๐Ÿ“ฐwrzlbrmpft's cyberlights๐Ÿ’ฅ

weekly cybersecurity highlights (for everyone!)

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿšจ UK government confirms massive data breach following hack of Legal Aid Agency data breach โ€“ A major data breach at the Legal Aid Agency may expose sensitive information of legal aid applicants, affecting millions. Security measures are being intensified to prevent further incidents. https://therecord.media/uk-legal-aid-agency-data-breach

๐Ÿงฌ Pharma giant Regeneron to buy 23andMe and its customers' data for $256M privacy โ€“ Regeneron plans to purchase 23andMe, including sensitive genetic data from 15 million customers, raising privacy concerns after a previous data breach. Compliance with privacy laws is promised. https://techcrunch.com/2025/05/19/pharma-giant-regeneron-to-buy-23andme-and-its-customers-data-for-256m/

๐Ÿ”’ days demonstrated at Pwn2Own Berlin 2025 vulnerability โ€“ Mozilla patched two critical zero-day vulnerabilities in Firefox that could allow sensitive data access or code execution. Users are urged to update their browsers immediately. https://securityaffairs.com/178064/security/mozilla-fixed-zero-days-demonstrated-at-pwn2own-berlin-2025.html

๐Ÿ’ Russia-linked disinformation floods Poland, Romania as voters cast ballots security news โ€“ Ahead of presidential elections, Romania and Poland report increased Russian disinformation efforts aiming to sway voters. Authorities warn of impersonation tactics and funded campaigns on social media. https://therecord.media/russia-disinformation-poland-presidential-election

๐Ÿ‘๏ธ Cocospy stalkerware apps go offline after data breach security news โ€“ Cocospy, Spyic, and Spyzie, stalkerware apps spying on millions, have gone offline following a significant data breach exposing user emails. Users are advised to remove any remaining spyware from their devices. https://techcrunch.com/2025/05/19/cocospy-stalkerware-apps-go-offline-after-data-breach/

๐Ÿšช DoorDash Hack security research https://www.schneier.com/blog/archives/2025/05/doordash-hack.html

๐Ÿ›’ Consumer Reports: Kroger using loyalty program to package, sell customer data privacy โ€“ Kroger allegedly sells detailed consumer data from its loyalty program, creating potentially inaccurate profiles of shoppers for marketing. Consumer Reports urges stronger privacy protections against such practices. https://therecord.media/kroger-using-loyalty-program-to-sell-customer-data

๐Ÿ“š Chicago Sun-Times prints summer reading list full of fake books security news โ€“ The Chicago Sun-Times published a summer reading list with fake books generated by AI, prompting backlash from readers and staff. The publication is investigating the incident and terminating its relationship with the creator. https://arstechnica.com/ai/2025/05/chicago-sun-times-prints-summer-reading-list-full-of-fake-books/

๐Ÿ” 3 Teens Almost Got Away With Murder. Then Police Found Their Google Searches privacy โ€“ Three teens set a house fire that killed five people, but police traced their Google searches for the address to solve the case. The investigation raises concerns about privacy and law enforcement's use of digital data. https://www.wired.com/story/find-my-iphone-arson-case/

๐Ÿ’ฌ Researchers Scrape 2 Billion Discord Messages and Publish Them Online privacy โ€“ A database of over 2 billion Discord messages scraped from 3,167 servers has been published online, raising privacy concerns despite claims of anonymization. A separate tool reveals non-anonymized chat histories. https://www.404media.co/researchers-scrape-2-billion-discord-messages-and-publish-them-online/

๐Ÿ“ธ Signal says no to Windows 11โ€™s Recall screenshots privacy โ€“ Signal has implemented screen security in its Windows 11 client to prevent Microsoftโ€™s Recall feature from capturing secured chats. This move highlights concerns over user privacy and accessibility issues. https://www.theverge.com/news/672210/signal-desktop-app-microsoft-recall-block-windows-11-ai

๐Ÿ’ Kids Say They're Using Photos of Trump and Markiplier to Bypass 'Gorilla Tag' Age Verification security news โ€“ Players of the VR game Gorilla Tag are reportedly using images of Trump and Markiplier to circumvent age verification measures. https://www.404media.co/kids-say-theyre-using-photos-of-trump-and-markiplier-to-bypass-gorllia-tag-age-verification/

๐Ÿค– Should Children Use AI Chatbots? Google Thinks So, Critics Strongly Disagree privacy โ€“ Google's rollout of its AI chatbot Gemini for children under 13 has sparked backlash from privacy advocates, who argue it may violate COPPA and poses risks to kids' mental health and well-being. https://thecyberexpress.com/google-gemini-ai-for-kids/

๐Ÿ“ฑ Russia to pass law to track migrants using their smartphone privacy โ€“ A new Russian law will require migrants in Moscow to use a smartphone app for tracking and reporting their location. Critics raise concerns about privacy and potential abuse of power. https://www.theregister.com/2025/05/22/russia_expected_to_pass_experimental/

๐Ÿ”“ Trojanized KeePass Used to Deploy Cobalt Strike and Steal Credentials malware โ€“ A malware campaign has trojanized the KeePass password manager to deliver Cobalt Strike and exfiltrate credentials. The compromised installer mimicked the real one, making detection difficult. https://securityonline.info/trojanized-keepass-used-to-deploy-cobalt-strike-and-steal-credentials/


Some More, For the Curious

๐Ÿ”‘ OpenPGP.js bug enables encrypted message spoofing vulnerability โ€“ A critical vulnerability in OpenPGP.js allows spoofing of signed and encrypted messages, undermining public key cryptography. Users are urged to upgrade to patched versions to mitigate risks. https://www.theregister.com/2025/05/20/openpgp_js_flaw/

๐ŸŒƒ Does ENISA EUVD live up to all the hype? cyber defense โ€“ The article critically examines the effectiveness and impact of the European Union Agency for Cybersecurity (ENISA) in relation to the EU's cybersecurity directives, questioning if it meets expectations. https://vulncheck.com/blog/enisa-euvd

๐Ÿ“Š CISA, NIST Researchers Develop Metric to Determine Likelihood of Vulnerability Exploitation security research โ€“ NIST and CISA researchers have created a new metric, Likely Exploited Vulnerabilities (LEV), to better predict which vulnerabilities may be exploited, enhancing existing systems like EPSS and KEV. https://thecyberexpress.com/cisa-nist-vulnerability-exploit-metric/

๐Ÿ”’ Lumma Stealer toppled by globally coordinated takedown cybercrime โ€“ Lumma Stealer, a notorious infostealer malware, was dismantled in a global operation that seized its core infrastructure, blocking 2,300 malicious domains. Microsoft and law enforcement aim to disrupt cybercrime operations. https://cyberscoop.com/lumma-stealer-infostealer-takedown/

โš ๏ธ Active Directory dMSA Privilege Escalation Attack Detailed by Researchers vulnerability โ€“ Akamai researchers discovered a privilege escalation vulnerability in Windows Server 2025's dMSA feature, allowing attackers to compromise any Active Directory user with minimal permissions. Microsoft acknowledges the issue but rates it as moderate severity. https://thecyberexpress.com/active-directory-dmsa-attack/

๐Ÿ“‚ Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials cybercrime โ€“ A recent indictment highlights how a Russian malware operation facilitates both criminal activities and state-sponsored hacking, with various cybersecurity issues and incidents, including a breach involving the Signal clone TeleMessage. https://www.wired.com/story/mysterious-database-logins-governments-social-media/

๐Ÿ’ป Oops: DanaBot Malware Devs Infected Their Own PCs cybercrime โ€“ The U.S. government has charged 16 individuals linked to DanaBot malware, which has infected over 300,000 systems. Developers accidentally infected their own PCs, revealing their identities and leading to their arrest. https://krebsonsecurity.com/2025/05/oops-danabot-malware-devs-infected-their-own-pcs/

๐Ÿ’ฐ Decentralized crypto platform Cetus hit with $223 million hack security news โ€“ Cetus, a decentralized cryptocurrency exchange, was hacked for $223 million. The platform paused operations and secured $162 million of the stolen funds, while investigations into the attack continue. https://therecord.media/decentralized-crypto-platform-cetus-theft

๐Ÿฉ Mysterious hacking group Careto was run by the Spanish government, sources say cybercrime โ€“ Research indicates that Careto, a sophisticated hacking group targeting various nations, was operated by the Spanish government. Initially identified in 2014, the group has resurfaced with advanced malware capabilities. https://techcrunch.com/2025/05/23/mysterious-hacking-group-careto-was-run-by-the-spanish-government-sources-say/

๐Ÿš” Operation RapTor led to the arrest of 270 dark web vendors and buyers cybercrime โ€“ Operation RapTor resulted in the arrest of 270 individuals involved in dark web trafficking across 10 countries, seizing over โ‚ฌ184M in assets, drugs, and weapons. Law enforcement continues to target dark web activities. https://securityaffairs.com/178221/deep-web/operation-raptor-arrest-270-dark-web-vendors-and-buyers.html

๐Ÿ”’ Large-scale sting tied to Operation Endgame disrupts ransomware infrastructure cybercrime โ€“ Law enforcement from Europe and North America dismantled key ransomware infrastructure in Operation Endgame, taking down 300 servers and 650 domains, disrupting malware tools like Qakbot and Trickbot, and issuing arrest warrants for 20 suspects. https://cyberscoop.com/operation-endgame-ransomware-infrastructure-takedown-europol/

โš™๏ธ Researchers cause GitLab AI developer assistant to turn safe code malicious vulnerability โ€“ Researchers demonstrated how GitLab's AI assistant, Duo, could be manipulated into inserting malicious code through prompt injections, exposing private data. GitLab has since implemented measures to mitigate this vulnerability. https://arstechnica.com/security/2025/05/researchers-cause-gitlab-ai-developer-assistant-to-turn-safe-code-malicious/

๐Ÿฆ  Compromised RVTools Installer Spreading Bumblebee Malware malware โ€“ A compromised RVTools installer was found spreading Bumblebee malware, detected by security researcher Aidan Leon. The malicious file originated from the official website, which has since been taken offline temporarily. https://hackread.com/compromised-rvtools-installer-drop-bumblebee-malware/

๐Ÿ”“ Bypass SharePoint Restricted View to exfiltrate data using Copilot AI and moreโ€ฆ hacking writeup โ€“ Red Teamers demonstrate methods to circumvent SharePoint's Restricted View, allowing data exfiltration through techniques like screenshots, OCR, and using AI tools like Microsoft Copilot. The findings highlight the inadequacy of relying on Restricted View for data security. https://www.pentestpartners.com/security-blog/bypass-sharepoint-restricted-view-to-exfiltrate-data-using-copilot-ai-and-more/

๐Ÿ”‘ Passwords are okay, impulsive Internet isn't security news โ€“ The article criticizes the push for passwordless authentication, arguing that passkeys create vendor lock-in and compromise user security. It emphasizes that the real issue lies in human behavior and impulse control, rather than technology itself. Comment: missed this one. thankfully cert.at pushed it this week. https://www.dedoimedo.com/life/passwords-passkeys.html

๐Ÿ˜ก Red Team Gold: Extracting Credentials from MDT Shares hacking write-up โ€“ The article explores how Microsoft Deployment Toolkit (MDT) can be targeted during Red Team engagements to extract credentials. It discusses misconfigurations in MDT shares that can lead to unauthorized access to sensitive information. https://trustedsec.com/blog/red-team-gold-extracting-credentials-from-mdt-shares


CISA Corner

โš ๏ธ CISA Adds Six Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added six vulnerabilities to its catalog due to active exploitation, highlighting serious risks to federal systems. Agencies are required to remediate these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2025/05/19/cisa-adds-six-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added a new vulnerability, CVE-2025-4632, related to Samsung MagicINFO 9 Server, to its Known Exploited Vulnerabilities Catalog, urging organizations to prioritize remediation efforts. https://www.cisa.gov/news-events/alerts/2025/05/22/cisa-adds-one-known-exploited-vulnerability-catalog

โš™๏ธ CISA Releases Thirteen Industrial Control Systems Advisories vulnerability โ€“ CISA issued thirteen advisories on May 20, 2025, addressing security vulnerabilities in various Industrial Control Systems. Users are urged to review these advisories for important technical details and mitigations. https://www.cisa.gov/news-events/alerts/2025/05/20/cisa-releases-thirteen-industrial-control-systems-advisories โš™๏ธ CISA Releases Two Industrial Control Systems Advisories vulnerability โ€“ CISA has issued two advisories on security vulnerabilities affecting Lantronix Device Installer and Rockwell Automation FactoryTalk Historian. Users are urged to review the advisories for details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/05/22/cisa-releases-two-industrial-control-systems-advisories

๐ŸŽฏ Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies security news โ€“ CISA and other agencies issued a Cybersecurity Advisory on Russian GRU cyber actors targeting Western tech and logistics firms, particularly those supporting Ukraine. The advisory highlights their espionage tactics. https://www.cisa.gov/news-events/alerts/2025/05/21/russian-gru-cyber-actors-targeting-western-logistics-entities-and-tech-companies ๐ŸŽฏ Threat Actors Target U.S. Critical Infrastructure with LummaC2 Malware security news โ€“ CISA and the FBI issued a Cybersecurity Advisory on LummaC2 malware, which targets U.S. critical infrastructure by infiltrating networks and exfiltrating sensitive data. Organizations are urged to implement recommended mitigations. https://www.cisa.gov/news-events/alerts/2025/05/21/threat-actors-target-us-critical-infrastructure-lummac2-malware

๐Ÿ” New Best Practices Guide for Securing AI Data Released security news โ€“ CISA, NSA, and FBI released a Cybersecurity Information Sheet outlining best practices for securing AI data. It emphasizes the importance of data security throughout the AI lifecycle for accuracy and trustworthiness. https://www.cisa.gov/news-events/alerts/2025/05/22/new-best-practices-guide-securing-ai-data-released ๐Ÿ”’ Advisory Update on Cyber Threat Activity Targeting Commvaultโ€™s SaaS Cloud Application (Metallic) security news โ€“ Commvault is investigating potential unauthorized access to customer data in their Metallic SaaS solution on Azure. CISA urges users to apply mitigations, monitor logs, and implement security best practices. https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐ŸŽญ Threat actors use fake AI tools to deliver the information stealer Noodlophile cybercrime โ€“ Threat actors exploit AI trends to distribute Noodlophile, an information stealer, via fake AI tools on social media, tricking users into downloading malware disguised as legitimate applications. https://securityaffairs.com/177719/security/threat-actors-use-fake-ai-tools-to-deliver-the-information-stealer-noodlophile.html

โœˆ๏ธ Charter airline helping Trump's deportation campaign pwned data breach โ€“ GlobalX, a charter airline involved in deportations, reported a cybersecurity breach affecting its network. While the full impact remains unclear, it may include stolen flight records and passenger data. https://www.theregister.com/2025/05/12/globalx_security_incident/

๐Ÿ’ฐ Google to pay Texas nearly $1.4 billion over alleged data privacy violations privacy โ€“ Google has agreed to a $1.37 billion settlement with Texas over lawsuits alleging illegal tracking of user data, including location and Incognito searches, without admitting wrongdoing. https://therecord.media/google-texas-privacy-violations-billions

๐Ÿ Wide-ranging Apple security update addresses over 30 vulnerabilities vulnerability โ€“ Apple's latest security update addresses over 30 vulnerabilities across iOS, iPadOS, and macOS, including critical baseband flaws and privacy issues affecting various components. No active exploitation has been reported. https://cyberscoop.com/apple-security-update-c1-modem-privacy-fixes-may-2025/

๐Ÿ“ž Android launches new protections against phone call scammers security news โ€“ Google is introducing features on Android to prevent phone call scams, including blocking app sideloading and accessibility permissions during calls, and warning users about likely scams when accessing banking apps. https://www.theverge.com/news/665706/google-phone-call-scam-protection-banking-apps

๐Ÿ”’ Zero Day Initiative โ€” The May 2025 Security Update Review vulnerability โ€“ Adobe and Microsoft released significant security updates in May 2025, addressing numerous vulnerabilities across their software. Adobe patched 40 CVEs, while Microsoft addressed 75, including several critical flaws under active attack. https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review

๐Ÿšซ Google Is Using On-Device AI to Spot Scam Texts and Investment Fraud security news โ€“ Google is enhancing its AI Scam Detection feature in the Messages app to identify various types of scams, running locally on devices to protect user privacy. This aims to combat the rising tide of digital fraud. https://www.wired.com/story/google-io-on-device-ai-scam-texts/

๐Ÿš˜ License Plate Reader Company Flock Is Building a Massive People Lookup Tool, Leak Shows privacy โ€“ Flock is developing a product called Nova that combines license plate data with personal information from data brokers, allowing law enforcement to track individuals without warrants. Employees express ethical concerns over using hacked data. https://www.404media.co/license-plate-reader-company-flock-is-building-a-massive-people-lookup-tool-leak-shows/

๐Ÿ’ป North Korean IT Workers Are Being Exposed on a Massive Scale cybercrime โ€“ Researchers have identified North Korean IT workers infiltrating Western companies to fund the regime, revealing their lavish lifestyles and connections to cybercrime. A recent leak exposes over 1,000 email addresses linked to their activities. https://www.wired.com/story/north-korean-it-worker-scams-exposed/

โš–๏ธ Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb privacy โ€“ Noyb has sent a cease and desist letter to Meta, challenging its plans to use EU user data for AI training without explicit consent. The group threatens legal action if Meta does not comply with GDPR requirements. https://www.theregister.com/2025/05/14/metas_still_violating_gdpr_rules/

๐Ÿ›‘ White House scraps plan to block data brokers from selling Americans' sensitive data privacy โ€“ The CFPB has withdrawn a plan to regulate data brokers under the Fair Credit Reporting Act, citing misalignment with current interpretations. This move follows industry lobbying against the rule, raising concerns over privacy. https://techcrunch.com/2025/05/14/white-house-scraps-plan-to-block-data-brokers-from-selling-americans-sensitive-data/

๐Ÿ’ฐ Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures cybercrime โ€“ Cybercriminals are reinvesting their profits into ordinary businesses like coffee shops and real estate to launder money. An investigation reveals a network of collaboration among criminals to diversify and legitimize their income streams. https://cyberscoop.com/what-cybercriminals-do-with-their-money-sophos/

๐Ÿ‘Ÿ Meta plans to train AI on EU user data from May 27 without consent privacy โ€“ Meta intends to train its AI models using EU user data starting May 27 without explicit consent, prompting privacy group noyb to threaten legal action for violating GDPR regulations by relying on an 'opt-out' system. https://securityaffairs.com/177920/security/meta-plans-to-train-ai-on-eu-user-data-from-may-27-without-consent.html

๐Ÿ”’ Google Chromeโ€™s May Update: What You Need to Know About CVE-2025-4372 and More vulnerability โ€“ Google's latest Chrome update addresses critical vulnerabilities, including CVE-2025-4664, which is actively exploited, and CVE-2025-4372, a use-after-free flaw. Users are urged to update immediately for security. https://thecyberexpress.com/google-chrome-update-fixe-cve-2025-4372/

๐Ÿšซ EU court rules that tracking-based online ads are illegal privacy โ€“ The Brussels Court of Appeal ruled that tracking for online ads violates GDPR, stating that existing consent models are inadequate. This decision significantly impacts major tech companies relying on real-time bidding. https://therecord.media/eu-court-rules-tracking-based-ads-illegal

โš–๏ธ Bahn vor Gericht: Warum der DB Navigator ein Fall fรผr die Justiz ist privacy โ€“ The Frankfurt court case against Deutsche Bahn focuses on the DB Navigator app, which allegedly collects and shares user data without consent, raising significant GDPR compliance issues and consumer rights concerns. https://www.kuketz-blog.de/bahn-vor-gericht-warum-der-db-navigator-ein-fall-fuer-die-justiz-ist/

๐Ÿ‘ฟ US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials security news โ€“ The FBI warns that ex-government officials are being targeted by cybercriminals using AI-generated deepfake texts and voice messages to impersonate senior U.S. officials, aiming to gain access to personal accounts. https://securityaffairs.com/177987/cyber-crime/us-government-officials-targeted-texts-and-ai-generated-deepfake.html

โšก Experts found rogue devices, including hidden cellular radios, in Chinese security research โ€“ Investigators discovered hidden 'kill switches' and rogue cellular radios in Chinese-made power inverters used in US solar farms, raising concerns about potential remote control over critical energy infrastructure by Beijing. https://securityaffairs.com/178005/hacking/rogue-devices-in-chinese-made-power-inverters-used-worldwide.html


Some More, For the Curious

๐Ÿ• One-Click RCE in ASUSโ€™s Preinstalled Driver Software hacking write-up โ€“ ASUSโ€™s DriverHub software has a serious vulnerability that allows remote code execution due to weak origin checks, posing a significant security threat. https://mrbruh.com/asusdriverhub/

๐Ÿค– New 'Defendnot' tool tricks Windows into disabling Microsoft Defender security research โ€“ The 'Defendnot' tool exploits a Windows API to disable Microsoft Defender by registering a fake antivirus, showcasing vulnerabilities in system security features. https://www.bleepingcomputer.com/news/microsoft/new-defendnot-tool-tricks-windows-into-disabling-microsoft-defender/

๐Ÿ” The cryptography behind passkeys security research โ€“ Passkeys enhance authentication security by using cryptographic key pairs and the WebAuthn specification, eliminating phishing risks and password reuse while ensuring user authenticity. https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/

๐Ÿšจ CVE-2024-26809: Critical nftables Vulnerability in Linux Kernel Could Lead to Root Access vulnerability โ€“ A critical double-free vulnerability in the Linux kernel's nftables subsystem allows local attackers to escalate privileges and execute arbitrary code. Users should update their systems to mitigate this risk. https://thecyberexpress.com/cve-2024-26809-nftables-vulnerability/

๐Ÿ” EU Vulnerability Database Officially Launches Amid CVE Program Concerns security news โ€“ The EU has launched its vulnerability database to improve management of cybersecurity threats, coinciding with uncertainty over MITRE's CVE Program future. It will aggregate critical vulnerability information and facilitate better transparency. https://thecyberexpress.com/eu-vulnerability-database-officially-launches-amid-cve-program-concerns/

โš ๏ธ New VMware Tools Vulnerability Allows Attackers to Tamper with Virtual Machines, Broadcom Issues Urgent Patch vulnerability โ€“ A moderate vulnerability in VMware Tools (CVE-2025-22247) allows attackers with limited access to compromise VMs by tampering with local files. Broadcom has released patches; no workarounds are available. https://thecyberexpress.com/vmware-tools-vulnerability-cve-2025-22247/

๐Ÿ”ง Commvault Command Center patch incomplete: researcher vulnerability โ€“ A critical flaw in Commvault's Command Center remained exploitable for free trial users despite a patch. Following a researcher's discovery, Commvault has changed its update policy to allow immediate access for all users. https://www.theregister.com/2025/05/13/patch_commvault_cvss_10/

๐ŸŒŸ Zero-Day Vulnerabilities in Ivanti EPMM vulnerability โ€“ Ivanti disclosed two zero-day vulnerabilities in their Endpoint Manager Mobile (EPMM) products, allowing unauthenticated remote code execution. CERT-EU recommends immediate updates, especially for internet-facing devices. https://cert.europa.eu/publications/security-advisories/2025-018/

๐Ÿ” Intel data-leaking Spectre defenses scared off once again vulnerability โ€“ Researchers discovered a new attack vector exploiting Intel's Spectre defenses, allowing unauthenticated remote code execution via branch predictor race conditions. Intel has released a microcode update to address this vulnerability. https://www.theregister.com/2025/05/13/intel_spectre_race_condition/

๐Ÿ’ Spies hack high-value mail servers using an exploit from yesteryear cybercrime โ€“ Recent reports indicate that spies have successfully compromised high-value mail servers by exploiting older vulnerabilities, demonstrating the ongoing risk posed by outdated security flaws. https://arstechnica.com/security/2025/05/spies-hack-high-value-mail-servers-using-an-exploit-from-yesteryear/

๐Ÿ’ต Coinbase flips $20M extortion demand into bounty for info on attackers cybercrime โ€“ After cybercriminals extorted Coinbase for $20 million following a data breach, the company offered the same amount as a reward for information leading to the attackers' arrest, marking a proactive response to the incident. https://cyberscoop.com/coinbase-cyberattack-extortion-counter-reward/

๐Ÿ’ป Pwn2Own Berlin 2025 Day Two: researcher earned 150K hacking VMware ESXi security research โ€“ On day two of Pwn2Own Berlin 2025, hackers earned $435,000 for demonstrating zero-day exploits in various products, including VMware ESXi, with one researcher earning $150,000 for an integer overflow exploit. https://securityaffairs.com/177943/hacking/pwn2own-berlin-2025-day-two-researcher-earned-150k-hacking-vmware-esxi.html

๐Ÿ›ก๏ธ ClickFix Fixes Ranked cyber defense โ€“ The 'ClickFix' attack technique exploits user coercion to execute malicious commands via the Windows Run dialog. Mitigations are ranked by effectiveness and annoyance, highlighting the balance between security and usability. https://taggart-tech.com/clickfix/

ยฉ๏ธ How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes security news โ€“ TeleMessage, a Signal clone used by U.S. officials, was hacked, exposing user message logs in plaintext. The app has been disabled by Customs and Border Protection amid security concerns. https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/


CISA Corner

๐Ÿ“ข Update to How CISA Shares Cyber-Related Alerts and Notifications security news โ€“ CISA is revamping its cybersecurity alerts by sharing updates solely through social media and email, focusing on urgent threats on its webpage to improve visibility and user experience. https://www.cisa.gov/news-events/alerts/2025/05/12/update-how-cisa-shares-cyber-related-alerts-and-notifications

โš ๏ธ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added five Microsoft Windows vulnerabilities to its Known Exploited Vulnerabilities Catalog due to active exploitation risks, urging federal agencies to remediate them promptly. https://www.cisa.gov/news-events/alerts/2025/05/13/cisa-adds-five-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2025-32756, a stack-based buffer overflow vulnerability in Fortinet products, to its Known Exploited Vulnerabilities Catalog due to active exploitation risks, urging federal agencies to remediate it promptly. https://www.cisa.gov/news-events/alerts/2025/05/14/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has included three new vulnerabilities in its Known Exploited Vulnerabilities Catalog: a command injection in DrayTek routers, an enforcement issue in Google Chromium, and a deserialization vulnerability in SAP NetWeaver, highlighting significant risks for federal agencies. https://www.cisa.gov/news-events/alerts/2025/05/15/cisa-adds-three-known-exploited-vulnerabilities-catalog

โš™๏ธ CISA Releases Twenty-Two Industrial Control Systems Advisories vulnerability โ€“ CISA has released twenty-two advisories regarding vulnerabilities in industrial control systems, aimed at enhancing security measures within critical infrastructure sectors. https://www.cisa.gov/news-events/alerts/2025/05/15/cisa-releases-twenty-two-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿคฆโ€โ™‚๏ธ WhatsApp provides no cryptographic management for group messages security research โ€“ WhatsApp's group messaging lacks cryptographic safeguards, allowing potential unauthorized users to join chats unnoticed, raising privacy concerns for sensitive discussions. https://arstechnica.com/security/2025/05/whatsapp-provides-no-cryptographic-management-for-group-messages/

๐Ÿšซ Mr. Deepfakes, the Biggest Deepfake Porn Site on the Internet, Says Itโ€™s Shutting Down for Good cybercrime โ€“ Mr. Deepfakes, notorious for nonconsensual deepfake porn, has announced its permanent shutdown due to loss of service and data, leaving users with no access. https://www.404media.co/mr-deepfakes-the-biggest-deepfake-porn-site-on-the-internet-says-its-shutting-down-for-good/

๐Ÿ”‘ Passkeys for Normal People cyber defense โ€“ Passkeys offer a phishing-resistant alternative to traditional passwords and OTPs for secure logins, enhancing online safety, but still require careful management across devices. https://www.troyhunt.com/passkeys-for-normal-people/

๐Ÿ”“ The modified Signal app used by Mike Waltz was reportedly hacked data breach โ€“ A breach involving a modified Signal app used by Mike Waltz has led to the exposure of message contents and contact information of government officials. https://www.theverge.com/news/661173/telemessage-signal-clone-hacked-mike-waltz

๐Ÿ“ฑ Smishing on a Massive Scale: โ€˜Panda Shopโ€™ Chinese Carding Syndicate cybercrime โ€“ Resecurity has uncovered a new smishing kit, โ€˜Panda Shop,โ€™ linked to a Chinese syndicate, capable of sending millions of fraudulent messages daily and targeting vast consumer data. https://securityaffairs.com/177502/cyber-crime/smishing-on-a-massive-scale-panda-shop-chinese-carding-syndicate.html

๐ŸŽ“ Fake Student Fraud in Community Colleges cybercrime โ€“ Community colleges face rising fraud from fake students using AI-generated work to exploit financial aid, challenging detection efforts and disrupting class structures. https://www.schneier.com/blog/archives/2025/05/fake-student-fraud-in-community-colleges.html

๐Ÿšจ Samsung MagicINFO flaw exploited days after PoC publication vulnerability โ€“ A high-severity vulnerability (CVE-2024-7399) in Samsung MagicINFO was exploited shortly after a proof-of-concept was released, allowing unauthenticated users to execute code with system-level access. https://securityaffairs.com/177529/hacking/samsung-magicinfo-vulnerability-exploited-after-poc-publication.html

๐Ÿ•ต๏ธโ€โ™‚๏ธ Meta awarded $167.25 million over Pegasus spyware attack security news โ€“ Meta has been awarded $167.25 million after suing the NSO Group for using Pegasus spyware to target over 1,400 WhatsApp users. https://www.theverge.com/news/662242/meta-nso-group-pegasus-whatsapp-hack-damages

๐Ÿ”‘ Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years security news โ€“ Tulsi Gabbard reportedly used the same easily cracked password across multiple accounts for years, raising concerns about her cybersecurity practices following a sensitive incident involving a Signal group chat. https://www.wired.com/story/tulsi-gabbard-dni-weak-password/

๐Ÿ’ป COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs cybercrime โ€“ Google's Threat Intelligence Group reports on COLDRIVER's new malware, LOSTKEYS, used to steal files from Western targets, utilizing a multi-stage infection process involving social engineering techniques. https://cloud.google.com/blog/topics/threat-intelligence/coldriver-steal-documents-western-targets-ngos/

๐Ÿ’ฐ PowerSchool customers hit by downstream extortion threats cybercrime โ€“ After PowerSchool paid a ransom to delete stolen data, some of its school district customers are now facing extortion threats to leak that data, highlighting ongoing supply chain risks. https://cyberscoop.com/powerschool-customers-hit-by-downstream-extortion-threats/

๐Ÿ”’ Polish authorities arrested 4 people behind DDoS cybercrime โ€“ Polish police arrested four individuals operating DDoS-for-hire platforms used in global attacks, offering services for as little as โ‚ฌ10, as part of an international crackdown on cybercrime. https://securityaffairs.com/177590/cyber-crime/polish-police-arrested-4-people-behind-ddos-for-hire-platforms.html

๐ŸŽญ NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked security news โ€“ Following ransomware attacks on Marks & Spencer and Co-op, the NCSC warns that hackers are using social engineering to impersonate employees and exploit helpdesk staff for account access. https://www.exponential-e.com/blog/ncsc-warns-of-it-helpdesk-impersonation-trick-being-used-by-ransomware-gangs-after-uk-retailers-attacked

๐Ÿ•โ€๐Ÿฆบ DOGE software engineerโ€™s computer infected by info-stealing malware security news โ€“ Kyle Schutt, a software engineer at CISA, had his login credentials exposed multiple times in public leaks from info-stealing malware, raising concerns about potential access to sensitive government information. https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/

โœˆ๏ธ Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for โ€œDonnieโ€ Trump cybercrime โ€“ Hacktivists claiming to be part of Anonymous breached GlobalX Airlines, leaking flight records and passenger manifests related to US deportation flights while defacing the airline's website with a message targeting Trump. https://www.bitdefender.com/en-us/blog/hotforsecurity/hackers-globalx-message-trump

๐Ÿ›ก๏ธ FBI and Dutch police seize and shut down botnet of hacked routers cybercrime โ€“ A joint operation by the FBI and Dutch police dismantled a botnet of hacked routers used for cybercrime, indicting four individuals for running proxy services Anyproxy and 5Socks built on compromised devices. https://techcrunch.com/2025/05/09/fbi-and-dutch-police-seize-and-shut-down-botnet-of-hacked-routers/

๐Ÿ’ฐ German operation shuts down crypto mixer eXch, seizes millions in assets cybercrime โ€“ German police seized over $30 million in assets from the crypto mixer eXch, which was linked to laundering funds from the $1.46 billion Bybit hack, as part of a crackdown on money laundering activities. https://therecord.media/exch-cryptocurrency-mixer-germany-takedown

๐Ÿ”’ How to turn on Lockdown Mode for your iPhone and Mac privacy โ€“ Apple's Lockdown Mode enhances security for those facing sophisticated threats, limiting device functionality. It can be easily enabled or disabled on iPhones, iPads, and Macs through settings. https://www.theverge.com/tech/663794/lockdown-mode-iphone-mac-how-to

๐Ÿ’ฐ Google will pay Texas $1.4 billion over its location tracking practices privacy โ€“ Google will pay Texas $1.4 billion to settle lawsuits over unauthorized location tracking and biometric data retention, marking a significant victory for user privacy against Big Tech violations. https://securityaffairs.com/177683/laws-and-regulations/google-will-pay-texas-1-4-billion-over-its-location-tracking-practices.html


Some More, For the Curious

โš ๏ธ Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US security research โ€“ Researchers highlight security concerns over easyjson, an open source tool linked to a Russian company, fearing it could be exploited for espionage or cyberattacks against the US. https://www.wired.com/story/easyjson-open-source-vk-ties/

5๏ธโƒฃ 5 Common Cybersecurity Mistakes That Attackers Love cyber defense โ€“ Cybersecurity experts highlight five common mistakesโ€”improper secrets management, excessive user privileges, lack of network segmentation, overreliance on user training, and poor security detectionsโ€”that leave organizations vulnerable to attacks. https://bishopfox.com/blog/before-red-team-fix-these-5-common-mistakes

๐Ÿ’ณ Hundreds of e-commerce sites hacked in supply-chain attack security research โ€“ A supply-chain attack has compromised hundreds of e-commerce sites, injecting malware that steals payment information from visitors, linked to three software providers over six years. https://arstechnica.com/security/2025/05/hundreds-of-e-commerce-sites-hacked-in-supply-chain-attack/

โš–๏ธ Lawmakers grill Noem over CISA funding cuts, demand Trump cyber plan security news โ€“ Homeland Security Secretary Kristi Noem faced bipartisan criticism over a proposed $491 million budget cut to CISA, with lawmakers demanding details on the Trump administration's cyber strategy amid rising threats. https://therecord.media/noem-house-hearing-proposed-cisa-funding-cuts

๐Ÿ›ก๏ธ New 'Bring Your Own Installer (BYOI)' technique allows to bypass EDR vulnerability โ€“ A new BYOI technique allows attackers to exploit SentinelOne's upgrade process, disabling EDR protection and enabling Babuk ransomware deployment by interrupting the installation. https://securityaffairs.com/177494/hacking/new-bring-your-own-installer-byoi-technique-allows-to-bypass-edr.html

โžฐ Curl takes action against time-wasting AI bug reports security news โ€“ Curl founder Daniel Stenberg implements a checkbox for bug reports to filter out AI-generated submissions, citing their overwhelming volume and lack of validity as a drain on maintainers' resources. https://www.theregister.com/2025/05/07/curl_ai_bug_reports/

๐Ÿ”“ Play ransomware affiliate leveraged zero cybercrime โ€“ The Play ransomware gang exploited a Windows zero-day vulnerability (CVE-2025-29824) to gain SYSTEM privileges and deploy malware, including the Grixba infostealer, in targeted attacks. https://securityaffairs.com/177573/cyber-crime/play-ransomware-affiliate-leveraged-zero-day-to-deploy-malware.html

๐Ÿ’ป CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS vulnerability โ€“ A remote code execution vulnerability in macOS allows attackers to exploit ICC Profile files, potentially executing code on victims' machines. A patch has been released, but no attacks have been detected yet. https://www.thezdi.com/blog/2025/5/7/cve-2024-44236-remote-code-execution-vulnerability-in-apple-macos

๐Ÿ” CVE-2025-20188: Cisco Fixes 10.0-Rated Wireless Controller Flaw vulnerability โ€“ Cisco has patched a critical vulnerability (CVE-2025-20188) in its IOS XE Wireless Controller software that allows unauthenticated attackers to gain root access. Administrators are urged to apply fixes and check configurations. https://thecyberexpress.com/cisco-patches-cve-2025-20188/

๐Ÿซฆ The LockBit ransomware site was breached, database dump was leaked online cybercrime โ€“ The LockBit ransomware group's dark web site was breached, leaking a database with victim data, negotiation logs, and configurations, revealing insights into their operations and potential decryption keys. https://securityaffairs.com/177619/cyber-crime/the-lockbit-ransomware-site-was-breached-database-dump-was-leaked-online.html

๐Ÿ“… A timeline of South Korean telco giant SKT's data breach data breach โ€“ SK Telecom suffered a major data breach affecting 23 million customers, prompting investigations and customer backlash, as the company works to mitigate damage and replace compromised SIM cards. https://techcrunch.com/2025/05/08/a-timeline-of-south-korean-telco-giant-skts-data-breach/

๐Ÿ”’ SonicWall fixed SMA 100 flaws that could be chained to execute arbitrary code vulnerability โ€“ SonicWall patched three critical vulnerabilities in SMA 100 that could allow remote attackers to chain them for arbitrary code execution, including a potential zero-day. Users are advised to update to the latest version. https://securityaffairs.com/177626/hacking/sonicwall-fixed-sma-100-flaws-that-could-be-chained-to-execute-arbitrary-code.html

๐Ÿ”’ CVSS 10.0 Vulnerability Found in Ubiquity UniFi Protect Cameras vulnerability โ€“ Ubiquity disclosed critical vulnerabilities in UniFi Protect, including a CVSS 10.0 flaw (CVE-2025-23123) allowing remote code execution. Users are urged to update firmware and applications immediately to mitigate risks. https://thecyberexpress.com/ubiquity-unifi-protect-flaws-cve-2025-23123/


CISA Corner

๐Ÿ˜ถ Unsophisticated Cyber Actor(s) Targeting Operational Technology cyber defense โ€“ CISA warns of unsophisticated cyber actors targeting ICS/SCADA systems in U.S. critical infrastructure, urging asset owners to improve cyber hygiene to prevent potential operational disruptions and physical damage. https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2025-3248, a missing authentication vulnerability in Langflow, to its catalog, highlighting its active exploitation and risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/05/05/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has included CVE-2025-27363, an out-of-bounds write vulnerability in FreeType, in its catalog due to evidence of active exploitation posing risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/05/06/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has included two new OS command injection vulnerabilities (CVE-2024-6047 and CVE-2024-11120) in its catalog, highlighting their active exploitation and risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/05/07/cisa-adds-two-known-exploited-vulnerabilities-catalog

โš™๏ธ CISA Releases Three Industrial Control Systems Advisories vulnerability โ€“ CISA has issued three advisories regarding vulnerabilities in industrial control systems, urging users to review the advisories for technical details and recommended mitigations. https://www.cisa.gov/news-events/alerts/2025/05/06/cisa-releases-three-industrial-control-systems-advisories โš™๏ธ CISA Releases Five Industrial Control Systems Advisories vulnerability โ€“ CISA has issued five advisories regarding vulnerabilities in various Industrial Control Systems, urging users to review the details and recommended mitigations for enhanced security. https://www.cisa.gov/news-events/alerts/2025/05/08/cisa-releases-five-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐ŸŽฃ Zoom attack tricks victims into allowing remote access to install malware and steal money cybercrime โ€“ The ELUSIVE COMET group exploits Zoom to trick victims into granting remote access, allowing malware installation and asset theft. A recent attack succeeded on one CEO but failed on another. https://www.malwarebytes.com/blog/news/2025/04/zoom-attack-tricks-victims-into-allowing-remote-access-to-install-malware-and-steal-money

๐Ÿ’ณ NFC Fraud Wave: Evolution of Ghost Tap on the Dark Web cybercrime โ€“ NFC fraud is surging as cybercriminals exploit contactless payment systems for large-scale theft. The 'Ghost Tap' technique enables remote access to stolen data, posing serious security risks. https://www.resecurity.com/blog/article/nfc-fraud-wave-evolution-of-ghost-tap-on-the-dark-web

๐Ÿก Beware of this sneaky Google phishing scam warning โ€“ Scammers are using Google and PayPal tools to craft convincing fake emails that bypass security checks, making them harder to detect. Stay vigilant against these phishing attempts. https://www.theverge.com/news/652509/google-no-reply-dkim-phishing-scam

๐Ÿ’‚ How to Protect Yourself From Phone Searches at the US Border privacy โ€“ As border searches intensify, travelers should consider using a travel phone or modifying their primary device to minimize personal data. Simple precautions can help protect privacy during crossings. https://www.wired.com/story/how-to-protect-yourself-from-phone-searches-at-the-us-border/

๐Ÿ›๏ธ Marks & Spencer confirms cybersecurity incident amid ongoing disruption cybercrime โ€“ Marks & Spencer has confirmed a cybersecurity incident affecting its operations, causing disruptions in payment systems and order pickups. The retailer is investigating with external experts, but details on customer data impact remain unclear. https://techcrunch.com/2025/04/22/marks-spencer-confirms-cybersecurity-incident-amid-ongoing-disruption/

๐ŸŽฅ Beware of video call links that are attempts to steal Microsoft 365 access, researchers tell NGOs security news โ€“ Researchers warn that Russia-linked hackers are targeting NGOs with phishing attempts disguised as video call invitations to capture Microsoft 365 access tokens via OAuth. Vigilance is advised against unsolicited contacts. https://therecord.media/russia-linked-phishing-microsoft365-ukraine-ngos

โ›ช The Tech That Safeguards the Conclaveโ€™s Secrecy security news โ€“ As the Vatican prepares for the conclave to elect a new pope, advanced security measures like signal jammers, opaque window films, and thorough inspections are in place to ensure secrecy and integrity. https://www.wired.com/story/technology-used-to-shield-conclave-pope-francis/

๐Ÿ’ฐ EU fines Apple โ‚ฌ500 million and Meta โ‚ฌ200 million for breaking digital market rules security news โ€“ The European Commission fined Apple โ‚ฌ500 million and Meta โ‚ฌ200 million for violating the Digital Markets Act, marking the first penalties under the new regulations. Both companies plan to appeal the decisions. https://therecord.media/eu-fines-apple-steering-meta-data-privacy-dma

๐Ÿงฟ Blue Shield of California shared the private health data of millions with Google for years data breach โ€“ Blue Shield of California disclosed a data breach involving the sharing of sensitive health information with Google since 2021, affecting 4.7 million individuals. The data sharing ended in January 2024 due to a misconfiguration. https://techcrunch.com/2025/04/23/blue-shield-of-california-shared-the-private-health-data-of-millions-with-google-for-years/

ยฉ๏ธ WhatsApp now lets you block people from exporting your entire chat history privacy โ€“ WhatsApp's new 'Advanced Chat Privacy' feature allows users to prevent others from exporting chat histories and automatically downloading media, enhancing privacy in conversations, although it won't stop screenshots. https://www.theverge.com/news/654592/whatsapp-advanced-chat-privacy-block-exporting-chats

โšฐ๏ธ Crooks exploit the death of Pope Francis cybercrime โ€“ Cybercriminals are exploiting the death of Pope Francis to launch scams and spread malware, leveraging public emotion and curiosity. Strong security practices are essential to counter these risks. https://securityaffairs.com/176917/cyber-crime/crooks-exploit-the-death-of-pope-francis.html

๐ŸŒ Even the U.S. Government Says AI Requires Massive Amounts of Water security news โ€“ A new GAO report highlights the significant environmental costs of generative AI, emphasizing its heavy demand for power and water, raising concerns about its long-term societal impact. https://www.404media.co/even-the-u-s-government-says-ai-requires-massive-amounts-of-water/

๐ŸŽฎ UK bans export of video game controllers to Russia to hinder attack drone pilots security news โ€“ The UK government has banned the export of video game controllers to Russia to prevent their use in piloting drones in Ukraine. This is part of a broader sanctions package aimed at limiting Russia's war efforts. https://therecord.media/uk-bans-video-game-controllers

๐ŸคŒ Gmailโ€™s New Encrypted Messages Feature Opens a Door for Scams cybercrime โ€“ Google's new end-to-end encrypted email feature may enhance security but raises concerns about phishing scams targeting non-Gmail users, as scammers could exploit the invitation system to steal credentials. https://www.wired.com/story/gmail-end-to-end-encryption-scams/

๐Ÿ’ป North Korean IT workers seen using AI tools to scam firms into hiring them cybercrime โ€“ North Korean IT workers are leveraging generative AI tools to secure jobs at U.S. and European tech firms, facilitating their onboarding and communication while funneling earnings back to the DPRK government. https://therecord.media/north-korean-it-workers-seen-using-ai-recruitment-scams

๐Ÿฅด Government officials are kind of bad at the internet security news โ€“ U.S. officials, including Secretary of Defense Pete Hegseth, have mishandled sensitive information through tech blunders, such as sharing military plans in unsecured messaging apps, highlighting poor digital security practices. https://techcrunch.com/2025/04/26/government-officials-are-kind-of-bad-at-the-internet/

๐ŸŽ’ Storm-1977 targets education sector with password spraying security news โ€“ Microsoft reports that the threat actor Storm-1977 is conducting password spraying attacks on the education sector, using AzureChecker.exe to validate credentials and create resources for cryptomining. https://securityaffairs.com/177067/hacking/storm-1977-targets-education-sector-with-password-spraying-microsoft-warns.html

๐Ÿ”‘ Who needs phishing when your login's already in the wild? security news โ€“ Mandiant's report reveals that stolen credentials have become a major infection vector, surpassing email phishing. The rise in infostealers and cloud attacks emphasizes the need for multi-factor authentication. https://www.theregister.com/2025/04/23/stolen_credentials_mandiant/

๐Ÿฅ A Look at a Novel Discord Phishing Attack cybercrime โ€“ Researchers from Binary Defense investigated MalenuStealer, an infostealer exploiting compromised Discord accounts to distribute malware disguised as a beta game. The attack uses social engineering to trick users into downloading malicious software. https://www.binarydefense.com/resources/blog/a-look-at-a-novel-discord-phishing-attack/


Some More, For the Curious

๐Ÿคฌ Microsoftโ€™s patch for CVE-2025โ€“21204 symlink vulnerability introduces another symlink vulnerability vulnerability โ€“ A fix for a symlink vulnerability inadvertently creates another, allowing users to block future Windows updates, risking security. Microsoft has not yet addressed this issue. https://doublepulsar.com/microsofts-patch-for-cve-2025-21204-symlink-vulnerability-introduces-another-symlink-vulnerability-9ea085537741

๐Ÿ” CERT.at โ€“ DOGE, CISA, Mitre und CVE Published security news โ€“ Concerns arose when funding for the CVE system was threatened, but a solution was found. The CVE identifiers remain vital for effective vulnerability management across organizations. https://www.cert.at/de/blog/2025/4/doge-cisa-mitre-und-cve

๐ŸŽญ Example of a Payload Delivered Through Steganography malware โ€“ This article illustrates how steganography conceals malicious payloads in seemingly harmless images, making detection by security tools challenging. It explores obfuscation techniques used in malware. https://isc.sans.edu/diary/rss/31892

๐Ÿฆ  How Lumma Stealer sneaks into organizations malware โ€“ Lumma Stealer exploits fake CAPTCHA pages and other social engineering tactics to infiltrate systems, primarily targeting individuals and organizations. Its methods include DLL sideloading and malicious payload injections. https://securelist.com/lumma-fake-captcha-attacks-analysis/116274/

โณ Eight days from patch to exploitation for Microsoft flaw vulnerability โ€“ Just eight days after Microsoft patched CVE-2025-24054, attackers exploited it in campaigns against targets in Poland and Romania, highlighting urgent patching needs for NTLM vulnerabilities. https://www.theregister.com/2025/04/21/microsoft_apple_patch/

๐Ÿ—๏ธ Attacker Infrastructure cyber defense โ€“ The article discusses the various components and setups used by cybercriminals to conduct attacks, including servers, tools, and networks that facilitate malicious activities. https://vulncheck.com/blog/attacker-infrastructure

๐Ÿƒ Attackers stick with effective intrusion points, valid credentials and exploits security news โ€“ IBM X-Force's report reveals that identity-based attacks and exploitation of public-facing applications remain the top intrusion methods. Credential theft and phishing continue to rise, particularly in critical infrastructure sectors. https://cyberscoop.com/ibm-x-force-threat-intelligence-index-2025/

๐Ÿง‘โ€๐Ÿซ Ex-NSA boss: AI devs' lesson to learn from early infosec security news โ€“ Former NSA chief Mike Rogers urges AI developers to integrate security from the start, learning from cybersecurity's past mistakes, to avoid costly fixes later and ensure responsible use in national security. https://www.theregister.com/2025/04/23/exnsa_boss_ai/

๐Ÿ”ฎ A Vulnerable Future: MITREโ€™s Close Call in CVE Management cyber defense โ€“ MITRE faced a crisis regarding the CVE program's future but secured an 11-month contract extension. The incident highlights the need for robust vulnerability management practices amid uncertainty. https://jfrog.com/blog/mitres-close-call-in-cve-management/

๐Ÿƒ M-Trends 2025: Data, Insights, and Recommendations From the Frontlines security news โ€“ Mandiant's M-Trends 2025 report highlights evolving attack sophistication, particularly by China-linked groups using custom malware and zero-day vulnerabilities, while also noting a rise in credential theft as a major infection vector. https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/

โ›“๏ธโ€๐Ÿ’ฅ Ripple NPM supply chain attack hunts for private keys cybercrime โ€“ Compromised versions of the Ripple NPM package, xrpl, have been found to contain malware designed to steal private keys from users, affecting developers who interact with the cryptocurrency ledger. https://www.theregister.com/2025/04/23/ripple_npm_supply_chain/

โš–๏ธ DOGE Workerโ€™s Code Supports NLRB Whistleblower security research โ€“ A whistleblower alleges that Elon Musk's DOGE group illegally downloaded sensitive data from the NLRB using privileged accounts, raising concerns about unfair advantages in labor disputes and data security. https://krebsonsecurity.com/2025/04/doge-workers-code-supports-nlrb-whistleblower/

๐Ÿƒ VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025 security news โ€“ In Q1 2025, VulnCheck reported that attackers exploited nearly a third of vulnerabilities within a day of disclosure, identifying 159 actively exploited vulnerabilities and highlighting the need for rapid response to emerging threats. https://cyberscoop.com/vulncheck-known-exploited-cves-q1-2025/

โ›“๏ธ Operation SyncHole: Lazarus APT targets supply chains in South Korea security research โ€“ The Lazarus Group has launched Operation SyncHole, targeting at least six South Korean firms through cyber espionage, using malware like ThreatNeedle and exploiting vulnerabilities in local software for data theft. https://securityaffairs.com/176964/apt/operation-synchole-lazarus-apt-targets-supply-chains-in-south-korea.html

โš ๏ธ Critical Commvault Flaw Rated 10/10: CSA Urges Immediate Patching vulnerability โ€“ The CSA of Singapore warns of a critical vulnerability (CVE-2025-34028) in Commvault Command Center, rated 10/10, allowing remote code execution. Users are urged to update to patched versions immediately. https://thecyberexpress.com/commvault-vulnerability-cve-2025-34028/

๐Ÿšจ SAP zero-day vulnerability under widespread active exploitation vulnerability โ€“ A critical zero-day vulnerability (CVE-2025-31324) in SAP NetWeaver systems allows unauthorized file uploads, leading to full system compromise. Active exploitation is reported, urging immediate patching for affected customers. https://cyberscoop.com/sap-netweaver-zero-day-exploit-cve-2025-31324/

๐Ÿ“ฑ How to Root Android Phones hacking write-up โ€“ This guide explains rooting Android devices, detailing the process for both emulators and physical phones like the Pixel 6. It discusses the pros and cons of rooting, including the benefits for testing applications and the associated security risks. https://www.blackhillsinfosec.com/how-to-root-android-phones/

๐Ÿž How a 20 year old bug in GTA San Andreas surfaced in Windows 11 24H2 security news โ€“ A long-standing bug in GTA San Andreas caused the Skimmer plane to disappear on Windows 11 24H2 due to changes in how the OS handles stack memory, exposing uninitialized variables and corrupting game data. https://cookieplmonster.github.io/2025/04/23/gta-san-andreas-win11-24h2-bug/

๐Ÿ›ก๏ธ io_uring Rootkit Bypasses Linux Security Tools security research โ€“ ARMO researchers reveal a significant security gap in Linux due to the io_uring interface, allowing rootkits to evade detection by traditional security tools. Their rootkit, Curing, exploits this blind spot, underscoring the need for improved detection methods like KRSI. https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/


CISA Corner

โš™๏ธ CISA Releases Five Industrial Control Systems Advisories vulnerability โ€“ CISA issued five advisories on April 22, 2025, addressing vulnerabilities in various ICS products, including Siemens and Schneider Electric systems. Users are urged to review for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/22/cisa-releases-five-industrial-control-systems-advisories โš™๏ธ CISA Releases Seven Industrial Control Systems Advisories vulnerability โ€“ CISA issued seven advisories on April 24, 2025, addressing vulnerabilities in various ICS products, including Schneider Electric and Johnson Controls. Users are urged to review for technical details and mitigations. https://www.cisa.gov/news-events/alerts/2025/04/24/cisa-releases-seven-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿ•ต๏ธ Chrome extensions with 6 million installs have hidden tracking code malware โ€“ 57 risky Chrome extensions, used by 6 million, secretly track users and access sensitive data. Some have been removed, but others still pose a threat. https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/

๐Ÿ’ป The Most Dangerous Hackers Youโ€™ve Never Heard Of cybercrime โ€“ A roundup of recent cybersecurity incidents, including a suspected breach of 4chan, the rise of smishing scams, and vulnerabilities in government cybersecurity programs. https://www.wired.com/story/most-dangerous-hackers-youve-never-heard-of/

๐ŸŽค Silicon Valley crosswalk buttons hacked to imitate Musk, Zuckerberg's voices security news โ€“ Audio traffic crosswalk buttons in Silicon Valley were hacked to play AI-generated messages mimicking Elon Musk and Mark Zuckerberg, raising concerns over security and potential hacktivism. https://techcrunch.com/2025/04/14/silicon-valley-crosswalk-buttons-hacked-to-imitate-musk-zuckerberg-voices/

๐Ÿ—‚๏ธ Don't delete inetpub folder. It's a Windows security fix vulnerability โ€“ The newly created inetpub folder on Windows systems post-update is a security measure to prevent privilege escalation vulnerabilities. Users are advised to keep it intact. https://www.theregister.com/2025/04/14/windows_update_inetpub/

๐Ÿ•น๏ธ Infinity Global Servicesโ€™ Cyber Park Launches โ€œBeacon in the Darkโ€ โ€“ A New Cyber Security Escape Room Adventure security news โ€“ The new escape room 'Beacon in the Dark' challenges players to solve cyber risk puzzles, enhancing awareness about threats like credential theft. It's a fun way to learn about cybersecurity! https://blog.checkpoint.com/infinity-global-services/infinity-global-services-cyber-park-launches-beacon-in-the-dark-a-new-cyber-security-escape-room-adventure/

โš ๏ธ Microsoftโ€™s Recall AI Tool Is Making an Unwelcome Return privacy โ€“ A series of incidents highlight the risks of AI mismanagement, including a chatbot creating false policies and government officials exposing sensitive data on Venmo. https://www.wired.com/story/microsoft-recall-returns-privacy/

๐Ÿ” Meta will use public EU user data to train its AI models privacy โ€“ Meta plans to resume using public data from EU users to train its AI models, emphasizing user choice and transparency while addressing prior data protection concerns raised by regulators. https://securityaffairs.com/176569/digital-id/meta-will-use-public-eu-user-data-to-train-its-ai-models.html

๐Ÿš— Hertz says customers' personal data and driver's licenses stolen in data breach data breach โ€“ Hertz has notified customers of a data breach involving personal data and driver's licenses, attributed to a cyberattack on vendor Cleo. The breach affects thousands across several countries. https://techcrunch.com/2025/04/14/hertz-says-customers-personal-data-and-drivers-licenses-stolen-in-data-breach/

๐Ÿ“ฑ Report: EC issues burner phones for visits to US security news โ€“ The European Commission is providing burner devices to staff visiting the US to prevent espionage, reflecting growing concerns over cybersecurity and strained transatlantic relations. https://www.theregister.com/2025/04/15/ec_burner_devices/

๐Ÿ’ธ Inside the Economy of AI Spammers Getting Rich By Exploiting Disasters and Misery cybercrime โ€“ The article explores how accounts like FutureRiderUS profit from creating AI-generated disaster content, manipulating emotions for views, while ethical concerns about misinformation and audience deception grow. https://www.404media.co/inside-the-economy-of-ai-spammers-getting-rich-by-exploiting-disasters-and-misery/

๐Ÿ”’ Android phones will soon reboot if theyโ€™re locked for a few days security news โ€“ Android devices will now require users to enter their PIN after three days of inactivity to enhance security, helping protect user data from unauthorized access. https://www.theverge.com/news/648757/google-android-update-automatic-reboot-phone-locked

๐Ÿ’ป 4chanโ€™s โ€˜cesspool of the internetโ€™ is down after apparently being hacked security news โ€“ 4chan's forums are currently inaccessible, leading to speculation and unverified rumors regarding potential data leaks following an apparent hack of the site. https://www.theverge.com/news/648908/4chan-hacked-down-outage-leak

๐Ÿ“œ Hereโ€™s What Happened to Those SignalGate Messages security news โ€“ Attorneys allege that the Trump administration used disappearing Signal messages to evade transparency laws regarding military operations, with new court filings revealing inconsistent efforts to preserve these communications. https://www.wired.com/story/heres-what-happened-to-those-signalgate-messages/

๐Ÿ›’ Massenhaft irrefรผhrende Werbung von problematischen Online warning โ€“ Problematic online shops are using misleading advertising on social media, particularly on Meta platforms, claiming fake sales and non-existent stores, often featuring AI-generated images and deceptive return policies. https://www.watchlist-internet.at/news/irrefuehrende-werbung-auf-meta-plattformen/

๐ŸงŠ ICE Just Paid Palantir Tens of Millions for โ€˜Complete Target Analysis of Known Populationsโ€™ security news โ€“ ICE has contracted Palantir for tens of millions to enhance its database for target analysis and enforcement priorities, raising concerns about potential rights violations and the impact on immigrant communities. https://www.404media.co/ice-just-paid-palantir-tens-of-millions-for-complete-target-analysis-of-known-populations/

๐Ÿšจ Whistleblower describes how DOGE tore through NLRB IT system security news โ€“ An NLRB tech staffer alleges DOGE operatives were granted unauthorized superuser access, leading to data exfiltration attempts and a Russian IP login. Democratic lawmakers call for an investigation into potential misconduct. https://www.theregister.com/2025/04/17/whistleblower_nlrb_doge/

๐Ÿ”’ Apple released emergency updates for actively exploited flaws vulnerability โ€“ Apple has issued urgent updates for iOS, iPadOS, and macOS to fix two vulnerabilities, CVE-2025-31200 and CVE-2025-31201, which have been exploited in sophisticated attacks against targeted individuals. https://securityaffairs.com/176644/security/apple-emergency-updates-actively-exploited-ios-ipados-macos-bugs.html

โœ๏ธ Florida draft law mandating encryption backdoors for social media accounts billed 'dangerous and dumb' privacy โ€“ A Florida draft bill requiring social media platforms to provide encryption backdoors for law enforcement has passed a committee vote. Critics argue it undermines user security and compromises private communications. https://techcrunch.com/2025/04/17/florida-draft-law-mandating-encryption-backdoors-for-social-media-accounts-billed-dangerous-and-dumb/

๐Ÿ’ณ New payment-card scam involves a phone call, some malware and a personal tap cybercrime โ€“ A new scam targets Android users, using social engineering and NFC-enabled malware called SuperCard X to steal payment card information by tricking victims into sharing details and bringing cards near infected devices. https://therecord.media/new-payment-card-scam-involves-malware-tap


Some More, For the Curious

๐ŸŽ How I Got Hacked: A Warning about Malicious PoCs hacking write-up โ€“ After running a seemingly legitimate PoC exploit, the author unwittingly installed malware that stole sensitive data. A cautionary tale highlighting the risks of unverified code. https://chocapikk.com/posts/2025/s1nk/

๐Ÿฆธโ€โ™‚๏ธ PowerShell for Hackers: Exploitation Essentials hacking write-up โ€“ PowerShell is a powerful tool for attackers, blending in with normal operations and allowing stealthy post-exploitation activities. Defenders must enhance their security measures against its misuse. https://hetmehta.com/posts/powershell-for-hackers/

๐Ÿ” iDRAC to Domain Admin security research โ€“ A penetration tester shares a method for escalating privileges to domain admin via iDRAC, highlighting vulnerabilities like default credentials and IPMI hash disclosure. https://infosecwriteups.com/idrac-to-domain-admin-4acb89391070

๐Ÿ”ง p0dalirius/FindUnusualSessions: A tool to remotely detect unusual sessions opened on windows machines using RPC cyber defense โ€“ FindUnusualSessions is a Python tool that detects unusual remote sessions on Windows machines using RPC, offering various authentication methods and output formats for analysis. Comment: TOOL https://github.com/p0dalirius/FindUnusualSessions

โฐ Analysis of Threat Actor Activity warning โ€“ Fortinet reports a threat actor exploiting known vulnerabilities to maintain read-only access to FortiGate devices. They have implemented mitigations and urged customers to update their systems promptly. https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity

๐Ÿ” Chinese espionage group leans on open-source tools to mask intrusions security research โ€“ The Chinese hacking group UNC5174 is using open-source tools like VShell and WebSockets to blend in with cybercriminal activity while targeting Western entities, indicating a shift in their tactics. https://cyberscoop.com/chinese-espionage-group-unc5174-open-source-tools/

โš”๏ธ China accuses NSA of launching cyberattacks on Asian Winter Games security news โ€“ China has accused three alleged NSA employees of conducting cyberattacks during the Asian Winter Games, claiming they targeted critical infrastructure and event management systems. https://therecord.media/china-accuses-nsa-hack-asian-winter-games

๐ŸงŸ LLMs Create a New Supply Chain Threat: Code Package Hallucinations vulnerability โ€“ Code-generating LLMs can create non-existent package references, leading to security risks as attackers exploit these 'hallucinations' to distribute malicious code. Researchers emphasize the need for detection and mitigation strategies. https://thecyberexpress.com/genai-llm-code-package-hallucinations/

๐Ÿข The Sophos Annual Threat Report: Cybercrime on Main Street 2025 cyber defense โ€“ The report highlights the continued threat of ransomware to small and midsized businesses, noting a rise in attacks, evolving tactics, and the importance of securing network edge devices and adopting defense-in-depth strategies. https://news.sophos.com/en-us/2025/04/16/the-sophos-annual-threat-report-cybercrime-on-main-street-2025/

๐Ÿคฏ Researchers claim breakthrough in fight against AIโ€™s frustrating security hole security research โ€“ Google DeepMind introduces CaMeL, a new method to combat prompt injection attacks in AI by treating language models as untrusted components and applying established security principles to ensure safe data handling. https://arstechnica.com/information-technology/2025/04/researchers-claim-breakthrough-in-fight-against-ais-frustrating-security-hole/

๐Ÿ›ก๏ธ Former CISA director Chris Krebs vows to fight back against Trump-ordered federal investigation security news โ€“ Chris Krebs, former CISA director, plans to resign from SentinelOne to contest a federal investigation ordered by Trump, which accuses him of falsely denying election fraud and stripped him of his security clearance. https://techcrunch.com/2025/04/16/former-cisa-director-chris-krebs-vows-to-fight-back-against-trump-ordered-federal-investigation/

โš ๏ธ โ€˜Stupid and Dangerousโ€™: CISA Funding Chaos Threatens Essential Cybersecurity Program security news โ€“ CISA renewed funding for the CVE Program amid concerns over its sustainability, as it plays a critical role in tracking software vulnerabilities. Future independence from government funding is uncertain. https://www.wired.com/story/cve-program-cisa-funding-chaos/

๐Ÿ“  Age Verification Using Facial Scans privacy โ€“ Discord is testing facial scansprivacy for age verification, claiming no biometric data is stored. https://www.schneier.com/blog/archives/2025/04/age-verification-using-facial-scans.html


CISA Corner

๐Ÿ”‘ CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise warning โ€“ CISA warns of potential unauthorized access to a legacy Oracle cloud environment, highlighting risks related to exposed credentials that could lead to unauthorized access across systems and long-term security threats. https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise

โš™๏ธ CISA Releases Nine Industrial Control Systems Advisories vulnerability โ€“ CISA has issued nine advisories detailing vulnerabilities and security issues for various Industrial Control Systems, urging users to review the advisories for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/15/cisa-releases-nine-industrial-control-systems-advisories โš™๏ธ CISA Releases Six Industrial Control Systems Advisories vulnerability โ€“ CISA has issued six advisories detailing vulnerabilities in various Industrial Control Systems, urging users to review them for important security information and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/17/cisa-releases-six-industrial-control-systems-advisories

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2021-20035, a SonicWall SMA100 Appliances OS command injection vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting its active exploitation and risk to federal networks. https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added three vulnerabilities, including two Apple memory corruption issues and a Microsoft NTLM hash disclosure vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation concerns. https://www.cisa.gov/news-events/alerts/2025/04/17/cisa-adds-three-known-exploited-vulnerabilities-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

๐Ÿ” Regierung will Messenger-รœberwachung vor dem Sommer beschlieรŸen privacy โ€“ Die รถsterreichische Regierung plant, die รœberwachung von Messenger-Diensten zur Bekรคmpfung von Terrorismus einzufรผhren, trotz Bedenken รผber mรถgliche Massenรผberwachung und verfassungsrechtliche Fragen. https://futurezone.at/netzpolitik/messenger-ueberwachung-whatsapp-oesterreich-regierung-chat-staatstrojaner-oevp-spoe-neos-pegasus/403030634


News For All

๐ŸŽจ Social Media Flooded with Ghibli AI Imagesโ€”But What Are We Really Feeding the Algorithms? privacy โ€“ The viral trend of AI-generated Ghibli-style portraits raises privacy concerns as users unknowingly share sensitive facial data, potentially fueling identity theft and misuse of personal information. https://thecyberexpress.com/social-media-flooded-with-ghibli-ai-images/

๐Ÿ™ˆ UK's demand for Apple backdoor should not be heard in secret, says court privacy โ€“ The UK government lost its attempt to keep secret a surveillance order against Apple, allowing parts of the case to be public despite national security concerns over accessing encrypted data. https://techcrunch.com/2025/04/07/uk-demand-for-apple-backdoor-should-not-be-heard-in-secret-says-court/

๐Ÿ˜ถโ€๐ŸŒซ๏ธ Oracle tells customers its public cloud was compromised data breach โ€“ Oracle has admitted to a data breach of its public cloud, revealing the theft of client data, including security keys, after initially denying the incident amid claims of exploitation of unpatched vulnerabilities. https://www.theregister.com/2025/04/08/oracle_cloud_compromised/

๐Ÿค– Russian bots hard at work spreading political unrest on Romania's internet security news โ€“ An investigation reveals a surge in pro-Russian propaganda on Romanian social media, inciting anti-EU sentiment and support for Putin, with bots promoting divisive messages and false narratives. https://www.bitdefender.com/en-us/blog/hotforsecurity/russian-bots-hard-at-work-spreading-political-unrest-on-romanias-internet

๐Ÿ”’ Google fixed two actively exploited Android zero vulnerability โ€“ Google's April 2025 security update fixed 62 vulnerabilities, including two actively exploited zero-days affecting the Linux kernel and ALSA USB audio, highlighting ongoing security risks in Android. https://securityaffairs.com/176337/hacking/google-fixed-two-actively-exploited-android-zero-days.html

๐Ÿ” To tackle espionage, Dutch government plans to screen university students and researchers security news โ€“ The Dutch government plans to vet university students and researchers accessing sensitive technology to combat espionage, assessing backgrounds amid rising concerns over foreign threats, particularly from China. https://therecord.media/netherlands-plan-vetting-researchers-students-espionage

๐Ÿ”ง WhatsApp fixed a spoofing flaw that could enable Remote Code Execution vulnerability โ€“ WhatsApp patched CVE-2025-30401, a spoofing vulnerability in Windows versions before 2.2450.6, allowing attackers to execute remote code by sending files with misleading MIME types. https://securityaffairs.com/176357/security/whatsapp-fixed-a-spoofing-flaw-that-could-enable-remote-code-execution.html

๐Ÿ—ผ Governments identify dozens of Android apps bundled with spyware malware โ€“ A coalition of governments has revealed that numerous legitimate-looking Android apps, identified as spyware families BadBazaar and Moonshine, were used to target civil society groups opposing Chinese state interests. https://techcrunch.com/2025/04/09/governments-identify-dozens-of-android-apps-bundled-with-spyware/

๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ Spyware Maker NSO Group Is Paving a Path Back Into Trumpโ€™s America cybercrime โ€“ NSO Group is shifting lobbying strategies to regain access to US markets under a new administration, raising concerns about surveillance and human rights abuses. https://www.wired.com/story/nso-group-the-vogel-group-lobbying-trump-administration/

๐Ÿ›ก๏ธ Cyber experts offer lukewarm praise for voluntary code governing use of commercial hacking tools security news โ€“ Cybersecurity professionals gave mixed reviews to a new voluntary code for using commercial hacking tools, expressing cautious optimism while noting concerns over human rights and the absence of the U.S. as a signatory. https://cyberscoop.com/pall-mall-process-global-cybersecurity-code-conduct-commercial-hacking-tools/

๐Ÿฉป Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs malware โ€“ A researcher discovered 35 suspicious Chrome extensions, collectively installed on over 4 million devices, that exhibit spyware-like behavior, including excessive permissions and obfuscated code, raising concerns about their safety. https://arstechnica.com/security/2025/04/researcher-uncovers-dozens-of-sketchy-chrome-extensions-with-4-million-installs/

๐Ÿ’” Lab provider for Planned Parenthood discloses breach affecting 1.6 million people data breach โ€“ Laboratory Services Cooperative reported a data breach affecting 1.6 million individuals, revealing sensitive medical and personal information after a cyberattack discovered in October. Victims are offered credit monitoring services. https://therecord.media/lab-provider-planned-parenthood-breach

๐Ÿ“จ That groan you hear is usersโ€™ reaction to Recall going back into Windows security news โ€“ Microsoft is reintroducing Recall, an AI tool in Windows 11 that screenshots and indexes user activity, prompting privacy concerns despite opt-in features. Critics warn it could expose sensitive information and be exploited by malicious actors. https://arstechnica.com/security/2025/04/microsoft-is-putting-privacy-endangering-recall-back-into-windows-11/

โš ๏ธ Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw vulnerability โ€“ Attackers are actively exploiting a critical vulnerability (CVE-2025-3102) in the OttoKit WordPress plugin, allowing unauthorized admin account creation on unconfigured sites. Immediate updates are advised to mitigate risks. https://securityaffairs.com/176461/security/ottokit-wordpress-plugin-flaw-exploitation.html

๐Ÿ’ป Back in the Game: Privacy Concerns of Second-Hand Game Consoles security research โ€“ Game consoles have been able to store personally identifiable information for years; what is less well known is what remains when they are bought or sold on the second-hand market. We share the results of two case studies on Nintendo devices: the Switch and the 3DS. https://www.computer.org/csdl/magazine/sp/5555/01/10960377/25LWluDWP8A


Some More, For the Curious

๐Ÿ›ž The Renaissance of NTLM Relay Attacks: Everything You Need to Know hacking write-up โ€“ NTLM relay attacks, once thought outdated, are resurging as a serious threat, allowing attackers to easily compromise systems through lateral movement without needing to crack passwords. https://posts.specterops.io/the-renaissance-of-ntlm-relay-attacks-everything-you-need-to-know-abfc3677c34e

๐ŸŽฃ VibeScamming โ€” From Prompt to Phish: Benchmarking Popular AI Agentsโ€™ Resistance to the Dark Side security research โ€“ A new benchmark reveals how generative AI can easily facilitate phishing scams, with different AI platforms showing varied levels of resistance to misuse, raising urgent security concerns. https://labs.guard.io/vibescamming-from-prompt-to-phish-benchmarking-popular-ai-agents-resistance-to-the-dark-side-1ec2fbdf0a35

๐Ÿค” The controversial case of the threat actor EncryptHub cybercrime โ€“ EncryptHub, a conflicted figure in cybersecurity, reported two Windows vulnerabilities while also engaging in cybercrime, highlighting the balance between ethical research and criminal activity. https://securityaffairs.com/176251/cyber-crime/the-controversial-case-of-the-threat-actor-encrypthub.html

๐Ÿˆ APT group ToddyCat exploits a vulnerability in ESET for DLL proxying security research โ€“ The ToddyCat APT group exploited a vulnerability in ESET's Command Line Scanner to execute malware stealthily, utilizing DLL proxying and an old malicious tool modified for their purposes. https://securelist.com/toddycat-apt-exploits-vulnerability-in-eset-software-for-dll-proxying/116086/

๐Ÿ”๏ธ Someone hacked ransomware gang Everestโ€™s leak site security news โ€“ The Everest ransomware gang's leak site was hacked and defaced with a message against crime, though it remains unclear if a data breach occurred. https://techcrunch.com/2025/04/07/someone-hacked-everest-ransomware-gang-dark-web-leak-site/

๐Ÿ’ป Windows Remote Desktop Protocol: Remote to Rogue cyber defense โ€“ A phishing campaign attributed to UNC5837 exploited RDP by using signed .rdp files to access victim systems, allowing file exfiltration and clipboard capture, underscoring RDP's security risks. https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol/

๐Ÿ›ก๏ธ Server in der EU und eigene Schlรผssel: Schรผtzt das vor US-Zugriffen? privacy โ€“ Despite claims from US cloud providers about data security in EU data centers, physical server locations and encryption measures do not guarantee protection from US government access due to laws like the CLOUD Act. https://www.kuketz-blog.de/server-in-der-eu-und-eigene-schluessel-schuetzt-das-vor-us-zugriffen/

๐Ÿ”’ Zero Day Initiative โ€” The April 2025 Security Update Review security news โ€“ In April 2025, Adobe and Microsoft released updates addressing multiple vulnerabilities, including critical flaws in Adobe products and 124 CVEs from Microsoft, with a focus on security risks and active exploits. https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review

๐Ÿ‘ง โ€œThe girl should be calling men.โ€ Leak exposes Black Bastaโ€™s influence tactics. security research โ€“ A leak of 190,000 messages from the Black Basta ransomware group reveals their structured operations, including social engineering tactics, vulnerability exploitation, and negotiation strategies during ransom demands. https://arstechnica.com/security/2025/04/leaked-messages-expose-trade-secrets-of-prolific-black-basta-ransomware-group/

๐Ÿ”‘ Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords vulnerability โ€“ Fortinet has patched a critical vulnerability (CVE-2024-48887) in FortiSwitch devices, allowing remote attackers to change admin passwords. Users are advised to disable HTTP/HTTPS access as a temporary measure. https://securityaffairs.com/176380/security/fortinet-fortiswitch-flaw.html

๐Ÿ› How cyberattackers exploit domain controllers using ransomware cyber defense โ€“ Cyberattackers are increasingly targeting domain controllers in ransomware attacks, leveraging high-privilege accounts and centralized network access to inflict widespread damage, necessitating enhanced security measures. https://www.microsoft.com/en-us/security/blog/2025/04/09/how-cyberattackers-exploit-domain-controllers-using-ransomware/

๐Ÿฉผ Tainted drive appears to be source of malware attack on Western military mission in Ukraine security research โ€“ The Russia-backed group Gamaredon exploited an infected removable drive to deploy updated GammaSteel malware against a Ukraine-based military mission, showcasing increased sophistication in their cyberespionage tactics. https://therecord.media/gamaredon-removable-drive-malware-western-military-mission-ukraine

๐Ÿ–– AI Vulnerability Finding security news โ€“ Microsoft's AI has identified multiple vulnerabilities in GRUB2 and U-Boot, which could potentially allow attackers to bypass security on devices using UEFI Secure Boot. https://www.schneier.com/blog/archives/2025/04/ai-vulnerability-finding.html

๐Ÿงง China Secretly (and Weirdly) Admits It Hacked US Infrastructure security news โ€“ In a rare admission, Chinese officials acknowledged hacking U.S. infrastructure during a secret meeting, attributing the attacks to U.S. policies on Taiwan. The disclosure adds tension amid ongoing cybersecurity concerns. https://www.wired.com/story/china-admits-hacking-us-infrastructure/

๐Ÿšง STRIDE GPT cyber defense โ€“ STRIDE GPT is an AI-driven threat modeling tool that generates threat models and attack trees based on the STRIDE methodology, allowing users to input application details and providing various features such as risk scoring and customizable reports. https://github.com/mrwadams/stride-gpt


CISA Corner

๐Ÿ—ž๏ธ Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities security news โ€“ Fortinet issued an advisory regarding a threat actor exploiting vulnerabilities in FortiGate products to create a malicious file that grants read-only access to device files. Users are advised to upgrade their systems and reset credentials. https://www.cisa.gov/news-events/alerts/2025/04/11/fortinet-releases-advisory-new-post-exploitation-technique-known-vulnerabilities

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2025-31161, an authentication bypass vulnerability in CrushFTP, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, emphasizing the risk to federal networks. https://www.cisa.gov/news-events/alerts/2025/04/07/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog: CVE-2025-30406 related to Gladinet CentreStack and CVE-2025-29824 affecting Microsoft Windows, highlighting risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/04/08/cisa-adds-two-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has included two Linux kernel vulnerabilities, CVE-2024-53197 and CVE-2024-53150, in its Known Exploited Vulnerabilities Catalog due to active exploitation, highlighting risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/04/09/cisa-adds-two-known-exploited-vulnerabilities-catalog

โš™๏ธ CISA Releases Ten Industrial Control Systems Advisories vulnerability โ€“ CISA issued ten advisories on April 10, 2025, addressing vulnerabilities in various Industrial Control Systems, including Siemens and Rockwell Automation products, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2025/04/10/cisa-releases-ten-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿš— Europcar GitLab breach exposes data of up to 200,000 customers data breach โ€“ A breach of Europcar's GitLab exposed source code and personal data of up to 200,000 customers, with no financial information compromised. The company is assessing the damage and notifying affected users. https://www.bleepingcomputer.com/news/security/europcar-gitlab-breach-exposes-data-of-up-to-200-000-customers/

๐Ÿ“ฑ Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon security research โ€“ Phishing attacks are evolving with QR codes that disguise malicious URLs, using legitimate redirection techniques and human verification to enhance deception. This trend highlights the need for improved security awareness. https://unit42.paloaltonetworks.com/qr-code-phishing/

๐Ÿ’ธ ยฃ3 million fine for healthcare MSP with sloppy security after it was hit by ransomware attack security news โ€“ Advanced Computer Software Group was fined ยฃ3 million for inadequate security measures, leading to a ransomware attack that compromised personal data of over 79,000 individuals and disrupted NHS services. https://www.exponential-e.com/blog/3-million-fine-for-healthcare-msp-with-sloppy-security-after-it-was-hit-by-ransomware-attack

๐Ÿ›ก๏ธ Flirts: Was tun, wenn ich mit Nacktfotos erpresst werde? privacy โ€“ The Take It Down service helps individuals under 18 report and prevent the unwanted spread of intimate images on various platforms, ensuring their photos remain secure. https://www.watchlist-internet.at/news/online-flirts-was-tun-wenn-ich-mit-nacktfotos-erpresst-werde/

๐Ÿšจ An AI Image Generatorโ€™s Exposed Database Reveals What People Really Used It For data breach โ€“ An exposed database from AI image generator GenNomis revealed over 95,000 explicit images, including AI-generated child sexual abuse material. This incident underscores the urgent need for better controls and regulations on AI-generated content. https://www.wired.com/story/genomis-ai-image-database-exposed/

๐Ÿ“ฉ The Weaponization of PDFs: 68% of Cyber attacks begin in your inbox, with 22% of these hiding in PDFs cybercrime โ€“ PDFs are increasingly used in cyber attacks, with 22% of malicious email attachments hiding threats. Their complexity allows attackers to bypass security measures, making them a significant risk. https://blog.checkpoint.com/research/the-weaponization-of-pdfs-68-of-cyberattacks-begin-in-your-inbox-with-22-of-these-hiding-in-pdfs/

๐Ÿงฌ Open Source Genetic Database Shuts Down to Protect Users From 'Authoritarian Governments' security news โ€“ OpenSNP founder Bastian Greshake Tzovaras has shut down the genetic database due to concerns over its potential misuse by authoritarian governments, prioritizing user safety over scientific data preservation. https://www.404media.co/open-source-genetic-database-opensnp-shuts-down-to-protect-users-from-authoritarian-governments/

๐Ÿจ The North Korea worker problem is bigger than you think cybercrime โ€“ North Korean nationals have infiltrated global businesses, gaining high-level access and performing roles beyond IT. Their presence raises significant security concerns as they could exploit their positions for espionage or sabotage. https://cyberscoop.com/north-korea-technical-workers-full-time-jobs/

๐Ÿ”ฅ Oracle under fire for its handling of separate security incidents security news โ€“ Oracle faces backlash for its management of two data breaches, one involving patient data at Oracle Health and another regarding alleged Oracle Cloud server breaches, as transparency remains lacking. https://techcrunch.com/2025/03/31/oracle-under-fire-for-its-handling-of-separate-security-incidents/

โš–๏ธ Franceโ€™s antitrust authority fines Apple โ‚ฌ150M for issues related to its App Tracking Transparency security news โ€“ France fines Apple โ‚ฌ150M for abusing its market dominance in App Tracking Transparency practices, found to disadvantage third-party apps and distort competition, despite the framework's intended privacy goals. https://securityaffairs.com/176092/laws-and-regulations/frances-antitrust-authority-fines-apple-e150m.html

๐Ÿ” Cybersecurity Professor Mysteriously Disappears as FBI Raids His Homes security news โ€“ Professor Xiaofeng Wang, a prominent cybersecurity expert, has gone missing following FBI raids on his homes. Indiana University has erased his and his wife's profiles amid an unexplained investigation. https://www.wired.com/story/cybersecurity-professor-mysteriously-disappears-as-fbi-raids-his-homes/

๐Ÿ” European Commission takes aim at end-to-end encryption and proposes Europol become an EU FBI security news โ€“ The European Commission unveiled its ProtectEU strategy, aiming to enhance internal security and establish Europol as a robust police agency, while seeking lawful access to encrypted data amidst ongoing security challenges. https://therecord.media/european-commission-takes-aim-encryption-europol-fbi-proposal

๐Ÿชฑ Apple issues fixes for vulnerabilities in both old and new OS versions vulnerability โ€“ Apple released security updates addressing 62 vulnerabilities in iOS and iPadOS, 131 in macOS, and two zero-day vulnerabilities in older OS versions, including risks to sensitive data and unauthorized actions. https://cyberscoop.com/apple-security-update-march-2025/

๐Ÿ“ง Trump adviser reportedly used personal Gmail for โ€˜sensitiveโ€™ military discussions security news โ€“ A Washington Post report raises concerns about US National Security Advisor Michael Waltz using personal Gmail for sensitive military discussions, following a recent Signal leak. https://www.theverge.com/news/641144/michael-waltz-gmail-national-security-signal

๐Ÿšจ T-Mobile Shows Users the Names, Pictures, and Exact Locations of Random Children privacy โ€“ T-Mobile's SyncUP GPS tracker malfunctioned, displaying the real-time locations of random children instead of users' own kids, raising serious privacy concerns among parents. https://www.404media.co/t-mobile-shows-users-the-names-pictures-and-exact-locations-of-random-children/

๐Ÿšซ CSAM platform Kidflix shut down by international operation cybercrime โ€“ A major international operation led to the shutdown of the CSAM platform Kidflix, resulting in 79 arrests and the protection of 39 children, with authorities seizing 72,000 illegal videos. https://therecord.media/csam-platform-kidflix-shut-down-europol

โš ๏ธ AI bots strain Wikimedia as bandwidth surges 50% security news โ€“ Wikimedia Foundation reports a 50% increase in bandwidth usage due to AI bots scraping data for training models, straining resources and impacting service for human users. The organization calls for responsible use of infrastructure and better coordination with AI developers. https://arstechnica.com/information-technology/2025/04/ai-bots-strain-wikimedia-as-bandwidth-surges-50/

๐Ÿ“ฑ New Triada Trojan comes preinstalled on Android devices malware โ€“ A new variant of the Triada trojan has been found preinstalled on counterfeit Android devices, enabling extensive data theft. Kaspersky reports over 2,600 infections in Russia, urging users to buy from authorized distributors. https://securityaffairs.com/176143/malware/new-triada-comes-preinstalled-on-android-devices.html

๐Ÿฆ  This sneaky Android spyware needs a password to uninstall. Here's how to remove it without one. security research โ€“ A stealthy Android spyware app blocks uninstallation with a password set by the installer. Users can remove it by rebooting into safe mode, which disables the app, allowing for its uninstallation. https://techcrunch.com/2025/04/03/this-sneaky-android-spyware-needs-a-password-to-uninstall-heres-how-to-remove-it-without-one/

๐Ÿ” Gmail unveils end-to-end encrypted messages. Only thing is: Itโ€™s not true E2EE. privacy โ€“ Google's new 'end-to-end encryption' for Gmail is criticized as not being true E2EE, as keys are managed by organizations, allowing potential access to messages. The feature simplifies compliance for businesses but may not ensure privacy for individual users. https://arstechnica.com/security/2025/04/are-new-google-e2ee-emails-really-end-to-end-encrypted-kinda-but-not-really/

๐Ÿ’ฐ Threat actors leverage tax season to deploy tax-themed phishing campaigns warning โ€“ As Tax Day approaches, Microsoft warns of phishing campaigns using tax themes to steal credentials and deploy malware, leveraging tactics like URL shorteners and QR codes. Various malware, including BRc4 and Latrodectus, are being used to exploit users during this period. https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/

๐Ÿ“ฑ White House reportedly blames auto-suggested iPhone contact for Signal scandal security news โ€“ An internal investigation revealed that National Security Adviser Mike Waltz accidentally added Atlantic editor Jeffrey Goldberg to a Signal group chat due to an iPhone auto-suggestion. https://techcrunch.com/2025/04/06/white-house-reportedly-blames-auto-suggested-iphone-contact-for-signal-scandal/

๐Ÿ–จ๏ธ Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security vulnerability โ€“ Canon has issued a security update for CVE-2025-1268, a critical buffer overflow vulnerability in certain printer drivers that could allow unauthorized code execution. Users are advised to update their drivers to mitigate risks. https://thecyberexpress.com/canon-printer-vulnerability-cve-2025-1268/


Some More, For the Curious

๐ŸฆŠ PhaaS actor uses DoH and DNS MX to dynamically distribute phishing cybercrime โ€“ A phishing-as-a-service platform named Morphing Meerkat uses DNS techniques to create targeted phishing campaigns, dynamically serving fake login pages for over 100 brands, enhancing the threat landscape. https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/

๐Ÿ“ˆ Heightened In-The-Wild Activity On Key Technologies Observed On March 28 security research โ€“ A significant increase in attacks targeting technologies like SonicWall and Zoho suggests threat actors are actively probing for vulnerabilities. Security teams must enhance monitoring and patch systems promptly. https://www.greynoise.io/blog/heightened-in-the-wild-activity-key-technologies

๐Ÿฆฎ New guidance on securing HTTP-based APIs cyber defense โ€“ With increasing API use, security breaches are rising. New guidance addresses vulnerabilities like poor authentication and insufficient monitoring to help organizations protect their systems and customer data. https://www.ncsc.gov.uk/blog-post/new-guidance-on-securing-http-based-apis

๐Ÿง‘โ€๐Ÿซ Mark of the Web (MoTW) Bypass Vulnerability security research โ€“ Recent vulnerabilities in the Mark of the Web (MoTW) feature allow attackers to bypass security warnings and execute malware without detection, highlighting the need for updated security measures. https://asec.ahnlab.com/en/87091/

๐Ÿšจ CrushFTP CVE-2025-2825 flaw actively exploited in the wild vulnerability โ€“ A critical authentication bypass vulnerability, CVE-2025-2825, in CrushFTP is being actively exploited, allowing unauthenticated access to vulnerable devices. Users are urged to patch immediately or implement temporary security measures. https://securityaffairs.com/176097/hacking/crushftp-cve-2025-2825-flaw-actively-exploited.html

๐Ÿ”๏ธ Spike in Palo Alto Networks scanner activity suggests imminent cyber threats warning โ€“ Researchers at GreyNoise report a surge in scanning activity targeting Palo Alto Networks GlobalProtect portals, with over 24,000 unique IPs probing for vulnerabilities, indicating potential preparations for targeted attacks. https://securityaffairs.com/176108/hacking/spike-in-palo-alto-networks-scanner-activity-suggests-imminent-cyber-threats.html

๐Ÿซ Getting Started with AI Hacking: Part 1 security research โ€“ Brian Fehrman from BHIS introduces AI hacking, focusing on classifier models and adversarial examples. The post covers image classification hacking, malware classifiers, model extraction, and data poisoning attacks, highlighting vulnerabilities in AI systems. https://www.blackhillsinfosec.com/getting-started-with-ai-hacking-part-1/

๐ŸŒ Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) security research โ€“ Ivanti disclosed a critical buffer overflow vulnerability (CVE-2025-22457) in Ivanti Connect Secure VPN appliances, with evidence of active exploitation by suspected China-nexus actor UNC5221, leading to the deployment of various malware families. https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/

โš ๏ธ NSA warns โ€œfast fluxโ€ threatens national security. What is fast flux anyway? security news โ€“ The NSA warns that 'fast flux' techniques, used by cybercriminals and nation-state actors, complicate detection of malicious operations by rapidly changing IP addresses and DNS records, posing significant threats to national security. https://arstechnica.com/security/2025/04/nsa-warns-that-overlooked-botnet-technique-threatens-national-security/

๐Ÿชช Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC security research โ€“ A Polish researcher used ChatGPT-4o to generate a realistic replica of his passport in five minutes, exposing vulnerabilities in KYC systems that rely on photo verification. The incident raises concerns about identity theft and calls for stronger digital verification methods. https://securityaffairs.com/176224/security/chatgpt-4o-to-create-a-replica-of-his-passport-in-just-five-minutes.html

๐Ÿคซ 39M secrets exposed: GitHub rolls out new security tools security news โ€“ GitHub revealed that 39 million secrets were leaked in 2024, prompting the launch of new security tools, including standalone Secret Protection and enhanced scanning features to help developers secure sensitive data. https://securityaffairs.com/176170/security/39m-secrets-exposed-github-rolls-out-new-security-tools.html


CISA Corner

โš™๏ธ CISA Releases Two Industrial Control Systems Advisories vulnerability โ€“ CISA issued two advisories on April 1, 2025, addressing security vulnerabilities in Rockwell Automation and Hitachi Energy ICS. Users are urged to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/01/cisa-releases-two-industrial-control-systems-advisories โš™๏ธ CISA Releases Five Industrial Control Systems Advisories vulnerability โ€“ On April 3, 2025, CISA released five advisories addressing security vulnerabilities in various Industrial Control Systems, urging users to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/03/cisa-releases-five-industrial-control-systems-advisories

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has included CVE-2024-20439, a vulnerability in Cisco's Smart Licensing Utility, in its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, emphasizing the need for federal agencies to address it. https://www.cisa.gov/news-events/alerts/2025/03/31/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2025-24813, a vulnerability in Apache Tomcat, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, highlighting risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/04/01/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457) vulnerability โ€“ Ivanti has released security updates for CVE-2025-22457, a vulnerability that could allow cyber attackers to take control of affected systems. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog and urges users to patch their systems and conduct threat hunting actions. https://www.cisa.gov/news-events/alerts/2025/04/04/ivanti-releases-security-updates-connect-secure-policy-secure-zta-gateways-vulnerability-cve-2025


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐ŸŽฎ New Phishing Campaign Uses Browser-in-the-Browser Attacks to Target Video Gamers/Counter-Strike 2 Players cybercrime โ€“ A phishing campaign targets Counter-Strike 2 players using fake browser pop-ups to steal Steam account credentials, potentially reselling them. Be cautious of misleading login prompts! https://www.silentpush.com/blog/browser-in-the-browser-attacks/

๐Ÿงฌ 23andMe faces an uncertain future โ€” so does your genetic data privacy โ€“ 23andMe is facing bankruptcy after a significant data breach, raising concerns about the fate of its 15 million customers' genetic data. Customers are urged to consider deleting their accounts to protect their information. https://techcrunch.com/2025/03/24/23andme-faces-an-uncertain-future-so-does-your-genetic-data/

๐Ÿ—บ๏ธ More Countries are Demanding Backdoors to Encrypted Apps privacy โ€“ Countries like Sweden and France are pushing for backdoors in encrypted apps, following the UKโ€™s lead with Apple. Such measures threaten user privacy and security, warns Schneier. https://www.schneier.com/blog/archives/2025/03/more-countries-are-demanding-back-doors-to-encrypted-apps.html

๐Ÿ”‘ The Best Password Managers to Secure Your Digital Life security news โ€“ The article reviews various password managers, highlighting their features and security benefits. It emphasizes the importance of using a password manager for protecting online accounts and suggests options like Bitwarden, 1Password, and Dashlane as top choices. Comment: Please, use a password manager! https://www.wired.com/story/best-password-managers/

๐Ÿœ Chinese APT Weaver Ant infiltrated a telco for over four years cybercrime โ€“ APT Weaver Ant, linked to China, compromised a telecom provider for over four years using advanced web shells for persistence and data exfiltration. https://securityaffairs.com/175800/apt/chinese-apt-weaver-ant-infiltrated-a-telco-for-over-four-years.html

๐Ÿ’ธ US lifts sanctions on Tornado Cash, a crypto mixer linked to North Korean money laundering security news โ€“ The U.S. Treasury has lifted sanctions on Tornado Cash, a crypto mixer previously linked to laundering $7 billion for North Korean hackers, following a legal dispute. Concerns about ongoing crypto threats remain. https://techcrunch.com/2025/03/24/us-lifts-sanctions-on-tornado-cash-a-crypto-mixer-linked-to-north-korean-money-laundering/

๐Ÿ›ก๏ธ How to Enter the US With Your Digital Privacy Intact privacy โ€“ Traveling to the U.S. poses risks to digital privacy, prompting experts to recommend using minimal data devices, encrypting information, and being cautious with passwords to protect against customs searches. https://www.wired.com/2017/02/guide-getting-past-customs-digital-privacy-intact/

๐Ÿ•ต๏ธโ€โ™€๏ธ Report on Paragon Spyware cybercrime โ€“ Citizen Lab's report reveals Paragon Solutions, an Israeli spyware company, linked to law enforcement in Canada and a zero-click exploit affecting WhatsApp users. Forensic analyses confirmed spyware presence on targeted devices. https://www.schneier.com/blog/archives/2025/03/report-on-paragon-spyware.html

๐ŸŽฃ A Sneaky Phish Just Grabbed my Mailchimp Mailing List data breach โ€“ A phishing attack targeted the author's Mailchimp account, leading to unauthorized access and the export of a mailing list containing 16,000 records. The incident highlights the importance of vigilance against phishing attempts. Comment: It can happen to anybody. https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

๐Ÿฅ‰ Generative AI browser extensions not great for privacy privacy โ€“ Researchers found that generative AI browser extensions often collect sensitive personal data with minimal safeguards, potentially violating privacy regulations. They urge better vetting and design improvements to protect user privacy. https://www.theregister.com/2025/03/25/generative_ai_browser_extensions_privacy/

๐Ÿฅพ Privacy-boosting tech could prevent breaches, data misuse with government aid, report says privacy โ€“ A report recommends that governments prioritize privacy-enhancing technologies (PETs) like encryption and de-identification to prevent data breaches and misuse, advocating for incentives and long-term contracts to support their advancement. https://cyberscoop.com/privacy-boosting-tech-could-prevent-breaches-data-misuse-with-government-aid-report-says/

๐Ÿ“ฑ Senators criticize Trump officialsโ€™ discussion of war plans over Signal, but administration answers donโ€™t come easily security news โ€“ Democratic senators criticized national security officials for discussing war plans on Signal, which included a journalist. Officials struggled to provide clear answers on specifics, raising concerns about the use of the app for sensitive discussions. https://cyberscoop.com/democratic-senators-question-national-security-officials-over-war-plans-signal-chat/

๐ŸงŸ Open source devs say AI crawlers dominate traffic, forcing blocks on entire countries security news โ€“ Open source developers report that aggressive AI crawlers are overwhelming their infrastructure, causing instability and prompting measures like VPNs and proof-of-work challenges. https://arstechnica.com/ai/2025/03/devs-say-ai-crawlers-dominate-traffic-forcing-blocks-on-entire-countries/

๐Ÿ” How to tell if your online accounts have been hacked security news โ€“ As hackers increasingly target individuals, it's crucial to know how to check if your online accounts have been compromised. The article outlines steps for securing various accounts, including Gmail, Facebook, and more, emphasizing the importance of multi-factor authentication. https://techcrunch.com/2025/03/25/how-to-tell-if-your-online-accounts-have-been-hacked/

๐Ÿ” Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists vulnerability โ€“ Google has patched a zero-day vulnerability (CVE-2025-2783) in Chrome exploited in a hacking campaign targeting journalists via phishing emails. https://techcrunch.com/2025/03/26/google-fixes-chrome-zero-day-security-flaw-used-in-hacking-campaign-targeting-journalists/

๐ŸŒ‰ You Need to Use Signal's Nickname Feature security news โ€“ Following a significant leak involving U.S. officials discussing sensitive plans in a Signal group chat, the article highlights the importance of using Signal's nickname feature to prevent similar mistakes when adding contacts. https://www.404media.co/you-need-to-use-signals-nickname-feature/

๐Ÿ“ท UK's first permanent facial recognition cameras installed privacy โ€“ The Metropolitan Police will install the UK's first permanent live facial recognition cameras in Croydon to combat crime. Privacy advocates warn this expands state surveillance and may infringe on individual rights. https://www.theregister.com/2025/03/27/uk_facial_recognition/

โš ๏ธ When Getting Phished Puts You in Mortal Danger security research โ€“ Uncovered a Russian phishing campaign targeting individuals seeking to join anti-Kremlin paramilitary groups, potentially endangering their freedom or lives. The campaign uses fake recruitment sites to collect personal information, highlighting the dangers of cyber deception. https://krebsonsecurity.com/2025/03/when-getting-phished-puts-you-in-mortal-danger/

๐Ÿ›ก๏ธ Browser extension sales, updates pose hidden threat to enterprises security news โ€“ Browser extensions can be bought and repurposed without warning, posing security risks for organizations. Users often remain unaware of ownership changes, leading to potential malicious exploitation of sensitive data. https://cyberscoop.com/browser-extension-sales-permissions-hidden-threat/

๐ŸฆŠ Mozilla fixed critical Firefox vulnerability CVE-2025-2857 vulnerability โ€“ Mozilla addressed a critical vulnerability (CVE-2025-2857) in Firefox for Windows that could lead to a sandbox escape. This follows a similar issue in Chrome, which was actively exploited. https://securityaffairs.com/175945/security/mozilla-fixed-critical-firefox-vulnerability-cve-2025-2857.html

๐Ÿ’ป VanHelsing Ransomware: What You Need To Know security news โ€“ VanHelsing is a new ransomware-as-a-service operation targeting various platforms. It allows affiliates to launch attacks while keeping 80% of ransom payments. Organizations are urged to implement strong security measures to protect against potential attacks. https://www.tripwire.com/state-of-security/vanhelsing-ransomware-what-you-need-know

๐Ÿ”“ Oracle has reportedly suffered 2 separate breaches exposing thousands of customersโ€˜ PII data breach โ€“ Oracle is facing reports of two data breaches: one involving Oracle Health, exposing patient data, and another involving Oracle Cloud, with 6 million records of authentication data. The company has not confirmed these breaches. https://arstechnica.com/security/2025/03/oracle-is-mum-on-reports-it-has-experienced-2-separate-data-breaches/


Some More, For the Curious

๐Ÿ—„๏ธ Fileless lateral movement with trapped COM objects security research โ€“ Researchers have developed a fileless lateral movement technique using trapped COM objects to exploit DCOM, enabling privilege escalation and bypassing security protections. This method raises significant security concerns. https://www.ibm.com/think/news/fileless-lateral-movement-trapped-com-objects

๐Ÿ›ณ๏ธ Bypassing Detections with Command-Line Obfuscation security research โ€“ Command-line obfuscation can evade detection by altering executable arguments. The new tool, ArgFuscator, aids in generating these obfuscated commands, posing significant challenges for security measures. https://www.wietzebeukema.nl/blog/bypassing-detections-with-command-line-obfuscation

โ˜‘๏ธ Despite challenges, the CVE program is a public-private partnership that has shown resilience security news โ€“ The CVE program, established 25 years ago, remains vital for cybersecurity, despite challenges like data quality and funding. Experts praise its resilience and importance in identifying vulnerabilities. https://cyberscoop.com/cve-program-history-mitre-nist-1999-2024/

โš ๏ธ CVE-2025-29927 โ€“ Authorization Bypass Vulnerability in Next.js: All You Need to Know vulnerability โ€“ A critical authorization bypass vulnerability (CVE-2025-29927) affects multiple Next.js versions, allowing attackers to bypass security checks. Users are advised to upgrade or mitigate by blocking the vulnerable header. https://jfrog.com/blog/cve-2025-29927-next-js-authorization-bypass/

โš–๏ธ Tor-backer OTF sues to save its funding from Trump cuts security news โ€“ The Open Technology Fund is suing the Trump administration to prevent the cancellation of its federal funding, fearing it will hinder internet security projects like Tor and Let's Encrypt, vital for global online privacy. https://www.theregister.com/2025/03/25/otf_tor_lets_encrypt_funding_lawsuit/

๐Ÿ“บ Authentication bypass CVE-2025-22230 impacts VMware Windows Tools vulnerability โ€“ CVE-2025-22230 is a high-severity authentication bypass vulnerability in VMware Tools for Windows, allowing low-privileged attackers to escalate privileges. Security updates have been released to address the flaw. https://securityaffairs.com/175858/security/authentication-bypass-cve-2025-22230-in-vmware-tools-for-windows.html

๐Ÿ”” Kritische Sicherheitslรผcken in Kubernetes Ingress NGINX Controller โ€“ Updates verfรผgbar warning https://www.cert.at/de/warnungen/2025/3/kubernetes-ingress-nginx-controller-vulnerabilities

๐Ÿ…ฐ๏ธ Austria uncovers alleged Russian disinformation campaign spreading lies about Ukraine security news โ€“ Austrian authorities revealed a Russian disinformation campaign aimed at spreading false narratives about Ukraine, linked to a Bulgarian woman accused of spying. The operation targeted German-speaking countries and utilized online misinformation and nationalist symbols. https://therecord.media/austria-uncovers-russian-disinfo-campaign

๐Ÿ”’ Go-Spoof: A Tool for Cyber Deception hacking write-up โ€“ Ben Bowman from Black Hills Information Security discusses Go-Spoof, a revamped tool for cyber deception that makes all ports appear open with fake banners, enhancing security and complicating attackers' efforts. https://www.blackhillsinfosec.com/go-spoof-a-tool-for-cyber-deception/

๐Ÿฅฉ Stealing user credentials with evilginx hacking write-up โ€“ Evilginx is a tool that exploits vulnerabilities to steal user credentials and session tokens, allowing attackers to bypass multi-factor authentication. The article discusses how it works, detection methods, and potential mitigations to protect against such attacks. https://news.sophos.com/en-us/2025/03/28/stealing-user-credentials-with-evilginx/

โ›” What not to do with on prem virtualization cyber defense โ€“ The article discusses common misconfigurations in on-premises virtual machine environments, highlighting risks such as unencrypted VM backups and broken tiering that can lead to privilege escalation and security breaches. It emphasizes the importance of access control and integrity in securing virtual systems. https://therealunicornsecurity.github.io/What-not-to-do-with-vms/


CISA Corner

๐Ÿฆ  MAR-25993211-r1.v1 Ivanti Connect Secure (RESURGE) malware โ€“ The article details a backdoor dropper rootkit named RESURGE, identified by CISA. The malware targets GNU/Linux systems, with specific signatures and capabilities. Antivirus detection has classified it as a variant of Linux/SpawnSnail.A trojan. https://www.cisa.gov/news-events/analysis-reports/ar25-087a

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2025-30154, a vulnerability in GitHub Actions, to its Known Exploited Vulnerabilities Catalog due to active exploitation risks, emphasizing the need for federal agencies to remediate it promptly. https://www.cisa.gov/news-events/alerts/2025/03/24/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has included CVE-2025-2783, a Google Chromium Mojo sandbox escape vulnerability, in its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, urging federal agencies to address the risk promptly. https://www.cisa.gov/news-events/alerts/2025/03/27/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added two Sitecore CMS vulnerabilities (CVE-2019-9874 and CVE-2019-9875) to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, emphasizing the need for federal agencies to remediate these risks promptly. https://www.cisa.gov/news-events/alerts/2025/03/26/cisa-adds-two-known-exploited-vulnerabilities-catalog

โš™๏ธ CISA Releases Four Industrial Control Systems Advisories vulnerability โ€“ CISA has issued four advisories regarding vulnerabilities in Industrial Control Systems, including products from ABB and Rockwell Automation. Users are urged to review the advisories for details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/03/25/cisa-releases-four-industrial-control-systems-advisories โš™๏ธ CISA Releases One Industrial Control Systems Advisory vulnerability โ€“ CISA has issued an advisory (ICSA-25-037-01) regarding a vulnerability in Schneider Electric's EcoStruxure Power Monitoring Expert. Users are urged to review the advisory for details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/03/27/cisa-releases-one-industrial-control-systems-advisory


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

๐Ÿ”Š Everything You Say to Your Echo Will Soon Be Sent to Amazon, and You Canโ€™t Opt Out privacy โ€“ Amazon's new Alexa+ will send all voice recordings to the cloud, eliminating local processing and raising significant privacy concerns for Echo users. https://www.wired.com/story/everything-you-say-to-your-echo-will-be-sent-to-amazon-starting-march-28/


News For All

๐ŸŽญ Scammers Pose as Cl0p Ransomware to Send Fake Extortion Letters cybercrime โ€“ Scammers are impersonating the Cl0p ransomware gang to send fake extortion emails and letters, leveraging fear and misinformation to defraud businesses. https://hackread.com/scammers-pose-cl0p-ransomware-fake-extortion-letters/

๐Ÿ”‘ RDP attack: Which passwords are hackers using against RDP ports in 2025? security research โ€“ Research shows hackers are targeting RDP ports using weak passwords like '123456' and 'P@ssw0rd', highlighting the need for stronger password policies and multi-factor authentication. https://specopssoft.com/blog/passwords-used-in-attacking-rdp-ports/

๐Ÿ’ป Free file converter malware scam โ€œrampantโ€ claims FBI warning โ€“ The FBI warns that free file converter tools are spreading malware, compromising personal data like passwords and social security numbers, urging users to be cautious. https://www.bitdefender.com/en-us/blog/hotforsecurity/free-file-converter-malware-scam-rampant-claims-fbi

๐Ÿ Apple has revealed a Passwords app vulnerability that lasted for months vulnerability โ€“ A bug in the iOS 18.2 Passwords app exposed users to phishing attacks for three months by sending unencrypted requests. Apple has since released a patch to address the issue. https://www.theverge.com/news/632108/apple-ios-passwords-app-bug-vulnerability-phishing-attacks

๐Ÿค– Trained on buggy code, LLMs often parrot same mistakes security research โ€“ Researchers found that large language models frequently reproduce buggy code instead of correcting it, with error rates nearly equal for both correct and buggy completions, highlighting limitations in handling complex code. https://www.theregister.com/2025/03/19/llms_buggy_code/

๐ŸŽฃ Attackers use CSS to create evasive phishing messages security news โ€“ Threat actors exploit CSS to bypass spam filters and track user behavior, using techniques to conceal phishing content in emails and gather sensitive data on recipients. https://securityaffairs.com/175512/security/attackers-use-css-to-create-evasive-phishing-messages.html

๐Ÿšจ People Are Using AI to Create Influencers With Down Syndrome Who Sell Nudes cybercrime โ€“ A network of Instagram accounts uses AI to create deepfake influencers with Down syndrome, stealing content from real creators and monetizing it on adult platforms, leading to a disturbing new industry. https://www.404media.co/people-are-using-ai-to-create-influencers-with-down-syndrome-who-sell-nudes/

๐Ÿ” Six additional countries identified as suspected Paragon spyware customers privacy โ€“ Citizen Lab identified six new countries as suspected customers of Paragon Solutions' spyware, raising concerns over its use against activists and the company's claims of responsible sales practices. https://cyberscoop.com/six-countries-suspected-paragon-spyware-customers/

๐Ÿ”“ US teachers' union says hackers stole sensitive personal data on over 500,000 members data breach โ€“ The Pennsylvania State Education Association reported a cyberattack that compromised sensitive personal data of over 517,000 members, including Social Security numbers and financial information. https://techcrunch.com/2025/03/19/us-teachers-union-says-hackers-stole-sensitive-personal-data-on-over-500000-members/

๐Ÿ“ต Turkey restricts social media following arrest of presidentโ€™s main rival security news โ€“ Turkey has restricted access to major social media platforms after the arrest of Istanbul Mayor Ekrem ฤฐmamoฤŸlu, sparking public protests and highlighting ongoing government crackdowns on dissent. https://therecord.media/turkey-restricts-social-media-imamoglu-arrest

๐Ÿ”’ WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware vulnerability โ€“ WhatsApp addressed a zero-click vulnerability exploited by Paragon's Graphite spyware to target journalists and civil society members, disrupting a campaign that affected over 90 users. https://securityaffairs.com/175629/security/whatsapp-fixed-zero-day-flaw-used-to-deploy-paragon-graphite-spyware-spyware.html

๐Ÿ” Data breach at stalkerware SpyX affects close to 2 million, including thousands of Apple users data breach โ€“ A data breach at SpyX exposed personal data of nearly 2 million users, including Apple account credentials, raising concerns about the risks associated with consumer-grade spyware. https://techcrunch.com/2025/03/19/data-breach-at-stalkerware-spyx-affects-close-to-2-million-including-thousands-of-apple-users/

๐Ÿ”’ BlackLock Ransomware: What You Need To Know cybercrime โ€“ BlackLock is a rapidly growing ransomware group that encrypts and exfiltrates data, operating under a RaaS model. It has launched numerous attacks across various sectors and employs aggressive recruitment tactics. https://www.tripwire.com/state-of-security/blacklock-ransomware-what-you-need-know

๐Ÿ—บ๏ธ Google sues alleged scammers over 10,000 fake Maps listings security news โ€“ Google is suing a network of scammers for creating 10,000 fake business listings on Maps, following a tip-off from a locksmith. The company blocked 12 million fake businesses in 2023. https://www.theverge.com/news/633601/google-sues-fake-business-scams-maps

๐ŸŒ Major web services go dark in Russia amid reported Cloudflare block security news โ€“ Widespread outages in Russia, attributed to the blocking of Cloudflare, affected services like TikTok and banking apps, as regulators push for local hosting to improve internet security. https://therecord.media/russia-websites-dark-reported-cloudflare-block

๐ŸŒ How to Avoid US-Based Digital Servicesโ€”and Why You Might Want To privacy โ€“ Amid concerns over Big Tech's alignment with the Trump administration, many are moving their digital lives to overseas services to protect privacy and data rights, exploring various non-US alternatives. https://www.wired.com/story/trump-era-digital-expat/

๐ŸŒ€ Cloudflare turns AI against itself with endless maze of irrelevant facts security news โ€“ Cloudflare launched 'AI Labyrinth' to combat unauthorized AI data scraping by enticing bots into a maze of fake content, wasting their resources instead of blocking them outright. https://arstechnica.com/ai/2025/03/cloudflare-turns-ai-against-itself-with-endless-maze-of-irrelevant-facts/

๐Ÿ•น๏ธ Valve removes video game demo suspected of being malware malware โ€“ Valve has removed the game demo for 'Sniper: Phantomโ€™s Resolution' from Steam after users reported it was installing malware, following a similar incident with another game last month. https://techcrunch.com/2025/03/21/valve-removes-video-game-demo-suspected-of-being-malware/


Some More, For the Curious

๐Ÿ”“ Supply Chain Security Risk: GitHub Action tj-actions/changed-files Compromised security research โ€“ A vulnerability in GitHub Action tj-actions/changed-files exposes sensitive CI/CD secrets in build logs, risking unauthorized access for users with public repositories. Comment: the big one this week. https://www.aquasec.com/blog/github-action-tj-actions-changed-files-compromised/

๐Ÿ‘ฝ Security Risks of Setting Access Control Allow Origin: * cyber defense โ€“ Using a wildcard CORS policy can expose applications to serious security risks, especially when combined with insecure cookie settings, allowing attackers to exploit authenticated sessions. https://projectblack.io/blog/security-risks-of-setting-access-control-allow-origin/

๐Ÿ•ต๏ธโ€โ™‚๏ธ BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle Technique security research โ€“ Mandiant reveals the Browser-in-the-Middle (BitM) technique allows attackers to steal session tokens quickly, emphasizing the need for robust security measures like hardware-based MFA and client certificates. https://cloud.google.com/blog/topics/threat-intelligence/session-stealing-browser-in-the-middle/

โš™๏ธ Improvements in Brute Force Attacks security research โ€“ New research reveals significant advancements in GPU-assisted brute force attacks on cryptographic algorithms, highlighting the need for stronger key lengths as optimized methods greatly reduce attack times. https://www.schneier.com/blog/archives/2025/03/improvements-in-brute-force-attacks.html

๐Ÿ’ฐ Microsoft identifies new RAT targeting cryptocurrency wallets and more malware โ€“ Microsoft discovered StilachiRAT, a stealthy remote access trojan that steals sensitive data from cryptocurrency wallets and Chrome, and manipulates system settings to evade detection. https://therecord.media/stilachirat-new-remote-access-trojan-crypto-wallets

๐Ÿ”’ Microsoft isn't fixing 8-year-old zero day used for spying security news โ€“ Microsoft is not addressing an eight-year-old vulnerability exploited by state-sponsored attackers through malicious .LNK files, deeming it a UI issue rather than a security concern. https://www.theregister.com/2025/03/18/microsoft_trend_flaw/

๐ŸŽฎ New Arcane stealer spreading via YouTube and Discord malware โ€“ The Arcane stealer, distributed through YouTube videos and Discord, targets sensitive data from various applications and gaming clients, using deceptive methods to install malware on victims' devices. https://securelist.com/arcane-stealer/115919/

๐Ÿ› ๏ธ Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks security research โ€“ The 'Rules File Backdoor' attack exploits AI code editors like GitHub Copilot to inject malicious code via hidden Unicode, compromising software without detection and posing significant risks. https://securityaffairs.com/175593/hacking/rules-file-backdoor-ai-code-editors-silent-supply-chain-attacks.html

๐Ÿ“ฐ Ransomware-Gruppen nutzen weiterhin kritische Fortinet-Schwachstellen โ€“ Warnung vor gepatchten, aber bereits kompromittierten Gerรคten warning https://www.cert.at/de/warnungen/2025/3/ransomware-gruppen-nutzen-weiterhin-kritische-fortinet-schwachstellen-warnung-vor-gepatchten-aber-bereits-kompromittierten-geraten

๐Ÿšจ Critical GitHub Attack security research โ€“ A cascading supply chain attack has compromised multiple GitHub Actions, exposing critical secrets in over 23,000 repositories. CISA has confirmed the vulnerability was patched in version 46.0.1. Comment: the big one again. https://www.schneier.com/blog/archives/2025/03/critical-github-attack.html

๐Ÿ’ฐ Russian zero-day seller is offering up to $4 million for Telegram exploits cybercrime โ€“ Operation Zero is offering up to $4 million for Telegram exploits, reflecting the demand from the Russian government for vulnerabilities in popular messaging apps, particularly amidst security concerns. https://techcrunch.com/2025/03/21/russian-zero-day-seller-is-offering-up-to-4-million-for-telegram-exploits/

๐ŸงŸ 'Dead simple' RCE exploit in Apache Tomcat under attack vulnerability โ€“ A newly disclosed vulnerability in Apache Tomcat (CVE-2025-24813) allows remote code execution and is actively being exploited, requiring no authentication to attack vulnerable servers. https://www.theregister.com/2025/03/18/apache_tomcat_java_rce_flaw/

๐Ÿ”’ Veeam fixed critical Backup & Replication flaw CVE vulnerability โ€“ Veeam patched a critical vulnerability (CVE-2025-23120) in its Backup & Replication software that allowed remote code execution by authenticated users, addressing the issue in version 12.3.1. https://securityaffairs.com/175674/slider/veeam-critical-backup-replication-vulnerability.html


CISA Corner

๐Ÿ” Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066 security news โ€“ The tj-actions/changed-files GitHub Action was compromised, exposing sensitive information like access keys and tokens. A patch has been released, and related actions may also be at risk. Comment: the big one this week. https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066

โš™๏ธ CISA Releases Seven Industrial Control Systems Advisories vulnerability โ€“ CISA issued seven advisories detailing vulnerabilities in various Industrial Control Systems, urging users to review the advisories for technical insights and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/03/18/cisa-releases-seven-industrial-control-systems-advisories โš™๏ธ CISA Releases Five Industrial Control Systems Advisories vulnerability โ€“ CISA issued five advisories regarding vulnerabilities in various Industrial Control Systems, urging users to review them for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/03/20/cisa-releases-five-industrial-control-systems-advisories

โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added two vulnerabilities to its catalog due to active exploitation: an authentication bypass in Fortinet's FortiOS and malicious code in tj-actions/changed-files GitHub Action. https://www.cisa.gov/news-events/alerts/2025/03/18/cisa-adds-two-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added three vulnerabilities to its catalog due to active exploitation: an OS command injection in Edimax cameras, an absolute path traversal in NAKIVO, and a directory traversal in SAP NetWeaver. https://www.cisa.gov/news-events/alerts/2025/03/19/cisa-adds-three-known-exploited-vulnerabilities-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿ’ป Npm Run Hack:Me โ€“ A Supply Chain Attack Journey cybercrime โ€“ A freelance developer fell victim to a supply chain attack after running a seemingly harmless npm command, compromising their system and exposing sensitive data. https://rxj.dev/posts/npm-run-hack-supply-chain-attack-journey/

๐Ÿ Fake Reddit and WeTransfer pages are spreading stealer malware malware โ€“ A massive cybercriminal operation is impersonating WeTransfer and Reddit through 1,000 fake sites to distribute Lumma stealer malware, targeting sensitive data on users' systems. https://moonlock.com/fake-reddit-wetransfer-lumma-stealer

๐Ÿ”‘ India wants cloud and email backdoors for tax authorities privacy โ€“ India's government proposes giving tax authorities access to private digital records, including emails and cloud servers, raising concerns over warrantless surveillance and privacy rights. https://www.theregister.com/2025/03/09/asia_tech_news_roundup/

๐Ÿ•ธ๏ธ Thousands of WordPress Websites Infected with Malware malware โ€“ Thousands of WordPress sites have been infected with malware featuring four backdoors, allowing attackers persistent access and control through various malicious means. https://www.schneier.com/blog/archives/2025/03/thousands-of-wordpress-websites-infected-with-malware.html

๐Ÿช FBI Denver Warns of Online File Converter Scam cybercrime โ€“ Cyber criminals are exploiting free online document converters to spread malware, risking victims' personal and financial information. Stay alert and report incidents to protect yourself. https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam

๐Ÿฅ Two Rhysida healthcare attacks pwned 300K patients' data data breach โ€“ Cyberattacks on Sunflower Medical Group and Community Care Alliance compromised the personal and medical data of over 300,000 patients, with both organizations linked to the Rhysida ransomware gang. https://www.theregister.com/2025/03/10/rhysida_healthcare/

๐Ÿช™ Scam spoofs Binance website and uses TRUMP coin as lure for malware malware โ€“ Hackers are distributing a remote access tool via fake Binance emails promoting TRUMP coins, tricking victims into downloading malware that allows for immediate control of their computers. https://therecord.media/email-scam-spoofs-binance-offers-trump-coin-connectwise-rat

๐Ÿ“บ Google warns folks with dead Chromecasts not to reset them security news โ€“ A major outage affecting second-generation Chromecasts and Chromecast Audio is due to an expired security certificate, preventing users from casting. Google advises against factory resets while working on a fix. https://www.theregister.com/2025/03/10/google_chromecast_outage/

๐Ÿ” Wie Google Android-Nutzer verfolgt, noch bevor sie eine App รถffnen privacy โ€“ Eine Studie zeigt, dass Google Android-Nutzer bereits beim Start des Gerรคts ohne Zustimmung trackt, indem Identifikatoren und Cookies aktiviert werden. Dies wirft Datenschutzbedenken auf. https://www.kuketz-blog.de/wie-google-android-nutzer-verfolgt-noch-bevor-sie-eine-app-oeffnen/

๐ŸŽฎ New wave of attacks on gamers with DCRat backdoor malware โ€“ A surge in DCRat backdoor distribution targets gamers via YouTube, using fake accounts to promote malware disguised as gaming software. The malware includes keylogging and webcam access capabilities. https://securelist.com/new-wave-of-attacks-with-dcrat-backdoor-distributed-by-maas/115850/

๐Ÿ”’ Apple fixes new security flaw used in 'extremely sophisticated attack' security news โ€“ Apple patched a zero-day vulnerability in WebKit that allowed hackers to escape its protective sandbox, potentially impacting targeted individuals. The fix applies to Macs, iPhones, iPads, and Safari. https://techcrunch.com/2025/03/11/apple-fixes-new-security-flaw-used-in-extremely-sophisticated-attack/

๐Ÿน Previously unidentified botnet targets unpatched TP-Link Archer home routers malware โ€“ The Ballista botnet targets unpatched TP-Link Archer routers, exploiting the CVE-2023-1389 vulnerability for automatic infection. Researchers link the threat to an Italian hacker, highlighting risks for IoT devices. https://therecord.media/ballista-botnet-tp-link-archer-routers

๐Ÿ“ฑ North Korean government hackers snuck spyware on Android app store cybercrime โ€“ North Korean hackers uploaded spyware named KoSpy to the Google Play store, targeting specific individuals. The malware collects sensitive information and has been linked to previous North Korean cyber activities. https://techcrunch.com/2025/03/12/north-korean-government-hackers-snuck-spyware-on-android-app-store/

๐Ÿ“ Saudi Arabia Buys Pokรฉmon Go, and Probably All of Your Location Data privacy โ€“ Saudi Arabia's Public Investment Fund acquired Niantic's popular AR games, including Pokรฉmon Go, raising concerns about the handling of location data from its 100 million players under the new ownership. https://www.404media.co/saudi-arabia-buys-pokemon-go-and-probably-all-of-your-location-data/

๐Ÿ”’ Signal no longer cooperating with Ukraine on Russian cyberthreats, official says security news โ€“ Signal has reportedly stopped responding to Ukrainian law enforcement requests about Russian cyberthreats, raising concerns about aiding Russian espionage. Signal Foundation denies any cessation of cooperation. https://therecord.media/signal-no-longer-cooperating-with-ukraine

๐Ÿ“ฉ How to Use Signal Encrypted Messaging privacy โ€“ Signal is a top encrypted messaging app, offering features for secure communication, including disappearing messages, username options, and encrypted calls. Users are advised to implement security settings to maximize privacy. https://www.wired.com/story/signal-tips-private-messaging-encryption/

๐Ÿ“ง Don't click on that email claiming to be a disgruntled guest cybercrime โ€“ A phishing campaign disguised as Booking.com emails targets hospitality employees, delivering malware for credential theft. The attackers use social engineering tactics to prompt users into downloading malicious software. https://www.theregister.com/2025/03/13/bookingdotcom_phishing_campaign/

๐Ÿ”’ A New Era of Attacks on Encryption Is Starting to Heat Up privacy โ€“ Recent government actions in the UK, France, and Sweden threaten end-to-end encryption, pushing for backdoors and client-side scanning, raising concerns among privacy advocates about surveillance and user safety. https://www.wired.com/story/a-new-era-of-attacks-on-encryption-is-starting-to-heat-up/

๐Ÿ’ป ClickFix: How to Infect Your PC in Three Easy Steps โ€“ Krebs on Security security research โ€“ The ClickFix malware scheme tricks users into downloading password-stealing malware through a fake human verification process that exploits Windows commands. It's being widely used in phishing attacks targeting various sectors, including hospitality and healthcare. https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/

๐Ÿฉบ A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down. cybercrime โ€“ Yap, a state in Micronesia, experienced a ransomware attack that forced the shutdown of its government health agency's computers, disrupting services and prompting an investigation into the breach. https://securityaffairs.com/175445/cyber-crime/a-ransomware-attack-hit-the-micronesian-state-of-yap.html


Some More, For the Curious

๐Ÿ”“ CVE-2024-9956 โ€“ PassKey Account Takeover in All Mobile Browsers vulnerability โ€“ A vulnerability in mobile browsers allows attackers within Bluetooth range to phish PassKeys credentials by triggering authentication requests, undermining their security. Comment: <3 https://mastersplinter.work/research/passkey/

๐Ÿคบ Jailbreaking is (mostly) simpler than you think security research โ€“ The Context Compliance Attack (CCA) is a simple jailbreak method exploiting AI systems' reliance on client-supplied conversation history, highlighting vulnerabilities in AI safety practices. https://msrc.microsoft.com/blog/2025/03/jailbreaking-is-mostly-simpler-than-you-think/

๐Ÿฌ In-Depth Technical Analysis of the Bybit Hack security research โ€“ Bybit fell victim to a sophisticated hack, losing $1.4 billion via a manipulated transaction approval process. https://www.nccgroup.com/us/research-blog/in-depth-technical-analysis-of-the-bybit-hack/

๐Ÿž Hartwork Blog ยท Recursion kills: The story behind CVE vulnerability โ€“ Expat 2.7.0 addresses CVE-2024-8176, a serious recursion vulnerability that could lead to stack overflow, with collaboration from industry partners resulting in a significant security fix. https://blog.hartwork.org/posts/expat-2-7-0-released/

๐Ÿ’” My Scammer Girlfriend: Baiting A Romance Fraudster cybercrime โ€“ The author investigates romance fraud by posing as a target to analyze techniques used by scammers like 'Aidana', revealing how they manipulate emotions and extract money from victims. Comment: This one is a long but fun read. https://www.bentasker.co.uk/posts/blog/security/seducing-a-romance-scammer.html

๐Ÿบ How NOT to f-up your security incident response security news โ€“ Improper incident response can lead to severe financial losses. Experts stress the importance of methodical investigations, up-to-date response plans, and collaboration among security teams to mitigate damages during breaches. https://www.theregister.com/2025/03/10/incident_response_advice/

โš ๏ธ Experts warn of mass exploitation of critical PHP flaw CVE vulnerability โ€“ CVE-2024-4577, a critical PHP vulnerability allowing remote code execution, is being widely exploited, with over 1,000 attacks detected globally. Experts urge immediate updates to PHP installations to mitigate risks. https://securityaffairs.com/175198/hacking/experts-warn-of-mass-exploitation-of-critical-php-flaw-cve-2024-4577.html

โš™๏ธ Multiple vulnerabilities found in ICONICS industrial SCADA software vulnerability โ€“ Five vulnerabilities in ICONICS SCADA software could lead to privilege escalation, DLL hijacking, and system compromise, affecting critical infrastructure worldwide. Patches exist, but many servers remain unpatched. https://cyberscoop.com/iconics-scada-vulnerabilities-2025-palo-alto/

๐Ÿ•’ Switzerland's NCSC requires cyberattack reporting for critical infrastructure within 24 hours security news โ€“ Switzerland's NCSC mandates that critical infrastructure organizations report cyberattacks within 24 hours due to rising threats, with penalties for non-compliance starting in October 2025. https://securityaffairs.com/175260/laws-and-regulations/switzerlands-ncsc-requires-cyberattack-reporting-for-critical-infrastructure-within-24-hours.html

๐Ÿ’ณ Cracking the Code: How to Identify, Mitigate, and Prevent BIN Attacks security research โ€“ BIN attacks exploit publicly available Bank Identification Numbers to brute-force valid card details. Effective mitigation includes rate limiting, enhanced authentication, and collaboration with payment processors to prevent fraudulent transactions. https://www.cybereason.com/blog/identifying-and-preventing-bin-attacks

๐Ÿ”ง Zero Day Initiative โ€” The March 2025 Security Update Review security news โ€“ March 2025 security updates include significant patches from Adobe and Microsoft addressing multiple vulnerabilities, with critical fixes for code execution bugs in popular software. Immediate deployment is advised due to active exploits. https://www.thezdi.com/blog/2025/3/11/the-march-2025-security-update-review

๐ŸŽฃ Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies security research โ€“ This article explores various modern phishing techniques, including HTML pages, Browser-in-the-Browser, and Adversary-in-the-Middle methods, while discussing their infrastructure needs and effectiveness in bypassing security measures. http://blog.quarkslab.com/technical-dive-into-modern-phishing.html

๐Ÿ“ Meta warns of actively exploited flaw in FreeType library vulnerability โ€“ Meta has identified an actively exploited vulnerability (CVE-2025-27363) in the FreeType library that allows for arbitrary code execution. Users are urged to update to version 2.13.3 to mitigate risks. https://securityaffairs.com/175337/hacking/meta-warned-actively-exploited-cve-2025-27363.html

๐Ÿ” GitLab addressed critical auth bypass flaws in CE and EE) vulnerability โ€“ GitLab has patched two critical authentication bypass vulnerabilities (CVE-2025-25291 and CVE-2025-25292) in its Community and Enterprise Editions, enabling potential account takeover through SAML SSO authentication. Users are urged to update immediately. https://securityaffairs.com/175370/security/gitlab-addressed-critical-flaws-in-ce-and-ee.html

๐Ÿ“ฑ Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying privacy โ€“ The EFF has introduced Rayhunter, an open-source tool for detecting cell-site simulators (CSS) using a mobile hotspot, aiming to empower users to gather data on surveillance tactics and protect privacy. https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying


CISA Corner

๐Ÿชค #StopRansomware: Medusa Ransomware ransomware โ€“ The FBI and CISA released a joint advisory on Medusa ransomware, detailing its RaaS model, tactics, and indicators of compromise. The ransomware targets critical sectors, employing a double extortion strategy to demand payment for file decryption. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a

โš ๏ธ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting risks from SQL injection and unrestricted file uploads, primarily in Advantive VeraCore and Ivanti Endpoint Manager. https://www.cisa.gov/news-events/alerts/2025/03/10/cisa-adds-five-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Six Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including critical flaws in Microsoft Windows that pose significant risks and require immediate remediation. https://www.cisa.gov/news-events/alerts/2025/03/11/cisa-adds-six-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog: CVE-2025-24201 affecting Apple WebKit and CVE-2025-21590 impacting Juniper Junos OS, both posing significant risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/03/13/cisa-adds-two-known-exploited-vulnerabilities-catalog

โš™๏ธ CISA Releases Two Industrial Control Systems Advisories vulnerability โ€“ CISA has issued two advisories regarding security vulnerabilities in Schneider Electric's Uni-Telway Driver and Optigo Networks' Visual BACnet Capture Tool, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2025/03/11/cisa-releases-two-industrial-control-systems-advisories โš™๏ธ CISA Releases Thirteen Industrial Control Systems Advisories vulnerability โ€“ CISA has published thirteen advisories addressing security vulnerabilities in industrial control systems, providing crucial information for organizations to enhance their cybersecurity posture. https://www.cisa.gov/news-events/alerts/2025/03/13/cisa-releases-thirteen-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub