FlagThis

This cluster details a report by Citizen Lab and the EFF Threat Lab highlighting critical privacy vulnerabilities in the “RedNote” app. The analysis of version 8.59.5 found that the app transmits user content over unencrypted HTTP, potentially exposing sensitive data to network attackers. Static analysis also revealed the use of static keys for encrypting certain files, exposing those files to decryption. Furthermore, the app transmits device metadata without encryption, potentially vulnerable to man-in-the-middle attacks.

UK telco TalkTalk is investigating a potential data breach, after a threat actor offered the data of millions of its current and former customers on a cybercrime forum. The investigation is in progress, but the claims suggest a potential exfiltration of sensitive user data. This incident highlights the ongoing challenges of safeguarding user data in the telecommunications sector. The claims about data size might be overstated.

The fact that a threat actor is attempting to sell user data on a cybercrime forum is a big risk. The incident highlights the need for telcos to invest more into security practices. It also shows that customers are at risk of their data being exposed via a third party.

The US Treasury Department sanctioned a Chinese cybersecurity firm, Sichuan Juxinhe, and a Shanghai-based hacker, Yin Kecheng, for their involvement in the Salt Typhoon cyberattacks. These attacks targeted major US telecom companies, compromising sensitive data and the US Treasury’s network, including systems used for sanctions and foreign investment reviews, and even impacted the computer of the outgoing Treasury Secretary Janet Yellen. This highlights the ongoing sophisticated cyber espionage campaigns from China targeting critical infrastructure and government entities within the US and globally. The sanctioned entities are directly linked to the Chinese Ministry of State Security (MSS), and used a combination of zero-day exploits and other techniques for infiltrating networks and exfiltrating data. The compromise of the Department of the Treasury’s network is considered a major breach, potentially impacting national security due to access to sensitive information.

A new ransomware campaign is exploiting Amazon Web Services’ (AWS) Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt S3 buckets. The attackers use encryption keys unknown to the victims and demand ransoms for the decryption keys. This attack abuses a legitimate AWS feature, creating a very difficult situation for its victims who cannot recover their data without the decryption key. The ransomware crew has been dubbed ‘Codefinger’.

A critical zero-day vulnerability, tracked as CVE-2025-0282, has been discovered in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow allows unauthenticated remote attackers to achieve remote code execution. This is in addition to CVE-2025-0283 which is another stack-based buffer overflow, which requires a local authenticated attacker. This vulnerability is currently being actively exploited in the wild. Organizations are advised to apply the available patches immediately and perform factory resets to ensure complete removal of any potential malware. Ivanti has a long history of being targeted.

Rhode Island’s health benefits system was breached, leading to a data leak on the dark web, compromising residents’ personal data. The compromised data included sensitive information from the state’s health benefits system. This incident demonstrates the ongoing threats to government infrastructure and highlights the importance of robust security measures. The breach underscores the necessity for continuous monitoring and improvements in state-level cybersecurity protocols.

A threat actor has successfully targeted low-skilled hackers, often referred to as ‘script kiddies,’ by distributing a fake malware builder. The builder is not what they expected, instead it secretly infects the user’s systems with a backdoor. This sophisticated method allowed the attacker to compromise over 18,000 devices, highlighting a serious issue in the threat landscape. This indicates that even low skilled attackers can be targets and may unknowingly become victims.