Cybersecurity News | Daily Recap [04 Jun 2025]

hendryadrian.com

hendryadrian.com

Data Breaches & Ransomware

• Nearly 3,000 North Face customer accounts were breached via credential stuffing in a retail cyberattack linked to the Scattered Spider group – North Face Breach
• North Carolina’s Compassion Health Care notified 23,000 patients of a data breach involving SSNs and medical info after ransomware hit, attributed to SafePay gang – North Carolina Healthcare Breach
• Victoria’s Secret postponed earnings following a major ransomware attack disrupting operations, highlighting rising retail cyber threats – Victoria’s Secret Ransomware
• SafePay and DevMan emerged as leading ransomware threats in May 2025, with SafePay claiming 58 victims mainly in U.S. healthcare and professional sectors – Ransomware Threats
• A breach at Coinbase was linked to bribed TaskUs support agents in India, resulting in estimated losses of up to $400 million – Coinbase Insider Breach

Software Vulnerabilities & Patching

• HPE StoreOnce platforms face critical authentication bypass (CVE-2025-37093) and remote code execution flaws, with urgent patches recommended for versions prior to 4.3.11 – StoreOnce Vulnerability, StoreOnce Patch, StoreOnce Auth Bypass
• CISA added actively exploited vulnerabilities in ASUS RT-AX55 routers, Craft CMS, and ConnectWise ScreenConnect to its Known Exploited Vulnerabilities catalog, urging immediate patching – CISA Vulnerability Catalog
• Multiple critical flaws in SAP GuiXT scripting could lead to remote code execution, NTLM hash theft, CSRF, and DoS attacks, requiring cautious configuration and patching – SAP GuiXT Vulnerabilities
• A new time-based blind SQL injection (CVE-2025-45542) was discovered in the CloudClassroom PHP project v1.0, enabling remote attacks unless mitigated by prepared statements or WAFs – CloudClassroom SQLi
• Stored XSS vulnerability found in ERPNext v15.53.1 allowing script execution via the user_image field, exposing users to browser-based compromises – ERPNext XSS
• Safari’s JavaScript TypeError handling flaw enables cross-site scripting leading to arbitrary code execution, posing client-side risks – Safari XSS Vulnerability
• Instantel Micromate industrial monitoring devices (1000+) exposed to remote hacking via critical flaw CVE-2025-1907 that allows command execution impacting operational safety – Instantel Industrial Flaw

Malware & Cybercrime Campaigns

• The rapidly evolving Acreed infostealer is poised to replace Lumma in Russia’s cybercriminal market targeting Windows credentials and browser data – Acreed Infostealer
• Android banking trojan Crocodilus spreads globally via malicious ads, adding fake contact entries to bypass detection and impersonate trusted contacts – Crocodilus Trojan
• Fake DocuSign pages deliver multi-stage NetSupport RAT malware using clipboard poisoning and spoofed websites to establish remote access – NetSupport RAT Campaign
• Malicious open-source packages in PyPI, npm, and Ruby repositories conduct cryptocurrency theft, data exfiltration, and code destruction via supply chain attacks – Malicious OSS Packages
• Malicious GitHub repositories distributing backdoors and malware such as Sakura RAT target hackers and gamers with fake exploits and obfuscated payloads – GitHub Backdoors
• Hedera Hashgraph network users are defrauded through NFT airdrop scams exploiting wallet data, prompting FBI warnings to verify offers and report fraud – Hedera NFT Scam

Social Engineering & AI Threats

• Google warns of vishing and extortion campaigns by UNC6040 and ShinyHunters, targeting Salesforce users through voice phishing and OAuth exploits for data theft and lateral movement – Salesforce Vishing, Salesforce Extortion
• Advances in AI have intensified social engineering threats, enabling attackers to deploy deepfakes and more convincing scams, while defenders leverage AI to improve detection and training – AI & Social Engineering

Funding & Industry Developments

• Compyl raised $12 million to enhance its governance, risk, and compliance (GRC) platform featuring real-time insights and automation – Compyl Funding
• ThreatSpike secured $14 million in Series A funding to expand its all-in-one real-time detection, response, and penetration testing cybersecurity platform – ThreatSpike Funding
• Email security firm Trustifi raised $25 million to boost its AI-powered platform protecting against BEC and spoofing across major email providers – Trustifi Investment
• Veteran researcher Mikko Hypponen shifted focus from anti-malware to countering drone threats as Chief Research Officer at anti-drone company Sensofusion – Hypponen Joins Sensofusion

Governance & Strategic Initiatives

• The UK’s 2025 Strategic Defence Review marks a shift towards openly integrating cyberwarfare, AI, and digital operations with the establishment of CyberEM command working alongside NATO allies – UK Cyberwarfare Strategy
• Germany fined Vodafone €45 million for data privacy violations involving fraudulent third-party deals, prompting enhanced security and authentication safeguards – Vodafone GDPR Fine

Best Practices & Webinars

• A webinar today highlights redefining vulnerability management by focusing on exposure validation to reduce patch fatigue and provide actionable security metrics – Exposure Validation Webinar
• Traditional data leakage prevention fails in the SaaS era, with a new white paper advocating browser-centric DLP solutions to secure cloud-native data better – SaaS Data Protection
• Kerberos AS-REP roasting attacks targeting accounts without pre-authentication emphasize the importance of strong passwords and active monitoring in Active Directory environments – Kerberos AS-REP Roasting
• Crocrime scams caused by Crime-as-a-Service networks may never be stopped but can be managed, with global losses predicted at over $1 trillion in 2024 and efforts focusing on disrupting criminal infrastructures – Managing Cyber Scams

Cybersecurity News | Daily Recap – hendryadrian.com