Cybersecurity News | Daily Recap [17 Jul 2025]

hendryadrian.com

hendryadrian.com

Critical Vulnerabilities & Patching

• A critical Cisco ISE flaw (CVE-2025-20337) allows unauthenticated root code execution, prompting urgent patches across all affected versions – Cisco ISE Bug, Cisco ISE Flaw, Cisco ISE Patch
• Multiple critical VMware vulnerabilities disclosed and patched after earning hackers $340,000 at Pwn2Own Berlin 2025, preventing arbitrary code execution and memory leaks – VMware Patch
• Oracle released 309 security updates addressing over 200 flaws across products like MySQL and Java SE, urging immediate application to mitigate risks – Oracle CPU July 2025
• Fortinet FortiWeb devices were compromised via public exploits of the recently patched CVE-2025-25257 RCE flaw, emphasizing need for timely patching – Fortinet Exploits

Ransomware & Cybercrime Operations

• U.S. authorities charged and extradited Armenian national Karen Serobovich Vardanyan for his involvement in a $15M Ryuk ransomware campaign impacting global victims, highlighting intensified global law enforcement efforts – Ryuk Charges, Ryuk Extradition, Ryuk Operator Extradited
• Pro-Russian hacktivist group NoName057(16) responsible for DDoS attacks against Ukraine was dismantled in an international Europol-led operation resulting in arrests and server seizures – NoName057(16) Disrupted, Europol Operation, Police Takedown
• The United Australia Party confirmed a major ransomware attack causing a significant data breach, raising urgent national security and privacy concerns – UAP Ransomware
• A former U.S. Army soldier pleaded guilty to a $1M cyber extortion scheme targeting telecom firms via hacking and SIM swaps, illustrating the threat of insider and military-affiliated cybercriminals – Cyber Extortion Case, Army Soldier Guilty Plea
• New Overstep rootkit backdoor used by threat group UNC6148 to compromise SonicWall SMA devices, enabling credential theft and possible ransomware deployment – SonicWall Overstep, SonicWall Campaign, Google SonicWall Warning

Data Breaches & Privacy Incidents

• Data breaches continue affecting millions, with Co-op exposing 6.5 million members’ data linked to ransomware group DragonForce and threat actors including Scattered Spider – Co-op Attack, Co-op Data Stolen
• Episource healthcare breach exposed personal and health data of over 5.4 million, highlighting critical risks in third-party healthcare providers – Episource Breach
• Retailer Belk suffered a major data breach attributed to hacker group DragonForce, prompting legal investigations – Belk Data Breach
• Louis Vuitton disclosed regional data breaches across UK, South Korea, and Turkey tied to ShinyHunters, though payment data remained secure – Louis Vuitton Breaches
• A publicly exposed adoption agency database revealed sensitive information of children and parents linked to Gladney Center, underscoring ongoing data misconfigurations – Adoption Data Exposure

Malware & Attack Techniques

• The new Android malware BADBOX 2.0 is preinstalled on over 1 million low-cost IoT devices worldwide, forming a botnet used for click fraud and credential stuffing – BADBOX 2.0
• Advanced Matanbuchus 3.0 malware leverages Microsoft Teams to stealthily deploy ransomware and Cobalt Strike, showcasing evolving attacker tactics in enterprise collaboration platforms – Matanbuchus 3.0
• Chinese state-sponsored hackers increasingly target Taiwan’s semiconductor sector using spear phishing and custom backdoors for cyber espionage – Taiwan Semiconductor Attacks
• Lookout researched Massistant, a mobile forensics tool from Chinese law enforcement designed to extract data from physically accessed devices, successor to MFSocket from sanctioned firm Xiamen Meiya Pico – Massistant Tool

Crypto & Financial Cybercrime

• $2.17 billion in cryptocurrency was stolen in H1 2025, dominated by North Korea-linked hackers responsible for breaches like the $1.5 billion Bybit hack, with rising physical thefts and wallet compromises – Crypto Theft Report

Geopolitical & Legal Developments

• A prominent Moscow university introduced a degree specializing in sanctions evasion and cyber capabilities amid growing geopolitical tensions and Western sanctions against Russia – Russian Sanctions Program
• The FCC plans to ban Chinese technology from U.S. undersea internet cables, targeting espionage risks on critical global communications infrastructure – FCC China Tech Ban
• Thailand targeted Cambodian tycoon Kok An for cyber scam ties amid border disputes, illustrating ongoing transnational cybercrime and regional tensions – Thailand Raids Tycoon
• Cambodia arrested over 1,000 suspects in a crackdown on cybercrime and online scams linked to foreign criminal groups, reflecting intensified regional law enforcement cooperation – Cambodia Cybercrime Crackdown
• A high-profile $8 billion class action lawsuit opened against Meta CEO Mark Zuckerberg and other leaders over Facebook’s 2018 Cambridge Analytica scandal and data privacy violations – Meta Privacy Trial

Cybersecurity Strategy & Industry Moves

• Security leaders are urged to adopt combined approaches of CTEM, Attack Surface Management, and Vulnerability Management to maintain continuous threat visibility in 2025 – CTEM vs ASM vs VM
• Empirical Security secured $12 million seed funding to launch an AI-driven vulnerability management platform offering customized protection models – Empirical Security Funding

Operational & Infrastructure Events

• Cloudflare confirmed its recent global 1.1.1.1 DNS outage was caused by an internal misconfiguration during routine updates, not cyberattack or BGP hijack – Cloudflare Outage

Cybersecurity News | Daily Recap – hendryadrian.com