April 04, 2025 – Cyber Briefing

👉 What are the latest cybersecurity alerts, incidents, and news?

Tax-Themed Phishing Campaigns, Malware, Credentials, Fast Flux Evasion Technique, National Security, CISA, Ivanti Connect Secure, Flaw, Remote Code Execution, Apache Parquet Flaw, Ukraine, Critical Infrastructure, Wrecksteel Malware, CERT-UA, State Bar of Texas, Data Breach, INC Ransomware Gang, Australian Super Funds, AustralianSuper, REST, Hostplus, MLC Expand, Coordinated Cyberattack, Washington, Highline Public Schools, Ransomware Attack, Lubbock Texas, Payment Card Details, Austria, Graz 99ers, Ice Hockey League, Trump, Timothy Haugh, NSA, Cyber Command, Fediverse Security, Bug Discoverers, Utility Firms, Disruptions, Adaptive Security, AI Deepfakes, Social Engineering.

Listen to the full podcast

🚨 Cyber Alerts

1. Tax Phishing Campaigns Steal Credentials

Microsoft has warned of phishing campaigns targeting tax season to deliver malware and steal credentials. The attacks exploit URL shorteners, QR codes, and phishing-as-a-service platforms like RaccoonO365. Malware delivered includes remote access trojans like Remcos RAT and post-exploitation tools such as Latrodectus and AHKBot. The phishing emails have targeted thousands of U.S. organizations, prompting experts to recommend phishing-resistant authentication and stronger security measures.

2. Fast Flux Threatens National Security

CISA, FBI, NSA, and other international cybersecurity agencies are warning about the growing use of the Fast Flux evasion technique by cybercriminals and state-sponsored actors. This technique involves rapidly changing DNS records, making it difficult to trace the source of malicious activities, such as phishing and malware attacks. Fast Flux is often powered by botnets, and it has been used by various threat actors, from low-tier criminals to sophisticated nation-state groups. Agencies recommend using blocklists, DNS/IP reputation services, and real-time alerting to detect and mitigate the risks associated with this technique

3. Ivanti Connect Secure Flaw Exploited

Ivanti recently disclosed a critical vulnerability in its Connect Secure product, tracked as CVE-2025–22457, affecting several versions. This vulnerability, a stack-based buffer overflow, can allow attackers to execute arbitrary code on unpatched systems. Exploited since mid-March 2025, the flaw has led to the deployment of malware, including the TRAILBLAZE dropper and BRUSHFIRE backdoor. Affected products include Ivanti Connect Secure, Ivanti Policy Secure, and ZTA Gateways, with patches released or upcoming for these versions. Ivanti urges customers to upgrade to patched versions immediately.

4. Wrecksteel Malware Targets Ukraine Agencies

Ukraine’s Computer Emergency Response Team (CERT-UA) recently revealed a series of cyberattacks targeting state agencies and critical infrastructure. The attacks utilized phishing emails that contained links to file-sharing services like Google Drive and DropMeFiles, leading to the download of a PowerShell script. Once executed, the script harvested text documents, images, and presentations, and also captured screenshots from infected devices. The campaign, attributed to the UAC-0219 threat group, has been ongoing since fall 2024, though its origin remains undetermined, with many phishing campaigns against Ukraine typically linked to Russian-backed groups.

5. Apache Parquet Java Library Critical Flaw

A critical vulnerability has been disclosed in Apache Parquet’s Java Library, identified as CVE-2025–30065. This flaw affects versions of Apache Parquet up to and including 1.15.0, allowing remote attackers to execute arbitrary code through improper schema parsing in the parquet-avro module. The issue could have serious consequences for data pipelines and analytics systems, especially when processing files from untrusted or external sources. While there is no evidence of active exploitation yet, users are strongly advised to update to version 1.15.1 to address the vulnerability and avoid potential security risks.

💥 Cyber Incidents

6. State Bar of Texas Hit by Data Breach

The State Bar of Texas has confirmed a data breach following a claim by the INC ransomware gang. The breach, which occurred between January 28 and February 9, 2025, was discovered on February 12. The gang gained unauthorized access to the organization’s network, stealing sensitive data, including full names and other redacted information. The INC ransomware group added the State Bar of Texas to its dark web extortion page on March 9, 2025, leaking samples of stolen legal case documents.

7. Australian Super Funds Hit in Cyberattack

Several major Australian superannuation funds were targeted in a coordinated cyberattack, affecting thousands of members across various organizations. Among the impacted funds were AustralianSuper, REST, Hostplus, and MLC Expand, with cybercriminals gaining unauthorized access to accounts using stolen credentials. AustralianSuper confirmed that over 600 accounts were targeted in an attempt to commit fraud, while other funds reported limited personal data being accessed but no funds being withdrawn.

8. Highline Public Schools Confirms Data Breach

In September 2024, Highline Public Schools in Washington suffered a significant ransomware attack. The breach compromised sensitive personal, financial, medical, and educational data of over 17,000 students and 2,000 staff members. A thorough investigation revealed that an unknown actor gained access to several systems, exposing a wide range of data, including social security numbers, health information, and student records. In response, the district has strengthened its cybersecurity efforts and is offering free credit monitoring and identity protection services to those affected.

9. Hackers Steal Data From Lubbock Utility Site

In early 2025, hackers compromised the utility payment site of Lubbock, Texas, affecting over 12,000 people. Sensitive data such as names, addresses, and payment card information were stolen from customers making utility payments between December 18, 2024, and January 6, 2025. The breach occurred through a fake pop-up window on the site, targeting users’ payment details. While the city secured its internal network, the stolen data is now being sold on the dark web, highlighting growing concerns over e-commerce security.

10. Graz 99ers Hit by Cyberattack After Loss

The Graz 99ers, an Austrian ice hockey team, became victims of a cyberattack just weeks after their playoff loss. The team confirmed the breach but has not provided specific details about the scope of the damage. Police have been involved in the investigation, but no further public information has been shared. This attack comes right after the 99ers’ defeat in the Ice Hockey League quarterfinals, adding to the challenges they face in the aftermath of their season’s end.

📢 Cyber News

11. Trump Fires Haugh from NSA and Cyber Command

President Trump removed General Timothy Haugh from his position as head of U.S. Cyber Command and the NSA. The move, made after just over a year into Haugh’s term, signals potential changes to U.S. cybersecurity leadership. Army Lt. Gen. William Hartman will serve as acting leader of both organizations while Sheila Thomas steps into the NSA’s executive director role. Critics, including Senator Mark Warner, raised concerns about the firing amid rising cyber threats like the Salt Typhoon attack from China.

12. Cyber Support to Ukraine Faces Growing Strain

As the war in Ukraine persists, Western cyber assistance has been crucial but faces increasing strain. Despite substantial support from the U.S. government and private companies, ongoing political divisions and shifting global priorities threaten the continuity of this aid. The private sector, which once provided vital resources like software and training, is now less involved, with fatigue and funding issues contributing to the decline. Still, strong trust between Ukraine and its cyber supporters may shape future international cybersecurity strategies.

13. New Security Fund for Fediverse Flaws

The Nivenly Foundation has launched a security fund to support the fediverse in addressing vulnerabilities. This new initiative encourages individuals to report security flaws in platforms like Mastodon, Pixelfed, and Threads, offering financial rewards. Vulnerabilities are assessed based on severity, with payouts ranging from $250 to $500. The fund aims to improve security practices across the open-source social web, particularly by educating project leads on responsible disclosure to better protect users.

14. Half of Attacks on Utilities Are Destructive

A Semperis report highlights that over 60% of US and UK water and electricity firms experienced cyber-attacks in the past year. Among these, 59% of attacks caused significant disruptions to operations, while 54% resulted in permanent corruption or destruction of data and systems. The majority of these attacks targeted critical identity systems like Active Directory, giving attackers potential control over entire networks. The report also noted high-profile incidents, such as Volt Typhoon’s long-term access to a Massachusetts utility’s network, and a Russian ransomware attack on Southern Water.

15. Startup Raises $43M to Combat AI Threats

Adaptive Security raised $43 million to address AI-driven threats, including deepfakes and social engineering. Co-led by Andreessen Horowitz and OpenAI, the funding will help build a platform for simulating AI-powered attacks. The platform aims to improve enterprise security by training employees to recognize threats and triage suspicious activity. Additionally, it offers real-time threat analysis and AI tools for creating customized content quickly to enhance security awareness.