![Cybersecurity News | Daily Recap [16 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [16 Aug 2025]")
Cybersecurity experts highlight ongoing threats from nation-state APTs like UAT-7237, which breached Taiwanese web servers using persistent methods. Major malware activities include the leak of ERMAC v3.0 source code and Russian exploitation of Windows CVE-2025-26633 by EncryptHub, emphasizing evolving cyberattack techniques. #ERMAC #UAT7237
Events
- Virtual conference CodeSecCon 2025 spotlights defenses for modern apps against evolving threats like AI-powered attacks and supply chain risks β CodeSecCon 2025
Malware & Exploits
- Leaked source code reveals the full infrastructure of the Android banking trojan ERMAC v3.0, which targets over 700 apps and offers defenders insight into its capabilities β ERMAC Leak
- Russian group EncryptHub abuses Windows flaw CVE-2025-26633 and social-engineering (fake Teams requests) to deliver backdoors and the Fickle Stealer, blending malicious traffic with normal communications β EncryptHub Exploit
Ransomware
- Ransomware activity climbs as group Qilin remains the top threat in July (its third win in four months), increasingly targeting critical infrastructure and supply chains β Qilin Rise
- The Blue Locker ransomware campaign is targeting Pakistanβs oil & gas sector and government ministries, prompting a National CERT advisory and vendor analysis β Blue Locker
Microsoft Zero-day & High-profile Breaches
- Attackers exploited a Microsoft vulnerability (CVE-2025-53770) to breach Canadaβs House of Commons, exposing employee and device information and highlighting risks to national institutions β Canada Breach
- UK telecom Colt suffered multi-day outages after a cyberattack claimed by the WarLock gang, with alleged data theft and sale and reports tying the incident to a Microsoft SharePoint zero-day (CVE-2025-53770) β Colt Outage, Colt Outage, Colt Outage
APT & Nation-State Activity
- Chinese-speaking APT UAT-7237 breached Taiwan web servers using customized open-source tools, web shells and persistence methods (e.g., RDP, SoftEther VPN) to maintain long-term access β UAT-7237 Attack
Fraud & Money Laundering
- Criminals in Southeast Asia increasingly use βghost-tappingβ, mobile malware and Telegram marketplaces to launder proceeds from retail fraud and stolen payment card data, expanding the regional cybercrime ecosystem β Ghost-Tapping Fraud