March 28, 2025 – Cyber Briefing

👉 What are the latest cybersecurity alerts, incidents, and news?

Mozilla Firefox Vulnerability, Sandbox Escape, Morphing Meerkat, Phishing Kit, DNS Records, CoffeeLoader, Rhadamanthys Stealer, Tor Project, Browser Update, Pirated Snow White Torrent, Malware, TeamEsteem, Australia, NSW Department of Communities and Justice, Breach, Lee University, Third-Party Software Vulnerability, Nine Newspaper, Data Breach, Austria, Maria Enzersdorf Town, Cyberattack, Senegal, PressAfrik Group, YouTube Channel, Hacked, ENISA, Cybersecurity Threats, Space Sector, NHS Vendor, Advanced, Fine, Ransomware Attack, GetReal Security, AI-Generated Cyber Threats, T-Mobile, SIM Swap, Settlement, US Marshals, Veer Chetal, Crypto Scam.

Listen to the full podcast

🚨 Cyber Alerts

1. Mozilla Patches Critical Flaw in Firefox

Mozilla recently released urgent updates to address a critical vulnerability, CVE-2025–2857, in Firefox for Windows. The flaw, discovered after analyzing a similar exploit in Google Chrome, could allow a compromised child process to manipulate the parent process, bypassing sandbox protections. If left unpatched, this issue could result in a severe security breach. Although there have been no reports of exploitation in the wild, Mozilla has taken swift action to resolve the issue in Firefox versions 136.0.4, 115.21.1, and 128.8.1.

2. Morphing Meerkat Uses DNS to Launch Phishing

Researchers uncovered a sophisticated phishing-as-a-service platform, targeting 114 brands worldwide through DNS MX records. The threat actor, known as Morphing Meerkat, leverages compromised domains and open redirects, and uses Telegram to distribute stolen credentials. The platform dynamically adjusts phishing content in multiple languages, increasing its global reach. Its use of DNS MX records allows it to target victims by serving fake login pages that resemble their email service providers, such as Gmail or Outlook, making the attack more convincing.

3. CoffeeLoader Delivers Rhadamanthys Stealer

Researchers at Zscaler identified CoffeeLoader, a sophisticated malware that uses advanced techniques to bypass security solutions. It leverages GPU-based code execution and specialized methods like call stack spoofing and sleep obfuscation to evade detection. The malware primarily delivers Rhadamanthys, a stealer targeting sensitive information like credentials and cryptocurrency wallet data. With recent updates, Rhadamanthys now includes AI-powered optical character recognition for extracting wallet seed phrases from images, increasing its threat level.

4. Tor Releases Critical Update for Windows

The Tor Project swiftly released Tor Browser 14.0.8, targeting critical security vulnerabilities for Windows users. This emergency update incorporates crucial fixes derived from Mozilla Firefox 128.8.1esr, ensuring enhanced user privacy and safety. It also improves the user experience by incorporating changes like better interaction mechanisms and updated third-party components. Users are strongly advised to install the update to maintain secure browsing and prevent potential exploitation.

5. Malicious Snow White Torrent Infects Devices

A fake Snow White movie torrent on the TeamEsteem website tricked users into downloading harmful files. The torrent, disguised as a necessary codec, compromised users’ devices by disabling built-in security protections. Upon activation, the malware installed additional threats, including the TOR browser for Dark Web access, allowing attackers to steal data undetected. Researchers linked the attack to a vulnerability on the website, using it to distribute the malicious content widely.

💥 Cyber Incidents

6. New South Wales Department Faces Breach

Cybercrime detectives in New South Wales, Australia, are investigating a significant data breach involving the Department of Communities and Justice (DCJ). The breach, discovered on March 25, 2025, occurred on the NSW Online Registry website, which provides access to sensitive court records. The compromised files include court documents like apprehended violence orders and affidavits, with approximately 9000 files downloaded.

7. Lee University Reports Data Breach Incident

Lee University in Cleveland, Tennessee, recently reported a data breach caused by a vulnerability in third-party software. The breach exposed sensitive information, including personally identifiable information (PII), financial data, and health records of students and employees. The university has launched a thorough investigation and is notifying those affected, offering free identity protection services, including credit monitoring and fraud assistance. Additionally, Lee University is advising individuals to take precautionary measures such as changing passwords and contacting financial institutions to safeguard their personal data.

8. Nine Newspapers Expose Subscribers Data

A significant cybersecurity breach exposed the personal data of 16,000 subscribers of Nine newspapers, including The Sydney Morning Herald, The Age, and The Financial Review. The breach was caused by a third-party supplier’s failure to properly protect subscriber information, which included names, postal addresses, and email addresses. However, Nine confirmed that no payment details or passwords were affected, and no internal systems were compromised. The company is actively reaching out to all impacted subscribers, though the breach leaves them vulnerable to potential cyberattacks.

9. Hacker Attack Disrupts Maria Enzersdorf

Maria Enzersdorf, Austria, experienced a cyberattack in the night of March 25–26, disrupting the municipality’s IT systems. While the digital infrastructure is heavily impacted, essential “analog” services, such as public service counters, the town hall, and kindergartens, remain unaffected. The local authorities, in cooperation with cybersecurity specialists, are actively working to address the situation. The security agencies have been informed, and additional details are currently withheld for investigative reasons.

10. PressAfrik Group YouTube Channel Hacked

PressAfrik, a rapidly growing media channel in Senegal, was hacked on March 26, 2025. Hackers successfully bypassed security protocols and gained control over the platform, locking out the editorial and technical team from their own account. This attack came shortly after a surge in subscribers and AdSense revenue, threatening the channel’s journalistic mission to provide accurate and impartial information. PressAfrik has filed a formal complaint with Senegal’s Division of Cybercrime and is working with authorities to recover access and restore normal operations.

📢 Cyber News

11. ENISA Highlights Cyber Threats in Space

ENISA’s new report outlines escalating cybersecurity risks in the space sector, emphasizing the need for urgent action. With over 10,000 active satellites playing vital roles in communication, navigation, and more, the agency warns that cyber-attacks could disrupt crucial services. As space technology becomes central to modern economies, ENISA stresses the importance of adopting stronger security measures and standards, such as encryption, robust patching, and zero-trust approaches, to mitigate potential risks and cascading effects.

12. Advanced Fined Over 2022 Ransomware Attack

The UK Information Commissioner’s Office (ICO) fined Advanced Computer Software Group £3.07 million after a 2022 ransomware attack. The attack, attributed to the LockBit group, compromised the personal data of 79,404 individuals, including NHS patients, and caused widespread service outages. ICO found that Advanced failed to implement necessary security measures, such as universal multi-factor authentication and proper patch management, which allowed hackers to exploit vulnerabilities. The fine was reduced from the initially proposed £6.09 million but remains significant as the first penalty imposed on a data processor under data protection law in the UK.

13. GetReal Raises $17.5M to Combat AI Threats

GetReal Security has raised $17.5 million in Series A funding to address the growing threats of AI-generated deepfakes and impersonation. Specializing in digital content verification, the startup provides solutions for cybersecurity teams to mitigate risks from AI-generated media across various platforms. The funds will be used to accelerate product development, expand research efforts, and enhance the company’s market presence as the demand for robust digital authentication tools intensifies.

14. T-Mobile to Pay $33M Over SIM Swap Attack

T-Mobile has been ordered to pay $33 million after a SIM swap attack resulted in the theft of over $38 million in cryptocurrency. The attack, which took place in 2020, targeted Joseph Jones and exploited security flaws in T-Mobile’s systems, allowing attackers to hijack his phone number. Despite Jones’ account having heightened security measures, the attackers managed to bypass them, raising concerns about the carrier’s vulnerability to such attacks. The ruling highlights the need for telecom companies to strengthen customer protections against SIM swapping, a growing threat in cybersecurity.

15. Veer Chetal Arrested in $243M Crypto Heist

Veer Chetal, also known as Wiz, was arrested by U.S. Marshals in connection with a massive cryptocurrency heist. He and his co-conspirators, Greavys and Box, used social engineering tactics to manipulate a Genesis creditor into transferring over $243 million in cryptocurrency. The trio gained access to the victim’s account through spoofed phone numbers and fake support calls impersonating representatives from Google and Gemini. The stolen funds were then converted into luxury goods, including cars, watches, and designer clothes. However, mistakes made by the criminals, such as linking laundered funds to the stolen funds, allowed investigators to track them.