errors, primarily impacting enterprise environments. – KB5058405 Startup Issue
  • Windows 10 KB5058481 and Windows 11 KB5058499 preview updates bring new features such as calendar seconds display and enhanced sharing functionality, allowing users to test new functionality pre-June Patch Tuesday. – Windows 10 Update, Windows 11 Update

Espionage & Stealth Operations

  • Silent Werewolf campaigns use custom loaders and multi-stage infection chains in phishing-based espionage against Russian and Moldovan organizations, employing advanced obfuscation to evade detection. – Silent Werewolf Espionage

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint