Weekly Cyber Security & TechRoundup: Anubis Ransomware, WhatsApp Ads, and Global Cybersecurity Developments
June 2025 saw big news in cybersecurity with the emergence of Anubis ransomware- a new ransomware that encrypts and obliterates your data beyond recovery. Along with that, Meta released ads in the Status tab of WhatsApp, prompting concerns over privacy.
Additionally, as the attacks become faster-paced, other major threats, such as exploits for Chrome zero-days, and age-old vulnerabilities, through service accounts that organizations don’t remember, contribute to the widening risk scenario.
Staying ahead of the current cyber threats, demands insane knowledge and preparedness.
Anubis Ransomware: A Dual Threat to Data Security
Anubis ransomware encrypts files as well as features “wipe mode” which irreversibly deletes files (hence, would be impossible to recover from even if a ransom payment was made). Anubis ransomware has been active since December 2024 and has targeted hospitals, health care systems, and hospitality services in several countries.
Anubis is offered as Ransomware-as-a-Service (RaaS). The attack chain includes phishing, privilege escalation, deleting shadow-copy files, and wiping the files.
Anubis ransomware demonstrates that ransomware attacks are becoming increasingly sophisticated and cybersecurity professionals will need to step up their game.
Source: Darkreading
Meta Introduces Ads on WhatsApp
Meta Platforms has begun displaying ads on WhatsApp’s ‘Updates’ tab, which combines Status and Channels, so WhatsApp has joined the ranks of its social media counterparts to potentially become ad-driven after 15+ years of being free.
These ads rely on comparatively little information for example, country and activity in the app to make recommendations more personalized, whereas personal messages and calls on WhatsApp are still end-to-end encrypted.
Meta has explicitly stated that it will not share users’ phone numbers with marketers. The change aligns WhatsApp with Meta’s current ad-driven strategy of monetizing its user base that they have implemented on Facebook and Instagram.
Source: The Hacker News
Protecting Backups from Ransomware Attacks
Experts recommend the use of immutable cloud-based backups to protect against ransomware and unwanted changes to the data.
An immutable backup is a write-once, read-many (WORM) backup that prevents any modifications or deletions once stored. It provides a secure recovery point during ransomware attacks to restore systems and the organization does not have to pay ransom.
Establishing immutable backup initiatives is critical in improving the resiliency of data and reducing the possibility of downtime with the rapid attacks on organizations today.
Source: Mimecast
Forgotten Active Directory Service Accounts Pose Security Risks
Botnet attacks have taken advantage of more than 130,000 abandoned service accounts from Active Directory (AD) and the need for managing and auditing these accounts becomes a necessity.
As many of these accounts contain elevated privileges, if they are not managed appropriately then they can easily be leveraged by attackers.
To help mitigate the risk of abandoning AD service accounts, it is important for organizations to regularly access and deactivate their unused service accounts, adhere to the principle of least privilege, and conduct periodic security audits.
Source: The Hacker News
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff
Experts recommend implementing immutable cloud backups to better protect your information from ransomware attacks and unauthorized changes. Immutable backups adhere to the write once, read many (WORM) concepts and prohibit any changes or deletions once the information is written.
This means when attacked by ransomware, you will have a restoration point that is secure, allowing organizations to simply restore with WORM copies and avoid paying the ransom.
Using immutable backup strategies is an essential way to strengthen a company’s data resilience and lessen downtime in an evolving threat landscape.
Source: The Hacker News
Iran Restricts Internet Access Amid Escalating Conflict
In reaction to increasing military tensions and cyberattacks from Israel, Iran launched an almost-complete internet shutdown in Tehran and other cities in order to avoid any kind of further breaches into its national security.
The outage has cut millions off from the outside world impacting their ability to access domestic media and even domestic financial services, as hackers began to compromise key banks and TV channels.
Iranians have been further isolated, as whilst state TV, landlines, and mobile phones continue to work, the blackout has compromised all the flow of information, creating problems for members of the Iranian diaspora seeking to get in touch with family members.
With regards to its own cyber operations, Iranian cyber agencies have advised the public to be careful when using foreign apps, and warned also about potential cyber espionage.
Source: The Hacker News
Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret Information
Asif William Rahman, a former CIA analyst, was sentenced to 37 months in prison for stealing and divulging classified information. The leaked documents pertained to national security operations and were intended to be shared with unauthorized foreign entities.
This case underscores the ongoing challenges in safeguarding sensitive government data and the consequences of insider threats.
Source: Reuters
Water Curse Hijacks 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign
Cybersecurity researchers have uncovered a previously undetected category of threat actor called Water Curse, and it deploys multi-stage malware via weaponized GitHub repositories.
Specifically, the attackers compromised 76 GitHub accounts where they hosted malicious code. This code got executed on the targeted victim’s system when they cloned or downloaded the helpers in the repository.
Threat actor tactics are evolving, and cybersecurity professionals need to be more vigilant when interacting with code repository services.
Source: Trend Micro
1,500 Minecraft Players Infected by Java Malware
A recent investigation found that a new cyberattack was launched against Minecraft’s 200 million user base, exploiting malicious mods, which affected 1,500 players.
The malware, which was delivered through infected Java mods, enabled attackers to take players’ login credentials and other confidential information.
Players should be cautious and download mods only from trusted websites, and use security software to detect malicious and block activities.
Source: Checkpoint
New Malware Campaign Uses Cloudflare as a Proxy
A new malware campaign was recently discovered that uses Cloudflare’s infrastructure as a proxy, hiding nefarious activities, thereby posing more challenges for detection.
Being routed via Cloudflare, this malware campaign intentionally distracts from where the traffic actually emanates.
This is a technique used by attackers to steer malware away from detection using conventional security techniques.
This really emphasizes the need for a more advanced type of threat detection that looks into traffic patterns for anomalies, rather than relying on standard indicators that may become obscured when proxies are employed.
Source: The Hacker News
New Linux Flaws Enable Full Root Access
New security holes in Linux systems have come to light giving full root access and creating big risks for affected computers. Bad actors can use these flaws to get admin rights leading to unwanted entry and power over the system.
It’s crucial for users and admins to install the fixes and upgrades as soon as they’re out to protect against these dangers.
Source: Infosecurity Magazine
Meta Adds Passkey Login Support to WhatsApp
Meta has added passkey login support to WhatsApp making it safer by letting users prove who they are without passwords.
Passkeys are special digital keys that get rid of the need for regular passwords, cutting down the chance of falling for fake login pages or having your account broken into.
You can turn on this new feature in the app’s security options.
Source: The Hacker News
Russian APT29 Exploits Gmail App
Experts have spotted the Russian hacking group APT29 taking advantage of weak spots in Gmail’s app. These hackers are using the app’s own features to get around security and sneak into private data.
They’re doing this to spy on people and steal information. If you use Gmail, make sure you’ve got the newest version of the app. Also, keep an eye out for anything that looks fishy in your account.
Source: The Hacker News
New Android Malware Surge Hits Devices
An increase in new android malware variants has been reported, aimed at stealing personal data through malicious applications and websites. These strains of malware have the ability to capture communications, retrieve contact listings, and exfiltrate data.
Users are encouraged to install apps from reliable sources only, refrain from clicking on dubious links, and protect their devices with reputable security software.
Source: The Hacker News
Iran’s State TV Hijacked Mid-Broadcast
Iran’s state television was interrupted during a live broadcast , where unauthorized videos were streamed, igniting concerns regarding censorship and control.
This event demonstrates weaknesses in the infrastructure of government-sponsored media as well as the possibility of cyber attacks that aim to interrupt the flow of information.
The government is looking into the case and residents are warned to check information from different platforms.
Source: The Hacker News
Qilin Ransomware Adds ‘Call Your Lawyer’ Feature
The Qilin ransomware group added a novel twist to their extortion methods by enabling victims to reach out to a lawyer.
The intention behind this is perhaps to offer legal help which could sway victims towards paying the ransom.
This addition highlights the growing sophistication of ransomware groups and their relentless pursuit of profit.
Source: Infosecurity Magazine
Conclusion
The week of June 16-21, 2025 is marked by significant development in cyber security and technology.
From the emergence of double -threatened ransomware such as Anubis for the introduction of advertisements on WhatsApp, these incidents outline the dynamic nature of the digital landscape.
Organizations and individuals must be cautious, adopt active safety measures and be informed about the emerging dangers to successfully navigate this developed environment.
Take the next step: secure your future in cyber security If you are inspired by the latest hazards such as Anubis Ransomware and global cyber phenomena, now is the time to level your skills. Enroll in the best cyber security course with placement assistance in India and start your journey towards becoming an in-demand cyber security professional.
Cyber Security Course in Mumbai | Cyber Security Course in Bengaluru | Cyber Security Course in Hyderabad | Cyber Security Course in Delhi | Cyber Security Course in Pune | Cyber Security Course in Kolkata | Cyber Security Course in Thane | Cyber Security Course in Chennai
