April 24, 2025 – Cyber Briefing

👉 What’s going on in the cyber world today?

GitLab, XSS, Account Takeover, Google Forms, Phishing Attacks, User Credentials, SonicWall, Critical Vulnerability, SSLVPN, Remote Firewalls, Russian Hackers, Social Engineering, Microsoft 365, Trellix, FireEye, EDR Agent, Endpoints, Malicious Code, Yale New Haven Health, Data Loss, Blue Shield of California, Kelly Benefits, Ransomware, Spain, Aigües de Mataró, Subscriber Data, Puerto Rico Hospital Español Auxilio Mutuo, UK Regulator, Tech Firms, Kids’ Safety, FBI, Cybercrime, Ransomware, Microsoft, Bug Bounty, WhatsApp, User Privacy, Chainguard, Funding, Open-Source Software, Supply Chains.

Listen to the full podcast

🚨 Cyber Alerts

1. GitLab Urges Users to Patch Critical Bugs

GitLab has released critical security updates for its Community and Enterprise Editions to patch several high-risk vulnerabilities. These include cross-site scripting flaws, a denial-of-service risk, and a bug that could lead to account takeovers if exploited. The affected components include the Maven dependency proxy and issue preview features, which could allow attackers to inject scripts or crash services. Although GitLab.com and Dedicated users are already protected, self-managed users are strongly urged to upgrade immediately to avoid potential breaches.

2. Cybercriminals Use Google Forms for Phishing

Cybercriminals are increasingly using Google Forms to launch phishing campaigns that evade traditional email filters. Because Google Forms operates under the trusted *.google.com domain and uses HTTPS, many security tools classify it as safe. Attackers exploit this trust by creating fake login pages styled to mimic services like Microsoft 365 or banking sites. These malicious forms harvest credentials and transmit them using webhooks, making detection more difficult for security teams.

3. SonicWall Warns of Remote Crash Flaw

SonicWall has issued an urgent advisory regarding a critical vulnerability in its SSLVPN Virtual Office interface. The flaw, identified as CVE-2025–32818, allows unauthenticated attackers to remotely crash firewalls, leading to potential network disruptions. This issue impacts SonicWall’s Gen7 and TZ80 product lines, with a CVSS v3 score of 7.5. The vulnerability is caused by a Null Pointer Dereference in SonicOS, which triggers a denial-of-service (DoS) condition when exploited. SonicWall recommends immediate patching, as there are no workarounds available, to prevent exploitation and ensure network security.

4. Russian Hackers Target Microsoft 365 Users

Since March 2025, Russia-linked hackers have been targeting Ukraine-connected individuals and organizations. Using social engineering tactics, they exploit Microsoft OAuth 2.0 workflows to gain unauthorized access to Microsoft 365 accounts. Victims are contacted via messaging platforms and tricked into providing Microsoft-generated OAuth codes. Experts recommend monitoring newly registered devices and educating users on phishing risks to prevent these attacks.

5. FireEye EDR Agent Flaw Exposes Endpoints

A critical vulnerability has been identified in the FireEye EDR agent, specifically affecting version 10.0.0. Tracked as CVE-2025–0618, this flaw allows attackers to send a specially crafted event to disable tamper protection. The exploitation of this vulnerability results in a persistent denial-of-service condition, leaving endpoints unprotected against further attacks. Trellix, the owner of FireEye, has confirmed the issue and is working to release a patch to fix the flaw.

💥 Cyber Incidents

6. Yale New Haven Health Breach Hit 5.5M People

Yale New Haven Health System, based in New Haven, CT, disclosed a major data breach affecting 5.5 million people. The breach occurred in March 2025, with data exfiltrated from the system by an unauthorized third party. The stolen information included personal details such as names, addresses, and Social Security numbers, but not financial data. Yale New Haven Health has offered credit monitoring and is working to enhance its security measures to prevent future breaches.

7. Blue Shield of California Reports PHI Breach

Blue Shield of California reported a breach involving the unauthorized sharing of 4.7 million individuals’ protected health information with Google Ads. The issue, which occurred due to a misconfigured Google Analytics setup, lasted from April 2021 to January 2024. Information potentially exposed included medical details, insurance plan data, and personal identifiers. Blue Shield severed the connection between Google Analytics and Google Ads in January 2024 and reviewed its security protocols.

8. Kelly Benefits Reports Data Breach Incident

Kelly Benefits, a Maryland-based provider of payroll and benefits services, reported a significant data breach impacting nearly 264,000 people. Hackers accessed company systems between December 12 and December 17, 2024, and exfiltrated sensitive files containing names, Social Security numbers, dates of birth, tax IDs, and health and financial information. The breach affected several of Kelly Benefits’ clients, including Amergis, Beam Benefits, and CareFirst, with notifications now being sent to impacted individuals.

9. Aigües de Mataró Hit by Ransomware Attack

On April 21, 2025, Aigües de Mataró, the municipal water utility in Mataró, Spain, was hit by a ransomware attack. The incident encrypted company servers and exposed personal data, including names, birthdates, and bank details. While no payment card information was compromised, the attack disrupted several digital services and caused delays in billing and administrative tasks. Efforts to restore affected systems are ongoing, with coordination from the Catalan Cybersecurity Agency.

10. Puerto Rico Hospital Hit by Data Breach

Hospital Español Auxilio Mutuo de Puerto Rico experienced a data breach potentially affecting patients. The breach, initially detected in September 2023, involved unauthorized access to hospital systems. Investigations revealed that personal data, including contact information, health records, and financial details, may have been compromised. The hospital has since offered credit monitoring services and is urging patients to monitor their credit reports.

📢 Cyber News

11. Ofcom Sets New Child Safety Rules Online

Ofcom has unveiled a sweeping new code of practice to enforce child safety requirements under the UK’s Online Safety Act. The Protection of Children Codes and Guidance outlines 40 detailed measures aimed at shielding young users from harmful online content. These include mandatory content filtering through recommender systems, stricter age verification, and more power for children to manage their online interactions, such as blocking users or disabling comments. Tech firms must also make it easier for children to report problematic content and must clearly explain terms of service.

12. FBI Reports $16.6 Billion Lost to Cybercrime

In 2024, the FBI recorded a staggering $16.6 billion lost to cybercrime, marking a 33% increase. The Internet Crime Complaint Center (IC3) processed nearly 860,000 complaints, with older Americans being heavily impacted by fraud. Ransomware was the leading threat, increasing by 9% compared to the previous year, and fraud made up the majority of reported losses. The FBI warned that the reported figures represent only a fraction of the actual cybercrime losses, as many incidents remain unreported.

13. Microsoft Expands AI Bug Bounty Program

Microsoft has introduced an expanded bug bounty program offering rewards up to $30,000 for uncovering critical AI vulnerabilities in its enterprise products, specifically Dynamics 365 and Power Platform. The initiative seeks to enhance the security of AI systems by incentivizing ethical hackers to report flaws before they can be exploited by malicious actors. Microsoft uses a specialized classification system to evaluate reported vulnerabilities, focusing on areas like prompt injection, model manipulation, and inferential information disclosure.

14. WhatsApp Adds New Privacy Tools for Chats

WhatsApp has introduced a new setting called Advanced Chat Privacy that enhances control over shared content. This optional feature prevents chat exports, auto-downloads, and use of messages for AI tools, offering better privacy in group conversations. It is particularly useful in situations where users may not know all group members personally and want added confidentiality. The update comes as Meta, WhatsApp’s parent company, faces a €200 million fine from the European Commission for violating the Digital Markets Act by not offering a less personalized alternative to targeted advertising.

15. Chainguard Raises $356M for Safe Open Source

Chainguard, a start-up founded by ex-Google engineers, raised $356 million in a Series D funding round, bringing its total funding to $612 million. Led by Kleiner Perkins and IVP, with participation from Salesforce Ventures and Datadog Ventures, the round values the company at $3.5 billion. Chainguard specializes in providing pre-secured open-source components, with its offerings growing from 400 to 1,400 Linux container images in just one year. The company plans to use the new funding to expand its team, enhance engineering and sales efforts, and increase its support for more open-source projects, aiming for more than $100 million in recurring revenue by 2025.