Cybersecurity News | Daily Recap [30 May 2025]

hendryadrian.com

hendryadrian.com

Phishing & Social Engineering

• Threat actors are abusing Google Apps Script and Firebase in sophisticated phishing campaigns that leverage trusted platforms to bypass security and steal credentials – Firebase & Apps Script, Apps Script Abuse
• A phishing campaign exploited Nifty.com infrastructure to impersonate businesses and harvest credentials, demonstrating advanced evasion beyond email defenses – Nifty Phishing
• A new browser exploit called Fullscreen Browser-in-the-Middle (BitM) targets Safari by hiding malicious sites in fullscreen mode without warnings, enabling stealthy credential theft – Browser Exploit, Safari BitM

Ransomware & Cybercrime

• The Qilin ransomware gang demanded ransom from Botetourt County Schools after stealing 315 GB of sensitive data, emphasizing ongoing threats to education – Qilin Ransomware
• Australia has mandated certain ransomware victims to report extortion payments to improve threat visibility and tackle underreporting – Australia Ransomware Reporting
• Cybercriminals increasingly exploit AI-generated lures and fake installers to spread ransomware and malware, targeting business and marketing sectors via SEO poisoning and malvertising – AI Malware Campaigns, AI Ransomware

State-Sponsored Attacks & Nation-State Threats

• ConnectWise confirmed a targeted cyberattack by a nation-state actor exploiting a critical CVE-2025-3935 vulnerability in ScreenConnect, affecting a small number of customers; investigations with Mandiant and law enforcement are ongoing – ConnectWise Hack, ConnectWise Cyberattack, ScreenConnect Targeted, ConnectWise Nation-State, ConnectWise Breach, ConnectWise Confirmed Hack
• Chinese hacking group APT41 leveraged Google Calendar as a covert command-and-control channel in a cyberespionage campaign targeting governments, disrupted by Google – APT41 Google Calendar, APT41 TOUGHPROGRESS
• Chinese Earth Lamia group exploits SAP and SQL Server flaws across Asia and Brazil to launch espionage and persistent attacks on various industries – Earth Lamia Attacks, Earth Lamia Targets
• Meta disrupted multiple influence operations from China, Iran, and Romania, which used fake social media personas and AI-generated profiles to manipulate public discourse – Meta Influence Takedown, Meta Influence Ops
• A massive DDoS attack by the Ukrainian “IT Army” disrupted internet services for thousands in Moscow, targeting Russian provider ASVT amid ongoing cyber conflict – Moscow DDoS Attack
• Malaysia faces rising cyber threats from state-sponsored and criminal groups targeting critical sectors with ransomware and espionage – Malaysia Threat Report
• The UK Ministry of Defence is investing £1 billion in the “Digital Targeting Web,” an AI-driven battlefield system that enhances cyber and electromagnetic operations – UK Digital Targeting

Vulnerabilities & Exploits

• A critical CVE-2025-27522 vulnerability in Apache InLong versions 1.13.0 to 2.1.0 enables remote code execution via unsafe deserialization, with a patch available in version 2.2.0 – Apache InLong RCE, InLong Deserialization
• Argo CD suffers from a critical XSS vulnerability (CVE-2025-47933) that allows full Kubernetes resource manipulation and script injection – Argo CD XSS
• GreyNoise discovered a stealthy malware campaign backdooring over 9,000 ASUS routers via a previously patched command injection vulnerability linked to advanced attackers – ASUS Router Backdoors
• A new Windows RAT uses corrupted DOS and PE headers to evade detection for weeks, enabling persistent remote access via TLS-encrypted C2 communication – Windows RAT Evasion

Cybersecurity & Technology Developments

• MITRE and the Post-Quantum Cryptography Coalition released a comprehensive roadmap guiding organizations on transitioning to quantum-safe cryptography to counter emerging quantum threats – Post-Quantum Roadmap
• Mozilla Firefox 139 introduces new tab customization, translation improvements, and multiple security fixes, followed by a quick 139.0.1 update addressing graphical glitches on NVIDIA GPUs – Firefox 139, Firefox 139.0.1 Patch
• Microsoft Authenticator plans to retire its password autofill feature by August 2025, advising users to export passwords or switch to Microsoft Edge’s autofill to avoid access disruption – Microsoft Authenticator Update
• Unbound raised $4 million in seed funding to enhance its AI security platform that protects data and controls access as organizations adopt generative AI tools – Unbound Funding
• MultiCare Health System improved healthcare delivery and cybersecurity by implementing identity-based microsegmentation, fostering collaboration and secure digital transformation – Healthcare Cybersecurity
• Attack Surface Management (ASM) tools like Sprocket ASM help organizations continuously map their external attack surface, increasing resilience by preventing unknown vulnerabilities from being exploited – Attack Surface Management

Sanctions & Cybercrime Infrastructure

• The US Treasury Department sanctioned Philippine firm Funnull Technology Inc. and administrator Liu Lizhi for enabling crypto scams causing over $200 million in losses via infrastructure laundering and cloud-enabled fraud – Funnull Sanctions SW, Funnull Sanctions THN, Funnull Sanctions Record, Funnull Sanctions BC

Cyber Incidents

• The Victoria’s Secret website went offline following a security incident suspected to be linked to the Scattered Spider group and their deployment of DragonForce ransomware amid rising retail sector attacks – Victoria’s Secret Incident

Malware Developments

• A new Rust-based info stealer called EDDIESTEALER spreads via fake CAPTCHA pages (ClickFix technique), stealing browser data with sophisticated evasion methods – EDDIESTEALER Malware

Cybersecurity News | Daily Recap – hendryadrian.com