Cybersecurity Newsletter February 24th, 2025
In this week's news: ByBit hacked for 1.4 Billion and offers 140M rewards to get it back, BlackBast group’s internal fighting gets leaked, TopSec data breach shows involvement in internet censorship, OpenAI blocks tools using the AI for surveillance, Google Cloud has introduced quantum-safe digital signatures to its Cloud Key Management Service, Threat actors are exploiting major Counter-Strike 2 (CS2) competitions and 4.3 million machines were infected by infostealer malware across 2024.
Bybit, the world’s second-largest cryptocurrency exchange, suffered a devastating $1.4 billion Ethereum (ETH) hack from a cold wallet breach on February 21, 2025. In the days following the attack, independent blockchain investigator ZachXBT traced the stolen funds directly to North Korea’s Lazarus Group
https://hackread.com/investigators-link-bybit-hack-north-korea-lazarus-group/
Bybit has offered a reward of 10% of any recovered funds, in a bid to claw back some of the $1.4bn in cryptocurrency that was stolen
https://www.infosecurity-magazine.com/news/bybit-140m-bounty-recover-mega/
More than 4.3 million machines were infected by infostealer malware across 2024 according to the latest KELA state of cybercrime report, published Feb. 20. The threat intelligence analysts also said they had observed 3.9 billion passwords “shared in the form of credentials lists that appear to be sourced from infostealer logs.” Just three strains of this insidious malware threat, Lumma, StealC, and Redline, were responsible for 75% of all infected systems.
https://www.forbes.com/sites/daveywinder/2025/02/24/hackers-share-39-billion-stolen-passwords-what-you-need-to-know/
Leaked Black Basta chat logs reveal internal conflicts, exposing member details and hacking tools as the gang reportedly falls apart. An unknown actor, named ExploitWhispers, leaked Matrix chat logs of the Black Basta ransomware gang revealing internal conflicts, and exposing member details and hacking tools as the gang reportedly collapses.
https://securityaffairs.com/174547/cyber-crime/leaked-black-basta-chat-logs-reveal-internal-conflicts.html
Australia has become the latest country to ban the installation of security software from Russian company Kaspersky, citing national security concerns.
https://thehackernews.com/2025/02/australia-bans-kaspersky-software-over.html
CYFIRMA researchers discovered that the SpyLend Android malware was downloaded 100,000 times from the official app store Google Play.
https://securityaffairs.com/174540/malware/spylend-android-malware-100k-downloard.html
United States has released Alexander Vinnik, a Russian national accused of cybercrimes, as part of a prisoner exchange, Reuters reports. Vinnik was the operator of BTC-e, a now-defunct cryptocurrency exchange linked to laundering $4 billion in illicit funds. US authorities connected him to the 2014 collapse of the Japan-based bitcoin exchange Mt. Gox, alleging he laundered funds stolen from the platform.
https://www.scworld.com/brief/us-releases-btc-e-operator-in-prisoner-exchange-with-russia
A data leak from TopSec, a prominent Chinese cybersecurity firm, has exposed details about the company’s operations and its probable involvement in internet censorship for the Chinese government. This was revealed by SentinelOne whose SentinelLABS threat research team analysed the leaked data including over 7,000 lines of work logs and code used for DevOps practices.
https://hackread.com/leaked-files-chinese-cybersecurity-firm-govt-censorship/
Google continues its rollout of gradually disabling uBlock Origin and other Manifest V2-based extensions in the Chrome web browser as part of its efforts to push users to Manifest V3-based extensions. For those unaware, Manifest V3 is Chrome's latest extension specification and is designed to limit extension access to user network requests, block developers from utilizing remote content, and improve overall performance. While Manifest V3 is supposed to benefit end users, it comes at the cost of functionality, as it imposes stricter limitations on browser extensions, particularly ad blockers and privacy-focused tools.
https://www.bleepingcomputer.com/news/google/google-chrome-disables-ublock-origin-for-some-in-manifest-v3-rollout/
Chinese state-sponsored hackers, Salt Typhoon, used the JumbledPath utility in their attacks against US telecommunication providers to stealthily monitor network traffic and potentially steal sensitive data, a new Cisco report revealed. In the report published by Cisco Talos on February 20, the researchers confirmed Salt Typhoon gained access to core networking infrastructure through Cisco devices and then used that infrastructure to collect a variety of information.
https://www.infosecurity-magazine.com/news/salt-typhoon-cisco-custom-tool/
Two critical flaws in the open-source Mongoose Object Data Modeling (ODM) library for MongoDB and Node.js, along with proof-of-concept (PoC) exploits for both vulnerabilities, were detailed in a blog post by OPSWAT on Thursday. The flaws are tracked as CVE-2024-53900 and CVE-2025-23061 and have critical CVSS 3 scores of 9.1 and 9.0, respectively.
https://www.scworld.com/news/mongoose-odm-critical-rce-flaws-detailed-poc-exploits-revealed
Researchers at Netskope Threat Labs have identified a phishing campaign that uses malicious PDF files hosted on the Webflow content delivery network to trick users into providing credit card information, reports The Hacker News.
https://www.scworld.com/brief/phishing-campaign-exploits-webflow-cdn-to-steal-credit-card-data
Apple removed iCloud’s Advanced Data Protection in the UK after the government requested encryption backdoor access.
https://securityaffairs.com/174500/security/apple-removes-icloud-encryption-in-uk.html
OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence (AI)-powered surveillance tool. The social media listening tool is said to likely originate from China and is powered by one of Meta's Llama models, with the accounts in question using the AI company's models to generate detailed descriptions and analyze documents for an apparatus capable of collecting real-time data and reports about anti-China protests in the West and sharing the insights with Chinese authorities.
https://thehackernews.com/2025/02/openai-bans-accounts-misusing-chatgpt.html
Threat actors are exploiting major Counter-Strike 2 (CS2) competitions, like IEM Katowice 2025 and PGL Cluj-Napoca 2025, to defraud gamers and steal their Steam accounts and cryptocurrency. Although CS2 first launched 13 years ago, it still maintains a massive community of plays and an active professional competition landscape with multi-million rewards.
https://www.bleepingcomputer.com/news/security/fake-cs2-tournament-streams-used-to-steal-crypto-steam-accounts/
Google Cloud has introduced quantum-safe digital signatures to its Cloud Key Management Service (Cloud KMS), making them available in preview. The tech giant says this initiative aligns with the National Institute of Standards and Technology's (NIST) post-quantum cryptography (PQC) standards, addressing future risks of quantum computing breaking classic encryption schemes.
https://www.bleepingcomputer.com/news/security/google-cloud-introduces-quantum-safe-digital-signatures-in-kms/
The security stand-off between the United States and Russia and China is set to intensify after the Pentagon revealed it has been developing a “do not buy” list of software originating from the two hostile nations. The Defense Department’s acquisitions boss, Ellen Lord, told reporters that the list was begun six months ago in concert with US intelligence agencies. As the name suggests, once a vendor is included on the list, their products will be boycotted by the Pentagon as a security risk.
https://www.infosecurity-magazine.com/news/pentagon-reveals-do-not-buy/
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Power Pages vulnerability to its Known Exploited Vulnerabilities catalog.
https://securityaffairs.com/174541/hacking/u-s-cisa-adds-microsoft-power-pages-flaw-known-exploited-vulnerabilities-catalog.html