![Cybersecurity News | Daily Recap [28 Jul 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [28 Jul 2025]")
This summary covers recent developments in ransomware, state-sponsored cyberattacks, and data breaches, highlighting targeted sectors and threat actor activities. Key incidents include BlackSuitβs transition to Chaos ransomware, targeted attacks on VMware vSphere, and the cyberattack on Aeroflot by Silent Crow, emphasizing evolving tactics and geopolitical tensions. #BlackSuit #Chaos #ScatteredSpider #VMwareESXi #NASCAR #Medusa #SilentCrow #Auroraflot #UNC3886 #Hive0156 #Remcos #Allianz #AIIMS #WordPressFlaw #NiagaraFramework #RootEvidence #Autoswagger #SharePoint
Ransomware & Cybercrime Groups
- Law enforcement seized the BlackSuit ransomware groupβs Tor leak site, prompting a potential transition to Chaos ransomware after targeting multiple industries with massive ransom demands β BlackSuit Ransomware
- Scattered Spider is aggressively targeting VMware vSphere and ESXi hypervisors through social engineering and ransomware deployment, impacting critical US infrastructure and emphasizing infrastructure-centric defenses β Scattered Spider, VMware ESXi Attack
- NASCAR confirms stolen personal data including Social Security numbers due to a ransomware attack involving Medusa malware, with quick incident response and support for affected individuals β NASCAR Ransomware
State-Sponsored & Geopolitical Cyberattacks
- Aeroflot, the Russian airline, suffered a severe cyberattack by Silent Crow destroying thousands of servers and leaking data amid geopolitical tensions supporting Ukraine and Belarus opposition β Aeroflot Cyberattack
- Nation Group in Thailand faced over 200 million cyberattacks, including DDoS and disinformation, orchestrated by Cambodian actors amidst political conflict β Nation Group Attacks
- Singapore critical infrastructure targeted by the China-linked UNC3886 APT exploiting zero-days and deploying custom malware against energy and telecom sectors β Singapore APT Attack
- The Russian-aligned Hive0156 group escalates use of Remcos RAT malware in spear-phishing campaigns against Ukrainian government and military, employing advanced infection chains β Hive0156 Remcos Attacks
Data Breaches & Vulnerabilities
- Allianz Life confirms a data breach via a social engineering attack on a third-party cloud platform, affecting 1.4 million customers and highlighting risks in the insurance sector β Allianz Data Breach
- The AIIMS ORBO portal vulnerability led to massive exposure of personal and medical organ donor data in India, stressing digital health infrastructure security β AIIMS Data Exposure
- A critical flaw in the Post SMTP WordPress plugin with 400k installs allows full website takeover through broken access controls, with many sites still unpatched β WordPress Plugin Flaw
- Critical vulnerabilities discovered in the Niagara Framework threaten global smart buildings and industrial systems by enabling control takeover if exploited β Niagara Framework Flaws
Cybersecurity Innovations & Research
- Root Evidence, a new cybersecurity startup focusing on evidence-based vulnerability management, raised $12.5 million in seed funding to prioritize critical threats β Root Evidence Funding
- Advanced API attacks persist due to documentation leaks and weak controls; the free tool Autoswagger aids in uncovering these often-missed API vulnerabilities β Autoswagger Tool
- Weekly threat recap highlights active exploitation of SharePoint zero-days by Chinese actors and ongoing malware campaigns involving stealers and ransomware like Interlock and Gunra, stressing urgent patching β Weekly Recap