👉 What’s happening in cybersecurity today?

Russia, Hackers, npm Packages, Ethereum, Developers, Python Scripts, SwaetRAT Malware, UpdraftPlus Plugin, Injection Attacks, Nuclei, Signature Bypass, Remote Code Execution, KGB Keylogger, Fake, Russian Ministry Emails, Argentina, Airport Security Police, Breach, South Korea, GS Retail, Personal Information, Japan, Tenki, DDoS Attack, Pacific Pulmonary Medical Group, Personal Information, Leak, Japan, Modalis, Business Email Compromise, US, Sanctions, China, Cyber Firm, Flax Typhoon, India, Data Protection Rules, Public Feedback, Microsoft, Investment, AI, Datacenters, Cloudflare, VPN, Regulatory Compliance, Crypto Mining, Crackdowns, Deepfake Scams, Major Arrests

Listen to the full podcast

🚨 Cyber Alerts

1. Russian Hackers Target Ethereum Developers

Russian-speaking hackers have been found targeting Ethereum developers through malicious npm packages impersonating the Nomic Foundation’s Hardhat tool, a widely used Ethereum development environment. These counterfeit packages, including names like @nomicsfoundation/sdk-test and hardhat-deploy-others, are designed to exfiltrate sensitive data such as private keys, mnemonics, and configuration files. The attackers exploit the complexity of npm’s dependency chains to embed malicious code, making detection challenging.

2. Python Script Deploys SwaetRAT Malware

A newly discovered weaponized Python script is delivering a powerful malware strain known as SwaetRAT, posing significant cybersecurity risks. The script interacts directly with Windows APIs, utilizing libraries like System.Reflection and ctypes to bypass security mechanisms such as the Antimalware Scan Interface (AMSI) and Event Tracing for Windows (ETW). It achieves this by patching critical APIs, disabling their original functions, and allowing the malware to evade detection.

3. WordPress Plugin Flaw Exposes 3M Sites

A critical vulnerability in the popular UpdraftPlus: WP Backup & Migration Plugin has exposed over 3 million WordPress websites to potential injection attacks. The flaw, identified as CVE-2024-10957, stems from a PHP Object Injection vulnerability caused by the deserialization of untrusted input. It affects all versions of the plugin up to 1.24.11, with a patch issued in version 1.24.12 to resolve the issue. The vulnerability allows attackers to inject malicious PHP objects, leading to severe consequences like unauthorized file deletions, sensitive data exposure, and remote code execution.

4. Nuclei Vulnerability Allows Code Execution

A critical security vulnerability has been discovered in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner. Tracked as CVE-2024-43405, this flaw could allow attackers to bypass signature checks and execute arbitrary code on vulnerable systems. The vulnerability, affecting all versions of Nuclei after 3.0.0, arises from a conflict between the signature verification process and the YAML parser, enabling malicious content to be injected into Nuclei templates while maintaining a valid signature.

5. Keylogger Targets Companies with Fake Emails

A new cyberattack campaign has been identified, where a KGB-linked keylogger targets companies using social engineering tactics involving fake emails from the Russian Ministry of Industry and Trade. The malicious emails contain a .scr file that mimics a legitimate PDF viewer but, once executed, installs harmful malware on the victim’s system. The malware drops multiple files, including a KGB keylogger, and exfiltrates sensitive data such as Telegram Messenger-related documents.

💥 Cyber Incidents

6. Argentinian Airport Security Police Breached

Hackers have breached the payroll system of Argentina’s Policía de Seguridad Aeroportuaria (PSA), the country’s airport security force, compromising employees’ personal data. The attackers stole sensitive information, including the complete roster of PSA personnel involved in counter-terrorism operations at airports. They also deducted small sums, ranging from 2,000 to 5,000 ARS, from employees’ salaries under fake deductions labeled “DD major” and “DD seguros.” While the PSA has pointed to Banco Nación, which processes salaries, as the source of the breach, the origin of the attack remains unclear and may involve either external servers or insider complicity.

7. South Korea’s GS Retail Hit With Breach

GS Retail has confirmed a data breach affecting 90,000 customers, resulting from a hacking attack between December 27, 2024, and January 4, 2025. The leaked personal data includes names, genders, birth dates, contact information, addresses, IDs, and emails. The company identified the attack as credential stuffing, where stolen login details were used to access customer accounts. In response, GS Retail blocked suspicious IP addresses, locked affected accounts, and closed pages displaying personal information.

8. Japanese Weather Service Disrupted by DDoS

On January 5, 2025, Japan’s weather forecasting service, tenki.jp, faced significant accessibility issues due to a Distributed Denial-of-Service (DDoS) attack. The disruption resulted in network congestion, making both the web and app versions of the service unavailable to users. While the exact source of the attack has not been identified, the issue has impacted the platform’s ability to deliver real-time weather information. Authorities are working to mitigate the effects of the attack and restore full access to the service as quickly as possible.

9. Pacific Pulmonary Medical Group Breached

Pacific Pulmonary Medical Group (PPMG) in California has experienced a significant data breach after the Everest Ransomware Team leaked sensitive patient information on the dark web. The breach exposed unencrypted personal and health data, including insurance card images, Social Security numbers, and patient health details. The leaked data spans from 2021 to 2024 and consists of over 150 image files and several .csv documents containing sensitive personal information, such as contact details, medical appointments, and insurance data.

10. Modalis Loses $90,000 in Business Email Scam

Modalis, a Japan-based company, fell victim to a business email compromise scam, losing $90,000 (approximately 14 million JPY) after cybercriminals hijacked the email of a trusted vendor and sent fraudulent payment instructions. The company unknowingly transferred funds to a fake account, only realizing the deception after the loss occurred. Although Modalis managed to recover a portion of the money through cooperation with its bank and insurance provider, the incident underscores the increasing prevalence of such attacks.

📢 Cyber News

11. US Sanctions Firm Linked to Flax Typhoon

The U.S. government has sanctioned Beijing-based Integrity Technology Group, accusing the cybersecurity company of facilitating malicious cyber activities linked to the China-backed hacking group Flax Typhoon. The Treasury Department’s Office of Foreign Assets Control (OFAC) imposed the sanctions after Integrity Technology was found to have operated a botnet used by Flax Typhoon to target critical U.S. infrastructure. The botnet, dismantled in September by the FBI, included over 260,000 devices such as cameras and routers, and was used to conceal cyber intrusions into U.S. and European organizations.

12. India Releases Draft Data Protection Rules

India has released draft rules under the Digital Personal Data Protection Act, 2023, inviting public feedback until February 18, 2025. These rules aim to provide clear and enforceable guidelines for handling personal data by entities operating within the country. Among the key mandates, data fiduciaries must ensure transparency in data collection, allow users to withdraw consent easily, and implement robust security measures to protect personal data. Additionally, mechanisms for data breach notifications, cross-border data transfers, and protections for minors’ data are included.

13. Microsoft to Invest $80B in AI Datacenters

Microsoft has announced plans to invest $80 billion in fiscal year 2025 to expand AI-enabled datacenters globally, solidifying its commitment to AI technology. This strategic move, which will see a significant portion of the funds directed within the United States, aims to enhance AI model training and the deployment of AI and cloud applications. The company views AI as a transformative force for the economy, drawing parallels between its potential and the advent of electricity. As part of its comprehensive approach, Microsoft will also focus on AI skills development, targeting 2.5 million individuals in the U.S. alone in 2025.

14. India Pulls Major VPN’s from App Stores

India has pulled several major VPN apps, including Cloudflare’s 1.1.1.1, Hide.me, and PrivadoVPN, from its Apple App Store and Google Play Store in response to government orders. The Ministry of Home Affairs, through its Cyber Crime Coordination Centre, instructed the removal of these apps, citing violations of Indian law. This action follows the implementation of India’s 2022 regulatory framework, which requires VPN providers to retain detailed user records for five years, including personal information like names, IP addresses, and transaction histories.

15. Global Crackdowns Target Crypto and AI Fraud

In a sweeping global crackdown, authorities from Vietnam, the United States, and Hong Kong have arrested individuals involved in cryptocurrency and AI-related scams. On January 5, Vietnamese police apprehended four people behind a crypto-mining scam that defrauded over 200 victims of $157,300. The group, led by Tran Minh Quang, created a fraudulent mining platform promising high returns. Meanwhile, in Springfield, Massachusetts, local police issued a warning about rising crypto ATM scams, urging citizens to be cautious of suspicious calls demanding cryptocurrency payments.

Copyright © 2025 CyberMaterial. All Rights Reserved.