👉 What’s happening in cybersecurity today?
Crypto Attackers, Transaction Simulation, Ethereum, IBM, Robotic Process Automation, Data Flaw, Malware, Social Media, YouTube, AI-Driven Ransomware, FunkSec, Hacktivism, Cybercrime, WordPress Skimmer, Checkout Pages, Telefonica Data Breach, Eindhoven University, Cyberattack, Campus Disruption, Swiss Federal Administration, IT Systems, Luxembourg Government Websites, Prime Technological Services, IRS, Identity Protection, Personal Identification Number, Microsoft Legal Action, Foreign Hackers, U.S. Department of Justice, Russian Hackers, Crypto Money Laundering, New York, Crypto Recovery, Remote Job Scam, Italy, Telecom Security Deal.
Listen to the full podcast
🚨 Cyber Alerts
Threat actors are using a new attack method called “transaction simulation spoofing” to steal cryptocurrency. In one incident, attackers made off with 143.45 Ethereum, valued at approximately $460,000. This attack targets the transaction simulation feature in Web3 wallets, which allows users to preview transactions before signing, by tricking victims into approving a manipulated transaction.
A newly disclosed vulnerability in IBM Robotic Process Automation (RPA) could expose sensitive data to remote attackers. Tracked as CVE-2024-51456, the flaw arises from an insecure RSA algorithm implementation without Optimal Asymmetric Encryption Padding (OAEP). IBM has released updates to mitigate the issue, advising affected users to upgrade to version 23.0.20 or later, while those on older versions should follow temporary remediation steps to secure their systems.
Cybercriminals are leveraging platforms like YouTube and social media to distribute malware disguised as fake software installers. These malicious links, often shared in video descriptions or comments, lead users to download malware hosted on trusted file-sharing services such as Mediafire and Mega.nz. The malware steals sensitive data by exploiting browser credential storage, while using evasion techniques like password-protected downloads to hinder detection.
FunkSec, a newly emerging AI-assisted ransomware group, has targeted over 85 victims since late 2024. Operating with a ransomware-as-a-service model, FunkSec demands relatively low ransoms, sometimes as little as $10,000, while also selling stolen data at reduced prices. Their breach announcements and custom tools, including a DDoS attack tool, were centralized through a data leak site launched in December 2024.
Cybersecurity researchers have uncovered a stealthy credit card skimmer campaign targeting WordPress e-commerce sites. The malware injects malicious JavaScript into WordPress databases, specifically on checkout pages, to steal sensitive payment details from unsuspecting users. Once activated, the script mimics legitimate payment processors and captures credit card numbers, CVV, and billing information, which is then encoded and exfiltrated to an attacker-controlled serve
💥 Cyber Incidents
Telefonica has confirmed a breach involving the theft of over 236,000 customer records. Hackers, including members of the Hellcat ransomware group, exfiltrated data from the company’s internal systems, including sensitive Jira database information and internal documents. The breach resulted from infostealer malware that compromised over 15 employees and was exacerbated by social engineering tactics aimed at gaining administrative access to servers.
Eindhoven University of Technology (TU/e) in the Netherlands was struck by a cyberattack on January 12, forcing the university to shut down its network. As a result, students and employees were unable to access network-bound systems like email, Wi-Fi, Canvas, and Teams, leading to the suspension of lectures and other activities. Although the campus remained open, the disruption significantly affected day-to-day operations and services.
Hackers launched a cyberattack on the Swiss federal administration, impacting key services such as telephones, email, and federal websites. The attack caused a 45-minute disruption to IT systems on Friday morning, though no data was leaked according to the federal government. The Federal Office of Information Technology and Telecommunications (FOITT) confirmed that countermeasures helped stabilize the situation, and both the FOITT and the Federal Office for Cybersecurity (FOCBS) are analyzing the attack. This incident follows a pattern of previous cyberattacks on the Swiss federal administration, including one during the Ukraine conference at Bürgenstock in June 2024, believed to be linked to pro-Russian hackers.
Several Luxembourg government websites, including MyGuichet and LuxTrust, were affected by a cyberattack on Friday afternoon. The attack, identified as a Distributed Denial-of-Service (DDoS), caused a disruption for around two hours, making the sites temporarily inaccessible. While the services have since been restored, the State Information Technology Centre (CTIE) has not yet identified the attackers or provided further details.
Prime recently informed the Attorney General of the Commonwealth of Massachusetts that sensitive personal and health information in its care might have been compromised. The company did not provide specific details about the nature of the breach, but the potentially exposed data includes names and social security numbers. In response, Prime began sending data breach notifications to impacted individuals in January 2025, offering 24 months of complimentary identity monitoring services.
📢 Cyber News
The IRS has relaunched its Identity Protection Personal Identification Number (IP PIN) program, encouraging all U.S. taxpayers to enroll for added protection against tax-related identity theft. The IP PIN is a unique six-digit number that must be used when filing a tax return, ensuring that only the taxpayer, their accountant, and the IRS know it. This PIN prevents scammers from filing fraudulent returns using the taxpayer’s personal information.
Microsoft is pursuing legal action against a foreign-based threat actor group accused of creating a hacking-as-a-service infrastructure to bypass safety controls of its generative AI services. The group exploited exposed customer credentials and unauthorized access to services like Azure OpenAI Service, using them to generate harmful content and sell access to other malicious actors. Microsoft has revoked the group’s access, implemented new countermeasures, and seized a website central to their operation.
The U.S. Department of Justice recently indicted three Russian nationals for operating cryptocurrency mixing services Blender.io and Sinbad.io, which were used for laundering criminally derived funds. The defendants allegedly helped cybercriminals, including ransomware groups, to obfuscate the source of stolen cryptocurrency. While two of the suspects were arrested in December 2024, the third individual remains at large, facing charges that could lead to up to 25 years in prison if convicted.
The New York Attorney General’s office has filed a lawsuit to recover over $2 million in cryptocurrency from a remote job scam. The scam involved hackers sending text messages promising fake online job opportunities, tricking victims into purchasing stablecoins. Through WhatsApp, the scammers convinced victims to deposit funds into cryptocurrency accounts, claiming the deposits were required for product reviews, but ultimately stole the money when victims tried to withdraw it.
Italy’s Premier Giorgia Meloni recently addressed concerns over a potential 1.5 billion-euro deal with Elon Musk’s SpaceX for providing encryption services and telecom infrastructure to the Italian government. Meloni clarified that no private discussions had taken place with Musk and stressed that national interest was her primary focus when evaluating such partnerships. She acknowledged that the government is still in the investigative phase and has yet to sign any contracts. The deal, which would enhance Italy’s communications security, has faced criticism from opposition parties and raised questions about data protection when handled by a private entity like SpaceX.
Copyright © 2025 CyberMaterial. All Rights Reserved.
