👉 What’s trending in cybersecurity today?

Malicious Go Package, Remote Access, Developer Systems, 7-Zip Security Flaw, SmokeLoader, AWS S3 Buckets, Security Flaw, Apache Cassandra Flaw, Data Centers, Veeam Updater Flaw, Backup Systems, River Region Cardiology, Sensitive Personal Data, PowerSchool, St Johns School District, McKinney Texas, Personal Information, Lighthouse Electric Company, San Francisco-Marin Food Bank, Texas, Cyber Command, State Infrastructure, CISA, Network Edge Devices, Taiwan, DeepSeek AI, Security Risks, Cross-Border Concerns, Sophos, SecureWorks, macOS Malware, Cryptocurrency, Data.

Listen to the full podcast

🚨 Cyber Alerts

1. Malicious Go Package Grants Remote Access

Researchers identified a malicious Go package designed to grant attackers remote access to infected systems. The package, a deceptive clone of the legitimate BoltDB module, exploited Git tags and Go Module Mirror caching to persist undetected. Attackers modified repository history, making it appear clean while ensuring unsuspecting developers continued downloading the compromised version. This technique highlights the risks posed by mutable Git tags and indefinitely cached modules, allowing malicious code to spread even after its removal from the original repository.

2. 7-Zip Flaw Exploited to Deliver SmokeLoader

A recently patched vulnerability in 7-Zip enabled Russian cybercriminals to bypass Windows security measures and deploy SmokeLoader malware through phishing attacks. Hackers used homoglyph techniques to disguise malicious archive files as legitimate documents, tricking users into executing harmful payloads. Ukrainian government agencies and municipal organizations were primary targets, demonstrating how smaller institutions remain highly vulnerable to sophisticated cyber threats.

3. Security Flaw in Abandoned AWS S3 Buckets

WatchTowr Labs researchers discovered a critical security flaw in abandoned Amazon Web Services (AWS) S3 buckets that could be exploited by attackers to hijack the global software supply chain. Their investigation revealed over 150 neglected S3 buckets used by governments, Fortune 500 companies, and cybersecurity firms, which were still queried for essential resources despite being abandoned. The vulnerability lies in AWS S3 bucket names being globally unique, allowing attackers to re-register these bucket names and deliver malicious content to vulnerable systems.

4. Apache Cassandra Vulnerability Exposes Data

A critical security vulnerability, CVE-2025–24860, was found in Apache Cassandra, a popular distributed database. The flaw allows unauthorized access through a bypass of the authorization system, affecting specific versions of the database. Operators are urged to upgrade to patched versions 4.0.16, 4.1.8, or 5.0.3 to prevent potential exploitation of this issue, which could lead to unauthorized data access or permission escalation.

5. Veeam Backup Vulnerability Poses Major Risk

A critical vulnerability in Veeam’s Updater component, CVE-2025–23114, allows attackers to execute arbitrary code via Man-in-the-Middle attacks, potentially gaining root-level access to vulnerable servers. This flaw affects various Veeam backup solutions, including those for Salesforce, AWS, Microsoft Azure, and Google Cloud. To mitigate risks, Veeam has released patched versions, and administrators are advised to promptly update their systems and implement additional security measures.

💥 Cyber Incidents

6. River Region Cardiology Breach Exposes Info

River Region Cardiology, based in Montgomery, Alabama, recently confirmed a data breach involving unauthorized access to sensitive personal and health information. The breach, which was detected on September 16, 2024, resulted from a cyberattack targeting a remote connection used by a third-party vendor. The exposed data includes names, social security numbers, dates of birth, and other sensitive details, prompting the practice to notify affected individuals once its investigation concludes.

7. PowerSchool Incident Hit St Johns Schools

PowerSchool recently experienced a cybersecurity incident that impacted multiple schools, including St. Johns County School District in Florida, where the Student Information System was being tested. The breach occurred on PowerSchool’s systems, not at the district, but it affected personal information such as student and educator data. PowerSchool is offering identity protection and credit monitoring services to those affected through Experian, alongside other security measures.

8. McKinney Texas Data Breach Exposes Info

The city of McKinney, Texas, announced a data breach that occurred on October 31, 2024, and was identified on November 14, 2024. The breach potentially exposed sensitive personal information, including Social Security numbers, credit card details, and medical insurance information. While no misuse of the data has been confirmed, city officials have implemented enhanced security measures and are offering free credit monitoring to affected individuals.

9. Lighthouse Electric Company Data Breach

Lighthouse Electric Company (LEC) discovered suspicious activity on its network around October 26, 2024. An investigation revealed that certain files were copied without authorization between October 21 and October 26, 2024, potentially exposing personal information, including Social Security numbers, bank account details, and health insurance information. To address the incident, LEC secured its systems and is offering affected individuals complimentary credit monitoring and identity theft services for 24 months through IDX.

10. San Francisco Marin Food Bank Faces Breach

San Francisco-Marin Food Bank reported a data breach after discovering unauthorized network access between May 10 and May 30, 2024. The organization began an investigation upon learning of the breach on May 31, and the review confirmed that personal information, including names, might have been affected. The food bank notified individuals and worked with law enforcement to secure systems.

📢 Cyber News

11. Texas Announces Creation of Cyber Command

Governor Greg Abbott announced the formation of the Texas Cyber Command as a top legislative priority to strengthen the state’s cybersecurity defense. Headquartered in San Antonio, the command will enhance Texas’ readiness against cyberattacks targeting critical infrastructure like energy, transportation, and military operations. The initiative emphasizes a proactive approach to cyber defense by leveraging local expertise and federal resources to protect Texas’ economic and strategic interests.

12. CISA Issues Edge Device Security Guidance

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with global cybersecurity bodies, has issued guidance to secure network edge devices, such as routers, firewalls, and IoT devices. These devices play a crucial role in maintaining network security but are often targeted by malicious actors exploiting vulnerabilities. The new publications provide actionable strategies to help organizations mitigate risks and strengthen defenses against cyber threats.

13. Taiwan Bans DeepSeek AI Over Security Risks

Taiwan has joined a growing list of countries that have banned the use of DeepSeek, a Chinese-developed Artificial Intelligence (AI) platform, by government agencies, citing significant security risks. The Ministry of Digital Affairs in Taiwan issued a statement highlighting concerns over the potential leakage of sensitive information due to the platform’s cross-border operations. These risks, according to the Ministry, endanger national information security, prompting authorities to restrict its use within government agencies and critical infrastructure. The decision aligns with similar actions taken by other countries, including Italy, where DeepSeek was recently blocked due to unclear data handling practices.

14. Sophos Completes $859M SecureWorks Deal

Sophos has completed its $859 million all-cash acquisition of SecureWorks. This deal will integrate SecureWorks’ Taegis XDR platform with Sophos’ Managed Detection and Response services to enhance its security offerings, including next-gen SIEM and OT security. Sophos plans to expand its customer base across small, mid-sized, and enterprise sectors while integrating SecureWorks’ expertise into its threat intelligence and security services.

15. 22 New macOS Malware Families Found in 2024

In 2024, security researcher Patrick Wardle identified 22 new macOS malware families, matching the number from 2023 but marking a significant rise from the lower numbers seen in 2021 and 2022. The new families consist of various types of malware, including stealers, ransomware, backdoors, and downloaders. These samples were newly discovered and do not include adware or malware that had been previously observed in earlier years. The new threats represent an evolving risk landscape for macOS users.

Copyright © 2025 CyberMaterial. All Rights Reserved.