Cybersecurity News | Daily Recap [10 Jun 2025]

Cyber Espionage & APTs

• Chinese-linked groups including APT41, PurpleHaze, and APT15 conducted sophisticated cyber espionage campaigns targeting global enterprises and critical infrastructure using malware like ShadowPad and GOREshell, with supply chain and reconnaissance attacks detailed by SentinelOne – China-Linked Espionage, 70+ Orgs Targeted
• The Rare Werewolf APT used legitimate software and phishing to deploy cryptojackers against Russian enterprises, complicating detection – Rare Werewolf APT
• Kimsuky, a North Korea-linked group, launched cross-platform social engineering attacks on Korean users with advanced malware spread via Facebook, email, and Telegram – Kimsuky AppleSeed
• Operation DRAGONCLONE, a China-aligned APT campaign, targeted China Mobile Tietong using DLL sideloading and malware like VELETRIX and VShell – Operation DRAGONCLONE
• Chinese espionage groups orchestrated a year-long reconnaissance campaign against cybersecurity vendors including SentinelOne using tools such as ShadowPad, while a new ransomware group DarkGaboon targeted Russian financial sectors with LockBit 3.0 ransomware – Chinese Reconnaissance, DarkGaboon Ransomware

Vulnerabilities & Exploits

• A critical Roundcube remote code execution flaw (CVE-2025-49113) affects over 80,000 servers worldwide with active exploitation reported; additionally, CISA added this and an Erlang SSH flaw to its exploited vulnerabilities catalog – Roundcube Exploits, CISA KEV Additions
• SAP NetWeaver patched a critical privilege escalation vulnerability among 14 June 2025 updates to address risks of system compromise – SAP Patch
• Security flaws with hardcoded cryptographic keys in Ivanti Workspace Control could expose SQL credentials enabling privilege escalation, with patches available for versions before 10.19.10.0 – Ivanti Vulnerabilities
• A Google security flaw allowing brute-force discovery of phone numbers linked to accounts was patched after exploitation risk via a deprecated recovery form was identified – Google Phone Leak, Google Patch
• A newly disclosed critical Wazuh server vulnerability (CVE-2025-24016) is exploited by Mirai-based botnets to launch widespread DDoS attacks targeting global IoT devices – Wazuh Botnet Exploits

Data Breaches & Ransomware

• Hackers stole nearly 300,000 crash reports from the Texas Department of Transportation exposing sensitive personal data; similar breaches in Illinois emphasize risks in government systems – Texas Crash Reports, Crash Records Theft
• Ransomware attacks on Sensata Technologies resulted in theft of sensitive employee data affecting over 362 residents in Maine, with personal and financial information compromised – Sensata Ransomware, Sensata Data Breach
• Extortion group Arkana Security is attempting to resell stolen Ticketmaster data from 2024 Snowflake breaches involving specialized malware tools and links to the ShinyHunters hacker collective – Snowflake Data Resale
• Five individuals from China, the U.S., and Turkey pleaded guilty to laundering nearly $37 million stolen from cryptocurrency investment scams, highlighting global crypto fraud complexity – Crypto Laundering Guilty Pleas

Malware & Social Engineering

• FIN6 hackers evolved tactics by impersonating job seekers and using fake resumes to backdoor recruiters’ devices with the More Eggs malware, underscoring risks in recruitment processes – FIN6 More Eggs
• APT41 targeted a Taiwanese government website deploying multi-stage malware leveraging Google Calendar for covert command-and-control, demonstrating advanced evasion – APT41 Google C2
• Paragon spyware maker severed ties with Italy after the government refused an audit into alleged misuse of Graphite spyware used against a journalist, following investigations – Paragon and Italy

Outages & Disruptions

• A massive six-hour Heroku outage disrupted web platforms worldwide including clients like SolarWinds, affecting application availability and login functions with no confirmed resolution time – Heroku Outage
• OpenAI is actively fixing a global ChatGPT outage caused by elevated errors and latency, with full recovery expected within hours – OpenAI ChatGPT Outage
• A major U.S. food wholesaler, United Natural Foods, suffered a cyberattack impacting its distribution systems and order fulfillment, currently under investigation with authorities – Food Distributor Attack

Security Industry & Leadership

• Swimlane raised $45 million in funding to advance its AI-driven security automation platform, totaling $215 million to date – Swimlane Funding
• Guardz secured $56 million in Series B funding to expand its all-in-one AI-powered SMB security platform in the U.S. market – Guardz Funding
• Brett Leatherman was appointed head of the FBI Cyber Division, succeeding Bryan Vorndran, focusing on government-industry collaboration against cyber threats – FBI Cyber Leadership

Emerging Security Challenges & Tools

• The increasing reliance on Non-Human Identities (NHIs) such as API keys and service accounts poses new cybersecurity risks, necessitating robust management practices for these rapidly growing attack surfaces – Non-Human Identity Risks
• The Linux Foundation launched the decentralized FAIR Package Manager to improve WordPress plugin security and sustainability amid conflicts in the ecosystem – FAIR Package Manager
• Blue Teams can enhance incident response through structured playbooks leveraging Wazuh for real-time detection, automation, and threat mitigation including credential dumping and brute force attacks – Wazuh Blue Teaming

Cybersecurity News | Daily Recap – hendryadrian.com

Views: 36