April 23, 2025 – Cyber Briefing

👉 What’s trending in cybersecurity today?

Google Cloud Composer Flaw, Privilege Escalation, RustoBot Botnet, Rust, Routers, Remote Control, Cryptojacking Malware, Docker Environments, Cryptocurrency Rewards, Ripple xrpl.js, npm Package, Supply Chain Attack, Private Keys, Baltimore Schools, Ransomware, Personal Records, M&S Cyber Incident, Click and Collect Services, South Korea, SK Telecom Data Breach, USIM Information, Onsite Mammography Data Breach, Health Data, Netherlands, Adyen DDoS Attacks, Payment Services, UN, Southeast Asia Scam Operations, Africa, Latin America, Greece Intelligence Service, Cyber Experts, National Security, Google, Third Party Cookie Prompt, Privacy Protections, Sentra Data Security, AI, Multi-Cloud Workflows, Romance Scam Reports, UK, Online Dating.

Listen to the full podcast

🚨 Cyber Alerts

1. Cookie-Bite Attack Bypasses MFA in Cloud

Cybercriminals have developed a new technique known as “Cookie-Bite” to bypass multi-factor authentication (MFA). This method targets authentication cookies, particularly those used by Azure Entra ID, enabling attackers to impersonate legitimate users. By hijacking these session tokens, attackers can maintain persistent access to cloud systems without needing credentials or MFA codes. Security experts suggest various measures, including monitoring for unusual behavior and restricting browser extensions, to protect against this sophisticated attack.

2. GCP Composer Bug Allows Privilege Escalation

A privilege escalation vulnerability was found in Google Cloud Platform’s Cloud Composer service. Attackers could exploit this flaw to gain high-level permissions to critical GCP services like Cloud Storage and Artifact Registry. The flaw allowed attackers to inject malicious code through custom PyPI packages, gaining access to sensitive data and disrupting services. Google has since fixed the issue by using the environment’s service account instead of the default Cloud Build service account.

3. RustoBot Botnet Targets Routers Using Rust

FortiGuard Labs uncovered RustoBot, a sophisticated botnet using the Rust programming language to target vulnerable routers. The botnet exploits command injection vulnerabilities in TOTOLINK and DrayTek devices, enabling remote code execution and device takeover. Attackers deploy the malware using downloader scripts, spreading it through compromised servers in several countries. Once installed, RustoBot uses advanced evasion techniques like encrypted configuration data and DNS-over-HTTPS for command-and-control communication, making detection challenging.

4. New Cryptojacking Malware Targets Docker

A new cryptojacking campaign targets Docker environments using novel techniques for mining cryptocurrency. Researchers discovered that attackers are shifting from traditional methods like XMRig to using legitimate services like teneo.pro. This Web3 startup allows the malware to earn private crypto tokens through simple ‘keep alive’ pings, without scraping social media. Researchers warn that Docker containers should be secured to prevent exploitation, as attackers have increasingly targeted this service.

5. Ripple xrpl.js Backdoored to Steal Keys

Ripple’s xrpl.js npm package was compromised in a significant supply chain attack designed to steal private keys. The malicious backdoor, which targeted five versions of the library, was introduced by an attacker using a likely stolen npm access token. This allowed the attacker to inject a function into the code that transmitted stolen data to an external domain. The compromised versions affected millions of users, as the package has been downloaded over 2.9 million times. Ripple has since addressed the issue by releasing updated versions.

💥 Cyber Incidents

6. Baltimore Schools Hit by Ransomware Attack

A ransomware attack in February 2025 exposed sensitive data from thousands of students, teachers, and staff in the Baltimore City Public Schools system. The breach compromised documents containing personal information such as Social Security numbers, driver’s licenses, and student records for over 25,000 individuals, including current and former employees, volunteers, and contractors. School officials confirmed that 1.5% of the student population, or more than 1,150 students, were impacted.

7. M&S Faces Cyber Incident Disrupting Services

Marks and Spencer, a UK retailer, is currently addressing a cyber incident that has affected several of its services. The company’s Click and Collect service experienced delays, with customers also facing issues processing contactless payments and using gift cards in stores. M&S apologized to its customers, stating that temporary operational changes had been implemented to protect both the business and customers. External cybersecurity experts have been brought in to investigate, and the company has notified both the Information Commissioner’s Office and the National Cyber Security Centre about the breach.

8. SK Telecom Data Breach Exposes Customer Info

SK Telecom, South Korea’s largest telecom provider, reported a data breach on April 19, 2025. Hackers infiltrated its systems using malware, compromising sensitive customer information, including USIM card details. The company promptly isolated the affected systems and deleted the malware while notifying the Korea Internet & Security Agency. Although no confirmed misuse has been reported, SK Telecom is offering a free SIM protection service to impacted customers, and the investigation is ongoing.

9. Onsite Mammography Data Breach Affects 350K

Onsite Mammography, a Massachusetts-based medical services provider, recently revealed a significant data breach. The incident, discovered in October 2024, involved unauthorized access to an employee’s email account, which exposed sensitive personal and health information of over 350,000 individuals. Affected data includes Social Security numbers, dates of birth, driver’s license numbers, medical information, and credit card details. The company has confirmed no further systems were accessed, though the breach’s full cause remains unclear.

10. Adyen Hit by DDoS Disrupting Payments

Adyen, a major Dutch payment processor, experienced three DDoS attacks on April 21, 2025, severely impacting payment services. The attacks, which occurred in waves, targeted Adyen’s European datacenters, causing degraded performance and interruptions in ecommerce and in-store payment systems. The company’s teams immediately activated anti-DDoS defenses, mitigating the attacks and restoring services by the morning of April 22. Adyen is conducting a post-incident review to identify the root cause and implement long-term strategies to prevent future disruptions.

📢 Cyber News

11. UN Warns Southeast Asia Scams Spread

Transnational crime syndicates from Southeast Asia are spreading their scam operations worldwide. The UN report highlights the growth of these operations, with victims targeted by false investment, romance scams, and illegal gambling. The criminals are shifting their operations to regions with weaker law enforcement, including Africa and Latin America. The UN Office on Drugs and Crime warns that new technologies like AI and deepfakes are making these scams more sophisticated and widespread.

12. Greece Seeks 30 Cyber Experts for Security

Greece’s National Intelligence Service (EYP) is recruiting 30 cyber experts to combat growing digital threats. This marks the first major hiring campaign in five years, focusing on strengthening national security. The specialists will be responsible for intelligence gathering, tracking cryptocurrency transactions, and monitoring the dark web. EYP’s efforts align with similar global recruitment strategies by intelligence agencies to combat evolving cybersecurity risks.

13. Google Drops Third Party Cookies Prompt

Google recently announced that it will not roll out a standalone prompt for third-party cookies as part of its Privacy Sandbox initiative. The decision came after feedback from various stakeholders, including publishers, developers, and regulators, highlighting divergent views on changing third-party cookie availability. Instead, Google will focus on enhancing existing privacy features in Chrome, including stronger protections in Incognito mode, which blocks third-party cookies by default. Additionally, a new IP Protection feature, aimed at limiting users’ original IP addresses in third-party contexts, will be introduced in late 2025.

14. Sentra Raises $50M to Boost AI Data Security

Sentra, a cloud data security startup, secured $50 million in Series B funding, bringing total investment to over $100 million. The Israeli company aims to expand its engineering team and enhance its platform to protect sensitive data in AI workflows. Sentra’s software scans and maps data across cloud environments, identifying potential security gaps and ensuring privacy for training data and AI prompts. With growing demand for generative AI projects, Sentra has seen a 300% increase in revenue and new Fortune 500 customers adopting its security technology.

15. UK Romance Scams Rise 20% in Q1 2025

UK romance scams saw a significant 20% increase in the first quarter of 2025, according to Barclays. The rise correlates with the growing popularity of online dating and apps, which have become the primary platforms for scammers. Barclays’ data reveals that 12% of UK adults have been targeted or know someone who has fallen victim. In 2024, victims lost an average of £8,000 ($10,704), with individuals over 60 suffering higher losses, averaging £19,000 ($25,422). Experts are urging both tech companies and banks to enhance security measures