π What’s trending in cybersecurity today?
AWS Web Console, IAM Users, Enumeration Risks, Ratatouille Malware, Invisible Internet Project, Stealthy Attacks, Sandworm Hackers, Ukraine, Pirated Key Management Service, Windows LDAP Critical Flaw, OpenSSL, Man in the Middle Attacks, zkLend, Crypto Exploit, Starknet Network, REMSA Health, Dispatch System, Port of Ostend, Belgium, German Bishops’ Conference, Diocese Association, LUP Clinics, CISA, Election Security, US Sanctions, Russian Hosting Service, Zservers, LockBit, Laptop Farm, North Korean Scheme, Elon Musk, OpenAI, Discord, Ignore Feature, Online Privacy, Safety.
Listen to the full podcast
π¨Β Cyber Alerts
Rhino Security Labs identified two critical username enumeration vulnerabilities in the AWS Web Console, posing a significant risk to Identity and Access Management (IAM) users. These vulnerabilities, one of which was patched by AWS (CVE-2025-0693) and the other accepted as a risk, expose weaknesses in AWSβs side of the Shared Responsibility Model. The first vulnerability allows attackers to confirm valid usernames when Multi-Factor Authentication (MFA) is enabled, and the second involves timing attacks during login attempts for non-MFA users.
Ratatouille, a newly discovered malware, uses advanced techniques to bypass security defenses and escalate privileges. By exploiting phishing attacks and leveraging PowerShell scripts, it deploys a Remote Access Trojan (RAT) that operates undetected on compromised systems. The malware’s standout feature is its use of the Invisible Internet Project (I2P) network, enabling encrypted, anonymous Command and Control (C2) communications that make it harder to trace.
Russian-backed Sandworm APT is exploiting pirated Microsoft Key Management Service tools in a cyber-espionage campaign targeting Ukraine. Since late 2023, the group has used trojanized KMS activators to deploy malware like the BACKORDER loader and Dark Crystal Remote Access Trojan (DcRAT), enabling large-scale data theft and espionage. With Ukraine’s reliance on unlicensed software, particularly in government sectors, Sandworm has capitalized on this vulnerability to steal sensitive data and disrupt national security.
A severe vulnerability, CVE-2025-21376, has been discovered in Microsoftβs Windows LDAP protocol, posing a major cybersecurity risk. This critical flaw could allow remote attackers to execute arbitrary code on target systems, spreading quickly across networks without user interaction, making it “wormable.” Microsoft has issued a fix, and organizations are urged to patch systems immediately to prevent exploitation of this potentially devastating vulnerability.
OpenSSL addressed the high-severity vulnerability CVE-2024-12797, which Apple researchers discovered. The flaw impacts TLS clients that use raw public keys (RPKs) and can allow man-in-the-middle (MitM) attacks due to improper server authentication checks. OpenSSL patched the vulnerability in versions 3.2.4, 3.3.2, and 3.4.1, and advised clients to ensure proper key verification methods are implemented.
π₯ Cyber Incidents
zkLend, a decentralized money lending protocol on the Starknet network, was hacked for $9.5 million on February 12, 2025. The stolen funds were bridged to Ethereum and laundered via Railgun, though protocol policies allowed the funds to be returned to the original address by Railgun. Following the exploit, zkLend offered a 10% bounty to the attacker if the remaining funds were returned, warning of potential legal actions if no response was received by February 14, 2025.
A recent cyberattack temporarily disrupted operations at REMSA Health in Reno, Nevada, but services have since been restored. The attack affected the Computer-Aided Dispatch (CAD) system, which provides supplementary support to emergency medical dispatchers, though telephone services were not impacted. REMSA Health confirmed that the disruption did not affect the 9-1-1 ground ambulance or Care Flight air ambulance services, and patient care was never delayed. The organization quickly assessed the situation and assured the public that no other parts of their operations were impacted by the breach.
The Port of Ostend in Belgium was targeted by a cyberattack on Monday night, with the attack affecting its ‘Ensor’ system. This system holds data related to the arrivals and departures of ships, as well as crew lists, but does not contain critical information. Despite the breach, the port’s operations continued without disruption, and no other systems were impacted. A team from the port, assisted by external experts, is working swiftly to restore the affected system to full functionality.
The IT systems of the German Bishops’ Conference Secretariat were targeted by a cyberattack on February 10, 2025, by a group linked to organized cybercrime. Following the attack, emergency protocols were activated, and the IT systems were disconnected from the internet to prevent further damage. External IT forensic specialists are currently investigating how the attackers bypassed the multi-layered security systems in place. Efforts are also underway to determine if any data was exfiltrated, with a focus on ensuring compliance with data protection regulations if personal data was affected.
A cyberattack has impacted the LUP clinics in the Ludwigslust-Parchim district of Germany, with the Hagenow and Ludwigslust locations currently unable to be reached via email or their websites. As a precaution, both clinics were disconnected from the communication network, though medical care at these facilities remains secured. Emergency services continue as usual, with the emergency room deregistered as necessary to ensure treatment of ongoing emergencies.
π’ Cyber News
The US Cybersecurity and Infrastructure Security Agency (CISA) has placed 17 staff members on administrative leave. These employees, including 10 regional election security specialists, were involved in assisting state and local election offices with security measures for the upcoming 2024 elections. The move has raised concerns about the agency’s ability to continue its critical support, particularly regarding the protection of elections from cyber and physical threats.
The U.S. Treasury Department, along with officials from the U.K. and Australia, sanctioned the Russian bulletproof hosting service Zservers for its involvement in facilitating ransomware attacks by the LockBit hacking group. Zservers, based in Barnaul, Russia, has provided cybercriminals with IP addresses, servers, and domains to carry out malicious activities, including botnet operations and fraud. The U.S. authorities noted that Zservers played a key role in LockBitβs 2023 attack on the Industrial Commercial Bank of China, aiding the ransomware group by leasing critical infrastructure used in their cyberattacks.
Christina Marie Chapman, a 48-year-old from Litchfield Park, Arizona, pleaded guilty to aiding a wide-reaching North Korean scheme that allowed several workers to earn over $17.1 million from U.S. companies. From 2020 to 2023, Chapman helped these North Koreans steal identities, run a laptop farm, and launder the funds back to the North Korean government. As a result, she faces a potential prison sentence of 7 to 9 years, with her sentencing set for June 16.
Elon Musk has proposed a $97.4 billion bid to acquire OpenAI’s operating assets, intensifying his legal conflict with the company’s CEO, Sam Altman. Musk’s xAI company, along with several investors, backs the offer, which Musk claims would return OpenAI to its original mission of public-focused AI development. Altman, however, rejected the proposal, with OpenAI’s board showing no interest in engaging, as the company plans to transition into a fully for-profit structure by 2026.
Discord launched its “Ignore” feature on Safer Internet Day 2025 to offer users a discreet way to manage online interactions. This tool hides messages, notifications, and activity from specific users without alerting them, providing a less confrontational alternative to blocking. Aimed particularly at younger users, it enables personal peace while avoiding escalation. Alongside this, Discord co-founded ROOST, a non-profit initiative that partners with major tech companies to improve online safety and provide tools to detect harmful content.
Copyright Β© 2025Β CyberMaterial. All Rights Reserved.
