InfoSecBulletin Cybersecurity for mankind
The ever-increasing influence of Chinese threat actors in the cyber landscape is causing significant concern. As per the latest revelations, a Chinese state-linked group successfully stole data from a U.S. federal agency and targeted several European nations too. Today, we also have a Delaware county facing temporary outages due to a cyberattack from a few days back. In other news, with all these scams going around, you might think that there are lots of scammers associated with the business. However, that’s not the case. To know more about this and other highlights, read along.
The CISA and FBI issued a warning together that the Storm-0558 threat group, which is associated with China, accessed and stole unclassified Exchange Online Outlook data from an undisclosed U.S. source FCEB agency.
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
Kent County in Delaware is experiencing a cyberattack that has disrupted municipal services, leading to a temporary offline status of internet-based services and phone numbers.
ALSO READ:
The Cl0p ransomware group put the data of 62 clients of Ernst & Young, including Air Canada and United Parcel Service Canada Ltd., on their leak sites. The group had exploited the MOVEit vulnerability and leaked 3TB of information belonging to the accounting firm.
Ransomware attacks have seen a significant increase in 2023, with cybercriminals extorting nearly $175.8 million more than the previous year, revealed Chainalysis.
Barracuda Networks and Columbia University studied 300,000 extortion emails and discovered that fewer than 100 scammers worldwide are behind them.
USB-delivered malware campaigns have seen a threefold increase in malware attacks in the first half of 2023, with two notable campaigns delivering Sogu and Snowydrive malware to various industries worldwide – reported Mandiant.
The hacker group Nobelium, supported by the Russian government, used fake BMW car listings to deceive Ukrainian diplomats into clicking on harmful links that install malware. The campaign has targeted at least 22 of the 80 foreign missions in Kyiv.
ZooTampa, a popular U.S. zoo, experienced a cyberattack resulting in the theft of employee and vendor information, with an affiliate of the Royal ransomware gang claiming responsibility.
Vietnamese threat actors are actively targeting Facebook business accounts using fake Ads Manager software and malicious Chrome extensions, resulting in over 800 victims worldwide losing more than $180,000 in compromised ad budgets.
In a recent finding, FortiGuard Labs uncovered a malicious operation that capitalizes on a pair of well-known vulnerabilities, including Follina, to implant the perilous LokiBot trojan on targeted devices. The campaign first came to light in May.
