- Xโs InfoSec Newsletter
- Posts
- ๐ต๐ปโโ๏ธ [InfoSec MASHUP] 18/2025
๐ต๐ปโโ๏ธ [InfoSec MASHUP] 18/2025
France has linked Russian APT to 12 cyberattacks on French Orgs.; Cybersecurity experts demand the reinstatement of Chris Krebs' security clearances and the withdrawal of the investigation; Vulnerabilities in Apple's AirPlay Protocol; New York's Metropolitan Transportation Authority plans to use AI and cameras to detect potential subway crimes before they happen; SentinelOne Targeted by Chinse PurpleHaze Group; Microsoft sets all new Accounts passwordless by Default; The Trump administration plans to cut $491 million from CISA's budget;
We now have 1,652 subscribers! Thank you all for being part of my newsletter. Please share it with your friends and colleagues, and letโs keep growing the community.
Letโs now dive into this weekโs top insights! ๐
Table of Contents
๐ BREACHES & SECURITY INCIDENTS
๐บ๐ธ Ascension Health is notifying over 100,000 people that their personal and health information was stolen in a data breach linked to a third-party software hack. The breach involved a former business partner and exposed sensitive information, including Social Security numbers and health details. Ascension is offering two years of free credit monitoring to those affected.
๐จ๐ฆ โก๏ธ Nova Scotia Power experienced a cyberattack that disrupted some of its IT systems but did not cause any power outages. The company is investigating whether any customer or business information was compromised. They are working to restore affected systems and have not provided updates since April 28.
๐ฌ๐ง Co-op shut down parts of its IT system after an attempted hack, following a similar incident at Marks & Spencer. Despite this, all Co-op stores and funeral homes are operating normally. The company is taking steps to protect its systems and does not believe customer data has been compromised.

Figure: Ransomware billboard sign on top of Harrods building/Graham Cluley on LinkedIn
๐ฌ๐ง Harrods has confirmed it was targeted in a cyberattack, making it the third major UK retailer to face such an incident this week. The company restricted access to some systems while ensuring that all stores remain open and online shopping continues. They have not provided details on any data breaches but are actively responding to the situation.
๐ฏ๐ต Hitachi Vantara had to take its servers offline after a ransomware attack by the Akira group โ The company is working with cybersecurity experts to investigate and restore affected systems, while assuring customers that their data remains accessible. This attack has also impacted projects for government entities but has not affected Hitachi Vantara's cloud services.
๐บ๐ธ VeriSource Services has informed four million people that their personal information was stolen in a data breach discovered in February 2024. The compromised data includes names, addresses, and Social Security numbers, but the company has not found any evidence of misuse. To help affected individuals, VeriSource is offering 12 months of free credit monitoring and identity protection services.
๐ก MTN Group, a major telecom provider in Africa, reported a data breach affecting some customers' personal information. The company confirmed that its core network and financial systems were not compromised and is notifying affected customers. MTN has activated its cybersecurity response plan and urges customers to stay vigilant.
๐ Partners and Affiliates
๐ NordVPN Spring Campaign ๐ท (March 19 โ May 19)
With its user-friendly interface, robust security features, and commitment to privacy, NordVPN continues to be a popular choice for individuals seeking online protection and unrestricted internet access.
Special Offer: up to 77% off + 3 extra months on selected 2-year plans.
๐ฅท๐ป CYBERCRIME, CYBER ESPIONAGE, APTโs
๐พ๐ช ๐บ๐ธ A Yemeni man named Rami Khaled Ahmed has been indicted in the U.S. for operating the 'Black Kingdom' ransomware, which attacked about 1,500 Microsoft Exchange servers. He allegedly demanded $10,000 in Bitcoin from victims, including businesses and schools across the country. If convicted, Ahmed could face up to 15 years in federal prison.
๐บ๐ฆ ๐บ๐ธ A Ukrainian man named Artem Stryzhak was extradited to the U.S. for his role in a series of ransomware attacks using Nefilim software. He is accused of targeting large companies and extorting them for money while leaking their data online if they did not pay. Stryzhak faces charges for conspiracy to commit fraud and related activities in connection with these attacks.
๐ฃ The FBI has released a list of 42,000 phishing domains linked to the LabHost cybercrime platform, which was shut down in April 2024. These domains were registered between November 2021 and April 2024 and can help cybersecurity experts prevent future attacks and identify past breaches. The FBI warns that the list may contain errors and is not guaranteed to be fully accurate.
๐ช๐บ Europol has created a new Operational Taskforce, OTF GRIMM, to combat violence-as-a-service and the recruitment of young people into crime. This taskforce includes law enforcement from eight countries and aims to disrupt criminal networks that exploit vulnerable youth for violent acts. Parents are encouraged to watch for warning signs of their children being targeted by these organizations.
๐ซ๐ท ๐ท๐บ The French foreign ministry has linked the Russian APT28 hacking group to 12 cyberattacks on French organizations over the past four years. These attacks targeted various entities, including government bodies and research organizations, aiming to steal strategic intelligence. France condemned these actions as unacceptable and contrary to international standards for state behavior in cyberspace.
๐ฐ๐ต SentinelOne has reported that a Chinese hacking group called PurpleHaze targeted its infrastructure and clients, including an organization linked to hardware logistics for its employees. The group has also attacked a South Asian government entity using sophisticated tools like a backdoor named GoReShell. Additionally, SentinelOne noted attempts by North Korean operatives to apply for jobs at the company using fake identities, highlighting a broader trend of cyber threats against cybersecurity firms.
๐บ๐ธ A former Disney employee, Michael Scheuer, was sentenced to three years in prison for hacking into the companyโs menu servers and altering menus. He changed prices, added profanity, and falsified allergen information, posing health risks. Scheuer was ordered to pay nearly $690,000 in restitution, mostly to Disney, after pleading guilty to computer fraud and identity theft.
๐๏ธ {Cyber,Info}Sec Events: My list of past and future {cyber,info}sec related events โ Feel free to contribute by submitting issues or pull requests. Thanks! ๐
๐จ๐ปโโ๏ธ ๐ GOVERNMENT, POLITICS, AND PRIVACY
๐บ๐ธ Over 30 cybersecurity experts condemned President Trump's executive order targeting Chris Krebs and SentinelOne, calling it political retaliation. The order revoked security clearances for SentinelOne employees and initiated an investigation into Krebs for his work correcting election misinformation. The experts demand the reinstatement of the security clearances and the withdrawal of the investigation, arguing that such actions threaten the integrity of cybersecurity professionals.
โ For the letter in support of Krebs: https://www.eff.org/document/chris-krebs-support-letter-april-28-2025
โ To sign onto the letter: https://eff.org/r.uq1r
๐ฎ๐ช ๐จ๐ณ TikTok has been fined โฌ530 million by Ireland's Data Protection Commission for sending European users' data to China, violating GDPR rules. The company must stop these data transfers and comply with regulations within six months. This penalty follows a previous fine in September 2023 for mishandling children's data.
๐บ๐ธ โ๏ธ The Trump administration plans to cut $491 million from the Cybersecurity and Infrastructure Security Agency's budget, reducing it by nearly 17%. The budget aims to focus CISA on federal network defense and critical infrastructure security while eliminating programs related to misinformation. Lawmakers from both parties are concerned about the impact of these cuts on CISA's operations.
๐บ๐ธ ๐จ๐ณ The U.S. House has passed a bill to study the national security risks of routers and modems linked to U.S. adversaries, particularly China. This legislation aims to enhance understanding of cybersecurity threats and follows previous efforts to remove untrusted technology from U.S. networks. Lawmakers emphasize that protecting communication systems is vital for national security and public safety โ The House also passed the Take It Down Act, making it a federal crime to create or share nonconsensual deepfake pornography. The bill requires tech companies to remove such content within 48 hours and allows the Federal Trade Commission to enforce compliance. While it received strong bipartisan support, some experts worry it could lead to negative consequences for online privacy and free speech.
๐ Apple has notified several individuals worldwide that they were targeted by government spyware โ Two people who received the alerts include an Italian journalist and a Dutch activist, both of whom expressed concern about the attacks. Apple has previously issued similar warnings, indicating ongoing threats from mercenary spyware.
๐ ๐ Big Brother โ New car subscription features increase internet connectivity, which can expose drivers to government surveillance. Law enforcement agencies are trained to access data from connected cars, often without drivers' knowledge. Many automakers have varying policies on sharing location data with authorities, raising concerns about privacy.
๐ Partners and Affiliates

๐ Stay connected and secure on the go with Airalo's global eSIMs โ Use the code NEWTOAIRALO15 if youโre new to Airalo to get an additional 15% discount.
๐ฆ MALWARE & THREATS
๐ท๐บ ๐บ๐ฆ Russian companies are facing a widespread phishing campaign using the DarkWatchman malware, targeting various sectors like finance and energy. A new malware called Sheriff has also been identified, which targets Ukraine's defense sector through a popular news portal. Cyber incidents in Ukraine have surged significantly, with Russian hackers employing advanced tactics to gather intelligence.
๐จ๐ณ In March 2025, senior members of the World Uyghur Congress were targeted by malware disguised as a legitimate tool called UyghurEdit++. The malware was delivered through phishing emails that appeared to be from trusted contacts, leading victims to download a harmful file. This attack highlights ongoing efforts, likely by the Chinese government, to surveil and control the Uyghur diaspora.

Figure: Phishing email impersonating a partner organization/Citizenlab.ca
๐ค ๐งฐ AI, CRYPTO, TECH & TOOLS
๐ New York's Metropolitan Transportation Authority plans to use AI and cameras to detect potential subway crimes before they happen by analyzing live security footage. The technology will alert security if someone appears to be acting suspiciously, aiming to prevent incidents before they occur. However, some critics worry that this could lead to increased surveillance and bias in policing.
๐ค Microsoft is celebrating World Passkey Day to promote the shift from passwords to passkeys for safer and simpler sign-ins. They have joined the FIDO Alliance and introduced features that make new accounts passwordless by default, encouraging users to adopt passkeys. With passkeys, sign-ins are faster and more secure, aiming to eliminate passwords altogether.
๐ ๐ฌ Telegram's latest update features extra-secure group calls that allow up to 200 users to join without needing a group chat, ensuring privacy with end-to-end encryption. Business accounts can now fully automate messaging with new chatbot features, while gift-giving has been enhanced with better management options. Users can also appeal account restrictions through a "frozen account" system, which allows them to request a review of any bans.
๐ ๐ฅ Researchers have discovered that vulnerabilities in the Model Context Protocol (MCP) can be exploited for both attacks and defenses in AI applications. While MCP connects large language models to external data, it can also be manipulated to log tool functions or block unauthorized tools. This highlights the need for explicit user approval before running tools, as risks from prompt injection and tool poisoning remain significant.
๐ชฆ A group of major tech companies has created a draft standard called 'OpenEoX' to improve how companies announce when their products will stop receiving security updates. The aim is to make end-of-life notices clearer and easier to track, helping organizations manage cybersecurity risks from outdated systems. The coalition is seeking public feedback before finalizing the standard for broader use.
โจ๏ธ ๐ฑ Disaster in the Making? AI-generated code often includes fake references to libraries that do not exist, which can lead to serious security risks โ A recent study found that a large number of these references could help attackers insert malicious software into legitimate programs. This situation increases the chances of "dependency confusion" attacks, where software mistakenly uses harmful packages instead of safe ones.
๐ฅ ๐งฑ Meta has introduced LlamaFirewall, an open-source framework designed to protect AI systems from cyber threats like jailbreaks and insecure code. It features three main components: PromptGuard 2 for detecting attacks, Agent Alignment Checks for inspecting AI reasoning, and CodeShield for preventing unsafe code generation. Additionally, Meta has launched other tools and programs to enhance AI security and help developers identify and fix vulnerabilities.
๐ฃ๏ธ At the RSA Conference 2025, JPMorgan Chase CISO Pat Opet warned that the rush for convenience in software development has compromised security, leading to significant risks. Meanwhile, startups are showcasing AI solutions, promising to revolutionize cybersecurity despite concerns over their reliability. This creates a clash between the urgent need for better security practices and the hype surrounding AI technology in the industry.
๐ฎ๐ฑ Israel has used new artificial intelligence tools in the Gaza War to target Hamas leaders, including the successful assassination of commander Ibrahim Biari. While these A.I. technologies have improved military operations, they have also led to mistakes, resulting in civilian casualties and wrongful arrests. The rapid deployment of A.I. raises significant ethical concerns about its use in warfare.
๐ Partners and Affiliates
โก๏ธ Unlock Your Peak Performance โ First Month FREE!
Optimize your sleep, recovery, and performance with WHOOP. Perfect for cybersecurity pros who need to stay focused and ahead of the threat. Try it out, get a free WHOOP 4.0 and one month free.
๐ ๐ง VULNERABILITIES, RESEARCH, AND THREAT INTELLIGENCE
โ From the Patching Department:
๐ ๐ Vulnerabilities in Apple's AirPlay protocol could allow attackers to take control of devices without user interaction. These security flaws, known as AirBorne, can lead to serious threats like malware spread and remote code execution. Apple has released updates to fix these issues and protect users from potential attacks.
๐ For 2024, Google reported tracking 75 zero-day vulnerabilities, down from 98 in 2023. Most of these vulnerabilities targeted enterprise technologies and end-user products, with Chrome being the most affected browser. Nearly 45% of the exploits were linked to state-sponsored actors, indicating a rise in espionage and financially motivated attacks. [Report]

Figure: Zero-days by year/Google
๐ฐ๏ธ ICS, OT & IoT
๐จ๐ณ World Domination Plan โ China's growing influence, particularly through companies like CATL, poses potential risks to U.S. national security, as their electric vehicle batteries may be used for espionage. Experts warn that these batteries could serve as backdoors for data collection, impacting critical infrastructure. Overall, China's goal is to achieve global dominance by 2049, utilizing both economic and technological advancements.
๐ Planet Technology's industrial networking products have serious security flaws that allow remote attackers to gain admin access. The vulnerabilities were found in several of their network management systems and switches, affecting devices used globally, especially in manufacturing. Planet Technology has issued patches to fix these issues after being notified by CISA.
๐ฌ CONNECT
Follow me on Mastodon for quick daily updates and bite-sized content.
Prefer using an RSS feed? Add Infosec MASHUP to your feed here.
Enjoying our newsletter? Forward it to a colleagueโ
itโs one of the best ways to support us.
Thanks for reading todayโs newsletter, and if you're enjoying it and want to support my work, you can buy me a coffee โ over at https://www.buymeacoffee.com/0x58
See you next time!
-X.
Reply