April 08, 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

Xanthorox AI, Cybercrime Tool, WhatsApp Vulnerability, Code Execution, Spoofed Attachments, Google Patch, Zero Days, Microsoft, VSCode Extensions, XMRig Cryptominer, Smishing Campaign, Toll Payments, WK Kellogg, Data Breach, Food for the Poor, Singapore, Toppan Next Tech, Ransomware, DBS, Bank of China, San Francisco Campus for Jewish Living, Fidelity Life, GDPR, Small Businesses, UK Court, Apple Dispute, Backdoor, NIST, CVE Handling, Deferred Status, Spain, AI-Powered Scam, Cryptocurrency Scam, Linux 6.15-RC1, Performance Features, Hardware Support

Listen to the full podcast

🚨 Cyber Alerts

1. Xanthorox AI Emerges as a Major Cyber Threat

Xanthorox AI, a cutting-edge malicious tool, was first detected on underground hacker forums in early 2025. Designed to outpace previous AI-powered cyber tools, it operates autonomously on private servers, ensuring stealth and minimal traceability. Its modular architecture allows for constant upgrades, maintaining its relevance as cybersecurity defenses evolve. The tool’s advanced features, including code generation, visual data analysis, and human reasoning mimicry, represent a significant escalation in cybercrime, urging cybersecurity professionals to develop stronger countermeasures.

2. WhatsApp Vulnerability Allows Code Execution

A critical vulnerability in WhatsApp Desktop for Windows, identified as CVE-2025–30401, allows attackers to execute malicious code through spoofed file attachments. This flaw affects all versions before 2.2450.6, exploiting a mismatch in how the application processes file MIME types and extensions. Attackers can create files that appear to be harmless, such as images, but actually contain executable code. When the user opens the file, WhatsApp presents it as an image but secretly runs the malicious code, potentially compromising the system.

3. Google Patches Two Exploited Vulnerabilities

Google’s April 2025 security update addresses 62 vulnerabilities, including two high-severity zero-days, CVE-2024–53150 and CVE-2024–53197, which were actively exploited in targeted attacks. These vulnerabilities, both involving the Linux kernel’s USB sub-component, pose significant risks. CVE-2024–53150 could result in information disclosure through an out-of-bounds flaw, while CVE-2024–53197 allows privilege escalation, potentially giving attackers unauthorized access.

4. Malicious Extensions Found on VSCode Store

Nine malicious extensions on Microsoft’s Visual Studio Code Marketplace have been discovered. These extensions disguise themselves as legitimate development tools while secretly infecting users with the XMRig cryptominer. Since April 4, 2025, they have been installed over 300,000 times. Microsoft has removed the extensions and blocked the publisher, advising users to remove the cryptominer and related malware.

5. Smishing Campaign Targets Toll Services

A sophisticated cybercriminal operation targets toll payment services globally through SMS phishing. The campaign uses over 60,000 domain names to deliver fraudulent messages that impersonate legitimate toll service communications. Attackers trick consumers into visiting fake websites to steal sensitive personal information. Experts warn individuals to verify toll-related claims directly through official websites to avoid falling victim to this attack.

💥 Cyber Incidents

6. WK Kellogg Data Breach Exposes Personal Info

WK Kellogg Co. experienced a significant data breach, compromising personal details of multiple individuals. The breach, discovered in February 2025, involved a security vulnerability in Cleo’s file transfer software. The company has offered identity theft protection to affected consumers and is working on strengthening its cybersecurity. This incident highlights the ongoing threat posed by cybercriminals targeting high-profile companies and their sensitive data.

7. Food for the Poor Hit by Data Breach

Food for the Poor, Inc. (FFTP) experienced a significant data breach between September 2 and 6, 2024, which compromised sensitive personal information. The breach was discovered on September 6, 2024, when unusual network activity was detected, prompting an immediate investigation. After confirming the unauthorized access, FFTP identified that various types of personal information, such as names, Social Security numbers, health information, and financial details, were potentially exposed.

8. Ransomware Attack Hits DBS and Bank of China

A ransomware attack on Toppan Next Tech has compromised the personal data of thousands of DBS and Bank of China customers. The breach affected customers of DBS Vickers and Cashline, with sensitive data like names and addresses exposed. However, banking credentials and funds remain secure, as DBS confirmed no unauthorized transactions occurred. Authorities are investigating the incident, and both banks are taking steps to protect impacted customers, including enhanced monitoring and notifications.

9. SFCJL Reported a Data Breach Incident

Hebrew Home for Aged Disabled, operating as San Francisco Campus for Jewish Living, reported a data breach. On December 27, 2024, unauthorized access to an employee’s email account exposed personal information. While no fraudulent activity has been detected, sensitive data like medical records and insurance details may have been compromised. SFCJL has notified impacted individuals, offered free credit monitoring, and enhanced its security measures to prevent future breaches.

10. Fidelity Life Notifies of Data Incident

Fidelity Life Association reported a data breach on April 4, 2025, after an unauthorized party accessed sensitive consumer information. The breach involved personal data, including names, addresses, driver’s license numbers, and medical details. Although the breach’s exact cause remains unclear, it was determined that the information was compromised, possibly through a third-party vendor. Fidelity Life has completed its investigation and is notifying approximately 786 affected individuals, providing details of the compromised data and offering support for those impacted by the breach.

📢 Cyber News

11. Europe Plans to Simplify GDPR for Businesses

The European Commission is currently working on plans to simplify the General Data Protection Regulation (GDPR) to ease the compliance burden on small and medium-sized businesses. While ensuring the core privacy objectives remain intact, the changes aim to improve competitiveness in the European economy by reducing bureaucratic obstacles. This comes after concerns that the GDPR’s complexity and inconsistent enforcement across member states have hindered innovation and made it difficult for companies to navigate the regulatory landscape.

12. UK Lifts Secrecy on Apple Encryption Case

A UK court has lifted the secrecy surrounding Apple’s legal battle with the British government over encrypted data access. The court confirmed Apple is suing the government, challenging an order to grant authorities access to encrypted iCloud accounts. Despite the government’s objections, the Investigatory Powers Tribunal ruled that revealing the case’s details wouldn’t harm national security. This decision follows concerns from U.S. officials and privacy advocates regarding the transparency of such surveillance demands.

13. NIST Marks Older CVEs as Deferred in NVD

NIST announced that all CVEs published before January 1, 2018, will now be marked as ‘Deferred’ in the National Vulnerability Database. This change will prioritize newer vulnerabilities and clarify which CVEs are actively managed. Deferred CVEs will only be updated if they are included in CISA’s Known Exploited Vulnerabilities catalog. The move aims to help manage the growing backlog as NIST explores new technologies like AI to process data more efficiently.

14. Six Arrested for AI Crypto Scam in Spain

Spanish police arrested six individuals for a cryptocurrency investment scam that defrauded $20.9 million from 208 victims worldwide. The criminals used AI-generated deepfake ads featuring famous public figures to gain trust and lure investors. The scam involved multiple phases, including fake returns, blocked funds, and false claims of fund recovery. Authorities warn the public to stay cautious of guaranteed returns and verify the legitimacy of investment platforms.

15. Linux 6.15-rc1 Released with New Features

Linux 6.15-rc1 marks a milestone with significant performance improvements and expanded hardware support. The release brings updates to drivers, encryption, and compression for better efficiency. IO_uring’s zero-copy networking and AES-CTR crypto enhancements benefit server and encryption workloads. New hardware support includes NVIDIA, AMD, and Apple devices, strengthening Linux’s position in various platforms.