February 25 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

MITRE Caldera Framework, Critical Remote Code Execution, KernelSnitch Side Channel Attack, Linux Kernel, Graz University of Technology, ScreamedJungle Campaign, Stolen Browser Fingerprints, Fraud Detection, Malicious ISO Files, Outlook Filters, Hyperlink Obfuscation, BIG SHARK, Android RAT, LANIT, Russian Financial Services, Lithuanian Fintech Paysera, DDoS Attack, Cleveland Municipal Court, Maryland, Anne Arundel County, Public Services, Nuna Baby Essentials, Data Breach, EU Sanctions, North Korea, Lazarus Group, RAD Security, AI, Cloud Defense Platform, Fraudulent Calls, Deepfake Incidents, Wireshark, DoS Vulnerability, Network Analysis Tools.

Listen to the full podcast

🚨 Cyber Alerts

1. MITRE Caldera Vulnerability Exposes Systems

A critical remote code execution (RCE) vulnerability (CVE-2025–27364) has been discovered in MITRE Caldera, a widely used adversarial emulation framework. This flaw affects all versions prior to commit 35bc06e and exposes systems running Caldera servers to potential unauthenticated attacks. Attackers can exploit this vulnerability by manipulating dynamic compilation features in Caldera’s Sandcat and Manx agents, which are lightweight implants used during cybersecurity exercises.

2. Linux Kernel Side Channel Attack Discovered

Researchers from Graz University of Technology have uncovered KernelSnitch, a groundbreaking side-channel attack that targets Linux kernel data structures. The attack exploits timing variances in dynamic structures like hash tables and trees, allowing unprivileged attackers to leak sensitive information across isolated processes. Unlike hardware-based attacks, KernelSnitch relies on software vulnerabilities, making it difficult to mitigate with traditional hardware fixes.

3. ScreamedJungle Targets E-Commerce Sites

Cybersecurity researchers have uncovered a sophisticated cybercriminal campaign known as ScreamedJungle, which uses stolen browser fingerprints to bypass fraud detection systems. By exploiting vulnerabilities in outdated Magento e-commerce platforms, the threat actor injects malicious scripts to harvest unique digital identifiers from visitors, mimicking legitimate user activity. This enables the attackers to evade protections like multi-factor authentication and device reputation checks, posing significant risks to global e-commerce operations.

4. ISO Files Bypass Outlook Spam Filters

Researchers have uncovered a new technique allowing cybercriminals to bypass Microsoft Outlook’s spam filters and deliver malicious ISO files. This attack uses hyperlink obfuscation to disguise harmful URLs as harmless ones, tricking email filters into allowing malware-laden disk images into inboxes. ISO files are attractive targets for attackers because they can evade detection by traditional security defenses, especially those focused on executable files.

5. BIG SHARK RAT Leaked Posing Serious Threat

The BIG SHARK Android Remote Access Trojan (RAT), a cracked version of the Craxs 7.6 RAT, has been leaked, amplifying risks for Android device users worldwide. The RAT allows attackers to gain full control of infected devices, enabling them to monitor activities, escalate privileges, and deploy additional malicious payloads. This new version has been circulating in cybercriminal communities, with its ability to evade traditional security measures and its widespread distribution posing a significant cybersecurity threat.

💥 Cyber Incidents

6. Lanit IT Provider Breach Hits Russian Banks

Russia’s National Coordination Center for Computer Incidents (NKTsKI) recently issued a warning regarding a security breach at LANIT, a leading IT service provider in the country. The breach, which occurred on February 21, 2025, impacted two key subsidiaries, LLC LANTER and LLC LAN ATMservice, both integral to the banking and payment systems sector. These companies provide essential software for banking equipment, payment systems, and ATMs, making them crucial targets for cyberattacks.

7. Paysera DDoS Attack Disrupts Services

Paysera, a Lithuania-based financial technology company, was targeted by a large-scale DDoS attack on Friday, which disrupted its services. The attack, which began around 13:30, aimed to overwhelm Paysera’s systems by flooding them with excessive requests, slowing down performance and causing accessibility issues for users. Despite the attack, the company assured that no customer data or funds were compromised during the event.

8. Cleveland Court Closes Due to Cyber Incident

Cleveland Municipal Court is investigating a cyber incident that led to its closure on Monday and Tuesday. While the court has not disclosed the specifics of the breach, it has shut down all affected systems and plans to keep them offline until fully secured. The court’s Deputy Administrator emphasized their commitment to addressing the situation quickly and assured the public that they are treating the cyber threat with utmost seriousness.

9. Anne Arundel County Faces Cyber Incident

Anne Arundel County, Maryland, is dealing with a cyber incident that has caused disruptions to several public services. While 911 and 311 services remain operational, other county services are currently down. Authorities are working with cybersecurity experts to investigate the cause of the incident and restore full service, though it may take several days to resolve. Officials have taken precautionary measures, including limiting internet access, to safeguard systems during the recovery efforts.

10. Nuna Baby Essentials Reports Data Breach

Nuna Baby Essentials, Inc. confirmed a data breach after an unauthorized party accessed consumer data. The company began sending breach notification letters to affected individuals, revealing that 16,676 people’s personal information had been compromised. The breach, which was first identified in February 2025, occurred after a cyberattack on September 8, 2024, and is currently under investigation.

📢 Cyber News

11. EU Sanctions North Korean Linked to Lazarus

The European Union recently imposed sanctions on Lee Chang Ho, head of North Korea’s Reconnaissance General Bureau (RGB), for his involvement in Russia’s war against Ukraine. Lee is believed to have overseen cyberattack units, including the notorious Lazarus and Kimsuky groups, and coordinated North Korean soldiers involved in guerrilla warfare tactics in Ukraine. This move highlights growing international pressure on individuals linked to the ongoing conflict, as RGB has been blamed for various cyber operations, including espionage and financial crimes, often attributed to groups like Lazarus.

12. Australia Bans Kaspersky Over Security Risks

Australia has become the latest country to ban the installation of Kaspersky software due to national security risks. The Australian government cited concerns about potential foreign interference, espionage, and sabotage arising from the use of Kaspersky’s products and services. The Department of Home Affairs announced that government entities must remove the software by April 1, 2025, and seek exemptions only for legitimate business purposes, with strict conditions.

13. RAD Security Raises $14M to Boost AI Defense

RAD Security, a San Francisco-based leader in securing cloud-focused infrastructure, has raised $14 million in Series A funding. Led by Cheyenne Ventures, with support from Forgepoint Capital, Akamai, and others, the company plans to use the funds to accelerate the growth of its AI-driven defense platform. This technology will enhance its Cloud Detection and Response (CDR) solution, bolstering security for enterprises as they scale their cloud and AI operations.

14. Global Consumers Face Billion Fraud Calls

Hiya’s Q4 2024 Global Call Threat Report revealed that over one billion fraudulent calls were encountered by global consumers in the last quarter of 2024. The report highlighted a concerning rise in deepfake technology, with 31% of Americans and 25% of Brits exposed to fraudulent calls using AI-generated voices. These calls led to significant financial losses, with the average cost of voice-based fraud hitting $539 in the U.S. and £595 in the U.K.

15. Wireshark 4.4.4 Fixes DoS Vulnerability

Wireshark Foundation has released version 4.4.4 to address a high-severity vulnerability that could trigger denial-of-service (DoS) conditions. CVE-2025–1492 affects Wireshark’s Bundle Protocol and CBOR dissectors, causing crashes and system disruptions when processing malicious packets. This security patch, part of the 4.4.x series, fixes the flaw and improves stability, offering protection against potential service interruptions.