March 24, 2025 – Cyber Briefing

👉 What’s happening in cybersecurity today?

Albabat Ransomware, Linux, Apple, macOS, VanHelsingRaaS, Windows, BSD, ESXi, FIN7, Anubis, Python, Backdoor, Remote Access, Data Theft, RansomHub, Betruger Backdoor, SvcStealer 2025, Phishing, Malware Exfiltration, NYU Website, Personal Information, Zoth Protocol, Admin Privilege, Cyberattack, Costa Rica, YouTube, DHR Health, Lithuania, Emergency Website, DOGE, Privacy Violations, US Treasury, Tornado Cash,Indiana Health Systems, Clearview AI, Privacy Lawsuit, UK, Sextortion, Teen Boys, Awareness, National Crime Agency.

Listen to the full podcast

🚨 Cyber Alerts

1. Albabat Ransomware Targets Linux and macOS

Trend Micro has uncovered a significant shift in the Albabat ransomware, which now targets Linux and macOS systems alongside Windows. This expansion highlights the ransomware group’s increasing sophistication and its use of GitHub to manage configuration files and streamline operations. The latest versions of the malware not only gather system and hardware data from these new platforms but also encrypt multiple file types while bypassing key system folders.

2. VanHelsingRaaS Targets Multiple Platforms

VanHelsingRaaS, a new ransomware-as-a-service operation, was launched in March 2025 and has already targeted three victims within two weeks. The operation demands ransoms of $500,000 paid in Bitcoin, offering affiliates 80% of the payment for a $5,000 deposit. It is a cross-platform threat that targets not only Windows but also Linux, BSD, ARM, and ESXi systems, significantly increasing its potential impact across enterprise environments.

3. FIN7 Deploys Anubis Backdoor for Attacks

FIN7 has unveiled a new Python-based backdoor called Anubis, enhancing its cyberattack capabilities. This advanced backdoor is distributed through phishing campaigns and utilizes strong encryption methods like AES to obfuscate its malicious payload. Once deployed, it enables attackers to maintain persistence, communicate through legitimate channels, and execute commands remotely. The backdoor’s ability to upload additional malware and its modular design make it a powerful tool for long-term exploitation of compromised systems.

4. RansomHub Affiliate Uses Betruger Backdoor

Symantec researchers identified Betruger, a custom backdoor used by RansomHub affiliates in ransomware attacks. The backdoor combines multiple functions, including screenshot capture, credential theft, keystroke logging, and privilege escalation, streamlining the attack process. Betruger helps minimize detection by reducing the number of tools needed, making it a highly efficient tool for cybercriminals. This custom backdoor, disguised as a legitimate file, plays a significant role in RansomHub’s operations, supporting data exfiltration and remote access during attacks.

5. SvcStealer Steals User Data via Phishing

SvcStealer 2025, a new information-stealing malware, uses spear phishing email attachments to infiltrate systems and harvest sensitive data. It targets personal, financial, and machine data, including user credentials, cryptocurrency wallets, and browser data. Once the data is collected, it is exfiltrated to command and control servers, where additional malware may be downloaded to expand its reach and impact. Researchers have identified the malware’s use of evasive techniques to avoid detection, making it a serious and evolving threat.

💥 Cyber Incidents

6. NYU Data Leak Exposes 3 Million Applicants

In March 2025, hackers took over NYU’s website for two hours, leaking sensitive data of over 3 million applicants. The stolen information included names, test scores, financial aid, family details, and more dating back to 1989. The breach was linked to accusations about NYU’s race-sensitive admissions, showing discrepancies in average test scores among racial groups. NYU’s IT team quickly restored the site, reported the incident to authorities, and began reviewing its security systems.

7. Zoth Protocol Hit by $8.4M Hack and Exploit

Zoth protocol experienced a significant exploit after an attacker compromised admin privileges, leading to a loss of $8.4 million. The attacker withdrew the funds, converted them into DAI stablecoin, and transferred them to another address. Blockchain security firm Cyvers flagged the suspicious transaction and confirmed the breach, prompting Zoth to place its site in maintenance mode. The Zoth team is actively investigating the incident and working with partners to resolve the issue, with a detailed report promised once the investigation concludes.

8. Costa Rican President YouTube Account Hacked

Costa Rican President Rodrigo Chaves’ official YouTube account was hacked on Friday in a cyber attack. The attackers posted unauthorized content, including a bitcoin symbol and cryptocurrency-related videos. The government worked with experts from the president’s office, the science and technology ministry, and Google to regain control and prevent further issues.

9. DHR Health Cyberattack Disrupts Operations

DHR Health in Edinburg, Texas, recently experienced a cyberattack disrupting its information systems. The hospital system, which spans across Hidalgo and Cameron counties, stated that IT teams were actively working to restore services. While the cyberattack caused some phone lines to go down, patient care remained unaffected due to established backup protocols. The hospital assured the public that its staff was fully equipped to handle the situation and that operations would continue as usual despite the technical difficulties.

10. Cyberattack Hits Lithuania Emergency Website

A cyberattack on Lithuania’s LT72.lt emergency preparedness website was detected on Saturday morning. The Fire Protection and Rescue Department (PAGD) quickly responded by disconnecting the compromised link, halting the spread of potentially damaging information. Informatics specialists are currently investigating the incident to determine the scope of the breach. While the investigation continues, PAGD assured that the LT72 emergency app, which operates independently, remains fully functional and unaffected by the cyberattack.

📢 Cyber News

11. DOGE Staff Blocked From Accessing SSA Data

A U.S. judge has blocked DOGE staff from accessing sensitive Social Security data due to privacy violations. The court ruled that DOGE had failed to justify their access to the records, citing their actions as a “fishing expedition” for fraud based on little evidence. The judge issued a temporary restraining order requiring DOGE to delete any data containing personally identifiable information, and criticized the methods used by DOGE and its backers, President Trump and Elon Musk. The ruling also highlighted serious security breaches, including ignoring federal safeguards and mishandling sensitive financial data.

12. Tornado Cash Sanctions Removed After Ruling

The U.S. Treasury Department recently lifted sanctions against Tornado Cash after a federal appeals court ruled in its favor. The cryptocurrency mixer had been accused of facilitating money laundering for North Korea’s Lazarus Group, but the court determined that the Treasury overstepped its authority in imposing sanctions. Despite this decision, the Treasury emphasized its commitment to countering illicit use of digital assets while encouraging innovation in the industry.

13. Indiana Health Systems Help Small Providers

Indiana’s largest health systems are collaborating to support smaller healthcare providers with cybersecurity resources. The initiative, called Healthcare Cyber in a Box, provides a range of downloadable tools and expert guidance tailored to the needs of smaller organizations. It offers three levels of cybersecurity support and covers 23 critical areas, helping these providers strengthen their defenses. With an emphasis on practical, actionable steps, the program is designed to address gaps in smaller organizations’ cybersecurity capabilities, particularly in rural hospitals facing increased risks.

14. Clearview Settles Privacy Lawsuit for $50M

Clearview AI has settled a class-action privacy lawsuit for an estimated $50 million. The company faced allegations of violating Illinois’ Biometric Privacy Act by scraping billions of facial images from the internet without consent. Instead of a lump-sum payout, the settlement involves giving plaintiffs and their lawyers a stake in the company’s future value, as Clearview lacked the funds for an immediate payout. Despite the settlement, Clearview does not admit liability, and some state attorneys general opposed the deal, arguing it insufficiently protects future privacy risks.

15. UK Teen Boys Unaware of Sextortion Risks

A recent National Crime Agency (NCA) report reveals that 74% of UK teen boys are unaware of sextortion risks, leaving them vulnerable to online exploitation. The NCA found that many do not recognize requests for explicit content as sextortion attempts and are unsure how to report such incidents. To address this, the NCA launched an awareness campaign targeting boys aged 15–17 to help them understand the dangers and take action against online exploitation.