Cybersecurity News | Daily Recap [21 Jun 2025]

hendryadrian.com

hendryadrian.com

Ransomware & Data Breaches

• Kairos ransomware stole 1.94 TB of data from Taos County, NM, demanding ransom within seven days to prevent sensitive data release – Kairos Ransomware
• Aflac suffered a data breach linked to Scattered Spider attacks, potentially exposing Social Security numbers and personal info, with rapid containment and credit monitoring offered – Aflac Suspicious Activity, Aflac Breach, Aflac Discloses Breach
• April 2025 cyberattacks on UK retailers M&S and Co-op, causing up to $592M in damages, traced to social engineering by the Scattered Spider group – Scattered Spider Attacks
• Qilin ransomware group expands features with “on-call lawyer” support, aiming to pressure victims and boost affiliate success, though experts doubt the legitimacy – Qilin Ransomware, Qilin Lawyer Claims
• The Tonga Ministry of Health hit by ransomware disrupting hospital IT systems and patient data, prompting requests for international cybersecurity aid – Tonga Healthcare Attack
• North Korean Lazarus group linked to an $11 million crypto theft from Taiwanese exchange BitoPro using social engineering and AWS session hijacking – Lazarus Crypto Heist
• The Oxford City Council cyberattack disrupted services and may have exposed election data, with authorities investigating unauthorized access and containment efforts – Oxford Cyberattack

Vulnerabilities & Exploits

• IBM QRadar SIEM suffers critical flaws enabling privileged users to run arbitrary commands, risking data breaches and operational disruptions; urgent patches released – IBM QRadar Bug
• Versa Networks’ Versa Director SD-WAN platform has high-severity vulnerabilities allowing remote command execution via malicious file uploads; proof-of-concept exploits raise concerns – Versa Director Flaws
• Russian hackers exploit cloud platforms like Oracle Cloud and Scaleway to host Lumma Stealer malware, targeting high-privilege users with fake reCAPTCHA pages for network infiltration – Russian Cloud Exploits
• Microsoft investigates a OneDrive bug causing file search failures across multiple platforms, alongside an iOS slow-motion video glitch, with fixes underway – OneDrive Search Bug

Malware Campaigns & Techniques

• A sophisticated PowerShell loader, y1.ps1, using in-memory execution and Cobalt Strike infrastructure, evades disk-based detection to maintain persistence – PowerShell Loader
• New Mocha Manakin malware employs social engineering and “paste-and-run” tactics to deploy NodeInitRAT, a NodeJS backdoor linked to ransomware activities – Mocha Manakin Malware
• Recent 16 billion credentials leak is largely recycled or fake data, refuting hype, yet underscores ongoing risk from infostealer malware and phishing campaigns – 16 Billion Leak Reality
• Global espionage and malware threats surface with incidents such as Chinese hacking of Viasat, Iranian IOCONTROL malware, Crowhammer cryptography exploits, and an attack on The Washington Post – Global Cyber Espionage

DDoS & Network Security

• Cloudflare mitigated a record-breaking 7.3 Tbps multi-vector DDoS attack in May 2025, involving 122,000+ IP addresses and traffic scattering techniques against a hosting provider – Cloudflare DDoS Defense

Legal & Regulatory

• A federal judge overturned parts of the Biden-era HHS rule enhancing HIPAA protections for reproductive health info, citing authority overreach and state rights, although general HIPAA rules remain – HIPAA Rule Overturn

Cybersecurity News | Daily Recap – hendryadrian.com