April 09, 2025 – Cyber Briefing

👉 What’s trending in cybersecurity today?

RansomEXX, Windows Zero-Day, Neptune RAT, YouTube, Telegram, Windows Credentials, MOONSHINE, BADBAZAAR, Malware, Mobile Devices, UAC-0226, Excel Files, GIFTEDCROOK, Ukraine, Microsoft Vulnerabilities, Czech Prime Minister, X Account, False Posts, Russian Attack, Idaho Gooding County, Ransomware Attack, Personal Information, Massachusetts, Fall River School District, Optimax Technology, Taiwan, Qilin Group, Arizona Federal Office, Death Penalty Case, Dutch Government, Espionage Risks, China-Linked Campaign, Disinformation, Canada’s Prime Minister, ASIC, OpenSSL 3.5.0, Quantum Security, QUIC, Cryptography, Anecdotes, GRC Solutions, Global Growth.

Listen to the full podcast

🚨 Cyber Alerts

1. RansomEXX Exploits Windows Zero-Day Flaw

Microsoft revealed that the RansomEXX ransomware gang exploited the CVE-2025–29824 zero-day flaw in the Windows Common Log File System (CLFS) to escalate privileges. The vulnerability allowed attackers to gain SYSTEM-level access and deploy ransomware on compromised systems. The threat actors used PipeMagic malware to deliver the exploit and execute ransomware payloads. Microsoft patched the flaw as part of its April 2025 Patch Tuesday update and urged all users to apply the fix

2. Neptune RAT Spreads via YouTube and Telegram

A new variant of Neptune RAT is actively spreading via YouTube and Telegram, focusing on Windows users. This remote administration tool is capable of stealing user credentials, hijacking clipboard data, and replacing cryptocurrency wallet addresses with those controlled by attackers. Once executed, Neptune RAT can deploy ransomware to encrypt files and corrupt critical system components like the Master Boot Record. It also ensures persistence by modifying registry values and scheduling tasks, allowing it to evade detection and remain on infected systems for extended periods

3. NCSC Warns of Risk of Digital Surveillance

The UK’s National Cyber Security Centre (NCSC) issued a warning about two sophisticated malware variants, MOONSHINE and BADBAZAAR. These spyware tools, linked to Chinese-backed hacking groups, are targeting specific communities such as Uyghur, Tibetan, and Taiwanese individuals, along with civil society organizations associated with these groups. The malware is spread through trojanized apps, often disguised as legitimate ones like WhatsApp or Audio Quran, designed to collect sensitive data from infected devices.

4. UAC-0226 Uses Excel Files to Steal Data

A new wave of cyberattacks targeting Ukraine has been detected, attributed to the UAC-0226 threat group. The attacks specifically target military, law enforcement, and local government bodies, particularly near Ukraine’s eastern border. Malicious Excel files containing macro-enabled scripts are being used to deploy two types of malware: a PowerShell script and a previously unknown stealer named GIFTEDCROOK. The malware is designed to steal sensitive information from web browsers, including cookies, authentication data, and browsing history, posing a serious security threat to the affected institutions.

5. Microsoft Patch Tuesday Fixes 134 Flaws

Yesterday, Microsoft’s April 2025 Patch Tuesday included security updates addressing 134 flaws, with one actively exploited zero-day vulnerability. Among the flaws, there were 49 elevation of privilege vulnerabilities, 9 security feature bypass vulnerabilities, 31 remote code execution vulnerabilities, 17 information disclosure vulnerabilities, 14 denial of service vulnerabilities, and 3 spoofing vulnerabilities. Microsoft also highlighted a vulnerability in the Windows Common Log File System Driver (CVE-2025–29824), which allows attackers to gain SYSTEM privileges, affecting Windows 11 and Server editions. The updates for Windows 10 will follow shortly.

💥 Cyber Incidents

6. Czech Prime Minister’s X Account Hacked

Czech Prime Minister Petr Fiala confirmed that his X account was hacked, with false posts spreading misinformation. One post falsely claimed Russian forces attacked Czech military units near Kaliningrad, which was later deleted. Despite strong security measures, including two-factor authentication, the hackers were able to breach the account. The Czech government, in cooperation with the police, is investigating the attack, which follows previous cyberattacks and disinformation campaigns targeting the country, often linked to Russia.

7. Gooding County Idaho Hit by Ransomware

Gooding County, Idaho, was recently targeted in a ransomware attack that compromised personal data. Officials detected the breach on March 25, 2025, and confirmed the unauthorized acquisition of personal information on April 4, 2025. Although the number of affected individuals and specific data compromised have not been disclosed, victims are being offered credit monitoring services. This incident adds to the growing list of ransomware attacks on U.S. government entities, highlighting ongoing cybersecurity challenges.

8. Hackers Breach Fall River School Network

Fall River Public Schools in Massachusetts faced a network breach, impacting student and staff access to online services. Cybersecurity experts and law enforcement are investigating the incident, which has disrupted daily activities. The school district confirmed no personal data had been compromised, though that could change with further investigation. Ransomware attacks have increasingly targeted local institutions, highlighting the growing threat to public networks.

9. Optimax Technology Hit by Qilin Ransomware

Optimax Technology, a company based in Taiwan, experienced a significant ransomware attack on April 5, 2025, perpetrated by the Qilin group. The breach, which was discovered on the same day, underscores the growing and evolving threats facing businesses in 2025. The attackers, using the aliases Qilin and Devman, managed to encrypt crucial files, leaving the company with limited access to its systems.

10. Ransomware Attack Delays Death Penalty Case

A ransomware attack on the Arizona Federal Public Defender’s Office has delayed progress in the Ralph Menzies death penalty case. The attack destroyed a nearly complete 25-page draft of the reply brief concerning Menzies’ mental competency. As a result, the defense requested an extension, which was granted by District Judge Matthew Bates. The rescheduled court arguments are now set for May 7, allowing more time for the defense to prepare its brief.

📢 Cyber News

11. Dutch Government Plans to Screen Students

The Dutch government plans to implement a vetting system for students and researchers accessing sensitive technology at Dutch knowledge institutions. Around 8,000 individuals will undergo screening each year, focusing on their educational, employment, and family histories to detect potential espionage risks. The initiative comes in response to growing concerns over foreign states, particularly China, attempting to acquire intellectual property for commercial and military purposes. While the details of the vetting process are still being discussed, the proposal aims to protect research integrity without stifling the open nature of academia.

12. China Campaign Targets Canada Ahead Election

A China-linked campaign has targeted Canadian Prime Minister Mark Carney before the April 28 election. The operation uses WeChat accounts to spread false narratives about Carney’s experience and political views. The campaign reached millions, with posts manipulating public perception of Carney’s candidacy. Canadian officials have warned that similar operations could interfere with the upcoming federal election, amid rising tensions with China.

13. Australia Cracks Down on 95 Scam Companies

The Australian Securities and Investments Commission (ASIC) has revoked the licenses of 95 companies linked to scams. A federal judge approved the deregistration of most companies on March 21, with some being wound up over time. ASIC’s investigation revealed that many of these firms were used to trick consumers into investing in fake trading opportunities. One of the affected companies, Titan Capital Markets, had been linked to suspicious investment practices, with many investors expressing concern over lost funds.

14. OpenSSL 3.5.0 Adds Quantum Security and QUIC

OpenSSL 3.5.0 introduces post-quantum cryptography (PQC) support and enhances security measures. The update adds hybrid key encapsulation mechanisms and supports QUIC protocol for faster internet communication. It also includes configuration options like disabling deprecated elliptic curve groups and improving randomness with JITTER. Additionally, the release streamlines cryptographic performance and prepares for quantum-resistant encryption in the future.

15. Anecdotes Raises $30M to Expand GRC Platform

Anecdotes raised an additional $30 million in its Series B funding round, bringing the total to $55 million. This funding will support the company’s plans for global expansion. Anecdotes offers an AI-powered platform designed to automate the continuous collection of governance, risk, and compliance (GRC) data from an organization’s tech stack. With this funding, Anecdotes aims to push the boundaries of enterprise GRC and deliver innovative solutions to customers worldwide.