April 29, 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

Kali Linux, Git Configuration Files, Linux Kernel Vulnerability, Apache Tomcat, CISA, Commvault, Broadcom Fabric OS, Hitachi Vantara, Akira Group, Pro Russian Hackers, Dutch Websites, Illinois, DuPage County, Canada, Emera, Nova Scotia Power, Hacker Attack, Italy’s Citizenship Referendum, IBM, Investment, Advanced Computing, Europol, Cybercrime, Youth Recruitment, ISACA, Quantum Threats, Mobile Devices, Updated OS, Palo Alto Networks, Acquisition, Protect AI.

Listen to the full podcast

🚨 Cyber Alerts

1. Kali Linux Warns Users of Signing Key Issue

Offensive Security has urged Kali Linux users to manually install a new package signing key after the original one was lost. Although the key was not compromised, its disappearance has caused update signature verification to fail across many systems. Users relying on older installations are now encountering errors when attempting to install or upgrade software. OffSec has published detailed steps for securely replacing the key and recommends downloading fresh Kali ISO images for those who prefer a clean reinstall.

2. Surge in Cyberattacks Targeting Git Files

GreyNoise recently observed a record-breaking increase in cyber reconnaissance attempts targeting Git configuration files. On April 20–21, more than 4,800 unique IP addresses were detected trying to access these sensitive files, a clear sign of rising threats. The activity is linked to vulnerabilities like CVE-2021–23263, which exposes .git directories on web servers, allowing attackers to download sensitive information, including credentials and commit history. Organizations are advised to secure .git directories, monitor server logs, and rotate any exposed credentials to prevent breaches.

3. Linux Kernel Flaw Lets Attackers Gain Root

A critical vulnerability in the Linux kernel’s Virtual Socket (vsock) implementation, CVE-2025–21756, allows local attackers to escalate privileges to root level, potentially compromising systems. The flaw, which scores 7.8 (high) on the CVSS scale, stems from improper socket binding handling during transport reassignment, leading to a use-after-free condition. Exploitation allows attackers to bypass security mechanisms like AppArmor, leak memory addresses, and craft a Return-Oriented Programming (ROP) chain for privilege escalation.

4. Apache Tomcat Flaw Triggers DoS Attack

A high-severity vulnerability, CVE-2025–31650, has been identified in Apache Tomcat, a widely used Java application server, affecting multiple versions. The flaw stems from improper input validation when handling HTTP Priority headers, leading to memory leaks and potential denial-of-service conditions. Attackers can exploit this vulnerability by sending numerous malformed requests without requiring authentication. This results in an OutOfMemoryException, causing the application to become unavailable.

5. Commvault and Broadcom Flaws Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog due to confirmed real-world exploitation. The first flaw affects Commvault Web Server and enables remote, authenticated attackers to deploy and execute malicious webshells, but only in compromised environments with exposed interfaces. The second flaw targets Broadcom Brocade Fabric OS, allowing users with administrative access to run arbitrary code with full root privileges by bypassing IP address validation mechanisms.

💥 Cyber Incidents

6. Hitachi Vantara Hit by Ransomware Attack

Hitachi Vantara confirmed a ransomware attack on April 26, 2025, attributed to the Akira group. The attack led to internal system disruptions, although customer cloud services were unaffected. Hitachi activated its incident response protocols and enlisted external experts to manage the recovery efforts. The breach highlights ongoing vulnerabilities as ransomware gangs continue targeting high-profile enterprises globally.

7. Dutch Websites Targeted in DDoS Attack

Several Dutch provincial and municipal websites were taken offline by a DDoS attack on Monday. The pro-Russian hacker group NoName claimed responsibility, citing the Netherlands’ military and financial support for Ukraine as their motive. The targeted sites included those of the provinces of Groningen, North Holland, and North Brabant, as well as cities like Apeldoorn and Nijmegen. These attacks caused significant disruptions, making websites difficult or impossible to reach, but the sites were restored later in the day, with no reports of sensitive data being compromised.

8. DuPage County Targeted by Ransomware Attack

DuPage County, Illinois, experienced a ransomware attack on April 28, 2025, affecting several key offices, including the Sheriff’s Office, 18th Judicial Circuit Court, and Circuit Court Clerk’s Office. As a result, critical systems were taken offline, but the Sheriff’s Office assured there was no impact on jail operations or public safety. While some court operations faced minimal disruption, in-person hearings were able to proceed as scheduled. The County has reached out to the FBI and Secret Service, and the investigation into the attack is ongoing.

9. Cybersecurity Incident Affects Emera Power

Emera and Nova Scotia Power announced a cybersecurity breach involving unauthorized access into their Canadian network. The companies immediately activated their response protocols, isolating affected servers and involving cybersecurity experts. The breach has not disrupted operations in Canada or affected services in the U.S. and Caribbean. Emera assures that there is no expected material impact on the business’s financial performance from the incident.

10. Hacker Hits Italian Citizenship Referendum

Italy’s referendum website, referendumcittadinanza.it, was attacked on April 27, 2025, making it temporarily inaccessible. The website, which provides information on the June 8–9 referendum, faced 21 million access attempts from masked IPs. These attempts appeared to originate from countries like China, Mexico, South Korea, and others, though the actual locations remain uncertain. The referendum committee is actively working to restore the site, collecting data for a formal complaint to the Public Prosecutor’s Office. Riccardo Magi, a key figure in the referendum campaign, emphasized the attack’s scale, suggesting it targeted the democratic process.

📢 Cyber News

11. IBM Announces $150B US Investment Plan

IBM revealed a sweeping $150 billion investment plan to enhance U.S. leadership in computing. This includes over $30 billion dedicated to research and development for mainframe and quantum computing. With a focus on American manufacturing, the company emphasizes the importance of these technologies for national security and economic growth. IBM aims to expand its quantum computing footprint and maintain U.S. dominance in critical technologies like quantum research and national defense.

12. Europol Targets Youth Online Recruitment

Europol has launched the OTF GRIMM task force to tackle the rise of youth recruitment by crime groups. This initiative involves law enforcement from several European countries, including Sweden, Belgium, and Germany. The focus is on dismantling “violence-as-a-service” networks that exploit young people for illegal activities such as cyberattacks and trafficking. The task force will work with tech companies to prevent youth recruitment and strengthen cross-border intelligence sharing.

13. Organizations Unprepared for Quantum Threats

The latest ISACA survey reveals a concerning lack of preparedness among organizations for future quantum-enabled threats. Just 5% of IT professionals reported having a strategy in place to defend against such attacks, with only 3% considering it a high business priority. Experts have raised alarms about the potential of quantum computers breaking existing encryption methods like RSA and AES, which could leave sensitive data exposed. The survey also highlighted a general lack of understanding of NIST’s post-quantum cryptography standards, with 44% of IT professionals unfamiliar with these guidelines, despite their importance in securing systems against future quantum threats.

14. Half of Mobile Devices Use Outdated OS

A recent report reveals that 50% of mobile devices are operating on outdated operating systems, leaving them vulnerable to cyber-attacks. Mobile-targeted attacks, including smishing, have surged, with smishing now accounting for 69.3% of all mobile phishing incidents. Additionally, over 60% of iOS apps and 34% of Android apps lack the necessary code protection to safeguard user data. The report highlights the significant rise in malware attacks, with Trojan usage increasing by 50% year-over-year.

15. Palo Alto Networks Acquires Protect AI

Palo Alto Networks has confirmed its acquisition of Protect AI, a US-based AI security company. This acquisition aims to strengthen Palo Alto’s ability to secure AI models and address emerging vulnerabilities in AI systems. Protect AI has developed a platform for AI red teaming, runtime security, and safeguarding AI models, which will now integrate with Palo Alto Networks’ Prisma AIRS AI security platform. The deal is expected to close in the first quarter of FY2026, with Protect AI’s CEO and team joining Palo Alto Networks.