![[The AI Show Episode 143]: ChatGPT Revenue Surge, New AGI Timelines, Amazon’s AI Agent, Claude for Education, Model Context Protocol & LLMs Pass the Turing Test](https://www.marketingaiinstitute.com/hubfs/ep%20143%20cover.png)
![[DEALS] Koofr Cloud Storage: Lifetime Subscription (1TB) (80% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Is this too much for a modular monolith system? [closed]](https://i.sstatic.net/pYL1nsfg.png)
_roibu_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
 CISO’s Core Focus.webp?#)
![M4 MacBook Air Drops to Just $849 - Act Fast! [Lowest Price Ever]](https://www.iclarified.com/images/news/97140/97140/97140-640.jpg)
![Apple Smart Glasses Not Close to Being Ready as Meta Targets 2025 [Gurman]](https://www.iclarified.com/images/news/97139/97139/97139-640.jpg)
![iPadOS 19 May Introduce Menu Bar, iOS 19 to Support External Displays [Rumor]](https://www.iclarified.com/images/news/97137/97137/97137-640.jpg)
Weekly Cyber Security News Letter – Last Week’s Top Cyber Attacks & Vulnerabilities
In today’s hyper-connected world, cyber threats are evolving at breakneck speed, making it more crucial than ever to stay informed and vigilant. Each week, our newsletter delivers a curated roundup of the most pressing news, expert insights, and actionable strategies to help you safeguard your digital assets and stay ahead of emerging threats. Inside this […] The post Weekly Cyber Security News Letter – Last Week’s Top Cyber Attacks & Vulnerabilities appeared first on Cyber Security News.
In today’s hyper-connected world, cyber threats are evolving at breakneck speed, making it more crucial than ever to stay informed and vigilant. Each week, our newsletter delivers a curated roundup of the most pressing news, expert insights, and actionable strategies to help you safeguard your digital assets and stay ahead of emerging threats.
Inside this edition, you’ll find in-depth analysis of the latest cyberattacks, vulnerability disclosures, and regulatory updates impacting organizations worldwide. We spotlight trending issues- from sophisticated phishing campaigns and ransomware surges to the newest exploits targeting cloud and IoT environments- so you can anticipate risks before they escalate. Our team also shares practical tips and best practices, empowering you to strengthen your organization’s security posture and foster a culture of cyber awareness.
Whether you’re a CISO, IT professional, or simply passionate about cybersecurity, our mission is to keep you informed, engaged, and ready to respond. We draw inspiration from the industry’s leading newsletters, blending breaking news with expert commentary and hands-on advice, all in a format that’s concise and easy to digest.
Expect regular features like threat intelligence briefings, tool recommendations, and spotlights on emerging technologies shaping the future of security.
Thank you for trusting us as your go-to resource for cybersecurity news. We invite you to dive in, share your feedback, and join a growing community committed to defending the digital frontier. Stay secure, stay informed, and remember, in cybersecurity, knowledge is your best defense.
Cyber Attack
RedGolf Hackers Expose Fortinet Zero-Day Exploits
A brief exposure of RedGolf’s attack infrastructure has provided rare insight into the group’s sophisticated arsenal. Researchers found scripts automating the exploitation of Fortinet firewall zero-days, including tools targeting unauthenticated WebSocket endpoints in FortiOS. The toolkit also included encrypted webshells and reverse shells, highlighting the urgent need for Fortinet customers to patch and monitor their devices for suspicious activity.
Read more
Baldwin Killer Malware Bypasses AV & EDR
A new malware tool, “Baldwin Killer,” is being sold on underground forums, boasting advanced techniques to bypass antivirus and endpoint detection and response (EDR) systems. It leverages kernel-mode rootkits, DLL side-loading, UAC bypasses, and exploits known vulnerabilities to evade detection and terminate security processes.
Read more
Hackers Target Network Edge Devices
SMBs are increasingly targeted via their network edge devices-firewalls, VPNs, and remote access systems. Attackers exploit unpatched vulnerabilities and weak credentials to gain initial access, often leading to ransomware or data theft. Experts urge prompt patching, strong authentication, and regular external audits to defend against these persistent threats.
Read more
Malicious npm & PyPI Packages Pose as Developer Tools
Attackers are using open-source repositories like npm and PyPI to distribute malicious packages disguised as legitimate developer tools. These packages often include backdoors and data exfiltration capabilities, posing significant risks to software supply chains and development environments.
Read more
Cloudflare Tunnel Infrastructure Abused by Hackers
Cybercriminals are increasingly abusing Cloudflare Tunnels to establish stealthy, outbound-only HTTPS connections from compromised devices. This technique helps them bypass firewalls, maintain persistence, and facilitate data exfiltration or remote access, making detection and mitigation more challenging.
Read more
Microsoft 365 OAuth Workflows Exploited
Russian threat actors are abusing OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts, particularly targeting organizations linked to Ukraine and human rights. Attackers use social engineering via messaging apps to trick users into providing authorization codes, granting them account access.
Read more
Ivanti Connect Secure Systems Under Attack
A critical zero-day vulnerability (CVE-2025-0282) in Ivanti Connect Secure gateways is under active exploitation. The flaw allows unauthenticated remote code execution, with attackers targeting unpatched systems. Ivanti urges immediate updates and monitoring using their Integrity Checker Tool.
Read more
Cyber Security News
VibeScamming: Hackers Use AI to Supercharge Phishing Attacks
Security researchers warn of a new wave of phishing called “VibeScamming,” where generative AI enables even non-technical criminals to launch sophisticated scams. By leveraging AI assistants, attackers can quickly build convincing phishing pages, credential harvesting systems, and even anti-detection code-lowering the barrier to entry for cybercrime. Some AI platforms still lack sufficient safeguards, making this a growing concern for both users and AI developers.
Read more
Akira Ransomware: Surge in Attacks Using Compromised Credentials
The Akira ransomware group has escalated its operations, targeting organizations by exploiting compromised VPN credentials-especially those lacking multi-factor authentication. Once inside, they use public tools for reconnaissance and data exfiltration before encrypting files, employing a double extortion tactic. Their evolving toolkit now features advanced evasion and encryption techniques, with over 350 organizations affected and $42 million in ransoms paid.
Read more
Microsoft Bolsters Signing Service Security After Major Breach
In response to the Storm-0558 breach, Microsoft has migrated its Microsoft Account (MSA) signing service to Azure confidential VMs, enhancing hardware-based isolation and rapid key rotation. These changes, part of the Secure Future Initiative, aim to strengthen identity and cryptographic protections, with further moves to prepare for post-quantum threats and increase MFA adoption across accounts.
Read more
FBI Alert: Scammers Impersonate IC3 Employees in Phishing Scheme
The FBI has issued a warning about scammers posing as Internet Crime Complaint Center (IC3) staff. Victims receive emails claiming to offer fraud recovery help, but are tricked into installing malware via “verification software.” The campaign uses multi-stage encryption and fileless execution to evade detection, resulting in over $1.2 million in losses in just three weeks.
Read more
Google Cloud Composer Vulnerability Allowed Privilege Escalation
A critical flaw in Google Cloud Composer (now patched) could have let attackers with minimal permissions gain control over privileged service accounts. By injecting malicious PyPI packages, attackers could escalate privileges and access sensitive cloud resources. Google has updated Composer’s handling of dependencies and improved documentation to address the issue.
Read more
Malware Masquerades as ViPNet Networking Software Updates
A sophisticated backdoor has been discovered targeting Russian organizations, disguised as legitimate updates for ViPNet secure networking software. The malware steals sensitive data and enables further compromise by exploiting trusted update mechanisms. Organizations are urged to verify update authenticity and monitor for suspicious activity.
Read more
New Malware Campaign Hijacks Docker Images with Deep Obfuscation
Researchers have identified a malware campaign targeting Docker environments, using a multi-layered obfuscation technique to evade detection. The malware abuses Docker Hub images to run scripts that simulate legitimate activity on decentralized networks, earning private crypto tokens without typical mining indicators. This marks a shift in attacker tactics, making detection more challenging.
Read more
ToyMaker Hackers Breach Critical Infrastructure via SSH and File Transfers
The “ToyMaker” threat group has compromised numerous critical infrastructure hosts by exploiting exposed systems and deploying custom backdoors. Their operations involve credential theft and persistent access, often handing off control to ransomware operators for further exploitation. The campaign highlights the risks of exposed remote access services and the importance of layered defenses.
Read more
Vulnerabilities
WinZip MotW Bypass Vulnerability (CVE-2025-33028)
A critical flaw in WinZip allows attackers to bypass Windows’ Mark-of-the-Web (MotW) protection, enabling silent execution of malicious files extracted from ZIP archives. No patch is available yet; users should avoid archives from untrusted sources and scan extracted files with antivirus tools.
Read More
HPE Performance Cluster Manager Authentication Bypass (CVE-2025-27086)
A high-severity vulnerability in HPE’s cluster management software lets remote attackers bypass authentication and gain privileged access to critical computing resources. HPE has released a fix in version 1.13; temporary mitigations are available for those unable to upgrade immediately.
Read More
Windows Update Stack Privilege Escalation (CVE-2025-21204)
A design flaw in the Windows Update Stack could allow local attackers to escalate privileges to SYSTEM by abusing directory junctions. Microsoft has issued a fix in the April 2025 cumulative update. Organizations should patch promptly and monitor for suspicious file operations.
Read More
Samsung One UI Clipboard Security Flaw
A vulnerability in Samsung’s One UI exposes sensitive clipboard data in plain text without expiration, risking user privacy on millions of devices running Android 9 or later.
Read More
Cookie Bite Attack: New Browser Threat
A novel attack method dubbed “Cookie Bite” targets browser cookies to hijack sessions and steal credentials, exploiting weaknesses in cookie management and cross-site scripting protections.
Read More
FireEye EDR Agent Denial-of-Service (CVE-2025-0618)
A vulnerability in the FireEye EDR agent allows attackers to trigger a persistent denial of service by exploiting tamper protection, potentially disabling endpoint security and leaving systems exposed. Trellix is working on a patch; users should monitor for updates.
Read More
Synology Network File System Arbitrary File Read (CVE-2025-1021)
A flaw in Synology DiskStation Manager’s NFS service lets unauthenticated remote attackers read arbitrary files, risking sensitive data exposure. Patches are available for affected DSM versions; immediate updates are advised.
Read More
Google Forms Weaponized for Phishing
Attackers are leveraging Google Forms to bypass email security and steal credentials, exploiting the platform’s trusted domain and HTTPS encryption. Organizations should enhance email filtering and train users to recognize phishing attempts.
Read More
Redis DoS and Remote Code Execution Vulnerabilities
Two critical vulnerabilities in Redis allow authenticated users to trigger denial-of-service or execute remote code via malformed ACL selectors and malicious Lua scripts. Immediate upgrades and restriction of Lua scripting are recommended.
Read More
Data Breach
Marks & Spencer Confirms Cyberattack Impacting Payments & Online Orders
British retail giant Marks & Spencer (M&S) has confirmed a significant cyber incident that disrupted contactless payment systems and its Click and Collect service, leaving customers frustrated during the busy Easter period. The attack, suspected to involve ransomware, forced the company to implement emergency security protocols and temporarily disable certain digital services across its 1,049 UK stores.
Key impacts include:
- Contactless payment systems offline during peak shopping times
- Delays in Click and Collect order fulfillment
- Temporary inaccessibility of digital vouchers and gift cards
- Suspension of returns processing at some locations
M&S has engaged external cybersecurity experts and notified regulatory authorities. The company states there is no evidence customer data was compromised, but it continues to monitor the situation closely.
Read more: Marks & Spencer Confirms a Cyberattack Hits Payments & Online Orders1
Blue Shield of California Leaked Health Info of 4.7 Million Patients
Blue Shield of California disclosed a major data breach affecting 4.7 million members after discovering that protected health information (PHI) was inadvertently shared with Google’s advertising platforms. The breach, which lasted from April 2021 to January 2024, was caused by a misconfiguration of Google Analytics, allowing sensitive member data to be shared with Google Ads.
Data potentially exposed includes:
- Insurance plan details, city, zip code, gender, and family size
- Blue Shield online account identifiers
- Medical claim service dates and providers
- Patient names and financial responsibility
- “Find a Doctor” search criteria and results
No Social Security numbers, driver’s license numbers, or banking information were compromised, and Blue Shield emphasized that no bad actor was involved. The incident highlights ongoing concerns about HIPAA compliance and the risks of using non-compliant analytics tools on healthcare websites.
Read more: Blue Shield Leaked Health Info of 4.7M patients with Google Ads2
Other News
1. Windows Defender Policies Bypassed via Microsoft Store Debugging Tool
A critical vulnerability in Windows Defender Application Control (WDAC) has been uncovered, allowing attackers to bypass strict security policies using WinDbg Preview, a Microsoft Store app. By leveraging WinDbg’s debugging features, attackers can inject malicious code into trusted processes-even when unsigned executables and DLLs are blocked. Organizations are urged to disable the Microsoft Store in secure environments and explicitly block WinDbgX.exe in WDAC policies to mitigate this threat.
Read more
2. MITRE Launches D3FEND CAD Tool for Advanced Cybersecurity Modeling
MITRE has introduced the D3FEND CAD tool as part of its D3FEND 1.0 release, revolutionizing how security practitioners model, analyze, and defend against cyber threats. The tool enables users to create structured, detailed cybersecurity scenarios using a knowledge graph approach, supporting functions from threat intelligence analysis to incident investigation. The browser-based interface allows for intuitive drag-and-drop modeling of attacks, defenses, and digital artifacts, fostering collaboration and standardized terminology across teams.
Read more
3. CISA Threat Hunting Staff Lose Access to Censys & VirusTotal
The Cybersecurity and Infrastructure Security Agency (CISA) has notified its threat hunting division to discontinue use of VirusTotal and Censys, two critical tools for malware analysis and threat intelligence. The move, part of broader agency reductions, affects over 500 cyber threat hunters and is expected to impact CISA’s ability to rapidly analyze and triage cyber threats across federal networks. The agency is seeking alternative solutions to minimize disruption.
Read more
4. Chrome to Add “Protect Your IP Address” Feature
Google Chrome will soon introduce an IP Protection feature in Incognito mode, masking users’ IP addresses using a two-hop proxy system. This privacy enhancement aims to limit third-party tracking while preserving essential web services, such as fraud prevention. The system ensures no single entity can link a user’s IP address to their browsing destinations, with selective application to advertising and tracking domains. The rollout begins in select regions this May.
Read more
5. RBI Directs Banks to Transition to ‘.bank.in’ Domains
The Reserve Bank of India (RBI) has mandated all banks to migrate their websites to the new ‘.bank.in’ domain by October 31, 2025. This initiative aims to enhance cybersecurity for digital payments and reduce fraud. The Institute for Development and Research in Banking Technology (IDRBT) will manage the domain registry, under the supervision of the Ministry of Electronics and Information Technology.
Read more
6. WhatsApp Rolls Out Advanced Chat Privacy Feature
WhatsApp has launched an Advanced Chat Privacy feature, adding new protections for users’ private and group conversations. The feature blocks chat exports, prevents automatic media downloads to other devices, and restricts the use of messages for AI features. This enhancement builds on WhatsApp’s existing privacy measures, including end-to-end encryption, disappearing messages, and chat locks.
Read more
7. How to Spot a Credit Card Skimmer
Credit card skimming remains a persistent threat at ATMs and gas stations. Key tips to detect skimmers include: checking for tampered security seals, misalignments, loose card readers, unusual objects inside the reader, and comparing the device to nearby card readers for inconsistencies. If you suspect a skimmer, avoid using the machine and report it immediately.
Read more
The post Weekly Cyber Security News Letter – Last Week’s Top Cyber Attacks & Vulnerabilities appeared first on Cyber Security News.
