April 21, 2025 – Cyber Briefing

👉 What’s happening in cybersecurity today?

FBI, Scammers, IC3 Employees, Phishing, Google, DomainKeys Identified Mail, SuperCard X Malware, NFC Relay Attacks, Cardholders, Malicious npm Packages, Telegram Bot, SSH Backdoors, Linux, ASUS Routers, Unauthorized Functions, Tokai University, Ransomware, Behavioral Health Resources, Data Breach, Prague Services Administration, Cyberattack, Limestone District School Board, Indigo Neo, Personal Data, France, Luxembourg, DOGE, Social Security Data, Privacy Concerns, Nigeria Data Protection Commission, Healthcare, Linux 6.15-rc3, Japan, Unauthorized Trades, Kenzo Security, AI Platform, Funding.

Listen to the full podcast

🚨 Cyber Alerts

1. FBI Warns of Scammers Posing as Employees

The FBI has warned of scammers impersonating IC3 employees offering fake assistance to fraud victims. Between December 2023 and February 2025, over 100 reports were made by individuals contacted through emails, calls, or social media. Scammers claim to have recovered victims’ funds but instead use the opportunity to steal more financial information. The FBI advises against sharing sensitive details with strangers and reminds the public that IC3 employees never directly contact victims for payment or fund recovery.

2. Phishers Exploit Google DKIM to Steal Data

Hackers recently took advantage of a flaw in Google’s email system to carry out a sophisticated phishing attack. By leveraging Google’s infrastructure, they sent fake emails that seemed to come from Google, passing all security checks, including the DomainKeys Identified Mail (DKIM) verification. The fraudulent emails directed victims to a fake “support portal” that requested Google account credentials. This tactic made the phishing attempt look even more authentic since the messages appeared to be sent from Google’s legitimate email addresses.

3. SuperCard X Malware Targets NFC Payments

A new malware-as-a-service platform named SuperCard X has emerged, targeting Android users through NFC relay attacks. This malware is linked to Chinese-speaking threat actors and shares similarities with previous malware campaigns such as NFCGate and NGate. SuperCard X employs a novel technique that allows attackers to execute point-of-sale and ATM transactions using compromised payment card data by relaying NFC communications between devices. Its sophistication lies in its ability to bypass detection by using minimal permissions and operating under the radar of traditional security measures.

4. Malicious npm Packages Plant SSH Backdoors

Researchers have uncovered three malicious npm packages that mimic a popular Telegram bot library. These packages were specifically designed to target Linux systems, inserting SSH keys into the system to grant attackers persistent remote access. Even after the packages are removed, the SSH keys allow for ongoing control and data exfiltration. The attackers use a technique known as starjacking to increase the perceived authenticity of the malicious packages, tricking developers into installing them by linking them to a legitimate GitHub repository.

5. ASUS AiCloud Routers Flaw Exposes Devices

ASUS has confirmed a critical security vulnerability in AiCloud routers that could allow remote attackers to execute unauthorized functions on affected devices. The vulnerability, identified as CVE-2025–2492, impacts specific firmware versions, with a CVSS score of 9.2, indicating its severity. ASUS has released firmware updates for several router branches to address the issue, urging users to update their devices immediately for optimal protection. For those unable to apply patches, the company recommends using strong passwords and disabling internet-accessible services

💥 Cyber Incidents

6. Ransomware Attack Disrupts Tokai University

On April 18, 2025, Tokai University in Hiratsuka City, Kanagawa Prefecture, experienced a ransomware attack that disrupted multiple campuses. The attack, first detected on April 17, caused significant system failures, including the unavailability of student portals and email services. Affected campuses include Shonan, Shizuoka, Sapporo, and Kumamoto, leading to the cancellation of some classes. To prevent further damage, university officials took precautionary steps by blocking internet connections, though medical facilities linked to the university were not impacted.

7. BHR Data Breach Affects Over 50K Individuals

Behavioral Health Resources (BHR) reported a data breach to the U.S. Department of Health and Human Services. The breach potentially exposed sensitive personal and medical data, including Social Security numbers, medical records, and biometric information. While BHR’s investigation had not confirmed whether any data was accessed or exfiltrated, they disclosed that 50,083 individuals would be notified by April 17. No ransomware group has claimed responsibility for the breach.

8. Prague Administration Hit by Cyberattack

A cyberattack on the Services Administration of the Capital City of Prague, Czech Republic, has caused significant disruptions. Hackers gained access to sensitive data, including towing records, vehicle license plates, and internal contracts, and have started leaking it online. The National Cyber and Information Security Agency and local police are investigating the breach, but the organization has not disclosed the full extent of the damage. This attack follows a similar ransomware incident just six months earlier, attributed to the new group Cicada3301, which now targets a broader range of organizations.

9. Limestone District School Board Cyberattack

On April 16, 2025, Limestone District School Board in Kingston, Canada, experienced a significant network disruption, later confirmed as a cyber incident. The disruption affected the board’s online systems, prompting the school board to notify families of the situation. Krishna Burra, the board’s director of education, stated that while schools remain open, network access would be unavailable until full restoration is completed. The Kingston Police were alerted, and the board has been working closely with the OPP Cyber Security Unit to investigate and assess the impact.

10. Indigo Neo Cyberattack Exposes User Data

Indigo Neo informed its clients in France and Luxembourg of a recent cyberattack that exposed sensitive personal information. The breach involved unauthorized access to data including email addresses, license plates, names, phone numbers, and postal addresses. However, no bank details, passwords, or account access information were compromised during the attack. In response, Indigo France has enhanced its cybersecurity measures, filed a complaint with authorities, and advised users to change their passwords as a precaution to protect against potential misuse of the exposed data.

📢 Cyber News

11. DOGE Access to Social Security Data Limited

A federal judge has imposed new limitations on Elon Musk’s Department of Government Efficiency (DOGE) after concerns about privacy violations. U.S. District Judge Ellen Hollander issued a preliminary injunction restricting DOGE’s access to sensitive Social Security data. The injunction mandates that DOGE staffers can only access anonymized data after undergoing training and background checks. Hollander emphasized that while addressing fraud and waste is important, the agency’s approach raised serious concerns about the protection of personal information.

12. Nigeria Strengthens Healthcare Data Security

The Nigeria Data Protection Commission (NDPC) has partnered with the Federal Ministry of Health to establish a comprehensive data protection framework within Nigeria’s healthcare sector. This collaboration, announced in Abuja, aims to safeguard sensitive patient information and prevent issues like misdiagnosis and discrimination. Dr. Vincent Olatunji, the NDPC’s National Commissioner, highlighted the increasing importance of data protection in today’s digital healthcare environment.

13. Linux 6.15 rc3 Released with Stability Fixes

Linus Torvalds announced the release of Linux 6.15-rc3, focusing on bug fixes and stability improvements. The release, which arrived on schedule after Easter, includes adjustments across various subsystems with an emphasis on reliability. The key update is a refinement of the ublk driver, improving flexibility and efficiency for user-space block drivers. While there are no major new features, Torvalds encouraged the community to test the release candidate, ensuring the platform continues its stable development ahead of the final Linux 6.15 release.

14. Japan Warns of Surge in Fraudulent Trades

Japan’s Financial Services Agency (FSA) issued an urgent warning about a surge in unauthorized trades on hacked accounts. The trades, involving hundreds of millions of dollars, were made possible by stolen customer data obtained from phishing websites posing as legitimate securities firms. The FSA reported that as of mid-April, 12 securities firms had been affected, with around $350 million in sales and $315 million in purchases of Chinese stocks. Brokerages have committed to covering customer losses, while the FSA continues to investigate additional fraudulent transactions that may not yet have been discovered.

15. Kenzo Security Launches AI Platform

Kenzo Security has launched its AI-driven security platform with $4.5 million in funding. The platform uses a network of specialized AI agents that work autonomously to detect threats and assist in investigations. These agents collaborate through a security data mesh to handle alerts and context, improving efficiency. Kenzo’s co-founders, with backgrounds at Lacework, Datadog, and CrowdStrike, plan to use the investment to scale their operations and further enhance their AI platform.