![Cybersecurity News | Daily Recap [27 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [27 Aug 2025]")
Recent reports highlight China’s state-sponsored espionage efforts, including campaigns by UNC6384 and Blind Eagle, targeting diplomatic and government entities across multiple regions. Additionally, critical vulnerabilities in Citrix NetScaler and Git have been patched, while supply chain attacks and data breaches continue to threaten organizations globally. #UNC6384 #BlindEagle #CitrixNetScaler #SalesloftOAuth #HealthcareBreach #Infostealers #Sni5Gect
State-linked Espionage
- Google GTIG exposed a PRC-linked UNC6384 espionage campaign using hijacked captive portals and Adobe-update lures to target diplomats and global entities – UNC6384 Campaign, Silk Typhoon
- Researchers attribute five activity clusters to Blind Eagle targeting Colombia with RATs and phishing while the ShadowSilk cluster hit 35+ government and sector orgs across Central Asia and APAC using loaders, web shells and Telegram bots – Blind Eagle Clusters, ShadowSilk Attacks
Vulnerabilities & Patching
- Citrix released patches for three NetScaler ADC/Gateway flaws including the actively exploited CVE-2025-7775, and CISA added Citrix issues to its KEV catalog — immediate patching urged – Citrix NetScaler, Citrix Fixes, NetScaler Flaws, CISA KEV
- CISA warned of an actively exploited Git CVE-2025-48384 code-execution flaw and highlighted two Citrix session-recording bugs, urging fixes before Sept 15 – Git & Citrix Warning
Supply Chain & OAuth
- Attackers abused OAuth via a compromised Salesloft/Drift AI integration to steal Salesforce data and downstream cloud credentials in a coordinated supply-chain campaign attributed to groups like ShinyHunters/UNC6395 – Salesloft OAuth, Salesloft Breach
Data Breaches & Leaks
- A breach at Healthcare Services Group exposed personal data for about 624,000 people (Sept–Oct 2024); no confirmed misuse yet and credit monitoring offered – Healthcare Breach
- New Jersey’s Legacy Treatment Services notified ~42,000 people after a ransomware-linked leak that exposed SSNs, medical and financial info, claimed by Interlock – Legacy Treatment Breach
- Data broker National Public Data relaunched under new ownership despite a leak of ~2.9 billion records, keeping widespread SSN exposure risks active – National Public Data
Malware & Mobile Threats
- Commodity infostealers (eg. RedLine, Lumma, Raccoon) sold via malware-as-a-service are driving rapid, stealthy data theft and widespread breaches – Infostealers Trend
- Google will require Developer Verification to curb malware from sideloaded Android apps and extend protections beyond Google Play – Android Dev Verify
- Researchers published Sni5Gect, an open-source toolkit able to intercept early 5G messages to crash phones or downgrade connections to 4G without rogue base stations, exposing protocol-level weaknesses – Sni5Gect Attack
Government Disruptions & Insider Threats
- A disruptive cyberattack forced closures of Nevada state offices and disrupted government websites and communications over multiple days while investigations continue – Nevada Cyberattack, Nevada Closure
- A Chinese developer was sentenced to four years for deploying malicious code that sabotaged his US employer’s systems—an example of destructive insider threat causing crashes and data deletion – Chinese Insider Sabotage
Policy, Response & Courts
- Sen. Ron Wyden demanded an independent review of federal court cybersecurity, calling recent sensitive-data breaches evidence of ‘incompetence’ and urging stronger protections and transparency – Wyden Court Review
- Officials and tech firms from the US, Japan and South Korea met in Tokyo to counter North Korea’s illicit IT worker scheme that funds cyber operations linked to groups like Lazarus – Tokyo North Korea Forum