18 Cybersecurity News Summarised – 21/07/2025

Theme of the week is definitely Asia, lot’s of activity from groups from China and attacks across South-East Asia. We also have another prominent company failing with Password 123456 and quite a few prominent zero days out in the wild exploited.

P.S. Scroll down if you’d like to get this news recap to your inbox every week.

1. Critical SharePoint Zero-Day (CVE-2025-53770) Under Active Exploitation

Microsoft has confirmed active, large-scale attacks exploiting an unpatched SharePoint Server vulnerability (CVE-2025-53770, CVSS 9.8) that allows unauthenticated remote code execution via deserialization of untrusted data. Adversaries are abusing stolen machine keys to forge __VIEWSTATE payloads for persistence and lateral movement, with over 85 servers in 29 organizations already compromised. On-premises SharePoint customers must apply interim mitigations immediately and prepare for the forthcoming patch to prevent further breaches.

Key Details

• CVE-2025-53770 is a variant of CVE-2025-49704; CVSS 9.8 (critical).
• Attackers exploit HTTP Referer handling to bypass authentication.
• Over 85 SharePoint servers across 29 entities compromised so far.
• AMSI integration enabled by default in recent SharePoint 2016/2019 and Subscription updates.

Next Steps

• Enable AMSI integration on all on-prem SharePoint servers
• Isolate internet-facing servers until official patch applied

Read more at

• The Hacker News
• Microsoft Security Advisory

2. China-linked Hackers Target Taiwan Semiconductor Industry in Coordinated Espionage Campaign

Chinese state-sponsored groups ran sustained phishing operations from March to June 2025 against chipmakers, supply-chain partners and investment analysts to steal IP and market data. That's a very significant attack on global supply chain. 

Key Details

• Three threat groups (UNK_FistBump, UNK_DropPitch, UNK_SparkyCarp) active March–June 2025
• UNK_FistBump used graduate-student recruitment lures with Cobalt Strike and Voldemort
• UNK_DropPitch phishing targeted analysts at investment banks via fake collaboration emails
• UNK_SparkyCarp deployed adversary-in-the-middle phishing kits for credential harvesting

Next Steps

• Harden HR recruitment and candidate-screening email systems
• Simulate employment-themed phishing to test detection

Read more at

• CSO Online

3. Chinese-backed APT Salt Typhoon Compromises Army National Guard Networks Nationwide

Between March and December 2024, Salt Typhoon infiltrated a US state’s Army National Guard network—stealing administrator credentials, network diagrams, and personnel PII—and leveraged its links to access networks in every other state and four territories. This breach endangers critical infrastructure by exposing configuration files that enable lateral movement and undermining state-federal cyber defense collaboration. 

Key Details

• Exfiltrated 1,462 configuration files from ~70 government and critical infrastructure entities across 12 sectors.
• Exploited CVEs include CVE-2018-0171, CVE-2023-20198, CVE-2023-20273, and CVE-2024-3400.
• Salt Typhoon previously used stolen configs to breach AT&T, Verizon, and Lumen networks.
• 14 states’ Guard units integrate with fusion centers, increasing risk of cascade attacks on critical systems.

Read more at

• CSO Online
• DHS Memo (June 11, 2025)

4. Cisco Patches CVSS 10.0 RCE Vulnerability in ISE and ISE-PIC

Cisco disclosed CVE-2025-20337, a critical unauthenticated RCE in Identity Services Engine and Passive Identity Connector that grants root command execution. This flaw, alongside two recent CVSS 10.0 bugs, exposes network access policy infrastructure to full compromise and hotfixes no longer suffice. Organizations must upgrade to ISE 3.3 Patch 7 or 3.4 Patch 2 immediately.

Key Details

• CVE-2025-20337 allows remote attackers to issue OS commands as root via a vulnerable API.
• Two related flaws (CVE-2025-20281, CVE-2025-20282) disclosed last month share similar unauthenticated RCE impact.
• ISE/ISE-PIC versions 3.2 are unaffected; 3.3 and 3.4 require patch upgrades beyond hotfixes.
• Public PoCs and internal scans heighten the risk of active targeting.

Read more at

• Dark Reading: Cisco CVSS 10 Flaw in ISE, ISE-PIC – Patch Now
• Cisco Security Advisory

5. CrushFTP CVE-2025-54309 Under Active Exploitation, Allows Remote Admin Access

A critical AS2 validation flaw in CrushFTP (CVE-2025-54309, CVSS 9.0) is being exploited to obtain admin privileges on unpatched servers without DMZ proxy. Attackers reverse-engineered recent code changes to weaponize an older bug, exposing government, healthcare, and enterprise file-transfer systems to data theft, backdoors, and lateral movement. 

Key Details

• Impacts CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23 when DMZ proxy is disabled
• First in-the-wild exploitation detected July 18, 2025; flaw present since at least July 1
• Indicators include modified MainUsers/default/user.xml, new random admin IDs, and elevated default accounts

Next Steps

• Upgrade to CrushFTP 10.8.5 or 11.3.4_23 (or later)
• Restrict admin logins to allowlisted IP addresses
• Audit user.xml changes and correlate admin logins with public IPs

Read more at

• The Hacker News
• NIST NVD
• CrushFTP Advisory

6. APT28’s LAMEHUG Malware Leverages LLMs for On-the-Fly Windows Commands

Russian state-run APT28 has deployed a novel Python-based malware, dubbed LAMEHUG, which queries Hugging Face LLM APIs in real time to generate Windows shell commands during spear-phishing attacks against Ukrainian government targets. By offloading command creation to a Qwen 2.5-Coder model, the malware introduces polymorphic behavior that can evade signature-based defenses, raising the risk of more stealthy, AI-assisted intrusions—potentially soon against Western organizations.

Key Details

• LAMEHUG is written in Python, compiled with PyInstaller, and delivered as .pif, .exe, or .py variants.
• It calls Hugging Face’s Qwen 2.5-Coder-32B-Instruct model to produce folder-creation, system-enumeration, and file-collection commands on demand.
• Commands pull system, network, and Active Directory data and copy all .pdf/.txt files from user folders to C:\ProgramData\info\ for exfiltration.
• Distributed via spear-phishing emails from a compromised Ukrainian ministry account; C2 servers run on hijacked legitimate infrastructure.

Next Steps

• Monitor and block anomalous calls to external LLM APIs from endpoints.
• Harden email security to flag .pif attachments and unsigned executables.

Read more at

• CSO Online: Novel Malware from Russia’s APT28 Prompts LLMs to Create Malicious Windows Commands

7. PoisonSeed Attack Bypasses FIDO Key Protections via Malicious QR Phishing

Researchers at MDR provider Expel have identified a new PoisonSeed phishing campaign that captures credentials on a fake Okta/AWS portal, then tricks users into scanning a malicious QR code for FIDO cross-device authentication, granting attackers session access and sidestepping hardware key protections. While FIDO itself remains secure, this method exposes the risk of phishable, delegable MFA flows and underscores the need for stricter cross-device controls.

Key Details

• Phishing email leads to fake Okta login then a Cloudflare-hosted AWS link
• Victims enter credentials and scan an attacker-supplied QR for MFA
• QR-based cross-device sign-in bypasses physical FIDO key safeguards
• In a related incident, PoisonSeed reset passwords and registered its own keys

Next Steps

• Audit MFA logs for unexpected QR authentication requests
• Disable or secure delegable QR-based backup MFA methods

Read more at

• Dark Reading
• Expel Blog

8. Threat Actors Host Amadey Malware on Public GitHub Repositories to Evade Filters

Cisco Talos detected a malware-as-a-service campaign using fake GitHub accounts to store Emmenhtal loader scripts and Amadey plug-ins, bypassing web filters and facilitating the distribution of data-stealing and potentially ransomware payloads.

Key Details

• Three GitHub accounts (Legendary99999, DFfe9ewf, Milidmdds) hosted malicious payloads before being taken down.
• Emmenhtal (aka PEAKLIGHT) loader fetched Amadey, AsyncRAT, and legitimate PuTTY.exe from public repos.
• Amadey’s DLL plug-ins included Lumma Stealer, RedLine Stealer, and Rhadamanthys Stealer modules.
• A Python-based Emmenhtal variant embeds a PowerShell command to download Amadey from a hard-coded IP.

Next Steps

• Enforce repository allow-listing and tighten policies on external script execution.

Read more at

• Cisco Talos Intelligence
• The Hacker News

9. Google Files Lawsuit Against BADBOX 2.0 Botnet Operators Over 10 Million Android Infections

Google sued 25 China-based entities in U.S. federal court over the BADBOX 2.0 botnet, which has infected more than 10 million uncertified Android Open Source Project devices to conduct large-scale ad fraud. A preliminary injunction mandates the operators cease activities and compels ISPs and registries to block related infrastructure. This highlights
risks from uncertified Android builds and IoT supply-chain compromises.

Key Details

• BADBOX 2.0 compromised >10 million Android AOSP devices without Google Play Protect.
• Infections originate from pre-installed malware on IoT/CTV devices and malicious APKs.
• Botnet divided into groups for C2 infrastructure, backdoors, “evil twin” ad fraud, and ad-games.
• U.S. court issued preliminary injunction; ISPs and domain registries ordered to block C2 domains.

Read more at

• Google Blog on BADBOX 2.0 Legal Action
• Google LLC v. Does 1–25 Complaint
• FBI Warning on BADBOX 2.0 Botnet
• HUMAN Security Analysis

10. UNC6148 Deploys OVERSTEP Rootkit on Patched SonicWall SMA 100 Series Appliances

A hacking group tracked as UNC6148 has backdoored fully patched, end-of-life SonicWall SMA 100 series appliances with a custom user-mode rootkit called OVERSTEP, leveraging stolen credentials and likely a zero-day to regain access post-patching. OVERSTEP modifies the boot process, hooks standard library functions to hide its files and commands, and selectively deletes log entries, severely limiting detection and forensic visibility. 

Key Details

• Campaign active since at least October 2024 with a limited number of victims.
• UNC6148 reused credentials and OTP seeds allegedly exfiltrated from SMA appliances as early as January 2025.
• OVERSTEP persists by modifying /etc/rc.d/rc.fwboot and hides via hooks in open and readdir.
• Backdoor commands include dobackshell (reverse shell) and dopasswords (credential archive), and it erases httpd.log, http_request.log, and inotify.log entries.

Next Steps

• Migrate from SMA 100 to supported SMA 1000 or cloud solution

Read more at

• The Hacker News
• Google Threat Intelligence Group

11. Japan’s National Police Agency Releases Free Decryptor for Phobos and 8Base Ransomware

Japan’s National Police Agency has published a free decryption tool and English guide for Phobos and its spin-off 8Base ransomware, enabling victims to recover files without paying ransoms. The release follows a February takedown by Japanese, U.S. and European law enforcement that disrupted the gang’s infrastructure and led to multiple arrests.

Key Details

• Phobos/8Base operators collected over $16 million from ~1,000 victims globally since 2019.
• Attacks targeted state/local governments, education, healthcare, critical infrastructure.
• U.S. FBI, Europol and European Cybercrime Centre shared the decryptor after seizing 100+ servers.
• Key affiliates, including alleged admin Evgenii Ptitsyn, have been arrested and extradited.

Next Steps

• Test the decryptor on isolated backup copies

Read more at

• The Record
• Japan NPA Decryptor Guide

12. Firmware Vulnerabilities Persist in Gigabyte Motherboards

Four legacy flaws in Gigabyte’s UEFI firmware allow local attackers to implant persistent, privileged code beneath the OS. Although AMI developers patched these SMM vulnerabilities years ago, Gigabyte’s OEM BIOS builds never integrated the fixes, exposing systems to stealthy UEFI boot bypass and persistent implants.

Key Details

• Gigabyte disclosed four System Management Mode (SMM) flaws in older Intel-based motherboards on July 10.
• AMI issued patches years ago, but Gigabyte’s OEM firmware builds remained unupdated.
• Successful exploits can disable Secure Boot and Intel BootGuard, enabling stealth firmware implants.
• Modern UEFI firmware rivals operating systems in complexity, expanding the attack surface.

Next Steps

• Inventory firmware versions and verify against AMI’s patched releases.
• Use OS-based or hardware SPI tools to validate and re-flash firmware.

Read more at

• Dark Reading

13. Printer Security Lifecycle Gaps Leave Data and Networks Exposed

Organizations are patching only 36% of printer firmware promptly, while procurement and security teams often overlook endpoint vetting, creating a broad attack surface. Recent exploits in Xerox, Konica Minolta, and Brother devices underline how criminals leverage printers for data exfiltration and lateral network access.

Key Details

• HP survey of 800+ IT and security decision-makers found only 36% apply firmware updates promptly.
• 67% of organizations experienced data loss from insecure printers; midmarket peak at 74%.
• Multiple 2025 CVEs: Xerox pass-back, Konica Minolta AD credential capture, unpatchable Brother bug.
• Procurement security vetting occurs for just 38% of purchases; 51% can’t detect tampering.

Next Steps

• Mandate firmware updates within defined SLAs
• Deploy printers with continuous threat monitoring

Read more at

• Dark Reading
• HP Wolf Security report

14. Sophisticated SquidLoader Campaign Targets Financial Firms in Hong Kong, Singapore, and Australia

Trellix researchers have uncovered a stealthy SquidLoader malware campaign using Mandarin-language spear-phishing to compromise financial institutions in Hong Kong, Singapore, and Australia. The loader evades detection with advanced anti-analysis tricks and deploys Cobalt Strike for persistent access, posing a high risk to critical banking infrastructure.

Key Details

• Spear-phishing emails with password-protected RARs mimic Bond Connect registration forms.
• Five-stage infection chain unpacks payload, pierces C2 via Kubernetes-style API calls.
• Anti-analysis tactics include IDA Pro/Windbg checks, long-sleep APC trick, sandbox username filters.
• Final payload delivers Cobalt Strike Beacon for remote control and persistence.

Next Steps

• Block or sandbox password-protected archive attachments

Read more at

• HackRead.com
• Trellix Advanced Research Center

15. Nearly 2,000 Internet-Exposed MCP Servers Lack Any Authentication Controls

A recent scan found roughly 1,862 publicly accessible Model Context Protocol (MCP) servers exposing their AI model connectors without any authentication, putting critical data and systems at risk. This widespread lack of access controls allows attackers to query and potentially exploit sensitive tools and information, highlighting a significant security gap in a rapidly adopted AI protocol used across industries. 

Key Details

• Researchers from Knostic found 1,862 MCP servers exposed on the public internet, all lacking authentication safeguards.
• A sample of 119 servers responded to requests listing available functions without any access controls, revealing potentially sensitive system capabilities.
• Exposed services range from database connectors and cloud management tools to corporate dashboards and legal databases, increasing risk of data leakage and system compromise.
• While exploitation is unconfirmed in the wild, MCP servers theoretically allow remote code execution, data exfiltration, and resource abuse (denial of wallet attacks).

Next Steps

• Identify and inventory any MCP servers exposed to the internet within your environment.
• Implement mandatory authentication and access control on all MCP endpoints immediately.
• Review new MCP protocol security guidelines and update configurations accordingly.

Read more at

• Dark Reading – Nearly 2,000 MCP Servers Possess No Security Whatsoever
• Knostic blog: Finding MCP Servers with Shodan
• Dark Reading – MCP Protocol Security Risks in Agentic AI

16. McDonald’s Hiring Platform Exposed Millions of Applicants Due to Password ‘123456’

McDonald's AI-powered hiring system, McHire, exposed personal data of millions of job applicants because it used default login credentials and had insecure API controls. The flaw—discovered by researchers who accessed the admin interface using weak default passwords—highlights the critical need for basic security hygiene when integrating AI tools into business processes. 

Key Details

• Researchers found the admin interface accessible via default username and password “123456,” enabling access to McHire’s backend.
• An insecure direct object reference (IDOR) allowed retrieval of data linked to over 64 million chatbot interactions, some including personal applicant details.
• Paradox.ai clarified that 64 million refers to chat records, not unique applicants, and only five US applicants’ personal data were accessed during testing.
• McDonald’s fixed credentials within two hours of notification; no evidence of malicious exploitation exists so far.

Next Steps

• Immediately replace all default credentials with strong, unique passwords.
• Implement multifactor authentication on all administration and AI system access points.

Read more at

• Dark Reading: Lessons Learned From McDonald’s Big AI Flub
• Researchers’ blog post on McHire security issue
• Paradox.ai official statement

17. Prompt Injection Vulnerability in Google Gemini AI Enables Invisible, Malicious Security Alerts

A flaw in Google Gemini’s AI assistant lets attackers embed hidden instructions in emails that generate fake security alerts when users ask Gemini to summarize messages. This can trick users into phishing or vishing scams without malicious links or attachments. 

Key Details

• The vulnerability exploits Gemini’s “Summarize this email” function by injecting invisible admin prompts (e.g., white text on white background) directing the AI to fabricate urgent warnings.
• Injected prompts can mislead users to call phishing numbers or visit malicious sites without containing links or attachments themselves.
• Google has mitigations underway, including recent Gemini security enhancements and red team testing, but the exploit remains viable currently.

Next Steps

• Sanitize inbound HTML by removing hidden text styles before AI ingestion

Read more at

• Dark Reading – Google Gemini AI Bug Allows Invisible, Malicious Prompts
• 0din AI Blog – Phishing for Gemini
• Google Security Blog – Mitigating Prompt Injection Attacks

18. 3,500 Websites Compromised to Secretly Mine Cryptocurrency Using Stealth JavaScript and WebSocket Techniques

A widespread campaign has hijacked approximately 3,500 legitimate websites to deploy stealthy JavaScript miners that use WebSocket connections for covert cryptocurrency mining. T

Key Details

• Attackers inject malicious JavaScript into legitimate websites to run hidden crypto miners.
• WebSocket technology is leveraged to maintain stealthy and persistent mining activities.
• Approximately 3,500 websites across various sectors have been compromised in this campaign.
• This compromise can degrade site performance, increase hosting costs, and damage brand trust.

Next Steps

• Monitor for unusual CPU usage spikes or WebSocket traffic in web environments.
• Implement Content Security Policies (CSP) to restrict unauthorized script execution.

Read more at

• The Hacker News