DJBSEC's CyberNews 2025-07-11

1. Russian Basketball Player Arrested for Cybercrime

A Russian professional basketball player has been arrested for involvement in cybercrime operations targeting US and European companies. Authorities allege that he participated in laundering funds stolen through phishing and business email compromise schemes. The arrest highlights the increasing crossover between cybercrime networks and unrelated public figures. Investigators are working to identify other associates involved in these schemes.

2. CISA Adds CitrixBleed to Known Exploited Vulnerabilities Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CitrixBleed vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The inclusion indicates active exploitation in the wild, requiring urgent patching by organizations. The flaws impact Citrix NetScaler ADC and Gateway products, potentially allowing unauthorized access. Federal agencies and critical infrastructure operators must patch by designated deadlines.

3. UK Charges Four in Scattered Spider Ransomware Case

UK authorities have charged four individuals for their roles in the Scattered Spider ransomware group. The suspects allegedly conducted attacks against major corporations, stealing data and demanding multi-million dollar ransoms. This takedown follows a global effort to dismantle ransomware networks operating across borders. Prosecutors stated these arrests will disrupt operations and deter similar cybercriminal activities.

4. Microsoft Exchange Online Service Outage Reported

Microsoft Exchange Online experienced a significant outage affecting email services for users worldwide. Customers reported delays in sending and receiving emails, alongside access issues through Outlook Web Access. Microsoft confirmed the incident was caused by infrastructure failures and is working on a resolution. Users are advised to monitor the Service Health Dashboard for recovery updates.

5. Forrester Names Microsoft Leader in Zero Trust Platforms Report

Forrester has named Microsoft a leader in its 2025 Zero Trust Platforms Wave report, recognizing its comprehensive security solutions. The evaluation highlights Microsoft’s strengths in identity protection, endpoint security, and adaptive access controls. This recognition underscores Microsoft’s continued investments in zero trust frameworks to protect enterprise environments. The company pledged ongoing innovation in integrated security.

6. Palo Alto Networks GlobalProtect Vulnerability Discovered

A critical vulnerability has been discovered in Palo Alto Networks’ GlobalProtect VPN, allowing potential privilege escalation or remote code execution. Researchers warn that exploitation could grant attackers unauthorized access to corporate networks. Palo Alto Networks has released patches addressing the issue and urges customers to update immediately. The flaw is tracked as high severity due to its potential impact on enterprise security.

7. Russia Considers Legalizing Ethical Hacking

The Russian government is reviewing a bill that would legalize ethical hacking for certified professionals. The proposed law aims to formalize penetration testing and vulnerability research within Russia, preventing prosecution for authorized security assessments. Critics warn the bill could be misused to shield state-backed offensive cyber operations. Supporters argue it will boost cybersecurity expertise domestically.

8. Multiple Vulnerabilities Found in Ruckus Wireless Products

Researchers have disclosed multiple critical vulnerabilities in Ruckus Wireless products, including command injection and privilege escalation flaws. Attackers could exploit these to gain full administrative control over network devices. Ruckus has released security advisories, but some flaws remain unpatched as of the latest update. Organizations using affected products are urged to implement mitigations and restrict network exposure.

9. Ransomware Operations Surge Following Qilin Takedown

Cybersecurity analysts report a surge in ransomware operations following the takedown of the Qilin ransomware group. Competing threat actors are moving to fill the void left by Qilin, increasing attacks against healthcare, manufacturing, and financial sectors. Experts warn organizations to remain vigilant amid evolving ransomware tactics and new affiliates joining the ecosystem. Enhanced detection and incident response capabilities are recommended.

10. GitPhish Targets Developers with GitHub Credential Theft

A new phishing campaign called GitPhish is targeting software developers to steal GitHub credentials. Attackers send emails posing as GitHub security alerts, tricking recipients into entering login information on fake pages. Compromised accounts are then used to spread malware or tamper with code repositories. Developers are urged to enable multifactor authentication and verify security notification sources.

11. AMD Discloses New CPU Flaws Allowing Data Leaks

AMD has disclosed new CPU vulnerabilities that could enable data leaks through timing attacks. The flaws impact multiple Ryzen and EPYC processors, potentially allowing attackers to infer sensitive data processed by the CPU. AMD is working on microcode updates to mitigate these risks. Users are advised to apply security updates when released to protect against exploitation.

12. Critical MCP Vulnerability Exposes LLM Clients to Remote Attacks

A critical remote code execution vulnerability has been found in MCP, exposing clients using large language models (LLMs) to remote attacks. Exploitation could allow attackers to execute arbitrary code or access sensitive data processed through LLM integrations. Researchers recommend immediate patching to secure environments deploying MCP in AI workflows. The vulnerability underscores emerging risks in AI application infrastructures.

13. McDonald’s AI Hiring Tool Leaked Job Seekers’ Data

McDonald’s AI-powered hiring tool McHire has reportedly leaked sensitive job seeker data due to a misconfigured database. Exposed information includes applicant names, contact details, and employment history. The company is investigating the breach and working to notify affected individuals. This incident highlights ongoing data privacy challenges with AI recruitment platforms.