![Cybersecurity News | Daily Recap [19 Jul 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [19 Jul 2025]")
Recent cybersecurity updates highlight the successful takedown of Phobos and 8Base ransomware, allowing victims to recover files for free. Meanwhile, a variety of zero-day exploits and state-sponsored espionage campaigns continue to threaten critical infrastructure and intellectual property worldwide. #PhobosDecryptor #UNC3886
Ransomware & Decryptors
- Phobos and 8Base ransomware victims can now recover files for free with a decryptor released by Japanese police following a major takedown disrupting over $16 million in ransom activity β Phobos Decryptor, Phobos Decryptor
- Bostonβs DotHouse Health notified 185,795 patients of a data breach involving ALPHV/BlackCat ransomware that stole 800 GB of sensitive data since October 2022 β DotHouse Breach
- WineLab, Russiaβs largest alcohol retailer, shut down stores after a ransomware attack with ransom demands, refusing payment while investigation continues β WineLab Ransomware
Zero-Day Exploits & Vulnerabilities
- CrushFTP zero-day (CVE-2025-54309) is actively exploited to gain administrative server access via the web interface, with updates and IP whitelisting advised as mitigation β CrushFTP Zero-Day, CrushFTP Zero-Day
- Researchers uncovered MDifyLoader malware exploiting Ivanti Connect Secure zero-days to deploy Cobalt Strike, enabling stealthy, persistent intrusions β Ivanti Zero-Days
- Hackers are scanning for CVE-2025-48927 in TeleMessage SGNL, exposing passwords via vulnerable Spring Boot Actuator endpoints β TeleMessage Flaw
- Microsoft mistakenly marked a Windows Firewall error log bug as fixed; the false Event Viewer alerts persist but firewall functionality remains unaffected β Windows Firewall Bug
Cyber Espionage & State-Sponsored Attacks
- Singaporeβs critical infrastructure is under ongoing attack by China-linked group UNC3886, threatening vital systems like power, water, and transportation β Singapore UNC3886, UNC3886 Attacks
- The UK linked Russiaβs GRU to APT28 espionage malware Authentic Antics that steals Microsoft 365 credentials and OAuth tokens for persistent access β GRU Malware
- UNG0002 cyber espionage campaigns target China, Hong Kong, and Pakistan using spear-phishing, Cobalt Strike, and RATs to steal sensitive research and IP β UNG0002 Campaigns
- Chinaβs law enforcement tool Massistant secretly extracts SMS, GPS, and images from seized phones, supporting Android and iOS for biometric and location surveillance β Massistant Tool
Malware & Supply Chain Attacks
- Popular npm linter packages were hijacked via phishing and credential theft in a JavaScript supply chain attack dropping malware, urging developers to verify package versions β npm Supply Chain
- Arch Linux removed malicious AUR packages distributing the CHAOS RAT malware, highlighting risks of unreviewed community repositories β CHAOS RAT Removal
- A resurgence of crypto-jacking infected over 3,500 websites with obfuscated JavaScript miners running low-resource cryptocurrency mining undetected β Crypto-Jacking Surge
Surveillance & Privacy
- A Middle Eastern surveillance vendor exploited a new SS7 bypass attack allowing phone location tracking without user consent, exposing carrier network weaknesses β SS7 Surveillance