DJBSEC's CyberNews 2025-07-08

1. Trojan Versions of PuTTY and WinSCP Spread Malware

Researchers have discovered trojanized versions of PuTTY and WinSCP being distributed to deliver malware. These fake installers appear legitimate but install backdoors that allow attackers to steal credentials and gain remote access. The malicious software is being shared on phishing sites and compromised forums targeting IT professionals. Users are urged to download such tools only from official vendor websites to avoid infection.

2. Alleged Chinese Hacker Tied to Silk Typhoon Arrested

An alleged Chinese hacker linked to the Silk Typhoon cyberespionage group has been arrested for targeting US and global networks. The individual is accused of conducting operations to steal intellectual property and sensitive government data. Authorities say the arrest is a significant win against Chinese state-sponsored cyber activities. This comes amid growing efforts to curb nation-state cyber threats worldwide.

3. Microsoft Testing Windows Update Notifications for Vulnerabilities

Microsoft is testing a new feature in Windows Update that will notify users about critical security vulnerabilities affecting their systems. The notifications will appear in the Windows Update interface and prompt users to install necessary patches immediately. This aims to improve patch adoption rates and reduce exposure to known exploits. The feature is currently in preview for Windows Insider builds.

4. Phishing Platforms and Infostealers Drive Credential Theft Surge

Security experts report that phishing-as-a-service platforms and infostealer malware are driving a surge in stolen credentials being sold online. These tools make it easier for low-skilled attackers to launch campaigns and harvest user data at scale. Infostealers such as RedLine and Raccoon remain popular for extracting browser and application credentials. Organizations are urged to deploy multifactor authentication to reduce the impact of compromised credentials.

5. Manufacturing Security at Risk Due to Default Configurations

A new report highlights that manufacturing companies remain vulnerable to cyberattacks due to reliance on default configurations. Many operational technology systems are deployed without changing default passwords or disabling unnecessary services. Attackers exploit these weaknesses to infiltrate industrial networks and disrupt production. Experts advise manufacturers to enforce security hardening practices to mitigate these risks.

6. Fake Domains Target Amazon Prime Day Shoppers

Cybercriminals have registered numerous fake domains to exploit Amazon Prime Day shoppers with phishing scams. These websites mimic Amazon’s branding to steal login credentials and payment information. Researchers warn that such campaigns spike around major online shopping events. Users are urged to navigate directly to official Amazon URLs and avoid clicking links from promotional emails.

7. PowerShell 2.0 Officially Deprecated by Microsoft

Microsoft has officially deprecated PowerShell 2.0, citing security risks and lack of modern features. The deprecated version is no longer supported, and users are urged to upgrade to PowerShell 5.1 or PowerShell 7 for improved security and functionality. Many malware strains historically exploited PowerShell 2.0’s lack of security controls. Organizations should ensure legacy scripts are updated to remain compatible with newer versions.

8. Hackers Abuse Leaked Shellter Red Team Tool for Malware Deployment

Threat actors are abusing a leaked version of Shellter, a popular red team tool, to deploy infostealer malware. Originally designed for penetration testing, Shellter enables attackers to inject malicious payloads into legitimate processes, bypassing antivirus detection. Researchers warn that the tool’s public availability increases its misuse by cybercriminals. Organizations are urged to monitor for Shellter indicators of compromise in their environments.

9. Employee Paid $920 for Credentials Used in $140 Million Bank Heist

An employee received just $920 for selling their corporate credentials, which were later used in a $140 million bank heist. Cybercriminals leveraged the access to transfer funds and launder the money through cryptocurrency exchanges. This incident highlights the severe consequences of insider threats and credential compromise. Organizations are reminded to implement strict access controls and monitor for suspicious user behavior.