Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [31 Jul 2025]

admin
Cybersecurity News | Daily Recap [31 Jul 2025]

Recent cybersecurity updates highlight ongoing threats from ransomware groups like SafePay, which continue extortion efforts against Ingram Micro, and the release of a decryptor for FunkSec ransomware. Meanwhile, Chinese state-sponsored hackers are linked to advanced surveillance tools, and critical vulnerabilities like the SharePoint zero-day remain actively exploited. These developments underscore persistent dangers in data security, espionage, and critical infrastructure. #SafePay #FunkSec #ChineseCyberTools #SharePointZeroDay

Ransomware & Data Leaks

  • The SafePay ransomware group threatens to leak 3.5 TB of Ingram Micro’s data weeks after their attack, highlighting ongoing extortion and operational disruption – Ingram Micro Threat, SafePay Leak
  • A free decryptor was released for the dormant FunkSec ransomware, which had targeted the US, India, and Brazil across several sectors – FunkSec Decryptor
  • Dollar Tree denies ransomware claims, clarifying the stolen data originates from the defunct 99 Cents Only Stores, debunking INC ransomware gang’s false assertion – Dollar Tree Ransomware Denial

State-Sponsored Espionage & Chinese Cyber Threats

  • Chinese state-sponsored hackers linked to companies developing offensive cyber tools have been found targeting multiple sectors globally, with patents revealing advanced surveillance tech supporting groups like Hafnium and Silk TyphoonChinese Cyber Tools, Silk Typhoon Patents, Hafnium Surveillance Report
  • Australia’s intelligence chief warns foreign espionage, including advanced cyber and insider threats, is costing the country an estimated $8 billion annually – Australia Espionage Cost

APT & Advanced Attacks

  • North Korean group UNC4899 uses job lures, cloud exploits, and malware distribution via open-source packages to steal millions in cryptocurrency – UNC4899 Crypto Theft
  • UNC2891 employed a 4G-enabled Raspberry Pi and the CAKETAP rootkit to breach ATM networks in a failed fraud attempt, demonstrating hybrid physical and cyber-attack methods – ATM Network Breach, Raspberry Pi ATM Heist, ATM Backdoor Discovery
  • Hackers distribute JSCEAL malware through fake cryptocurrency trading apps promoted via malicious Facebook ads, enabling data theft and device control – JSCEAL Malware Campaign

Vulnerabilities & Exploits

  • Google’s Project Zero implements a policy to publicly report vulnerabilities within one week of vendor notification to reduce the upstream patch gap – Google Vulnerability Reporting, Project Zero Patch Policy
  • Apple issues extensive security updates across iOS, macOS, watchOS, tvOS, and visionOS, including a fix for a critical zero-day exploited in Google Chrome attacks (CVE-2025-6558) – Apple Security Updates, Apple Chrome Zero-Day Patch
  • A critical RCE vulnerability (CVE-2025-5394) in the WordPress ‘Alone’ charity theme is actively exploited in the wild with over 120,000 attack attempts recorded – WordPress Theme Exploit, Alone Theme RCE
  • New Auto-Color backdoor malware exploits a critical SAP NetWeaver vulnerability (CVE-2025-31324) enabling multi-stage Linux attacks – Auto-Color SAP Exploit
  • Multiple critical vulnerabilities patched in Honeywell’s Experion PKS industrial control system, preventing remote code execution and Denial-of-Service attacks targeting critical infrastructure – Honeywell ICS Flaws
  • A widespread zero-day in Microsoft SharePoint (ToolShell CVE-2025-53770/53771) has resulted in over 396 compromised systems worldwide, mainly impacting governments and strategic sectors – SharePoint Zero-Day

Security Tools & Industry Moves

  • CISA releases open-source tools Playbook-NG and COUN7ER to support tailored hacker containment and incident response strategies – CISA Open Source Tools
  • Proton launches Proton Authenticator, a free, privacy-focused cross-platform two-factor authentication app committed to user privacy without trackers or ads – Proton Authenticator
  • API security firm Wallarm raises over $70 million to expand its AI-driven platform protecting APIs and AI systems with real-time threat detection – Wallarm Funding
  • Palo Alto Networks is in talks to acquire CyberArk for over $20 billion, aiming to bolster AI security offerings through industry consolidation – Palo Alto & CyberArk
  • SentinelOne continues to lead in AI-driven endpoint security, offering autonomous real-time threat detection and resilience as recognized in Gartner’s 2025 Magic Quadrant – AI Endpoint Security

Identity, Privacy & Behavioral Security

  • Experts discuss combating identity fraud by using behavioral analytics, multi-source data, and visualization to counteract impersonation and phishing attacks – Identity Fraud Combat
  • Choicejacking attacks exploiting public phone chargers are emerging as a new threat, urging users to avoid public USB ports and maintain updated device security – Choicejacking Attack
  • Increasing deployment of Flock Safety’s automatic license plate reader cameras in schools through Raptor Technologies raises civil liberties and data privacy concerns – School Surveillance Debate

Cybersecurity Governance

  • The US Senate committee advances Sean Plankey’s nomination to lead CISA amid ongoing agency funding, staffing challenges, and its critical role in election and infrastructure security – CISA Director Nomination, Plankey Advances

Emerging Threat Patterns & Research

  • Researchers find that spikes in malicious activity often precede disclosure of new CVEs by up to six weeks in 80% of cases, underscoring the value of attack pattern monitoring – Malicious Activity Trends
  • Phishing campaigns increasingly target Python developers with fake PyPI sites to steal credentials, threatening package security and user accounts – PyPI Phishing Attacks

Cybersecurity News | Daily Recap – hendryadrian.com