Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [06 Jun 2025]

admin
Cybersecurity News | Daily Recap [06 Jun 2025]

This cybersecurity update covers extensive malware and ransomware campaigns, including the BadBox IoT botnet and Qilin ransomware exploiting critical vulnerabilities. It also highlights law enforcement actions against cybercrime networks and emerging technologies enhancing defense strategies. #BadBox #Qilin #PathWiper #Interlock #PlayRansomware #Hive0131 #Rhadamanthys #RedLine

Malware & Ransomware Attacks

  • The BadBox 2 botnet has infected over 1 million IoT devices globally, exploiting Android-based smart TVs and gadgets for proxy and fraud activities, with FBI warnings and advice to update firmware – BadBox Warning, BadBox IoT Threat, BadBox FBI Report
  • The Qilin ransomware linked to Phantom Mantis exploits critical Fortinet flaws to attack organizations worldwide, focusing on Spanish-speaking regions including NHS hospitals – Qilin Ransomware
  • PathWiper, a destructive Russian-linked wiper malware from APT groups like Sandworm, continues targeting Ukrainian critical infrastructure with sophisticated attacks causing irreversible damage – PathWiper Record, PathWiper Destruction, PathWiper Attack, PathWiper Talos Report
  • The Interlock ransomware group targeted of Kettering Health in Ohio, causing two weeks of disruption before full system restoration – Interlock Attack
  • The Play ransomware gang has attacked over 900 organizations globally since 2022 using advanced tactics including remote management exploits – Play Ransomware FBI
  • Hive0131 phishing campaigns deliver the DCRat banking trojan targeting Colombian users with sophisticated infection chains – Hive0131 DCRat
  • Rhadamanthys infostealer malware spreads via copyright-themed phishing targeting European victims, impersonating legal entities to trick victims into downloading malware – Rhadamanthys Campaign
  • A Ukrainian hacker involved in a cryptojacking scheme compromised over 5,000 accounts causing $4.5 million in damages before arrest – Ukrainian Cryptojacker, Ukrainian Crypto Arrest
  • The US offers a $10 million reward for the capture of Maxim Rudometov, developer of the RedLine infostealer malware used worldwide – RedLine Reward

Cybercrime Operations & Law Enforcement Actions

  • Nigeria sentenced nine Chinese nationals involved in a cyberfraud syndicate and uncovered a network recruiting youths for global cybercrime; international arrests include 20 suspects in child sexual abuse content distribution – Nigeria Cyberfraud, CSAM Arrests
  • The US DOJ seeks seizure of $7.74 million tied to North Korean IT worker cryptocurrency laundering supporting weapons programs – North Korea Crypto Laundering
  • US authorities disrupted the $17 million BidenCash darknet marketplace by seizing 145 domains used for selling stolen financial data – BidenCash Takedown
  • Microsoft and Indian CBI dismantled call centers behind a tech support scam targeting Japanese citizens through social engineering and AI tools – Indian Call Center Scam
  • Sean Cairncross’s Senate confirmation hearing as US National Cyber Director nominee raised concerns over proposed cybersecurity spending cuts amid rising Chinese cyber threats – US Cyber Director Hearing

Vulnerabilities & Patch Updates

  • Critical vulnerabilities affecting Fortinet, Cisco ISE, HPE StoreOnce, Dell PowerScale OneFS, and Roundcube webmail have been patched amid active exploit attempts including public PoCs and ransomware campaigns – Fortinet Flaws, Cisco ISE Patch, HPE StoreOnce Patch, Dell OneFS Advisory, Roundcube Exploit
  • CISA issued 7 new Industrial Control System advisories covering vulnerabilities in devices by CyberData, Hitachi Energy, and Mitsubishi Electric affecting energy and manufacturing sectors – CISA ICS Advisories
  • Misconfigured HMIs exposed hundreds of US water systems to public internet access without authentication, risking critical infrastructure – US Water System Exposure

Espionage & State-Sponsored Threats

  • OpenAI removed ChatGPT accounts tied to state-backed actors from China, Russia, North Korea, Iran, and the Philippines exploiting the platform for disinformation, malware dev, and scams – OpenAI ChatGPT Takedown
  • Iran-linked group BladedFeline targets Kurdish and Iraqi officials with malware like Shahmaran, Whisper, and PrimeCache in long-running espionage campaigns – BladedFeline Attacks, BladedFeline Analysis
  • The Bitter APT, linked to Indian intelligence, expands espionage efforts targeting government and diplomatic sectors across South Asia and Turkey using spear-phishing and malware campaigns – Bitter APT Expansion

Data Breaches & Privacy Issues

  • An unsecured database leak exposed personal details of over 3.6 million Passion.io app creators, raising identity theft risks due to lack of encryption – Passion.io Data Leak
  • A repackaged 2021 AT&T data breach released on a Russian hacking forum linked Social Security numbers and birth dates to 49 million phone numbers – AT&T Data Leak
  • Popular Google Chrome extensions found leaking API keys and user data over HTTP with hardcoded credentials, advising users to uninstall until fixed – Chrome Extensions Leak
  • Germany fined Vodafone €45 million for multiple privacy breaches and fraud vulnerabilities, penalties paid with commitments to improve data security practices – Vodafone Fine
  • The UK HMRC lost Β£47 million to scammers via phishing and false rebate claims, locking affected accounts and notifying taxpayers – HMRC Scam

Security Culture & Industry Trends

  • The UK NCSC released six core principles emphasizing human behavior and leadership to promote sustainable cybersecurity culture in organizations – NCSC Security Culture
  • Government CISOs warn legacy systems and complex regulations increase cyber risks, calling for enhanced resilience, AI trust, and cross-sector collaboration – Government CISOs Resilience
  • Cybersecurity M&A activity surged with 42 deals in May 2025, including major acquisitions by Check Point, Proofpoint, and Zscaler focusing on AI and cloud security capabilities – Cybersecurity M&A
  • MIND raised $30 million in Series A funding to expand its AI-powered data loss prevention platform used by Fortune 1000 firms – MIND Funding
  • Analysis highlights Business Value Assessment (BVA) as a framework to quantify cybersecurity impact in financial terms, helping security leaders better align with business goals – Cyber Value Assessment
  • The controversial $200 million acquisition of Corellium by Cellebrite, amid lawsuits and spyware associations, targets advanced mobile vulnerability and virtual device technologies – Cellebrite-Corellium Deal

Emerging Technologies & Defense Tools

  • Adversarial Exposure Validation (AEV) technology gains traction among security leaders by simulating realistic cyber-attacks for vulnerability detection and improved defense strategies – AEV Adoption
  • Organizations are urged to address data loss risks from widespread Shadow AI use by empowering users with visibility and contextual policies rather than blanket AI app blocks – Shadow AI Protection
  • Best practices for designing secure Windows services include minimizing attack surfaces, real-time threat monitoring, and resilient response mechanisms – Windows Security Design
  • Backdoored open-source malware repositories on GitHub target novice cybercriminals with complex delivery chains, part of a distribution-as-a-service network – GitHub Malware Backdoors

Cybersecurity News | Daily Recap – hendryadrian.com