.png)
Welcome to this week’s Cybersecurity Newsletter, providing you with the latest updates and essential insights from the rapidly evolving field of cybersecurity.
This edition highlights emerging threats and the shifting dynamics of digital defenses. Key topics include advanced ransomware attacks and the increasing influence of state-sponsored cyber activities on global security.
We provide a comprehensive examination of these emerging threats, along with practical strategies to enhance your organization’s security measures. Furthermore, we explore how advanced technologies such as artificial intelligence (AI), machine learning (ML), and quantum computing are transforming cybersecurity, serving both as protective tools and potential vulnerabilities that attackers may exploit.
Examples covered include AI-powered phishing schemes, ML-enhanced malware, and quantum computing’s potential to break encryption. We also explore how industries are addressing critical cybersecurity challenges, such as securing remote work environments and mitigating vulnerabilities in Internet of Things (IoT) devices.
These issues underscore the importance of proactive measures to protect digital infrastructure. We’ll also review recent regulatory developments, such as the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA), which are setting new benchmarks for data privacy and security to ensure your compliance strategies remain up-to-date.
Stay tuned each week as we dive into these complex topics and beyond, equipping you with the knowledge needed to stay ahead in the ever-evolving cybersecurity landscape.
Cyber Attacks
1. Attackers Exploiting SourceForge to Distribute Malware
Cybercriminals are leveraging SourceForge, a popular software hosting platform, to distribute malware disguised as legitimate Microsoft Office applications. The attack uses deceptive domain features and password-protected archives to bypass security measures. The final payload includes a cryptocurrency miner and a Trojan that hijacks cryptocurrency transactions.
Read more: Attackers Exploiting SourceForge Software
2. Vulnerability in Shopware Security Plugin Exposes Systems
A flaw in Shopware Security Plugin 6 (version 2.0.10) has left older Shopware installations vulnerable to SQL injection attacks, potentially compromising sensitive data. Shopware has released updates to address this issue, and users are advised to patch immediately.
Read more: Shopware Security Plugin Exposes Systems
3. Double-Edged Email Attack Targets Office365 Credentials
A sophisticated phishing campaign is stealing Office365 credentials while delivering malware via deceptive emails. The attack uses files.fm as a delivery mechanism and employs ConnectWise RAT for system compromise.
Read more: New Double-Edged Email Attack
4. CatB Ransomware Exploiting MSDTC for Payload Execution
CatB ransomware employs DLL hijacking via Microsoft Distributed Transaction Coordinator (MSDTC) to execute its payload, steal browser credentials, and evade virtual machine detection. Researchers suspect links to cyber espionage group ChamelGang.
Read more: CatB Ransomware Leveraging MSDTC
5. AkiraBot Spams 80,000 Websites Using CAPTCHA Bypass
AkiraBot, a Python-based spam framework, has targeted over 80,000 websites by bypassing CAPTCHA protections and using AI-generated personalized messages for SEO scams. OpenAI has disabled the associated API keys following reports of abuse.
Read more: AkiraBot Spammed 80,000 Websites
6. Fake mParivahan App Stealing Sensitive Data
Cybercriminals are distributing a fake version of the mParivahan app via WhatsApp messages to steal sensitive data from Android users. The malware employs advanced anti-analysis techniques and targets SMS and social media messages.
Read more: Beware of Fake mParivahan App
7. Hackers Exploit Domain Controllers via RDP for Ransomware
Ransomware attackers are targeting domain controllers (DCs) through Remote Desktop Protocol (RDP), enabling lateral movement across networks and encryption of critical systems. Microsoft Defender’s containment features have proven effective against such attacks.
Read more: Hackers Exploiting Domain Controller
8. Fortinet Devices Exploited Despite Patches
Threat actors are exploiting patched Fortinet FortiGate devices using symbolic links to maintain unauthorized access. Fortinet has released updates and urged customers to upgrade immediately to mitigate risks of re-compromise.
Read more: Hackers Exploit Patched Fortinet Devices
Cyber Threats
1. Hackers Exploiting Windows RDP Files
A sophisticated espionage campaign, attributed to Russian state actors, is exploiting Windows Remote Desktop Protocol (RDP) files to infiltrate European government and military systems. Attackers use phishing emails with malicious .RDP file attachments to access victims’ file systems and clipboard data stealthily.
Read more: Hackers Exploiting Windows RDP Files
2. Malicious Python Packages Target Cryptocurrency Developers
Two malicious Python packages on PyPI, masquerading as fixes for the bitcoinlib library, were discovered stealing sensitive crypto wallet data. These packages are part of a growing trend of supply chain attacks targeting cryptocurrency users and developers.
Read more: Malicious Python Packages Attacking Cryptocurrency Library
3. Hellcat Ransomware Updates Arsenal
The Hellcat ransomware group has enhanced its capabilities, targeting government, education, and energy sectors. Using zero-day vulnerabilities and reflective code loading, the group employs double extortion tactics to increase ransom payouts.
Read more: Hellcat Ransomware Updated Its Arsenal
4. North Korean Hackers Use Social Engineering & Python Scripts
North Korean state-sponsored hackers are leveraging social engineering and disguised Python scripts to breach secure networks. Their sophisticated malware executes hidden commands while evading detection using obfuscation techniques.
Read more: North Korean Hackers Employ Social Engineering Tactics
5. Scattered Spider Targets MFA Tokens
The Scattered Spider group continues to evolve its phishing campaigns, now targeting Okta authentication portals to steal login credentials and MFA tokens. The group has also deployed an updated Spectre RAT for persistent access to compromised systems.
Read more: Scattered Spider Employs Sophisticated Attacks
6. SideCopy APT Mimics Government Personnel
The Pakistan-linked SideCopy APT group is targeting Indian government sectors using spear-phishing emails and open-source tools like XenoRAT. Their campaigns include fake domains mimicking official e-governance portals to harvest credentials.
Read more: SideCopy APT Hackers Mimic Government Personnel
7. Sapphire Werewolf Deploys Amethyst Stealer
Sapphire Werewolf has enhanced its toolkit with the Amethyst stealer malware, targeting energy companies worldwide. This malware focuses on credential theft while employing advanced evasion techniques like virtual machine detection and string obfuscation.
Read more: Sapphire Werewolf Enhances Toolkit
8. HollowQuill Malware Targets Government Agencies
The HollowQuill malware campaign uses weaponized PDF documents disguised as legitimate files to target government agencies globally. The attack employs a multi-stage infection process designed for stealth and persistence while extracting sensitive data.
Read more: HollowQuill Malware Attacking Government Agencies
Vulnerabilities
1. Google Fixes 23-Year-Old Chrome Vulnerability
Google has released Chrome version 136, addressing a long-standing vulnerability in the CSS :visited selector that allowed websites to snoop on users’ browsing history. The fix, called “visited link partitioning,” ensures links are styled as visited only within their original context, preventing cross-site history leaks. Chrome is now the first browser to completely eliminate this privacy risk.
Read more: Google to Patch 23-Year-Old Chrome Vulnerability
2. Critical WhatsApp for Windows Vulnerability
A spoofing vulnerability (CVE-2025-30401) in WhatsApp Desktop for Windows allows attackers to execute malicious code via file attachments. Exploiting discrepancies between MIME types and file extensions, attackers can trick users into running harmful executables. Users are urged to update to version 2.2450.6 or later immediately.
Read more: WhatsApp for Windows Vulnerability
3. Nissan Leaf Exploit Enables Remote Vehicle Control
Researchers have uncovered a critical flaw in the infotainment system of second-generation Nissan Leaf EVs (2020 model), enabling attackers to manipulate vehicle functions remotely. The exploit chain includes Bluetooth vulnerabilities and CAN Bus manipulation. Nissan plans over-the-air updates and dealership patches by Q3 2025.
Read more: Nissan Leaf Vulnerability Exploited
4. OpenSSL 3.5.0 Introduces Post-Quantum Cryptography
OpenSSL has launched version 3.5.0, integrating post-quantum cryptography algorithms such as ML-KEM and SLH-DSA to prepare for quantum computing threats. Other features include enhanced TLS support and QUIC protocol compatibility, marking a significant milestone in cryptographic security innovation.
Read more: OpenSSL 3.5.0 Released
5. CISA Warns of Actively Exploited Microsoft CLFS Vulnerability
CISA has flagged CVE-2025-29824, a use-after-free vulnerability in the Windows CLFS driver, as actively exploited in ransomware attacks targeting IT and financial sectors globally. Organizations must patch systems by April 29, 2025, to mitigate risks of privilege escalation and data theft.
Read more: CISA Warns of Microsoft Windows CLFS Vulnerability
6. VMware Patches 47 Critical Vulnerabilities
VMware has issued updates addressing multiple vulnerabilities across Tanzu Greenplum products, with CVSS scores up to 9.8 indicating critical severity levels. Organizations using these products should apply patches immediately to prevent potential privilege escalation or denial-of-service risks.
Read more: VMware Patches Multiple Vulnerabilities
7. SonicWall Updates NetExtender VPN Client
SonicWall has patched three vulnerabilities in its NetExtender VPN client for Windows (versions prior to 10.3.2). These flaws could allow privilege escalation and file manipulation attacks, emphasizing the need for immediate updates to secure systems effectively.
Read more: SonicWall Patches Multiple Vulnerabilities
Data Breaches
1. Oracle Confirms Breach of Legacy Systems
Oracle has privately admitted to customers that a threat actor breached a legacy system, exposing old client login credentials. This marks the second cyber incident Oracle has disclosed in recent months. The breach involved stolen credentials dating back to 2024 and targeted Oracle’s Identity Manager database. The hacker demanded a $20 million ransom before attempting to sell the data online. Oracle’s handling of the incident has drawn criticism, with claims of “wordplay” to downplay its severity. Investigations by the FBI and CrowdStrike are ongoing.
Read more: Oracle Confirms Hackers Breached Systems
2. WK Kellogg Co. Data Breach Exposes Employee Information
WK Kellogg Co., the cereal manufacturer, confirmed a data breach involving its third-party vendor Cleo’s file-sharing software. The CL0P ransomware group exploited vulnerabilities to access sensitive employee data, including names and Social Security numbers. Discovered months after the December 2024 attack, the breach has prompted Kellogg to offer identity theft protection services and enhance its security protocols. This incident highlights risks associated with third-party vendors and underscores the importance of robust cybersecurity measures.
Read more: Kellogg’s Data Breach Details
3. Hackers Claim WooCommerce Breach, 4.4 Million Records Stolen
A hacker known as “Satanic” has claimed responsibility for a breach involving WooCommerce, a leading eCommerce platform. The attack reportedly exposed over 4.4 million customer records, including personal and business information, through vulnerabilities in third-party integrations like CRM tools. WooCommerce has yet to issue a statement on the alleged breach, raising concerns about the security of WordPress-based platforms and their integrations.
Read more: WooCommerce Breach Allegations
Other News
1. Subwiz: AI-Powered Recon Tool for Hidden Subdomains
Hadrian has introduced Subwiz, an AI-driven tool designed to revolutionize subdomain discovery. Unlike traditional brute-force methods, Subwiz uses machine learning to identify hidden subdomains with high efficiency and accuracy. It discovered 10.4% more subdomains during benchmarking and is lightweight enough to run on standard laptops. This tool is a game-changer for ethical hackers and security professionals, offering customizable features like resolution checking and seamless integration with tools like SanicDNS.
Read more
2. OpenSSH 10.0 Released
The latest version of OpenSSH, version 10.0, has been released with several enhancements aimed at improving security and performance. This update introduces new cryptographic algorithms and optimizations to ensure compatibility with modern systems while maintaining robust defenses against emerging threats in secure shell environments.
Read more
3. IPFire 2.29: Post-Quantum Cryptography Support
IPFire has launched version 2.29, featuring post-quantum cryptography for IPsec VPN tunnels to counter future quantum computing threats. The update also includes toolchain upgrades, improved default ciphers (favoring AES-256), and various security patches addressing vulnerabilities in Intel microcode and other components. Users are strongly encouraged to upgrade for enhanced security and performance.
Read more
4. Crackdown on Smokeloader Malware Operators
As part of Operation Endgame’s second phase, law enforcement agencies across Europe and North America have arrested five individuals linked to the Smokeloader botnet service. This operation marks a shift toward targeting the demand side of cybercrime by apprehending malware “customers.” Smokeloader remains a persistent threat due to its modular design and advanced evasion techniques, but tools like SmokeBuster are being developed to counter its impact.
Read more
5. NIST Marks CVEs as Deferred
The National Institute of Standards and Technology (NIST) has implemented a new policy marking certain Common Vulnerabilities and Exposures (CVEs) as “deferred.” This change aims to improve the prioritization of vulnerabilities based on their real-world exploitability and impact, helping organizations focus on the most critical threats first.
Read more
The post Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches appeared first on Cyber Security News.
The original article found on Cyber Security News Read More
.webp)