👉 What’s happening in cybersecurity today?

RANsacked, LTE, 5G, Apache Solr, Windows Systems, Meta Llama Framework, Arbitrary Code Execution, Zyxel Security Update, Andariel, Relative Identifier Hijacking, British Museum, Ukrainian Cyberattack, MegaFon, Medusa Ransomware, Argentina, Hospital El Cruce, France, Archery Federation, Mountain and Climbing Federation, Personal Data Records, ANICO Data Leak, US AI Dominance, Kristi Noem, Homeland Security, UnitedHealth, Data Breach, Turkey Law, Data Leak Reporting, SCAVY Framework, Memory Corruption, Linux

Listen to the full podcast

🚨 Cyber Alerts

1. Over 100 Flaws Found in LTE and 5G Networks

Academics from the University of Florida and North Carolina State University disclosed over 100 vulnerabilities in LTE and 5G implementations that can disrupt city-wide cellular communications. These flaws, including buffer overflows and memory corruption, enable attackers to crash networks or monitor subscriber data using unauthenticated devices or compromised base stations. The findings emphasize urgent security gaps in Radio Access Network interfaces of current cellular systems.

2. Apache Solr Flaw Poses Risk to Windows

A critical vulnerability, identified as CVE-2024–52012, has been disclosed in Apache Solr that affects Windows systems. This Relative Path Traversal flaw, found in the “configset upload” API, allows attackers to craft specially designed ZIP files that exploit the issue and gain arbitrary file path write access. By uploading these malicious archives, attackers can overwrite system files or inject malicious code into unintended locations on the filesystem, potentially compromising system integrity and enabling further attacks like remote command execution.

3. Meta Llama AI Framework Security Flaw Found

Meta’s Llama framework has been found vulnerable to a high-severity flaw tracked as CVE-2024–50050, which could allow attackers to execute arbitrary code on Llama-stack inference servers. The vulnerability arises from a deserialization issue in the Python Inference API, where attackers could exploit the untrusted data handling via the pickle format to execute remote code. This flaw could be triggered when the ZeroMQ socket is exposed over a network, leading to potential exploitation by sending malicious objects to the socket.

4. Zyxel Warns of Faulty Update Causing Errors

Zyxel has warned that a recent security signature update has caused significant issues for USG FLEX and ATP Series firewalls, including reboot loops and access problems. The faulty update, deployed between January 24 and 25, has led to device errors, high CPU usage, and failed logins, impacting only devices with active security licenses. Zyxel advised users to physically access affected firewalls and follow recovery steps using a console cable to restore functionality.

5. Andariel Group Uses RID Hijacking Attack

The North Korean-linked Andariel hacking group has been identified using a sophisticated attack campaign that employs the Relative Identifier (RID) Hijacking technique to covertly create hidden administrator accounts on Windows systems. This method allows attackers to bypass traditional detection measures while maintaining persistent access to compromised systems. RID Hijacking is an advanced privilege escalation technique where attackers manipulate the RID value of a low-privilege account to match that of a high-privilege account, such as an administrator.

💥 Cyber Incidents

6. British Museum Closes After IT Attack

The British Museum in London was partially closed after a fired IT contractor broke into the facility and shut down several systems. The employee, who was dismissed the previous week, caused significant disruptions to both temporary and permanent exhibitions on Thursday. Police arrested the contractor for burglary and criminal damage, while museum officials worked to restore operations and provide refunds to affected visitors. This incident adds to the museum’s ongoing challenges, including the theft of artifacts by a former curator and pressure to return the Parthenon Marbles to Greece.

7. Ukrainian Cyberattack Hits Russian Networks

Cyber specialists from Ukraine’s Defense Ministry launched a large-scale attack against MegaFon, one of Russia’s largest mobile and internet operators. The attack, identified as a “carpet-bombing DDoS,” disrupted mobile services and internet access in Moscow, St. Petersburg, and central Russia. Ukrainian intelligence claims the attack not only targeted MegaFon but also affected other operators, depriving Russians of access to platforms like Steam, Twitch, and Discord.

8. Medusa Group Targets Argentina Hospital Data

Medusa ransomware has severely impacted Argentina’s Hospital El Cruce, located in Florencio Varela, Buenos Aires Province. The attack compromised over 760GB of sensitive data, including protected health information (PHI) such as diagnostic images and laboratory tests, as well as personally identifiable information (PII) like patient names, birthdates, passport numbers, and addresses. The hospital’s website is currently offline as its IT department works to manage the incident.

9. French Sports Federations Hit by Cyberattack

The French Archery and Mountain and Climbing Federations have fallen victim to a cyberattack, compromising the data of over 200,000 individuals. The breach was traced back to a vulnerability in a service provider responsible for managing interfaces. The stolen data includes sensitive information such as names, birthdates, addresses, and profile pictures, with over 77,000 individuals affected in the Archery Federation alone. The Mountain and Climbing Federation reported a similar breach impacting 120,000 members.

10. Data Leak Exposes Sensitive Info at ANICO

Cybersecurity researchers have discovered over 270,000 lines of sensitive data linked to American National Insurance Company (ANICO) on a forum, potentially tied to the 2023 MOVEit breach. The leaked data, including customer and employee details, is suspected to have been exposed following the breach of MOVEit, a file transfer software exploited by the Cl0p ransomware group. While ANICO has acknowledged being impacted by the breach, the direct connection to MOVEit remains unconfirmed.

📢 Cyber News

11. New US Executive Order on AI

President Donald Trump signed an executive order aimed at ensuring the U.S. leads in artificial intelligence (AI) by developing a strategic plan within 180 days. The order, titled “Removing Barriers to American Leadership in Artificial Intelligence,” seeks to remove regulatory hurdles while ensuring that AI systems remain free from ideological bias. It tasks key officials with revising existing policies, creating a new framework for AI, and coordinating efforts across national security, technology, and the economy.

12. Kristi Noem Confirmed as DHS Secretary

Kristi Noem was confirmed as the 8th Secretary of the Department of Homeland Security with a 59–34 vote in the U.S. Senate. Noem, sworn in by Supreme Court Justice Clarence Thomas, outlined her priorities focusing on border security, law enforcement, and counterterrorism. She emphasized the importance of cybersecurity, committing to safeguard critical infrastructure against increasing cyber threats and foreign attacks, leveraging public-private partnerships for a more proactive approach. Noem’s confirmation marks a shift in leadership with a focus on cutting-edge technology and strengthened defense against emerging cyber risks.

13. UnitedHealth Data Breach Affects 190 Million

UnitedHealth confirmed that a February 2024 ransomware attack on its subsidiary, Change Healthcare, impacted approximately 190 million people, nearly doubling previous estimates. This cyberattack is considered the largest medical data breach in U.S. history, affecting a vast amount of sensitive health and insurance-related data. The breach, attributed to the ALPHV ransomware gang, involved the theft of names, addresses, dates of birth, Social Security numbers, and medical records, as well as banking information.

14. Turkey’s New Law Could Silence Data Leaks

Turkey’s government has proposed a new cybersecurity law that could make it illegal to report data breaches. The legislation introduces severe penalties for those who falsely create the impression of a data breach, even if no breach has occurred. Critics fear the law could stifle journalism and discourage reporting on cybersecurity issues, as it may lead to imprisonment for those who accurately report potential breaches.

15. SCAVY Automates Linux Kernel Security

Researchers unveiled SCAVY, a new framework designed to automate the discovery of memory corruption targets in the Linux kernel. This tool addresses critical gaps in detecting privilege escalation exploits, which often leverage memory corruption vulnerabilities. SCAVY goes beyond traditional methods by being bug-type agnostic and using advanced techniques like fuzzing and differential analysis to identify exploitable memory states. Already, the framework has identified new exploitable fields, demonstrating its potential to enhance kernel security and proactively address emerging threats.

Copyright © 2025 CyberMaterial. All Rights Reserved.