![Cybersecurity News | Daily Recap [03 Jul 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [03 Jul 2025]")
This cybersecurity recap highlights recent ransomware incidents, data breaches affecting millions, and the emergence of North Korean malware targeting macOS and crypto sectors. It also underscores ongoing geopolitical cyber cooperation and critical vulnerabilities in enterprise software, emphasizing the importance of timely patching and global collaboration. #HuntersInternational #KellyBenefits #Qantas #NimDoor #ITArmyOfRussia #Forminator #TeleMessage #CyberDome
Ransomware & Data Breaches
- IdeaLab confirms Hunters International ransomware stole sensitive employee data in an October 2024 breach with data leaked on the dark web β IdeaLab data theft; shortly after, Hunters International shut down and released free decryptors to victims β Hunters International shutdown.
- Kelly Benefits suffers a breach exposing data of over 550,000 individuals including Social Security numbers and health info β Kelly Benefits breach; Qantas reveals a cyberattack compromised personal details of 6 million customers, with no financial data affected β Qantas data theft.
- Medical device maker Surmodics reports a cyberattack disrupting operations and is assessing stolen data impact after notifying law enforcement β Surmodics cyberattack.
- California jury orders Google to pay $314 million for alleged unauthorized Android cellular data collection without user consent β Google data lawsuit.
- Columbia University targeted by a politically motivated hacker stealing sensitive student and staff data, investigation ongoing β Columbia data breach.
North Korean Cyber Threats
- Microsoft shuts down 3,000 email accounts tied to North Korean IT workers employing AI and voice-changer tech for fraud β Microsoft blocks North Korean emails.
- North Korean hackers deploy advanced Nim-based NimDoor malware targeting macOS users in web3 and crypto sectors using fake Zoom updates and persistent signal handlers β NimDoor macOS malware, NimDoor persistence, North Korea targets Web3.
Cybercrime & Hacktivism in Conflict
- Pro-Russian hacktivist groups including IT Army of Russia and TwoNet intensify attacks on Ukraine via DDoS, insider recruitment, and data theft, escalating toward Western critical infrastructure and ICS targets β Pro-Russian hacktivist groups, Hacktivist offensive escalation.
- Spanish authorities arrest hackers in Las Palmas responsible for stealing government data targeting politicians and journalists for online leaks β Spain hacker arrests.
- Interpol identifies West Africa as an emerging hotspot for cybercrime compounds linked with human trafficking, paralleling trends in the Middle East, Central America, and Southeast Asia β Interpol on West Africa cybercrime.
- China-linked hackers operate extensive phishing networks impersonating major brands like Apple and PayPal to steal shopper payment details, posing ongoing risks despite takedowns β China-linked phishing scams.
Vulnerabilities & Exploits
- Cisco issues urgent patches for critical CVE-2025-20309 in Unified Communications Manager that allows root access through hardcoded credentials, prompting immediate mitigation β Cisco hardcoded credentials, Cisco patch CVE-2025-20309, Cisco critical vulnerability, Cisco backdoor fix.
- Citrix warns of login issues following NetScaler ADC and Gateway patches for vulnerabilities exploited in session hijacking and DoS, requiring urgent configuration fixes β Citrix login issues.
- WordPress Forminator plugin suffers a critical vulnerability (CVE-2025-6463) allowing unauthenticated file deletion and potential site takeover, urging users to update to version 1.44.3 β Forminator plugin flaw.
- CISA adds TeleMessage TM SGNL vulnerabilities involving insecure resource initialization and core dump exposure to Known Exploited Vulnerabilities catalog, calling for immediate patching β TeleMessage vulnerabilities.
Security Software & Platform Updates
- Microsoft releases Exchange Server Subscription Edition featuring evergreen licensing as the sole supported on-prem version after October 2025, modernizing enterprise email infrastructure β Exchange Server SE launch.
- Microsoft addresses Windows Firewall Event 2042 errors caused by a new feature not affecting system security, advising users to ignore them until a fix is released β Windows Firewall errors.
- Adaptive AI in SOC platforms delivers dynamic real-time threat analysis surpassing static models, thus enhancing detection accuracy and reducing analyst workload β AI SOC tools advantage.
Malware & Browser Threats
- Security flaw in Android spyware Catwatchful leaks more than 62,000 user credentials via a vulnerable Firebase database, exposing detailed personal data β Catwatchful data leak.
- Over 40 malicious Firefox extensions have been discovered stealing cryptocurrency wallet secrets by impersonating popular wallet tools, with Mozilla removing most and improving detection β Malicious Firefox extensions.
Geopolitical Cyber Cooperation
- Germany and Israel plan to deepen cybersecurity collaboration through a joint research center βCyber Domeβ enhancing defenses against Iranian and other foreign cyber threats β Germany-Israel cyber partnership.
Cloud Service & Access Issues
- Microsoft investigates intermittent SharePoint Online access problems related to authentication cookies and recommends incognito mode as a workaround β Microsoft SharePoint issues.