Cybersecurity News | Daily Recap [11 Jun 2025]

hendryadrian.com

hendryadrian.com

Funding & AI Security

• Maze secures $25M to develop AI-driven cloud vulnerability detection and automatic fixing agents – Maze Banks $25M
• Cyera raises $540M to expand its AI-powered data security platform across cloud and on-premises environments – Cyera Raises $540M
• Horizon3.ai obtains $100M Series D to enhance its autonomous attack simulation platform NodeZero – Horizon3.ai Raises $100M

Firmware & Secure Boot Vulnerabilities

• A critical Secure Boot bypass vulnerability in DTResearch UEFI apps (CVE-2025-3052) enables bootkit malware installation on many devices, patched with updated Microsoft revocation lists – UEFI Secure Boot Flaw, Secure Boot Flaw Patch
• An Insyde H2O UEFI vulnerability (CVE-2025-4275) allows injection of malicious certificates via unprotected NVRAM, threatening early boot security – Insyde H2O UEFI Flaw

Microsoft Patch Tuesday & Exploits

• Microsoft’s June 2025 Patch Tuesday addresses 66 vulnerabilities, including actively exploited zero-days affecting Windows Server, WebDAV (CVE-2025-33053), and domain controller authentication issues – Microsoft Patch Tuesday, Windows Zero-Day Warning
• Separate updates fix login disruptions and domain controller reachability issues in Windows Server 2025, boosting enterprise stability – Unreachable Domain Controllers Fix, Auth Issues Fix
• Windows 10 and Windows 11 cumulative updates released with security fixes and new features including System Restore enhancements – Windows 10 Update, Windows 11 Updates
• Microsoft Outlook plans to block risky attachments (.library-ms, .search-ms) to curb phishing and malware attacks starting July 2025 – Outlook Blocks Risky Attachments

Malware & Cybercrime Operations

• INTERPOL’s Operation Secure dismantled over 20,000 malicious IPs linked to 69 malware variants globally, arresting suspects and seizing servers in 26 countries, disrupting major infostealer networks like Lumma and META Stealer – Operation Secure, Infostealer Disruption
• The FIN6 group escalates attacks by using AWS-hosted fake resumes on LinkedIn to distribute More_eggs malware targeting recruiters and enterprises – FIN6 Recruitment Scam, FIN6 More_eggs Malware
• DanaBot malware operators exposed for 3 years due to C2 server bug ‘DanaBleed,’ aiding law enforcement dismantling criminal infrastructure – DanaBot Data Leak, DanaBot Operation Endgame
• The Rare Werewolf hacking group has infected hundreds of Russian devices with XMRig cryptomining malware since 2019 using stealthy phishing and shutdown tactics – Rare Werewolf Crypto-Mining
• A new Rust-based info stealer named Myth Stealer is spreading via fake gaming sites to steal browser data from Chrome and Firefox users – Myth Stealer Malware
• Stealth Falcon cyberespionage group exploits a Windows WebDAV zero-day (CVE-2025-33053) to target defense organizations in the Middle East and Africa using advanced malware loaders and implants – Stealth Falcon Zero-Day

Brute-Force & Network Attacks

• Over 295 malicious IPs from the US, UK, Germany, and others launched coordinated brute-force attacks against exposed Apache Tomcat Manager interfaces, urging stronger authentication – Tomcat Brute-Force Attacks, Tomcat Management Attacks

Data Breaches & Privacy

• The Dermatologists of Birmingham notify 86,000 people of a ransomware-linked data breach by the Qilin group exposing personal and medical data – Birmingham Data Breach
• The Texas Department of Transportation suffers a breach with nearly 300,000 crash records stolen due to compromised credentials, raising identity theft risks – Texas Transportation Breach
• 23andMe leadership scrutinized by lawmakers over data security and privacy concerns amid bankruptcy sale and genetic data handling – 23andMe Data Security Hearing

Industrial Control & IoT Security

• Siemens, Schneider Electric, Aveva, and CISA address multiple industrial vulnerabilities including default credentials and XSS flaws in June 2025 Patch Tuesday – ICS Patch Tuesday
• SinoTrack GPS devices found vulnerable to remote vehicle control via default passwords, risking hijacking and location tracking – SinoTrack Vulnerabilities

Supply Chain & Software Security

• Supply chain attacks on IT and tech firms surged by 25% from Feb 2024 to May 2025, emphasizing urgent security needs – Supply Chain Attacks Surge
• ConnectWise rotates DigiCert code signing certificates due to security concerns to protect software update integrity – ConnectWise Certificate Rotation
• Adobe patches 254 vulnerabilities including critical code execution bugs in Acrobat Reader, Commerce, and Experience Manager – Adobe Code Execution Flaws, Adobe Massive Patch
• Salesforce Industry Cloud has over 20 security configuration risks including 5 CVEs; some fixed, others require customer action – Salesforce Configuration Risks

Regulation & Policy

• The UK’s Ofcom launches an investigation into 4chan for hosting illegal content and failing to verify ages under the Online Safety Act – 4chan Ofcom Investigation
• The UK National Cyber Security Centre calls for a strategic cybersecurity policy agenda to address systemic risks amid stalled government progress – UK Cyber Policy Push
• Five individuals plead guilty to laundering nearly $37 million from Cambodian crypto scam operations targeting U.S. victims – Cambodia Crypto Laundering

Awareness & Education

• AI-driven scammers increasingly exploit college financial aid systems causing billions in losses as U.S. education agencies ramp up identity verification – AI in College Aid Fraud
• A webinar discusses combating living-off-the-land attacks using GravityZone PHASR to harden endpoints against stealthy cyber threats – Endpoint Hardening Webinar
• DNS security emphasized as a critical frontline defense, highlighting features like DNSSEC and encrypted protocols to thwart cyber attacks – DNS Security Importance

Cybersecurity News | Daily Recap – hendryadrian.com