👉 What’s trending in cybersecurity today?
Google OAuth Flaw, Domain Ownership Change, Cryptojacking, Kong Ingress Controller, DockerHub, Malicious Plugin, WordPress Sites, Microsoft Patches, SimpleHelp, Remote Access Servers, Mortgage Investors Group, Cyberattack, E-Benefit, Data Breach, Kafene, Customer Information, Alliance Public Schools, PowerSchool, FBI, PlugX Malware, Chinese Imports, Russian Imports, AI Infrastructure, North Korea Hacking, Cryptocurrency Theft, Orchid Security, Identity Management, AI Technology.
Listen to the full podcast
🚨 Cyber Alerts
A new vulnerability in Google’s OAuth login system has been uncovered, allowing attackers to exploit changes in domain ownership to gain unauthorized access to sensitive employee data. This flaw, highlighted by Truffle Security, affects users who rely on “Sign in with Google” for accessing various SaaS products, including HR systems, tax documents, and personal information. Google has acknowledged the issue and recommended security improvements, including using unique account identifiers to mitigate this growing threat.
A serious security breach was detected in the Kong Ingress Controller version 3.4.0, following an attack on Kong’s DockerHub account. The attacker uploaded a malicious image containing cryptojacking code that mined cryptocurrency on affected systems. After discovering the issue, Kong swiftly removed the compromised image, rotated access keys, and released a patched version to mitigate the attack.
A new malware campaign has compromised over 5,000 WordPress sites, creating rogue admin accounts and installing a malicious plugin designed to steal sensitive data. The campaign leverages the wp3[.]xyz domain to exfiltrate data, and the plugin sends stolen information to an attacker’s server disguised as an image request. To protect against this threat, website admins are advised to block the domain, review user accounts and plugins, and implement enhanced CSRF protections and multi-factor authentication.
Microsoft started 2025 by addressing 161 security vulnerabilities, including three actively exploited zero-days. Of these flaws, 11 are rated Critical, while 149 are deemed Important. Among the critical issues, there are privilege escalation flaws in Windows Hyper-V, which have been actively exploited and are now included in the U.S. CISA’s Known Exploited Vulnerabilities list. These issues were discovered and patched quickly by Microsoft, with new versions released by January 2, 2025.
Cybersecurity researchers have uncovered several critical vulnerabilities in SimpleHelp remote access software, which could expose users to significant security risks. The flaws, disclosed by Horizon3.ai, include unauthenticated path traversal, arbitrary file upload, and privilege escalation issues, all of which could allow attackers to gain unauthorized access, steal sensitive information, and potentially execute remote code. The vulnerabilities were identified as easily exploitable, with the potential for attackers to chain them together to escalate privileges and take full control of the affected systems.
💥 Cyber Incidents
Tennessee-based Mortgage Investors Group (MIG) confirmed that a cyberattack in December exposed sensitive personal and financial information of customers. The attack, which occurred on December 11 and was discovered the following day, compromised the computer environment of the company, affecting customer data, including full names and financial details. MIG, which operates more than 26 branches and serves around 300,000 customers, has since engaged a third-party vendor to identify those impacted by the breach, with notifications expected to be sent in the coming weeks.
A pro-Ukraine hacker group named Yellow Drift claimed responsibility for a cyberattack on Roseltorg, Russia’s primary platform for government and corporate procurement. The group stated they deleted 550 terabytes of data, including emails and backups, in a bid to disrupt the platform’s operations. The attack has caused significant disruptions for clients, including government agencies and major corporations, with Roseltorg assuring that its systems are being restored and deadlines extended for affected users.
E-Benefit recently disclosed a data breach affecting sensitive personal and health information. The breach, identified around July 11, 2024, involved unauthorized access to E-Benefit’s network, potentially exposing personal details such as Social Security numbers, medical records, and financial information. As part of its response, the company began an investigation and notified impacted individuals on January 13, 2025, offering complimentary credit monitoring services and a detailed report of the exposed information.
Kafene, a point-of-sale financing company based in New York, reported a data breach to the Attorney General of Texas on January 14, 2025. While the full details of the breach remain unclear, it is believed that sensitive personal identifiable information, such as names, social security numbers, dates of birth, driver’s license numbers, and government-issued IDs, may have been accessed by an unauthorized third party. Kafene has notified the individuals affected by the breach and is continuing to investigate the extent of the compromised data. The company, which offers flexible financing options for retail consumers, utilizes AI and machine learning to enhance its platform and services.
On January 7, 2025, Alliance Public Schools in Nebraska was alerted to a data breach involving their student information system, PowerSchool. The breach occurred on December 28, 2024, and was caused by an unauthorized user downloading student data. Superintendent Dr. Troy Unzicker confirmed the breach and assured the community that PowerSchool had contained the situation and was conducting an analysis to determine the specifics of the compromised data.
📢 Cyber News
The U.S. Department of Justice announced a successful operation where the FBI removed PlugX malware from more than 4,250 infected devices as part of a multi-month law enforcement campaign. The malware, linked to China’s Mustang Panda hacking group, had been used for remote access and data theft, affecting thousands of systems across the U.S., Europe, Asia, and other regions since at least 2014. The operation included the use of a self-delete command that removed the malware from the compromised systems without affecting legitimate functions, marking a significant achievement in disrupting state-sponsored cyberattacks targeting various governments and businesses.
The U.S. Commerce Department announced a final rule on Tuesday that bans certain Chinese and Russian connected car technology from being imported into the United States. The rule prohibits Vehicle Connectivity Systems (VCS) and Automated Driving System (ADS) software, both crucial for connected cars, if linked to China or Russia. The regulation is a response to national security concerns over the potential for foreign adversaries to exploit connected vehicle systems to access sensitive information or disrupt critical infrastructure.
On Tuesday, President Joe Biden signed an executive order aimed at accelerating AI infrastructure development in the U.S. The order directs federal agencies to facilitate the creation of large-scale AI data centers and clean power facilities while ensuring these developments meet stringent environmental standards. The move comes in response to the growing demand for computational power needed to operate AI tools and the need to ensure these developments do not compromise the U.S. electricity grid or raise consumer costs.
North Korean state-backed hackers have stolen over $659 million in cryptocurrency through multiple attacks, with several crypto-related companies targeted by cyber groups linked to the DPRK. The U.S., South Korea, and Japan issued a joint statement warning of continued threats from North Korean hackers, who use sophisticated social engineering tactics and malware such as TraderTraitor and AppleJeus to infiltrate blockchain companies. Despite efforts to curb these attacks, DPRK-affiliated hackers remain a significant global security threat, compromising the stability of the international financial system.
Orchid Security, a New York-based startup, has raised $36 million in a large seed round led by Team8 and Intel Capital. The company aims to simplify identity and access management (IAM) by leveraging large language models (LLMs) to address the complexity of fragmented identity systems in enterprises. Orchid’s platform will automatically discover applications, evaluate authentication flows, and pinpoint weaknesses, allowing faster onboarding and reduced costs while using AI to assess identity flows without needing access to application code.
Copyright © 2025 CyberMaterial. All Rights Reserved.
