#218 - Coinbase + Cetus, Hazy Hawk, BadSuccesssor & DCIS takedown

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.

• Two significant crypto security breaches occurred in close succession this month, affecting both decentralized and centralized platforms. On May 22, Cetus—a decentralized exchange built on the Sui Network—was exploited via a vulnerability in its automated market maker (AMM). Meanwhile, Coinbase confirmed what it called a “targeted insider threat operation” that compromised data from less than 1% of its active monthly users.
• A threat group identified as “Hazy Hawk” has been systematically hijacking cloud-based DNS resources tied to well-known organizations, including the US Centers for Disease Control and Prevention (CDC), since December 2023.
• A newly disclosed vulnerability in Windows Server 2025, dubbed BadSuccessor, has raised major concerns among enterprise administrators managing Active Directory environments.
• Federal and international law enforcement, alongside a significant number of private-sector partners, have successfully dismantled the Danabot botnet in a multiyear operation aimed at neutralizing one of the more advanced malware-as-a-service (MaaS) platforms tied to Russian cybercriminal activity.