👉 What’s going on in the cyber world today?

Aquabotv3 Botnet, Mitel Phones, DDoS Attacks, RDP Exploit, Windows Systems, SMS, Devil-Traff Phishing Tool, Lazarus Group, Global Developers, Operation Phantom Circuit, SparkRAT Attacks, macOS, Linux Systems, New York Blood Center Enterprises, Ransomware, Chicago Department of Public Health, Sensitive Data, Crypto Users, DogWifTools, DeepSeek Database, Syracuse Police Department, FBI, Cracked.io, Nulled.to, Cybercrime Operation Talent, Breakout Time, Cyber-Attacks,, US Congress, Federal Data Privacy Law, UK Government IT Systems, Oligo Security, Series B Funding, ADR Platform.

Listen to the full podcast

🚨 Cyber Alerts

1. Aquabotv3 Exploits Mitel SIP Phones for DDoS

A new variant of the Mirai-based Aquabot botnet, known as Aquabotv3, has been observed exploiting CVE-2024–41710, a command injection vulnerability in Mitel SIP phones. Discovered by Akamai’s Security Intelligence and Response Team (SIRT), this variant introduces a system that reports kill attempts back to its command-and-control (C2) server, providing its operators with enhanced monitoring. Aquabotv3 uses this vulnerability to inject commands and install a payload, giving the botnet access to a range of devices to launch DDoS attacks.

2. RDP Exploit Lets Attackers Hijack Sessions

Cybersecurity experts have identified a new exploit targeting the Remote Desktop Protocol (RDP), allowing attackers to hijack Windows systems and track browser activity. The vulnerability stems from improper handling of RDP bitmap cache files, which are used to enhance remote desktop session performance. These cached files store on-screen activity, enabling attackers to reconstruct user actions such as opened applications, terminal commands, and private browser sessions, posing significant risks to both individual and enterprise data security.

3. Devil-Traff SMS Tool Fuels Global Attacks

Cybersecurity experts are raising alarms over Devil-Traff, an SMS-based phishing tool that is empowering cybercriminals to carry out large-scale attacks worldwide. The platform uses advanced automation and customization to send thousands of fraudulent messages that mimic trusted organizations such as banks, IT support, or tech companies. These attacks often involve convincing messages that lead victims to click on malicious links or share sensitive data, which can result in compromised accounts or even large-scale data breaches.

4. Lazarus Targets Developers in Global Attack

The Lazarus Group, a North Korean state-sponsored APT, has launched “Operation Phantom Circuit,” embedding malicious backdoors into legitimate software packages used by developers worldwide. This attack, which began in September 2024, has already impacted over 233 victims, especially in the cryptocurrency and technology sectors. By manipulating trusted software tools and distributing them through platforms like GitLab, the group has compromised systems, stealing sensitive data and credentials while evading detection with advanced obfuscation techniques.

5. SparkRAT Attacks Target Multiple Platforms

Cybersecurity researchers have uncovered a rise in attacks leveraging SparkRAT, a cross-platform Remote Access Trojan (RAT) written in GoLang. Initially released on GitHub in 2022, SparkRAT has gained popularity due to its modular design and multi-platform support, targeting Windows, macOS, and Linux systems. The malware is capable of executing over 20 commands, including stealing sensitive data, manipulating files, and capturing screenshots, all while blending into legitimate network traffic using the WebSocket protocol for communication with its command-and-control server.

💥 Cyber Incidents

6. NYBCe Ransomware Disrupts Blood Services

New York Blood Center Enterprises (NYBCe) faced a ransomware attack that has disrupted critical blood donation services across the United States. The attack, which was first detected on January 26, caused the organization to take certain systems offline, delaying processing times for blood donations. The NYBCe, which provides blood to over 70 hospitals and serves 75 million people nationwide, is working with cybersecurity experts to restore its systems, though there is no set timeline for recovery.

7. Chicago Health Department Data Exposure

The Chicago Department of Public Health (CDPH) reported an incident where some individuals’ names and medical information may have been exposed through an online dashboard. The disclosure occurred on October 8, 2024, when users followed specific steps while viewing the dashboard, which displayed public health statistics. Although no misuse of the exposed data has been identified, the department has since restricted access to the information and is offering affected individuals 12 months of free credit monitoring services.

8. Hackers Drain Wallets Through DogWifTools

Hackers have compromised the Windows version of DogWifTools, a software used to promote meme coins on the Solana blockchain, in a supply-chain attack that drained users’ wallets. The attack began when a threat actor gained access to the project’s private GitHub repository and injected a Remote Access Trojan (RAT) into versions 1.6.3 to 1.6.6. The malware targeted users’ cryptocurrency wallet private keys, leading to significant losses, especially for Windows users, while macOS users remained unaffected.

9. DeepSeek Database Exposes Sensitive Data

Wiz Research discovered a publicly exposed ClickHouse database belonging to DeepSeek, a Chinese AI startup known for its advanced models. The database was completely open, allowing unauthorized access to sensitive information, including chat history, secret keys, and over one million log entries. This breach highlights the risks of misconfigured systems and the importance of securing critical infrastructure to prevent potential threats to privacy and security.

10. Syracuse Police Faces Network Security Issue

The Syracuse Police Department, in New York, experienced a security incident affecting its computer network. The department has temporarily suspended its systems to investigate and secure the network, with limited access as additional security measures are implemented. While it has not been confirmed if the issue is a ransomware attack, the incident could disrupt the department’s operations, and may also impact the Onondaga County Sheriff’s Department due to shared databases. The investigation is ongoing, and efforts are focused on restoring services securely.

📢 Cyber News

11. Industry Groups Urge US to Pass Privacy Law

Over three dozen industry groups are urging Congress to pass federal data privacy legislation that would replace the fragmented patchwork of state laws. They argue that a national standard would simplify compliance for businesses and lower costs for consumers, especially for small businesses and startups. Despite bipartisan support for comprehensive privacy laws, past efforts have failed due to disagreements on key issues like preemption of state laws and private lawsuits, leading to stalled legislative sessions.

12. FBI Seizes Domains of Hacking Forums

The FBI, in collaboration with international law enforcement, has seized the domains of Cracked.io and Nulled.to, notorious hacking forums involved in cybercrime and credential theft. These forums were hubs for password cracking, illicit software, and stolen credentials. Authorities from multiple countries including the U.S., Italy, and Spain participated in the law enforcement operation, named “Operation Talent,” which targeted these cybercriminal networks.

13. Cyber-Attacks Breakout Time Shortens by 22%

Cyber-attacks have become significantly faster in 2024, with breakout times decreasing by 22% compared to the previous year, according to a report from ReliaQuest. The report highlights several factors contributing to this acceleration, such as the increased use of infostealers, initial access brokers (IABs), and specialized ransomware affiliates. With the help of IABs, attackers can skip time-consuming network infiltration and gain immediate access, often with admin-level privileges. This has led to quicker deployment of ransomware and data theft.

14. UK Government Cybersecurity Faces Weaknesses

The UK government’s National Audit Office (NAO) has raised concerns over the cyber resilience of critical IT systems. A 2024 assessment revealed that 58 vital departmental systems had significant gaps in security, creating extremely high risk. Additionally, the report highlighted the government’s legacy IT systems, many of which remain highly vulnerable due to outdated controls and a lack of visibility, leaving them exposed to cyberattacks.

15. Oligo Security Raises 50 Million in Series B

Oligo Security has secured $50 million in Series B funding, raising its total to $80 million. The round was led by Greenfield Partners with participation from several other investors. The Tel Aviv-based company, founded in 2022, specializes in deep application inspection at runtime, using eBPF technology to monitor software functions and open-source libraries. The funding will support Oligo’s global expansion as it continues to meet growing demand for its application detection and response platform.

Copyright © 2025 CyberMaterial. All Rights Reserved.