April 01, 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

WordPress, MU-Plugins, Persistent Access, Konni RAT, Windows Explorer, Earth Alux APT, Government Sectors, Asia Pacific, Latin America, Triton RAT, Telegram, Roblox Credentials, Check Point, Data Breach, Germany, Federal Employment Agency, Benefits, Brazil Nuclear Research Institute, Russia, Platon, Uruguay Fiscalía, EU, €1.3 Billion, Cybersecurity, AI, Digital Skills, France, Apple, €150 Million, Fine, UK, Cyber Security and Resilience Bill, Canadian Hacker, Aubrey Cottle, Texas Republican Party, U.S. Attorney’s Office, Western District of Texas, GCHQ, Intern, Smuggling Data.

Listen to the full podcast

🚨 Cyber Alerts

1. Apple Warns of New Zero Day Vulnerabilities

Apple has issued a warning about three critical zero-day vulnerabilities actively exploited in sophisticated attacks. The flaws, identified as CVE-2025–24200, CVE-2025–24201, and CVE-2025–24085, affect various Apple devices such as iPhones, iPads, Macs, and others. These vulnerabilities could allow attackers to bypass security features, escalate privileges, or exploit web content. Apple has released security patches for all affected devices, urging users to update their systems immediately.

2. Attackers Hide Malware in WordPress mu-Plugins

WordPress sites are increasingly targeted by attackers who exploit the mu-plugins directory to hide malicious code and maintain persistent access. These mu-plugins auto-load on every page without requiring activation, making them an ideal location for hiding backdoors and executing malware. Attackers deploy different types of malware through files like redirect.php, index.php, and custom-js-loader.php, which redirect visitors to malicious sites, inject spam, or provide full control over compromised sites.

3. Konni RAT Abuses Windows Explorer in Attacks

Konni RAT has evolved to exploit vulnerabilities in Windows Explorer, enabling attackers to carry out sophisticated multi-stage attacks. Observed primarily targeting government institutions and critical infrastructure worldwide, this malware allows attackers to establish persistent backdoors in compromised systems. By hijacking legitimate Windows processes, such as DLL files, it evades detection by conventional security tools, making it harder to identify during routine checks.

4. Earth Alux Targets Critical Sectors Globally

Earth Alux, a China-linked advanced persistent threat group, has been conducting espionage operations since mid-2023, initially targeting the Asia-Pacific region. By mid-2024, the group expanded to Latin America, focusing on government, technology, logistics, manufacturing, telecommunications, IT services, and retail sectors in countries such as Thailand, Brazil, and the Philippines. Earth Alux primarily uses the VARGEIT backdoor for maintaining persistence and conducting long-term data exfiltration operations.

5. Triton Uses Telegram to Steal Roblox Data

Triton RAT is a sophisticated Python-based malware that uses Telegram for its command and control infrastructure. Its primary targets are Roblox credentials, stealing security cookies from browsers like Chrome, Brave, and Firefox to bypass two-factor authentication. The malware’s capabilities include keylogging, screen recording, webcam access, and clipboard data exfiltration. To maintain long-term access, Triton disables security software, creates scheduled tasks, and deploys secondary payloads, demonstrating its persistent nature and sophisticated evasion tactics.

💥 Cyber Incidents

6. Check Point Responds to Data Breach Claims

Check Point confirmed that a data breach discussed on BreachForums was linked to an event from December 2024. The breach involved compromised credentials from a low-access portal with no connection to critical systems or customer data. The hacker’s claims of exposing sensitive information, including internal network maps and customer contracts, were discredited by the company. Check Point assured that the issue was resolved months ago, with no ongoing security risks to customers or employees.

7. Fraudsters Target Germany Employment Agency

A recent cyberattack targeted clients of the Germany’s Federal Employment Agency, aiming to fraudulently alter account details and steal benefits. Criminals changed bank account numbers for a number of clients in an attempt to redirect funds. In response, the agency temporarily disabled the feature allowing online changes to account information, protecting clients from further harm. While no payments were made to the fraudulent accounts, the agency has reported the breach to authorities and is collaborating with the Federal Data Protection Officer and the Federal Office for Information Security to investigate the incident and strengthen security measures.

8. Brazil Nuclear Institute Hit by Cyberattack

A cyberattack on Brazil’s Instituto de Pesquisas Energéticas e Nucleares (IPEN) caused significant disruption to the production of essential radioactive medicines, including Iodo-131 and Lutécio-177. The National Commission for Nuclear Energy (CNEN) reported that, despite the attack, there was no breach of physical, radiological, or nuclear security at the facility. As a precautionary measure, the institute’s network was disconnected from external access, including the internet, to address vulnerabilities.

9. Russian Platon Service Hit by Cyberattack

A large-scale cyberattack recently targeted “Platon,” a key Russian system designed for truck drivers. The attack occurred on March 28, 2025, causing disruptions across the country, with the service’s website becoming completely inaccessible. As a result, drivers were unable to access their accounts or process essential tasks, such as generating route maps. The attack led to widespread complaints, with many truck drivers reporting halted operations due to the system’s failure to function properly.

10. Cyberattack Attempt on Uruguay Fiscalía

Uruguay’s Fiscalía General de la Nación reported a cyberattack attempt on its official systems, but no sensitive information was accessed. The institution’s Communications Director, Javier Benech, confirmed that the attack had no impact on critical data or operations. Immediately after the attempt, security protocols were activated, ensuring that the systems remained under control and no breach occurred.

📢 Cyber News

11. EU Announces €1.3 Billion Investment in Tech

The European Commission has announced an investment of €1.3 billion to strengthen cybersecurity, artificial intelligence, and digital skills across the EU. This funding, part of the Digital Europe Programme for 2025–2027, will focus on boosting the resilience of critical EU infrastructures like hospitals and submarine cables. A significant portion will also support the development of the EU Digital Identity Wallet to protect personal data and prevent fraud. The investment aims to drive innovation, support AI advancements, improve digital education, and facilitate the deployment of digital public services.

12. Apple Fined €150M Over App Tracking Tool

Apple was fined €150 million ($162 million) by France’s competition watchdog for exploiting its dominant position in the mobile app advertising market. The fine resulted from the company’s implementation of its App Tracking Transparency framework, which, although designed to protect user privacy, was criticized for harming small app publishers. The French regulator found the framework’s design excessively complex and argued that it unfairly impacted third-party apps, giving Apple an advantage in the advertising market.

13. UK Unveils Cybersecurity and Resilience Bill

The UK government has unveiled the Cyber Security and Resilience Bill to enhance the protection of vital infrastructure and services against growing cyber threats. The bill focuses on securing critical sectors, including hospitals, energy suppliers, and IT providers, aiming to mitigate potential risks from increasingly sophisticated cyberattacks. It also seeks to strengthen data center security and supports efforts to protect AI systems, which are integral to the nation’s economic growth.

14. Canadian Hacker Arrested for GOP Data Theft

Canadian hacker Aubrey Cottle was arrested in Canada for allegedly stealing sensitive data from the Texas Republican Party. He accessed the systems of Epik, a hosting company, to deface the party’s website and download a backup containing personal information. Cottle later shared the stolen data online, taking credit for the attack on social media and in Discord chats. He is now facing up to five years in prison for charges related to unlawful data possession and transfer, with Canadian authorities cooperating with U.S. investigators.

15. GCHQ Intern Pleads Guilty to Smuggling Data

Hassan Arshad, a former intern at the Government Communications Headquarters (GCHQ), pleaded guilty to transferring top-secret information onto his personal smartphone. The sensitive data included critical tools used by the agency and the names of its employees, creating significant security risks. Arshad, who had worked with GCHQ as part of a university placement, faces sentencing in June after also admitting to charges related to indecent images found on his phone.