2/27/2025 February 28, 2025February 28, 2025 ~ The Cyber Beat ~ Leave a comment Belgium Probes if Chinese Hackers Breached Its Intelligence ServiceChinese Cyber Espionage Jumps 150%, CrowdStrike FindsSpace Pirates Targets Russian IT Firms With New LuckyStrike Agent MalwareOpenSSF Publishes Security Framework for Open Source SoftwareDoes Terrible Code Drive You Mad? Wait Until You See What It Does to OpenAI’s GPT-4OA Disney Worker Downloaded an AI Tool. It Led to a Hack That Ruined His Life.…Hackers Stole this Engineer’s 1Password Database. Could It Happen to You?Microsoft Names Developers Behind Illicit AI Tools Used in Celebrity Deepfake SchemeKrebs: U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”Suspected Desorden Hacker Arrested for Breaching 90 OrganizationsPrivacy Tech Firms Warn France’s Encryption and VPN Laws Threaten PrivacyMeta Fixes Error That Exposed Instagram Users to Graphic and Violent ContentThousands Rescued From Scam Compounds in Myanmar Now Stuck at Thai BorderPhilippine Army Confirms Attack on Its NetworksDragonForce Ransomware Hits Saudi Firm, 6TB Data StolenFBI Confirms Lazarus Hackers Were Behind $1.5B Bybit Crypto Heist…FBI Urges Crypto Community to Avoid Laundering Funds From Bybit HackWinos 4.0 Malware Targets Taiwan With Email Impersonation…Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese OrganizationsOver 49,000 Misconfigured Building Access Systems Exposed OnlineSouthern Water Says Black Basta Ransomware Attack Cost £4.5m in ExpensesGrassCall Malware Campaign Drains Crypto Wallets via Fake Job InterviewsNew TgToxic Banking Trojan Variant Evolves with Anti-Analysis UpgradesVo1d Malware Botnet Grows to 1.6 Million Android TVs WorldwidePolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology DevicesNakivo Fixes Critical Flaw in Backup & Replication ToolSoftware Vulnerabilities Take Almost Nine Months to Patch
2/26/2025 February 26, 2025February 26, 2025 ~ The Cyber Beat ~ Leave a comment CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian NotariesGeopolitical Tension Fuels APT and Hacktivism SurgeNSA Says It Is Investigating Potential Misuse of Chat PlatformRomanian Police Question Pro-Russian Presidential Candidate Following Kremlin InterferenceWhat Apple Pulling Advanced Data Protection Means for You…U.S. Examining Whether UK’s Encryption Demand on Apple Broke Data TreatySignal May Exit Sweden If Government Imposes Encryption BackdoorCellebrite Cuts off Serbia Over Abuse of Phone-Cracking Software Against Civil Society99% of Organizations Report API-Related Security IssuesCybersecurity Budgets Should Reflect Business Risks, Corporate Leaders SayStartup PsiQuantum Says It is Making Millions of Quantum Computing ChipsOpenAI’s GPT 4.5 Spotted in Android Beta, Launch ImminentBybit Declares War on North Korea’s Lazarus Crime-Ring to Regain $1.5B Stolen From Wallet…Lazarus Hacked Bybit via Breached Safe{Wallet} Developer Machine‘Cyber Incident’ Shuts Down Cleveland Municipal Court for Third Straight DayPump.fun X Account Hacked to Promote Scam Governance TokenYes! Communities (CO) Sends Data Breach Letters Related to December 2024 IncidentEncryptHub Breaches 618 Orgs to Deploy Infostealers, RansomwareHackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ WebsitesMalicious PyPI Package “automslc” Enables 104K+ Unauthorized Deezer Music DownloadsCISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active ExploitationVSCode Extensions With 9 Million Installs Pulled over Security RisksQualcomm Pledges 8 Years of Security Updates for Android Kit using Its Chips (YMMV)How APT Naming Conventions Make Us Less Safe
2/25/2025 February 25, 2025February 25, 2025 ~ The Cyber Beat ~ Leave a comment New Auto-Color Linux Backdoor Targets North American Gov’ts, UniversitiesGhostwriter Cyber-Attack Targets Ukrainian, Belarusian OppositionChinese-Backed Silver Fox Plants Backdoors in Healthcare NetworksA Team of Female Founders Is Launching Cloud Security Tech That Could Overhaul AI ProtectionMicrosoft Invests in Cloud Data Firm Veeam Software to Build AI ProductsOnly a Fifth of Ransomware Attacks Now Encrypt Data61% of Hackers Use New Exploit Code Within 48 Hours of AttackQuarter of Brits Report Deepfake Phone ScamsThis Russian Tech Bro Helped Steal $93 Million and Landed in Us Prison. Then Putin Called.Swedish Authorities Seek Backdoor to Encrypted Messaging AppsUK Home Office’s New Vulnerability Reporting Mechanism Leaves Researchers Open to ProsecutionFirefox Continues Manifest V2 Support as Chrome Disables MV2 Ad-BlockersAnthropic’s Claude 3.7 Sonnet Is Here and Results Are InsaneU.S. Drug Testing Firm DISA Says Data Breach Impacts 3.3 Million PeopleOrange Group Confirms Breach After Hacker Leaks Company DocumentsSiberia’s Largest Dairy Plant Reportedly Disrupted With LockBit VariantGitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack WalletsHave I Been Pwned Adds 284M Accounts Stolen by Infostealer Malware‘OpenAI’ Job Scam Targeted International Workers Through TelegramFatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud ServicesLightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RATTwo Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISAMITRE Caldera Security Suite Scores Perfect 10 for InsecurityUnmanaged Devices: The Overlooked Threat CISOs Must Confront
2/24/2025 February 24, 2025February 24, 2025 ~ The Cyber Beat ~ Leave a comment Krebs: Trump 2.0 Brings Cuts to Cyber, Consumer Protections…Screens at HUD Display AI Video of Donald Trump Sucking Elon Musk’s ToesAustralia Bans Kaspersky Software Over National Security and Espionage ConcernsRussia Warns Financial Sector of Major IT Service Provider HackGoogle Is Replacing Gmail’s SMS Authentication With QR CodesInside the Telegram Groups Doxing Women for Their Facebook PostsMichigan Man Indicted for Dark Web Credential FraudOpenAI Bans ChatGPT Accounts Used by North Korean HackersBybit Offers $140m Bounty to Recover Funds After Mega Crypto-Heist…North Korean Hackers Linked to $1.5 Billion Bybit Crypto HeistNuna Baby Essentials (PA) Sends Data Breach Following Recent Cybersecurity IncidentNew Malware Campaign Uses Cracked Software to Spread Lumma and ACR StealerBotnet Targets Basic Auth in Microsoft 365 Password Spray AttacksExploits for Unpatched Parallels Desktop Flaw Give Root on MacsEssential Addons for Elementor XSS Vulnerability Discovered
2/21-23/2025 February 23, 2025February 23, 2025 ~ The Cyber Beat ~ Leave a comment Ukrainian Hackers Claim Breach of Russian Loan Company Linked to Putin’s Ex-WifeChinese Medical Devices Are in Health Systems Across U.S., and the Government and Hospitals Are WorriedData Leak Exposes TopSec’s Role in China’s Censorship-as-a-Service OperationsOpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence CampaignsIndia’s Haryana State Pollution Control Board Website ‘Hacked’, Plaint LodgedApple Pulls Encryption Feature From UK Over Government Spying DemandsGoogle Cloud Introduces Quantum-Safe Digital Signatures in KMSThe Cybersecurity Talent Shortage: WSJ Readers Dissect the ProblemPentagon Fast-Tracks ‘Cyber Command 2.0’ Review, Requests Authorities Wish ListNations Open ‘Data Embassies’ to Protect Critical InfoTop Polish Anti-Corruption Official Resigns Amid Spyware ProbeBybit Exchange Hacked, Over $1.4 Billion in ETH-Related Tokens DrainedBeware: PayPal “New Address” Feature Abused to Send Phishing EmailsFake CS2 Tournament Streams Used to Steal Crypto, Steam AccountsPhoenix Rehabilitation and Nursing Center Announces Third-Party Data Breach at Unnamed VendorVectraRx Mail Pharmacy (AZ) Confirms 2024 Data Breach Leaked Sensitive Information Belonging to 109,383 PeopleStar Solution Services (BC) Provides Notice of Data Breach Affecting Over 27k IndividualsAnne Arundel County (MD) Investigates Cyber Incident Affecting Payment Systems, Origin UnknownWilliamsburg-James City Schools (VA) Recovered From Cyber AttackSpyLend Android Malware Downloaded 100,000 Times From Google PlayCISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
2/20/2025 February 20, 2025February 20, 2025 ~ The Cyber Beat ~ Leave a comment Chinese Hackers Use Custom Malware to Spy on U.S. Telecom NetworksChina-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and RansomwareFriedrich Merz Targeted by Pro-Russian Disinformation Before German Vote, Researchers SayGoogle Ad-Tech Users Can Target National Security ‘Decision Makers’ and People With Chronic DiseasesOver 330 Million Credentials Compromised by InfostealersBlack Basta Ransomware Gang’s Internal Chat Logs Leak OnlineHacked, Leaked, Exposed: Why You Should Never Use Stalkerware AppsThe Cryptocurrency Scam That Turned a Small Town Against ItselfWest Coast Cybersecurity Salaries Outshine Rest of CountryHealth Net Federal Services Pays $11M Settlement Over Alleged Cybersecurity LapsesSEC Replaces Cryptocurrency Fraud Unit With Team Aimed More Broadly at Emerging TechWhen Brand Loyalty Trumps Data SecurityMalicious Ads Target Freelance Developers via GitHubDarcula PhaaS Can Now Auto-Generate Phishing Kits for Any BrandOttawa Family Physicians (KS) Notifies Patients of December 2024 Data BreachUK Healthcare Giant Hcrg Confirms Hack After Ransomware Gang Claims Theft of Sensitive DataNew NailaoLocker Ransomware Used Against EU Healthcare OrgsCybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP ArchivesHackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR CodesCritical Flaws in Mongoose Library Expose MongoDB to Data Thieves, Code ExecutionCitrix Releases Security Fix for NetScaler Console Privilege Escalation VulnerabilityMicrosoft Patches Actively Exploited Power Pages Privilege Escalation VulnerabilityApiiro Unveils Free Scanner to Detect Malicious Code Merges
2/19/2025 February 19, 2025February 19, 2025 ~ The Cyber Beat ~ Leave a comment Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal MessengerSpies Eye AUKUS Nuclear Submarine Secrets, Australia’s Intelligence Chief Warns…Multiple Foreign Intelligence Agencies Plotting to Murder Dissidents in AustraliaHundreds of U.S. Military and Defense Credentials CompromisedThree Ways to Batten Down Executives’ Personal Digital LivesMicrosoft Creates Chip It Says Shows Quantum Computers Are ‘Years, Not Decades’ AwaySanctioned Entities Fueled $16 Billion in Cryptocurrency Activity Last Year, Report SaysPegasus Spyware Infections Found on Several Private Sector PhonesCISA and FBI: Ghost Ransomware Breached Orgs in 70 CountriesAustralian IVF Clinic Genea Suffers Data Breach Following Cyber IncidentPhishing Attack Hides JavaScript Using Invisible Unicode TrickWordPress Plugin Vulnerability Exposes 90,000 Sites to AttackCISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities ListNew WinRAR Version Strips Windows Metadata to Increase Privacy
2/18/2025 February 18, 2025February 18, 2025 ~ The Cyber Beat ~ Leave a comment Mustang Panda Leverages Microsoft Tools to Bypass Anti-Virus SolutionsWinnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage CampaignSen. Ron Wyden Remains Hopeful for Bipartisan Action on Tech, Cyber IssuesSANS Institute Launches AI Cybersecurity HackathonIt’s Early, But BlackLock is On Track to Be 2025’s Most Prolific Ransomware GroupKrebs: How Phished Data Turns into Apple & Google WalletsU.S. Newspaper Publisher Uses Linguistic Gymnastics to Avoid Saying Its Outage Was Due to RansomwareManaged Healthcare Defense Contractor to Pay $11 Million Over Alleged Cyber FailingsVenture Capital Giant Insight Partners Hit by CyberattackEvolving Snake Keylogger Variant Targets Windows UsersCracked Garry’s Mod, BeamNG.Drive Games Infect Gamers with MinersProofpoint Uncovers FrigidStealer, A New MacOS InfostealerCybercriminals Exploit Onerror Event in Image Tags to Deploy Payment SkimmersOpenSSH Flaws Expose Systems to Critical AttacksJuniper Session Smart Routers Vulnerability Could Let Attackers Bypass AuthenticationNew Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory CredentialsTrend Micro Predicts Increase in Ai-Driven Cyber Threats in 2025
2/17/2025 February 17, 2025February 17, 2025 ~ The Cyber Beat ~ Leave a comment Italian Websites Targeted by Alleged Pro-Russian HackersSweden’s PM on Recent Suspected Undersea Cable Sabotage: ‘We Don’t Believe Random Things Suddenly Happen Quite Often’South Korea Suspends Downloads of AI Chatbot DeepSeekX Now Blocks Signal Contact Links, Flags Them as MaliciousChase Will Soon Block Zelle Payments to Sellers on Social MediaEstonian Duo Plead Guilty to $577m Crypto Ponzi SchemeAustrian Ex-Chancellor Kurz’s Cybersecurity Firm Dream Says Reaches $1 Billion ValuationGoogle Chrome’s AI-Powered Security Feature Rolls Out to EveryoneFinastra Announces Data Breach Following Discovery of November 2024 CyberattackXactus (PA) Data Breach Letter Confirms 2024 Incident Compromised Individuals’ Social Security NumbersInnovative Renal Care (TN) Sends Data Breach Letters Following Early 2024 IncidentIncluded Health (CA) Provides Notice of Data Breach to an Unknown Number of IndividualsMicrosoft Detects New XCSSET MacOS Malware VariantTelegram Used as C2 Channel for New Golang MalwareMicrosoft to Remove the Location History Feature in WindowsHow Public & Private Sectors Can Better Align Cyber Defense
2/14-16/2025 February 16, 2025February 16, 2025 ~ The Cyber Beat ~ Leave a comment Russian Hackers Target Microsoft 365 Accounts With Device Code PhishingUkraine Warns of Growing AI Use in Russian Cyber-Espionage OperationsTop U.S. Election Security Watchdog Forced to Stop Election Security WorkOpen-Source Code Repository Codeberg Says ‘Far-Right Forces’ Are Behind Massive Spam AttacksRansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations GloballyAPIs: The Foundation of Modern Software Development Is Under Rising Cyber AttackThis Open Text-To-Speech Model Needs Just Seconds of Audio to Clone Your VoiceTexas Investigating DeepSeek for Violating Data Privacy LawPolice Risk Losing Society’s Trust in Fight Against Cybercrime, Warns Europol ChiefHow Banks Can Adapt to the Rising Threat of Financial CrimeLazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer AttacksVirginia Attorney General’s Office Hit by Cyber AttackREMSA Health Experiences Cyberattack, Raising Questions of a Possible Data BreachPPL Electric Utilities (PA) Breach at Vendor Exposed Some Customer DataFillmore County Hospital (NE) Announces Data BreachPirateFi Game on Steam Caught Installing Password-Stealing MalwareNew “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code ExecutionSonicWall Firewall Bug Leveraged in Attacks After PoC Exploit ReleasePostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted AttacksAndroid’s New Feature Blocks Fraudsters from Sideloading Apps During Calls
2/13/2025 February 13, 2025February 13, 2025 ~ The Cyber Beat ~ Leave a comment China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco RoutersRussian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand OpsNorth Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea CyberattacksCISA and FBI Warn Against Buffer Overflow VulnerabilitiesHackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security ScannersThe Loneliness Epidemic Is a Security CrisisKrebs: Nearly a Year Later, Mozilla is Still Promoting OneRepDOGE Hasn’t Accessed Legally Protected Tax Data, Administration Says in Privacy Suit ResponseU.S. Lawmakers Press Trump Admin to Oppose UK’s Order for Apple iCloud BackdoorChinese Espionage Tools from Emperor Dragonfly Deployed in RA World Ransomware AttackzkLend Loses $9.5M in Crypto Heist, Asks Hacker to Return 90%Hacker Leaks Account Data of 12 Million Zacks Investment UsersAstaroth Phishing Kit Bypasses 2FA Using Reverse Proxy TechniquesFINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and LinuxSurge in Attacks Exploiting Old ThinkPHP and ownCloud FlawsPalo Alto Networks Patches Authentication Bypass Exploit in PAN-OS SoftwareBuyout Firms Vie for Cybersecurity Firm Trend Micro, Sources SayDutch Police Seizes 127 XHost Servers, Dismantles Bulletproof Hoster
2/12/2025 February 12, 2025February 12, 2025 ~ The Cyber Beat ~ Leave a comment A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks…BadPilot Network Hacking Campaign Fuels Russian Sandworm AttacksRussian-Linked Bots Sow Fear, Distrust Ahead of German VoteU.S. Reportedly Releases Russian Cybercrime Figure Alexander Vinnik in Prisoner SwapNorth Korean Hackers Exploit PowerShell Trick to Hijack Devices in New CyberattackThis Ad-Tech Company Is Powering Surveillance of U.S. Military PersonnelLeaking the Email of Any YouTube User for $10,000Romance Scams Cost Americans $697.3M Last YearSerial “Swatter” Behind 375 Violent Hoaxes Targeted His Own Home to Look like a VictimTrump Plans to Nominate GOP Insider Sean Cairncross as National Cyber DirectorMars Hydro and LG-LED Solutions: Massive IoT Data Breach Exposes 2.7 Billion RecordsSarcoma Ransomware Claims Breach at Giant PCB Maker UnimicronRansomware Attack Disrupting Michigan’s Sault Tribe OperationsHeartland Bank (NE) Sends Data Breach Letters Following Recent Email Data Security IncidentWatergate Hotel Hit with Data BreachResearchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit VulnerabilityProgress Software Patches High-Severity LoadMaster Flaws Affecting Multiple VersionsIvanti Patches Critical Flaws in Connect Secure and Policy Secure – Update NowKrebs: Microsoft Patch Tuesday, February 2025 EditionIs AI a Friend or Foe of Healthcare Security?
2/11/2025 February 12, 2025February 12, 2025 ~ The Cyber Beat ~ Leave a comment Order Blocking Musk’s DOGE From Treasury Systems Doesn’t Apply to Secretary Bessent, Judge SaysProbe Finds U.S. Coast Guard Has Left Maritime Cybersecurity AdriftNick Robinson’s X Account Hacked to Promote CryptoIn Fighting AI Chip Trade War With China, There’s One Big Mistake U.S. Can’t Afford to MakeU.S. Sanctions LockBit Ransomware’s Bulletproof Hosting ProviderThe Company Man: Binance Exec Detained in Nigeria Breaks His SilenceArizona Woman Pleads Guilty to Running Laptop Farm for N. Korean IT Workers, Faces 9-Year SentenceCybersecurity Firm SailPoint Sets Sights on $12.6 Billion Valuation in U.S. IPORussian Military Hackers Deploy Malicious Windows Activators in UkrainePowerSchool Breach Exposed Special Education Status, Mental Health Data and Parent Restraining OrdersThird-Party Data Breach at ArdyssLife Affects an Unknown Number of ConsumersSonicWall Firewall Exploit Lets Hackers Hijack VPN Sessions, Patch NowFortinet Warns of New Zero-Day Exploited to Hijack FirewallsMicrosoft February 2025 Patch Tuesday Fixes 4 Zero-Days, 55 FlawsLinux Running in a PDF? This Hack Is as Bizarre as It Is BrilliantData Leaks Happen Most Often in These States — Here’s Why
2/10/2025 February 11, 2025February 11, 2025 ~ The Cyber Beat ~ Leave a comment Europol Warns Financial Sector of “Imminent” Quantum ThreatThe Rise of the Drone BoatsUK Military Fast-Tracks Cybersecurity RecruitmentExperts Dismayed at UK’s Apple Decryption DemandsCongressional Leaders Given Access to Surveillance Court in Bid for More TransparencyNew York State Bans DeepSeek From Government DevicesIndiana Man Gets 20 Years for $37m Crypto HeistAlabama Man Pleads Guilty to SIM Swap Attack on U.S. SEC X AccountAll Your 8Base Are Belong to Us: Ransomware Crew Busted in Global StingWhy Rebooting Your Phone Daily Is Your Best Defense Against Zero-Click HackersBrave Now Lets You Inject Custom JavaScript to Tweak WebsitesMicrosoft Raises Rewards for Copilot AI Bug Bounty ProgramMemorial Hospital and Manor (GA) Alerts 120,000 Individuals of Data BreachU.S. Newspaper Publisher Lee Enterprises Still Struggling to Print Papers a Week After ‘Cybersecurity Event’Sky ECC Encrypted Service Distributors Arrested in Spain, NetherlandsVectraRx Mail Pharmacy (AZ) Sends Out Data Breach Letters Following December 2024 CyberattackBadIIS Malware Exploits IIS Servers for SEO FraudHackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento StoresXE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web ShellsOver 12,000 KerioControl Firewalls Exposed to Exploited RCE FlawZimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF VulnerabilitiesApple Releases Security Updates to Block iPhone Passcode Hacking Tools, Again
2/7-9/2025 February 9, 2025February 9, 2025 ~ The Cyber Beat ~ Leave a comment Krebs: Teen on Musk’s DOGE Team Graduated from ‘The Com’States Prepare Privacy Lawsuit Against DOGE Over Access to Federal DatareCAPTCHA: 819 Million Hours of Wasted Human Time and Billions of Dollars in Google ProfitsCloudflare Outage Caused by Botched Blocking of Phishing URLMicrosoft Shares Workaround for Windows Security Update IssuesApple Ordered to Open Encrypted User Accounts Globally to UK SpyingOne of Tax Return Filing Season’s Biggest Financial Risks Isn’t an IRS AuditIndia’s RBI Introduces Exclusive “bank.in” Domain to Combat Digital Banking FraudHPE Notifies Employees of Data Breach After Russian Office 365 HackHospital Sisters Health System Notifies 882,000 Patients of August 2023 BreachPhones, Email, Classes Disrupted in University of the Bahamas Ransomware AttackMassive Brute Force Attack Uses 2.8 Million IPs to Target VPN DevicesMalicious AI Models on Hugging Face Exploit Novel Attack TechniqueCybercriminals Weaponize Graphics Files in Phishing AttacksHackers Exploit Cityworks RCE Bug to Breach Microsoft IIS ServersCISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
2/6/2025 February 7, 2025February 7, 2025 ~ The Cyber Beat ~ Leave a comment Russia Uses Messaging Apps to Recruit Terrorists, Ukraine’s Police SaysNorth Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored CredentialsFederal Judge Tightens DOGE Leash Over Critical Treasury Payment System AccessKrebs: Experts Flag Security, Privacy Risks in DeepSeek AI App…DeepSeek iOS App Sends Data Unencrypted to ByteDance-Controlled ServersSpyware Firm Paragon Solutions Cuts Italy Access After Alleged Targeting of ActivistsSemgrep Raises $100 Million to Develop Bug-Hunting SoftwareNew UK Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-AttacksEuropol Cracks Down on Global Child Abuse Network “The Com”Lawsuit Against Automatic License Plate Reader Cameras Can Move Forward, Judge SaysBritish Engineering Firm IMI Discloses Breach, Shares No DetailsData Breach at Bankers Cooperative Group (NJ) Impacts Employees of 21 CompaniesDDoS Attacks Reportedly Behind DayZ and Arma Network OutagesFake Google Chrome Sites Distribute ValleyRAT Malware via DLL HijackingHackers Exploit SimpleHelp RMM Flaws to Deploy Sliver MalwareSparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from ImagesMicrosoft Says Attackers Use Exposed ASP.NET Keys to Deploy MalwareWordPress ASE Plugin Vulnerability Threatens Site SecurityCisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEscCritical RCE Bug in Microsoft Outlook Now Exploited in AttacksNew Microsoft Script Updates Windows Media With Bootkit Malware Fixes
2/5/2025 February 5, 2025February 5, 2025 ~ The Cyber Beat ~ Leave a comment Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group CampaigniOS App Store Apps With Screenshot-Reading Malware Found for the First TimeDespite Catastrophic Hacks, Ransomware Payments Dropped Dramatically Last Year…Following Law Enforcement Disruptions…As Victims Refused to Pay HackersCybercriminals Eye DeepSeek, Alibaba LLMs for Malware DevelopmentRobocallers Posing as FCC Fraud Prevention Team Call FCC StaffHackers Spoof Microsoft ADFS Login Pages to Steal CredentialsSpain Arrests Suspected Hacker of U.S. and Spanish Military AgenciesGoogle Says Commercial Quantum Computing Applications Arriving Within Five YearsNSA Employees Offered Deferred Resignation, Early RetirementDOGE Latest: Citrix Supremo Has ‘Read-Only’ Access to U.S. Treasury Payment SystemSophisticated Phishing Campaign Targets Ukraine’s Largest BankMobile Malware Targeting Indian Banks Exposes 50,000 UsersThousands of McKinney, TX Residents Impacted by October Data BreachKraftCPAs (TN) Experiences Apparent Cyberattack Leading to Data BreachCybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying AttemptsAsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth AttacksSilent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage CyberattacksNew Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle AttackCISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25Researchers Warn of Risks Tied to Abandoned Cloud Storage BucketsThailand Cuts Power Supply to Myanmar Scam Hubs
2/4/2025 February 4, 2025February 4, 2025 ~ The Cyber Beat ~ Leave a comment North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOSChinese Cyberspies Use New SSH Backdoor in Network Device HacksRussian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW ProtectionsCyberattack on NHS Causes Hospitals to Miss Cancer Care TargetsMeet the Hired Guns Who Make Sure School Cyberattacks Stay HiddenKrebs: Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?California Man Steals $50 Million Using Fake Investment Sites, Gets 7 YearsDeepSeek’s Breakthrough Emboldens Open-Source AI Models Like Meta’s LlamaTaiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage RisksCyber Agencies Share Security Guidance for Network Edge DevicesGrubhub Security Breach Compromises Customer and Driver DataRussian Cyber Research Companies Post Alerts About Infostealer, Industrial ThreatsDaggerFly-Linked Linux Malware Targets Network AppliancesMalicious Go Package Exploits Module Mirror Caching for Persistent Remote AccessAMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin AccessMicrosoft SharePoint Connector Flaw Could’ve Enabled Credential Theft Across Power PlatformMicrosoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 ScoreGoogle Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104Netgear Warns Users to Patch Critical WiFi Router VulnerabilitiesZyxel Won’t Patch Newly Exploited Flaws in End-Of-Life Routers
2/3/2025 February 4, 2025February 4, 2025 ~ The Cyber Beat ~ Leave a comment Russian Hackers Suspected of Compromising British PM’s Personal Email AccountHigh-profile X Accounts Targeted in Phishing CampaignDeepSeek AI Tools Impersonated by Infostealer Malware on PyPi768 CVEs Exploited in the Wild in 2024Ransomware Groups Weathered Raids, Profited in 2024Canadian Charged With Stealing $65 Million Using DeFi Crypto ExploitsTSA’s Airport Facial-Recog Tech Faces Audit ProbeSweden Releases Suspected Ship, Says Cable Break ‘Clearly’ Not SabotageCasio UK Online Store Hacked to Steal Customer Credit CardsYazoo Valley Electric Power Association (MS) Warns 20,000 Residents of Data BreachCoyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial InstitutionsCrazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer MalwareGoogle Fixes Android Kernel Zero-Day Exploited in AttacksAmazon Redshift Gets New Default Settings to Prevent Data BreachesProactive Vulnerability Management for Engineering Success
1/31-2/2/2025 February 2, 2025February 2, 2025 ~ The Cyber Beat ~ Leave a comment Backdoor Found in Two Healthcare Patient Monitors, Linked to IP in ChinaMusk Aides Lock Workers Out of OPM Computer SystemsCISA Employees Told They Are Exempt From Federal Worker Resignation ProgramWhatsApp Disrupts Spyware Campaign Targeting JournalistsKrebs: FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing GangGilmore Girls Fans Nabbed as Eurocops Dismantle Two Major Cybercrime Forums: Nulled & CrackedFormer Polish Justice Minister Arrested in Sprawling Spyware ProbeKuCoin to Pay Nearly $300 Million in Penalties After Guilty PleaDeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI ChatbotTata Technologies Hit by Ransomware AttackCommunity Health Center (CT) Data Breach Impacts 1 Million PatientsGlobe Life Data Breach May Impact an Additional 850,000 ClientsMizuno USA Says Hackers Stayed in Its Network for Two MonthsBeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API KeyHackers Use Fake Wedding Invitations to Spread Android Malware in Southeast AsiaThreat Actors Target Public-Facing Apps for Initial AccessBroadcom Patches VMware Aria Flaws – Exploits May Lead to Credential TheftPyPi Adds Project Archiving System to Stop Malicious UpdatesChinese AI App DeepSeek Was Downloaded by Millions. Deleting It Might Come Next