Cybersecurity News | Daily Recap [01 Aug 2025]

hendryadrian.com

hendryadrian.com

Cyber Espionage & State-Sponsored Attacks

• Russian group Secret Blizzard continues ISP-level AiTM attacks targeting foreign embassies in Moscow using custom malware ApolloShadow, enabling persistent surveillance and diplomatic data theft – Kremlin ISP Attacks, Russian Cyberspies Moscow, Russian State Hackers
• The US continues investigation of Volt Typhoon, a Chinese threat group targeting critical infrastructure on Guam, raising concerns of port disruptions and national security risks – Volt Typhoon Probe
• North Korean hacker group Lazarus targets open-source repositories with malicious packages impacting over 36,000 developers, exemplifying evolving cyberespionage supply chain risks – North Korean Open Source Attack
• China advances space cyber warfare capabilities proposing lasers and sabotage operations against Elon Musk’s Starlink satellites amid strategic tensions – Chinese Starlink Countermeasures

Ransomware & Cybercrime

• Everest ransomware claims breach of Mailchimp, leaking marketing and personal data in a relatively small but impactful attack – Everest Mailchimp Breach
• Storm-2603 exploits Microsoft SharePoint vulnerabilities deploying custom AK47 C2 backdoor and ransomware families Warlock and LockBit Black, employing advanced evasion and hijacking techniques – Storm-2603 Ransomware
• Law enforcement seizes cryptocurrency linked to Chaos ransomware affiliates amid ongoing global ransomware crackdowns – Ransomware Law Enforcement Actions

Vulnerabilities & Exploits

• Critical zero-day CVE-2025-5394 in the Alone WordPress theme exploited for file uploads and site takeovers prior to public disclosure – Alone Theme Zero-Day
• New remote code execution bug CVE-2025-7847 in WordPress AI Engine plugin enables authenticated users to upload malicious files risking full site compromise – AI Engine Plugin Vulnerability
• Prompt injection vulnerability CurXecute (CVE-2025-54135) affects AI-powered Cursor IDE allowing remote command execution and environment takeover – Cursor IDE Vulnerability
• Multi-layer redirect phishing tactics detected stealing Microsoft 365 login credentials via fake OAuth apps and sophisticated obfuscation – Microsoft 365 Phishing, OAuth Fake Apps
• Microsoft to disable external workbook links to blocked file types in Excel from Oct 2025 to reduce phishing and malware spread risks – Excel File Link Block

Malware & Supply Chain Threats

• AI-generated malicious npm package @kodane/patch-manager involved in draining funds from over 1,500 Solana wallets before takedown, highlighting AI-based supply chain risks – Malicious AI npm Package
• Android banking Trojan DoubleTrouble targets European users through Discord with real-time surveillance and remote control to evade detection – DoubleTrouble Android Trojan

Cybersecurity Funding & Innovation

• Noma Security raises $100 million to advance AI threat detection and runtime protection with its AI agent security platform – Noma AI Security Funding
• Safe secures $70 million Series C to develop Cyber Artificial General Intelligence (CyberAGI) for autonomous threat response – Safe CyberAGI Funding
• Echo obtains $15 million seed funding to build AI-based vulnerability-free container images enhancing enterprise software security – Echo Container Security
• Reach Security raises $10 million more for AI-powered security drift detection assistant ConfigIQ Drift – Reach Security Funding

Legislation, Compliance & Strategic Security

• U.S. senators introduce bill to create a national strategy for quantum cybersecurity migration emphasizing early post-quantum encryption adoption – Quantum Cybersecurity Bill
• Illumina settles DOJ lawsuit for $9.8 million over cybersecurity lapses in genomic sequencing systems sold to federal agencies – Illumina Cybersecurity Settlement
• Russia records a historic high of over 2,000 mobile internet shutdowns in July amid conflicts with Ukraine, impacting freedom and economic activity – Russian Internet Shutdowns

Tools, Contests & Research

• CISA and Sandia National Laboratories release open-source Thorium platform to automate malware analysis and digital forensics for cybersecurity teams – Thorium Malware Platform, CISA Thorium Launch
• Pwn2Own Ireland 2025 offers $1 million for a zero-click WhatsApp exploit, aiming to uncover critical vulnerabilities in popular messaging apps – Pwn2Own WhatsApp Prize
• Kali Linux can now run inside Apple containers on macOS Sequoia, although with some hardware limitations affecting Intel-based systems – Kali Linux on macOS
• New “Man in the Prompt” attack exploits browser extensions to inject malicious instructions into AI tools like ChatGPT and Google Gemini, risking data leaks – Man in the Prompt Attacks
• Effective AI cybersecurity depends critically on high-quality, structured data feeds, urging organizations to upgrade their datasets beyond legacy sources – AI Data Quality Importance

Cybersecurity News | Daily Recap – hendryadrian.com