👉 What’s happening in cybersecurity today?

GitHub, Trusted Infrastructure, Lumma Stealer Malware, Arm, Critical Vulnerabilities, Mali GPU Drivers, AWS, Azure, Infrastructure Laundering, WantToCry Ransomware, Server Message Block Services, Fake Google Ads Campaign, Microsoft Advertisers, Login Credentials, Meta, WhatsApp, Zero-Click, Spyware Attack, Journalists, Activists, Casio UK, Double-Entry Skimming Attack, Community Health Center, Kenya, Business Registration Services, Yazoo Valley Electric, Texas, DeepSeek RedNote, Lemon8, Security Risks, Poland, Former Justice Minister, Spyware Investigation, U.S., Dutch Agencies, Pakistan, Cybercrime Network, Linus Torvalds, Linux 6.14-rc1, PyPI, Project Archival, Security, Transparency.

Listen to the full podcast

🚨 Cyber Alerts

1. Lumma Stealer Exploits GitHub Repositories

Cybersecurity researchers have uncovered a sophisticated campaign exploiting GitHub’s trusted infrastructure to distribute the Lumma Stealer malware. The malware, which targets sensitive data such as credentials and cryptocurrency wallets, is distributed through files disguised as legitimate software. Once downloaded, Lumma Stealer initiates malicious activities, including data exfiltration, the deployment of additional malware payloads, and the establishment of persistence mechanisms.

2. Arm Discloses Critical Flaws in Mali GPUs

Arm has disclosed critical security vulnerabilities affecting its Mali GPU kernel drivers and firmware, impacting multiple GPU architectures, including Bifrost, Valhall, and the 5th Gen. One of these vulnerabilities, CVE-2024–4610, has been exploited in the wild, raising urgency for users to update their systems. Arm recommends immediate updates to the latest driver versions, as these flaws could lead to system crashes, information leaks, or privilege escalation.

3. Cybercriminals Use AWS and Azure for Fraud

Silent Push researchers have uncovered a new cybercrime tactic called “Infrastructure Laundering” that is increasingly used by cybercriminals. By renting IP addresses from legitimate cloud providers like Amazon Web Services (AWS) and Microsoft Azure, criminals can mask their illicit activities and carry out online scams, including money laundering and phishing schemes. The tactic is often associated with the FUNNULL content delivery network (CDN), which rents thousands of IP addresses and uses them to facilitate cybercrime operations, staying one step ahead of detection.

4. WantToCry Ransomware Exploits SMB Flaws

The WantToCry ransomware group has escalated its attacks by exploiting misconfigured Server Message Block (SMB) services to gain unauthorized access to networks. These vulnerabilities include weak credentials, outdated software, and poor security configurations, providing easy entry points for cybercriminals to infiltrate systems. Once inside, attackers can move laterally across networks, escalate privileges, and deploy ransomware to encrypt critical data, causing widespread disruption.

5. Malicious Google Ads Target Microsoft Users

Cybersecurity researchers have uncovered a malvertising campaign targeting Microsoft advertisers with deceptive Google ads leading to phishing pages designed to steal user credentials. These malicious ads appear in Google Search results when users search for terms like “Microsoft Ads,” redirecting them to a lookalike Microsoft site to harvest login details and two-factor authentication codes. The threat actors behind the campaign use techniques such as VPN traffic redirection and Cloudflare challenges to avoid detection and increase their chances of success.

💥 Cyber Incidents

6. Meta Disrupts Spyware Attack on Journalists

Meta’s WhatsApp disrupted a zero-click spyware campaign targeting around 90 journalists and activists, using spyware developed by the Israeli company Paragon Solutions. The attack, which involved spyware deployment via a specially-crafted PDF file, was neutralized in December 2024. Although the perpetrators remain unidentified, WhatsApp has notified the affected users and is working to protect their privacy, emphasizing the need for accountability in spyware usage.

7. Casio and 16 Sites Hit by Web Skimmer

A new investigation reveals a double-entry skimming attack targeting Casio’s UK site and 16 other websites. The attack, likely exploiting vulnerabilities in Magento or similar e-commerce platforms, allowed cybercriminals to steal sensitive payment details. Researchers uncovered the sophisticated skimming tactics, including fake payment forms and multiple exfiltration layers, which bypassed typical security measures. The stolen data was encrypted and sent to attackers through a complex exfiltration process, impacting users who interacted with the compromised cart page.

8. CHC Data Breach Impacts Over 1M People

Community Health Center, Inc. (CHC), a federally qualified health center in Connecticut, disclosed a data breach that impacted over 1 million individuals. The breach, detected on January 2, 2025, exposed sensitive personal and health information of patients and individuals who received COVID-19 tests or vaccines at CHC clinics. While the organization has implemented enhanced cybersecurity measures, it continues to offer free identity theft protection to those affected, ensuring support for those whose data was compromised.

9. Cyberattack Exposes Data at Kenya’s BRS

The Business Registration Services (BRS) in Kenya has suffered a significant data breach, exposing private details of companies. This breach, believed to have occurred on January 31, 2025, has led to the theft of confidential data, including company ownership and director information. The stolen data is reportedly being sold on the dark web, with the breach raising concerns about the organization’s security. The incident has prompted emergency meetings, and investigations are ongoing, although the motive remains unclear.

10. Yazoo Valley Utility Confirms Data Breach

A ransomware attack in August 2024 targeted Yazoo Valley Electric Power Association, affecting 20,997 individuals. The Akira gang claimed responsibility, alleging they stole Social Security numbers, financial records, and corporate documents. Yazoo Valley has not confirmed what data was accessed, and the breach’s full details, including potential ransom payment, remain unclear. The utility is offering free credit monitoring for victims, with enrollment open until April 30, 2025.

📢 Cyber News

11. Texas Bans Chinese AI Apps Over Data Risks

Texas Governor Greg Abbott has banned the Chinese AI chatbot DeepSeek and social media apps Xiaohongshu (RedNote) and Lemon8 from all state-issued devices, citing concerns over data harvesting and security risks. The move follows similar actions taken against TikTok, and Texas is the first state to impose such a ban on these Chinese-owned apps. Abbott stated that Texas will not allow foreign entities to compromise the state’s infrastructure with apps that pose a threat to user data privacy.

12. Ex-Polish Minister Arrested in Spyware Probe

Poland’s former justice minister Zbigniew Ziobro has been arrested as part of a probe into the misuse of government funds for deploying spyware against opposition leaders. The investigation, which spans from 2017 to 2022, is being led by Prime Minister Donald Tusk and has already led to multiple arrests. Human rights advocates have applauded the efforts to hold those responsible accountable for using Pegasus spyware to undermine political opponents.

13. US and Netherlands Disrupts Fraud Network

U.S. and Dutch law enforcement dismantled 39 domains used by a cybercrime group known as Saim Raza or HeartSender, which sold phishing tools and fraud-enabling software. The tools facilitated scams such as business email compromises, leading to over $3 million in losses. The operation, named Heart Blocker, shut down websites selling malicious programs and offered training to users, making cybercrime more accessible to a wider range of criminals, significantly disrupting fraudulent activities across borders.

14. Linux 6.14-rc1 Released with Key Updates

Linus Torvalds released the Linux 6.14-rc1, marking the end of the two-week merge window. Despite being a smaller release, it includes significant updates such as 10,000 commits, with half focused on drivers. The update also covers a wide range of improvements in architecture, filesystems, security, and networking. Developers are encouraged to test the release, which sets the stage for a stable final version expected in late March 2025.

15. PyPI Introduces Archival System for Projects

The Python Package Index (PyPI) has introduced a new feature called ‘Project Archival,’ allowing developers to mark their projects as archived when no further updates or maintenance are planned. While the projects remain accessible for download, users will see a warning about the project’s status to help them make informed decisions about their dependencies. This initiative aims to reduce security risks related to abandoned projects and prevent malicious updates, improving transparency and user awareness in the open-source community.

Copyright © 2025 CyberMaterial. All Rights Reserved.