Cybersecurity News | Daily Recap [02 Jul 2025]

hendryadrian.com

hendryadrian.com

Cyberattacks & Breaches

• Qantas airline confirmed a cyberattack on a third-party contact center platform affecting 6 million customers, attributed to the Scattered Spider cybercriminal group using social engineering – Qantas Breach, Qantas Data Breach, Qantas Confirmed, Qantas Discloses
• Spanish authorities arrested two suspects for leaking and selling sensitive data of government officials and journalists using cryptocurrency, linked to far-right Telegram channels – Spain Data Leak Arrests
• German charity Deutsche Welthungerhilfe was hit by ransomware, with stolen data offered for sale, but humanitarian operations continue while defenses are reinforced – Charity Ransomware
• International Criminal Court detected and contained a sophisticated espionage cyberattack, emphasizing the ongoing risks to global institutions – ICC Cyberattack
• Ahold Delhaize US operations disclosed a ransomware attack that exposed personal data of over 2.2 million employees, underlining ransomware risks in retail – Ahold Delhaize Breach
• Kelly & Associates Insurance Group revealed a data breach impacting over 550,000 customers, exposing personal and medical information and raising identity theft concerns – Kelly Benefits Breach
• Cyberattack on Russian independent media found linked to a US-sanctioned institute using high-risk infrastructure for disinformation and DoS attacks – Russian Media Attack

Ransomware & Threat Actors

• Ransomware group Qilin claimed over 86 victims in June, maintaining dominance with high-value targets through Ransomware-as-a-Service operations – Qilin Ransomware
• US sanctioned Russian bulletproof hosting company Aeza Group and its affiliates for supporting ransomware and cybercriminal infrastructure used by groups including BianLian, BlackSprut, and RomCom RAT – Aeza Sanctions 1, Aeza Sanctions 2, Aeza Sanctions 3
• Threat groups TA829 and UNK_GreenSec share tactics and infrastructure, deploying malware like TransferLoader using compromised MikroTik routers and encrypted C2 communications – TA829 & UNK_GreenSec

Cryptocurrency & Fraud

• Over 40 fake crypto wallet extensions impersonating MetaMask and Phantom flooded the Firefox store, stealing seed phrases and data in a campaign linked to Russian-speaking threat actors – Fake Wallet Extensions
• Crypto theft losses in H1 2025 have surpassed all 2024 totals due to major breaches like ByBit and Cetus Protocol hacks, emphasizing urgent need for advanced security – Crypto Loss Surge
• US DOJ and Microsoft dismantled North Korean cyber operations using stolen US identities to enable remote IT worker scams and funnel cryptocurrency, highlighting sophisticated state-linked cybercrime – North Korean IT Scams, North Korean ID Theft

Vulnerabilities & Exploits

• Critical vulnerability CVE-2025-6463 in the Forminator WordPress plugin risks takeover of over 400,000 websites via arbitrary file deletion; patch 1.44.3 is released – Forminator Vulnerability
• US CISA warned of multiple exploited vulnerabilities in TeleMessage app exposing credentials and chat logs, urging immediate patching of CVE-2025-47729, CVE-2025-48927, and CVE-2025-48928 – TeleMessage Flaws
• A critical remote code execution vulnerability CVE-2025-49596 in Anthropic’s MCP Inspector threatens developer systems with full control, aggravating risks in AI development environments – Anthropic Vulnerability
• A new FileFix attack uses saved HTML files to run malicious JScript bypassing Windows Mark of the Web alerts, exploiting social engineering and mshta.exe execution – FileFix Attack
• French agency ANSSI exposed Chinese MSS-linked group UNC5174 “Houken” exploiting Ivanti CSA zero-days and deploying Linux rootkits targeting strategic sectors – Houken Exposure

Phishing & Social Engineering

• New phishing campaigns impersonate Microsoft, DocuSign, and PayPal using PDF callbacks, QR codes, and AI-powered VoIP spoofing to steal information in advanced targeted attacks – Callback Phishing
• Generative AI tool Vercel’s v0 has been weaponized to rapidly create large-scale fake login pages, lowering entry barriers for phishing attacks – AI-Powered Phishing
• Nearly 80% of modern cyber threats mimic legitimate network traffic, driving SOCs to adopt multi-layered Network Detection and Response (NDR) tools for improved threat detection – Evasive Threats

Microsoft & Windows Updates

• Microsoft fixed the Windows 11 24H2 update bug that disabled the ‘Print to PDF’ feature in KB5060829 preview, with wider rollout planned for July – Print to PDF Fix
• Microsoft resolved a DNS misconfiguration issue that blocked delivery of Exchange Online OTP codes, restoring secure access for encrypted emails – Exchange OTP Fix
• Microsoft open-sourced the GitHub Copilot Chat extension for VS Code under MIT license, promoting transparency and community AI development – Copilot Chat Open Source

Security Enhancements & Industry Trends

• AT&T launched “Wireless Lock” to block SIM swap attacks by locking account changes including number porting, reinforcing mobile security – AT&T Wireless Lock
• Cybersecurity M&A activity continues strong in June 2025 with 41 deals, contributing to over 400 deals in 2024 amid industry consolidation – Cybersecurity M&A
• Article stresses that organizational preparedness and continuous incident response training build muscle memory critical for effective ransomware defense – Ransomware Response
• ASEAN’s rapid digital growth faces cybersecurity challenges; experts recommend security-by-design, AI threat detection, legal cooperation, and workforce development for resilience – ASEAN Cybersecurity
• Insider threat illustrated as a former IT worker was jailed for over seven months after deliberately disrupting his former employer’s network, underscoring access control importance – Insider Threat Sentenced

Cybersecurity News | Daily Recap – hendryadrian.com