Akamai, Microsoft Disagree on Severity of Unpatched 'BadSuccessor' Flaw
Akamai's security team kicked off a new spat in the vulnerability disclosure world by publishing full exploitation details for "BadSuccessor," an unpatched privilege-escalation flaw in Windows Server 2025 that allows attackers to compromise any user in Active Directory. According to Akamai researcher Yuval Gordon, Microsoft's security response center confirmed the validity of the bug but brushed it aside as a "moderate" severity issue that would be patched "in the future." READ MORE...
Russian Qakbot Gang Leader Indicted in US
A Russian national has been indicted in the US for leading the cybercrime group behind the infamous Qakbot malware and botnet. The individual, Rustam Rafailevich Gallyamov, 48, allegedly "developed, deployed, and controlled the Qakbot malware beginning in 2008". Also known as Pinkslipbot and QBot, Qakbot was distributed through spam campaigns, hijacked email threads, or the exploitation of known vulnerabilities in internet-facing assets. READ MORE...
CISA: Russia's Fancy Bear Targeting Logistics, IT Firms
Fancy Bear (APT28), a state-backed hacking group tied to Russia's Main Intelligence Directorate (GRU), is ramping up attacks on logistics and IT firms, especially those aiding Ukraine, as part of a broader cyber-espionage campaign. A joint advisory this week from 21 intelligence agencies across 11 nations, including the US and the UK, described the attacks as targeting Western technology firms and companies in the air, maritime, and railway transportation sectors. READ MORE...
Digital trust is cracking under the pressure of deepfakes, cybercrime
69% of global respondents to a Jumio survey say AI-powered fraud now poses a greater threat to personal security than traditional forms of identity theft. This number rises to 74% in Singapore, with 71% also indicating that AI-generated scams are harder to detect than traditional scams. 69% of global consumers indicated they are more skeptical of the content they see online due to AI-generated fraud than they were last year. READ MORE...
Police takes down 300 servers in ransomware supply-chain crackdown
In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. "From 19 to 22 May, authorities took down some 300 servers worldwide, neutralised 650 domains, and issued international arrest warrants against 20 targets, dealing a direct blow to the ransomware kill chain," according to the joint action's official website. READ MORE...
Oops: DanaBot Malware Devs Infected Their Own PCs
The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware. READ MORE...
Blurring Lines Between Scattered Spider & Russian Cybercrime
Law enforcement actions in 2024 were supposed to disrupt Scattered Spider. Instead, the notorious cybercrime group re-emerged this year and is trending in a direction that has alarmed some infosec experts. The arrests of several alleged members of Scattered Spider last year may have led to a temporary dip in malicious activity. But not only have Scattered Spider's high-profile attacks continued this year, but the group has seemingly shifted further into the Russian ransomware ecosystem. READ MORE...
Unpatched Windows Server vulnerability allows full domain compromise
A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. "The ["BadSuccessor"] attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement," Akamai researcher Yuval Gordon warned. READ MORE...
- ...in 1829, Romanian inventor Cyrill Demian is granted a patent for a new musical instrument -- the accordian.
- ...in 1928, singer and actress Rosemary Clooney ("Come On-a My House", "Mambo Italiano") is born in Maysville, KY.
- ...in 1934, engineer and electronic music pioneer Robert Moog, inventor of the Moog synthesizer, is born in New York City.
- ...in 1934, infamous bank robbers Bonnie and Clyde are ambushed and killed by Texas and Louisiana state police.
