Financial Sector
New MITRE Framework Takes Aim At Crypto Threats"MITRE has introduced AADAPT (Adversarial Actions in Digital Asset Payment Technologies), a new cybersecurity framework designed to tackle vulnerabilities in digital financial ecosystems, including cryptocurrency platforms. Modeled after the MITRE ATT&CK framework, AADAPT offers developers, policymakers, and financial institutions a structured approach to identifying, analyzing, and mitigating threats tied to digital asset payment technologies."
https://www.helpnetsecurity.com/2025/07/14/mitre-aadapt-adversarial-actions-in-digital-asset-payment-technologies/
Healthcare Sector
FAPI 2.0: How The OpenID Foundation Is Enabling Scalable Interoperability In Global Healthcare"In this Help Net Security interview, Gail Hodges, Executive Director at the OpenID Foundation, discusses how the Foundation ensures global consistency in FAPI 2.0 implementations and helps different industries, including healthcare, adopt secure and interoperable identity standards. Hodges also explains how conformance testing and strategic partnerships help maintain security and interoperability across sectors."
https://www.helpnetsecurity.com/2025/07/14/gail-hodges-openid-foundation-fapi-2-0/
New Tooling
Pqcscan: Open-Source Post-Quantum Cryptography Scanner"pqcscan is an open-source tool that lets users scan SSH and TLS servers to see which Post-Quantum Cryptography (PQC) algorithms they claim to support. It saves the results in JSON files. You can turn one or more of these files into an HTML report that opens in a web browser. “I created pqcscan because we see all the big ones rolling out PQC algorithms in production,” Vincent Berg, CTO at Anvil Secure and the creator of the tool, told Help Net Security."
https://www.helpnetsecurity.com/2025/07/14/pqcscan-open-source-post-quantum-cryptography-scanner/
https://github.com/anvilsecure/pqcscan
Vulnerabilities
CISA Adds One Known Exploited Vulnerability To Catalog"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2025-47812 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability"
https://www.cisa.gov/news-events/alerts/2025/07/14/cisa-adds-one-known-exploited-vulnerability-catalog
https://therecord.media/exploited-file-transfer-bug-cisa SMM Callout Vulnerabilities Identified In Gigabyte UEFI Firmware Modules
"System Management Mode (SMM) callout vulnerabilities have been identified in UEFI modules present in Gigabyte firmware. An attacker could exploit one or more of these vulnerabilities to elevate privileges and execute arbitrary code in the SMM environment of a UEFI-supported processor. While AMI (the original firmware supplier) has indicated that these vulnerabilities were previously addressed, they have resurfaced in Gigabyte firmware and are now being publicly disclosed."
https://kb.cert.org/vuls/id/746790
https://www.bleepingcomputer.com/news/security/gigabyte-motherboards-vulnerable-to-uefi-malware-bypassing-secure-boot/
https://www.securityweek.com/flaws-in-gigabyte-firmware-allow-security-bypass-backdoor-deployment/
Malware
KongTuke FileFix Leads To New Interlock RAT Variant"Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware, a shift from the previously identified JavaScript-based Interlock RAT (aka NodeSnake), uses PHP and is being used in a widespread campaign. Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters. The campaign begins with compromised websites injected with a single-line script hidden in the page’s HTML, often unbeknownst to site owners or visitors."
https://thedfirreport.com/2025/07/14/kongtuke-filefix-leads-to-new-interlock-rat-variant/
https://thehackernews.com/2025/07/new-php-based-interlock-rat-variant.html
https://www.bleepingcomputer.com/news/security/interlock-ransomware-adopts-filefix-method-to-deliver-malware/
https://www.darkreading.com/threat-intelligence/web-inject-campaign-interlock-rat-variant
https://www.infosecurity-magazine.com/news/interlock-ransomware-new-rat/
https://www.securityweek.com/new-interlock-rat-variant-distributed-via-filefix-attacks/
https://securityaffairs.com/179919/cyber-crime/interlock-ransomware-group-deploys-new-php-based-rat-via-filefix.html Forensic Journey: Breaking Down The UserAssist Artifact Structure
"As members of the Global Emergency Response Team (GERT), we work with forensic artifacts on a daily basis to conduct investigations, and one of the most valuable artifacts is UserAssist. It contains useful execution information that helps us determine and track adversarial activities, and reveal malware samples. However, UserAssist has not been extensively examined, leaving knowledge gaps regarding its data interpretation, logging conditions and triggers, among other things. This article provides an in-depth analysis of the UserAssist artifact, clarifying any ambiguity in its data representation. We’ll discuss the creation and updating of artifact workflow, the UEME_CTLSESSION value structure and its role in logging the UserAssist data. We’ll also introduce the UserAssist data structure that was previously unknown."
https://securelist.com/userassist-artifact-forensic-value-for-incident-response/116911/ Russia-Linked Group Spoofing European Journalists To Spread Disinformation
"A Kremlin-linked disinformation group has been impersonating real journalists and publishing fake articles on spoofed news websites to spread false narratives in France, Armenia, Germany, Moldova and Norway, researchers have found. The campaign was attributed to Storm-1516, a Russian threat actor active since at least 2023 that has previously sought to discredit Ukraine and sow discord in Europe. The group’s past operations have also targeted elections in Germany, Georgia and the United States."
https://therecord.media/russia-group-spoofing-journalists-disinfo Behind The Clouds: Attackers Targeting Governments In Southeast Asia Implement Novel Covert C2 Communication
"Since late 2024, Unit 42 researchers have been tracking a cluster of suspicious activity as CL-STA-1020, targeting governmental entities in Southeast Asia. The threat actors behind this cluster of activity have been collecting sensitive information from government agencies, including information about recent tariffs and trade disputes. This campaign is particularly noteworthy due to its novel tradecraft. The threat actors have developed a previously undocumented Windows backdoor, which we named HazyBeacon."
https://unit42.paloaltonetworks.com/windows-backdoor-for-novel-c2-communication/ Actionable Threat Hunting With GTI (II) - Analyzing a Massive Phishing Campaign
"Welcome back to our series on Actionable Threat Hunting with Google Threat Intelligence! This time, we're going to talk about a huge phishing scam that's just happened in the last few months. It's connected to Booking, which is one of the most popular websites for booking hotels. Our main goal here is to show you how just one email we got helped us figure out how big this scam really was. We also found some interesting files that seem connected to Telegram messages the threat actors used. And don't worry, we'll share some of our code from Google Colab so you can try this yourself!"
https://www.googlecloudcommunity.com/gc/Community-Blog/Actionable-threat-hunting-with-GTI-II-Analyzing-a-massive/ba-p/923129
Breaches/Hacks/Leaks
Louis Vuitton UK Latest Retailer Hit By Data Breach"The British outpost of luxury brand giant LVMH has become the latest UK retailer to suffer a serious security breach, after it began notifying customers that their personal data may have been compromised. Louis Vuitton UK said it became aware of the breach on July 2, according to screenshots of the customer notification shared on X (formerly Twitter). Personally identifiable information (PII) including first and second name, gender, country, phone number, email and postal address, date of birth, purchases and preference data may have been compromised, the firm said."
https://www.infosecurity-magazine.com/news/louis-vuitton-uk-retailer-data/
https://hackread.com/louis-vuitton-uk-cyberattack-3-lvmh-breach-3-months/
https://www.securityweek.com/louis-vuitton-data-breach-hits-customers-in-several-countries/
https://securityaffairs.com/179908/data-breach/global-louis-vuitton-data-breach-impacts-uk-south-korea-and-turkey.html
General News
Why Your Microsoft 365 Setup Might Be More Vulnerable Than You Think"60% of organizations rate their Microsoft 365 security as “established” or “advanced”, according to CoreView. Yet, 60% of those same organizations have experienced account compromise attacks. The Microsoft 365 attack surface is wide and unpredictable. Risks can come from any direction, whether it’s the complexity of managing multiple tenants, the explosion of Entra apps with broad permissions, or inconsistent enforcement of security controls like MFA."
https://www.helpnetsecurity.com/2025/07/14/microsoft-365-attack-surface/ Ransomware Drops, But Don’t Relax Yet
"WatchGuard has released its latest Internet Security Report, covering malware, network, and endpoint threats spotted by its Threat Lab in the first quarter of 2025. The report shows a 171% jump in unique malware detections compared to the previous quarter, the highest number the Threat Lab has seen so far. Along with that, there was a large rise in zero-day malware, pointing to a growing trend in threats designed to slip past traditional security tools that depend on known patterns."
https://www.helpnetsecurity.com/2025/07/14/q1-2025-malware-trends/ Legal Gaps In AI Are a Business Risk, Not Just a Compliance Issue
"A new report from Zendesk outlines a growing problem for companies rolling out AI tools: many aren’t ready to manage the risks. The AI Trust Report 2025 finds that while AI is moving into customer service and support, only 23% of companies feel highly prepared to govern it. The report highlights concerns ranging from data privacy to model bias. But the core challenge is trust: when customers don’t understand or feel comfortable with how AI is used, they’re less likely to engage. And when companies don’t have frameworks in place, they expose themselves to legal, reputational, and operational fallout."
https://www.helpnetsecurity.com/2025/07/14/ai-governance-risks-legal-security-teams/ CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives In Noida Call Center
"India's Central Bureau of Investigation (CBI) has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out "sophisticated" tech support scams targeting citizens of Australia and the United Kingdom. The fraudulent scheme is estimated to have led to losses worth more than £390,000 ($525,000) in the United Kingdom alone."
https://thehackernews.com/2025/07/cbi-shuts-down-390k-uk-tech-support.html
https://www.infosecurity-magazine.com/news/indian-police-tech-support-scam/ June 2025 Infostealer Trend Report
"This report provides statistics, trends, and case information on Infostealer malware including the distribution volume, distribution methods, and disguises based on the data collected and analyzed in June 2025. The following is a summary of the report."
https://asec.ahnlab.com/en/89033/ Securing Against Phishing Beyond Email
"Phishing is no longer just an email problem. Reports state that 40% of phishing campaigns now span channels beyond email, hitting collaboration tools like Slack and Teams, plus SMS, and social media platforms. Voice phishing (“vishing”) in particular is on the rise: 30% of surveyed organizations reported at least one instance of attackers using spoofed or AI-cloned calls to steal credentials in the past year. QR-code phishing (“quishing”) has also surged, growing 25% year-over-year as threat actors embed malicious codes in posters, invoices, and product packaging to redirect victims to fake login pages or malware downloads."
https://www.tripwire.com/state-of-security/securing-against-phishing-beyond-email Military Veterans May Be What Cybersecurity Is Looking For
"As the cybersecurity shortage becomes more evident with demand for roles increasing, those at MyComputerCareer believe they have found the solution: utilizing veterans' talent and setting them up on cybersecurity and IT certification journeys. Each year, the ISC2 Cybersecurity Workforce Study looks at the cybersecurity field and assesses its workforce to understand concerns of professionals, the economic landscape, and the composition of the talent and skills base. In their review last year, researchers there found that talent shortages and skills gaps in the field are growing, thanks to uncertain economic conditions that have impacted the workforce."
https://www.darkreading.com/remote-workforce/military-veterans-cybersecurity The Dark Side Of Global Power Shifts & Demographic Decline
"The digital shadows are growing longer, and the threats within them are multiplying. As global power realigns and economies falter, the rise in cybercrime is no longer hypothetical — it's inevitable. And healthcare is directly in the crosshairs. A convergence of geopolitical tension, economic desperation, and demographic collapse is fueling this cyber surge. The United States' resurgence as an economic, political, and energy superpower is reshaping the global order. Its retreat from Bretton Woods–era global trade commitments has left many nations destabilized and searching for alternative levers of influence."
https://www.darkreading.com/vulnerabilities-threats/dark-side-global-power-shifts-demographic-decline A Practitioner-Focused DevSecOps Assessment Approach
"Success in a DevSecOps enterprise hinges on delivering value to the end user, not simply completing intermediate steps along the way. Organizations and programs often struggle to achieve this due to a variety of factors, such as a lack of clear ownership and accountability for the capability to deliver software, functional siloes as opposed to integrated teams and processes, lack of effective tools for teams to use, and a lack of effective resources for team members to leverage to quickly get up to speed and boost productivity."
https://insights.sei.cmu.edu/blog/a-practitioner-focused-devsecops-assessment-approach/ The Unusual Suspect: Git Repos
"While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems. Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom."
https://thehackernews.com/2025/07/the-unusual-suspect-git-repos.html Patch, Track, Repeat
"Welcome to this week’s edition of the Threat Source newsletter. We’ve made it halfway through 2025 already! It’s been a while since I last wrote about CVEs and how free support for Windows 10 will end on October 14, 2025, leaving you with no more security fixes. While the CVE system remains the global standard for vulnerability reporting, recent developments have sparked concerns within the community about its long-term stability. Currently, the program operates solely as a U.S. government-funded initiative. Following the last-minute funding extension, we’re now seeing competing ideas and projects emerging. Whether it’s the CVE Foundation working to transition from a single funding stream to a diversified and stable model, ENISA’s EUVD, or the Global CVE Allocation System (GCVE), the landscape is changing."
https://blog.talosintelligence.com/patch-track-repeat/
อ้างอิง
Electronic Transactions Development Agency(ETDA) fafffd6f-5977-4ba3-9b64-c8ec70f742b0-image.png