Cybersecurity News | Daily Recap [17 Jun 2025]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Exploits

• Microsoft released an emergency update to fix Secure Boot Violation startup failures on Surface Hub v1 devices without affecting newer models – Surface Hub Patch
• Multiple vulnerabilities are actively exploited, including a critical ASUS Armoury Crate flaw allowing full system compromise and privilege escalation (CVE-2025-3464), and continued attacks on Zyxel firewall flaws possibly tied to the Mirai botnet – ASUS Armoury Crate, Zyxel Firewall
• Discontinued TP-Link routers with a two-year-old vulnerability (CVE-2023-33538) are under active exploitation, prompting CISA warnings to decommission affected models – TP-Link Exploits
• Advanced Team46 (TaxOff) APT group exploits a zero-day in Google Chrome (CVE-2025-2783) to deliver complex phishing campaigns with multi-layered malware loaders – Team46 Chrome Zero-Day

Data Breaches & Cybercrime

• Cock.li webmail suffered a data breach exposing over 1 million user records via legacy Roundcube vulnerabilities – Cock.li Breach
• Freedman HealthCare targeted by extortionists claiming theft of sensitive US healthcare data potentially impacting millions – Freedman HealthCare Extortion
• Zoomcar disclosed unauthorized access impacting 8.4 million users, though no financial data was compromised – Zoomcar Breach
• Washington Post journalists’ email accounts were hacked, likely by a foreign government, exposing targets covering national security and China topics – Washington Post Hack
• The US seized $7.74 million in cryptocurrency tied to North Korean cyber laundering networks using fake IT worker schemes to fund weapons programs – US Crypto Seizure

Ransomware & Malware

• New Anubis ransomware combines file encryption with data wiping to prevent recovery, operating as ransomware-as-a-service globally – Anubis Ransomware
• Weekly threat recap highlights ongoing ransomware activities from groups like Arkana, LockBit, and malware campaigns including DCRat and GrayAlpha with diverse infection vectors – Weekly Threat Recap
• A hidden malicious Windows executable was discovered concealed inside a JPEG image using steganography and Base64 obfuscation techniques, illustrating sophisticated payload delivery methods – Steganography Malware

Cybersecurity Industry & Innovation

• Australian startup Circumvent raised $6 million to develop AI-driven autonomous cloud security management platforms, enhancing DevSecOps workflows – Circumvent Funding
• Meta began rolling out privacy-focused ads on WhatsApp Status while maintaining end-to-end encryption and not using personal messages for ad targeting – Meta WhatsApp Ads
• Kali Linux 2025.2 launched with 13 new security tools, car hacking updates, and interface improvements aligned with the MITRE ATT&CK framework – Kali Linux Release
• A nonprofit led by 23andMe’s former CEO Anne Wojcicki won a $305 million bankruptcy auction to acquire the company, raising concerns about genetic data privacy – 23andMe Acquisition
• The US DOJ reviews Google’s $32 billion deal to acquire cloud security vendor Wiz, examining potential antitrust impacts on the cybersecurity market – Google Wiz Antitrust

Threat Actor Activity

• Scattered Spider threat actors have shifted to targeting US insurance companies with advanced social engineering and ransomware tactics, expanding from prior retail sector focus – Scattered Spider Targets Insurance
• The US government offers up to $10 million reward for information on Iranian-linked hackers using IOControl malware to target critical infrastructure amid growing Middle East tensions – US Reward for Iranian Hackers

Cybersecurity News | Daily Recap – hendryadrian.com