Cybersecurity News | Daily Recap [16 Jul 2025]

hendryadrian.com

hendryadrian.com

Ransomware & Cybercrime Takedowns

• European and international law enforcement disrupted the pro-Russian hacktivist group NoName057(16), seizing servers and arresting suspects amid ongoing DDoS attacks on NATO-aligned countries. – NoName057(16) Dismantled, NoName057(16) Disruption
• Italian and international forces dismantled the Romanian Diskstation ransomware gang targeting nonprofits and companies via Synology NAS vulnerabilities, leading to multiple arrests including the gang leader. – Diskstation Gang Taken Down, Diskstation Police Operation
• The ransomware group Global targeted the Lorain County Auditor’s Office with data leaks, reflecting increased ransomware attacks on U.S. government entities. – Global Ransomware Leak
• DragonForce, a ransomware-as-a-service group, claimed responsibility for breaches at retail giants like Belk, using modular tactics linked to other cybercrime actors such as Scattered Spider. – DragonForce Breach
• Compumedics suffered a ransomware attack by the VanHelsing group, exposing data of over 318,000 patients and underscoring healthcare sector vulnerabilities. – Compumedics Breach
• United Natural Foods projected up to a $400 million sales impact after a June 2025 cyberattack disrupting operations but expects insurance to cover most losses. – UNFI Sales Hit
• A former U.S. Army soldier pleaded guilty to hacking major telecom firms including AT&T and Verizon, involved in data theft and extortion with up to 27 years prison time looming. – Soldier Guilty Plea, Telecom Hacker Guilty
• The darknet marketplace Abacus suddenly shut down amid exit scam suspicions after facilitating nearly $300 million in Bitcoin transactions, impacting illicit markets. – Abacus Exit Scam

SonicWall Malware Campaigns

• The threat actor group UNC6148 targeted fully patched SonicWall SMA 100 series appliances using the OVERSTEP backdoor and malware to steal credentials and persist undetected, raising concerns over edge device security. – Overstep Malware, SonicWall Backdoor, UNC6148 Campaign

Vulnerabilities & Security Updates

• Google released urgent Chrome updates fixing six vulnerabilities including actively exploited sandbox escape zero-day CVE-2025-6558, essential to prevent remote code execution attacks. – Chrome Zero-Day Fix, Urgent Chrome Update, Chrome Security Patch
• A high-severity WordPress Malcure plugin vulnerability CVE-2025-6043 allows remote file deletion and potential code execution, with no patch yet released, urging immediate plugin deactivation. – Malcure Vulnerability
• A critical vulnerability in Windows Server 2025’s delegated Managed Service Accounts (dMSA) allows persistent cross-domain attacks using predictable passwords and KDS root key abuse, risking enterprise control. – Windows dMSA Flaw
• Microsoft issued an emergency update (KB5064489) to fix Azure VM launch failures caused by kernel initialization errors post-July updates, ensuring cloud infrastructure stability. – Azure VM Emergency Patch
• Meta patched an AI chatbot bug that could have leaked user prompts and generated content, acknowledging the finding with a bounty and confirming no malicious exploitation. – Meta AI Bug Fix

Cyber Espionage & Nation-State Threats

• The Chinese state-sponsored Salt Typhoon hacking group infiltrated U.S. Army National Guard and Canadian telecom networks, stealing sensitive config files and credentials threatening critical infrastructure security. – Salt Typhoon Hacks, Intel Authorization Act
• Ukrainian aligned hackers successfully sabotaged Russian drone maker Gaskar Group, stealing sensitive data and disrupting production amid ongoing cyber conflict. – Ukraine Hacks Russian Drone
• The U.S. NSA and FBI thwarted Chinese Volt Typhoon cyber campaigns aiming to persist in critical infrastructure, forcing threat actors to change tactics through public attribution and defense efforts. – Volt Typhoon Countered
• North Korean threat actors deployed XORIndex malware via 67 malicious npm packages in an operation targeting developers to steal data and cryptocurrency assets. – XORIndex Malware Campaign

Emerging Technologies & Security Trends

• Cyber intelligence startup iCOUNTER launched with $30 million funding, focusing on AI-powered platforms to detect and respond rapidly to targeted cyber threats. – iCOUNTER Launch
• The UK’s NCSC expanded vulnerability research through its Vulnerability Research Initiative to improve national defenses by collaborating with external cybersecurity experts. – NCSC Vulnerability Initiative
• Generative AI in enterprises poses root-access risks requiring identity-first security and continuous device-aware controls to prevent AI-driven breaches. – AI Security Risks
• AI-driven social engineering attacks using deepfakes and cloned identities present growing threats demanding real-time detection to protect organizations from financial and reputational harm. – AI-Driven Attacks
• Google’s AI tool Big Sleep detected a critical SQLite vulnerability before exploit use, showcasing AI’s growing role in proactive cybersecurity defense. – Big Sleep AI Discovery
• Italian IoT security firm Exein raised €70 million ($81 million) to advance embedded device security and address emerging AI-related risks amid growing IoT threats. – Exein Funding

Malware & Threat Actor Updates

• New variant of Android malware Konfety employs advanced evasion techniques like APK manipulation to avoid detection while conducting ad fraud campaigns. – Konfety Malware Variant
• Open-source remote access Trojan AsyncRAT continues evolving with popular forks like DcRat and VenomRAT increasing capabilities and prevalence in cyberattacks. – AsyncRAT Evolution

Scams & Data Breaches

• UK pet owners face fake microchip renewal scams exploiting data management flaws, risking identity theft through personalized phishing emails. – Pet Microchip Scam
• Chicago-area school district notified 11,500+ people of a data breach compromising sensitive student records including SSNs and medical info, claimed by ransomware group RansomHub. – School District Breach

Cybersecurity News | Daily Recap – hendryadrian.com