Cybersecurity News | Daily Recap [25 Jul 2025]

hendryadrian.com

hendryadrian.com

Cyber Espionage & Nation-State Attacks

• Patchwork, a state-sponsored Indian group, targets Turkish defense firms with spear-phishing using malicious LNK files disguised as conference invites – Patchwork Targets Turkish Defense
• Operation CargoTalon uses the EAGLET backdoor in spear-phishing attacks on Russian aerospace companies to exfiltrate sensitive data – CargoTalon Espionage
• Fire Ant, linked to China’s UNC3886, exploits VMware and F5 flaws to breach isolated environments and maintain stealthy persistence – Fire Ant Breaches, Fire Ant VMware Exploit
• Chinese state-sponsored APTs GhostChat and PhantomPrayers target the Tibetan community using multi-stage spyware with Ghost RAT and PhantomNet backdoors – GhostChat & PhantomPrayers
• Dropping Elephant targets Türkiye’s missile industry via stealthy social engineering and VLC DLL sideloading to exfiltrate sensitive defense data – Dropping Elephant Attack

North Korea Cybercriminal Activity & Sanctions

• An Arizona woman was sentenced to 8.5 years for running a North Korean laptop farm that stole identities to infiltrate 300+ US companies, generating over $17 million – Laptop Farm Sentence, North Korea Laptop Farm
• The US Treasury sanctioned North Korean individuals and firms behind IT worker schemes funding DPRK missile and nuclear programs, adding $3 million bounties for related officials – North Korea IT Sanctions, NK Officials Bounties

Malware & Ransomware Threats

• Koske Linux malware uses AI-generated code and hiding in panda images for crypto-mining, showing advanced evasion and modular payloads; Soco404 also targets cloud services for cross-platform mining attacks – Koske AI Malware, Koske & Soco404 Mining, Koske Panda Images
• Law enforcement globally seized BlackSuit ransomware darknet leak sites disrupting operations linked to the rebranded Chaos ransomware targeting hundreds of organizations – BlackSuit Takedown, BlackSuit Operation Checkmate
• Warlock ransomware is deployed in government and private sector attacks via Microsoft SharePoint vulnerabilities by Chinese hackers from the Storm-2603 group – Warlock SharePoint Attacks
• CastleLoader malware infects 469 devices using fake GitHub repos and phishing campaigns to deliver various stealers and RATs with modular stealth techniques – CastleLoader Infection
• Scavenger Trojan exploits DLL hijacking and browser flaws to steal crypto wallets and password manager data, leveraging multi-stage loaders to evade detection – Scavenger Trojan
• The new Coyote banking Trojan abuses Microsoft UI Automation to steal credentials from banking and cryptocurrency sites, representing a novel abuse of accessibility frameworks – Coyote Trojan
• A hacker has sneaked infostealer malware into the Steam early access game Chemia, exposing gamers to credential theft and highlighting risks in early game releases – Chemia Malware Injection

Vulnerabilities & Patching

• Mitel patched critical flaws including an authentication bypass in MiVoice MX-ONE and MiCollab platforms that could have allowed attackers full system access – Mitel Critical Patch, Mitel Authentication Bypass
• SonicWall fixed a critical zero-day flaw in SMA 100 Series appliances (CVE-2025-40599) and warns customers to check for compromise amid active targeted campaigns – SonicWall Critical Flaw
• Hundreds of LG Innotek security cameras remain vulnerable to remote hacking due to an unpatchable flaw CVE-2025-7742, posing ongoing risks to commercial and critical infrastructure – LG Cameras Vulnerability
• Microsoft resolved a compatibility issue blocking Easy Anti-Cheat users from upgrading to Windows 11 2024, lifting the update block to prevent Blue Screen of Death errors – Win11 Update Fix

Data Breaches & Phishing

• North Providence, RI notified 1,800 residents of a data breach linked to Medusa ransomware, with attackers demanding $100,000 ransom and victims offered free credit monitoring – North Providence Breach
• There is a surge in phishing attacks exploiting spoofed Microsoft SharePoint domains and advanced 2FA bypass tactics including CAPTCHA challenges to steal credentials – SharePoint Phishing Surge
• The Leak Zone cybercrime forum publicly exposed over 22 million user login records with IPs and timestamps, threatening user anonymity and increasing law enforcement scrutiny – Leak Zone Data Exposure
• A UK student received a seven-year prison sentence for selling over 1,000 phishing kits targeting financial institutions across 24 countries – UK Phishing Kits Sentence

Cybersecurity Policy & Industry Updates

• Microsoft ceased employing Chinese engineers in protecting sensitive US defense systems amid espionage fears, while several organizations face rising breach risks – Microsoft & Breach Updates
• California’s privacy regulator approved watered-down AI rules for automated decision-making favoring industry over consumer protections – California AI Rules
• Ukraine’s deputy defense minister for digital affairs resigned during government reshuffling after advancing military cybersecurity projects – Ukraine Deputy Minister Resigns
• Sean Plankey’s nomination for CISA passed Senate hearings with bipartisan support emphasizing legislative reauthorization and agency resource needs amid growing cyber threats – CISA Nominee Senate Hearing
• SpaceX’s Starlink outage caused worldwide service disruption attributed to software faults, sparking concerns over satellite internet dependency security – Starlink Outage

Healthcare & Critical Infrastructure Attacks

• The AMEOS Group, operating 100+ European hospitals, shut down IT systems due to a cyberattack raising GDPR data privacy concerns amid possible patient data exposure – AMEOS Cyberattack

Cybersecurity News | Daily Recap – hendryadrian.com