Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [28 May 2025]

admin
Cybersecurity News | Daily Recap [28 May 2025]

Recent cybersecurity updates highlight state-sponsored espionage activities by APT31, Void Blizzard, and Earth Lamia targeting government and industrial sectors globally. Additionally, ransomware groups like Robbinhood and DragonForce continue to exploit vulnerabilities, affecting cities and retailers worldwide. #APT31 #VoidBlizzard #EarthLamia #Robbinhood #DragonForce

State-Sponsored Cyber Espionage

  • The Czech government publicly blames China-linked APT31 for cyberattacks on its Ministry of Foreign Affairs and critical infrastructure amid international condemnation – Chinese Hack, Czechia Cyberattack, China Cyber Espionage
  • Microsoft reports Russian-linked Void Blizzard cyberespionage group targeting NATO and Ukraine using advanced phishing and API abuses – Void Blizzard
  • Russian hackers β€œLaundry Bear” breach Dutch police with infostealers, focusing on espionage against Western government and high-tech sectors – Laundry Bear Breach, Russian Threat
  • China-linked Earth Lamia APT employs custom backdoors and DLL sideloading to infiltrate global industries – Earth Lamia
  • Velvet Chollima APT targets government officials worldwide with weaponized PDFs and PowerShell-based remote access techniques – Velvet Chollima
  • Ukraine detains Russian spies using dash cams to facilitate missile strikes, revealing novel espionage tactics targeting military sites – Russian Spies Detained
  • A Russian hospital programmer sentenced to 14 years for leaking military data to Ukraine highlights ongoing insider threats and espionage – Russian Programmer Sentence

Ransomware & Cybercrime

  • An Iranian hacker pleads guilty for involvement in the Robbinhood ransomware attacks disrupting U.S. cities including Baltimore, facing 30 years imprisonment – Robbinhood Guilty Plea, Iranian Ransomware Plea, Baltimore Ransomware
  • The DragonForce ransomware group abuses SimpleHelp vulnerabilities in MSP supply chain attacks targeting UK retailers and stealing customer data – DragonForce MSP Attack
  • Chort ransomware gang compromises personal data of nearly 70,000 residents in Sheboygan, Wisconsin, exposing sensitive PII like Social Security numbers – Sheboygan Ransomware
  • Silent Ransom Group (SRG) warned by FBI for targeting law firms using callback phishing and social engineering to exfiltrate sensitive data for extortion – Silent Ransom Group
  • A $223 million theft exploits a vulnerability in Cetus Protocol’s smart contract, demonstrating severe risks facing DeFi platforms – Cetus Protocol Hack

Malware & Cyber Threat Campaigns

  • Vietnamese threat actor UNC6032 uses fake AI-themed websites promoted on social media to distribute malware families including XWorm, Frostrift backdoors, and the Noodlophile Stealer worldwide – Vietnamese AI Malware, Vietnam AI Video Scam
  • Fake antivirus sites mimicking Bitdefender distribute Venom RAT and modular malware to steal credentials and cryptocurrency wallets – Venom RAT Fake Site, Venom RAT Campaign
  • New self-spreading malware infects exposed Docker containers to mine Dero cryptocurrency via worm-like propagation of Golang-based miners – Docker Malware
  • Mimo hackers exploit CVE-2025-32432 in Craft CMS to deploy cryptominers and proxyware for illicit profits – Mimo Craft CMS Exploit

Vulnerabilities & Patching

  • Google and Mozilla release urgent patches for Chrome 137 and Firefox 139 fixing 21 vulnerabilities including critical zero-days – Browser Vulnerabilities
  • CISA warns of memory leakage flaw in Johnson Controls ICU Tool affecting critical infrastructure access control systems – CISA ICS Advisory
  • Unpatched critical remote code execution vulnerability in TI WooCommerce Wishlist plugin risks exploitation and requires urgent deactivation – WooCommerce RCE
  • SQL injection vulnerability discovered in Frappe Framework API enables low-privilege attackers to execute arbitrary commands – Frappe SQLi
  • Ox Security report advises contextual prioritization of CISA KEV vulnerabilities for efficient patch management, especially in cloud environments – CISA KEV Report
  • Coordinated exploit scanning campaign from Japanese IPs targets vulnerabilities in ColdFusion, Struts, and Elasticsearch platforms – Exploit Scan Campaign

Security Product Updates & Industry Moves

  • Microsoft previews Windows Backup for Organizations, enhancing backup and migration for Windows 10/11 with integration into Microsoft Entra – Windows Backup
  • Microsoft launches a unified update orchestration platform to manage Windows app, driver, and system updates centrally, improving enterprise update management – Windows Update Orchestration
  • Zscaler announces acquisition of MDR specialist Red Canary to bolster its zero-trust cloud security platform and 24/7 threat monitoring – Zscaler Acquires Red Canary
  • Microsoft notified about OAuth implementation in OneDrive that unintentionally grants full read access to web apps, raising privacy concerns – OneDrive OAuth Issue

Fraud & Identity Security

  • Apple blocks over $9 billion in App Store fraud and disables millions of malicious accounts over five years, with $2 billion prevented in 2024 alone – Apple Fraud Block, Apple Fraud Prevention, Apple Fraud Report
  • Cerby raises $40 million to advance its AI-powered identity security automation platform enhancing multi-application identity management – Cerby Funding

Emerging Technologies & AI Risks

  • New research explores physics-based causes of AI hallucinations focusing on flaws in the Attention mechanism, urging improved risk management in AI safety – AI Hallucination Root
  • Browser-in-the-Middle (BiTM) attacks grow more sophisticated, able to steal session tokens and bypass MFA to hijack user sessions in seconds – BiTM Attacks

Cybersecurity News | Daily Recap – hendryadrian.com