Cybersecurity News | Daily Recap [26 Jun 2025]

hendryadrian.com

hendryadrian.com

Cybercrime & Threat Actors

• A British hacker known as IntelBroker has been charged in the U.S. for orchestrating a $25 million cybercrime spree involving company breaches and data theft linked to marketplaces like BreachForums – IntelBroker Charged, IntelBroker Charged, BreachForums Arrests
• The threat group CL-CRI-1014 is exploiting open-source tools like PoshC2 to conduct stealthy attacks on African financial institutions, acting as initial access brokers in extensive campaigns since 2023 – Open-Source Tools Abuse, Financial Sector Attacks
• North Korea-linked attackers use over 35 malicious npm packages in a fake interview campaign to install infostealers and backdoors targeting developers globally – Malicious npm Campaign
• An Iranian APT35 group, Educated Manticore, leverages AI-powered phishing and 2FA relay attacks to target Israeli tech experts amid geopolitical tensions – APT35 AI Phishing

Data Breaches & Insider Threats

• A Kansas City man, Nicholas Kloster, pleaded guilty to hacking multiple organizations’ networks, including nonprofits and health providers, to promote his cybersecurity services while stealing sensitive data – Hacker Pleads Guilty, Hacker Pleads Guilty
• Central Kentucky Radiology suffered a data breach impacting nearly 167,000 individuals due to unauthorized access and data theft, leading to credit monitoring offers – CKR Data Breach
• Columbia University investigates a cyber incident causing tech outages and suspicious on-campus screen displays with no confirmed data theft yet – Columbia Cyber Incident

Vulnerabilities & Exploits

• The U.S. CISA warns of active exploitation of critical AMI MegaRAC BMC and FortiOS vulnerabilities allowing remote server hijacks and firmware manipulation, with multiple flaws recently added to the KEV catalog – AMI BMC Exploits, CISA KEV Flaws, MegaRAC Bug Exploited
• Citrix issues urgent patches for critical NetScaler CVE-2025-6543 flaws exploited for denial of service and session hijacking across multiple versions, with warnings about interconnected bugs – Citrix NetScaler Flaw, Citrix NetScaler Warning, Citrix DoS Exploits
• Cisco patched two critical remote code execution vulnerabilities in Identity Services Engine (ISE) and Passive Identity Connector rated 10/10 severity – Cisco ISE RCE
• WinRAR released an update fixing a high-severity directory traversal bug, CVE-2025-6218, that allowed malware execution from extracted archives – WinRAR Patch
• NVIDIA patched two critical bugs in Megatron-LM framework allowing remote code injection, urging immediate updates for versions before 0.12.0 – NVIDIA Megatron Flaw
• A Kubernetes CVE-2025-4563 vulnerability allows node privilege escalation by bypassing resource authorization in kube-apiserver – Kubernetes Flaw
• Microsoft patched multiple Outlook bugs causing crashes when opening emails, advising prompt updates or workarounds – Outlook Bug Fixes

Phishing & Email Threats

• Phishers exploited Microsoft 365’s “Direct Send” feature to bypass filters and send phishing emails as internal users, with mitigation recommendations including disabling the feature – Microsoft 365 Phishing
• OneClik attacks use Microsoft ClickOnce technology and AWS services for stealthy backdoors targeting energy sector organizations, possibly linked to Chinese threat actors – OneClik Attacks
• Scattered Spider continues targeted identity-based attacks on insurance firms via help desk scams, phishing, and account takeovers exploiting privileged accounts – Scattered Spider Attacks

SaaS Security & Cloud Risks

• Research shows thousands of SaaS apps remain vulnerable to nOAuth abuse, risking account takeovers and data leaks years after the vulnerability was disclosed, urging stricter authentication standards – nOAuth Vulnerability, SaaS Apps at Risk
• The hidden risks of SaaS platforms demand advanced unified solutions to improve data resilience against human error, cyberattacks, internal threats, and rapid recovery challenges – SaaS Data Resilience
• Bonfy.AI raised $9.5M to launch an adaptive content security platform designed to secure AI- and human-generated content across SaaS ecosystems – Bonfy.AI Funding

Legal & Policy Developments

• Felicity Oswald, former COO of the UK’s NCSC, departs to become CEO of Girlguiding, focusing on empowering girls in STEM fields – Felicity Oswald Departure
• U.S. lawmakers introduce the bipartisan “No Adversarial AI Act” to prevent foreign AI systems, particularly from China, from accessing federal agencies and enhance national cybersecurity – No Adversarial AI Act
• The outdated U.S. PACER court filing system remains under ongoing cyber attack threats, prompting plans for modernization to mitigate vulnerabilities – PACER System Attacks
• A UK government anti-encryption campaign site was hijacked to display payday loan scams, raising concerns about domain security and online trust – UK Site Hijacked

Other Highlights

• WhatsApp integrates AI-powered private message summaries using Meta AI for faster chat previews, ensuring privacy with on-device processing – WhatsApp AI Summaries
• Hackers manipulate ConnectWise ScreenConnect installers via Authenticode signature stuffing to embed remote access malware undetected, prompting certificate revocations – ScreenConnect Malware
• A wave of attacks exploiting MOVEit Transfer systems uses over 100 unique IPs, signaling large-scale scanning and exploitation primarily sourced from major cloud providers – MOVEit Attacks
• Microsoft Family Safety’s web filtering bug blocks browsers like Google Chrome on Windows 10/11 after recent updates; fixes are in development – Family Safety Bug

Cybersecurity News | Daily Recap – hendryadrian.com