March 18, 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

Supply Chain Attack, GitHub Action, Sensitive Data, CI/CD Workflows, StilachiRAT, Crypto Wallets, Credentials, Apache Tomcat Flaw, Remote Code Execution, FBI, Malicious File Conversion, Malware, JPEG Files, Steganographic Malware, Passwords, Merkur Gambling Platforms, Security Breach, Maine, Bar Harbor School Project, Mexican President, Phone Hacked, Ascom, Hellcat Ransomware Gang, Uruguay President, Phone Number, DOGE Staffer, Treasury Rules, Unencrypted Personal Data, UK’s Ofcom, Illegal Content Removal Failures, Google OSV-Scanner, Vulnerability Detection, DDoS Attacks, OKX Platform, North Korean Hackers, Money Laundering.

Listen to the full podcast

🚨 Cyber Alerts

1. Supply Chain Attack Exposes GitHub Secrets

A recent supply chain attack targeted the tj-actions/changed-files GitHub Action, impacting over 23,000 repositories. The attackers compromised the code of the Action, allowing them to expose sensitive CI/CD secrets such as AWS keys and GitHub tokens through public build logs. GitHub quickly intervened by removing the malicious Action and urged users to update to the latest version. Additionally, GitHub recommended reviewing workflows for any unusual activity, especially for those using the affected version of the Action.

2. New StilachiRAT Targets Crypto Wallets

Microsoft uncovered StilachiRAT, a sophisticated remote access trojan (RAT) designed to evade detection and steal sensitive data. The malware targets browser credentials, cryptocurrency wallets, and system information, while monitoring active RDP sessions and clipboard content. By maintaining persistence through Windows services and employing anti-forensic tactics, StilachiRAT can remain undetected on compromised systems. It allows attackers to issue commands remotely, enabling actions such as log clearing, credential theft, and lateral movement within networks, posing a serious security threat.

3. Apache Tomcat Flaw Triggers Exploitation

A critical vulnerability, CVE-2025–24813, has been discovered in Apache Tomcat, affecting several versions of the software. The flaw allows attackers to exploit Tomcat’s partial PUT request functionality and its default session persistence to execute remote code or inject malicious content. After the flaw was disclosed, it quickly began to be actively exploited, with attackers using a simple technique to bypass security filters and execute code. Apache has released patches for affected versions, urging users to update immediately to prevent potential breaches.

4. FBI Warns of Malicious File Converter Tools

The FBI has issued a warning about the growing threat of malicious file conversion tools. Cybercriminals are targeting users looking for free utilities to convert documents, particularly Word to PDF converters, by hiding malware within these tools. Once downloaded, these converters steal sensitive information such as passwords, social security numbers, and cryptocurrency details, often without the victim’s knowledge. The FBI urges users to avoid untrusted file converters and rely on verified software to prevent system compromise.

5. JPEG Files Deliver Password Stealing Malware

A newly discovered malware operation uses steganography to hide malicious payloads inside JPEG image files, evading traditional security detection. The malware primarily targets browsers, email clients, and FTP applications to harvest login credentials, including through sophisticated tools like Vidar, Raccoon, and Redline. The attack is particularly difficult to detect, as the harmful scripts are embedded within pixel data, making them invisible to standard image-processing libraries and security mechanisms.

💥 Cyber Incidents

6. Merkur Breach Exposes Data of 800000 Players

A major security breach at Merkur, a leading German gambling company, exposed the personal data of 800,000 players. The vulnerability, stemming from an unsecured API, allowed unauthorized access to sensitive information such as ID cards, account details, and transaction records. Merkur has since taken corrective actions, including notifying customers and enhancing security measures, but concerns over data misuse persist.

7. Over $1M Stolen From Bar Harbor Schools

A cybercrime has affected the Mount Desert Island Regional School System, resulting in the theft of more than $1 million intended for a Bar Harbor school construction project. The crime involved a fraudulent request to change bank account information, which led to the funds being transferred to a fraudulent account on February 10. School officials quickly reported the incident to local law enforcement and the FBI, and the bank account receiving the funds has been frozen.

8. Claudia Sheinbaum Confirms Hack of Her Phone

Mexican President Claudia Sheinbaum confirmed that her phone was hacked following the extradition of 29 Mexican drug lords to the U.S. This cyberattack involved an older phone that Sheinbaum used during her 2024 presidential campaign, which still had a number linked to local contacts in Tlalpan. The hack affected both the phone and a personal email account, prompting immediate investigation by the Mexican government’s cybersecurity team.

9. Ascom Hit by Cyberattack on Ticketing System

Ascom, a software provider for the healthcare industry, experienced a cyberattack targeting its technical ticketing system. The Hellcat ransomware gang claimed responsibility for the breach and announced it on social media. Ascom’s cybersecurity team acted swiftly to secure the affected system, while assuring that no other IT or customer systems were impacted. The company is cooperating with authorities in an ongoing investigation and maintains that its operations are fully functional with no required preventive actions for customers.

10. Hackers Expose Uruguay President Orsi Phone

Hackers successfully breached the website of Uruguay’s Dinacia, leaking President Yamandú Orsi’s personal phone number. Along with the leak, the attackers issued threats, claiming access to sensitive data such as police system records and confidential information on public officials. They also posted a message criticizing the country’s political landscape, targeting corruption and accusing leaders of failing Uruguay. This cyberattack occurred on the anniversary of Uruguay’s Air Force, further intensifying concerns over the nation’s cybersecurity capabilities.

📢 Cyber News

11. DOGE Staffer Sent Unencrypted Personal Data

A staff member at the Department of Government Efficiency violated Treasury policies by emailing unencrypted personal information. Marko Elez, who worked at the U.S. Treasury, sent the data to two Trump administration officials before resigning in early February amid controversy over racist social media posts. The personal information, which included names, transaction types, and amounts of money, was not encrypted and violated the department’s security policies.

12. Ofcom Can Now Sanction UK Tech Platforms

Ofcom has gained the authority to sanction UK tech platforms that fail to meet the Online Safety Act’s requirements. The law, passed in 2023, compels platforms to swiftly remove harmful content such as terrorism, child abuse material, hate speech, and fraud. With penalties as high as £18 million or 10% of a company’s global revenue, non-compliance can lead to serious consequences, including court orders to block offending sites. Tech companies must conduct thorough risk assessments and implement measures to prevent illegal content, with Ofcom now actively enforcing these obligations.

13. Google Releases OSV-Scanner V2 for Security

Google launched OSV-Scanner V2, an open-source tool designed to improve vulnerability scanning across multiple software ecosystems. It supports formats such as .NET, Python, Java, and more, while also providing container image scanning for popular systems like Debian and Ubuntu. The tool offers interactive HTML outputs for easier analysis of vulnerabilities, including severity breakdowns and filtering options. Google also plans further developments, including expanded language support and enhanced vulnerability reachability analysis to help developers and security teams better manage risks.

14. DDoS Attacks Surge by 137% in Europe in 2025

The Link11 European Cyber Report 2025 highlights a concerning 137% rise in DDoS attacks, signaling a growing threat to businesses. These attacks are not only more frequent but also shorter, more targeted, and technically advanced, with the largest attack reaching 1.4 terabits per second. Multi-vector attacks, combining different techniques, complicate defenses, especially targeting web applications and APIs. Organizations must adapt their security strategies to stay ahead of evolving threats

15. OKX Shuts Tool After Laundering Attempt

OKX temporarily suspended its decentralized exchange (DEX) aggregator tool after North Korean hackers, linked to the Lazarus Group, tried to launder stolen funds through the platform. The attack was unsuccessful, but it prompted OKX to enhance its security infrastructure and work on improving transaction tagging on blockchain explorers. In response, the platform is rolling out new features to prevent future misuse and block suspicious addresses, while maintaining wallet services for customers, albeit with some restrictions on new wallet creation in select markets.