cyberlights – week 25/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🤔 WhatsApp is officially getting ads privacy – WhatsApp introduces ads in its Updates tab, using limited user data for personalization. While it promises not to misuse personal information, privacy concerns remain. https://www.theverge.com/news/687519/whatsapp-launch-advertising-status-updates
🔓 Hackers Leak Data of 10,000 VirtualMacOSX Customers in Alleged Breach data breach – A data breach at VirtualMacOSX exposed sensitive information of 10,000 customers, including personal and financial details, posing significant security risks and potential account takeovers. https://hackread.com/hackers-leak-virtualmacosx-customers-data-breach/
🎮 Minecraft Players Targeted in Sophisticated Malware Campaign malware – A malware campaign disguises itself as Minecraft mods, stealing sensitive data from players. This threat particularly targets the younger player base, raising significant security concerns. https://blog.checkpoint.com/research/minecraft-players-targeted-in-sophisticated-malware-campaign/
😟 Meta Users Feel Less Safe Since It Weakened ‘Hateful Conduct’ Policy, Survey Finds security news – A survey reveals that users feel increasingly unsafe on Meta platforms following weakened policies against harmful content, with many reporting exposure to hate speech and online harassment. https://www.404media.co/meta-users-feel-less-safe-since-it-weakened-hateful-conduct-policy-survey-finds/
🔒 The WIRED Guide to Protecting Yourself From Government Surveillance privacy – With increased government surveillance, individuals are urged to enhance privacy protections through encrypted communications, secure devices, and careful data management to safeguard against potential threats. https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/
🚫 SEC withdraws cyber rules for investment companies, advisers security news – The SEC has retracted proposed cybersecurity regulations for investment firms, citing industry concerns that public disclosures could compromise security and divert focus from actual threats. https://cyberscoop.com/sec-withdrawals-cyber-rules-for-investment-companies-advisers/
🚔 Police dismantle Archetyp dark web drug market, arrest administrator cybercrime – Authorities have shut down Archetyp Market, a major dark web drug marketplace, arresting its administrator and seizing assets worth €7.8 million, disrupting a significant drug trafficking network. https://therecord.media/archetyp-market-dark-web-takedown-europol
🚨 Car-sharing giant Zoomcar says hacker accessed personal data of 8.4 million users data breach – Zoomcar reported a data breach affecting 8.4 million users, with names and phone numbers compromised. The company is enhancing security measures but has not confirmed if customers were notified. https://techcrunch.com/2025/06/16/car-sharing-giant-zoomcar-says-hacker-accessed-personal-data-of-8-4-million-users/
👁️ Emails Reveal the Casual Surveillance Alliance Between ICE and Local Police security news – Emails expose informal collaborations between local Oregon police and federal agencies like ICE, sharing surveillance tools and tactics, raising concerns about privacy and the extent of law enforcement surveillance. https://www.404media.co/emails-reveal-the-casual-surveillance-alliance-between-ice-and-local-police/
💸 Malicious Loan App Removed from iOS and Google Play App Store Posed Severe Risks to Users malware – The 'RapiPlata' app, posing as a loan service, harvested sensitive data from users and threatened them with false debts. It was downloaded by over 150K victims before removal. https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/
💻 Freedman HealthCare targeted by cyber extortionists data breach – Freedman HealthCare faces threats from an extortion gang claiming to have stolen sensitive data, potentially affecting millions. However, the company asserts that no protected health information was compromised. https://www.theregister.com/2025/06/16/extortionists_claim_freedman_healthcare_hack/
🔍 Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addresses security news – The suspect in a Minnesota shooting allegedly used data broker sites to find the addresses of lawmakers he targeted, raising concerns about privacy and the dangers of accessible personal information. https://www.wired.com/story/minnesota-lawmaker-shootings-people-search-data-brokers/
📧 State-sponsored hackers compromised the email accounts of several Washington Post journalists security news – State-sponsored hackers compromised the Microsoft email accounts of several Washington Post journalists, potentially exposing sensitive work emails related to national security and economic policy. https://securityaffairs.com/179065/security/state-sponsored-hackers-compromised-the-email-accounts-of-several-washington-post-journalists.html
📚 AI Scraping Bots Are Breaking Open Libraries, Archives, and Museums security news – AI scraping bots are increasingly targeting libraries, archives, and museums, raising concerns about privacy and the potential misuse of easily accessible personal information. https://www.404media.co/ai-scraping-bots-are-breaking-open-libraries-archives-and-museums/
🎣 Arctic Wolf Observes Social Engineering Campaign Targeting IT Staff of Healthcare Providers to Reset User Credentials security news – The Arctic Wolf Threat Report highlights a social engineering campaign aimed at IT staff in healthcare, seeking to reset user credentials, emphasizing ongoing cybersecurity challenges in the sector. https://arcticwolf.com/resources/blog/arctic-wolf-observes-social-engineering-campaign-targeting-it-staff-of-healthcare-providers-reset-user-credentials/
🩺 More than 5 million affected by data breach at healthcare tech firm Episource data breach – Episource reported a data breach affecting over 5.4 million individuals, with stolen information including Social Security numbers and medical records. The company is working with law enforcement and customers to address the incident. https://therecord.media/5-million-affected-episource-data-breach
💔 A ransomware attack pushed the German napkin firm Fasana into insolvency cybercrime – Fasana, a German napkin manufacturer, filed for insolvency after a ransomware attack paralyzed operations, causing significant financial losses and halting production for two weeks. https://securityaffairs.com/179160/security/ransomware-attack-napkin-firm-fasana-insolvency.html
🔍 Attack on Oxford City Council exposes 21 years of staff data data breach – A cyberattack on Oxford City Council compromised 21 years of staff data related to elections, affecting current and former employees. The council is investigating and has assured the public of limited data access. https://www.theregister.com/2025/06/20/oxford_city_council_breach/
🛡️ Aflac duped by social-engineering attack, marking another hit on insurance industry cybercrime – Aflac disclosed a cyberattack on June 12, linked to social engineering tactics, marking it as the third insurance company targeted in a recent wave of attacks. No ransomware was detected. https://cyberscoop.com/aflac-cyberattack-insurance-sector-scattered-spider/
📞 Netflix, Apple, BofA sites hijacked with fake help numbers cybercrime – Scammers are hijacking search results for major companies like Netflix and Apple, tricking victims into calling fake support numbers to steal personal and financial information through manipulated ads. https://www.theregister.com/2025/06/20/netflix_apple_bofa_websites_hijacked/
Some More, For the Curious
🐠 How Long Until the Phishing Starts? About Two Weeks security news – A new Google Workspace account received targeted phishing emails just two weeks after creation, highlighting the need for security training for new hires to combat such threats. https://isc.sans.edu/diary/rss/32052
🤖 Cato CTRL™ Threat Research: WormGPT Variants Powered by Grok and Mixtral security research – Cato CTRL reports on new WormGPT variants that exploit uncensored LLMs for malicious purposes, showcasing how threat actors adapt existing models like Grok and Mixtral for cybercrime. https://www.catonetworks.com/blog/cato-ctrl-wormgpt-variants-powered-by-grok-and-mixtral/
🔐 Path Traversal Vulnerability Discovered in ZendTo vulnerability – A path traversal vulnerability in ZendTo versions 6.15-7 allows attackers to access sensitive user information. Users are urged to upgrade to version 6.15-8 to mitigate risks. https://horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/
⚠️ Dangerous by default: Insecure GitHub Actions found in MITRE, Splunk, and other open source repositories vulnerability – Sysdig's research reveals critical security gaps in GitHub Actions across popular open source projects, exposing secrets through insecure workflows like pullrequesttarget. Recommendations for securing CI/CD processes are provided. https://sysdig.com/blog/insecure-github-actions-found-in-mitre-splunk-and-other-open-source-repositories/
🛠️ libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable Burden security news – The maintainer of libxml2 has stopped supporting embargoed vulnerability reports, citing unsustainable demands on unpaid volunteers. This change reflects frustrations with big tech's reliance on open source without adequate support. https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports
🔒 Critical Vulnerability in Veeam Backup & Replication vulnerability – Veeam has announced a critical vulnerability (CVE-2025-23121) in Backup & Replication, allowing remote code execution by authenticated domain users. Users are urged to update immediately to mitigate risks. https://cert.europa.eu/publications/security-advisories/2025-021/
📞 How to Design and Execute Effective Social Engineering Attacks by Phone hacking write-up – John Malone outlines strategies for executing social engineering attacks via phone, emphasizing confidence, reconnaissance, and crafting believable ruses to manipulate targets into revealing sensitive information. https://www.blackhillsinfosec.com/how-to-design-and-execute-effective-social-engineering-attacks-by-phone/
💼 Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won't Pay cybercrime – The Qilin ransomware group has introduced a 'Call Lawyer' feature for affiliates, providing legal support to enhance ransom negotiations and exert pressure on victims, reflecting a disturbing professionalization of cybercrime. https://www.tripwire.com/state-of-security/qilin-offers-call-lawyer-button-affiliates-attempting-extort-ransoms-victims
🚫 Iran's government says it shut down internet to protect against cyberattacks security news – Iran's government confirmed a national internet blackout was ordered to protect against Israeli cyberattacks, severely limiting communication and information access for citizens amid ongoing conflicts. https://techcrunch.com/2025/06/20/irans-government-says-it-shut-down-internet-to-protect-against-cyberattacks/
🔑 Why Kerberoasting Still Matters for Security Teams cyber defense – Kerberoasting remains a prevalent and effective technique for attackers to gain credentials in Windows environments. Mitigation strategies include using strong passwords and auditing service accounts to reduce vulnerabilities. https://www.varonis.com/blog/kerberoasting-still-matters
🕵️♂️ Unusually patient suspected Russian hackers pose as State Department in ‘sophisticated’ attacks on researchers cybercrime – Suspected Russian hackers employed a sophisticated approach to compromise researcher Keir Giles' accounts, using social engineering and app-specific passwords to bypass security measures, showcasing a new level of patience and planning in cyberattacks. https://cyberscoop.com/russian-hackers-state-department-sophisticated-attacks-researchers-citizen-lab/
🔒 Severe Vulnerabilities in Citrix Products vulnerability – Citrix has identified two high-severity vulnerabilities in NetScaler ADC and Gateway, urging users to update to secure versions immediately to prevent exploitation. https://cert.europa.eu/publications/security-advisories/2025-022/
🐧 Linux flaws chain allows Root access across major distributions vulnerability – Researchers found two local privilege escalation vulnerabilities (CVE-2025-6018 and CVE-2025-6019) that can be chained to allow unprivileged users to gain root access on major Linux distributions. Users are urged to apply security patches. https://securityaffairs.com/179174/security/linux-flaws-chain-allows-root-access-across-major-distributions.html
🌐 Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic security news – Cloudflare reported a record DDoS attack peaking at 7.3Tbps, flooding a target with 37.4TB of traffic in 45 seconds. The attack utilized UDP floods and reflection techniques, overwhelming the target's resources. https://arstechnica.com/security/2025/06/record-ddos-pummels-site-with-once-unimaginable-7-3tbps-of-junk-traffic/
🔑 Sitecore CMS flaw let attackers brute-force 'b' for backdoor vulnerability – A serious vulnerability in Sitecore CMS allows attackers to exploit hardcoded passwords and path traversal flaws, potentially leading to full system takeover for many high-profile companies. https://www.theregister.com/2025/06/17/sitecore_rce_vulnerabilities/
CISA Corner
⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has included two new vulnerabilities, targeting Apple and TP-Link, in its Known Exploited Vulnerabilities Catalog, highlighting active exploitation risks. https://www.cisa.gov/news-events/alerts/2025/06/16/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added a new Linux Kernel vulnerability to its Known Exploited Vulnerabilities Catalog, urging all organizations to prioritize remediation. https://www.cisa.gov/news-events/alerts/2025/06/17/cisa-adds-one-known-exploited-vulnerability-catalog
⚙️ CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA issued five advisories on June 17, 2025, addressing vulnerabilities in Industrial Control Systems by Siemens, LS Electric, Fuji and Dover, urging users to review them for security details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/06/17/cisa-releases-five-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.