Microsoft’s July 2025 Patch Tuesday addressed 137 vulnerabilities, including a zero-day in SQL Server and critical flaws in Windows, Office, and SharePoint, prompting urgent updates. Cyber espionage efforts include the arrest of Chinese hacker Xu Zewei linked to Silk Typhoon and Hafnium, alongside sanctions on North Korean and Russian threat actors like Andariel and Lazarus. Recent malware threats feature Iranian ransomware Pay2Key.I2P, data breaches at Nova Scotia Power and IES Communications, and a surge in Android banking malware such as Anatsa Trojan. Notable vulnerabilities include flaws in Nippon Steel Solutions’ network equipment and ServiceNow, while security enhancements focus on Galaxy devices’ Knox protection and automation via Tines. Threat techniques involve fake news sites impersonating major outlets and AI-powered deepfake impersonations of US officials. #SQLServerZeroDay #Hafnium #Lazarus #Pay2KeyI2P #AnatsaTrojan
Category: Daily Recap
![Cybersecurity News | Daily Recap [09 Jul 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [09 Jul 2025]")
Cybersecurity experts report a surge in sophisticated spyware campaigns, including the Batavia and Atomic Stealer strains, targeting Russian firms and Mac users globally. Additionally, new botnets like RondoDox and hpingbot are exploiting vulnerabilities and enabling stealthy DDoS attacks, highlighting persistent threats to organizations worldwide. #Batavia #AtomicStealer #RondoDox #hpingbot
This cybersecurity recap highlights the abuse of legitimate tools like Inno Setup and Shellter Elite by cybercriminals to distribute stealthy malware and evade detection. It also reports on sophisticated nation-state espionage campaigns by North Korea, TAG-140, APT36, and NightEagle, targeting critical sectors across different regions. #InnoSetupAbuse #ShellterElite #NimDoor #TAG-140 #APT36 #NightEagle
![Threat Research | Weekly Recap [06 Jul 2025]](https://www.hendryadrian.com/tweet/image/cybersecuritynews.png "Threat Research | Weekly Recap [06 Jul 2025]")
This week’s cybersecurity recap highlights critical vulnerabilities such as CVE-2025-5777 and CVE-2025-20309 affecting Citrix and Cisco, which are actively exploited by threat actors like APT28 and MuddyWater. Emerging malware campaigns include sophisticated botnets like Flodrix and advanced evasion techniques like Shellter and steganography. #CitrixBleed #MuddyWater
Recent cybersecurity incidents include Ingram Micro suffering a major outage caused by SafePay ransomware exploiting VPN vulnerabilities, and the City of Coppell, Texas, notifying residents of a data breach linked to RansomHub ransomware. Additionally, threat actors targeted France’s critical infrastructure using Ivanti zero-days, while Taiwan warns of data security risks from Chinese-developed apps. Key attack techniques involved exposed JDWP interfaces used by Hpingbot for DDoS, CSP bypasses through CSS injection, and NTLM relay attack resurgence. #SafePay #RansomHub #HellcatRansomware #Telefónica #JDWP #CSPBypass #NTLMRelay
Cybersecurity experts have uncovered NightEagle, a sophisticated threat actor exploiting Microsoft Exchange zero-days to target Chinese military and tech sectors for espionage purposes. Estonia leads efforts in cyber diplomacy and resilience amid rising threats from Russia, promoting international cooperation to expose spies. #NightEagle #ChinaCyberEspionage #EstoniaCyberDiplomacy
This cybersecurity recap highlights recent ransomware incidents, data breaches affecting millions, and the emergence of North Korean malware targeting macOS and crypto sectors. It also underscores ongoing geopolitical cyber cooperation and critical vulnerabilities in enterprise software, emphasizing the importance of timely patching and global collaboration. #HuntersInternational #KellyBenefits #Qantas #NimDoor #ITArmyOfRussia #Forminator #TeleMessage #CyberDome
This cybersecurity recap highlights major recent incidents, including the Qantas data breach attributed to the Scattered Spider group and the ransomware attack on Deutsche Welthungerhilfe. It underscores ongoing threats from threat actors like Qilin and Aeza Group, as well as emerging vulnerabilities and sophisticated social engineering tactics. #ScatteredSpider #Qilin #AezaGroup #ForminatorVulnerability
Recent cyberattacks target high-profile organizations like the International Criminal Court and Swiss government, exposing critical vulnerabilities and data breaches. Authorities disrupted North Korean IT schemes and dismantled global crypto fraud rings, highlighting ongoing threats from nation-state actors and cybercriminal groups. #ICC Cyberattacks #Sarcoma #DarkAngels #North Korean IT Scheme #Crypto Fraud
This week’s cybersecurity recap highlights sophisticated state-sponsored espionage campaigns by North Korea and Iran, targeting financial, technological, and critical infrastructure sectors globally. Additionally, emerging malware, supply chain attacks, and phishing campaigns continue to evolve, including AI-related threats using prompt injection techniques. #APT38 #IranianCyberThreats #ContagiousInterview #CVE-2025-5777 #RapperBot
The recent cybersecurity developments include the expansion of the Scattered Spider group’s social engineering attacks to aviation and transportation sectors, and a Chinese-linked espionage campaign hacking over 1,000 SOHO devices using the ShortLeash backdoor. Additionally, threats such as the GIFTEDCROOK malware targeting Ukrainian authorities, sophisticated phishing tactics mimicking DocuSign, and critical vulnerabilities like CVE-2025-6561 in Hunt Electronics DVRs highlight ongoing security challenges. Hashtags: #ScatteredSpider #ShortLeash #GIFTEDCROOK #CVE20256561 #Cloudflare
Recent cybersecurity developments include massive data breaches affecting millions, such as Ahold Delhaize and UNFI, alongside sophisticated malware campaigns like PUBLOAD and Sainbox RAT targeting Asian organizations. Key threat actors like Mustang Panda, Hive0154, and North Korea’s BlueNoroff continue to exploit vulnerabilities and conduct social engineering fraud, while nations enhance cyber defense policies, notably in NATO and the US. #AholdDelhaizeBreach #MustangPanda #BlueNoroff
Cybersecurity experts highlight ongoing threats like the cybercrime spree by IntelBroker, who faces charges for a $25 million scheme involving breach marketplaces, and the exploitation of open-source tools by groups like CL-CRI-1014 targeting African financial institutions. Significant vulnerabilities in enterprise systems continue to be exploited, with active threats involving AMI MegaRAC BMC, FortiOS, and NetScaler flaws, while attack campaigns such as the malicious npm packages used by North Korea-linked actors demonstrate the evolving threat landscape. #IntelBroker #CL-CRI-1014 #MegaRAC #FortiOS #NetScaler
Microsoft extends Windows 10 Extended Security Updates until 2026, providing additional time for users to maintain security features. Recent updates include bug fixes for Windows 10 and improvements to Windows 11, alongside significant data breaches and geopolitical cyber threats highlighting ongoing risks in the cybersecurity landscape. #Windows10ESU #BreachForums #Qilin #SonicWall #Hy-Vee #NorthKorea #APT28
Recent cybersecurity updates include the unexpected release of REvil ransomware members in Russia and new stealth malware campaigns by APT28 targeting Ukrainian agencies via Signal chats. Additionally, state-sponsored actors exploit critical vulnerabilities in infrastructure, and breaches continue to impact organizations like Paraguay’s government and healthcare providers like McLaren Health Care. #REvil #APT28