Go to listing page

Daily Cybersecurity Roundup, July 04, 2025

Recent cybersecurity findings highlight a surge in malicious activity across platforms. Eight Firefox extensions posing as popular games have been caught stealing OAuth tokens and redirecting users to scam sites, linked to a long-active threat actor, mre1903. Massive Android ad fraud operations like IconAds leveraged 352 hidden-icon apps to serve intrusive ads, generating 1.2 billion daily bid requests before removal from the Play Store. Meanwhile, ransomware threats are escalating rapidly—Optiv reports a 213% increase in Q1 2025 compared to Q1 2024, with 2,314 victims listed across 74 data leak sites. Continue reading for more cybersecurity news.

01

Eight malicious Firefox extensions impersonating popular games have been stealing OAuth tokens and redirecting users to scam sites linked to threat actor mre1903.

02

Massive Android fraud operations like IconAds have used 352 hidden-icon apps to serve intrusive ads and generated 1.2 billion ad bid requests daily before being removed from the Play Store.

03

Hpingbot, a newly discovered Go-based botnet, has been targeting Windows, Linux, and IoT devices, using Pastebin for payload delivery and hping3 for executing DDoS attacks.

04

Cybercriminal activity is surging ahead of Amazon Prime Day on July 8, 2025, with a spike in phishing attacks and over 1,000 fake Amazon-like domains registered in June.

05

A stealthy fake WordPress spam plugin mimics the victim’s actual domain name and only activates cloaked SEO spam for search engine bots, staying hidden from admins and security scanners while injecting obfuscated malicious code.

06

Hackers are exploiting the trusted Inno Setup installer framework to distribute malware, leveraging its Pascal scripting and legitimate appearance to bypass security measures.

07

As per Optiv’s report, ransomware attacks increased by 213% in Q1 2025 compared to Q1 2024, with 2,314 victims listed on 74 data leak sites. Cl0p, RansomHub, and Akira were the top ransomware variants in Q1 2025, with Cl0p showing a significant rise in activity.

08

RondoDox is a new botnet threat that exploits two critical vulnerabilities: CVE-2024-3721 (TBK DVR models) and CVE-2024-12856 (Four-Faith router models). These vulnerabilities allow remote attackers to execute arbitrary commands.

09

Three critical vulnerabilities in Apache Tomcat (CVE-2025-24813) and Apache Camel (CVE-2025-27636, CVE-2025-29891) enable RCE, allowing attackers to hijack systems.

10

Grafana addressed four high-severity Chromium vulnerabilities (CVE-2025-5959, CVE-2025-6554, CVE-2025-6191, CVE-2025-6192) affecting the Image Renderer plugin and Synthetic Monitoring Agent.

Get the Daily Cybersecurity Roundup delivered to your email!