Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [27 Jun 2025]

admin
Cybersecurity News | Daily Recap [27 Jun 2025]

Recent cybersecurity developments include massive data breaches affecting millions, such as Ahold Delhaize and UNFI, alongside sophisticated malware campaigns like PUBLOAD and Sainbox RAT targeting Asian organizations. Key threat actors like Mustang Panda, Hive0154, and North Korea’s BlueNoroff continue to exploit vulnerabilities and conduct social engineering fraud, while nations enhance cyber defense policies, notably in NATO and the US. #AholdDelhaizeBreach #MustangPanda #BlueNoroff

Data Breaches & Ransomware

  • INC ransomware gang stole data on 2.2 million people in a cyberattack on Ahold Delhaize U.S. operations causing data and financial info exposure – Ahold Delhaize Breach, Ahold Delhaize Disclosure
  • United Natural Foods (UNFI) restores systems after a week-long cyberattack disrupting operations and expects a negative quarterly income impact – UNFI Cyber Incident, UNFI Restoration
  • Estes Forwarding Worldwide notifies victims after a ransomware attack by the Qilin gang involving data theft but no major disruptions – Estes Ransomware
  • AT&T settles a $177 million data breach claim, coinciding with a US House ban on WhatsApp amid rising concerns over cybersecurity and privacy – AT&T Settlement & US House Ban

Advanced Threat Actors & Malware

  • Chinese-linked Mustang Panda and Hive0154 APT groups target Tibetan communities and East Asian organizations with PUBLOAD and Pubshell backdoors via spear-phishing – Mustang Panda Malware, Hive0154 Campaign
  • Silver Fox group deploys Sainbox RAT and rootkits through fake Chinese software sites using DLL side-loading to stealthily infect users – Silver Fox RAT & Rootkit, Silver Fox Fake Websites
  • North Korea’s BlueNoroff uses deepfake Zoom calls for cryptocurrency scams targeting macOS devices with malware – BlueNoroff Deepfake Scams
  • OneClik malware campaign targets the energy sector with Microsoft ClickOnce exploits and Golang backdoors showing Chinese threat actor tactics – OneClik Malware

Vulnerabilities & Exploits

  • Citrix Bleed 2 (CVE-2025-5777) vulnerability in NetScaler ADC is now actively exploited in session hijacking attacks bypassing MFA – Citrix Bleed 2 Exploits, Citrix Exploitation Evidence
  • Cisco warns of critical remote code execution flaws affecting its Identity Services Engine (ISE and ISE-PIC) that could lead to full device takeover – Cisco ISE RCE Flaws, Cisco Security Warning
  • Open VSX Registry flaw exposed over 8 million developers to potential supply chain takeover by abusing exposed admin tokens – Open VSX Vulnerability, Open VSX Supply Chain Risk
  • Brother printer bug (CVE-2024-51978) in 689 models exposes default admin passwords leading to remote code execution risks unpatchable via firmware – Brother Printer Bug
  • Microsoft 365 Direct Send exploited in phishing campaigns that spoof internal emails bypassing SPF/DMARC/DKIM protections – Microsoft 365 Phishing
  • Significant surge in scans targeting Progress MOVEit Transfer vulnerabilities amid active threats linked to Cl0p ransomware actors – MOVEit Threat Surge

Cybersecurity Policies & Leadership

  • NATO members commit to raising defense spending to 5% of GDP within ten years including focus on cyber defense to counter threats from Russia and China – NATO Spending Increase
  • The U.S. Senate proposes bipartisan legislation to block Chinese and other foreign adversary AI systems like DeepSeek from federal agency use for national security – Bipartisan AI Ban, No Adversarial AI Act
  • Patrick Ware appointed top civilian leader of U.S. Cyber Command, bringing extensive NSA experience during agency restructuring – Patrick Ware Appointment

Corporate Security & Technology Updates

  • Microsoft announces upcoming Windows endpoint security platform to improve resilience and security after a disruptive CrowdStrike update outage – Microsoft Endpoint Security
  • Windows 11 KB5060829 preview update released with 38 bug fixes and improvements, excluding security patches – Windows 11 Update
  • British startup RevEng.ai raises $4.15 million seed funding to develop AI-powered software supply chain security tools detecting malicious code – RevEng.ai Funding

Phishing, Social Engineering & Fraud

  • New phishing wave using ClickFix and emerging FileFix social engineering methods rise sharply, exploiting fake CAPTCHAs for payload delivery – ClickFix & FileFix Attacks
  • Israeli cyber and computer science experts targeted by Iran-linked APT42 through AI-powered spear-phishing to steal sensitive credentials – APT42 Phishing Campaign
  • An ex-student arrested for hacking Western Sydney University, stealing data over 100GB with plans to sell on dark web highlights academic cybersecurity risks – University Hacker Arrest
  • Bumble’s Icebreakers feature is accused in a GDPR complaint for violating European data privacy rules due to lack of proper user consent concerning OpenAI data processing – Bumble GDPR Complaint

Law Enforcement & Cybercrime Takedowns

  • US and France have cracked down on the BreachForums marketplace, arresting key members and disrupting operations linked to high-profile cybercrimes – BreachForums Takedown
  • British hacker Kai West, aka IntelBroker, indicted for leading cybercriminal group causing over $25 million in damages in the US and France – IntelBroker Indictment
  • Amnesty International condemns Cambodia for neglecting scam compounds trafficking victims into forced criminal activities despite police efforts – Cambodia Scam Compounds

Cybersecurity News | Daily Recap – hendryadrian.com