π What’s going on in the cyber world today?
Microsoft Outlook, Graph API, Espionage Campaign, BadPilot, Russian Cyberattacks, Global Infrastructure, ZeroLogon Exploit, Domain Controllers, Network Compromise, Google, Chrome V8 Engine, Authentication Bypass, PAN-OS, Nginx Apache Path Confusion, Virginia Attorney Generalβs Office, Cyberattack, Papua New Guinea Tax Office, Four.Meme, Binance Smart Chain, Ransomware Attack, Michigan’s Sault Tribe, Sarcoma Ransomware, Unimicron, Data Leak Threat, US Administration, National Cyber Director, Coast Guard, Maritime System, Fortune 500, Employee Accounts Compromised, Drata, SafeBase, Compliance Platform, Brightline, Class Action, Data Breach.
Listen to the full podcast
π¨Β Cyber Alerts
A new family of malware leverages Microsoft Outlook and the Microsoft Graph API to facilitate a sophisticated espionage campaign. Known as PATHLOADER and FINALDRAFT, these malware variants use a custom loader and backdoor to exfiltrate data and inject processes. FINALDRAFT, in particular, utilizes Outlook to create email drafts for communication with its command and control server, making it challenging for traditional security tools to detect.
Microsoft Threat Intelligence has revealed a subgroup of the Russian state-backed actor Seashell Blizzard, called the BadPilot campaign, which has been conducting a global operation to compromise internet-facing infrastructure. Active since 2021, the campaign exploits vulnerabilities in widely-used systems such as Microsoft Exchange, Zimbra Collaboration, and Fortinet FortiClient EMS to gain persistent access to high-value targets across sectors like energy, telecommunications, and government.
The ZeroLogon ransomware exploit targets a critical flaw in Microsoft Active Directoryβs Netlogon Remote Protocol, allowing attackers to bypass authentication and gain unauthorized access to domain controllers. This vulnerability, CVE-2020-1472, enables attackers to reset domain controller passwords without credentials, compromising the entire network. Once inside, attackers can deploy ransomware, modify user accounts, and spread malware across systems, making the ZeroLogon exploit a major cybersecurity threat.
Google has released an urgent update for Chrome to address a critical “Use-After-Free” vulnerability (CVE-2025-0995) in the V8 JavaScript engine. This flaw could allow attackers to execute malicious code remotely, exposing users to significant risks. The latest update, which rolls out over the coming days, also addresses additional high-severity vulnerabilities in Chromeβs UI and memory management. Users are strongly encouraged to update their browsers to the latest stable version to protect against these security threats.
A critical vulnerability in Palo Alto Networksβ PAN-OS has been disclosed, tracked as CVE-2025-0108. This flaw, which holds a CVSSv3.1 score of 7.8, allows unauthenticated attackers to bypass authentication on the management web interface. The root cause lies in path confusion and header smuggling between Nginx and Apache, which leads to the exploitation of sensitive PHP scripts without authorization.
π₯ Cyber Incidents
The Virginia Attorney General’s Office has experienced a significant cyberattack, causing most of its systems to go offline. Systems such as Net Docs, Outlook, Teams, OAG Fileshare, VPN access, and internet connectivity are all affected. Staff members were informed of the incident via an email from Chief Deputy Attorney General Steven Popps, who assured them that the team is working to resolve the issue. The office has alerted the Virginia State Police and the Virginia Fusion Center, which are investigating the attack.
Papua New Guinea’s Internal Revenue Commission (IRC) has fallen victim to a significant cyberattack, forcing systems offline and potentially exposing sensitive data. The attack, affecting critical tax systems like SIGTAS, has caused significant disruption to business operations, with clients experiencing delays in approvals and clearances. While Australia has offered cybersecurity assistance, Papua New Guinea has not yet accepted support as it works with a private company for recovery, which could take weeks or months.
Four.Meme, a meme coin platform on Binance Smart Chain, recently experienced a malicious attack that resulted in a loss of $183,000. The platform temporarily suspended token trading and paused the launch of LP tokens on PancakeSwap while addressing the issue. Despite the attack, Four.Meme reassured users that internal funds remained safe and that the platform’s development team was working on a fix.
The Sarcoma ransomware group has claimed responsibility for a cyberattack on Unimicron, one of the largest manufacturers of printed circuit boards (PCBs) based in Taiwan. The threat actors have allegedly stolen 377 GB of SQL files and other documents from the companyβs systems, and theyβve threatened to release the data unless a ransom is paid. Unimicron has confirmed the disruption caused by the ransomware attack but has not officially confirmed a data breach.
A ransomware attack has caused widespread disruption to the Sault Tribeβs operations in Michigan, taking down critical services such as casinos, health centers, and businesses. The tribe has temporarily closed many departments and canceled medical appointments, while gaming operations at the Kewadin Casinos have been halted. The tribe is working to resolve the issue but is preparing for a prolonged disruption.
π’ Cyber News
President Donald Trump plans to nominate Sean Cairncross as the next national cyber director, according to a document obtained by POLITICO. Cairncross, who served as CEO of the Millennium Challenge Corporation (MCC) during Trumpβs first term, has a background in government operations and foreign aid rather than cybersecurity. His previous roles include serving as a deputy assistant to the president and as COO and chief counsel at the Republican National Committee (RNC).
The Government Accountability Office (GAO) recently published a report identifying gaps in the U.S. Coast Guardβs cybersecurity efforts for the Maritime Transportation System (MTS). The report made five key recommendations, including improving incident information accuracy, enhancing cybersecurity personnel competency, and aligning cyber plans with the national strategy. The GAOβs review highlighted the vulnerability of ports to cyber threats, including state-sponsored and cybercriminal attacks, and emphasized the Coast Guard’s role in providing oversight and assistance to prevent cyberattacks on the MTS.
Over three million employee accounts in Fortune 500 companies were compromised between 2022 and 2024, as reported by Enzoic. This surge is largely driven by the widespread use of corporate email addresses for personal accounts and the rise of infostealer malware, which has led to significant vulnerabilities. The report highlights the need for stronger cybersecurity practices, such as credential and password monitoring, to mitigate risks such as account takeover and data breaches.
Drata has announced its acquisition of SafeBase in a $250 million deal, aimed at enhancing its security and compliance automation services. The merger will combine Drataβs cloud-based platform for compliance with SafeBaseβs trust center platform, which automates security reviews and aids in expediting security questionnaires. The move will create a comprehensive trust management platform to help businesses streamline audits, scale compliance, and improve vendor risk management.
Brightline, a virtual mental health provider, has agreed to a $7 million settlement over a 2023 data breach affecting around 1 million individuals. The breach resulted from a zero-day vulnerability in Fortra’s GoAnywhere file transfer software, exploited by the Clop ransomware group. The settlement offers affected individuals up to $5,000 for documented losses and alternative compensation options like $100 cash or three years of credit monitoring.
Copyright Β© 2025Β CyberMaterial. All Rights Reserved.
