February 27 2025 – Cyber Briefing – Copy

👉 What are the latest cybersecurity alerts, incidents, and news?

nRootTag Attack, Apple Devices, Tracking Risks, Lotus Blossom Group, Espionage Campaigns, Vo1d Malware Botnet, Winos 4.0 Malware, Taiwan, Phishing Campaign, Access Management Systems, Belgium, Intelligence Service, China, Meta, Violent Content, Instagram Reels, DeepSeek Leak, Exposed API Keys, Philippine Army, Exodus Security, Data Leak, Oral Roberts University, Data Breach, LockBit Gang, FBI Director, France Encryption Laws, VPN Use, Enterprise GenAI Usage, Software Vulnerabilities, Archipelo, AI Developer Coding

Listen to the full podcast

🚨 Cyber Alerts

1. nRootTag Turns 1.5B iPhones Into Trackers

A newly discovered attack, nRootTag, has put over 1.5 billion Apple devices at risk of covert tracking. Exploiting Apple’s Find My network, the attack uses Bluetooth Low Energy (BLE) protocols to transform non-Apple devices into stealthy tracking beacons without requiring root access. This vulnerability affects iPhones, iPads, Apple Watches, and Macs, potentially jeopardizing privacy worldwide.

2. Lotus Blossom Use Cloud Services for C2

The Lotus Blossom hacker group has been identified using legitimate cloud services like Dropbox, Twitter, and Zimbra for their cyber espionage operations. Their custom backdoor, Sagerunex, has evolved with multiple variants designed to evade detection and maintain persistence in compromised environments. Active since at least 2012, they continue targeting sectors like government, manufacturing, and media, leveraging these platforms to blend malicious traffic with legitimate service usage, making detection increasingly difficult.

3. Vo1d Botnet Infects Over 1.5 Million Devices

A new variant of the Vo1d malware has led to the infection of over 1.5 million Android TV devices, creating a massive botnet spread across 226 countries. Researchers tracked the campaign, reporting 800,000 active bots as of January 2025. The botnet’s advanced encryption and resilient infrastructure make it difficult to disrupt. It engages in illegal activities such as using infected devices as proxy servers to conceal cybercriminal operations and ad fraud by simulating user interactions with ads.

4. Winos 4.0 Malware Targets Taiwanese Firms

A new phishing campaign is targeting Taiwanese companies with Winos 4.0 malware disguised as official documents from the National Taxation Bureau. The malware, sent via email attachments mimicking tax inspection lists, executes shellcode to download the Winos 4.0 module. This malware is capable of taking screenshots, logging keystrokes, and capturing sensitive information, including online banking and WeChat details. The attack chain overlaps with the ValleyRAT remote access trojan, both evolving from Gh0st RAT.

5. Exposed Access Systems Put Security at Risk

Security researchers found over 49,000 misconfigured Access Management Systems (AMS) worldwide, raising concerns about privacy and physical security. These systems, responsible for controlling access to critical facilities using biometrics and ID cards, were found exposed and vulnerable. The systems contained sensitive employee data, including biometric information and access logs, which could potentially be exploited for physical and cyber attacks.

💥 Cyber Incidents

6. Chinese Hack on Belgium Intelligence Service

Belgium’s federal prosecutor opened an investigation into alleged Chinese hacking targeting the Belgian intelligence service VSSE in late 2023. The attack, which spanned two years, reportedly exploited a breach in an American cyber company’s system and resulted in the compromise of 10% of the agency’s emails. While classified information remained secure, the personal data of nearly half of the VSSE’s staff was possibly exposed.

7. Meta Sends Violent Content to Instagram

Meta recently addressed an issue that caused some Instagram users to encounter disturbing content in their Reels feed. Videos showcasing street fights, school shootings, and gore were mistakenly recommended to users who expected more benign content. The company issued an apology, citing an error in its recommendation algorithm that led to these inappropriate posts appearing on users’ feeds, much to their dismay.

8. DeepSeek Leak Exposes 12000 Hardcoded Keys

A comprehensive analysis of the Common Crawl dataset revealed over 11,000 live API keys, passwords, and credentials embedded in publicly accessible web pages. These secrets, which could authenticate with major services like AWS, Slack, and Mailchimp, expose the risks in AI development pipelines. Researchers traced the issue to widespread credential hardcoding across millions of web pages, raising alarms about safeguards for AI-generated code.

9. Philippine Army Confirms Exodus Breach

The Philippine Army confirmed a cyberattack targeting its systems after a local hacking group, Exodus Security, claimed responsibility. Army spokesperson Col. Louie Dema-ala confirmed the breach was contained swiftly and there was no evidence of data theft. However, Deep Web Konek, a digital security group, reported that the hackers had accessed 10,000 records containing sensitive information, including personal details of active and retired service members.

10. ORU Reports Potential Data Breach Incident

Oral Roberts University (ORU) recently informed the Attorney General of Massachusetts about a potential data breach involving sensitive personal information. The breach, which may have exposed names and Social Security numbers, has led ORU to send data breach notifications to affected individuals. In response, the university is offering 24 months of complimentary credit monitoring services to impacted individuals.

📢 Cyber News

11. LockBit Targets New FBI Director Kash Patel

The LockBit ransomware group has reportedly targeted FBI Director Kash Patel, issuing a warning about his administration’s effectiveness. The gang criticized Patel’s subordinates for focusing on misleading narratives rather than their duties. Following their arrest and the takedown of their infrastructure, LockBit re-emerged and vowed to intensify its attacks, particularly targeting critical federal infrastructure. This new tactic, involving direct outreach to Patel, suggests the group may be engaging in a psychological operation to manipulate perceptions.

12. France Proposes Laws to Backdoor Services

Tuta, a privacy-focused email provider, and the VPN Trust Initiative (VTI) have voiced concerns over proposed laws in France that would require encrypted communication services to implement backdoors for law enforcement access. The laws, part of an amendment to the “Narcotrafic” law, would fine non-compliant companies and individuals heavily. Tuta has called for the rejection of the amendment, warning that weakening encryption would compromise user security and privacy, making it easier for malicious actors to exploit vulnerabilities.

13. Report Reveals 89% of GenAI Usage Hidden

A new report by LayerX reveals that a staggering 89% of enterprise GenAI usage occurs outside the visibility of IT, exposing organizations to significant security risks. This hidden usage includes employees accessing GenAI tools through personal accounts, often without oversight or approval from their IT departments. Nearly 50% of users who interact with GenAI tools frequently paste corporate data, such as financial information and source code, into these applications, heightening the risk of data leaks.

14. Vulnerability Fix Time Increases by 47%

The latest Veracode report reveals that the average time to fix software security vulnerabilities has increased by 47% over the past five years, now taking an average of eight and a half months. This delay is partly attributed to growing reliance on third-party and AI-generated code, which has significantly contributed to security debt. Despite progress in addressing some flaws, over half of all applications still contain critical vulnerabilities, highlighting the ongoing challenges organizations face in securing their software.

15. Archipelo Raises $12 Million for AI Security

Archipelo, a San Francisco-based cybersecurity startup, has raised $12 million to secure AI-driven software development. The company’s platform, Developer Security Posture Management (DevSPM), monitors AI and human-generated code to address the rising risks of security breaches. Archipelo’s approach sets it apart by focusing on proactive security for both developers and AI coding tools, aiming to prevent vulnerabilities before they reach production.