- X’s InfoSec Newsletter
- Posts
- 🕵🏻♂️ [InfoSec MASHUP] 27/2025
🕵🏻♂️ [InfoSec MASHUP] 27/2025
A security flaw in the Catwatchful spyware app has exposed the personal data of over 62,000 customers; Qantas has reported a cyberattack; The International Criminal Court (ICC) is investigating a new cyberattack that targeted its systems; Switzerland's government announced that sensitive data was stolen; U.S. authorities have arrested a man and seized assets in a crackdown on North Korean IT workers scheme; Researchers found a serious security flaw in Anthropic's MCP Inspector project;
Xavier Santolaria
July 04, 2025 • Estimated Reading Time: 16 minutes
We now have 1,642 subscribers! Thank you all for being part of my newsletter. Please share it with your friends and colleagues, and let’s keep growing the community.
Let’s now dive into this week’s top insights! 🚀
Table of Contents
🔓 BREACHES & SECURITY INCIDENTS
🇦🇺 ✈️ Qantas has reported a cyberattack that compromised customer data from a third-party platform, affecting around 6 million customers. While a significant amount of data, including names and contact information, is believed to have been stolen, no financial information was exposed. The attack may be linked to the group called "Scattered Spider" which has been targeting the aviation industry recently.
🇳🇱 ⚖️ The International Criminal Court (ICC) is investigating a new cyberattack that targeted its systems last week. This is the second sophisticated attack on the ICC in recent years, following a similar incident in September 2023. The court aims to keep the public informed and is taking steps to address the situation.
🇺🇸 Johnson Controls is notifying individuals about a data breach from a ransomware attack that occurred in September 2023. The attack, linked to the Dark Angels group, compromised systems and resulted in the theft of over 27 TB of corporate data. The company has incurred significant costs related to incident response and remediation efforts.
🇺🇸 Esse Health, a Missouri healthcare provider, has reported a data breach affecting over 263,000 people following a cyberattack in April 2025. The stolen information includes personal details like names, Social Security numbers, and health records. To help those impacted, Esse Health is offering free identity protection services and has improved its security measures.
🇨🇭 Switzerland's government announced that sensitive data was stolen in a ransomware attack on the organization Radix. The hackers leaked the stolen data on the dark web, and the Swiss National Cyber Security Centre is analyzing the impact. Radix has informed affected individuals and advises them to be cautious of potential scams.
🇺🇸 Myrtue Medical Center suffered a data breach claimed by WorldLeaks, who said they took 1.2 terabytes of data. The hospital stopped remote access, changed passwords, and hired experts to investigate. They will notify affected people and advise them to watch their financial accounts.
➝ More breaches:
🔗 Partners and Affiliates
🔐 NordVPN Threat Protection Pro™ Campaign (July 2 - August 13)
With its user-friendly interface, robust security features, and commitment to privacy, NordVPN continues to be a popular choice for individuals seeking online protection and unrestricted internet access.
Special Offer: get up to 73% off with a 2-year plan!
🥷🏻 CYBERCRIME, CYBER ESPIONAGE, APT’s
🔄 💸 The ransomware gang Hunters International announced it is shutting down and will provide free decryption keys to its victims. They did not specify why they are closing but hinted at a possible rebranding to a new group called World Leaks. This decision follows a trend where ransomware gangs often dissolve to avoid law enforcement scrutiny.
🇺🇸 💸 The U.S. Department of Justice is investigating a former ransomware negotiator for allegedly taking kickbacks from ransomware gangs during payment negotiations. The suspect worked for DigitalMint, a company that helps clients with ransomware incidents, which has since fired the employee and is cooperating with law enforcement. Some firms are warning clients against using DigitalMint while the investigation is ongoing.
🇪🇸 Spanish police arrested two hackers in Las Palmas for stealing data from government officials and journalists. They were a serious national security threat and leaked stolen information online to gain notoriety. The police confiscated many electronic devices during the arrests, which may lead to more evidence.
🇺🇸 🇷🇺 The U.S. has sanctioned the Russian bulletproof hosting provider Aeza Group for helping cybercriminals with ransomware attacks. The sanctions also affect its subsidiaries and four individuals linked to the company. This action is part of a larger effort to disrupt the infrastructure that supports cybercrime.
🇺🇸 🇰🇵 U.S. authorities have arrested a man and seized assets in a crackdown on North Korean IT workers who used fake identities to scam over 100 companies. The operation uncovered financial fraud and the theft of sensitive information, costing companies millions of dollars. Officials warn that North Korean cyber operatives continue to pose a significant threat to U.S. businesses.
🇪🇸 Spanish authorities arrested five people for laundering $540 million from illegal cryptocurrency investment schemes, affecting over 5,000 victims. The operation was supported by Europol and involved international collaboration to trace and recover the stolen funds. Europol warns that online fraud, especially using AI, is becoming more sophisticated and is expected to increase significantly in the coming years.
🗓️ {Cyber,Info}Sec Events: My list of past and future {cyber,info}sec related events — Feel free to contribute by submitting issues or pull requests. Thanks! 😉
👨🏻⚖️ 👀 GOVERNMENT, POLITICS, AND PRIVACY
🇬🇧 The UK has launched a new body called UK Defence Innovation to speed up the delivery of new technology to its Armed Forces, supported by a £400 million annual budget. This initiative aims to create high-skilled jobs and enhance military capabilities by quickly developing and deploying innovative solutions. Additionally, UK Strategic Command has been renamed Cyber & Specialist Operations Command to better reflect its focus on cyber operations and specialist capabilities.
🇺🇸 🇨🇳 The U.S. government sanctioned a Chinese national linked to a cloud provider that supports many investment scam websites. Despite the sanctions, he continues to operate numerous accounts on major tech platforms like Facebook, PayPal, and GitHub. Experts express concern that big tech companies are not effectively cutting ties with individuals involved in cybercrime.
👀 📲 A security flaw in the Catwatchful spyware app has exposed the personal data of over 62,000 customers and 26,000 victims. This app, which pretends to be a child monitoring tool, allows users to spy on phones without detection, gathering private information like photos and messages. The incident highlights ongoing risks associated with stalkerware, as it continues to operate despite vulnerabilities that can lead to data breaches.
🇮🇷 🇺🇸 Pro-Iran hackers have threatened to release emails connected to Donald Trump, but U.S. authorities call it a "smear campaign". The Cybersecurity and Infrastructure Security Agency (CISA) warned that this threat is intended to discredit Trump and distract from important issues. Federal officials also stated that Iranian hackers could target U.S. infrastructure and companies despite ongoing tensions.
🇨🇳 China has created the People’s Liberation Army Cyberspace Force, marking cyberspace as a key battlefield in modern warfare. This new military branch is responsible for both defending and attacking in the digital domain, supporting China's strategy of "informatised warfare." By centralizing its cyber operations under the Central Military Commission, China aims to enhance its military capabilities and respond to global cyber threats.
🇷🇺 🇺🇸 Russian media outlets IStories and Verstka faced a massive cyberattack after revealing a network selling sex with minors, with ties to powerful individuals. The attack involved the proxy provider Biterika Group LLC, linked to a U.S.-sanctioned Russian research center. This incident highlights the dangers faced by investigative journalists in Russia, who contend with state censorship and digital threats.
🇨🇦 🇨🇳 Canada has banned Hikvision, a Chinese surveillance company, from operating in the country due to national security concerns. The government concluded that Hikvision's presence could harm Canada’s safety after a thorough review. Hikvision disagrees with the decision, claiming it is based on unfounded allegations and geopolitical biases.
🇲🇽 🇺🇸 A hacker for the Sinaloa drug cartel tracked an FBI official in Mexico using surveillance of cameras and phones. This information was used to kill and intimidate potential witnesses in the El Chapo case. A recent report highlighted the FBI's need to improve its protection against such threats.
🔗 Partners and Affiliates
🌐 Stay connected and secure on the go with Airalo's global eSIMs — Use the code NEWTOAIRALO15 if you’re new to Airalo to get an additional 15% discount.
🦠 MALWARE & THREATS
🇰🇵 North Korean threat actors are using new malware, called NimDoor, to target Web3 and crypto businesses on macOS. This malware employs unique techniques, including process injection and encrypted communications, to steal user data from various browsers. The attack involves multiple scripts and binaries, making it complex and challenging for analysts to track.
🎠 🇨🇴 The hacker group Blind Eagle uses the Russian hosting service Proton66 to launch phishing attacks and deploy remote access trojans (RATs) targeting Colombian banks. They utilize Visual Basic Script (VBS) files to secretly install malware and harvest sensitive information from victims. Despite security measures, Blind Eagle adapts quickly and continues to exploit vulnerabilities in their attacks.
🤖 🧰 AI, CRYPTO, TECH & TOOLS
🛠️ 🤖 Cybercriminals are using Vercel's v0 AI tool to quickly create fake login pages that mimic real ones. This technology allows even inexperienced attackers to design convincing phishing sites with minimal effort. The rise of AI in cybercrime is enabling larger and more sophisticated scams.
🐛 🤖 Researchers found a serious security flaw in Anthropic's MCP Inspector project that could let attackers remotely execute code on developer machines. The vulnerability, tracked as CVE-2025-49596, has a high risk score and can expose sensitive data or allow backdoor access. A fix was released in June 2025 to improve security and prevent these types of attacks.
🇩🇪 🇨🇳 Germany's data protection authority has asked Apple and Google to block the DeepSeek app for illegally sending user data to China. The German commissioner is concerned that Chinese authorities could access this data, which violates European data protection laws. If the app is banned by these tech companies, it could lead to a wider ban across the EU.
🐛 🧠 VULNERABILITIES, RESEARCH, AND THREAT INTELLIGENCE
➝ From the Patching Department:
🦊 🧩 Over 40 fake Firefox extensions have been discovered that steal cryptocurrency wallet information from users. These malicious add-ons impersonate legitimate wallet tools and trick users into installing them by faking popularity with fake reviews. Mozilla has removed most of these extensions and is working on a system to detect and block similar scams in the future.
🐛 📲 Researchers found vulnerabilities in Bluetooth devices from brands like Bose and Sony that could allow hackers to eavesdrop through microphones. While the attacks require technical skill and close proximity, they could let attackers access call history and make unauthorized calls. Device manufacturers are working on updates to fix these security issues.
✈️ The FBI and cybersecurity firms warn that the hacking group Scattered Spider is now targeting airlines and the transportation sector. They use deceptive tactics to steal sensitive data and have recently attacked Hawaiian Airlines and WestJet. This group has a history of targeting various industries, including retail and technology.
🛰️ ICS, OT & IoT
🇫🇷 🇨🇳 A China-linked hacker group attacked France's critical infrastructure last year using three major vulnerabilities in Ivanti devices. The attackers, known as UNC5174, exploited these weaknesses to gain access to government and industry networks. France's cybersecurity agency warns that these incidents highlight the risks posed by unpatched software vulnerabilities.
🇮🇷 🇮🇳 A pro-Iranian hacktivist group called LulzSec Black claimed to have hacked Indian nuclear secrets, but security experts say their claims are exaggerated or false. They likely possess stolen identity information rather than actual nuclear data. The U.S. government warns of increased threats to critical infrastructure amid ongoing tensions between Israel and Iran.
🇺🇸 🇮🇷 U.S. government agencies have warned about Iranian hackers targeting critical infrastructure, particularly industrial control systems (ICS). Many of these systems remain exposed online, making them vulnerable to various cyberattacks. Organizations are urged to secure their systems and review guidance to protect against potential threats.
💬 CONNECT
Follow me on Mastodon for quick daily updates and bite-sized content.
Prefer using an RSS feed? Add Infosec MASHUP to your feed here.
Enjoying our newsletter? Forward it to a colleague—
it’s one of the best ways to support us.
Thanks for reading today’s newsletter, and if you're enjoying it and want to support my work, you can buy me a coffee ☕ over at https://www.buymeacoffee.com/0x58
See you next time!
-X.
Reply