![Cybersecurity News | Daily Recap [23 May 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [23 May 2025]")
This cybersecurity recap highlights law enforcement operations that dismantled major ransomware networks like QakBot, TrickBot, and DanaBot, seizing servers and assets worldwide. It also covers notable exploits, such as Chinese hackers targeting U.S. government agencies with zero-day vulnerabilities, along with emerging malware campaigns using AI-generated content and social engineering tactics. #QakBot #DanaBot
Ransomware & Cybercrime Takedowns
- The FBI warns that theĀ Silent Ransom GroupĀ (akaĀ Luna Moth) targets U.S. law firms via social engineering to demand ransoms up toĀ $8 millionĀ without encrypting systems āĀ Luna Moth Attacks
- Law enforcement operations dismantled ransomware networks seizingĀ 300 servers,Ā ā¬3.5M, and arrested dozens targeting malware likeĀ QakBot,Ā TrickBot, andĀ DanaBotĀ in a global crackdown āĀ Ransomware Crackdown,Ā DanaBot Disrupted,Ā Server Seizure
- The U.S. indicted Russian nationalĀ Rustam GallyamovĀ for leading theĀ QakBotĀ botnet used in global ransomware attacks, linked to seizures of overĀ $24 millionĀ in cryptocurrency āĀ QakBot Indictment,Ā QakBot Charges,Ā QakBot DOJ Charges
Malware & Exploits
- Cybercriminals exploit TikTokās viral AI-generated videos to spread infostealer malwareĀ VidarĀ andĀ StealC, delivering PowerShell commands that steal credentials and crypto wallets āĀ TikTok Malware,Ā TikTok Infostealer
- The threat actorĀ ViciousTrapĀ leverages a critical Cisco vulnerability (CVE-2023-20118) to compromise overĀ 5,300Ā devices globally, turning them into honeypots to intercept networks, with heavy infections inĀ MacauĀ āĀ ViciousTrap Cisco Flaw
- FakeĀ LedgerĀ apps on macOS deceive users to steal cryptocurrency seed phrases using sophisticated malware likeĀ OdysseyĀ andĀ AMOS, exposing wallets to theft āĀ Fake Ledger Apps
- A Chinese-linked group exploits a zero-day inĀ Trimble CityworksĀ (CVE-2025-0994) to infiltrate U.S. local governments with malware and webshells, maintaining persistent access āĀ Cityworks Zero-Day,Ā Cityworks Attacks,Ā Cityworks Exploitation
- A newly discovered Linux kernel zero-day (CVE-2025-37899) in SMB was found by OpenAIās language model o3, showcasing AIās growing role in vulnerability research āĀ Linux SMB Zero-Day
- The AI assistantĀ GitLab DuoĀ suffers from a prompt injection vulnerability that allows attackers to hijack AI responses, risking source code theft and malicious HTML injections āĀ GitLab Duo Flaw
- Chinese espionage actors exploitĀ Ivanti Endpoint Manager MobileĀ vulnerabilities to target enterprises across Europe and North America, focusing on data theft and device control āĀ Ivanti Exploits
- Akamai and Microsoft diverge over the severity of the unpatchedĀ BadSuccessorĀ privilege escalation flaw in Windows Server 2025, with Akamai warning of critical risks in Active Directory āĀ BadSuccessor Flaw
- The decentralized crypto platformĀ Cetus ProtocolĀ suffered a massiveĀ $223MĀ hack on theĀ Sui blockchain, triggering contract locks and fund recovery efforts āĀ Cetus Protocol Hack,Ā Cetus Crypto Theft
Corporate Breaches & Vulnerabilities
- Coca-Cola and its bottling partner suffered ransomware and data breaches attributed to theĀ EverestĀ andĀ GehennaĀ hacking groups, exposing sensitive employee and customer data āĀ Coca-Cola Breaches
- Companies are warned of active exploitation of a Commvault SaaS zero-day vulnerability (CVE-2025-3928) targeting Azure-hosted backup services, prompting elevated security monitoring āĀ Commvault Exploitation,Ā CISA SaaS Warning
- A new malvertising campaign abuses trusted Google domains and outdated JSONP APIs to deliver phishing scripts stealing payment data and impacting major brands likeĀ Ray-BanĀ āĀ Google Domains Malvertising
- CloudflareĀ patched a request smuggling bug (CVE-2025-4366) in itsĀ PingoraĀ OSS framework that could leak visitor URLs and redirect users to malicious sites āĀ Cloudflare Fix
AI & Privacy Enhancements
- SignalĀ introduced a screenshot-blocker on Windows 11 to combat Microsoftās Windows Recall feature, enhancing user privacy against OS-level activity logging āĀ Signal Screenshot-Blocker
- Microsoft rolled out AI-powered text writing and editing features in Windows 11 Notepad, Paint, and Snipping Tool for Insiders, showcasing increased AI integration in productivity apps āĀ Windows 11 AI Features
- Anthropic released the AI modelĀ Claude 4Ā with benchmark improvements but retains a constrainedĀ 200K tokenĀ context window that limits handling large projects āĀ Claude 4 Benchmarks
Cyber Espionage & Geopolitical Threats
- Russian-aligned hackers launched a phishing-based cyber-espionage campaign targeting government and research institutions inĀ Tajikistan, using macro-enabled Word documents to evade detection āĀ Russian Espionage Tajikistan
- The pro-Kremlin Russian hacker groupĀ KillnetĀ resurfaced with a new identity, shifting from hacktivism to profit-driven cybercrime amid geopolitical tensions āĀ Killnet Returns
Security Tools & Solutions
- SafeLineĀ launched an open-source Web Application Firewall (WAF) offering zero-day detection, bot protection, and DDoS mitigation as a self-hosted alternative to cloud WAFs āĀ SafeLine WAF