![Cybersecurity News | Daily Recap [22 Jul 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [22 Jul 2025]")
Recent cybersecurity updates highlight active exploitation of Cisco ISE RCE vulnerabilities, Chinese-linked ToolShell zero-day attacks on SharePoint, and new patches for Helmholz routers and CrushFTP. Major incidents include the collapse of KNP Logistics after an Akira ransomware attack, Dior data breach, and internal theft at CoinDCX, along with state-sponsored espionage by APT41 and Iran-linked DCHSpy malware. These events underscore the ongoing importance of patching, strong passwords, and threat awareness. #CiscoISE #ToolShell #AkiraRansomware #DiorDataBreach #APT41 #DCHSpy
Vulnerabilities & Exploits
- Cisco warns that critical ISE remote code execution flaws are actively exploited in the wild, urging immediate patching to prevent unauthorized network access β Cisco: ISE RCE, Cisco Active Exploits
- Microsoft SharePoint zero-day ToolShell vulnerability exploited by China-linked actors to execute remote code in high-value targets despite patches β ToolShell Attacks, ToolShell Zero-Day
- Multiple severe flaws patched in Helmholz REX 100 industrial routers, previously exposed to remote code execution and hacking risks worldwide β Helmholz Router Flaws
- File transfer software CrushFTP zero-day exploit actively targeted older versions, with over 1,000 unpatched instances potentially vulnerable to data breaches β CrushFTP Zero-Day
- Microsoftβs Windows Server update KB5062557 causes cluster service and VM restart issues, with mitigations advised pending a permanent fix β Windows Server Bug
- ExpressVPN patched a vulnerability where debug code allowed RDP traffic to bypass the VPN tunnel, leaking user IPs, especially for enterprise Remote Desktop sessions β ExpressVPN Leak Fix, ExpressVPN IP Leak
- Veeam Recovery Orchestrator users experienced lockouts and login issues due to an MFA rollout bug, fixed in the latest update β Veeam MFA Bug
Cyberattacks & Data Breaches
- A historic UK logistics firm KNP Logistics collapsed after an Akira ransomware attack exploiting a single weak password, underscoring the importance of strong cyber hygiene β KNP Logistics Collapse
- Dior suffered a data breach exposing customer personal information and is offering free credit monitoring while investigating β Dior Data Breach
- CoinDCX, an Indian crypto exchange, lost over $44 million from reserves due to an internal breach; the firm is tracing stolen assets and offering bounties β CoinDCX Theft
- Ring denies a breach after suspicious login reports traced to a backend update bug, although user concerns remain β Ring Login Bug
- A hacker breached Dellβs demo platform but leaked data was fake, involving a demo environment without sensitive customer info β Dell Leaked Data, Dell Demo Breach
State-Linked Cyber Operations
- APT41, linked to China, launched an advanced cyberespionage campaign against African government IT systems using living-off-the-land techniques and custom malware β APT41 in Africa, APT41 Espionage Campaign
- UK sanctions target Russian military intelligence units behind cyberattacks, espionage, and assassination operations impacting Ukraine, NATO, and others β UK Sanctions Russian Hackers
- Iran-linked DCHSpy Android malware, masquerading as VPN apps, spies on dissidents and activists worldwide using advanced data exfiltration and remote control β DCHSpy WhatsApp Espionage, DCHSpy Android Malware
Ransomware & Cybercrime Operations
- The UK government plans to ban ransom payments by public sector and critical infrastructure organizations and enforce mandatory ransomware incident reporting to disrupt extortion groups β UK Ransom Payment Ban, UK Ransomware Reporting
- Mexican threat actors, including Greedy Sponge, use malware like AllaKore RAT and SystemBC in phishing campaigns to steal credentials and establish remote access for financial fraud β Mexican Malware Surge
- Russian researchers dismantled over 110 domains of the cybercriminal group NyashTeam, disrupting their malware-as-a-service operations targeting Russian users β NyashTeam Takedown
- Hungarian police arrested a suspect behind politically motivated DDoS attacks against independent media critical of the government β Hungary Media DDoS Arrest
Industry Updates & Guidance
- Darktrace acquired Mira Security to bolster AI-driven detection for encrypted network traffic in regulated sectors β Darktrace Acquires Mira
- Intel officially ended the Clear Linux OS project after 10 years, archiving repositories and advising users to migrate for continued security β Intel Ends Clear Linux
- A guide outlines steps for SOC managers to advance to CISO roles by developing leadership, communication, and strategic business skills β SOC to CISO Guide
Phishing & Authentication
- A phishing campaign bypasses FIDO key authentication by exploiting cross-device sign-in via QR code trickery, risking account compromise without key vulnerabilities β FIDO Key Phishing