March 20, 2025 – Cyber Briefing

👉 What’s going on in the cyber world today?

Scareware, Phishing, Apple, macOS, ClearFake, Web3, Malware, Redirection, Veeam, Backup Software, Domain-Joined Servers, Ukraine, Signal, Dark Crystal RAT, Aixbt Crypto Bot, Ether Theft, PSEA, Data Breach, iCloud Credentials, Ghana President, Cryptocurrency Scam, Mexico, San Felipe Water Authority, Hong Kong, Cybersecurity Law, UK’s NCSC, Post-Quantum Cryptography, Amazon, Alexa, Voice Recordings, Infosys, McCamish, Settlement, Dataminr, Global Reach, Product Development.

Listen to the full podcast

🚨 Cyber Alerts

1. Scareware Phishing Campaign Shifts to macOS

A long-running scareware phishing campaign has shifted from Windows to macOS, targeting user credentials. The attackers used fake Microsoft security alerts to lure victims, leveraging trusted platforms like Windows.net to bypass security defenses. With new anti-scareware protections on Chrome, Firefox, and Edge reducing Windows-based attacks, the threat now focuses on macOS, exploiting Safari vulnerabilities.

2. ClearFake Increases Web3 Exploitation

The ClearFake campaign has evolved significantly, now incorporating Web3 capabilities to bypass detection and target users with sophisticated malware. Utilizing Binance Smart Chain (BSC) contracts, the attackers load encrypted JavaScript that fingerprints victim systems before delivering payloads like Lumma Stealer. This new tactic enhances the campaign’s persistence and adaptability, with victims tricked into running malicious PowerShell commands.

3. DollyWay Malware Targets WordPress Sites

DollyWay, active since 2016, has evolved into a sophisticated malware operation that compromises WordPress sites, infecting over 20,000 globally. The latest version uses a Traffic Direction System to redirect visitors to fake sites, generating millions of fraudulent impressions monthly. Persistent reinfection techniques, including hidden admin accounts and malware embedded in plugins, make it challenging to fully remove, posing ongoing risks for website administrators.

4. Veeam Backup & Replication Critical RCE Flaw

A critical vulnerability in Veeam Backup & Replication software, identified as CVE-2025–23120, poses a significant security risk by allowing authenticated domain users to execute remote code. This flaw affects versions 12 through 12.3, with a CVSS score of 9.9, indicating a high level of danger. Attackers could exploit the vulnerability to execute malicious code remotely, which could lead to severe breaches. Users are urged to update to version 12.3.1 to mitigate the risk and ensure their systems remain secure against potential exploitation.

5. Signal Malware Targets Ukraine Defense

CERT-UA has warned about a new cyberattack campaign targeting Ukraine’s defense sector through compromised Signal accounts. Malicious messages containing archives with PDFs and executable files deliver the Dark Crystal RAT, providing remote access to infected devices. This campaign is linked to Russian cyber actors, with a focus on military-related topics such as UAVs and electronic warfare, making the threat particularly impactful on national security.

💥 Cyber Incidents

6. Aixbt Bot Hacked for $106000 in Ether Theft

The AI crypto bot aixbt was hacked, leading to the theft of 55.5 Ether, valued at $106,200. The breach didn’t manipulate the AI system itself, but security measures were immediately taken, including server migration and pausing dashboard access. This incident caused a 15.5% drop in the token’s value, sparking concerns over the vulnerability of AI-managed crypto systems and the need for better testing and security protocols in decentralized finance solutions.

7. PSEA Data Breach Affects Over 500000 Members

The Pennsylvania State Education Association (PSEA) disclosed a major data breach that impacted over 500,000 members. Hackers accessed and stole personal, financial, and medical data, including Social Security numbers and passport information. The Rhysida ransomware gang claimed responsibility for the attack, demanding a ransom, though PSEA has taken steps to secure the data and prevent further harm. In response, the organization is offering credit monitoring and identity restoration services to affected individuals and advising them to take preventive measures.

8. SpyX Breach Exposes 2 Million Users Data

SpyX, a spyware company, suffered a significant data breach in June 2024, exposing personal information of nearly 2 million users. The breach revealed email addresses, IP addresses, device data, and passwords, including iCloud credentials in plain text. The exposed data presents serious privacy risks, and affected users are urged to change their passwords, enable two-factor authentication, and monitor their accounts for any unusual activity, while cybersecurity experts highlight the dangers posed by consumer-grade spyware breaches.

9. Ghanian President Mahama’s X Account Hacked

John Mahama’s verified X account was hacked over the weekend to promote a fraudulent cryptocurrency project. The hackers falsely claimed that Mahama was behind Solanafrica, a project aimed at providing free payments across Africa via the Solana blockchain. Despite efforts to remove the fraudulent posts, the compromised account continued to share misleading content about crypto investments, underscoring growing concerns over cyber fraud in Africa, especially in light of unregulated digital assets.

10. Hackers Steal $2 Million from Mexican JMAPA

A cyberattack on the San Felipe Water and Sewer Board (JMAPA) in Guanajuato, Mexico, led to the theft of over $2 million. Authorities discovered 16 suspicious transactions on March 18, triggering a formal investigation into the incident. The local government has expressed full support for the investigation, emphasizing transparency and accountability to ensure the stolen funds are recovered. The incident has raised concerns about cybersecurity in the region, with the municipal council taking swift action to address the breach.

📢 Cyber News

11. Hong Kong Enacts Cybersecurity Law

Hong Kong introduced a new cybersecurity law that aims to safeguard critical infrastructure operators. The law, set to be enforced in 2026, mandates operators across sectors like finance, healthcare, and energy to enhance their security measures and report incidents within two hours. Operators who fail to comply could face penalties up to HK$5 million, with annual security assessments and bi-annual audits becoming obligatory. The law’s primary focus is protecting critical systems crucial to the economy and public safety.

12. NCSC Sets 2035 Target for PQC Transition

The UK’s National Cyber Security Centre (NCSC) has advised organizations to transition to post-quantum cryptography (PQC) by 2035 to safeguard sensitive data against the potential risks posed by quantum computing. The NCSC has outlined a three-phase migration strategy for organizations, with an emphasis on detailed planning and controlled implementation. This move aims to ensure that systems are adequately secured against quantum threats, which could compromise current encryption methods. The phased approach includes assessment, high-priority upgrades, and full migration, ensuring organizations are ready for future quantum threats.

13. Amazon Removes Echo Voice Recording Feature

Amazon is removing the “Do Not Send Voice Recordings” feature from its Echo devices starting March 28. This opt-in setting, which previously allowed users to prevent their voice requests from being sent to Amazon’s cloud, will be replaced with the “Don’t Save Recordings” option. While this new feature will still delete recordings automatically, the audio will first be processed through Amazon’s secure cloud. Users who have this setting enabled will also lose the ability to use the voice ID feature, which identifies individual users based on their voice.

14. Infosys Settles $17.5M Data Breach Lawsuit

Infosys has reached a $17.5 million settlement over class action lawsuits stemming from a 2023 data breach involving its subsidiary, McCamish. The breach, which compromised the personal information of 6.5 million individuals, impacted clients of major organizations like Bank of America and Fidelity Investments. The settlement, which consolidates six class action lawsuits, will resolve all allegations against McCamish and its customers. Once finalized, the agreement will end the litigation without any admission of liability from McCamish, pending court approval.

15. Dataminr Raises $85M for Global Growth

Dataminr raised $85 million in pre-IPO financing to accelerate its growth and expand internationally. The new capital will help the company enhance its market presence in Europe, the Middle East, and Asia while developing additional products in new verticals. Dataminr, known for its real-time event monitoring tools used by clients like NATO and OpenAI, aims to build on its success and support crisis response efforts worldwide. The company is approaching $200 million in annual recurring revenue and continues to be a significant player in AI-powered analytics.