Daily Recap, A critical Entra ID flaw allowed impersonation of Global Administrators across tenants and patches have been issued, while ransomware hit European airport check-in systems disrupting flights in multiple hubs. Threat actors, malware, and notable incidents span Turla/Gamaredon collaboration, BlockBlasters theft, GoAnywhere MFT zero-days, and CopyCop’s AI-driven disinformation expansion. #EntraID #TurlaGamaredon #BlockBlasters #GoAnywhereMFT #CopyCop
Identity & Access
- A critical Microsoft Entra ID flaw (CVE-2025-55241) involving legacy Actor tokens and the Azure AD Graph API allowed impersonation of Global Administrators across tenants and has been patched by Microsoft – Entra ID, Entra Patch, Entra Analysis
Aviation Disruptions
- A ransomware cyberattack on Collins Aerospace‘s MUSE check‑in systems disrupted operations at major European airports (Berlin, Brussels, Dublin, Heathrow), causing widespread delays and cancellations while investigations and manual mitigations continue – Airport Disruptions, Airport Disruptions, Airport Disruptions, Airport Disruptions, Airport Disruptions, Airport Disruptions
Vulnerabilities & Incidents
- Fortra released patches for a critical remote‑command execution flaw in GoAnywhere MFT (high risk to exposed systems) — GoAnywhere Patch
- SonicWall urged customers to reset all credentials after accidentally exposing configuration backup files containing sensitive data, warning of immediate account compromise risk – SonicWall Reset
Threat Actors & Malware
- ESET links Russian groups Turla and Gamaredon in collaborative operations where Gamaredon enables Turla to deploy and restart the Kazuar backdoor against high‑value targets in Ukraine – Turla/Gamaredon
- A verified Steam game, BlockBlasters, was used to distribute malware that stole over $150,000 in cryptocurrency from hundreds of users, underscoring risks to streamers and crypto‑rich accounts – BlockBlasters Theft
Research & Exploits
- Researchers demonstrated combining L1TF and half‑Spectre transient‑execution techniques to leak VM data in public clouds and were awarded $150,000, calling for stronger cloud mitigations – L1TF Research
- Weekly threat research roundup highlights widespread disclosures, supply‑chain attacks, a self‑replicating npm worm (Shai‑Hulud), and cross‑platform loader, adware, and credential‑stealing campaigns — useful telemetry for defenders – Threat Recap
AI & Identity
- Toronto startup Mycroft raised $3.5 million to build an AI‑powered security and compliance platform for startups and SMBs focused on automating cybersecurity and IT operations – Mycroft Funding
- Guidance warns that unmanaged non‑human identities (service accounts and AI agents) with broad permissions increase attack surface and recommends a unified identity security fabric to discover, govern, and automate control of these identities – AI Agents
Product Issues & Updates
- Microsoft acknowledged a bug in recent updates affecting Windows 11 24H2 that breaks DRM‑protected video and live TV playback and plans a fix in upcoming updates – Windows DRM
Disinformation & Influence
- Report shows Russian influence network CopyCop expanding use of LLMs (including Llama3) and AI‑generated media to scale disinformation and destabilize support for Ukraine across multiple countries – CopyCop Expansion