![Cybersecurity News | Daily Recap [04 Jul 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [04 Jul 2025]")
Cybersecurity experts have uncovered NightEagle, a sophisticated threat actor exploiting Microsoft Exchange zero-days to target Chinese military and tech sectors for espionage purposes. Estonia leads efforts in cyber diplomacy and resilience amid rising threats from Russia, promoting international cooperation to expose spies. #NightEagle #ChinaCyberEspionage #EstoniaCyberDiplomacy
APT & Espionage
- Cybersecurity researchers uncover NightEagle, an advanced threat actor exploiting Microsoft Exchange zero-days to target Chinaβs military and tech sectors for espionage β NightEagle APT
- Estonia leads in cyber diplomacy and digital resilience amid rising threats linked to Russia, with efforts to expose GRU spies and promote international cooperation β Estonia Cyber Diplomacy
Vulnerabilities & Exploits
- Critical Sudo flaws let local users gain root on major Linux distros; patches released in version 1.9.17p1 β Sudo Vulnerabilities
- Remote code execution vulnerability discovered in Wing FTP Server allowing full takeover; urgent update to version 7.4.4 recommended β Wing FTP Vulnerability
- Cl0p ransomware exfiltration tool has an unpatched RCE flaw that could expose the group to internal attacks β Cl0p RCE Flaw
- ModSecurity WAF bug (CVE-2025-52891) enables denial-of-service via empty XML elements; disabling SecParseXmlIntoArgs or upgrading to 2.9.11 advised β ModSecurity DoS
- Grafana patches four critical Chromium vulnerabilities in Image Renderer plugin that could lead to remote code execution and memory corruption β Grafana Update
Ransomware & Fraud
- BlackSuit gang ransomware attack on Virginia county leaked over 3,500 employee Social Security and bank details β Virginia Ransomware
- Spanish police dismantle investment fraud ring causing over β¬10 million in damages through fake crypto investment schemes and call center scams β Investment Fraud Bust
- Global Android ad fraud networks including IconAds and Kaleidoscope use malicious apps and twin app deception to generate fraudulent traffic and scams β Android Fraud Operations
Data Privacy & Legal
- Google ordered to pay $314 million in California for illegally transmitting Android usersβ cellular data without consent β Google Data Penalty
- Weekly roundup highlights key security events including cartel hacking, Linux sudo flaws, and international malware infrastructure sanctions β Weekly Cybersecurity Roundup
Cybersecurity Community & Awareness
- Suraksha Catalyst and The Cyber Express to launch candid podcast series at Black Hat USA 2025 focusing on emerging threats and CISO challenges β Black Hat Podcast
- Generative AI agents pose data leakage risks; upcoming webinar offers strategies to secure AI workflows and sensitive enterprise information β AI Data Leak Webinar