April 07, 2025 – Cyber Briefing

👉 What’s happening in cybersecurity today?

North Korean Hackers, Npm Packages, BeaverTail Malware, PoisonSeed Campaign, CRM Tools, Email Providers, Dell, Security Update, PowerProtect, Data Domain OS, WordPress Sites, Uncanny Automator Plugin, Bitdefender, GravityZone Console, Europcar, Source Code, Customer Data, GitLab Breach, Ontario Public Service Union, Cybersecurity Attack, Mirassol D’Oeste Municipality, Brazil, RESA, Data Breach, Personal Information, Banking Information, San Juan Argentina, Government Website, Disruptive Attack, Trump, TikTok Deadline, US Extradites, Kosovo Nationals, Rydox Cybercrime Marketplace, UK Government, £50m Cyber Seed Fund, Early-Stage Startups, Russian Hacker, DDoS Attack, PQ-REACT Project, €650k Fund, Quantum Encryption.

Listen to the full podcast

🚨 Cyber Alerts

1. North Korean Hackers Target npm Developers

North Korean hackers have intensified their Contagious Interview campaign by targeting developers with malicious npm packages. These packages, including the BeaverTail malware and a new RAT loader, were downloaded over 5,600 times before their removal. The attackers use advanced evasion techniques, such as hexadecimal string encoding, to bypass detection systems. Their goal is to infiltrate developer systems under the guise of job interviews, stealing sensitive data like credentials, financial assets, and cryptocurrency wallets.

2. PoisonSeed Targets CRM Tools to Steal Funds

The PoisonSeed campaign uses compromised CRM tools and email services to distribute spam. The messages contain fraudulent cryptocurrency seed phrases, tricking victims into setting up fake wallets. Targeting crypto companies like Coinbase and Ledger, the attackers aim to hijack funds by exploiting compromised accounts. The malicious campaign uses phishing techniques and automated tools to spread the attack and maintain persistence.

3. Dell Releases Update for Critical DD OS Flaw

Dell Technologies has released a critical security update addressing CVE-2025–29987 in its PowerProtect Data Domain Operating System (DD OS). The vulnerability allows authenticated attackers to gain root privileges and execute arbitrary commands, posing a high risk to sensitive data. Affected versions of DD OS, PowerProtect DP Series, and Disk Library for Mainframe require immediate updates to mitigate the threat. Dell urges customers to upgrade to the latest secure versions to prevent potential exploitation and ensure system integrity.

4. Over 50000 WordPress Sites Exposed by Flaw

A critical vulnerability was discovered in the Uncanny Automator plugin, impacting over 50,000 WordPress websites. This privilege escalation flaw allows authenticated users to escalate their roles to administrator-level access. The vulnerability, which affects versions up to 6.3.0.2, enables attackers to manipulate user roles and gain full control over sites. Wordfence’s validation led to a patch and timely updates from Uncanny Owl to secure affected systems.

5. Bitdefender Patches Flaw in GravityZone

Bitdefender addressed a severe security flaw (CVE-2025–2244) in its GravityZone Console, found in versions before 6.41.2–1. Discovered by researcher Nicolas Verdier, the vulnerability had a CVSS score of 9.5, posing a critical risk. The flaw allowed attackers to craft malicious payloads, gaining the ability to execute arbitrary commands and potentially compromise the entire system. Bitdefender released an automatic update on April 4, 2025, urging organizations to update immediately and audit for any unusual activity or potential exploitation of this vulnerability.

💥 Cyber Incidents

6. Europcar Mobility Hit by Major GitLab Breach

A hacker breached Europcar Mobility Group’s GitLab repositories, stealing critical source code for Android and iOS applications. Along with the source code, the attacker stole personal information of up to 200,000 customers, including names and email addresses. The hacker threatened to publish 37GB of data, including company backups and details about internal applications and cloud infrastructure. Europcar confirmed the breach, clarified that not all repositories were accessed, and is currently notifying affected customers while investigating the breach’s full extent.

7. OPSEU Investigates Cybersecurity Incident

The Ontario Public Service Employees Union (OPSEU) has reported a cybersecurity incident affecting its IT systems. The union has launched an investigation into the attack, which is believed to have been carried out by sophisticated actors. While the exact details of the breach are still unclear, OPSEU is working with third-party experts, legal counsel, and law enforcement to assess the damage and prevent further issues. Members have been advised to monitor their financial accounts for suspicious activity and be cautious of unsolicited communications requesting personal information.

8. Hackers Steal $250,000 From Mirassol D’Oeste

A cyberattack on Mirassol D’Oeste, Brazil, caused a significant loss of $250,000 from the municipality’s accounts. The breach was first noticed when the municipal treasurer tried to make a payment but found the account lacked sufficient funds. Further investigation uncovered multiple unauthorized transfers, including one to a personal account, another to a business, and a third to a pharmaceutical company. The authorities are actively investigating the case, and the municipality is reviewing its digital security protocols to prevent future breaches and recover the stolen funds.

9. RESA Reports Breach Exposing Client Info

RESA, Spain’s leading provider of student housing, reported a significant data breach affecting its clients. A third party accessed the system in March, bypassing security measures, and exfiltrated personal data. The breach exposed sensitive information such as names, contact details, ID numbers, and banking data, although no direct financial transactions were possible. RESA responded quickly by enhancing security protocols, blocking unauthorized access, and notifying authorities, including the Mossos d’Esquadra and the Spanish Data Protection Agency, to address the breach and protect its clients.

10. San Juan Argentina Government Website Hacked

The official website of the Caja de Acción Social de San Juan, located in Argentina, was hacked. Instead of displaying its usual content, the site showed a photo of President Javier Milei alongside a controversial message. The message read “DO NOT PLAY QUINI, IT’S ALL A FARCE, THE SYSTEM WINS.” The attack, attributed to @GOV.ETH JOIN T.ME/ELHACKERMASFAMOSO, has raised concerns over the transparency of lottery games. Authorities have not yet confirmed if any user data was compromised or if this incident is part of a broader campaign.

📢 Cyber News

11. Trump Extends TikTok Deadline for 75 Days

President Donald Trump signed an executive order on Friday extending the deadline for TikTok’s sale to U.S. investors by 75 days. The move aims to provide more time to finalize an agreement that would see TikTok’s U.S. operations separated from its parent company, ByteDance, with American investors gaining control. However, the deal faced setbacks after China’s government paused approval, citing the recent tariff increases between the two nations.

12. US Extradites Rydox Marketplace Admins

The U.S. successfully extradited Ardit and Jetmir Kutleshi from Kosovo for their involvement in the Rydox cybercrime marketplace. Rydox, operating since 2016, sold stolen personal data and fraud tools to over 18,000 users globally. The marketplace enabled identity theft, access device fraud, and money laundering, impacting thousands of victims, especially in the U.S. The extradition reflects the growing global effort to combat cybercrime and the importance of international cooperation.

13. UK Government Backs Cyber Seed Fund

The UK government has backed a new £50 million cybersecurity seed fund through a £36 million investment from the British Business Bank. The fund, launched by venture capital firm Osney Capital, will invest between £250,000 and £2.5 million in early-stage UK cyber startups. Osney Capital aims to support the growth of cybersecurity businesses at the pre-seed and seed stages, addressing the growing challenges in the sector. This government-backed initiative highlights the strategic importance of cybersecurity for national security and economic leadership in the UK.

14. Russian Hacker Jailed for DDoS Attack

A Russian citizen was sentenced to two years in a penal colony after orchestrating a DDoS attack on a local tech company. The attack, which took place in April 2024, targeted a company classified as part of Russia’s critical information infrastructure. In addition to the prison sentence, the hacker was fined 500,000 rubles (approximately $5,400). The Federal Security Service (FSB) has not disclosed who paid the suspect for the attack, but in previous cases, Ukrainian intelligence agencies were blamed for recruiting Russian citizens for cyberattacks.

15. PQ-REACT Offers €650k for Quantum Solutions

The PQ-REACT Open Call #2, launched on April 2, 2025, invites European innovators to submit proposals for cryptographic solutions addressing classical encryption algorithms. With €650,000 in total funding, four proposals will each receive €162,500. The call is open to consortia of 2–3 partners, including SMEs, tech providers, universities, research centers, and NGOs. The submission deadline is May 27, 2025, and applicants can choose from four use cases, including smart grid meters, 5G/6G architectures, and PQC benchmarking.