Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [05 Jun 2025]

admin
Cybersecurity News | Daily Recap [05 Jun 2025]

Recent cybersecurity developments include sophisticated phishing and malware campaigns targeting Salesforce users with infostealers like Azorult and Lumma, and cybercriminal activities involving backdoors in open-source repositories. Key issues also involve geopolitical cyberattacks, major data breaches, and security vulnerabilities affecting critical infrastructure and enterprise systems. #UNC6040 #Azorult #Lumma #ChaosRAT #PhantomEnigma #RedLine #BidenCash #PathWiper #Tupolev #IBMQRadar #CiscoISE

Malware & Phishing Campaigns

  • Mandiant and Google expose sophisticated voice phishing and vishing campaigns by UNC6040 targeting Salesforce apps with infostealer malware like Azorult and Lumma to steal credentials and data โ€“ Salesforce Phishing, Salesforce Threats, Vishing UNC6040
  • New Chaos RAT malware targets Windows & Linux via fake network tool downloads to facilitate crypto wallet theft and mining operations โ€“ Chaos RAT Attack
  • The โ€œPhantom Enigmaโ€ campaign uses malicious Chrome and Edge extensions to steal sensitive data, mainly impacting Brazilian users via RATs โ€“ Phantom Enigma
  • ClickFix attack uses fake Cloudflare Turnstile pages combined with social engineering to silently deploy malware including Lumma and Stealc infostealers โ€“ ClickFix Malware
  • RedLine malware operators face a $10 million U.S. bounty following international disruption efforts targeting their infostealer infrastructure โ€“ RedLine Bounty

Cybercrime Infrastructure & Backdoors

  • Widespread cybercrime campaign inserts backdoors into over 130 GitHub repositories disguised as malware tools and game cheats, distributing malwares like SakuraRAT across supply chains โ€“ Backdoored Repositories, GitHub Backdoors
  • International law enforcement shut down the BidenCash darknet marketplace used for selling stolen credit card data and personal info, seizing over 145 domains to disrupt $17 million in illicit revenue โ€“ BidenCash Takedown, BidenCash Domains Seized
  • Ukrainian hacker arrested for breaching over 5,000 hosting accounts to mine cryptocurrency, causing $4.5 million in damages โ€“ Hosting Accounts Hack

Ransomware & Data Breaches

  • The Play ransomware gang breached 900+ organizations by exploiting CVE-2024-57727 in SimpleHelp, employing double-extortion tactics with stolen data and psychological pressure โ€“ Play Ransomware Exploits, Play FBI Report
  • Lee Enterprises ransomware attack by Qilin group exposed nearly 40,000 Social Security numbers, disrupting U.S. newspaper operations โ€“ Lee Enterprises Breach, Lee Enterprises Data Leak, Lee SSN Leak
  • Interlock ransomware attacked Kettering Health, leaking over 941 GB of sensitive medical and personal data, significantly affecting patient care โ€“ Interlock Kettering Attack
  • Vanta compliance platform suffered a software bug exposing private customer data to other clients, affecting hundreds of users โ€“ Vanta Data Leak

State-Sponsored & Geopolitical Cyber Operations

  • Russia-linked APT deployed new destructive PathWiper malware to target Ukrainian critical infrastructure storage and systems โ€“ PathWiper Attack
  • Ukraine claims successful cyberattack on Russiaโ€™s Tupolev aerospace firm, stealing 4.4 GB of sensitive strategic aviation data โ€“ Tupolev Hack, Ukraine Tupolev Breach
  • China issues warrants for Taiwanese hackers and bans a Taiwanese company linked to pro-independence activities, intensifying tensions around cybersecurity and sovereignty โ€“ China-Taiwan Cyberactions
  • Microsoft launches a free AI-powered EU cybersecurity program to bolster defenses against state-sponsored cyber threats from Russia, Iran, China, and North Korea targeting European governments โ€“ Microsoft EU Program

Vulnerabilities & Security Flaws

  • Critical IBM QRadar and Cloud Pak for Security vulnerabilities risk exposure of sensitive files and remote code execution, with urgent upgrades recommended โ€“ IBM QRadar Flaws
  • Cisco ISE suffers critical authentication bypass flaw affecting cloud deployments on AWS, Azure, and OCI with public exploit code available โ€“ Cisco ISE Flaw, Cisco CCP Vulnerabilities
  • Schneider Electric EcoStruxure Power Build Rapsody affected by stack-based buffer overflow (CVE-2025-3916), allowing arbitrary code execution unless updated โ€“ Schneider Electric Vulnerability
  • Stored XSS vulnerability found in CubeCart v6.5.9 โ€œDescriptionโ€ field enables script injection and potential session hijacking โ€“ CubeCart XSS
  • Windows user group policy bypass possible via offline registry hive manipulation through OFFREG.dll, exposing risks of unauthorized privilege escalation โ€“ Windows Registry Bypass

Privacy, Compliance & Enforcement

  • Vodafone Germany fined โ‚ฌ45 million ($51 million) for privacy and security failings leading to user data breaches, stressing GDPR compliance for telecoms โ€“ Vodafone GDPR Fine
  • FTC chair calls on Congress to strengthen childrenโ€™s online privacy laws with better age verification and parental controls to combat data misuse โ€“ FTC on Childrenโ€™s Privacy

Cybersecurity News | Daily Recap โ€“ hendryadrian.com