April 28, 2025 – Cyber Briefing

👉 What’s happening in cybersecurity today?

AI Vulnerabilities, Jailbreaks, Safety Systems, Apple, iOS, Malicious Apps, ELENOR-Corp, Ransomware, Healthcare, Mimic 7.5, SAP NetWeaver, File Upload, System Compromise, ConnectWise, Patch, ViewState, ScreenConnect, Loopscale, DeFi Protocol, Exploit,India, New Delhi, Army College of Nursing, Hacked, Team Insane PK, Germany, Nuremberg City, DDoS Attack, Malaysia, Unauthorized Trading, Brokers, Capital Market, Uruguay, TV Ciudad, Hacked, FTC, Children’s Online Privacy, UK, SIM Farms, Mobile Phone Fraud, Brave, Cookiecrumbler, Cookie Consent, Verizon, Cyberattacks, Cybersecurity, Push Security, Identity Protection.

Listen to the full podcast

🚨 Cyber Alerts

1. AI Vulnerabilities Found in Major Platforms

Researchers have discovered serious vulnerabilities in generative AI systems used by companies like OpenAI, Microsoft, and Google. These flaws allow attackers to bypass safety features, enabling the generation of dangerous or prohibited content. Two distinct techniques, known as “Inception” and another method involving response manipulation, exploit these weaknesses across multiple AI platforms. As these vulnerabilities affect key AI services, experts urge further security improvements to prevent malicious exploitation.

2. iOS Vulnerability Lets Apps Disable Devices

A critical vulnerability in iOS allows malicious applications to disable devices permanently with just a single line of code. The flaw, CVE-2025–24091, exploits the Darwin notifications system, a low-level messaging mechanism in iOS. By sending certain system-level notifications, an attacker can trigger an endless reboot loop, effectively “bricking” the device and forcing a system restore. This vulnerability can be triggered by any sandboxed app or widget extension, requiring no special privileges.

3. SAP NetWeaver Zero-Day Vulnerability Exposed

Shadow Servers recently identified a critical vulnerability in SAP NetWeaver systems, tracked as CVE-2025–31324. The flaw, affecting the Metadata Uploader component, allows unauthenticated attackers to upload malicious files to the system, potentially compromising it. The vulnerability, which carries a maximum CVSS severity score of 10.0, targets the “/developmentserver/metadatauploader” endpoint and is especially dangerous as it does not require any authentication or user interaction.

4. ELENOR-Corp Targets Healthcare with Mimic

The ELENOR-Corp ransomware group recently targeted the healthcare sector using a new Mimic ransomware variant. This strain, Mimic 7.5, was linked to a previous Clipper malware infection that facilitated re-entry into the victim’s system. Once inside, the attackers used Remote Desktop Protocol (RDP) to move laterally and compromise multiple servers, deploying various tools for persistence and data exfiltration. The ransomware employs advanced techniques like sticky keys and registry modifications, making it harder to recover from the attack.

5. Patch Released for ScreenConnect Flaw

ConnectWise released an urgent security patch for its ScreenConnect software due to a critical flaw. The vulnerability, CVE-2025–3935, allows remote code execution through ViewState code injection in versions up to 25.2.3. The flaw affects ASP.NET Web Forms, enabling attackers to craft malicious ViewState data if machine keys are compromised. ConnectWise urges on-premises users to upgrade immediately to version 25.2.4 to secure their systems from potential exploitation.

💥 Cyber Incidents

6. Loopscale DeFi Protocol Loses $5.8M in Hack

On April 26, the Solana-based decentralized finance protocol Loopscale suffered a significant exploit, resulting in a theft of approximately 5.7 million USDC and 1,200 Solana. The hack was carried out through a series of undercollateralized loans, impacting the protocol’s USDC and SOL vaults and leading to a loss of around 12% of Loopscale’s total value locked (TVL). Following the incident, Loopscale temporarily halted some functions, including Vault withdrawals, while resuming loan repayments and top-ups.

7. Army College of Nursing Hacked in India

The Army College of Nursing’s website in New Delhi was hacked by the Pakistan-based hacker group Team Insane PK. This attack occurred just days after the deadly terrorist strike in Jammu and Kashmir’s Pahalgam, heightening already tense relations between India and Pakistan. The hackers left an inflammatory message on the website, discussing themes related to the two-nation theory, further aggravating the situation. The breach coincided with India’s announcement of several retaliatory measures against Pakistan, including suspending the Indus Waters Treaty and expelling Pakistani diplomats from New Delhi.

8. Nuremberg City Website Down Due to DDoS

On April 25, 2025, the German city of Nuremberg’s website suffered a DDoS attack, which caused significant disruptions. The attack targeted the servers, overwhelming them with excessive traffic and making municipal services, including search engines and contact forms, temporarily inaccessible. While the city’s internal IT systems were not affected, the cybercrime department launched an investigation into the external attack. By the afternoon, the website was restored to full functionality, and all online services became accessible once again, though the attack caused significant temporary disruptions.

9. Unauthorized Tradings Hits Malaysian Brokers

On April 24, 2025, several brokers reported unauthorized access and failed logins to client trading accounts. The breach, which affected a small number of brokers, resulted in unauthorized trading activities on Bina Puri Holdings Bhd and its Warrant-B. Bursa Malaysia and the Securities Commission took immediate steps to contain the issue and prevent further occurrences. Investigations are ongoing to determine the root cause of the breach and ensure tighter security controls.

10. TV Ciudad Website Hacked in Uruguay

TV Ciudad’s website in Uruguay was hacked on Thursday, displaying altered images of political figures like Yamandú Orsi, Carolina Cosse, and Martín Lema. The attackers, identified as GO.ETH, used AI-generated photos and included messages threatening the Chamber of Commerce, warning of future targets. One image ridiculed Martín Lema, showing him shirtless, while the attackers left a message about their continued efforts. Authorities have been notified, and while no sensitive data was compromised, the website is being worked on to restore its full functionality.

📢 Cyber News

11. US FTC Updates Children’s Privacy Rule

The US Federal Trade Commission (FTC) has finalized an updated version of the Children’s Online Privacy Protection Act (COPPA) rule, which will take effect on June 23, 2025. This update enhances protections for children’s online privacy by imposing stricter requirements on websites and apps, including the creation of information security programs that must be monitored for risks annually. The rule also includes tougher data retention and deletion policies, with clearer disclosures about how children’s data is collected, used, and shared with third parties.

12. UK to Ban SIM Farms to Combat Mobile Fraud

The UK government is set to introduce a ban on SIM farms in an effort to combat mobile phone fraud. SIM farms, which contain multiple SIM cards, are often used by cybercriminals to carry out large-scale fraud operations like smishing campaigns. The ban will take effect six months after the Crime and Policing Bill receives Royal Assent, with fines for violators reaching up to £5000 in Scotland and Northern Ireland, and unlimited fines in England and Wales. As fraud continues to rise, industry leaders like Vodafone UK emphasize the importance of collaboration between the government and telecom operators to protect the public.

13. Brave Launches Cookiecrumbler to Block Ads

Brave has launched Cookiecrumbler, an open-source tool that detects and blocks cookie consent banners using large language models (LLMs). This tool aims to refine Brave’s existing approach to blocking cookies, which since 2022, has caused issues like broken checkout flows and layout problems. By using AI, Cookiecrumbler classifies cookie consent notices and suggests fixes, which are then manually reviewed and published on GitHub for the community to address. It operates entirely on Brave’s backend, ensuring no user data is collected, and avoids interfering with user sessions.

14. Verizon Report Reveals Surge in Cyberattacks

The 2025 Verizon Data Breach Investigations Report highlights concerning trends in cyberattacks. Vulnerability exploitation in VPNs and appliances rose significantly, with many devices from Ivanti, Fortinet, and others left unpatched. The report also showed that data-extortion ransomware attacks increased by 37%, and many companies now refuse to pay ransoms. With a rise in supply chain breaches and human error, Verizon stresses the need for stronger defenses against evolving threats.

15. Push Security Raises $30 Million for Growth

Push Security raised $30 million in a Series B funding round, bringing the total raised to $49 million. The round, led by Redpoint Ventures with additional support from Datadog Ventures, will help expand its identity protection platform. The browser-based platform detects and blocks identity attacks such as phishing, credential stuffing, and session hijacking. The company will use the funds to hire talent, scale its platform, and enhance research and development efforts to expand into new markets globally, addressing the rising threats of identity-based breaches.