News – April 2025

April 4, 2025

A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned. The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would ...

April 4, 2025

This paper accompanies the presentation “Oh-My-DC,” delivered at DEF CON 32 in August 2024. This article assumes a basic familiarity with OAuth and CI/CD pipelines, including concepts like authorization grants, access tokens and the different stages of a CI/CD workflow. OIDC extends the OAuth protocol by adding a new token to the protocol, enabling applications to ...

April 4, 2025

The Trump administration has fired Timothy Haugh, the head of the National Security Agency (NSA) and Cyber Command, several news publications reported overnight into Friday. Haugh, a career military official, led the National Security Agency, the U.S.’s main wiretapping and intelligence-gathering agency, for little more than a year after his appointment in February 2024 following his ...

April 3, 2025

Recently Malwarebytes Labs researchers have been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. There are several reasons why cybercriminals might want ...

April 3, 2025

Multiple large superannuation funds have been targeted in suspected cyber attacks that led to some members losing several thousand dollars in retirements savings. Hostplus, Rest, AustralianSuper and Australian Retirement Trust are among the providers targeted. The attacks were discovered over the weekend, and follow rising reports of online security threats in Australia with a cyber ...

April 2, 2025

Web-based credit card skimming remains a widespread and persistent threat, known for its ability to adapt and evolve over time. FortiGuard Labs recently observed a sophisticated campaign dubbed “RolandSkimmer,” named after the unique string “Rol@and4You” found embedded in its payload. This threat actor targets users in Bulgaria and represents a new wave of credit card skimming ...

April 2, 2025

Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. In early 2025, Rapid7 researchers came across a channel promoting itself as Babuk Locker. Since the original group had shut down in 2021, they decided to ...

April 2, 2025

The FBI is warning the public about criminal actors stealing US taxpayer identities to file false tax returns and fraudulently claim refunds. The FBI’s Internet Crime Complaint Center (IC3) has received over 1,000 complaints about identity theft in connection with tax returns within the past year representing a 26% increase from the previous year. Stolen ...

April 2, 2025

Someone may be getting ready to attack Palo Alto Network devices, security researchers are warning after spotting a rise in activity. Analysts from GreyNoise said they observed a “significant surge” in login scanning activity against the company’s PAN-OS GlobalProtect portals, with almost 24,000 unique IP addresses attempting to access these portals in March 2025. “The pattern ...

April 2, 2025

In early March, we published a study detailing several malicious campaigns that exploited the popular DeepSeek LLM as a lure. Subsequent telemetry analysis indicated that the TookPS downloader, a malware strain detailed in the article, was not limited to mimicking neural networks. Kaspersky researchers identified fraudulent websites mimic official sources for remote desktop and 3D modeling ...