![Cybersecurity News | Daily Recap [11 Jul 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [11 Jul 2025]")
Recent cybersecurity developments include arrests linked to the Scattered Spider and DragonForce ransomware groups, highlighting significant retail sector impacts and thwarted ransomware attempts. Notable vulnerabilities such as Wing FTP Server CVE-2025-47812 and Citrix NetScaler CVE-2025-5777 continue to be exploited, emphasizing the need for urgent updates. #ScatteredSpider #DragonForce #WingFTP #CVE2025-47812 #CVE2025-5777
Ransomware & Cybercrime Groups
- Four suspects linked to Scattered Spider and DragonForce ransomware were arrested in the UK for cyberattacks on major retailers including M&S, Co-op, and Harrods, with losses up to Β£440 million. β UK Retail Arrests, UK Retail Arrests
- The Scattered Spider group exploited Exchange Administrator accounts to target inboxes but were foiled from deploying ransomware; also suspected in a Qantas breach exposing data of 5.7 million customers. β Scattered Spider Attack, Qantas Breach
- Russian basketball player Daniil Kasatkin was arrested in France for alleged involvement as a negotiator in ransomware attacks linked to gangs targeting over 900 entities, denying technical involvement. β Kasatkin Arrest, Kasatkin Arrest
- Ingram Micro restored all systems after a ransomware attack attributed to the SafePlay group, though data exfiltration details remain undisclosed. β Ingram Micro Recovery
Vulnerabilities & Exploits
- Critical Wing FTP Server vulnerability (CVE-2025-47812) enabling remote code execution via null byte injection is actively exploited; users urged to update to version 7.4.4 or later. β Wing FTP Exploit, Wing FTP Exploit
- CISA added Citrix NetScaler CVE-2025-5777 to its KEV catalog following active exploits that risk memory overread and unauthorized access in enterprises. β Citrix NetScaler CVE
- New critical PerfektBlue Bluetooth protocol flaws impact vehicles from Mercedes, Volkswagen, and Skoda, allowing remote code execution with minimal user interaction. β PerfektBlue Flaws, PerfektBlue Flaws
- A critical remote code execution vulnerability affects the open-source mcp-remote project (437,000+ downloads), urging immediate updates to avoid compromise. β mcp-remote RCE
- Vulnerabilities in Asus Armoury Crate and Adobe Acrobat Reader disclosed and patched by Cisco Talos; users should update promptly. β Asus & Adobe Patches
Malware & APT Activity
- North Korean espionage group DoNot APT expands to Europe targeting foreign ministries with LoptikMod malware via Google Drive phishing campaigns. β DoNot APT Expansion
- macOS malware ZuRu evolves with enhanced capabilities amid rising global cyber espionage risks including exposed secrets in Docker images and AMD CPU flaws. β ZuRu & AMD Flaws
- Fake gaming, AI, and Web3 firms deploy malware such as Realst and Atomic Stealer targeting cryptocurrency users on Telegram and Discord through social engineering scams. β Crypto Malware Campaign
Data Breaches & Privacy
- The Pierce County Library System notified over 336,000 individuals of a ransomware-driven data breach claiming nearly 2 TB of stolen data by the Inc gang. β Pierce County Breach
- McDonaldβs recruitment chatbot McHire exposed personal data of more than 64 million job applicants due to security flaws promptly patched by Paradox.ai and McDonaldβs. β McHire Data Leak
- Qantas airline suffered a data breach affecting 5.7 million customersβ personal info, with the Scattered Spider group suspected but breached data insufficient for account access. β Qantas Data Breach
- Investigation continues into claims former Mexican president Enrique PeΓ±a Nieto received bribes connected to the spyware industry, including Pegasus exploits. β Mexican Spyware Probe
- Californiaβs Privacy Protection Agency, led by Tom Kemp, pushes for stronger data privacy regulations focusing on data brokers and the Delete Act enforcement. β California Privacy Update
AI & Security Governance
- The EU introduced a voluntary AI code of practice to help businesses comply with the upcoming AI Act by promoting transparency, safety, and copyright protections. β EU AI Code
- As generative AI integrates deeper into SaaS platforms, security leaders emphasize the need for robust AI governance to manage risks including data leaks and regulatory violations. β AI Governance for SaaS
- The 2025 Data Risk Report underlines vulnerabilities from AI-driven tools and cloud services, urging unified AI-powered data security strategies to protect enterprise data. β Securing Data in AI Era
Hardware & System Security
- Researchers demonstrated a Rowhammer attack on Nvidia GPUs using GDDR6 memory, exposing risks to machine learning systems and stressing need for ECC mitigations. β Rowhammer on Nvidia GPU
- Microsoft updated Windows 11 to use the more secure JScript9Legacy engine in version 24H2 to prevent web-based threats like cross-site scripting without user action. β Windows 11 Security Update
- Vulnerabilities in eSIM and eUICC chips related to Java Card technology could enable cloning and spying, posing privacy risks especially for mobile operators and IoT devices. β eSIM Vulnerabilities
Investment & Industry Initiatives
- Cyberstarts launched a $300 million Employee Liquidity Fund to help startup employees cash out vested shares and boost talent retention across the cybersecurity ecosystem. β Cyberstarts Liquidity Fund