Cybersecurity News | Daily Recap [24 Jul 2025]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Patching

• Mitel issued fixes for a critical MiVoice MX-ONE authentication bypass and a high-severity SQL injection in MiCollab, highlighting risks in enterprise communication products – Mitel Flaws
• Sophos and SonicWall patched critical remote code execution flaws in firewalls and SMA 100 devices actively targeted by malware like OVERSTEP and Abyss ransomware – Firewall RCE Patches, SonicWall RCE, SonicWall Patch & Alerts
• CISA added exploited flaws in CrushFTP, Google Chromium, and SysAid to its Known Exploited Vulnerabilities catalog, urging organizations to patch immediately – CISA Vulnerabilities

Ransomware & Cybercrime

• The FBI warns of The Com, a large cybercriminal group involved in ransomware, swatting, extortion, and child exploitation with growing sophistication – The Com Alert
• Storm-2603, a China-linked hacking group, exploits unpatched Microsoft SharePoint zero-days to deploy Warlock ransomware, affecting US government and global targets including the US nuclear weapons agency – SharePoint Ransomware, Warlock Campaign, ToolShell Attacks, NNSA SharePoint Breach
• Ransomware groups increasingly weaponize legitimate Remote Monitoring and Management (RMM) tools to stealthily infiltrate networks and exfiltrate data – RMM Exploitation
• Clorox sues Cognizant for $380 million alleging negligence enabled a major 2023 cyberattack linked to social engineering and the Scattered Spider group – Clorox Lawsuit, Clorox Social Engineering, Clorox Lawsuit Details

Open Source & Supply Chain Security

• Hackers compromised Toptal‘s GitHub and injected malware into popular NPM packages to steal data and disrupt development, highlighting ongoing open-source supply chain threats – Toptal GitHub Breach
• Supply chain attacks infected high-value NPM packages such as is and eslint-config-prettier through phishing and typosquatting, resulting in malware execution on millions of developers’ systems – NPM Phishing Campaign, NPM ‘is’ Malware
• HeroDevs raised $125 million to enhance security for deprecated open source software, focusing on AI threat protection and sustainability for 900+ global organizations – HeroDevs Funding

Cyber-Espionage & Nation-State Threats

• A Chinese cyber espionage group Fire Ant is compromising VMware ESXi virtualization software globally, employing advanced evasion to steal strategic intelligence – Fire Ant Campaign
• China-based APTs deployed fake Dalai Lama apps and watering hole attacks against the Tibetan community using malware like Gh0st RAT and PhantomNet to harvest sensitive data – Fake Dalai Lama Apps
• Russian actors exploit Kyrgyzstan’s booming cryptocurrency sector to evade sanctions and fund military efforts in Ukraine, utilizing infrastructure similar to high-risk exchanges like Garantex – Russia Kyrgyzstan Crypto
• Multiple nation-state groups, including Chinese and Russian APTs (APT29, LinenTyphoon, VioletTyphoon, Storm2603), are linked to SharePoint zero-day attacks impacting critical agencies – see related links above.

Law Enforcement Actions

• Europol and international partners arrested the alleged admin of the cybercrime marketplace XSS.is after 12 years, disrupting malware sales and ransomware facilitation linked to Russian-speaking networks – XSS Admin Arrest, XSS Forum Arrest, XSS Forum Takedown

Data Breaches & Privacy

• The AMEOS Group, a major European healthcare provider, suffered a data breach exposing sensitive patient and staff information, underscoring healthcare cybersecurity risks – AMEOS Breach
• A data breach at France Travail exposed personal details of approximately 340,000 jobseekers due to infostealer malware bypassing two-factor authentication – France Travail Breach
• A class-action lawsuit begins against Flo Health and Meta over alleged improper sharing of women’s reproductive data despite confidentiality promises, with potential multi-billion dollar damages – Flo & Meta Trial
• Brave browser blocks Windows Recall from screenshotting browsing activity, enhancing user privacy by preventing sensitive data capture – Brave Privacy Block

Cybersecurity Strategy & Awareness

• An article advocates moving beyond annual pentests toward building continuous Offensive Security Operations Centers (SOC) using persistent attack simulations and automated exploit testing to proactively reduce vulnerabilities – Offensive SOC
• A webinar explores hidden flaws in login security, AI, and digital trust, providing practical guidance on improving customer identity management and mitigating emerging identity threats – Identity Webinar
• Guidance on hardening Active Directory against Kerberoasting attacks emphasizes strong password policies and encryption to prevent privilege escalation – Kerberoasting Defense

Web & Application Security

• Researchers discovered a stealth backdoor hidden in WordPress mu-plugins that grants attackers persistent admin access and arbitrary code execution risks – WordPress Backdoor
• Threat actor Mimo targets Magento CMS and misconfigured Docker instances to deploy crypto miners and proxyware, using advanced exploitation techniques to avoid detection – Mimo Attacks

Critical Infrastructure & Public Sector

• New York State seeks public input on proposed cybersecurity regulations to strengthen resilience of water and wastewater systems through monitoring, response, and training standards – NY Water Cyber Rules
• NATO CCDCOE warns critical port infrastructure is increasingly targeted by Russian, Iranian, and Chinese threat actors, urging improved coordination to protect global trade – Ports Cyber Risks
• A phishing campaign targets users of the U.S. Department of Education’s G5 portal via lookalike domains aiming to steal credentials, with ongoing efforts to takedown malicious sites – Education Phishing

Fraud & Financial Crimes

• Fake receipt generators like MaisonReceipts fuel online fraud by producing realistic retail receipts, exacerbating challenges for law enforcement combating fraud-as-a-service markets – Fake Receipt Fraud

Cybersecurity News | Daily Recap – hendryadrian.com