Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [30 Jul 2025]

admin
Cybersecurity News | Daily Recap [30 Jul 2025]

Recent cybersecurity updates highlight the ongoing threat posed by groups like Scattered Spider and Chaos RaaS, despite arrests, with targeted ransomware attacks on Snowflake and Indiana’s First Baptist Church. Incidents such as the Saint Paul cyberattack, major breaches at Albavisión, and vulnerabilities in Lenovo, Apple, and CodeIgniter4 underscore evolving threats and the importance of timely patches. #ScatteredSpider #DragonForce #Snowflake #ChaosRaaS #Rhysida #Albavisión #Lenovo #Safari #CodeIgniter4

Ransomware & Threat Actors

  • Following arrests, Scattered Spider group’s activity declined but their advanced tactics including DragonForce ransomware and targeting of Snowflake data storage remain a significant threat to multiple industries – Scattered Spider Decline, Scattered Spider Snowflake, Scattered Spider Arrests, FBI/CISA Scattered Spider Alert
  • New ransomware-as-a-service group Chaos RaaS, linked to former BlackSuit operators, is demanding up to $300K from US victims using sophisticated social engineering and encryption techniques – Chaos RaaS Emergence
  • Rhysida ransomware gang targeted Indiana’s First Baptist Church demanding $594K ransom after breaching sensitive data – Megachurch Ransomware
  • GLOBAL GROUP ransomware gang breached media giant Albavisión, stealing 400GB of data and leveraging AI chatbots for ransom negotiations, highlighting growing risk to media and healthcare sectors – GLOBAL GROUP Attack
  • FunkSec ransomware’s AI-developed strain is now decryptable thanks to Avast collaboration with law enforcement, aiding European victims – FunkSec Decryptor

Cyberattacks & Incident Responses

  • The Minnesota city of Saint Paul faced a coordinated cyberattack causing network shutdowns and disrupting city services, leading to National Guard deployment and federal collaboration – St. Paul Cyberattack, MN National Guard Activation, Minnesota Guard Activation
  • Telecom giant Orange suffered a cyberattack causing service disruptions across multiple regions, with no data exfiltration confirmed yet amid ongoing threat actor activity – Orange Cyberattack, Orange Response
  • Major cyberattack shut down hundreds of Russian pharmacies, disrupting healthcare and online services, as cyberattacks surge against Russian businesses amid geopolitical tensions – Russian Pharmacies Attack
  • Aeroflot, Russia’s airline giant, grounded dozens of flights following cyberattacks attributed to Ukrainian and Belarusian hacktivists, who claimed destruction of internal data – Aeroflot Cyberattack
  • Privacy breach at Tea App exposed user messages and sensitive data, forcing the messaging system offline amid concerns over security risks for vulnerable users – Tea App Data Leak

Vulnerabilities & Patches

  • Lenovo issued firmware updates to patch high-severity BIOS and UEFI vulnerabilities that allowed Secure Boot bypass and persistence of implants – Lenovo Firmware Fixes, Lenovo Persistent Implant
  • Apple patched a critical zero-day Safari vulnerability (CVE-2025-6558) exploited also in Google Chrome, alongside other important security flaws, enhancing WebKit and CFNetwork protections – Apple Safari Patch, Apple Multi-Device Patches
  • Critical authentication and access bypass flaws discovered in AI-powered Base44 Vibe Coding Platform by Wix were patched swiftly, preventing unauthorized access to applications – Base44 Access Flaw, Base44 Auth Flaw
  • Critical security flaws in Dahua smart cameras firmware allowed remote hijacking via ONVIF and file upload exploits, now patched to prevent large-scale device compromise – Dahua Camera Flaws
  • CodeIgniter4 vulnerability (CVE-2025-54418) enabling remote code execution through file uploads affects millions of web apps; immediate upgrade to version 4.6.2 is advised – CodeIgniter4 RCE Flaw

Funding & Industry Moves

  • BlinkOps raised $50 million to enhance its agentic security automation platform for custom micro-agents and workflow integration – BlinkOps Funding
  • The newly founded startup Legion secured $38 million to develop AI-native SOC tools automating investigations and reducing alert fatigue – Legion Funding
  • Tonic Security, an Israeli startup, launched with $7 million seed funding for an AI-powered exposure management platform aimed at prioritizing vulnerabilities – Tonic Security Launch
  • Cyata emerged with $8.5 million in funding to provide continuous monitoring and control of AI agents within enterprises – Cyata Launch
  • Palo Alto Networks is acquiring identity security firm CyberArk in a $25 billion deal to enhance AI-era access management capabilities – Palo Alto CyberArk Deal
  • Axonius acquired medical device security company Cynerio for over $100 million to expand healthcare cybersecurity presence – Axonius Acquires Cynerio

AI and Cybersecurity Innovation

  • The 2025 State of vCISO Report finds AI reduces virtual CISO workload by 68% amid soaring SMB demand, driving efficiency and strategic partnerships – AI Cuts vCISO Workload
  • Platforms like Pillar Security provide holistic AI threat detection covering the entire AI development lifecycle to build trust in AI deployment – Pillar AI Security
  • Google launched Device Bound Session Credentials (DBSC) open beta to prevent session hijacking and bolstered vulnerability transparency via Project Zero’s rapid public disclosures – Google DBSC & Project Zero, Project Zero Disclosure
  • The future of SOCs embraces AI augmentation for predictive, adaptive threat detection and faster response, replacing manual processes as cybercrime costs soar – AI-Driven SOCs

Espionage & Surveillance Concerns

  • Chinese companies linked to Silk Typhoon hacking group filed over 15 patents for cyber espionage tools tied to Ministry of State Security, revealing a sophisticated offensive ecosystem – Silk Typhoon Patents
  • Sen. Ron Wyden urged the US intelligence community to scrutinize UK surveillance laws for risks to US companies and citizen privacy, focusing on potential backdoors and data access mandates – Wyden UK Surveillance

Malware & Attack Techniques

  • Hackers exploited a patched SAP NetWeaver bug (CVE-2025-31324) to deploy stealthy Auto-Color Linux malware with advanced evasion, targeting North American and Asian organizations – SAP Auto-Color Attack, Auto-Color Malicious Campaign
  • GOLD BLADE threat actors employ complex DLL sideloading and LNK file chains to deploy RedLoader malware, demonstrating advanced evasion techniques – GOLD BLADE RedLoader
  • PyPI warns developers about ongoing phishing campaigns using fake verification emails and typosquatting domains, threatening credential theft on open-source platforms – PyPI Phishing Warning

Threat Intelligence & Security Tools

  • Cyware enhanced its Intelligence Suite with sandboxing and sector-specific threat feeds to optimize cyber threat intelligence deployments – Cyware Intelligence Suite

Financial Impact & Fraud

  • Mumbai suffered cyber fraud losses totaling around $135 million, primarily through scams involving fake investments and digital arrest traps exploiting cross-border vulnerabilities – Mumbai Cyber Fraud
  • The latest IBM Report reveals US data breach costs rose to an average of $10.22 million, with AI playing a complex role in both cyber defense and attack sophistication – IBM Breach Cost Report

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint