March 25, 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

Fake Semrush Ads, Google Account Credentials, Rilide Malware, Chrome, Edge, Phishing Campaign, Counter-Strike 2, Fake Steam Login, IngressNightmare, Kubernetes Clusters, FogDoor Malware, Developers, Data Theft, Cyberattack, Ukraine Railway, Disrupting Online Ticket Sales, Russian Hackers, Belgian Websites, DDoS Attack, South Africa, Astral Foods, Pennsylvania, Union County, Personal Data, Hackers Demand, Malaysia Airports, MAHB, FCC, Chinese Firms, National Security Restrictions, Interpol, Cybercrime Crackdown, Africa, NIST, CVE Backlog, 23andMe, Bankruptcy, Data Privacy, Linux 6.14, Performance, AI, Gaming, Security Features

Listen to the full podcast

🚨 Cyber Alerts

1. Fake Semrush Ads Steal Google Account Data

A new phishing campaign is targeting Google accounts through deceptive Semrush ads that appear legitimate in search results. Cybercriminals have set up fraudulent ads that redirect victims to fake Semrush login pages, designed to look authentic with proper logos and formatting. Once users enter their Google credentials, the attackers capture the data and can access sensitive business information, including Google Analytics and Search Console data. This stolen information can be used for financial fraud, identity theft, or to deceive partners and vendors into making fraudulent transactions.

2. Rilide Malware Targets Chrome and Edge Users

Rilide, a sophisticated malware targeting Chrome and Edge browsers, has emerged as a significant threat. Posing as a legitimate extension, it stealthily monitors browsing activity and steals login credentials from over 300 popular websites. Security researchers have observed its rapid spread, with 75,000 installations worldwide, targeting corporate and individual users across North America and Europe. Experts recommend careful management of browser extensions enabling PowerShell logging, and blocking suspicious commands to prevent infections..

3. Phishing Campaign Targets CS2 Players

A sophisticated phishing campaign has recently targeted Counter-Strike 2 players by using fake Steam login pages to steal their credentials. The attackers employ a deceptive Browser-in-the-Browser (BitB) technique, creating a fake browser window that looks nearly identical to the legitimate Steam login interface. Promoting these fraudulent sites through social media and YouTube, the cybercriminals lure victims with promises of free in-game items, skins, and cases, especially targeting fans of the professional esports team Navi.

4. IngressNightmare Exposes Kubernetes Clusters

A series of critical vulnerabilities, known as IngressNightmare, have been discovered in the Ingress NGINX Controller for Kubernetes. These flaws, affecting over 6,500 Kubernetes clusters, enable attackers to inject malicious configurations that allow remote code execution and access to sensitive data. Exploiting these vulnerabilities gives attackers the ability to take control of entire Kubernetes clusters, including Fortune 500 companies, by bypassing authentication and gaining access to stored secrets.

5. FogDoor Malware Targets Software Developers

A sophisticated malware campaign, known as FogDoor, is targeting software developers through deceptive fake coding challenges. This campaign leverages socially engineered GitHub repositories, designed to appear as legitimate technical recruitment tasks, to trick developers into executing malicious code. Once the malware is installed, it establishes persistence, exfiltrates sensitive data like browser cookies and Wi-Fi credentials, and enables remote control of infected systems.

💥 Cyber Incidents

6. Cyberattack Disrupts Ukraine Railway Sales

Ukrzaliznytsia, Ukraine’s national railway operator, faced a cyberattack that disrupted online ticket services, causing long delays at Kyiv’s central station. While passengers were forced to wait in line to buy physical tickets, train operations continued without delay. The company is working with Ukraine’s cybersecurity teams to investigate the breach and restore affected systems, though no specific timeline for recovery has been provided.

7. Russian Hackers Target Belgian Websites

Russian hacker collective NoName057(16) launched a large-scale DDoS attack on several key Belgian websites, including MyGov.be and the Walloon Parliament’s online platform. The attack, aimed at overwhelming the targeted websites with fake traffic, caused significant disruption but no data breaches. The Centre for Cybersecurity Belgium (CCB) monitored the situation closely, with most websites being restored by the afternoon. This attack is believed to be in retaliation for Belgium’s €1 billion military aid to Ukraine, with NoName057(16) previously targeting Belgian government sites in similar campaigns.

8. Astral Foods Suffers Losses from Cyberattack

Astral Foods, South Africa’s largest chicken producer, experienced a cyberattack on March 16, 2025, resulting in operational disruptions. The attack caused delays in poultry processing and delivery, leading to an estimated loss of $1 million in revenue. Despite the significant setback, the company swiftly implemented its disaster recovery protocols and restored normal operations. Astral Foods confirmed that no sensitive or confidential data was compromised and expressed gratitude to its customers and staff for their support during the recovery.

9. Union County Cyberattack Exposes Data

Union County, Pennsylvania, recently faced a cyberattack that compromised sensitive personal data, including Social Security and driver’s license numbers. The attack, detected on March 13, led to the unauthorized access and acquisition of information primarily tied to law enforcement and court matters. While the county took immediate steps to secure its systems and launch an investigation, the affected individuals are being notified. As part of the response, the county is offering free credit monitoring services to those impacted and urging vigilance against potential identity theft.

10. Hackers Demand $10 Million from MAHB

Malaysia Airports Holdings Berhad (MAHB) recently faced a cyberattack where hackers demanded US$10 million. Prime Minister Datuk Seri Anwar Ibrahim confirmed the attack, which occurred in the last few days, and stated that the government refused to comply with the criminals’ demands. In light of the incident, Anwar emphasized the importance of allocating more resources to strengthen the country’s cybersecurity infrastructure and law enforcement capabilities to effectively counter such threats in the future.

📢 Cyber News

11. FCC Investigates Chinese Firms in the US

The Federal Communications Commission (FCC) is investigating nine Chinese companies, including Huawei and ZTE, placed on its Covered List due to national security concerns. These companies’ products and services were previously banned from the U.S. market, with the aim of preventing espionage and cyberattacks. The investigation seeks to determine whether these firms are continuing operations in the U.S. through unregulated or private means, despite the previous prohibitions and increasing tensions surrounding foreign technology in critical infrastructure.

12. Over 300 Arrested in Cybercrime Operation

Over 300 suspects were arrested in an international operation aimed at dismantling cross-border cybercriminal networks across seven African countries. The operation, conducted between November 2024 and February 2025, targeted mobile banking, investment, and messaging app scams that defrauded over 5,000 victims. Law enforcement agencies from Benin, Côte d’Ivoire, Nigeria, Rwanda, South Africa, Togo, and Zambia participated, seizing assets, devices, and even properties from the criminals.

13. NIST Still Struggles to Clear CVE Backlog

The National Institute of Standards and Technology (NIST) is grappling with a growing backlog of CVE submissions in the National Vulnerability Database (NVD). Despite processing submissions at the same rate as before, a 32% increase in submissions last year has intensified the backlog issue. The slowdown in spring and early summer of 2024 has worsened the situation, creating a gap between reported issues and actionable intelligence. NIST is exploring AI and machine learning technologies to automate certain tasks, as the current workflows and manual processes are insufficient to keep up with the rising volume of submissions.

14. 23andMe Declares Bankruptcy Amid Data Issues

23andMe has filed for Chapter 11 bankruptcy and is pursuing a sale of its assets. This move comes after the company faced financial difficulties, worsened by a massive data breach in 2023 that exposed genetic data from millions of customers. As the company enters the bankruptcy process, privacy experts are concerned about the security of sensitive customer data, with regulators urging individuals to delete their information. The company has pledged to protect data throughout the sale, though experts warn that changes in data practices may occur with new ownership.

15. Linux 6.14 Introduces Security Features

Linux 6.14 kernel introduces a range of updates that significantly improve performance, compatibility, and security. It includes the new NTSYNC driver, which boosts gaming performance on Linux by enhancing compatibility with Windows games via Wine and Steam Play. The AMDXDNA driver brings official support for AMD’s Neural Processing Units, enabling more efficient AI-driven applications. Additionally, storage enhancements like Btrfs RAID1 read balancing and new fsnotify file pre-access notifications improve system efficiency, while security updates help mitigate CPU speculation attacks and strengthen kernel lockdown features.