Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [05 Jul 2025]

admin
Cybersecurity News | Daily Recap [05 Jul 2025]

Recent cybersecurity incidents include Ingram Micro suffering a major outage caused by SafePay ransomware exploiting VPN vulnerabilities, and the City of Coppell, Texas, notifying residents of a data breach linked to RansomHub ransomware. Additionally, threat actors targeted France’s critical infrastructure using Ivanti zero-days, while Taiwan warns of data security risks from Chinese-developed apps. Key attack techniques involved exposed JDWP interfaces used by Hpingbot for DDoS, CSP bypasses through CSS injection, and NTLM relay attack resurgence. #SafePay #RansomHub #HellcatRansomware #Telefónica #JDWP #CSPBypass #NTLMRelay

Ransomware & Data Breaches

  • Ingram Micro faces a major outage due to a SafePay ransomware attack exploiting VPN vulnerabilities and disrupting key distribution platforms – Ingram Micro Outage, Ingram Micro Outage
  • The City of Coppell, Texas, notifies 17K residents of a data breach following a RansomHub ransomware attack compromising sensitive personal information – Coppell Data Breach
  • A hacker linked to the Hellcat Ransomware group leaks internal and customer data stolen from telecommunications giant Telefónica, threatening further exposure – Telefónica Data Leak
  • Scammers impersonate the DOGE Coordination Unit to steal personal data via deceptive emails, exploiting confusion around official DOGE communications – DOGE Scam

Nation-State Threats & Zero-Day Exploits

  • China-linked UNC5174 threat actors targeted France’s critical infrastructure last year using a trio of Ivanti zero-day vulnerabilities in cloud services, illustrating ongoing state-sponsored espionage – France Ivanti Exploits
  • Taiwan warns citizens of severe risks posed by Chinese-developed apps like TikTok, WeChat, and Baidu Cloud due to extensive unauthorized data collection and transmission to China, urging caution – Taiwan Data Risks, Taiwan Chinese Apps

Vulnerabilities & Attack Techniques

  • Threat actors exploit exposed JDWP interfaces to deploy cryptocurrency miners and use the Hpingbot botnet to conduct DDoS attacks via weak SSH configurations – JDWP & Hpingbot Alert
  • Security researchers bypass nonce-based Content Security Policy protections by combining CSS injection, nonce leakage, and browser cache manipulation, exposing new web app vulnerabilities – CSP Bypass
  • NTLM relay attacks resurface as a major threat in environments relying on legacy authentication, enabling lateral movement and privilege escalation risks – NTLM Relay Attacks

Cybersecurity News | Daily Recap – hendryadrian.com