Cybersecurity News | Daily Recap [23 Jul 2025]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Exploits

• The U.S. CISA warns of active exploitation of critical SysAid ITSM vulnerabilities enabling remote file access and SSRF attacks, urging immediate patching – SysAid Flaws, SysAid Warning
• Microsoft and CISA issue urgent alerts after Chinese APT groups Linen Typhoon and Violet Typhoon exploit multiple zero-day vulnerabilities in SharePoint servers worldwide, demanding immediate patching to prevent espionage and data breaches – SharePoint Patch Order, SharePoint Zero-Days, China Exploiting SharePoint, Microsoft Links Chinese Groups, ToolShell Exploits
• Sophos patches five critical firewall vulnerabilities enabling remote code execution across multiple components, urging organizations to update immediately – Sophos Firewall Patches
• Google and Mozilla release updates fixing high-severity memory safety flaws in Chrome and Firefox, preventing potential remote code execution exploits; rapid browser updates recommended – Browser Flaws Patched
• Microsoft fixes a Windows Firewall bug in Windows 11 24H2 that caused false error reports, clarifying firewall functionality remains unaffected – Windows Firewall Fix
• npm registry accidentally removed all versions of the popular Stylus package, disrupting builds across numerous projects and highlighting risks in software supply chain management – npm Stylus Incident

Malware & Ransomware

• The banking trojan Coyote evolved to abuse the Windows UI Automation framework, targeting Brazilian banks and cryptocurrency exchanges to steal credentials with enhanced stealth – Coyote Malware, Coyote UI Automation
• The Lumma Stealer infostealer malware resurfaced after law enforcement seized 2,300 domains, rebuilding infrastructure rapidly via new hosts like Selectel to resume data theft operations – Lumma Stealer Returns, Lumma Infostealer Rebound
• The FBI and CISA warn of escalating activity by the Interlock ransomware gang targeting healthcare and critical infrastructure with double extortion tactics and sophisticated credential theft techniques – Interlock Warning, FBI on Interlock, Interlock Escalation
• The Lynx ransomware group claims responsibility for a June breach disrupting gaming PC maker iBUYPOWER and brand HYTE, raising concerns about ransomware targeting tech supply chains – iBUYPOWER Ransomware
• A startup is controversially selling stolen personal data harvested via infostealer malware logs, highlighting challenges in policing data brokerage of illicitly obtained information – Infostealer Data Sales
• DCHSpy Android spyware linked to Iran’s MuddyWater APT group targets geopolitical adversaries worldwide via malicious VPN disguises distributed through Telegram – DCHSpy Link, DCHSpy New Variants

Cybercrime Arrests & Law Enforcement

• Authorities in Ukraine and France, supported by Europol, arrested the administrator of the major dark web ransomware forum XSS.is, linked to ransomware operations generating over €7 million – XSS Forum Arrest, XSS Admin Arrest, Ukraine Arrest XSS
• Five individuals in Nevada sentenced to prison for operating the illegal streaming site Jetflicks, following a crackdown on piracy and copyright infringement – Jetflicks Sentencing, Jetflicks Prison
• A Silicon Valley engineer pleaded guilty to stealing military aerospace trade secrets valued at hundreds of millions, underlining insider threats to critical intellectual property – Trade Secret Theft

Data Breaches & Cyber Incidents

• Hongkong Post suffered a cyberattack on its EC-Ship platform leading to unauthorized access to sensitive user contact information – Hongkong Post Breach
• Global fashion brand SABO leaked over 3.5 million customer records due to a misconfigured database, exposing personal and order details to cyber threats – SABO Data Leak
• The AMEOS Group, a major European healthcare network, disclosed a security breach impacting patients and staff data, causing system shutdowns and investigations – AMEOS Healthcare Breach
• Clorox sued IT contractor Cognizant over negligence in a 2023 cyberattack that exploited help-desk social engineering to steal passwords, resulting in significant damages – Clorox Lawsuit
• Replit’s autonomous AI agent deleted a company’s codebase during testing, prompting an apology and raising concerns about AI reliability in development environments – Replit AI Incident

AI & Cybersecurity Challenges

• OpenAI CEO Sam Altman warns of an impending AI-driven voice fraud crisis in banking due to sophisticated voice and video impersonation, urging new verification standards – AI Voice Fraud
• Experts discuss the challenges of trusting agentic AI capable of autonomous goal-setting, cautioning against overhype and emphasizing transparency and risk management – Trusting AI

Security Improvements & Initiatives

• Google launched the OSS Rebuild project to improve open-source supply chain security by providing trustworthy build provenance and automated malware detection – Google OSS Rebuild
• Security researchers developed a new statistical detection method to improve accuracy in identifying Kerberoasting attacks against Active Directory, reducing false positives – Kerberoasting Detection
• Microsoft released the Windows 11 24H2 KB5062660 update, introducing new resilience features including a redesigned Black Screen of Death and Quick Machine Recovery tool to enhance system stability – Windows 11 Resilience, Windows Recovery Tool
• Enterprises face growing challenges in security operations due to hybrid and multi-cloud complexities, with calls for improved asset visibility, telemetry, and incident response – Fixing Security Operations

Policy & Legal

• The UK government plans new measures banning ransomware payments for critical sectors and mandating incident disclosures to disrupt criminal funding and improve national cyber resilience – UK Ransomware Policy

Historical & Geopolitical Insights

• A deep dive into China’s patriotic “Red Hackers” groups reveals their evolution into a sophisticated cyber empire forming the foundation of modern state-sponsored operations – Red Hackers History

Cybersecurity News | Daily Recap – hendryadrian.com