![Threat Research | Weekly Recap [03 Aug 2025]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [03 Aug 2025]")
This weekly recap highlights significant developments in ransomware, malware, and threat actor tactics, including the propagation of Linux variants and credential theft tools. It underscores emerging vulnerabilities in supply chain software and sophisticated espionage campaigns linked to state actors. #QilinRansomware #LockBit #ShadowCoil #Gunra #ScatteredSpider #ToolShellZeroDay #Hafnium #TraderTraitor
Tag: MACOS
A critical vulnerability in Cursor’s AI code editor allows remote attackers to exploit prompt injection to modify sensitive files and execute arbitrary code. This flaw could enable attackers to chain vulnerabilities for remote code execution, affecting third-party MCP servers and components. #CVE-2025-54135 #CursorAI #PromptInjection #RemoteCodeExecution…
An ISO image targeting Chinese-speaking users utilizes a malicious DLL sideloaded by a legitimate Alibaba executable to deploy a Cobalt Strike Beacon with a decoy PDF. The threat leverages an LNK file named after the Zhengzhou Commodity Exchange to initiate execution, disguising malicious traffic as Bilibili video sharing platform communications. #CobaltStrike #SLOWTEMPEST #ZhengzhouCommodityExchange
![Cybersecurity News | Daily Recap [01 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [01 Aug 2025]")
Russian espionage group Secret Blizzard deploys custom malware ApolloShadow in ISP-level AiTM attacks against foreign embassies in Moscow, emphasizing ongoing state-sponsored cyber surveillance. Meanwhile, North Korean Lazarus targets open-source repositories, increasing supply chain risks for developers globally. #ApolloShadow #Lazarus
A critical Remote Code Execution vulnerability was discovered in the @nestjs/devtools-integration package due to an insecure JavaScript sandbox environment combined with insufficient CORS and content-type validations. This flaw allows attackers to execute arbitrary code on a developer’s local machine simply by visiting a malicious website. #nestjs #Socket #safe-eval
Cybersecurity researchers discovered an AI-generated malicious npm package, @kodane/patch-manager, that secretly drains cryptocurrency wallets. This incident underscores the emerging threat of AI-crafted malware exploiting supply chain vulnerabilities. #npm #AIgeneratedMalware…
Recent cybersecurity updates highlight ongoing threats from ransomware groups like SafePay, which continue extortion efforts against Ingram Micro, and the release of a decryptor for FunkSec ransomware. Meanwhile, Chinese state-sponsored hackers are linked to advanced surveillance tools, and critical vulnerabilities like the SharePoint zero-day remain actively exploited. These developments underscore persistent dangers in data security, espionage, and critical infrastructure. #SafePay #FunkSec #ChineseCyberTools #SharePointZeroDay
Cybersecurity professionals can now run Kali Linux in a virtualized container on macOS Sequoia using Apple’s new containerization framework. However, limitations exist such as network issues and hardware passthrough restrictions, particularly affecting Intel Macs and certain use cases. #KaliLinux #AppleSilicon
Proton has introduced Proton Authenticator, a free, privacy-focused two-factor authentication app supporting multiple platforms. It emphasizes security, open-source transparency, and user privacy by avoiding trackers, ads, and vendor lock-in. #ProtonMail #ProtonVPN #TwoFactorAuthentication
Apple has released comprehensive security updates across all its device platforms, including iOS, macOS, watchOS, tvOS, and visionOS, addressing numerous vulnerabilities. These updates enhance system stability, fix critical security flaws, and protect millions of users worldwide. #AppleSecurity #CVE2023…
Apple has issued security updates to fix a critical vulnerability, CVE-2025-6558, exploited in zero-day attacks targeting Google Chrome users. The flaw allows remote attackers to execute arbitrary code and escape browser sandbox protections, affecting multiple Apple devices and systems. #CVE-2025-6558 #GoogleChrome #AppleSecurity
Apple released comprehensive security updates addressing a zero-day vulnerability exploited in Chrome and affecting WebKit-based Safari. The flaw, CVE-2025-6558, could allow sandbox escapes and has been exploited in the wild, prompting timely patches across Apple devices. #CVE-2025-6558 #GoogleTAG…
Apple has issued patches for numerous vulnerabilities across its devices, including critical flaws like CVE-2025-6558 in WebKit and CVE-2025-43223 in CFNetwork. These updates address issues such as remote code execution, information leaks, and DoS attacks, emphasizing the importance of timely software updates. #CVE-2025-6558 #CVE-2025-43223…
This summary highlights recent cyber threats, including attacks on Orange by China’s Salt Typhoon group and Aeroflot by pro-Ukrainian hackers Silent Crow and Belarus Cyber-Partisans, which caused service disruptions and data theft. It also covers vulnerabilities in Cisco ISE and PaperCut, and the rise of AI-powered security solutions like Microsoft Edge Copilot and funding for AI security startups. #SaltTyphoon #SilentCrow
A vulnerability in macOS allowed attackers to bypass TCC protections and access sensitive data via Spotlight plugins, leading to potential data leaks. Microsoft demonstrated an exploit called Sploitlight that could exfiltrate files and user information, emphasizing the threat of privilege abuse on Apple devices. #CVE-2025-31199 #Sploitlight…