Cybersecurity News | Daily Recap [18 Jun 2025]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Patching

• Citrix patched four critical vulnerabilities in NetScaler ADC, Gateway, Secure Access Client, and Workspace app, urging users to update promptly to avoid exploitation. – Citrix Patch
• Veeam and BeyondTrust released patches for multiple critical remote code execution flaws (including CVE-2025-23121), which have been actively exploited by ransomware gangs like Frag and Akira. – Veeam RCE, Veeam & BeyondTrust Fixes
• BeyondTrust fixed a pre-authentication server-side template injection vulnerability used by China-linked hackers targeting U.S. government agencies. – BeyondTrust RCE
• Sitecore Experience Platform exploited via a multi-step chain starting with a hardcoded password allows unauthenticated remote code execution across thousands of enterprises. – Sitecore Exploit

Linux Kernel Vulnerabilities

• CISA warns of active exploitation of the high-severity Linux kernel privilege escalation flaw CVE-2023-0386 affecting kernels below 6.2, with multiple PoC exploits in the wild. – CISA Linux Warning, Linux Exploited, CISA KEV Alert
• Two new Linux vulnerabilities (CVE-2025-6018, CVE-2025-6019) allow chained attacks for full root access, urging immediate patching due to wide deployment of udisks. – Linux Root Flaws, Linux Security Update

Gaming Malware

• The Stargazers Ghost Network is infecting over 1,500 Minecraft players by distributing multi-stage Java malware disguised as mods and cheats on GitHub, stealing credentials, tokens, and crypto wallets. – Minecraft Malware, Stargazers Campaign
• Water Curse group uses 76 hijacked GitHub accounts to deploy sophisticated multi-stage malware aimed at supply chain attacks and credential theft. – Water Curse Malware
• A new ClickFix malware variant, LightPerlGirl, targets travel website visitors with in-memory execution delivering the Lumma infostealer stealthily. – LightPerlGirl Malware

Cyber Conflict & Nation-State Activity

• The Israel-Iran conflict has spurred widespread cyber operations including DDoS, website defacement, ransomware, and malware campaigns by hacktivist and nation-state actors, impacting regional stability. – Israel-Iran Cyberconflict
• Iran curbed internet access to counter ongoing cyberattacks attributed to pro-Israel hackers targeting banking and crypto sectors amid escalating tensions. – Iran Internet Shutdown
• Pro-Israel group Predatory Sparrow claimed breach of Iran’s Bank Sepah, disrupting services and escalating cyber warfare in the region. – Bank Sepah Attack
• North Korean APT group Kimsuky uses HWP documents and concealed AnyDesk backdoors to conduct covert remote surveillance masquerading as academic collaborations. – Kimsuky Campaign
• Silver Fox APT targets Taiwan with phishing delivering Gh0stCringe and HoldingHands RAT malware via complex multi-stage infections. – Silver Fox APT
• Russia detects domestic use of NFC-based SuperCard malware for banking data skimming and fraudulent fund transfers, highlighting new financial threats. – SuperCard Malware
• Ex-CIA analyst sentenced to 37 months for leaking top secret Iran-related defense documents, underlining insider threats linked to national security. – CIA Analyst Sentence

Cybercrime & Phishing

• Scattered Spider hackers shift focus from retail to the insurance industry in the U.S., targeting help desks with sophisticated social engineering and ransomware attacks. – Scattered Spider Insurance, Google Warning, Insurance Alert
• ChainLink Phishing attacks exploit trusted domains and browser vulnerabilities to bypass defenses via chained legitimate platforms, increasing stealth in phishing campaigns. – ChainLink Phishing
• Instagram AI deepfake ads impersonate Canadian banks like BMO and EQ Bank to scam users with phishing and investment fraud, prompting platform investigations. – Instagram Deepfake Scam
• Google Chrome zero-day CVE-2025-2783 exploited by TaxOff group to deploy the Trinper backdoor targeting Russian organizations via phishing campaigns. – Chrome Zero-Day
• Paddle.com settles for $5 million with the FTC over enabling tech-support scams that disproportionately harmed older consumers using services from Restoro, Reimage, and PC Vark. – Paddle Scam Settlement
• Scania confirms insurance claim data breach and extortion attempts after attackers accessed and leaked documents using stolen credentials. – Scania Data Breach
• LangChain’s LangSmith platform had a critical bug exposing OpenAI API keys and user data, raising concerns over malicious AI agents and prompting immediate patching. – LangSmith Bug

Data Breaches & Privacy

• A data breach at healthcare SaaS firm Episource exposed confidential health data of over 5.4 million U.S. patients, though no financial information was compromised. – Episource Breach, Episource Data Breach
• The UK Information Commissioner fined 23andMe over £2.31 million for cybersecurity failures leading to a major genetic data breach caused by credential stuffing attacks. – 23andMe Fine, 23andMe ICO Penalty
• A man accused of a Minnesota double murder had a list of 11 data broker websites, highlighting risks of personal data misuse in violent crimes. – Data Brokers & Crime
• Asana’s Model Context Protocol AI feature exposed customer data to other organizations due to a logic flaw affecting about 1,000 customers, showing risks in AI integrations. – Asana Data Exposure

AI & Cybersecurity

• Industry experts emphasize the need to bridge gaps between legacy cybersecurity tools and emerging AI threats by combining AI-specific defenses with human awareness strategies. – Mitigating AI Threats
• OpenAI secured a $200 million contract with the U.S. Department of Defense to enhance AI-driven cyber defense and operational capabilities. – OpenAI DoD Contract

Geopolitical Cyberattacks

• Pro-Cambodian hacktivists launched DDoS and defacement attacks on Thai government and private sites amid border disputes, escalating regional digital tensions. – Cambodia-Thailand Cyberattacks

Cybersecurity News | Daily Recap – hendryadrian.com