February 27 2025 – Cyber Briefing

👉 What’s going on in the cyber world today?

PolarEdge Botnet, Cisco, ASUS, QNAP, Synology, GitLab, Cross-Site Scripting, Vulnerabilities, Anubis Ransomware, Data Extortion, Microsoft, VSCode Extensions, Security Risks, Krpano Framework, Spam Ads, Pump.fun, Fake Tokens, Memecoins, Cedar Falls, Iowa, BlackSuit, Azamara Cruises, Unauthorized Access, Email Account, Café Zupas, St. Clair Orthopaedics & Sports Medicine, Arkansas, General Motors, Deceptive Data Collection, Cellebrite, Spyware, Serbia, OpenSSF, OSPS Baseline, Open Source Security, Hacker Arrested, Data Breaches, Sensitive Information, Dreadnode, Offensive AI Security, Tools

Listen to the full podcast

🚨 Cyber Alerts

1. PolarEdge Botnet Targets Cisco ASUS QNAP

A new malware campaign, codenamed PolarEdge, has been identified targeting devices from Cisco, ASUS, QNAP, and Synology. The botnet exploits vulnerabilities in Cisco routers that have reached end-of-life status, allowing attackers to deploy a sophisticated TLS backdoor via a previously unknown implant. This botnet, which has infected over 2,000 unique devices globally, could potentially be used to control compromised systems and launch large-scale cyberattacks.

2. GitLab Warns of Critical XSS Flaws

GitLab has issued a security advisory about critical Cross-Site Scripting (XSS) vulnerabilities that affect self-managed instances of its DevOps platform. The flaws, tracked as CVE-2025–0475 and CVE-2025–0555, could lead to session hijacking, credential theft, and unauthorized access to systems. These vulnerabilities allow attackers to bypass security controls and execute malicious scripts within user browsers.

3. Anubis Ransomware Group Unveils New Tactics

Threat intelligence firm Kela has uncovered a new ransomware group named Anubis, which operates as a RaaS service with unique options for affiliates. The group, active since late 2024, utilizes double extortion tactics and has created specialized affiliate programs that offer various monetization services, such as classic ransomware, data ransom, and access monetization. The ransomware targets Windows, Linux, NAS, and ESXi environments, with affiliates receiving a significant cut of the ransom or data extortion profits.

4. VSCode Pulls Extensions Over Security Risk

Microsoft has removed two popular VSCode extensions, Material Theme — Free and Material Theme Icons — Free, after discovering malicious code. These extensions, which were downloaded nearly 9 million times, had suspicious code that cybersecurity researchers flagged as potentially harmful. The developer, Mattia Astorino, known as equinusocio, was banned from the marketplace, and all related extensions were removed following security concerns raised by the researchers.

5. Hackers Use XSS Flaw in Krpano to Inject Ads

Hackers exploited a cross-site scripting (XSS) vulnerability in the Krpano framework to inject malicious scripts into over 350 websites. These sites included government portals, universities, news outlets, and major companies. The attackers used the flaw to manipulate search results and fuel a large-scale spam ad campaign, leveraging trusted domains to distribute pornography, diet ads, and other questionable content.

💥 Cyber Incidents

6. Pump Fun Account Hacked to Promote Fake Coin

The Pump.fun X account was compromised on February 26, 2025, in a cyber attack that saw the promotion of a fraudulent governance token called “PUMP” and other scam coins. The hacker used the compromised account to spread misleading messages about the fake token, claiming it was part of a democratic governance process. This breach is tied to previous incidents involving the Jupiter DAO account hack in February 2025 and the DogWifCoin X account hack in November 2024, with no fault on the teams involved.

7. Cedar Falls Data Breach Affects 3500 People

Cedar Falls, Iowa, confirmed on February 26 that it notified 3,534 individuals about a data breach resulting from a ransomware attack in June 2024. The breach compromised sensitive personal data, including names, Social Security numbers, and vehicle details. The BlackSuit ransomware gang claimed responsibility for the attack, demanding ransom and threatening to auction the stolen data. Despite this, Cedar Falls has not confirmed if the ransom was paid and has implemented enhanced security measures, including password updates and external testing, to prevent future breaches.

8. Azamara Cruises Reports Email Account Breach

Azamara Cruises identified unauthorized access to an email account in August 2024, which led to the potential download of personal information. The company acted swiftly to revoke access and investigate the scope of the incident, determining that certain information may have been exposed, including names and identification numbers. Following a comprehensive review, Azamara Cruises notified affected individuals and offered free credit monitoring services for one year to mitigate risks, alongside guidance on protecting against identity theft.

9. Café Zupas Reports Data Breach Incident

Café Zupas, a Utah-based restaurant chain, reported a data breach involving the potential exposure of sensitive personal information. The breach occurred between October 21 and October 23, 2024, when unauthorized third parties may have accessed and copied individuals’ data. The affected information includes names and Social Security numbers, with breach notification letters being sent out starting February 25, 2025, offering credit monitoring services to those impacted.

10. St. Clair Healthcare Reports Data Breach

St. Clair Orthopaedics & Sports Medicine, a Michigan-based healthcare provider, recently reported a data breach that may have exposed sensitive personal and health information of approximately 340,000 individuals. The breach was discovered on November 24, 2024, after suspicious activity was detected within the network. In response, St. Clair launched an investigation to determine the scope of the breach and assess the nature of the compromised data.

📢 Cyber News

11. Arkansas Sues GM Over Data Collection

Arkansas filed a lawsuit against General Motors (GM) and its OnStar subsidiary over deceptive data collection and sales practices. The lawsuit claims that GM collected and sold consumer driving data for over a decade, raising insurance rates and even causing individuals to be removed from insurance plans. The data in question included details on vehicle speed, braking, and driving habits, which were sold to brokers and insurers without drivers’ consent.

12. Cellebrite Ends Software Licensing to Serbia

Cellebrite, an Israeli tech company known for providing mobile phone unlocking software to law enforcement, announced that it will no longer allow Serbia to use its products. This decision followed an Amnesty International report revealing that Serbian authorities had abused the technology to hack into civilian phones and install spyware, targeting members of civil society. Cellebrite’s move highlights its commitment to ethical use of technology, as the company assesses the human rights records of governments before licensing its products, ensuring they are only used for lawful and democratic purposes.

13. Linux Foundation Launches OSPS Baseline

The Linux Foundation’s Open Source Security Foundation (OpenSSF) announced the release of a project aimed at establishing minimum security requirements for open source software. The Open Source Project Security Baseline, or OSPS Baseline, provides a checklist to enhance security by offering best practices for reducing vulnerabilities. This initiative, a tiered framework, helps developers understand security expectations and enhances trust in open source projects. The baseline is structured in levels, with Level 1 offering foundational security measures, while Level 3 focuses on more advanced security practices for large-scale projects.

14. Hacker Arrested for Over 90 Data Breaches

Group-IB, in collaboration with the Royal Thai Police and Singapore Police Force, announced the arrest of a prolific hacker responsible for over 90 major data breaches across 25 countries. Operating under several aliases, the hacker exfiltrated 13 terabytes of sensitive data, targeting industries such as healthcare, government, and finance. His activities spanned from 2020 to 2025, and his operations were discovered after extensive joint investigations.

15. Dreadnode Secures $14M to Tackle AI Security

Dreadnode, a startup specializing in offensive AI security, has raised $14 million in a Series A funding round. The investment, led by a group including Decibel, Next Frontier Capital, and In-Q-Tel, highlights the growing focus on the security of AI technologies. Dreadnode’s founders, Will Pearce and Nick Landers, aim to enhance AI security with products like Strikes and Spyglass, designed to simulate real-world attack scenarios and test vulnerabilities in AI systems.