Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [24 Jun 2025]

admin
Cybersecurity News | Daily Recap [24 Jun 2025]

Recent cybersecurity updates include the unexpected release of REvil ransomware members in Russia and new stealth malware campaigns by APT28 targeting Ukrainian agencies via Signal chats. Additionally, state-sponsored actors exploit critical vulnerabilities in infrastructure, and breaches continue to impact organizations like Paraguay’s government and healthcare providers like McLaren Health Care. #REvil #APT28

Malware & Cybercrime

  • Russian court released four REvil ransomware members immediately after sentencing on payment card fraud charges linked to U.S. targets – REvil Members Released, REvil Time Served
  • New malware BeardShell and SlimAgent deployed by Russia-backed APT28 via Signal chats target Ukrainian agencies using encrypted messaging for stealth attacks – Russian Malware on Signal, APT28 Signal Attacks
  • Prometei botnet activity spikes with new cryptomining and credential theft tactics targeting Linux and Windows devices – Prometei Activity Surge
  • Insight on FileFix, a stealthy social engineering attack weaponizing Windows File Explorer to execute hidden malicious commands, potentially aiding ransomware campaigns by state actors – FileFix Attack
  • Mobile malware SparkKitty found in official Google Play and Apple App Store apps steals crypto wallet seed phrases and photos – SparkKitty Malware
  • Researchers reveal cybercriminal use of jailbroken AI LLMs like Grok and Mixtral to generate malicious content, bypassing AI safeguards – Jailbroken AI Abuse
  • New Echo Chamber jailbreak tricks manipulate large language models such as OpenAI and Google into producing harmful content by exploiting multi-step inference – Echo Chamber Jailbreak

State-Sponsored Attacks & Espionage

  • China-linked Salt Typhoon exploits critical Cisco IOS XE CVE-2023-20198 and Fortinet vulnerabilities using malware families SHOE RACK and UMBRELLA STAND to target telecom infrastructure in North America – Salt Typhoon Exploits, UMBRELLA STAND Alert, Salt Typhoon Targets Canadian Telecom
  • Chinese APT builds espionage infrastructure by compromising over 1,000 routers with stealthy ShortLeash backdoor targeting US and Southeast Asian industries – Chinese APT Router Campaign
  • North Korean BlueNoroff group uses fake Zoom links and malicious extensions for system takeover and data theft – North Korean Zoom Attacks
  • Iranian-backed Homeland Justice cyberattack disrupts Albania’s public services amid geopolitical tensions, highlighting regional state-sponsored threats – Iranian Attack on Albania
  • US DHS warns escalating cyberattack risks from Iranian hackers and hacktivists amid Iran-Israel conflict, targeting healthcare, government, and critical infrastructure – US DHS Iran Cyber Risk, DHS Warns Pro-Iranian Hackers

Vulnerabilities & Exploits

  • Siemens alerts customers of Microsoft Defender Antivirus issue impacting Simatic PCS products causing potential control failures due to disabled ‘alert only’ mode – Siemens Defender Issue
  • Critical Notepad++ CVE-2025-49144 vulnerability allows full system takeover via privilege escalation, urging updates to v8.8.2 – Notepad++ Vulnerability
  • Two severe Aviatrix Cloud Controller vulnerabilities including authentication bypass and command injection could lead to full compromise – Aviatrix Flaws
  • Microsoft Exchange servers targeted by JavaScript keylogger injections exploiting patched vulnerabilities, stealing credentials across 26 countries – Exchange Keylogger Attacks
  • CISA ICS and software advisories issued for multiple vulnerabilities affecting industrial control systems from providers like Siemens and Fuji Electric – CISA ICS Advisories
  • Mattermost security advisory addresses critical vulnerabilities across server versions with urgent updates recommended – Mattermost Advisory

Data Breaches & Ransomware

  • Paraguay’s largest data breach exposed personal data of 7.4 million citizens after an Infostealer compromised government systems by Brigada Cyber PMC – Paraguay Data Breach
  • McLaren Health Care ransomware breach by INC gang exposed data of 743,000 patients, raising healthcare data security concerns – McLaren Healthcare Breach
  • Play ransomware group claims hack of Dairy Farmers of America, demanding payment within three days after stealing financial and operational data – Dairy Farmers Ransomware

Cybersecurity Practices & Emerging Trends

  • Podcast highlights strategic benefits of Continuous Threat Exposure Management (CTEM) for asset management and risk-based security reporting – CTEM Conversation
  • Continuous Penetration Testing (CPT) outperforms traditional pentests and bug bounties by providing real-time attacker-focused vulnerability insights – Continuous Pentest
  • Security experts urge advanced identity proofing and multi-layer verification as critical practices to combat rising identity fraud costs and sophistication – Identity Proofing Importance
  • US House of Representatives bans WhatsApp on government devices, citing security risks and promoting alternatives such as Microsoft Teams and Signal – US House WhatsApp Ban
  • Researchers demonstrate new methods using bad shares and XMRogue to effectively disrupt cryptomining botnets, forcing attackers to abandon operations – Cryptominer Disruption

Geopolitical Cyber Incidents

  • Potential sabotage at NATO Summit in The Hague involved rail cable fires and cyberattacks linked to pro-Russian groups amid heightened geopolitical tensions – NATO Summit Sabotage

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint