April 22, 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

Listen to the full podcast

🚨 Cyber Alerts

1. Scallywag Ad Fraud Uses WordPress Plugins

Cybersecurity researchers uncovered “Scallywag,” an extensive ad fraud operation that generated over 1.4 billion fraudulent ad requests each day. The scheme exploited WordPress plugins to monetize pirated content through deceptive intermediary pages, masking its fraudulent nature. Sold as a service, these plugins allowed cybercriminals worldwide to profit from ad fraud. Although exposed, the operation continues to evolve, with scammers rotating domains and adjusting tactics to evade detection.

2. Speedify VPN Flaw Exposes macOS to Attack

A severe vulnerability, CVE-2025–25364, was discovered in Speedify VPN’s macOS application, allowing local privilege escalation and full system compromise. The flaw was located in a helper tool, me.connectify.SMJobBlessHelper, which ran with root access, enabling attackers to exploit improper input validation in the XPC interface. This allowed malicious users to inject arbitrary shell commands, granting them root-level access to the system. Once exploited, attackers could read, modify, or delete sensitive files, install malware, or gain full control over the affected device.

3. SSL.com Vulnerability Exposes Major Domain

A critical flaw in SSL.com’s domain validation system allowed attackers to fraudulently obtain TLS certificates for prominent domains, including Alibaba Cloud’s aliyun.com. This vulnerability was found in the Domain Control Validation method, enabling attackers to manipulate DNS records and email addresses to bypass authorization. SSL.com quickly revoked 11 affected certificates and disabled the flawed validation method. The incident highlights the risks of relying on automated systems for certificate validation and underscores the need for more robust checks.

4. WinZip Flaw Bypasses Windows Security

A critical vulnerability in WinZip allows attackers to bypass Windows’ Mark-of-the-Web security feature, enabling malicious code to run unnoticed on victims’ computers. This flaw affects WinZip versions up to 29.0, which fail to retain the MotW tag when extracting files from internet-downloaded archives. Without this security warning, harmful files, such as macro-enabled Office documents, can execute without user alerts, making it easier for attackers to carry out phishing or malware attacks. Researchers have highlighted the lack of a fix, urging users to exercise caution, use alternative software, and implement security measures like antivirus scanning and macro disabling.

5. MysterySnail RAT Resurfaces with New Tactics

Kaspersky researchers have uncovered the reappearance of MysterySnail RAT, a malware previously tied to the Chinese IronHusky APT, which has resurfaced after years of inactivity. This updated version of the malware targets government entities in Mongolia and Russia, continuing the group’s historical focus on these countries. The new version boasts a modular design, capable of executing up to 40 commands, with added DLL modules that enhance its command execution capabilities.

💥 Cyber Incidents

6. Abilene City Shuts Systems After Cyberattack

Abilene, Texas, recently experienced a cyberattack that prompted city officials to take several systems offline. The incident was first detected when city staff reported unresponsive servers within the internal network. In response, the IT team acted quickly, disconnecting affected systems and calling in cybersecurity experts to investigate. While emergency services remained fully operational, certain services were disrupted, including government card payment systems, which forced residents to pay using cash or checks.

7. Maxxis International Reports Data Breach

Maxxis International reported a data breach after an employee inadvertently clicked a malicious link, granting unauthorized access to their network. The breach occurred between October 17 and October 19, 2024, prompting an immediate investigation to determine the extent of the damage. Although Maxxis has not disclosed the exact types of exposed personal information, it may include sensitive data such as Social Security numbers, financial account numbers, or health records.

8. Wan Hai Shipping Targeted by Cyberattack

Wan Hai, a Taiwan-based container shipping company, experienced a hacking attack on its website on the 18th. The company swiftly responded by isolating the site and implementing various security measures to protect its network. Although the website remains offline, Wan Hai assured that there was no significant impact on its operations, personal data, or information security. The company has enlisted external cybersecurity experts to investigate the breach and strengthen its network defenses moving forward.

9. Nth Degree Reports Data Breach Impacting 25K

Nth Degree Investment Group recently reported a data breach involving over 25,000 individuals. The breach occurred between December 12 and December 20, 2024, when an unauthorized party gained access to the company’s network. While the exact nature of the compromised information hasn’t been revealed, it may involve personal details like Social Security numbers and financial data. The company is offering affected individuals complimentary credit monitoring and working to improve its data security.

10. Plastic Surgery Center Faces Data Breach

The Plastic Surgery Center reported a data breach to the Attorney General of Vermont, revealing that sensitive personal information may have been accessed. The breach was detected when the Center’s contracted billing company noticed unusual activity within its network. An investigation confirmed that unauthorized third parties may have viewed and obtained personal data, including names, Social Security numbers, and health records, between November 4, 2024, and December 2024.

📢 Cyber News

11. MITRE Launches New Cyber Attack-Defense Tool

MITRE has introduced its new Cyber Attack-Defense (CAD) tool as part of the D3FEND 1.0 release. The CAD tool allows cybersecurity professionals to build structured scenarios using D3FEND’s comprehensive knowledge graph. This innovative tool helps map attack vectors, countermeasures, and digital artifacts, enhancing threat analysis. It aims to improve collaboration and communication across security teams by providing an intuitive platform for building and sharing cybersecurity models.

12. Ukraine Boosts Cybersecurity With New Law

Ukrainian President Zelenskyy recently signed a comprehensive cybersecurity law to safeguard the country’s critical infrastructure. This new law introduces a risk-based approach to cybersecurity, focusing on enhanced coordination between national response teams and improving information sharing. One key aspect is the establishment of a National Cyber Incident Response System, which includes crisis protocols for emergency responses to large-scale cyberattacks. The law also mandates the creation of a Cyber Incident Information Exchange System, designed to streamline reporting and improve public-private sector collaboration.

13. Two Senior CISA Officials Resign Amid Cuts

Bob Lord and Lauren Zabierek, two senior officials at CISA, announced their resignations, citing personal difficulty in leaving but not sharing future plans. Their departures come amid ongoing staff reductions at the agency, which has faced significant cuts under the Trump administration, including potential layoffs of up to 1,300 employees. Lord, who had a background in security roles at the DNC, Yahoo, and Twitter, and Zabierek, formerly with Harvard Kennedy School, both contributed to CISA’s Secure by Design initiative. Despite these changes, CISA remains focused on cybersecurity efforts and collaboration across public and private sectors.

14. CISA Ends Google and Censys Contracts

CISA is discontinuing essential cybersecurity tools, including VirusTotal and Censys, which were critical for threat hunting operations. These tools helped detect malware and vulnerabilities in federal networks, and their removal has raised concerns among experts. With over 500 CISA cyber threat hunters affected by the decision, there are fears that the agency’s ability to respond quickly to cyber threats may be impaired. CISA is actively exploring alternative solutions and reassures staff that replacements will be found soon to minimize operational disruptions.

15. Infostealer Attacks Surge 84% Weekly in 2024

In 2024, the volume of infostealer malware distributed through phishing emails surged by 84% week-on-week, according to the latest IBM X-Force report. This surge indicates a significant shift in attack strategies, with cybercriminals increasingly using phishing emails to deploy infostealers rather than traditional ransomware. Infostealers, like AgentTesla and Strela Stealer, are designed to steal sensitive data, including login credentials and financial information, without the victim’s knowledge. Attackers have also exploited cloud services, such as Microsoft Azure, to disguise their phishing campaigns, making detection more challenging.

Copyright © 2025 CyberMaterial. All Rights Reserved.