April 03, 2025 – Cyber Briefing

👉 What’s going on in the cyber world today?

Phishing Attack, QR Codes, Microsoft 365, Login Credentials, WinRAR Vulnerability, Windows Security, Remote Code Execution, Verizon Call Filter, Customer Call Logs, Privacy Risks, Web Skimming Campaign, Stripe API, Payment Data, Jan AI, Remote Attacks, Royal Mail, Data Breach, Third Party Supplier, Spectos, UPCX Payment Platform, Unauthorized Breach, Baltimore, Vendor Fraud, Polish Prime Minister, Cyberattack, Civic Platform, Austria, Marinomed Biotech AG, Cybercrime Attack, Commercial Hacking Tools, Global Impact, Trump Administration, Gmail, Sensitive Government Work, Europol, Kidflix CSAM Platform, Global Operation, Thailand, Google, Cybersecurity, Rising Threats, Cyberhaven, Funding, AI Data Security Solutions.

Listen to the full podcast

🚨 Cyber Alerts

1. QR Code Phishing Targets Microsoft 365 Users

A new and sophisticated phishing campaign is exploiting QR codes to steal Microsoft 365 login credentials. The attack bypasses traditional email security measures by embedding QR codes in seemingly legitimate emails, instructing victims to scan them with their mobile devices. Once scanned, these codes redirect users to fake Microsoft 365 login pages, designed to capture their credentials. The campaign is primarily targeting corporate sectors, particularly financial services and healthcare, and has already compromised multiple organizations.

2. WinRAR Flaw Allows Remote Code Execution

A newly discovered vulnerability in WinRAR, tracked as CVE-2025–31334, bypasses Windows’ Mark of the Web security feature. The flaw affects all WinRAR versions before 7.11, enabling attackers to execute arbitrary code by exploiting symbolic link shortcuts in archives. By tricking users into extracting malicious files, the attack avoids triggering Windows security alerts. RARLAB has released a patch for this issue, urging users to update to WinRAR version 7.11 immediately to secure their systems.

3. Verizon Call Filter Flaw Exposes Data

A vulnerability in Verizon’s Call Filter app allowed unauthorized access to customer call logs. The flaw let attackers retrieve incoming call data for any Verizon phone number by manipulating request headers. This breach affected millions of users, potentially exposing sensitive information like timestamps and personal contacts. The issue highlights risks posed by third-party contractors and the need for improved security in mobile services.

4. Web Skimmer Targets Stripe API to Steal Data

A sophisticated web skimming campaign exploits a legacy API from Stripe to steal payment information from customers. Malicious JavaScript is injected into checkout pages, allowing attackers to intercept and transmit stolen credit card details before they reach Stripe’s secure system. The researchers identified 49 affected merchants, though this number is likely an underestimation. The attackers are using advanced techniques to ensure only valid card data is captured, making the operation more efficient and harder to detect.

5. Jan AI Vulnerabilities Allow Remote Attacks

Jan AI, an open-source alternative to ChatGPT, has been found vulnerable to several security issues. These flaws could be exploited by remote, unauthenticated attackers to manipulate the system or access sensitive data. Snyk discovered issues such as an arbitrary file write flaw, out-of-bound read vulnerabilities, and a lack of CSRF protection, which made the system prone to attack. Menlo Research acted swiftly, fixing the issues within weeks and issuing four CVEs to address vulnerabilities in Jan AI’s design and functionality.

💥 Cyber Incidents

6. Royal Mail Investigates Supplier Data Breach

Royal Mail is currently investigating a data breach linked to its third-party supplier Spectos, which has allegedly exposed over 144GB of sensitive data. The breach was reported by the cybercriminal known as GHNA on the BreachForum, and the leaked files include personally identifiable information (PII), internal Zoom meetings, delivery and postal location datasets, and documents related to Mailchimp mailing lists. The incident is believed to be connected to a 2021 malware infection, where compromised credentials from a Spectos employee allowed unauthorized access to Royal Mail systems.

7. Hacker Steals $70 Million from UPCX Platform

UPCX suffered a significant breach, with hackers stealing $70 million worth of tokens from its system. The attacker exploited a vulnerability in the platform’s ProxyAdmin contract, which enabled unauthorized access to multiple management accounts. The stolen tokens have not been exchanged for other assets, but UPCX responded by suspending deposits and withdrawals while it investigates the breach. The attack mirrors previous exploits caused by compromised credentials and flawed access controls, urging Web3 platforms to improve security measures

8. Baltimore Probes $1.5 Million Fraud Scheme

Baltimore officials are urgently working to enhance security measures after over $1.5 million was stolen in a fraudulent scheme. A person impersonated a vendor, successfully redirecting payments to their own account after months of email correspondence. City officials are investigating the incident, which has led to the suspension of certain online payment processes. Although the fraudster bypassed security systems, including geofencing, city officials are focused on implementing new safeguards to protect against future incidents.

9. Polish Civic Platform Hit by Cyberattack

A cyberattack recently targeted the IT systems of Poland’s Civic Platform party, creating alarm over potential foreign interference in the upcoming elections. Prime Minister Tusk suggested the attack was linked to foreign entities, with security services tracing the cyber breach to eastern sources, likely Russia or Belarus. Digital Affairs Minister Gawkowski acknowledged the seriousness of the attack and confirmed that intensive investigations are ongoing. Poland has been on high alert due to its prominent role in supporting Ukraine.

10. Marinomed Biotech Reports EUR 677,000 Loss

Marinomed Biotech AG, located in Korneuburg, Austria, announced on April 2, 2025, that it had fallen victim to cybercrime. The attack resulted in the transfer of EUR 677,000 to third parties outside the European Economic Area. Although the company has made efforts to reverse the transaction and block the funds at the recipient bank, these attempts have been unsuccessful. Marinomed has filed criminal charges with the relevant authorities, is collaborating with external advisors to investigate the matter further, and is reviewing its insurance policies to determine if damages can be covered.

📢 Cyber News

11. Paris Negotiates Rules on Hacking Tools

The Pall Mall Process aims to regulate commercial cyber intrusion capabilities (CCICs) amid growing concerns over their misuse. The French and British governments lead the initiative, seeking agreement on oversight, accountability, and responsible use of these tools. Challenges include reluctance from major CCIC exporters like Israel and India, who have been implicated in harmful practices. The upcoming Paris meeting is crucial, with experts warning that failure to progress could undermine the initiative’s goals.

12. Trump Officials Used Personal Gmail for Work

The Trump administration reportedly had senior officials using personal Gmail accounts for official government business. National Security Adviser Michael Waltz and his aide were among those who used Gmail for discussions involving sensitive military information and operations. This has raised concerns about cybersecurity, as personal accounts are frequently targeted by hackers, including nation-state actors, to steal sensitive data. The White House has not commented on the report, which highlights the potential security risks posed by improper handling of government-related information.

13. Europol Shuts Down Kidflix CSAM Platform

Europol has led a multi-year international effort to dismantle Kidflix, a child sexual abuse material (CSAM) platform. The operation involved 38 countries, resulting in the seizure of 72,000 videos and the arrest of 79 individuals. The platform, which had 1.8 million users, allowed offenders to earn tokens by uploading or categorizing videos. This operation, ongoing since 2022, has protected 39 children and highlighted the growing digital threat of child exploitation, with further actions still underway.

14. Thailand Partners Google for Cybersecurity

Thailand’s National Cyber Security Agency (NCSA) has teamed up with Google Cloud to bolster the country’s cybersecurity. The collaboration aims to combat rising cyber threats as digital transformation accelerates across the nation. A key focus is sharing threat intelligence and developing incident response strategies for public sector protection. Additionally, the partnership introduces new mobile security measures, such as anti-scam features, to safeguard Thai citizens from cybercriminals.

15. Cyberhaven Raises $100M for AI Security

Cyberhaven, a Silicon Valley data security startup, raised $100 million in Series D funding. The investment brings the company’s total funding to $250 million, with a valuation of $1 billion. The company’s AI-powered data detection and response platform helps organizations track sensitive data and protect it from exfiltration. With plans to expand and improve its product, Cyberhaven aims to redefine data security with AI-driven behavioral analysis.