April 14, 2025 – Cyber Briefing

👉 What’s happening in cybersecurity today?

SEO Tricks, Malicious Websites, Search Results, Fortinet, FortiGate Access, SSL-VPN, Symlink Exploit, Dangling DNS, Corporate Subdomains, Tycoon2FA, Phishing Kit, MFA Security, Google Play Store, Android Spyware, Data Theft, MorphoBlue Vulnerability, DeFi Protocol, Laboratory Services Cooperative Data Breach, Personal Information, Medical Information, Nippon Life India, Cyberattack, SIAPA Guadalajara, Service Disruption, Western Sydney University, Personal Data Breaches, Dark Web Leak, US Justice Department, Data Security Program, China Cyberattacks, US Infrastructure, US Interior Department, Cybersecurity Leaders, DOGE, China, Chipmakers, Outsourced Manufacturing, Spyware, Password Theft, Kaspersky, Cybersecurity Threats, Africa.

Listen to the full podcast

🚨 Cyber Alerts

1. Cybercriminals Exploit SEO Ads to Steal Data

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid ads to manipulate search results. By pushing malicious websites to the top, they deceive users into visiting harmful sites. These fraudulent sites often mimic popular software like Firefox or messaging apps such as WhatsApp and Telegram, aiming to steal sensitive information. Notably, financial services and AI tools have become prime targets for scammers, with campaigns impersonating trusted brands like Mastercard and fake ChatGPT sites.

2. Fortinet Warns of Ongoing FortiGate Access

Fortinet announced that cybercriminals were able to retain read-only access to compromised FortiGate devices, even after security vulnerabilities were patched. These attacks exploited flaws like CVE-2022–42475 and CVE-2023–27997 to create a symbolic link between the user and root file systems. The link remained undetected, allowing attackers to access device configurations and files without being noticed. Despite Fortinet rolling out updates to eliminate this threat, users are advised to review configurations, apply patches, and consider resetting exposed credentials to safeguard against potential risks.

3. Hackers Use Dangling DNS to Take Subdomains

Hackers are increasingly targeting Dangling DNS records to take control of corporate subdomains, posing significant security risks. This occurs when DNS entries, especially for unused or discontinued services, remain unupdated, leaving an opportunity for attackers to register and control these subdomains. For example, if a company fails to update DNS records after discontinuing a service or deleting a cloud resource, attackers can hijack the abandoned subdomain. The risks extend beyond website defacement, with attackers potentially injecting malicious code into critical systems, hijacking resources, or even compromising supply chains.

4. Tycoon2FA Updates Bypass MFA and Detection

Tycoon2FA, a phishing-as-a-service platform, has received updates that boost its evasion capabilities. The platform now uses invisible Unicode characters to hide malicious code, making detection more difficult. Additionally, Tycoon2FA has switched to a self-hosted CAPTCHA system to bypass security checks and improve customization. The rise in phishing attacks using malicious SVG files emphasizes the growing threat from such platforms, calling for stronger defenses like phishing-resistant MFA.

5. Fake Play Store Pages Spread Malware

Cybercriminals have launched a sophisticated campaign using fake Google Play Store pages to distribute SpyNote and SpyMax malware. These fraudulent websites, designed to look like legitimate app download pages, lure victims into downloading malicious files disguised as Google Chrome. Once installed, the malware grants attackers full remote control of infected devices, enabling them to steal sensitive data, manipulate calls, and access cameras and microphones. The attackers use hardcoded IP addresses to connect to command and control servers, making the malware difficult to detect.

💥 Cyber Incidents

6. MorphoBlue Exploit Leads to $2.6M Theft

A recent exploit in the MorphoBlue decentralized finance (DeFi) protocol resulted in a $2.6 million theft due to a vulnerability in a front-end update. The issue, caused by a recent update to the Morpho Blue application, allowed a hacker to breach an address and steal the funds. The exploit was intercepted by a white-hat actor known as “c0ffeebabe.eth,” who front-ran the transaction and moved the stolen funds to a new address. In response, Morpho Labs rolled back the update, claiming that all funds within the protocol were safe, and further investigation showed no additional security issues.

7. LSC Data Breach Exposes Data of 1.6M People

Laboratory Services Cooperative (LSC), a Seattle-based nonprofit, suffered a data breach affecting 1.6 million individuals. The breach, which occurred in October 2024, exposed sensitive data such as names, SSNs, medical records, insurance details, and financial information. Hackers accessed data primarily belonging to individuals who had lab tests conducted through Planned Parenthood centers that utilize LSC’s services. LSC is offering free credit and medical identity monitoring to affected individuals, with a special program for minors without SSNs.

8. Nippon Life India Reports Cyberattack

Nippon Life India Asset Management Ltd (NAM India) reported a cyberattack on its IT systems late on April 9th. The company swiftly responded by shutting down the affected systems to prevent further damage and began collaborating with cybersecurity experts to assess the situation. Although specific details of the attack remain undisclosed, an official disclosure was made to the stock exchanges. Despite the cyberattack, NAM India’s stock price saw a 6 percent increase, reflecting investor confidence.

9. SIAPA Guadalajara Hit by Cyberattack

The Sistema Intermunicipal de Agua Potable y Alcantarillado (SIAPA) in Guadalajara reported a cyberattack on April 10, causing significant disruptions to their services. The cyberattack affected the server, leading to suspended online payments and an offline website. SIAPA is working with authorities to address the incident and has advised users to make payments at banks and convenience stores. The company assured users that they will be notified once services resume and users can complete their transactions normally.

10. WSU Faces Cyber Incidents Exposing Data

Western Sydney University (WSU) in Australia reported two significant cybersecurity incidents involving personal data breaches. The first breach, occurring between January and February 2025, exposed demographic, enrollment, and progression details for 10,000 students. The second incident, a dark web leak from November 2024, revealed similar personal information but was only discovered in March 2025. Despite these breaches, WSU’s Vice-Chancellor assured the community that immediate actions are being taken to enhance security and minimize the impact on affected individuals.

📢 Cyber News

11. Justice Department Begins Data Security Plan

The U.S. Justice Department introduced the Data Security Program to safeguard sensitive personal and government-related data from foreign adversaries. Targeting threats from countries like China, Russia, and Iran, the initiative aims to prevent espionage, surveillance, and economic sabotage through data exploitation. The program implements export controls, restricting foreign access to critical data types such as financial, biometric, and health information. The initiative includes compliance guidance and a 90-day grace period, giving entities until October 2025 to fully align with its provisions while prioritizing public engagement and support for businesses to comply effectively.

12. China Owns Cyberattacks on US Infrastructure

In December 2024, Chinese officials confirmed in a secret meeting that they had conducted cyberattacks against US infrastructure. These attacks, part of the Volt Typhoon campaign, utilized advanced techniques like zero-day vulnerabilities, targeting critical sectors such as communications, energy, and manufacturing. The US delegation interpreted the attacks as a response to US support for Taiwan, with the aim of deterring US involvement in potential conflicts between China and Taiwan. The meeting also briefly addressed the Salt Typhoon campaign, which compromised telecom systems and involved cyberespionage, but the primary focus remained on the Volt Typhoon threat.

13. US Interior Department Fires Cyber Leaders

The U.S. Department of the Interior recently dismissed senior cybersecurity officials due to a dispute with DOGE over unauthorized data access. This conflict arose from efforts to reduce government spending by analyzing sensitive federal data with AI systems. The dismissed officials, including CIO Darren Ash and CISO Stan Lowe, opposed the push for unvetted access. These moves reflect ongoing tensions between cybersecurity professionals and political figures aiming to cut federal costs.

14. China Exempts US Chipmakers from Tariffs

China’s Semiconductor Industry Association (CSIA) announced that U.S. chipmakers like Qualcomm, Nvidia, and AMD will avoid retaliatory tariffs if they outsource manufacturing. Chips made in the U.S., like those from Intel and Texas Instruments, will still be subject to tariffs. The decision hinges on the fabrication location, with Taiwan-based production exempt from tariffs. This move has caused market fluctuations, benefiting some U.S. chipmakers while hurting others reliant on domestic production.

15. Spyware and Password Theft Surge in Africa

Kaspersky reported a 14% increase in spyware attacks on African businesses from 2023 to 2024, with a notable rise in data theft attempts. In addition, there was a 26% jump in password-stealing malware detections, showing a clear rise in cyber threats. The surge in cyberattacks is linked to the shift toward hybrid work models, the rapid digitization of businesses, and low digital literacy rates, which leave both organizations and individuals vulnerable. Experts suggest that to counteract these growing threats, businesses must invest in cybersecurity, collaborate more effectively, and promote digital literacy programs to enhance the region’s resilience against cybercrime.