Oluwapelumi Adejumo@CryptoSlate
//
Cryptocurrency exchange Bybit has confirmed a record-breaking theft of approximately $1.46 billion in digital assets from one of its offline Ethereum wallets. The attack, which occurred on Friday, is believed to be the largest crypto heist on record. Bybit disclosed that a highly sophisticated attack resulted in the theft of more than Rs 11,972 crores in digital assets.
The theft targeted an Ethereum cold wallet, involving a manipulation of a transaction from the cold wallet to a warm wallet. This allowed the attacker to gain control and transfer the funds to an unidentified address. The incident highlights the rising trend of cryptocurrency heists, driven by the allure of profits and challenges in tracing such crimes.
Recommended read:
References :
- www.techmeme.com: ZachXBT: crypto exchange Bybit has experienced $1.46B worth of "suspicious outflows"; Bybit CEO confirms hacker took control of cold ETH wallet
- CryptoSlate: The crypto exchange ByBit has been hacked, and roughly $1.5 billion in Ethereum (ETH) has been stolen — making this one of the biggest hacks in history.
- infosec.exchange: NEW: Crypto exchange Bybit said it was hacked and suffered a loss of around $1.4 billion (~401,346 ETH) at the time of the hack.
- PCMag UK security: The Bybit exchange lost 400,000 in ETH, or about $1.4 billion, before the price began to slide, making it the biggest crypto-related hack in history.
- techcrunch.com: TechCrunch reports on the Bybit hack, disclosing a loss of approximately $1.4 billion in Ethereum.
- ciso2ciso.com: In a major cybersecurity incident, Bybit, the world’s 2nd-largest crypto exchange suffered a $1.4 billion ETH hack from a cold wallet breach.
- ciso2ciso.com: Bybit Hack: $1.4B Stolen from World’s 2nd Largest Crypto Exchange – Source:hackread.com
- cryptoslate.com: ByBit suffers $1.5 billion Ethereum heist in cold wallet breach
- www.coindesk.com: Bybit experiences USD1.46B in suspicious outflows
- BleepingComputer: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- The Cryptonomist: 3 Best Bybit Alternatives As Top CEX Is Hacked
- Gulf Business: ‘Worst hack in history’: Dubai crypto exchange Bybit suffers $1.5bn ether heist
- Anonymous ???????? :af:: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- www.bleepingcomputer.com: Hacker steals record $1.46 billion in ETH from Bybit cold wallet
- Techmeme: Bybit Loses $1.5B in Hack but Can Cover Loss, CEO Confirms (Oliver Knight/CoinDesk)
- Report Boom: Report on the Bybit crypto heist, detailing the incident and security recommendations.
- thehackernews.com: Report on the Bybit hack, highlighting the scale of the theft and its implications.
- reportboom.com: Reportboom article about Bybit's $1.46B Crypto Heist.
- www.it-daily.net: Bybit hacked: record theft of 1.5 billion US dollars
- Protos: News about the Bybit cryptocurrency exchange being hacked for over \$1.4 billion.
- The420.in: On Friday, cryptocurrency exchange Bybit disclosed that a highly sophisticated attack resulted in the theft of more than Rs 11,972 crores in digital assets from one of its offline Ethereum wallets—the largest crypto heist on record.
- TechSpot: The hackers stole the crypto from Bybit's cold wallet, an offline storage system.
- Talkback Resources: Crypto exchange Bybit was targeted in a $1.46 billion theft by the Lazarus Group, highlighting the rising trend of cryptocurrency heists driven by the allure of profits and challenges in tracing such crimes.
- www.bleepingcomputer.com: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- www.the420.in: The420.in: Biggest Crypto Heist Ever: Bybit Loses Rs 12,000+ Crore in Sophisticated Ethereum Wallet Attack!
- www.cnbc.com: This report discusses the Bybit hack, detailing the amount stolen and the potential impact on the crypto market.
- www.engadget.com: This news piece reports on the massive crypto heist from Bybit, highlighting the scale of the incident and the impact on the crypto market.
- Techmeme: Arkham says ZachXBT submitted proof that North Korea's Lazarus Group is behind Bybit's $1.5B hack, which is the largest single theft in crypto history
- BrianKrebs: Infosec exchange post describing Bybit breach.
- Talkback Resources: Bybit cryptocurrency exchange suffered a cyberattack resulting in the theft of $1.5 billion worth of digital currency, including over 400,000 ETH and stETH, with potential vulnerabilities in the Safe.global platform's user interface exploited.
- securityaffairs.com: SecurityAffairs reports Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever.
- gulfbusiness.com: ‘Worst hack in history’: Dubai crypto exchange Bybit suffers $1.5bn ether heist
- techcrunch.com: Crypto exchange Bybit says it was hacked and lost around $1.4B
- Tekedia: The cryptocurrency industry has been rocked by what is now considered the largest digital asset theft in history, as Bybit, a leading crypto exchange, confirmed on Friday that hackers stole approximately $1.4 billion worth of Ethereum (ETH) from one of its offline wallets.
- blog.checkpoint.com: What the Bybit Hack Means for Crypto Security and the Future of Multisig Protection
- Dan Goodin: Crypto exchange Bybit said it was hacked and suffered a loss of around $1.4 billion (~401,346 ETH) at the time of the hack.
- BleepingComputer: Crypto exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- Security Boulevard: North Korea’s Lazarus Group Hacks Bybit, Steals $1.5 Billion in Crypto
- bsky.app: Elliptic is following the money on this ByBit hack - the biggest theft ot all time. “Within 2 hours of the theft, the stolen funds were sent to 50 different wallets, each holding approximately 10,000 ETH. These are now being systematically emptied�.
- Talkback Resources: Talkback Post about the $1.5B Bybit Hack: The Era of Operational Security Failures Has Arrived
- infosec.exchange: Reports that North Korean hackers stole $1.4 billion in crypto from Bybit.
- securityboulevard.com: North Korea's notorious Lazarus Group reportedly stole $1.5 billion in cryptocurrency from the Bybit exchange in what is being called the largest hack in the controversial market's history.
- billatnapier.medium.com: One of the Largest Hacks Ever? But Will The Hackers Be Able To Launder The Gains?
- thecyberexpress.com: thecyberexpress.com - Details on Bybit Cyberattack.
- Matthew Rosenquist: This may turn out to be the biggest hack in history! $1.5 BILLION.
- PCMag UK security: The $1.4 billion at Bybit—the largest known cryptocurrency heist in history—has been traced to the notorious Lazarus North Korean hacking group.
- www.nbcnews.com: Hackers steal $1.5 billion from exchange Bybit in biggest-ever crypto heist: Blockchain analysis firm Elliptic later linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking collective
- www.pcmag.com: Researchers spot the $1.4 billion stolen from Bybit moving through cryptocurrency wallets that were used in earlier heists attributed to North Korea's Lazarus hacking group.
- siliconangle.com: $1.5B in cryptocurrency stolen from Bybit in attack linked to North Korean hackers
- www.americanbanker.com: Nearly $1.5 billion in tokens lost in Bybit crypto exchange hack
- SiliconANGLE: SiliconAngle reports on the details of the Bybit hack and links it to North Korean hackers.
- techcrunch.com: TechCrunch reports on the massive crypto heist, citing research that points to North Korean hackers as perpetrators.
- OODAloop: Reports that North Korea’s Lazarus Group APT is Behind Largest Crypto Heist Ever
- : Looming Shadows: $1.5 Billion Crypto Heist Shakes Confidence in Security Measures
- Schneier on Security: Schneier on Security covers the North Korean Hackers Stealing $1.5B in Cryptocurrency.
- Dataconomy: How the Bybit hack shook the crypto world: $1.5B gone overnight
- be3.sk: Looming Shadows: $1.5 Billion Crypto Heist Shakes Confidence in Security Measures
- Risky Business Media: Risky Business #781 -- How Bybit oopsied $1.4bn
- cyberriskleaders.com: Bybit, a leading exchange, was hacked for USD1.4 billion in Ethereum and staked Ethereum, sending shockwaves through the digital asset community.
- www.csoonline.com: Independent investigation finds connections to the Lazarus Group.
- Cybercrime Magazine: Bybit suffers the largest crypto hack in history
- www.theguardian.com: Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit.
- bsky.app: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- SecureWorld News: SecureWorld reports on the Bybit hack, attributing it to the Lazarus Group.
- OODAloop: The Largest Theft in History – Following the Money Trail from the Bybit Hack
- gbhackers.com: Researchers Uncover $1.4B in Sensitive Data Tied to ByBit Hack by Lazarus Group
- Secure Bulletin: Lazarus group’s Billion-Dollar Bybit heist: a cyber forensics analysis
- Talkback Resources: "
THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma [mal]
- infosec.exchange: NEW: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum.
- CyberInsider: Record $1.5 billion Bybit hack undermines trust in crypto security
- The Register - Security: Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover its funds.
- PCMag UK security: The malicious Javascript code used in the attack could secretly modify transactions for Safe{Wallet}, a cryptocurrency wallet provider. The suspected North Korean hackers who $1.4 billion in cryptocurrency from Bybit pulled off the heist by infiltrating a digital wallet provider and tampering with its software.
- techcrunch.com: Last week, hackers stole around $1.4 billion in Ethereum cryptocurrency from crypto exchange Bybit, believed to be the largest crypto heist in history. Now the company is offering a total of $140 million in bounties for anyone who can help trace and freeze the stolen funds. Bybit’s CEO and
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- The Register - Security: The FBI has officially accused North Korea's Lazarus Group of stealing $1.5 billion in Ethereum from crypto-exchange Bybit earlier this month, and asked for help tracking down the stolen funds.
- techcrunch.com: The FBI has said the North Korean government is “responsible� for the hack at crypto exchange Bybit, which resulted in the theft of more than $1.4 billion in Ethereum cryptocurrency.
- Talkback Resources: FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge [net] [mal]
- PCMag UK security: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- The420.in: Rs 1.27 trillion Stolen: Bybit Joins the Ranks of Crypto’s Largest Thefts – Full List Inside
- Talkback Resources: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers [mal]
- Tekedia: Bybit Declares War on “Notorious� Lazarus Group After $1.4B Hack, Offers $140m Reward
- SecureWorld News: The FBI officially attributed the massive to North Korea's state-sponsored hacking group, TraderTraitor, more commonly known as the infamous Lazarus Group.
- ChinaTechNews.com: North Korea was behind the theft of approximately $1.5bn in virtual assets from a cryptocurrency exchange, the FBI has said, in what is being described as the biggest heist in history.
- Wallarm: API Armor: How Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
@itpro.com
//
A supply chain attack has targeted the widely used GitHub Action 'tj-actions/changed-files-action,' leading to the leakage of secrets from numerous repositories. This incident, first reported by Step Security, involved the compromise of the action, allowing attackers to inject malicious code into CI workflows. This code was designed to dump CI runner memory, potentially exposing sensitive information like API keys and passwords in public repository workflow logs. The compromised 'tj-actions/changed-files' repository and the GitHub gist hosting the malicious script have since been removed to mitigate further exploitation.
This vulnerability, assigned CVE-2025-30066, affected all versions of 'tj-actions/changed-files' as of March 15, 2025. The malicious code was introduced through a spoofed commit from the Renovate bot, enabling unauthorized access and modification of the action's code. While no external exfiltration of secrets to an attacker-controlled server has been observed, the exposure within affected repositories remains a significant risk. Impacted organizations are urged to take immediate action to mitigate the risk of credential theft and CI pipeline compromise, particularly in public repositories where secrets in workflow logs are publicly accessible.
Recommended read:
References :
- Rescana: GitHub Actions Security Breach: tj-actions/changed-files-action Supply Chain Vulnerability Analysis
- Wiz Blog | RSS feed: GitHub Action tj-actions/changed-files supply chain attack: everything you need to know
- Open Source Security: tj-action/changed-files GitHub action was compromised
- Dan Goodin: Is anyone following this breach involving the j-actions/changed-files GitHub Action? Seems pretty major, but I'm still trying to figure out exactly what's going on, who's affected, and what people (and how many) are affected. If you can help me get up to speed please DM me on Signal -- DanArs.82, or on Mastodon
- securityonline.info: Popular GitHub Action “tj-actions/changed-files� Compromised (CVE-2025-30066)
- Risky Business Media: Risky Bulletin: GitHub supply chain attack leaks secrets
- www.itpro.com: Organizations urged to act fast after GitHub Action supply chain attack
- : Tj-actions Supply Chain Attack Exposes 23,000 Organizations
- Latio Pulse: Understanding and Re-Creating the tj-actions/changed-files Supply Chain Attack discusses the tj-actions/changed-files supply chain attack.
- The Register - Security: GitHub supply chain attack spills secrets from 23,000 projects
- BleepingComputer: Supply chain attack on popular GitHub Action exposes CI/CD secrets
- www.cybersecuritydive.com: Supply chain attack against GitHub Action triggers massive exposure of secrets
- Metacurity: A GitHub Action used in 23,000 repos was compromised in a supply chain attack
- gbhackers.com: Supply Chain Attack Targets 23,000 GitHub Repositories
- hackread.com: Malicious Code Hits ‘tj-actions/changed-files’ in 23,000 GitHub Repos
- www.infoworld.com: Thousands of open source projects at risk from hack of GitHub Actions tool
- bsky.app: Bsky Social - A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs.
- Wiz Blog | RSS feed: New GitHub Action supply chain attack: reviewdog/action-setup
- unit42.paloaltonetworks.com: Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files
- Legit Security Blog: Github Actions tj-actions/changed-files Attack
- Security Risk Advisors: TB2025318 – GitHub Action “tj-actions/changed-files� Compromised to Leak Secrets for Repositories Using the CI/CD Workflow
- securityaffairs.com: GitHub Action tj-actions/changed-files was compromised in supply chain attack
- bsky.app: A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets.
- blog.gitguardian.com: Compromised tj-actions/changed-files GitHub Action: A look at publicly leaked secrets
- Kaspersky official blog: Supply chain attack via GitHub Action | Kaspersky official blog
- Risky Business Media: Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects
- thecyberexpress.com: CISA Warns of Exploited GitHub Action CVE-2025-30066 – Users Urged to Patch
- The DefendOps Diaries: Understanding the GitHub Action Supply Chain Attack
- Sam Bent: GitHub Action Vulnerability: Supply Chain Attack Exposes Limited Secrets, Raises Broader Concerns
- Schneier on Security: Critical GitHub Attack
- Aembit: GitHub Action tjactions/changed-files Supply Chain Breach Exposes NHI Risks in CI/CD
- www.cybersecurity-insiders.com: GitHub Supply Chain Attack Raises Awareness Across The Cybersecurity Community
- tl;dr sec: [tl;dr sec] #271 - Threat Modeling (+ AI), Backdoored GitHub Actions, Compromising a Threat Actor's Telegram
@zdnet.com
//
Federal cybersecurity agencies, including the FBI and CISA, have issued an urgent advisory regarding the escalating threat of Medusa ransomware. Since its emergence in 2021, Medusa has targeted over 300 victims across various critical infrastructure sectors, including medical, education, legal, insurance, technology, and manufacturing. The group's activities have accelerated in recent months, prompting immediate action recommendations for organizations. Medusa operates as a Ransomware-as-a-Service (RaaS) model, now recruiting affiliates from criminal forums to launch attacks, encrypt data, and extort victims worldwide.
Medusa actors leverage common ransomware tactics, including phishing campaigns and exploiting unpatched software vulnerabilities. They employ a double extortion strategy by encrypting victim data and threatening to publicly release it if the ransom is not paid. To mitigate the risk, CISA and the FBI recommend organizations update systems regularly to close known vulnerabilities, implement network segmentation to restrict lateral movement, and enable multi-factor authentication for all services. They also urge organizations to report incidents promptly to aid in tracking and combating the growing threat.
Recommended read:
References :
- bsky.app: CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month.
- www.bleepingcomputer.com: CISA: Medusa ransomware hit over 300 critical infrastructure orgs
- securityonline.info: FBI, CISA, and MS-ISAC Warn Organizations About Medusa Ransomware Attacks
- DataBreaches.Net: #StopRansomware: Medusa Ransomware
- Industrial Cyber: US exposes Medusa ransomware threat, as over 300 organizations targeted across critical infrastructure sector
- securityaffairs.com: SecurityAffairs article: Medusa ransomware hit over 300 critical infrastructure organizations until February 2025
- www.cybersecuritydive.com: Medusa ransomware slams critical infrastructure organizations
- www.itpro.com: CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
- www.tripwire.com: The Medusa ransomware gang continues to present a major threat to the critical infrastructure sector, according to a newly-released joint advisory from the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
- : FBI and CISA Warn of Medusa Ransomware Impacting Critical Infrastructure
- bsky.app: CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month.
- The DefendOps Diaries: Explore the impact of Medusa ransomware on critical infrastructure and learn strategies to enhance cybersecurity defenses.
- www.scworld.com: Medusa ransomware, a ransomware-as-a-service group, has increased attacks targeting critical infrastructure, potentially preparing for geopolitical conflicts. Recent attacks indicate a 150% increase in this activity.
- Tenable Blog: Tenable article: Cybersecurity Snapshot: Medusa Ransomware Impacting Critical Infrastructure, CISA Warns, While NIST Selects New Quantum-Resistant Algorithm
- SOC Prime Blog: SOC Prime blog: Medusa Ransomware Attacks Covered in AA25-071A Detection
- be4sec: Medusa Ransomware is Targeting Critical Infrastructure
- be4sec: This advisory summarizes the key activities of prominent ransomware groups in January 2025, highlighting a significant increase in Medusa attacks.
- aboutdfir.com: Medusa ransomware group has been actively targeting critical infrastructure organizations, employing a double extortion tactic.
- www.techradar.com: US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
- cyble.com: The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a well-timed advisory on the Medusa ransomware group last week, as Cyble has detected an acceleration in the group’s activities in recent months.
- Email Security - Blog: Medusa Ransomware: Multi-Industry Threat on the Rise
- techxplore.com: Cybersecurity officials warn against potentially costly Medusa ransomware attacks
- Security | TechRepublic: Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware
- eSecurity Planet: Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory
- Blue Team Con: CISA and the FBI warn about Medusa ransomware, urging organizations to update security, enable MFA, and report incidents to mitigate the growing threat.
- thecyberexpress.com: Medusa Ransomware Surge: 60 Victims in 3 Months—Are You Next?
- www.zdnet.com: How to guard against a vicious Medusa ransomware attack - before it's too late
- www.cysecurity.news: The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a #StopRansomware advisory, warning organizations about the increasing threat of Medusa ransomware.
- Sam Bent: Cybercriminal Group Medusa Targets Critical Infrastructure Sectors A sophisticated cybercriminal group known as Medusa has been targeting many critical infrastructure sectors in the United States.
- The Hacker News: Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
- www.cybersecuritydive.com: Medusa ransomware using malicious driver as EDR killer
@csoonline.com
//
Broadcom has issued urgent security patches to address three actively exploited vulnerabilities affecting VMware ESXi, Workstation, and Fusion products. These flaws, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, could enable attackers to execute code and disclose sensitive information. VMware ESXi is under active exploitation in the wild, making timely patching crucial to prevent potential attacks. The vulnerabilities impact various versions of VMware ESXi 8.0, 7.0, Workstation 17.x, Fusion 13.x, Cloud Foundation 5.x and 4.x, and Telco Cloud Platform.
The most critical flaw, CVE-2025-22224, boasts a CVSS score of 9.3 and is a heap-overflow vulnerability leading to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine could exploit this to execute code as the virtual machine's VMX process running on the host. Broadcom credited Microsoft's MSTIC security team with discovering and reporting these vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal civilian agencies to patch them by March 25, 2025.
Recommended read:
References :
- bsky.app: Broadcom released security patches to patch an actively exploited zero-day in its VMware ESXi products. Broadcom credited Microsoft's MSTIC security team with spotting and reporting the attacks.
- The Hacker News: Broadcom Releases Urgent Patches
- The Register - Software: VMware splats guest-to-hypervisor escape bugs already exploited in wild
- www.csoonline.com: VMware ESXi gets critical patches for in-the-wild virtual machine escape attack
- securityaffairs.com: VMware fixed three actively exploited zero-days in ESX products
- Arctic Wolf: Three VMware Zero-Days Exploited in the Wild Patched by Broadcom
- bsky.app: BleepingComputer article on VMware zero-days.
- Vulnerability-Lookup: A new bundle, VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226), has been published on Vulnerability-Lookup:
- The Record: Three product lines from technology giant VMware — ESXI, Workstation and Fusion — have patches for vulnerabilities that the company and the federal government have said are being exploited by hackers
- securityaffairs.com: U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog
- borncity.com: 0-day vulnerabilities in VMWare ESXi, Workstation and Fusion
- socradar.io: VMware Security Alert: Active Exploitation of Zero-Day Vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226)
- Arctic Wolf: Three VMware Zero-Days Exploited in the Wild Patched by Broadcom
- Blog: Multiple zero-days in VMware products actively exploited
- gbhackers.com: CISA Issues Alert on Actively Exploited VMware Vulnerabilities
- www.tenable.com: CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
- Information Security Buzz: Broadcom warns VMware users of Critical Zero-Day Exploits
- www.cybersecuritydive.com: 37K+ VMware ESXi instances vulnerable to critical zero-day
- www.itpro.com: Broadcom issues urgent alert over three VMware zero-days
- Carly Page: Broadcom is warning that a trio of VMware vulnerabilities are being actively exploited by hackers to compromise the networks of its corporate customers
- techcrunch.com: Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape
- Security Risk Advisors: Three Critical VMware Vulnerabilities Exploited in Wild Targeting ESXi, Workstation, and Fusion
- www.cybersecuritydive.com: Broadcom urges customers to patch 3 zero-day VMware flaws
- MSSP feed for Latest: Broadcom: VMware Zero-Days Being Exploited in the Wild
- www.bleepingcomputer.com: Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild.
- research.kudelskisecurity.com: Critical VMware ESXi, Workstation, Fusion Vulnerabilities Seen Exploited in Wild
- cyble.com: Three VMware Zero-Days Under Active Exploitation – What You Need to Know
- Zack Whittaker: VMware emergency hypervisor escape bugs under attack
Ojukwu Emmanuel@Tekedia
//
On February 21, 2025, the cryptocurrency exchange Bybit suffered a massive security breach resulting in the theft of approximately $1.46 billion in crypto assets. Investigations have pointed towards the Lazarus Group, a North Korean state-sponsored hacking collective, as the perpetrators behind the audacious heist. The FBI has officially accused the Lazarus Group of stealing $1.5 billion in Ethereum and has requested assistance in tracking down the stolen funds.
Bybit has declared war on the Lazarus Group following the incident and is offering a $140 million bounty for information leading to the recovery of the stolen cryptocurrency. CEO Ben Zhou has launched Lazarusbounty.com, a bounty site aiming for transparency on the Lazarus Group's money laundering activities. The attack involved exploiting vulnerabilities in a multisig wallet platform, Safe{Wallet}, by compromising a developer’s machine, enabling the transfer of over 400,000 ETH and stETH (worth over $1.5 billion) to an address under their control.
Recommended read:
References :
- The Register - Security: The FBI has officially accused North Korea's Lazarus Group of stealing $1.5 billion in Ethereum from crypto-exchange Bybit earlier this month, and asked for help tracking down the stolen funds.
- Secure Bulletin: The Lazarus Group, a notorious North Korean state-sponsored hacking collective, has once again demonstrated its sophistication and audacity with a staggering $1.5 billion cryptocurrency heist targeting Bybit, a major crypto exchange.
- SecureWorld News: On February 21, 2025, the cryptocurrency world was rocked by the largest crypto heist in history. Dubai-based exchange Bybit was targeted in a malware-driven attack that resulted in the theft of approximately $1.46 billion in crypto assets.
- Tekedia: Bybit, a leading crypto exchange, has declared war on “notorious� Lazarus group, a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. This is coming after the crypto exchange experienced a security breach resulting in the unauthorized transfer of over $1.4 billion in liquid-staked crypto assets.
- ChinaTechNews.com: North Korea was behind the theft of approximately $1.5bn in virtual assets from a cryptocurrency exchange, the FBI has said, in what is being described as the biggest heist in history.
- iHLS: Largest-Ever Crypto Heist steals $1.4 Billion
- techcrunch.com: The FBI said the North Korean government is ‘responsible’ for the hack at crypto exchange Bybit, which resulted in the theft of more than $1.4 billion in Ethereum cryptocurrency.
- PCMag UK security: The FBI is urging the cryptocurrency industry to freeze any transactions tied to the Bybit heist. The FBI has the $1.4 billion cryptocurrency at Bybit to North Korean state-sponsored hackers after security researchers reached the same conclusion.
- Talkback Resources: FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge [net] [mal]
- thehackernews.com: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
- PCMag UK security: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- www.pcmag.com: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- SecureWorld News: FBI Attributes Bybit Hack: FBI Attributes to North Korea, Urges Crypto Sector to Act
- Dan Goodin: InfoSec Exchange Post on the FBI attribution to the Lazarus group and Bybit hack
- bsky.app: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- Wallarm: Lab Wallarm discusses how Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
- infosec.exchange: NEW: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum. Bybit also disclosed preliminary results of investigations, which reveal hackers breached a developer’s device at a wallet platform Safe Wallet.
- securityaffairs.com: FBI: North Korea-linked TraderTraitor is responsible for $1.5 Billion Bybit hack
- Cybercrime Magazine: Bybit Suffers Largest Crypto Hack In History
- www.cnbc.com: Details on the attack in a news article
- The Register - Security: Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- gbhackers.com: Researchers Uncover $1.4B in Sensitive Data Tied to ByBit Hack by Lazarus Group
- infosec.exchange: NEW: After security researchers and firms accused North Korea of the massive Bybit hack, the FBI follows suit. North Korean government hackers allegedly stoled more than $1.4 billion in Ethereum from the crypto exchange.
- www.cysecurity.news: Bybit Suffers Historic $1.5 Billion Crypto Hack, Lazarus Group Implicated
- infosec.exchange: Bybit, that major cryptocurrency exchange, has been hacked to the tune of $1.5 billion in digital assets stolen, in what’s estimated to be the largest crypto heist in history.
- BleepingComputer: Bybit, a major cryptocurrency exchange, has fallen victim to a massive cyberattack, with approximately $1.5 billion in cryptocurrency stolen. The breach is believed to be the largest single theft in crypto history.
- Taggart :donor:: Cryptocurrency exchange Bybit suffered a massive security breach, resulting in the loss of $1.5 billion in digital assets. The hack compromised the exchange's cold wallet and involved sophisticated techniques to steal the funds.
- www.cysecurity.news: CySecurity News report on the Bybit hack, its implications, and the potential Lazarus Group connection.
- The420.in: The 420 report on Bybit theft
- infosec.exchange: Details of the Bybit hack and Lazarus Group's involvement.
- Talkback Resources: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- Zack Whittaker: Grab some coffee — your weekly ~ this week in security ~ is out: • North Korea's record-breaking $1.4B crypto heist
- infosec.exchange: Infosec Exchange post about Bybit crypto heist.
- The Record: Experts from multiple blockchain security companies said that North Korean hackers were able to move all of the ETH coins stolen from Bybit to new addresses — the first step taken before the funds can be laundered further
- infosec.exchange: The (allegedly North Korean) hackers behind the Bybit crypto heist have already laundered all the stolen Ethereum, which was worth $1.4 billion.
- Metacurity: Lazarus Group hackers have laundered 100% of the $1.4 billion they stole from Bybit
Shira Landau@Email Security - Blog
//
The FBI has issued a warning regarding a new data extortion scam where criminals are impersonating the BianLian ransomware group. These fraudsters are sending physical letters through the United States Postal Service to corporate executives, claiming their networks have been breached. The letters demand Bitcoin payments in exchange for preventing the release of sensitive company data.
Analysis suggests these letters are fraudulent, and organizations, particularly within the US healthcare sector, are advised to report such incidents to the FBI. Security vendors, including Arctic Wolf and Guidepoint Security, have studied these letters and believe the campaign is a ruse by someone pretending to be BianLian. The letters mimic conventional ransom notes, demanding payments of between $250,000 to $350,000 within 10 days.
This activity highlights the evolving tactics of cybercriminals who are now employing postal mail to target high-profile individuals in an attempt to extort money under false pretenses. The FBI urges companies to implement internal protocols for verifying ransom demands and to remain vigilant against these deceptive practices. It’s crucial for organizations to discern fake attacks from real ones amidst the increasing complexity of cybercrime.
Recommended read:
References :
- Arctic Wolf: Self-Proclaimed “BianLian Group� Uses Physical Mail to Extort Organizations
- CyberInsider: Fake BianLian Ransom Notes Delivered to Executives via Post Mail
- DataBreaches.Net: Bogus ‘BianLian’ Gang Sends Snail-Mail Extortion Letters
- www.csoonline.com: Ransomware goes postal: US healthcare firms receive fake extortion letters
- PCMag UK security: Businesses Are Receiving Snail Mail Ransomware Threats, But It's a Scam
- BrianKrebs: Someone has been snail mailing letters to various businesses pretending to be the BianLian ransomware group.
- Cyber Security News: FBI Warns of Data Extortion Scam Targeting Corporate Executives
- gbhackers.com: FBI Warns: Threat Actors Impersonating BianLian Group to Target Corporate Executives
- techcrunch.com: There is no confirmed link between the campaign and the actual BianLian ransomware group, making this an elaborate impersonation.
- thecyberexpress.com: FBI Issues Urgent Warning About Data Extortion Scam Targeting Corporate Executives
- Email Security - Blog: The U.S. Federal Bureau of Investigation (FBI) has recently released an urgent advisory pertaining to a sophisticated email-based extortion campaign.
- Threats | CyberScoop: The FBI is warning business leaders about the scam perpetrated by an unidentified threat group.
- gbhackers.com: The novel approach highlights a shift in extortion tactics.
- Vulnerable U: Executives Receive Fake Snail Mail BianLian Ransomware Notes
- Malwarebytes: Ransomware threat mailed in letters to business owners
- www.scworld.com: The FBI is warning of a ransomware operation targeting C-suite executives via the US Postal Service.
- Cyber Security News: Fake BianLian Ransom Scams Target U.S. Firms Through Mailed Letters
- borncity.com: CISA warning: Cyber criminals (BianLian Groupe) attempt to blackmail executives
- Jon Greig: The FBI warned executives of a new scam where people claiming to be part of the BianLian ransomware gang are mailing physical letters with threats Arctic Wolf said it is aware of at least 20 organizations or executives who have received these letters
- Kali Linux Tutorials: Cyber Threat Group Sends Paper-Based Extortion Letters
- The DefendOps Diaries: Cybercriminals exploit YouTube's copyright system to extort creators, spreading malware and demanding ransoms.
- www.bleepingcomputer.com: Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos.
Bill Mann@CyberInsider
//
The Qualys Threat Research Unit (TRU) has revealed two significant vulnerabilities in OpenSSH, impacting both client and server components. The first, CVE-2025-26465, is a machine-in-the-middle (MitM) attack that targets OpenSSH clients when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, involves a pre-authentication denial-of-service (DoS) attack affecting both client and server systems by exhausting resources. These vulnerabilities expose systems to potential interception of communications and resource exhaustion, potentially crippling SSH servers.
The MitM vulnerability, CVE-2025-26465, allows attackers to impersonate a server, bypassing client identity checks even if VerifyHostKeyDNS is set to "yes" or "ask". This flaw was introduced in December 2014 and affects OpenSSH versions 6.8p1 through 9.9p1. The DoS vulnerability, CVE-2025-26466, enables attackers to consume excessive memory and CPU resources, impacting versions 9.5p1 through 9.9p1. While mitigations exist, such as LoginGraceTime and MaxStartups, immediate patching is strongly advised. OpenSSH version 9.9p2 addresses these vulnerabilities, urging administrators to upgrade affected systems promptly.
Recommended read:
References :
- CyberInsider: OpenSSH Vulnerabilities Exposed Millions to Multi-Year Risks
- buherator's timeline: Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enab...
- Open Source Security: Qualys Security Advisory discussing MitM and DoS attacks against OpenSSH clients and servers.
- securityonline.info: Securityonline.info article on OpenSSH flaws CVE-2025-26465 and CVE-2025-26466 exposing clients and servers to attacks.
- www.openwall.com: Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enab...
- cyberinsider.com: The Qualys Threat Research Unit (TRU) has disclosed two critical vulnerabilities in OpenSSH affecting both client and server components.
- securityonline.info: OpenSSH Flaws CVE-2025-26465 & CVE-2025-26466 Expose Clients and Servers to Attacks
- blog.qualys.com: Qualys TRU Discovers Two Vulnerabilities in OpenSSH (CVE-2025-26465, CVE-2025-26466)
- hackread.com: Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks
- Ubuntu security notices: USN-7270-2: OpenSSH vulnerability
- The Hacker News: Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions.
- www.csoonline.com: OpenSSH fixes flaws that enable man-in-the-middle, DoS attacks
- securityaffairs.com: OpenSSH bugs allows Man-in-the-Middle and DoS Attacks
- www.scworld.com: OpenSSH flaws could enable man-in-the-middle attacks, denial of service Two vulnerabilities in OpenSSH could enable man-in-the-middle (MitM) attacks or denial of service (DoS), the Qualys Threat Research Unit (TRU) revealed Tuesday.
- KubikPixel: OpenSSH flaws could enable man-in-the-middle attacks, denial of service Two vulnerabilities in OpenSSH could enable man-in-the-middle (MitM) attacks or denial of service (DoS), the Qualys Threat Research Unit (TRU) revealed Tuesday. â˜�ï¸
- AAKL: Infosec Exchange Post: Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 More: The Register: FreSSH bugs undiscovered for years threaten OpenSSH security
- socradar.io: Security Flaws in OpenSSH and Juniper Networks Demand Action (CVE-2025-26465, CVE-2025-26466, and CVE-2025-21589)
- Information Security Buzz: Qualys Identifies Critical Vulnerabilities that Enable DDoS, MITM Attacks
- www.theregister.com: FreSSH bugs undiscovered for years threaten OpenSSH security
- socprime.com: Socprime discusses CVE-2025-26465 & CVE-2025-26466 Vulnerabilities.
- Full Disclosure: Qualys Security Advisory CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client CVE-2025-26466: DoS attack against OpenSSH's client and server
- www.scworld.com: The security flaws, tracked as CVE-2025-26465 and CVE-2025-26466, can be used by an attacker to conduct an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled.
- SOC Prime Blog: CVE-2025-26465 & CVE-2025-26466 Vulnerabilities Expose Systems to Man-in-the-Middle and DoS Attacks
- Security Risk Advisors: OpenSSH Vulnerabilities Enable MITM Attacks and Denial-of-Service (CVE-2025-26465 & CVE-2025-26466)
Carly Page@TechCrunch
//
The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, has announced a significant data breach affecting over 500,000 members. The breach, which occurred in July 2024, resulted in attackers stealing sensitive personal information. PSEA is now notifying the impacted individuals about the incident and the potential risks.
The stolen data includes highly sensitive information, such as government-issued identification documents, Social Security numbers, passport numbers, medical information, and financial data like card numbers with PINs and expiration dates. Member account numbers, PINs, passwords, and security codes were also accessed. PSEA took steps to ensure, to the best of its ability and knowledge, that the stolen data was deleted.
Recommended read:
References :
- bsky.app: The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach.
- BleepingComputer: The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach.
- techcrunch.com: US teachers’ union says hackers stole sensitive personal data on over 500,000 members
- www.bleepingcomputer.com: Pennsylvania education union data breach hit 500,000 people
- The Register - Security: Attackers swipe data of 500k+ people from Pennsylvania teachers union
- The DefendOps Diaries: Understanding the PSEA Data Breach: Lessons and Future Prevention
- : The Pennsylvania State Education Association (PSEA) has sent breach notifications to over 500,000 current and former members
- Zack Whittaker: Pennsylvania's biggest union for educators had a data breach, exposing over half a million members' personal information.
- securityaffairs.com: Pennsylvania State Education Association data breach impacts 500,000 individuals
- Carly Page: The Pennsylvania State Education Association says hackers stole the sensitive personal and financial information of more than half a million of its members. PSEA said it “took steps†to ensure the stolen data was deleted, suggesting it was the target of a ransomware or data extortion attack, and subsequently paid a ransom demand to the hackers responsible
- infosec.exchange: NEW: A zero-day provider that exclusively sells to the Russian government is offering up to $4 million for flaws in Telegram. This announcement offers a glimpse into what the Russian government may be especially interested in, and willing to pay (even at a premium), right now. Sources in the industry tell me the prices offered are broadly right.
- securityaffairs.com: Zero-day broker Operation Zero offers up to $4 million for Telegram exploits
- techcrunch.com: Russian zero-day seller is offering up to $4 million for Telegram exploits
- CyberInsider: Cyber Insider article about Russian Zero-Day Firm Offering Record $4 Million for Telegram Exploits
- www.techradar.com: Data breach at Pennsylvania education union potentially exposes 500,000 victims
@tomshardware.com
//
Nvidia has unveiled its next-generation data center GPU, the Blackwell Ultra, at its GTC event in San Jose. Expanding on the Blackwell architecture, the Blackwell Ultra GPU will be integrated into the DGX GB300 and DGX B300 systems. The DGX GB300 system, designed with a rack-scale, liquid-cooled architecture, is powered by the Grace Blackwell Ultra Superchip, combining 36 NVIDIA Grace CPUs and 72 NVIDIA Blackwell Ultra GPUs. Nvidia officially revealed its Blackwell Ultra B300 data center GPU, which packs up to 288GB of HBM3e memory and offers 1.5X the compute potential of the existing B200 solution.
The Blackwell Ultra GPU promises a 70x speedup in AI inference and reasoning compared to the previous Hopper-based generation. This improvement is achieved through hardware and networking advancements in the DGX GB300 system. Blackwell Ultra is designed to meet the demand for test-time scaling inference with a 1.5X increase in the FP4 compute. Nvidia's CEO, Jensen Huang, suggests that the new Blackwell chips render the previous generation obsolete, emphasizing the significant leap forward in AI infrastructure.
Recommended read:
References :
- AIwire: Nvidia’s DGX AI Systems Are Faster and Smarter Than Ever
- www.tomshardware.com: Nvidia officially revealed its Blackwell Ultra B300 data center GPU, which packs up to 288GB of HBM3e memory and offers 1.5X the compute potential of the existing B200 solution.
- BigDATAwire: Nvidia's GTC 2025 conference showcased the new Blackwell Ultra GPUs and updates to its AI infrastructure portfolio.
- www.laptopmag.com: Blackwell Ultra and Rubin Ultra are Nvidia's newest additions to the growing list of AI superchips
- BigDATAwire: Nvidia used its GTC conference today to introduce new GPU superchips, including the second generation of its current Grace Blackwell chip, as well as the next generation, dubbed the Vera The post appeared first on .
- venturebeat.com: Nvidia's GTC 2025 keynote highlighted advancements in AI infrastructure, featuring the Blackwell Ultra GB300 chips.
- Analytics Vidhya: An overview of Nvidia's GTC 2025 announcements, including new GPUs and advancements in AI hardware.
- AI News: NVIDIA Dynamo: Scaling AI inference with open-source efficiency
- www.tomshardware.com: Nvidia unveils DGX Station workstation PCs with GB300 Blackwell Ultra inside
- BigDATAwire: Nvidia Preps for 100x Surge in Inference Workloads, Thanks to Reasoning AI Agents
- Data Phoenix: Nvidia introduces the Blackwell Ultra to support the rise of AI reasoning, agents, and physical AI
- The Next Platform: This article discusses Nvidia's new advancements in AI, and how the company is looking to capture market share and the challenges they face.
Titiksha Srivastav@The420.in
//
Lee Enterprises, a major American media company with over 75 publications, has confirmed a ransomware attack that has disrupted operations across its network. The notorious Qilin ransomware gang has claimed responsibility for the February 3rd attack, alleging the theft of 350GB of sensitive data. This stolen data purportedly includes investor records, financial arrangements, payments to journalists and publishers, funding for tailored news stories, and even approaches to obtaining insider information. The cyberattack has resulted in widespread outages, significantly impacting the distribution of printed newspapers, subscription services, and internal business operations.
The attack has caused delays in the distribution of print publications and has partially limited online operations. Lee Enterprises anticipates a phased recovery over the next several weeks and has implemented temporary measures, including manual processing of transactions. The company has also launched a forensic investigation to determine the full extent of the breach. The Qilin ransomware group's actions have brought attention to the increasing threat facing media organizations and the importance of robust cybersecurity measures to protect sensitive information and maintain operational integrity.
Recommended read:
References :
- securityaffairs.com: SecurityAffairs: Qilin ransomware gang claimed responsibility for the Lee Enterprises attack
- www.cysecurity.news: CySecurity News: Lee Enterprises Faces Prolonged Ransomware Attack Disrupting Newspaper Operations
- The420.in: The420.in: American Media Group Hit by Cyber Attack, 75 Newspapers Disrupted & Informers’ Data Leaked
- bsky.app: The Qilin ransomware gang has claimed
responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company.
- bsky.app: The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company.
- Information Security Buzz: Qilin Claims Lee Enterprises Ransomware Attack
- securityaffairs.com: The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, which impacted dozens of local newspapers. Lee Enterprises, Inc. is a publicly traded American media company. It publishes 79 newspapers in 25 states, and more than
- CyberInsider: Reports that Qilin ransomware gang claimed responsibility for Lee Enterprises attack, threatens to leak stolen data
- www.cysecurity.news: reports on Ransomware
- Zack Whittaker: Lee Enterprises is still experiencing disruption and outages after a ransomware attack.
- Metacurity: UK ICO launches children's social media privacy probe, Qilin claims attack on Lee Enterprises, Polish Space Agency breached, Cellebrite zero days used to hack Serbian student's phone, Man sentenced to 24 years for putting CSAM on dark web, Canceled CFPB contracts threaten data security, much more
- Konstantin :C_H:: Qilin claims attack on Lee Enterprises,
- The420.in: Qilin ransomware group claimed responsibility for the Lee Enterprises attack.
- Kim Zetter: Reports Qilin claims attack on Lee Enterprises
- BleepingComputer: Qilin claiming responsibility for the cyberattack on Lee Enterprises.
- BleepingComputer: Qilin Ransomware Gang Claims Lee Enterprises Attack
- DataBreaches.Net: Japanese cancer hospital confirms breach; Qilin gang claims responsibility
- The Register - Security: Qilin ransomware gang claims attacks on cancer clinic, OB-GYN facility
- www.cysecurity.news: Qilin Ransomware Outfit Claims Credit for Lee Enterprises Breach
- securityaffairs.com: Qilin Ransomware group claims to have breached the Ministry of Foreign Affairs of Ukraine, marking a significant cybersecurity attack.
- www.scworld.com: The ransomware group Qilin has taken credit for the cyberattack on Lee Enterprises.
@techcrunch.com
//
Apple has ceased offering its Advanced Data Protection (ADP) feature for iCloud users in the United Kingdom. This decision follows a reported demand from the UK government for a backdoor that would grant authorities access to encrypted user data. ADP provided end-to-end encryption, ensuring that only the user could decrypt their data stored in iCloud. Apple confirmed that this security feature will no longer be available to new users, and existing UK users will eventually need to disable it.
Apple stated it was "gravely disappointed" that ADP protections would be unavailable in the UK, especially considering the increasing data breaches and threats to customer privacy. The company emphasized the growing need for enhanced cloud storage security with end-to-end encryption. This move highlights a conflict between government surveillance and user privacy, as security experts warn this demand could set a precedent for authoritarian countries. James Baker from Open Rights Group said, "The Home Office’s actions have deprived millions of Britons from accessing a security feature. As a result, British citizens will be at higher risk."
Recommended read:
References :
- techcrunch.com: Apple has disabled its iCloud Advanced Data Protection feature for UK users after government demands for a backdoor.
- securityaffairs.com: The article discusses Apple's decision to remove iCloud's Advanced Data Protection in the UK.
- www.bleepingcomputer.com: This article discusses Apple's decision to disable the iCloud end-to-end encryption feature in the UK due to government pressure.
- Deeplinks: The piece explains Apple's decision to disable the end-to-end encryption feature for iCloud in the UK due to the government demanding backdoor access.
- Ars OpenForum: UK government wants access to all Apple user data worldwide
- billatnapier.medium.com: Apple Steps Back Their Security
- The Register - Security: Rather than add a backdoor, Apple decides to kill iCloud E2EE for UK peeps
- The Verge: The UK will neither confirm nor deny that it’s killing encryption
@csoonline.com
//
Recent reports have surfaced indicating that the US government ordered a temporary halt to offensive cyber operations against Russia, a decision that has stirred considerable debate and concern within the cybersecurity community. According to an exclusive report, Defense Secretary Pete Hegseth instructed U.S. Cyber Command (CYBERCOM) to suspend all planning against Moscow, including offensive digital actions. The directive, delivered to CYBERCOM chief Gen. Timothy Haugh, appears to be part of a broader effort by the White House to normalize relations with Russia amid ongoing negotiations regarding the war in Ukraine.
The decision to pause cyber operations has been met with skepticism and warnings from cybersecurity professionals, who fear the potential consequences of reducing vigilance against a known digital adversary. Concerns have been raised about potential increases in global cyber threats and a decrease in shared confidence in the U.S. as a defensive partner. However, the Cybersecurity and Infrastructure Security Agency (CISA) has denied these reports, labeling them as fake news and a danger to national security. CISA also noted that Russia has been at the center of numerous cybersecurity concerns for the U.S.
Recommended read:
References :
- bsky.app: DHS says CISA will not stop monitoring Russian cyber threats
- The Register - Security: US Cyber Command reportedly pauses cyberattacks on Russia
- Anonymous ???????? :af:: US Cybersecurity and Infrastructure Security Agency says that media reports about it being directed to no longer follow or report on Russian cyber activity are untrue, and its mission remains unchanged.
- securityboulevard.com: Security Pros Push Back as Trump Orders Halt to Cyber Ops vs. Russia
- www.bitdefender.com: Stop targeting Russian hackers, Trump administration orders US Cyber Command
- www.csoonline.com: US Cybercom, CISA retreat in fight against Russian cyber threats: reports
- Carly Page: The US has suspended its offensive cyber operations against Russia, according to reports, amid efforts by the Trump administration to grant Moscow concessions to end the war in Ukraine.
- Metacurity: US Cybercom, CISA are softening stances on Russia as a cyber foe: reports
- Zack Whittaker: The U.S. has reportedly suspended its offensive cyber operations against Russia, per multiple news outlets, amid efforts by the Trump administration to grant Moscow concessions to end the war in Ukraine.
- securityaffairs.com: CISA maintains stance on Russian cyber threats despite policy shift
- CyberInsider: CISA Denies Reports That It Has Halted Cyber Operations Against Russian Threats
- iHLS: U.S. Pauses Cyber Operations Against Russia
info@thehackernews.com (The@The Hacker News
//
The APT group SideWinder is expanding its attacks, now targeting maritime, nuclear, and IT sectors across Asia, the Middle East, and Africa. Previously focused on government, military, and diplomatic institutions, the group has shifted its attention to maritime infrastructure, logistics companies, nuclear power plants, and energy facilities. The attacks, observed by Kaspersky, have spread across multiple countries including Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam.
Kaspersky experts have noted an increase in attacks on nuclear power plants and energy generation facilities with the attackers utilizing spear-phishing emails and malicious documents containing industry-specific terminology to gain trust. The group exploits an older Microsoft Office vulnerability (CVE-2017-11882) to bypass detection systems and access operational data, research projects, and personnel data. According to Kaspersky researchers Giampaolo Dedola and Vasily Berdnikov, SideWinder constantly works to improve its toolsets, stay ahead of security software detections, extend persistence on compromised networks, and hide its presence on infected systems.
Recommended read:
References :
- The Register - Security: Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift
- The Hacker News: SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
- www.it-daily.net: SideWinder now also attacks nuclear power plants
- securityaffairs.com: SideWinder APT targets maritime and nuclear sectors with enhanced toolset
- Rescana: Inside the Mind of Sidewinder: A Real-World Look at a Sophisticated Cyber Adversary
Juan Perez@Tenable Blog
//
The Ghost (Cring) ransomware group, known for exploiting vulnerabilities in software and firmware, remains a significant threat as of January 2025. A joint cybersecurity alert from the FBI, CISA, and other partners warns the global cyber defender community of increasing attacks from this financially motivated group. CISA issued a joint advisory on February 19, 2025, emphasizing the group's ongoing activity.
The Ghost (Cring) ransomware first appeared in early 2021 and has impacted organizations across more than 70 countries by compromising vulnerable, internet-facing services. Security measures such as patching known vulnerabilities and implementing basic infosec actions are crucial in defending against these attacks. The SOC Prime Platform has curated Sigma rules to help detect Ghost (Cring) ransomware activity.
Recommended read:
References :
- SecureWorld News: The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide.
- Tenable Blog: Rapid7 discusses Ghost Ransomware group targeting known Vulns.
- aboutdfir.com: The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions.
- Resources-2: Picus Security provides Ghost (Cring) Ransomware Analysis, Simulation, and Mitigation.
- socprime.com: Ghost (Cring) Ransomware Detection: The FBI, CISA, and Partners Warn of Increasing China-Backed Group’s Attacks for Financial Gain
- SOC Prime Blog: The FBI, CISA, and partners have recently issued a joint cybersecurity alert warning the global cyber defender community of increasing Ghost (Cring) ransomware attacks aimed at financial gain.
- thecyberexpress.com: A Ghost ransomware group also referred to as Cring, has been actively exploiting vulnerabilities in software and firmware as recently as January 2025.
- Security Boulevard: [CISA AA25-050A] #StopRansomware: Ghost (Cring) Ransomware
- www.attackiq.com: CISA AA25-050A] #StopRansomware: Ghost (Cring) Ransomware
- industrialcyber.co: CISA, FBI, MS-ISAC warn of Ghost ransomware
- aboutdfir.com: The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions, according to a joint advisory issued Wednesday by the FBI and US Cybersecurity and
- securebulletin.com: Secure Bulletin provides an analysis of tactics, targets, and techniques used by Ghost Ransomware.
- Secure Bulletin: Securebulletin article on Ghost Ransomware
- The Register - Security: Ghost ransomware crew continues to haunt IT depts with scarily bad infosec
- cyble.com: FBI-CISA Ghost Ransomware Warning Shows Staying Power of Old Vulnerabilities
- aboutdfir.com: News article covering the joint advisory from CISA and the FBI on the Ghost/Cring ransomware.
Dissent@DataBreaches.Net
//
Recent data breaches have affected multiple organizations, exposing sensitive information and highlighting the importance of robust security measures. SOCRadar's Dark Web Team has uncovered several significant threats, including a breach at AUTOSUR, a French vehicle inspection company, where approximately 10.7 million customer records were leaked. The exposed data includes customer names, emails, phone numbers, hashed passwords, home addresses, vehicle information, and license plate numbers. This breach poses significant risks such as identity theft, phishing attacks, and financial fraud.
Unauthorized access to shipping portals associated with Lenovo and HP has also been detected, targeting shipment tracking activities in India. This breach could expose sensitive supply chain information. Furthermore, cybercriminals are actively exploiting the gaming and entertainment sectors, utilizing tools such as a Disney+ credential checker and exploiting a leaked FiveM database. A massive dataset of crypto and forex leads is also up for sale, creating risks of fraud and financial scams. Additionally, Cardiovascular Consultants Ltd. (CVC) in Arizona experienced a ransomware attack, impacting 484,000 patients, with data later appearing on a clear net IP address associated with “WikiLeaksV2." The breach at Sunflower and CCA impacted 220,968 individuals according to a filing with the Maine Attorney General's Office.
Recommended read:
References :
- socradar.io: AUTOSUR Breach, FiveM Database Leak, Disney+ Account Checker, Crypto Leads & Forex Scams Exposed
- www.cysecurity.news: Sunflower and CCA Suffer Data Breaches, Exposing Hundreds of Thousands of Records
- Security - Troy Hunt: Inside the "3 Billion People" National Public Data Breach
- securityaffairs.com: California Cryobank, the largest US sperm bank, disclosed a data breach
- MSSP feed for Latest: Data Breach Hits California Cryobank
- infosec.exchange: Okay, this is not good: "Executive Summary On 21 March 2025, CloudSEK’s XVigil discovered a threat actor, "rose87168," selling 6M records exfiltrated from SSO and LDAP of Oracle Cloud. The data includes JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys."
- research.kudelskisecurity.com: Oracle Cloud SSO, LDAP Records Dumped, 140k+ Tenants Affected
@www.bleepingcomputer.com
//
JPMorgan Chase Bank will soon block Zelle payments that originate from social media platforms and messaging apps, aiming to combat a surge in online scams. This policy change, set to take effect on March 23rd, 2025, is a direct response to the increasing fraudulent activities exploiting peer-to-peer payment services. Chase emphasizes that Zelle is intended for transactions between trusted contacts like friends and family, not for payments to unfamiliar individuals encountered through social media.
The bank will decline or block payments identified as stemming from social media interactions. In addition, Chase may request further information from users when setting up payments or adding recipients, including the payment purpose and contact method. This move follows scrutiny from the Consumer Financial Protection Bureau (CFPB), which has criticized Zelle for its limited safeguards against fraud and scams, and a lawsuit filed in December by the CFPB.
Recommended read:
References :
- 9to5Mac: 9to5Mac article reporting that Zelle scams are leading Chase Bank to block payments to social media contacts.
- BleepingComputer: BleepingComputer article reporting that JPMorgan Chase Bank will soon start blocking Zelle payments to social media contacts to combat a significant rise in online scams.
- Techmeme: Techmeme article reporting Chase's plan to stop users from making Zelle payments originating from social media contacts.
- The Verge: The Verge article detailing Chase's decision to start blocking Zelle payments originating from social media.
info@thehackernews.com (The Hacker News)@The Hacker News
//
The Winnti Group, a China-based threat actor also known as APT41, is actively targeting Japanese organizations within the manufacturing, materials, and energy sectors. Researchers at LAC's Cyber Emergency Center identified a new campaign dubbed "RevivalStone," which employs an advanced version of the Winnti malware. This updated malware exhibits enhanced capabilities and sophisticated evasion techniques, posing a significant threat to the targeted industries.
This RevivalStone campaign initiates by exploiting SQL injection vulnerabilities in web-facing Enterprise Resource Planning (ERP) systems. Attackers deploy web shells like China Chopper to gain initial access, enabling reconnaissance, credential harvesting, and lateral movement within targeted networks. The updated Winnti malware variant features AES and ChaCha20 encryption, device-specific decryption keys using IP and MAC addresses, a kernel-level rootkit for covert data exfiltration, and code obfuscation to evade endpoint detection and response (EDR) systems.
Recommended read:
References :
- www.lac.co.jp: Researchers from LAC's Cyber Emergency Center analyze the "RevivalStone" campaign operated by China-based threat group Winnti
- cyberpress.org: Winnti Hackers Target Japanese Organizations with Advanced Malware
- Talkback Resources: The content provides an in-depth analysis of the Winnti Group's activities, including the RevivalStone campaign, tools used such as WinntiWebShell and China Chopper, and techniques like AES encryption, Winnti RAT, and Winnti Rootkit, with a focus on detection and prevention strategies.
- Virus Bulletin: Researchers from LAC's Cyber ​​Emergency Center analyse the "RevivalStone" campaign operated by China-based threat group Winnti
- securityaffairs.com: SecurityAffairs: China-linked APT group Winnti targets Japanese organizations since March 2024
- The Hacker News: Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign
- Talkback Resources: China-linked APT group Winnti targeted Japanese organizations
- Talkback Resources: Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign
- www.scworld.com: Winnti attacks set sights on Japan
info@thehackernews.com (The Hacker News)@The Hacker News
//
Microsoft has uncovered a new variant of the XCSSET macOS malware, marking the first major revision since 2022. This latest version features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. The malware is spread through infected Xcode projects, posing a significant risk to Apple developers.
The new XCSSET variant uses more randomized encoding methods, including Base64 in addition to xxd, and obfuscates module names to make analysis more difficult. The malware also employs a "dock method" where a fake Launchpad application is created, replacing the legitimate Launchpad's path in the dock, ensuring the malicious payload executes every time Launchpad is started. Microsoft advises users to inspect Xcode projects before using them and only install apps from trusted sources.
Recommended read:
References :
- Talkback Resources: Talkback.sh article summarizing Microsoft's discovery of an advanced XCSSET malware variant for macOS.
- The Hacker News: The Hacker News article about Microsoft uncovering a new XCSSET macOS malware variant with advanced obfuscation tactics.
- www.bleepingcomputer.com: Microsoft spots XCSSET macOS malware variant used for crypto theft
- Help Net Security: The XCSSET info-stealing malware is back, targeting macOS users and devs
- securityonline.info: XCSSET Malware Returns with Enhanced Capabilities to Target macOS Users
- www.helpnetsecurity.com: The XCSSET info-stealing malware is back, targeting macOS users and devs
- ciso2ciso.com: Source: thehackernews.com – Author: . Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.
- The Register: XCSSET macOS malware returns with first new version since 2022 Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Microsoft says there's a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.…
- ciso2ciso.com: Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics – Source:thehackernews.com
- go.theregister.com: XCSSET macOS malware returns with first new version since 2022 Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Microsoft says there's a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.…
- BleepingComputer: Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
- securityaffairs.com: New XCSSET macOS malware variant used in limited attacks
Jessica Lyons@The Register - Software
//
The FBI and CISA have jointly issued an advisory urging software developers to eliminate buffer overflow vulnerabilities, labeling them "unforgivable defects." These agencies highlighted the continued presence of such vulnerabilities in products from major vendors like Microsoft and VMware. The advisory emphasizes the need for developers to adopt secure-by-design practices and memory-safe programming languages to prevent these flaws.
The agencies pointed out several recent buffer overflow vulnerabilities, including those found in Microsoft's Hyper-V, Ivanti's Connect Secure, and VMware's vCenter. These vulnerabilities, if exploited, could lead to privilege escalation, remote code execution, and full system access. The advisory stresses that buffer overflows are avoidable by using updated coding practices and safe languages. They also call on manufacturers to implement compile-time and runtime protections, conduct thorough testing, and analyze the root cause of past vulnerabilities to prevent future occurrences.
Recommended read:
References :
- The Register - Software: Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities
- Information Security Buzz: CISA and FBI warn of threats exploiting buffer overflow vulnerabilities.
- : CISA and FBI release a joint Secure by Design Alert on eliminating buffer overflow vulnerabilities.
- industrialcyber.co: CISA, FBI urge manufacturers to eliminate buffer overflow vulnerabilities with secure-by-design practices
- ciso2ciso.com: CISA, FBI call software with buffer overflow issues ‘unforgivable’ – Source: www.csoonline.com
- Talkback Resources: US govt wants developers to stop coding 'unforgivable' bugs [app] [exp]
- Tenable Blog: Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat
- cyble.com: FBI, CISA Urge Memory-Safe Practices for Software Development
- securityonline.info: Buffer Overflows Vulnerabilities: CISA & FBI Issue Urgent Warning
Pierluigi Paganini@Security Affairs
//
Microsoft has issued updates to address a critical vulnerability, CVE-2025-24989, impacting its Power Pages platform. This flaw, a high-severity issue, is already being actively exploited in the wild, allowing unauthorized access to websites. Threat actors can leverage the vulnerability to achieve privilege escalation within targeted networks and evade user registration controls, granting them unauthorized access to sites.
Microsoft reports that the vulnerability, CVE-2025-24989, only impacts certain Power Pages users. The company urges users to examine their websites for possible compromise. The U.S. CISA has added the Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog.
Recommended read:
References :
- securityaffairs.com: U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog
- socradar.io: Microsoft Patches Power Pages Zero-Day (CVE-2025-24989) & Recent PAN-OS Flaw (CVE-2025-0111) Joins CISA KEV
- www.scworld.com: Actively exploited Microsoft Power Pages flaw patched
- Report Boom: Microsoft has addressed a high-severity issue in Power Pages, CVE-2025-24989...
@csoonline.com
//
Three critical zero-day vulnerabilities have been discovered in VMware products, leading to active exploitation in the wild. The vulnerabilities affect VMware ESXi, Workstation, and Fusion, potentially allowing attackers to execute arbitrary code and escalate privileges. Microsoft's Threat Intelligence Center (MSTIC) uncovered the vulnerabilities, and they have since been added to CISA's Known Exploited Vulnerabilities Catalog.
Affected VMware products include ESXi versions 8.0 and 7.0, Workstation 17.x, Fusion 13.x, Cloud Foundation 5.x and 4.5.x, and Telco Cloud Platform 5.x, 4.x, 3.x, and 2.x. The vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, carry CVSSv3 scores of 9.3, 8.2, and 7.1 respectively. Organizations using these VMware products are strongly advised to apply the available patches immediately to mitigate the risks associated with these flaws.
Recommended read:
References :
- cyble.com: Three critical zero-day vulnerabilities in VMware products, affecting VMware ESXi, Workstation, and Fusion, were reported as exploited in the wild.
- research.kudelskisecurity.com: Three critical zero-day vulnerabilities found in VMware products were actively being exploited in the wild.
- MSSP feed for Latest: Multiple zero-day vulnerabilities in VMware's ESXi, Workstation, and Fusion products were identified and confirmed by VMware, with evidence of active exploitation.
@www.cybersecurity-insiders.com
//
Orange Group has confirmed a data breach affecting its Romanian branch after a hacker, allegedly associated with the HellCat ransomware group and known as "Rey," breached their systems. The breach resulted in the exposure of over 380,000 email addresses and other sensitive data belonging to customers, partners, and employees. The attacker claims to have stolen thousands of internal documents after infiltrating the company’s infrastructure, and demanded a ransom which Orange refused to pay.
The leaked dataset includes over 600,000 customer records, employee details, financial documents, and source code. While the breach did not impact Orange’s core services, the company acknowledges major security gaps were highlighted as attackers had access to Orange’s systems for over a month before exfiltrating the data. This incident follows a similar cyber incident reported by Orange Spain just last week, increasing concerns about data security in the telecom sector.
Recommended read:
References :
- Dataconomy: dataconomy.com on Orange Group data breach: Every step explained
- The420.in: the420.in on Orange Group Suffers Data Breach: Hacker Claims Theft of Thousands of Internal Documents
- www.cybersecurity-insiders.com: Orange Group, a telecom services provider based in France, has confirmed that one of its internal systems at its Romanian branch was breached by a cyber attacker identified as “Rey,� an individual reportedly associated with the HellCat ransomware group.
- bsky.app: French telecommunications and digital services provider Orange confirmed that a hacker breached their systems and stole company data that includes customer, partners, and employee information.
- CyberInsider: Confirmation of a data breach impacting the French telecommunications and digital service provider Orange Group, following the leak of internal documents, particularly those affecting Orange Romania.
@ExpressVPN Blog
//
ExpressVPN has announced a significant upgrade to its Lightway VPN protocol, rewriting it in the Rust programming language to enhance security, improve performance, and streamline future development. This move demonstrates ExpressVPN's commitment to setting new industry standards and proactively addressing potential vulnerabilities. The company claims that Rust's memory safety features will eliminate common attack vectors, while its support for safer multicore processing will lead to better performance and battery life for users.
This reimplementation of Lightway in Rust is backed by two independent security audits conducted by cybersecurity firms Cure53 and Praetorian. These audits examined Lightway's new source code implementation, with both reports delivering positive results and validating the security enhancements. While a small number of issues were identified, none were deemed critical, and this rigorous dual-audit approach highlights ExpressVPN's dedication to transparency and security validation, promising users a faster, more secure, and reliable VPN experience.
Recommended read:
References :
- CyberInsider: CyberInsider article on ExpressVPN rewriting its Lightway VPN protocol in Rust.
- PCWorld: PCWorld article about ExpressVPN's massive upgrade to Lightway protocol written in Rust.
- cyberinsider.com: ExpressVPN Rewrites Lightway VPN Protocol in Rust for Security
- www.expressvpn.com: Why ExpressVPN switched from C to Rust for Lightway’s code
- www.expressvpn.com: Lightway’s Rust rewrite undergoes two security audits, by Cure53 and Praetorian
Field Effect@Blog
//
The Australian government has banned Kaspersky Lab products and web services from all government systems, citing an "unacceptable security risk" stemming from potential foreign interference, espionage, and sabotage. Effective April 1, 2025, government entities must remove the software, reflecting concerns about Kaspersky's data collection practices and possible exposure to foreign government influence. The ban follows a threat and risk analysis that concluded the software posed a significant threat to Australian Government networks and data.
The directive aims to also encourage critical infrastructure providers and personal users to reconsider their use of Kaspersky products due to the identified security risks. While the directive does not explicitly name the foreign government, Kaspersky Lab is a Russian cybersecurity company, raising concerns about ties to the Russian government. Similar bans have been implemented in other countries, including the United States, which banned Kaspersky products from federal systems back in 2017. Exemptions to the ban may be considered for legitimate business reasons related to national security, subject to appropriate mitigations.
Recommended read:
References :
- BleepingComputer: The Australian government has banned all Kaspersky Lab products and web services from its systems and devices following an analysis that claims the company poses a significant security risk to the country.
- securityaffairs.com: Australia bans Kaspersky software over national security concerns, citing risks of foreign interference, espionage, and sabotage of government networks.
- Talkback Resources: The Australian Government has banned Kaspersky Lab products and web services from all government systems and devices due to security concerns related to potential foreign interference and espionage, effective April 1, 2025.
- Talkback Resources: Australia Bans Kaspersky Software Over National Security and Espionage Concerns [app]
- Blog: FieldEffect reports on the Australian government banning Kaspersky software.
@techcrunch.com
//
New York-based venture capital and private equity firm Insight Partners has disclosed a security breach of its systems. The firm, which manages over $90 billion in regulatory assets and has invested in over 800 software and technology startups globally over the past 30 years, revealed that the incident occurred in January. The breach involved unauthorized access to its information systems following what they are calling "a sophisticated social engineering attack."
Insight Partners confirmed that the attack took place on January 16, 2025. The company has taken steps to address the situation, notifying law enforcement in relevant jurisdictions and engaging third-party cybersecurity experts to investigate the full scope and impact of the breach. The investigation is ongoing to determine the extent of data exposure and to implement measures to prevent future incidents.
Recommended read:
References :
- cyberinsider.com: Insight Partners Investigates Data Breach Following Cyberattack
- BleepingComputer: New York-based venture capital firm Insight Partners has disclosed that its systems were breached
- techcrunch.com: VC giant Insight Partners confirms a January cyberattack
- CyberInsider: Insight Partners Investigates Data Breach Following Cyberattack
- securityaffairs.com: Venture capital firm Insight Partners discloses security breach
- www.bleepingcomputer.com: Insight Partners hit by cyberattack
- Carly Page: US-based VC giant Insight Partners has confirmed that hackers breached its systems in January.
- aboutdfir.com: Insight Partners confirms cyberattack in January 2025, with unauthorized access to information systems.
Pierluigi Paganini@Security Affairs
//
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities affect Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), posing significant risks to organizations. The advisory issued by CISA strongly urges immediate remediation to mitigate the threat of potential exploitation.
These vulnerabilities include CVE-2017-3066 in Adobe ColdFusion and CVE-2024-20953 in Oracle Agile PLM. The agency has set a deadline of March 17, 2025, for federal agencies to secure their networks against these flaws. Active exploitation attempts have been reported, highlighting the urgency of applying necessary updates.
Recommended read:
References :
- Talkback Resources: Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA [exp] [net]
- thecyberexpress.com: CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities
- cyble.com: Overview The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog.
- Talkback Resources: Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA [exp] [net]
|
|
FlagThis - #null