cyberlights – week 19/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🤦♂️ WhatsApp provides no cryptographic management for group messages security research – WhatsApp's group messaging lacks cryptographic safeguards, allowing potential unauthorized users to join chats unnoticed, raising privacy concerns for sensitive discussions. https://arstechnica.com/security/2025/05/whatsapp-provides-no-cryptographic-management-for-group-messages/
🚫 Mr. Deepfakes, the Biggest Deepfake Porn Site on the Internet, Says It’s Shutting Down for Good cybercrime – Mr. Deepfakes, notorious for nonconsensual deepfake porn, has announced its permanent shutdown due to loss of service and data, leaving users with no access. https://www.404media.co/mr-deepfakes-the-biggest-deepfake-porn-site-on-the-internet-says-its-shutting-down-for-good/
🔑 Passkeys for Normal People cyber defense – Passkeys offer a phishing-resistant alternative to traditional passwords and OTPs for secure logins, enhancing online safety, but still require careful management across devices. https://www.troyhunt.com/passkeys-for-normal-people/
🔓 The modified Signal app used by Mike Waltz was reportedly hacked data breach – A breach involving a modified Signal app used by Mike Waltz has led to the exposure of message contents and contact information of government officials. https://www.theverge.com/news/661173/telemessage-signal-clone-hacked-mike-waltz
📱 Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate cybercrime – Resecurity has uncovered a new smishing kit, ‘Panda Shop,’ linked to a Chinese syndicate, capable of sending millions of fraudulent messages daily and targeting vast consumer data. https://securityaffairs.com/177502/cyber-crime/smishing-on-a-massive-scale-panda-shop-chinese-carding-syndicate.html
🎓 Fake Student Fraud in Community Colleges cybercrime – Community colleges face rising fraud from fake students using AI-generated work to exploit financial aid, challenging detection efforts and disrupting class structures. https://www.schneier.com/blog/archives/2025/05/fake-student-fraud-in-community-colleges.html
🚨 Samsung MagicINFO flaw exploited days after PoC publication vulnerability – A high-severity vulnerability (CVE-2024-7399) in Samsung MagicINFO was exploited shortly after a proof-of-concept was released, allowing unauthenticated users to execute code with system-level access. https://securityaffairs.com/177529/hacking/samsung-magicinfo-vulnerability-exploited-after-poc-publication.html
🕵️♂️ Meta awarded $167.25 million over Pegasus spyware attack security news – Meta has been awarded $167.25 million after suing the NSO Group for using Pegasus spyware to target over 1,400 WhatsApp users. https://www.theverge.com/news/662242/meta-nso-group-pegasus-whatsapp-hack-damages
🔑 Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years security news – Tulsi Gabbard reportedly used the same easily cracked password across multiple accounts for years, raising concerns about her cybersecurity practices following a sensitive incident involving a Signal group chat. https://www.wired.com/story/tulsi-gabbard-dni-weak-password/
💻 COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs cybercrime – Google's Threat Intelligence Group reports on COLDRIVER's new malware, LOSTKEYS, used to steal files from Western targets, utilizing a multi-stage infection process involving social engineering techniques. https://cloud.google.com/blog/topics/threat-intelligence/coldriver-steal-documents-western-targets-ngos/
💰 PowerSchool customers hit by downstream extortion threats cybercrime – After PowerSchool paid a ransom to delete stolen data, some of its school district customers are now facing extortion threats to leak that data, highlighting ongoing supply chain risks. https://cyberscoop.com/powerschool-customers-hit-by-downstream-extortion-threats/
🔒 Polish authorities arrested 4 people behind DDoS cybercrime – Polish police arrested four individuals operating DDoS-for-hire platforms used in global attacks, offering services for as little as €10, as part of an international crackdown on cybercrime. https://securityaffairs.com/177590/cyber-crime/polish-police-arrested-4-people-behind-ddos-for-hire-platforms.html
🎭 NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked security news – Following ransomware attacks on Marks & Spencer and Co-op, the NCSC warns that hackers are using social engineering to impersonate employees and exploit helpdesk staff for account access. https://www.exponential-e.com/blog/ncsc-warns-of-it-helpdesk-impersonation-trick-being-used-by-ransomware-gangs-after-uk-retailers-attacked
🐕🦺 DOGE software engineer’s computer infected by info-stealing malware security news – Kyle Schutt, a software engineer at CISA, had his login credentials exposed multiple times in public leaks from info-stealing malware, raising concerns about potential access to sensitive government information. https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/
✈️ Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for “Donnie” Trump cybercrime – Hacktivists claiming to be part of Anonymous breached GlobalX Airlines, leaking flight records and passenger manifests related to US deportation flights while defacing the airline's website with a message targeting Trump. https://www.bitdefender.com/en-us/blog/hotforsecurity/hackers-globalx-message-trump
🛡️ FBI and Dutch police seize and shut down botnet of hacked routers cybercrime – A joint operation by the FBI and Dutch police dismantled a botnet of hacked routers used for cybercrime, indicting four individuals for running proxy services Anyproxy and 5Socks built on compromised devices. https://techcrunch.com/2025/05/09/fbi-and-dutch-police-seize-and-shut-down-botnet-of-hacked-routers/
💰 German operation shuts down crypto mixer eXch, seizes millions in assets cybercrime – German police seized over $30 million in assets from the crypto mixer eXch, which was linked to laundering funds from the $1.46 billion Bybit hack, as part of a crackdown on money laundering activities. https://therecord.media/exch-cryptocurrency-mixer-germany-takedown
🔒 How to turn on Lockdown Mode for your iPhone and Mac privacy – Apple's Lockdown Mode enhances security for those facing sophisticated threats, limiting device functionality. It can be easily enabled or disabled on iPhones, iPads, and Macs through settings. https://www.theverge.com/tech/663794/lockdown-mode-iphone-mac-how-to
💰 Google will pay Texas $1.4 billion over its location tracking practices privacy – Google will pay Texas $1.4 billion to settle lawsuits over unauthorized location tracking and biometric data retention, marking a significant victory for user privacy against Big Tech violations. https://securityaffairs.com/177683/laws-and-regulations/google-will-pay-texas-1-4-billion-over-its-location-tracking-practices.html
Some More, For the Curious
⚠️ Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US security research – Researchers highlight security concerns over easyjson, an open source tool linked to a Russian company, fearing it could be exploited for espionage or cyberattacks against the US. https://www.wired.com/story/easyjson-open-source-vk-ties/
5️⃣ 5 Common Cybersecurity Mistakes That Attackers Love cyber defense – Cybersecurity experts highlight five common mistakes—improper secrets management, excessive user privileges, lack of network segmentation, overreliance on user training, and poor security detections—that leave organizations vulnerable to attacks. https://bishopfox.com/blog/before-red-team-fix-these-5-common-mistakes
💳 Hundreds of e-commerce sites hacked in supply-chain attack security research – A supply-chain attack has compromised hundreds of e-commerce sites, injecting malware that steals payment information from visitors, linked to three software providers over six years. https://arstechnica.com/security/2025/05/hundreds-of-e-commerce-sites-hacked-in-supply-chain-attack/
⚖️ Lawmakers grill Noem over CISA funding cuts, demand Trump cyber plan security news – Homeland Security Secretary Kristi Noem faced bipartisan criticism over a proposed $491 million budget cut to CISA, with lawmakers demanding details on the Trump administration's cyber strategy amid rising threats. https://therecord.media/noem-house-hearing-proposed-cisa-funding-cuts
🛡️ New 'Bring Your Own Installer (BYOI)' technique allows to bypass EDR vulnerability – A new BYOI technique allows attackers to exploit SentinelOne's upgrade process, disabling EDR protection and enabling Babuk ransomware deployment by interrupting the installation. https://securityaffairs.com/177494/hacking/new-bring-your-own-installer-byoi-technique-allows-to-bypass-edr.html
➰ Curl takes action against time-wasting AI bug reports security news – Curl founder Daniel Stenberg implements a checkbox for bug reports to filter out AI-generated submissions, citing their overwhelming volume and lack of validity as a drain on maintainers' resources. https://www.theregister.com/2025/05/07/curl_ai_bug_reports/
🔓 Play ransomware affiliate leveraged zero cybercrime – The Play ransomware gang exploited a Windows zero-day vulnerability (CVE-2025-29824) to gain SYSTEM privileges and deploy malware, including the Grixba infostealer, in targeted attacks. https://securityaffairs.com/177573/cyber-crime/play-ransomware-affiliate-leveraged-zero-day-to-deploy-malware.html
💻 CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS vulnerability – A remote code execution vulnerability in macOS allows attackers to exploit ICC Profile files, potentially executing code on victims' machines. A patch has been released, but no attacks have been detected yet. https://www.thezdi.com/blog/2025/5/7/cve-2024-44236-remote-code-execution-vulnerability-in-apple-macos
🔐 CVE-2025-20188: Cisco Fixes 10.0-Rated Wireless Controller Flaw vulnerability – Cisco has patched a critical vulnerability (CVE-2025-20188) in its IOS XE Wireless Controller software that allows unauthenticated attackers to gain root access. Administrators are urged to apply fixes and check configurations. https://thecyberexpress.com/cisco-patches-cve-2025-20188/
🫦 The LockBit ransomware site was breached, database dump was leaked online cybercrime – The LockBit ransomware group's dark web site was breached, leaking a database with victim data, negotiation logs, and configurations, revealing insights into their operations and potential decryption keys. https://securityaffairs.com/177619/cyber-crime/the-lockbit-ransomware-site-was-breached-database-dump-was-leaked-online.html
📅 A timeline of South Korean telco giant SKT's data breach data breach – SK Telecom suffered a major data breach affecting 23 million customers, prompting investigations and customer backlash, as the company works to mitigate damage and replace compromised SIM cards. https://techcrunch.com/2025/05/08/a-timeline-of-south-korean-telco-giant-skts-data-breach/
🔒 SonicWall fixed SMA 100 flaws that could be chained to execute arbitrary code vulnerability – SonicWall patched three critical vulnerabilities in SMA 100 that could allow remote attackers to chain them for arbitrary code execution, including a potential zero-day. Users are advised to update to the latest version. https://securityaffairs.com/177626/hacking/sonicwall-fixed-sma-100-flaws-that-could-be-chained-to-execute-arbitrary-code.html
🔒 CVSS 10.0 Vulnerability Found in Ubiquity UniFi Protect Cameras vulnerability – Ubiquity disclosed critical vulnerabilities in UniFi Protect, including a CVSS 10.0 flaw (CVE-2025-23123) allowing remote code execution. Users are urged to update firmware and applications immediately to mitigate risks. https://thecyberexpress.com/ubiquity-unifi-protect-flaws-cve-2025-23123/
CISA Corner
😶 Unsophisticated Cyber Actor(s) Targeting Operational Technology cyber defense – CISA warns of unsophisticated cyber actors targeting ICS/SCADA systems in U.S. critical infrastructure, urging asset owners to improve cyber hygiene to prevent potential operational disruptions and physical damage. https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-3248, a missing authentication vulnerability in Langflow, to its catalog, highlighting its active exploitation and risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/05/05/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has included CVE-2025-27363, an out-of-bounds write vulnerability in FreeType, in its catalog due to evidence of active exploitation posing risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/05/06/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has included two new OS command injection vulnerabilities (CVE-2024-6047 and CVE-2024-11120) in its catalog, highlighting their active exploitation and risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/05/07/cisa-adds-two-known-exploited-vulnerabilities-catalog
⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA has issued three advisories regarding vulnerabilities in industrial control systems, urging users to review the advisories for technical details and recommended mitigations. https://www.cisa.gov/news-events/alerts/2025/05/06/cisa-releases-three-industrial-control-systems-advisories ⚙️ CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA has issued five advisories regarding vulnerabilities in various Industrial Control Systems, urging users to review the details and recommended mitigations for enhanced security. https://www.cisa.gov/news-events/alerts/2025/05/08/cisa-releases-five-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.