![Cybersecurity News | Daily Recap [09 Jul 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [09 Jul 2025]")
Microsoftโs July 2025 Patch Tuesday addressed 137 vulnerabilities, including a zero-day in SQL Server and critical flaws in Windows, Office, and SharePoint, prompting urgent updates. Cyber espionage efforts include the arrest of Chinese hacker Xu Zewei linked to Silk Typhoon and Hafnium, alongside sanctions on North Korean and Russian threat actors like Andariel and Lazarus. Recent malware threats feature Iranian ransomware Pay2Key.I2P, data breaches at Nova Scotia Power and IES Communications, and a surge in Android banking malware such as Anatsa Trojan. Notable vulnerabilities include flaws in Nippon Steel Solutionsโ network equipment and ServiceNow, while security enhancements focus on Galaxy devicesโ Knox protection and automation via Tines. Threat techniques involve fake news sites impersonating major outlets and AI-powered deepfake impersonations of US officials. #SQLServerZeroDay #Hafnium #Lazarus #Pay2KeyI2P #AnatsaTrojan
Microsoft Updates
- Microsoft July 2025 Patch Tuesday fixes 137 vulnerabilities, including a zero-day in SQL Server and critical flaws in Windows, Office, and SharePoint, prompting urgent security updates and new detection rules. โ Microsoft Patch Tuesday July, Microsoft Patch Tuesday, Microsoft Patches 130 Vulns
- Additional critical security updates released for Windows 10 and Windows 11, including fixes for zero-days and improvements to stability and features. โ Windows 10 Update, Windows 11 Updates
- Adobe patches 58 vulnerabilities across multiple products including ColdFusion and AEM Forms, urging immediate updates to prevent exploitation. โ Adobe Vulnerability Patch
Cyber Espionage and Hackers Arrested
- Chinese hacker Xu Zewei, linked to state-sponsored group Silk Typhoon and Hafnium, was arrested in Italy for cyberattacks on US COVID-19 research and government targets. โ Chinese Hacker Arrest, Chinese National Arrested, Chinese Hacker Arrest Italy
- North Korean cyber actors and Russia-linked companies involved in illicit IT worker schemes funding DPRKโs weapons programs face fresh US sanctions targeting the Andariel sub-group of Lazarus. โ Treasury Sanctions North Korea, US Sanctions Andariel Hacker, North Korean IT Worker Sanctions, Treasury Sanctions Key Player
Ransomware and Malware Threats
- Iranian ransomware group Pay2Key.I2P resurfaces, targeting the US and Israel with updated malware, promising higher payouts to affiliates amid rising geopolitical tensions. โ Iranian Ransomware Resurfaces, Iranian Ransomware Payouts
- Major data breaches continue as Canadian utility Nova Scotia Power suffers a ransomware attack disrupting power meter communications and exposing thousands of customersโ data. โ Canadian Utility Cyberattack
- UK retailer M&S confirms a social engineering campaign led to a DragonForce ransomware breach involving data theft and possible ransom negotiations. โ M&S Ransomware Attack
- Legitimate penetration testing tool Shellter is exploited by threat actors distributing Lumma Stealer, SectopRAT, and other malware, complicating detection and defense. โ Shellter Tool Abuse, Shellter in Malware Attacks
- New Android malware campaign using Anatsa Trojan targets North American banks with fake apps on Google Play exceeding 90,000 infections, employing overlays and credential theft. โ Anatsa Banking Trojan, Android Malware Anatsa
- TapTrap, a novel Android tapjacking attack, bypasses permission controls using invisible UI tricks on Android 15/16, highlighting persistent OS vulnerabilities. โ TapTrap Android Attack
Data Breaches and Vulnerabilities
- Japanese firm Nippon Steel Solutions admits a data breach via a zero-day in network equipment, potentially exposing customer and employee data though no leak is confirmed on the dark web. โ Nippon Steel Zero-Day Breach
- IT contractor IES Communications notifies over 6,200 employees after a ransomware attack by Chaos exposed sensitive SSNs and payroll data. โ IES Communications Data Breach
- Critical vulnerabilities remain unpatched in Ruckus Wireless products, allowing remote code execution and admin access risking managed networks in hospitals and smart cities. โ Ruckus Vulnerabilities
- ServiceNow flaw dubbed Count(er) Strike enables low-privileged users to enumerate sensitive data by exploiting misconfigured ACLs, urging organizations to review permissions. โ ServiceNow Data Leak
Security Enhancements and Automation
- Samsung announces major security improvements in Galaxy devices with One UI 8, including Knox Enhanced Encrypted Protection and quantum-resistant WiFi for enhanced data and connectivity security. โ Samsung Security Enhancements, Samsung One UI 8 Features
- Tinesโ pre-built automation workflows streamline incident response by integrating CrowdStrike, PagerDuty, and others to automate ticket creation, device ID, and threat triage for faster remediation. โ Automate Security Workflow
- Traditional MFA methods prone to phishing are being replaced by hardware-based, phishing-resistant biometric solutions like Token Ring and Token BioStick, increasing authentication security. โ MFA Security Issues
- Agentic AI introduces new cybersecurity automation benefits but also creates complex attack surfaces requiring careful oversight to mitigate emerging risks. โ Agentic AI Threat Surface
Cybercrime Techniques and Threats
- Fake news websites impersonating CNN, BBC, and CNBC are used globally, especially in the Middle East, to spread fraudulent cryptocurrency investment scams. โ Fake News Scam Sites
- AI-powered impersonation threats target US and foreign officials with deepfake messages posing as Secretary of State Marco Rubio, raising concerns over trust and information security. โ AI Impersonation Attack