Microsoft patches zero-day flaw as Mirai botnets hit Wazuh servers
▼ Summary
– Microsoft fixed 66 CVEs in June 2025 Patch Tuesday, including an exploited zero-day (CVE-2025-33053).
– Unpatched Wazuh servers are being targeted by Mirai botnets exploiting a critical RCE vulnerability (CVE-2025-24016).
– Kali Linux 2025.2 was released, featuring Bloodhound CE, CARsenal, and 13 new tools for penetration testing.
– Attackers are brute-forcing Microsoft Entra ID accounts using the TeamFiltration framework, as reported by Proofpoint.
– LockBit ransomware operations netted $2.3 million in 5 months, with Chinese organizations among the most targeted.
Microsoft addresses critical zero-day vulnerability while Mirai botnets exploit unpatched Wazuh servers, highlighting the escalating challenges in cybersecurity defense.
The tech giant rolled out fixes for 66 security flaws in its June 2025 Patch Tuesday update, including a zero-day exploit (CVE-2025-33053) actively used in cyber espionage campaigns. Meanwhile, security researchers at Akamai uncovered two Mirai botnets targeting unpatched Wazuh XDR/SIEM platforms through a critical remote code execution flaw (CVE-2025-24016).
Threat modeling remains undervalued despite its critical role in proactive security. While CISOs recognize its importance for early risk identification, competing priorities like new tools or reactive measures often overshadow it in budget discussions.
Offensive Security released Kali Linux 2025.2, packed with 13 new tools, including Bloodhound CE and CARsenal, reinforcing its position as a leading platform for penetration testing.
In identity security, Proofpoint researchers detected an ongoing Entra ID account takeover campaign leveraging the TeamFiltration framework for brute-force attacks. Meanwhile, Citizen Lab exposed a zero-click iOS exploit (CVE-2025-43200) delivering Graphite spyware to journalists’ iPhones.
The LockBit ransomware operation reportedly amassed $2.3 million in five months, with Chinese organizations among the most targeted, according to leaked affiliate panel data.
ConnectWise initiated emergency code-signing certificate rotations for ScreenConnect, Automate, and RMM solutions, urging customers to update systems by June 13 to avoid disruptions.
The EU launched DNS4EU, a privacy-focused DNS resolution service, to bolster digital sovereignty. Meanwhile, INTERPOL’s Operation Secure dismantled 20,000 malicious IPs and domains linked to infostealer malware.
AI adoption is surging, with 86% of security teams increasing AI usage to counter AI-driven threats. However, 84% of organizations now using AI in the cloud face new attack vectors, per Orca Security.
API security remains a blind spot, with legacy tools failing to detect risks in thousands of repositories. StackHawk’s CEO emphasized the need for pre-deployment API visibility to prevent breaches.
A critical Roundcube flaw (CVE-2025-49113) is being actively exploited, with dark web sales of exploits signaling imminent attacks.
For defenders, OWASP Nettacker offers an open-source network scanner, while fiddleitm helps detect malicious web traffic via mitmproxy.
Cybersecurity hiring remains robust, with new roles emerging weekly. Additionally, CIS Hardened Images provide cloud security enhancements, particularly for public sector organizations.
As threats evolve, the key takeaway is clear: more data isn’t the solution, reducing noise and prioritizing actionable intelligence is critical for effective defense.
(Source: HelpNet Security)
