Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [26 Jul 2025]

admin
Cybersecurity News | Daily Recap [26 Jul 2025]

This cybersecurity recap highlights recent nation-state cyber activities, including North Korean sanctions and cybercrime funding. It also covers major ransomware incidents affecting NASCAR and Morgan County 911, along with vulnerabilities in software supply chains and IoT threats. #NorthKorea #Medusa #Qilin #Toptal #WannaCry

Nation-State Cybercrime

  • The U.S. Treasury sanctioned three North Koreans and Sobaeksu Trading Co. for running remote IT worker scams funding Pyongyang’s nuclear program, highlighting North Korea’s growing cybercrime sophistication – North Korea Sanctions, US Sanctions Firm

Ransomware & Data Breaches

  • NASCAR confirmed a data breach from a March 2025 cyberattack exposing Social Security numbers, with the Medusa ransomware gang demanding a $4 million ransom – NASCAR Ransomware, NASCAR Breach Confirmed
  • Morgan County 911 suffered a ransomware attack by Russia-based Qilin gang in May 2025, though critical emergency services remained unaffected – Morgan County Ransomware
  • Qdos, a UK IR35 advisory firm, confirmed a data breach affecting client personal data, offering identity monitoring and notifying regulators – Qdos Data Leak

Software Supply Chain & Development Security

  • Toptal was compromised via its GitHub account, distributing malware through popular npm packages, underscoring supply chain risks in developer ecosystems – Toptal Malware
  • A hacker injected data-wiping malicious code into Amazon’s Visual Studio Code AI extension, which was quickly removed and patched by Amazon – Amazon AI Hack
  • Cybersecurity product teams must focus on incident-driven development by adopting layered defenses and proactive updates to counter advanced threats like WannaCry and Log4j vulnerabilities – Cybersecurity PM Role

Vulnerabilities & Exploits

  • Cisco Talos disclosed five patched denial-of-service vulnerabilities in Bloomberg’s Comdb2 database, involving crafted network messages – Bloomberg Comdb2 Flaws
  • Thirteen critical vulnerabilities were found in Tridium’s Niagara Framework, risking exposure of sensitive network data in building and industrial systems worldwide – Tridium Niagara Flaws

IoT & Network Threats

  • A new VoIP router botnet exploiting default passwords and Telnet access initially targeted rural New Mexico then expanded globally, mainly affecting IoT devices like Cambium Networks routers – VoIP Botnet

Service Disruptions

  • Microsoft 365 administrators faced multiple service outages restricting access to the admin center across several regions, marking the second incident within a week – Microsoft 365 Outage

Privacy & Compliance

  • Despite HHS clarifying that crisis pregnancy centers are not covered under HIPAA, ongoing concerns remain about privacy risks and misleading HIPAA compliance claims, prompting advocacy pressure on state attorneys general – Crisis Pregnancy Centers Privacy

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint