WEEKLY TOP TEN: July 21, 2025, 16:00 GMT
- Hackers Use GitHub to Host Malware Payload
Cybercriminals are abusing GitHub repositories to host malicious payloads, taking advantage of the platform’s trust and reliability to evade detection. These repositories often mimic legitimate projects and deliver malware through disguised scripts and executables. - Armenian National Extradited for Ryuk Ransomware Attacks
An Armenian national has been extradited to the United States to face charges related to his involvement in the Ryuk ransomware operation. He is accused of helping facilitate attacks that targeted hospitals, municipalities, and large businesses, resulting in millions of dollars in ransom payments. - LameHug Malware Uses AI to Aid Windows Data Theft
A newly discovered malware dubbed LameHug uses integrated large language models (LLMs) to craft system-specific PowerShell and shell commands in real-time. This adaptive behavior enables more effective data theft and evasion on compromised Windows machines. - Critical Cisco Zero-Day Allows Root Access Without Password
Cisco has disclosed a critical zero-day vulnerability (CVE-2024-20388) affecting its BroadWorks Application Delivery Platform and Xtended Services Platform. The flaw allows unauthenticated attackers to gain root shell access, with no password required—making it a high-priority patch for enterprises. - Stormous Ransomware Claims Theft of 600K Patient Records
The Stormous ransomware gang claims to have stolen over 600,000 patient records from North Country Healthcare in a recent cyberattack. Data allegedly includes sensitive medical and insurance information, though the full extent of the breach remains under investigation. - $27 Million in Crypto Stolen from BigOne Exchange
BigOne, a major cryptocurrency exchange, has confirmed that a hacker breached its hot wallets and stole $27 million in digital assets. The company has halted withdrawals and is working with law enforcement and blockchain investigators to trace the funds. - Chinese Hackers Breach National Guard Network
Chinese state-linked hackers compromised the U.S. National Guard’s network in a cyber-espionage campaign targeting infrastructure configuration files. While no sensitive personnel or operational data was accessed, the breach highlights persistent nation-state interest in U.S. military systems. - Apache HTTP Server Flaw Exploited in the Wild
Threat actors are exploiting a vulnerability (CVE-2024-38468) in Apache HTTP Server that allows attackers to bypass HTTP request smuggling protections. The flaw, which affects recent versions of Apache, can lead to data exposure and session hijacking if left unpatched. - AsyncRAT Forks into New Malware Variants
The widely used AsyncRAT malware has been forked into multiple new variants, including Labyrinth, that add enhanced obfuscation and persistence techniques. These variants are being distributed via phishing lures and malicious attachments targeting remote workers. - Google Patches Chrome Zero-Day Used for Sandbox Escape
Google has patched a critical zero-day vulnerability in Chrome that was actively exploited in the wild. The flaw enabled attackers to escape the browser sandbox, potentially allowing full system compromise when combined with other exploits.
Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The following top 10 stories were selected from the 40+ original ones we determined to be most significant during the course of the week, ranking by highest risk, and using multiple sources when available: