April 11, 2025 – Cyber Briefing

👉 What are the latest cybersecurity alerts, incidents, and news?

Windows Defender, XOR Encryption, System Calls, OttoKit Flaw, Admin Accounts, WordPress Sites, Malicious npm Package, Atomic Wallet, Exodus, Address Manipulation, Jenkins Docker Images, Network Traffic, CISA, Linux Kernel Vulnerabilities, NetJets, Data Breach, Phishing Attack, Dutch Ministries, Data Leak, AACOM, Chatsworth Products, Unauthorized Access, Trump, Censorship Investigation, Chris Krebs, SentinelOne, Thailand, Malaysia, Financial Cybersecurity, Ransomware Attacks, UK, Northeast Radiology, HIPAA Violation, Corrective Plan, Qevlar AI, Funding, Cybersecurity Platform, Operations.

Listen to the full podcast

🚨 Cyber Alerts

1. Windows Defender Bypassed Using XOR

A recent study has highlighted vulnerabilities in Windows Defender, showcasing how attackers bypass its defense mechanisms using advanced techniques like XOR encryption and direct system calls. The research reveals how shellcode, a type of payload used in cyberattacks, can be obfuscated and injected into systems without triggering detection. Researchers demonstrated that XOR encryption could be used to hide the payload’s signature, making it harder for Windows Defender’s static analysis to detect it.

2. OttoKit Flaw Allows Admin Account Creation

The OttoKit plugin for WordPress has a severe vulnerability, tracked as CVE-2025–3102, allowing attackers to create administrator accounts without authentication. The flaw affects all versions up to 1.0.78 and is due to a missing check on the ‘secret_key’ in the ‘authenticate_user’ function. Attackers exploit this by sending an empty authorization header, bypassing security measures and granting unauthorized access to protected API endpoints. Once exploited, attackers can take full control of the site, upload malicious content, and manipulate site settings.

3. Malicious npm Package Targets Crypto Wallets

A newly discovered npm package named pdf-to-office disguises itself as a tool to convert PDFs to Microsoft Word documents. However, it secretly manipulates cryptocurrency wallets, including Atomic Wallet and Exodus, by swapping transaction destination addresses. The malicious package injects trojanized files into the wallets, allowing attackers to redirect crypto funds to their wallets. Even if the malicious package is removed, the wallets remain compromised, continuing to funnel funds until fully reinstalled, posing a significant threat to users in the cryptocurrency space.

4. Jenkins Docker Vulnerability Exposes Network

A newly disclosed vulnerability in Jenkins Docker images has raised concerns about network security. The issue stems from the reuse of SSH host keys during the creation of Debian-based Jenkins Docker images. This flaw allows attackers to impersonate Jenkins build agents and hijack sensitive network traffic between the Jenkins controller and build agents. The Jenkins team has released a fix in version 6.11.2 for the jenkins/ssh-agent images, addressing the vulnerability by generating unique SSH host keys for each container.

5. CISA Adds Critical Linux Kernel Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These flaws, CVE-2024–53197 and CVE-2024–53150, affect the Linux kernel’s ALSA USB-audio driver and can lead to memory corruption or system instability. CISA has ordered federal agencies to fix these vulnerabilities by April 30, 2025. Experts recommend private organizations review and address these flaws to prevent exploitation.

💥 Cyber Incidents

6. NetJets Investigates Employee Account Breach

NetJets, a private jet company owned by Berkshire Hathaway, has confirmed a data breach involving an employee’s account. The incident was caused by a phishing attack that allowed attackers to steal an employee’s login credentials. The breach affected a limited number of owners, but NetJets quickly contacted those involved and assured that operations and customer service were not disrupted. Following the breach, the company’s cybersecurity team implemented containment measures and initiated an investigation to assess the full impact and prevent similar attacks in the future.

7. Dutch Ministries Hit by Major Data Breach

A significant data breach has affected several Dutch ministries, including the Ministry of the Interior, Economic Affairs, and Climate Policy. The exact cause and impact of the breach are still under investigation, with authorities not yet sharing full details. The Ministry of the Interior confirmed that they are following official data breach procedures and involving the Dutch Data Protection Authority. Investigations are underway to determine the scope of the breach and the measures needed to prevent future incidents.

8. Cell C Confirms Data Leak After Cyberattack

Cell C, South Africa’s fourth-largest telecom provider with 7.7 million subscribers, confirmed a significant data breach. The attack, attributed to the hacker group RansomHouse, resulted in the leak of 2TB of sensitive customer data on the dark web. Among the exposed information were full names, ID numbers, banking details, driver’s license numbers, and medical records. Cell C is working with cybersecurity experts and relevant authorities to mitigate the impact, urging customers to take precautions against identity theft and phishing.

9. AACOM Reports Data Breach Impacting Data

The American Association of Colleges of Osteopathic Medicine (AACOM) reported a data breach that was discovered on September 26, 2024, when suspicious activity was detected within an employee email account. This prompted an investigation, which confirmed that unauthorized access had occurred and sensitive personal information may have been compromised. The review, completed on March 31, 2025, revealed that impacted data included names and Social Security numbers of certain individuals.

10. CPI Investigates Breach After Data Exposure

Chatsworth Products, Inc. (CPI), an IT service provider, reported a data breach following suspicious network activity. The breach, which occurred between September 12 and September 23, 2024, involved unauthorized access to sensitive personal data. While CPI has not publicly disclosed the exact information compromised, it may include Social Security numbers, financial details, medical information, and other sensitive data. CPI has since launched a review and is notifying affected individuals, offering them credit monitoring and further details on the compromised data to help mitigate potential risks.

📢 Cyber News

11. Trump Orders Probe of Ex-CISA Director Krebs

President Trump signed a memorandum on Wednesday to investigate Chris Krebs, former Director of CISA, over alleged censorship. The order revokes Krebs’ security clearance and applies to SentinelOne employees connected to him. Trump’s order accuses Krebs and CISA of suppressing conservative viewpoints and violating the First Amendment during the 2020 election. Krebs, fired after defending the election’s integrity against false claims of fraud, is now employed by SentinelOne, a cybersecurity firm, which has agreed to cooperate with the investigation into security clearances.

12. Thailand and Malaysia Sign New Partnership

The Bank of Thailand (BOT) and Bank Negara Malaysia (BNM) have formalized a partnership to enhance cybersecurity in their financial systems. By signing a Memorandum of Understanding (MoU), the two central banks aim to improve their collective ability to prevent and respond to cyber threats. The agreement outlines joint efforts in information sharing, joint capacity building, and expert dialogues to boost resilience against digital fraud. With cyber threats becoming increasingly sophisticated, both institutions emphasize the need for cross-border collaboration to safeguard financial consumers and institutions across Southeast Asia.

13. Ransomware Attacks Surge Across UK in 2025

Ransomware attacks against U.K. organizations surged between 2024 and 2025, despite low reporting rates. The government surveyed thousands of businesses, charities, and educational institutions for its annual report. While overall cyberattacks decreased, ransomware incidents significantly increased, impacting an estimated 19,000 businesses. The U.K. government is considering new measures, including a ban on ransom payments and mandatory incident reporting for public sector organizations.

14. Northeast Radiology Settles HIPAA Violation

Northeast Radiology has agreed to pay a $350,000 financial penalty to resolve a HIPAA violation case. The violation stemmed from a 2020 server hacking incident that exposed the electronic protected health information (ePHI) of nearly 300,000 individuals. The Office for Civil Rights (OCR) investigation found that Northeast Radiology had not conducted a HIPAA-compliant risk analysis, a critical step to identify and mitigate vulnerabilities in its systems. As part of the settlement, the company is required to adopt a corrective action plan that includes regular risk assessments, security reviews, and updates to its training program to ensure compliance with HIPAA regulations.

15. Qevlar AI Secures $10M to Enhance Operations

Qevlar AI, a Paris-based cybersecurity startup, secured $10 million in its latest funding round, bringing its total funding to $14 million. The round was led by EQT Ventures and Forgepoint Capital International, with additional support from angel investors. Founded in 2023, the company offers an innovative autonomous investigation platform that enhances the efficiency of security operations centers (SOCs). The platform uses AI to automate incident analysis, significantly reducing response time and improving classification accuracy.