🕵🏻‍♂️ [InfoSec MASHUP] 20/2025

🔓 BREACHES & SECURITY INCIDENTS

🇺🇸 Coinbase has confirmed a data breach where hackers stole customer personal information, including identity documents and account details. The hacker obtained this data by paying former support staff to access internal systems. Coinbase is warning affected customers and expects to incur significant costs related to the incident. [Form 8K]

🇺🇸 Nucor Corporation, the largest steel producer in the U.S., faced a cyberattack that forced it to take parts of its network offline and halt production at several locations. The company is working with law enforcement and cybersecurity experts to investigate the incident, but the full impact is still unclear. Nucor has not disclosed details about the attack or whether any data was stolen.

🇦🇺 The Australian Human Rights Commission revealed a data breach where 670 sensitive documents were leaked online and indexed by search engines. This breach included private information such as names, health details, and employment info, affecting submissions made between 2021 and 2025. The AHRC is investigating the incident and has disabled web forms to prevent further exposure, while also offering support to those impacted.

🇬🇧 Marks & Spencer has confirmed that hackers stole customers' personal data during a cyberattack last month. The stolen information includes names, addresses, and online order histories. The company is resetting customer passwords and has experienced disruptions in its stores and online services.

🤷🏻‍♂️ Twilio denied being breached after a hacker claimed to have stolen over 89 million Steam user records, including one-time access codes. The leaked data included SMS messages linked to Steam accounts, but Twilio stated there was no evidence that their systems were compromised. Users are advised to enhance their security by enabling Steam Guard Mobile Authenticator and monitoring for unauthorized access.

🇺🇸 Andy Frain Services, a security company in Illinois, announced that a ransomware attack affected over 100,000 people — The breach, discovered in October 2024, involved sensitive information, prompting the company to offer credit monitoring to those impacted. The Black Basta ransomware group claimed responsibility for the hack, stating they stole 750 GB of files.

🔗 Partners and Affiliates

🔐 NordVPN x Saily Campaign (May 14 - July 2)

With its user-friendly interface, robust security features, and commitment to privacy, NordVPN continues to be a popular choice for individuals seeking online protection and unrestricted internet access.

Special Offer: up to 73% off on selected 2-year NordVPN plans plus a free Global Saily eSIM data plan!

🥷🏻 CYBERCRIME, CYBER ESPIONAGE, APT’s

🇺🇸 🇮🇱 Osei Morrell, an American-Israeli national, was arrested in Israel for his alleged role in the $190 million Nomad Bridge crypto hack in August 2022. He is accused of helping to launder stolen funds and was identified through blockchain analysis by TRM Labs. Morrell will be extradited to the United States as legal procedures have been approved.

🇺🇸 Eric Council Jr. was sentenced to 14 months in prison for hacking the SEC's X account — In January 2024, he and others falsely claimed that the SEC had approved Bitcoin ETFs, causing the price of Bitcoin to spike. They gained access by performing a SIM swap attack on a phone belonging to someone connected to the SEC's account.

🇷🇺 🇺🇦 Fancy Bear, the Russian hacking group, has been targeting the email accounts of high-ranking Ukrainian officials and defense contractors since 2023. They exploited vulnerabilities in webmail software to steal sensitive information, using tactics like spearphishing. The group's primary goal appears to be gathering intelligence on Ukraine's military supply chain amidst the ongoing conflict. [Also, Operation RoundPress]

🇽🇰 🇺🇸 A 33-year-old Kosovo citizen named Liridon Masurica was extradited to the US and appeared in court for running a cybercrime marketplace called BlackDB.cc. He faces multiple charges, including fraud, and could be sentenced to up to 55 years in prison if found guilty. Masurica's platform sold stolen personal information and facilitated various types of cybercrime.

🇰🇵 🇺🇦 🇷🇺 North Korea's Konni group is targeting Ukrainian government agencies to gather intelligence about the ongoing conflict and support its military involvement with Russia. They use phishing emails that impersonate think tanks to trick recipients into downloading malicious files. This cyber activity adds a new layer to the already complex cybersecurity situation in Ukraine, which has been heavily impacted by Russian attacks.

🇹🇷 Turkish hackers have exploited a zero-day vulnerability in Output Messenger to spy on Kurdish military entities in Iraq. This group, known as Marbled Dust, has increased its technical skills and is using the vulnerability to access sensitive files and deploy backdoors. Users are urged to update their applications to the latest version to protect against this threat.

🇺🇸 U.S. federal authorities seized two domains (Anyproxy and 5socks) and indicted four people for running a botnet that infected wireless internet routers. The botnet allowed unauthorized access to the routers, which were sold as proxy servers for a monthly fee. The accused have not been arrested, and their current locations are unknown.

🇲🇩 Moldovan authorities have arrested a 45-year-old suspect linked to the DoppelPaymer ransomware attacks on Dutch organizations in 2021. During a search, they seized various electronic devices and cash, and the suspect may be extradited to the Netherlands. The ransomware attack caused approximately €4.5 million in damages to the Dutch Research Council after they refused to pay a ransom.

🗓️ {Cyber,Info}Sec Events: My list of past and future {cyber,info}sec related events — Feel free to contribute by submitting issues or pull requests. Thanks! 😉

👨🏻‍⚖️ 👀 GOVERNMENT, POLITICS, AND PRIVACY

🇺🇸 The FBI has warned that scammers are using fake texts and deepfake audio to impersonate senior U.S. officials in order to steal personal information. These messages, which began in April, target current and former government officials to gain access to their accounts. The FBI advises people to verify the identity of anyone claiming to be a senior official before trusting their messages.

🇺🇸 FAIL! A Florida bill that would have required social media companies to create encryption backdoors for police access has failed. The bill was withdrawn after being postponed in the House of Representatives, despite earlier approval in the Senate. Critics argue that such backdoors are dangerous and could compromise user security.

🇺🇸 💰 Google has agreed to pay $1.375 billion to Texas to settle claims that it tracked users' locations and internet activity without permission. The lawsuits accused Google of tracking users even when location settings were off and collecting biometric data without consent. This settlement is a significant win for privacy protections, according to Texas Attorney General Ken Paxton.

🔗 Partners and Affiliates

🌐 Stay connected and secure on the go with Airalo's global eSIMs — Use the code NEWTOAIRALO15 if you’re new to Airalo to get an additional 15% discount.

🦠 MALWARE & THREATS

🗓️ Researchers found a malicious npm package called "os-info-checker-es6" that uses Unicode steganography and Google Calendar to deliver harmful payloads. The package, first published in March 2025, initially appeared safe but later versions contained hidden malicious code. This tactic helps the attackers avoid detection by using a trusted service to communicate with their server.

🐍 Researchers found a malicious package on PyPI called solana-token, which was designed to steal source code and developer secrets. It was downloaded 761 times before being removed. Developers are warned to carefully check all packages to prevent such attacks, as cryptocurrency tools are popular targets.

🤖 🧰 AI, CRYPTO, TECH & TOOLS

🇪🇺 Meta plans to use European Union user data for AI training without explicit consent, starting May 27, 2025. The privacy group noyb has threatened a lawsuit, claiming this approach violates GDPR laws. Meta argues it has a legitimate interest in using the data, but critics say this method is not legal or necessary.

📱 🔄 Google is introducing new security features in Android 16 to better protect users from scams and malware. The update enhances scam detection in Google Messages using artificial intelligence and adds new safeguards for banking apps during calls. Additionally, a new Advanced Protection program will be available for all users, providing stronger security measures for their devices.

🔗 Partners and Affiliates

⚡️ Unlock Your Peak Performance – First Month FREE!

Optimize your sleep, recovery, and performance with WHOOP. Perfect for cybersecurity pros who need to stay focused and ahead of the threat. Try it out, get a free WHOOP 4.0 and one month free.

🐛 🧠 VULNERABILITIES, RESEARCH, AND THREAT INTELLIGENCE

➝ From the Patching Department:

• Adobe has released patches for at least 39 critical vulnerabilities in various products 🚨

• Apple Patches Major Security Flaws in iOS, macOS Platforms 🚨

• ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files

• Google fixes high severity Chrome flaw with public exploit

• Fortinet fixes critical zero-day exploited in FortiVoice attacks

• Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

• Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws 🚨

• SAP Patches Another Critical NetWeaver Vulnerability

💰 0wn3d — Hackers earned $260,000 on the first day of the Pwn2Own Berlin 2025 competition. The top prize of $60,000 was awarded for exploiting a Linux kernel vulnerability. Participants will continue to demonstrate hacks over the next two days against various software and systems.

🐛 🩹 Radware has confirmed that vulnerabilities in its Cloud Web Application Firewall were fixed in 2023, despite being reported recently. The issues, which could allow attacks to bypass the firewall, were addressed shortly after being disclosed to the company. Radware appreciates the responsible disclosure from the researcher and is committed to improving its security solutions.

🐛 A new flaw in Intel CPUs, called "Branch Privilege Injection", allows attackers to leak sensitive data from protected memory areas. This issue affects all Intel CPUs from the ninth generation onward and can potentially be exploited on both Linux and Windows systems. Intel has released updates to mitigate the flaw, but users are advised to apply the latest BIOS and OS updates for better security.

😳 💸 Cybersecurity researcher Christiaan Beek warns that ransomware could soon target CPUs by exploiting vulnerabilities in microcode. He developed a proof-of-concept for CPU ransomware, which could bypass traditional security measures. Beek emphasizes the need for organizations to improve their basic cybersecurity practices to prevent such attacks.

🛰️ ICS, OT & IoT

🩹 ICS Patch Tuesday — Siemens, Schneider Electric, and Phoenix Contact released security advisories on May 2025 Patch Tuesday, addressing various vulnerabilities in their products. Siemens reported 18 new advisories, including critical flaws that could allow attackers to gain admin privileges or execute code. Schneider Electric and Phoenix Contact also highlighted significant vulnerabilities, including one that could disrupt services remotely.

💬 CONNECT

Follow me on Mastodon for quick daily updates and bite-sized content.

Prefer using an RSS feed? Add Infosec MASHUP to your feed here.

Enjoying our newsletter? Forward it to a colleague—
it’s one of the best ways to support us.

Thanks for reading today’s newsletter, and if you're enjoying it and want to support my work, you can buy me a coffee ☕ over at https://www.buymeacoffee.com/0x58

See you next time!

-X.