In today’s cybersecurity news…
Attackers swipe data from Pennsylvania teachers union
The Pennsylvania State Education Association (PSEA) reported to the Office of the Maine Attorney General that they suffered a breach impacting 517,487 people. The nonprofit said the attack occurred on July 6 and exposed sensitive financial and health information. Although PSEA’s disclosure didn’t explicitly mention ransomware or extortion, it did say that steps were taken to ensure the stolen data was deleted. The Rhysida ransomware gang publicly claimed responsibility for the attack back in September 2024.
(The Record and Bleeping Computer)
Infosys settles $17.5M lawsuit after third-party breach
Infosys Limited has agreed to settle six class action lawsuits filed against its subsidiary Infosys McCamish System (IMS) related to its data breach in late October 2023. IMS provides technology platforms for life insurance and annuity services to financial institutions. Attackers were able to obtain personal data of 6.5 million downstream customers including those of Fidelity Investments Life Insurance Company (FILI), Bank of America, and American Express. The stolen data included names, Social Security numbers, bank account and routing numbers, and dates of birth. InfoSys said the terms of the settlement are subject to confirmation by the plaintiffs and final court approval.
Top U.S. sperm bank discloses data breach
California Cryobank (CCB) has disclosed that an unauthorized party accessed its data files between April 20 and April 22, 2024. Upon discovery, CCB said it promptly isolated the affected systems but said threat actors potentially accessed and/or acquired some of customers’ information, including names, Social Security numbers, driver’s license numbers, financial account numbers and health insurance information. The company did not disclose the total number of affected individuals or technical details related to how the threat actors breached its systems. CCB is offering victims twelve (12) months of identity protection services and fraud assistance.
(The Register and Security Affairs)
IBM warns of critical vulnerabilities in AIX
IBM’s Advanced Interactive eXecutive (AIX) operating system rarely makes the cyber news these days. But IBM is now urging its customers to apply patches after disclosing two critical vulnerabilities (CVE-2024-56346 and CVE-2024-56347), one of which carries a maximum severity score of 10. Both flaws are caused by improper process controls and allow remote attackers to execute arbitrary commands. Third-party sources suggest around 9,000 organizations still use the OS, which is generally deployed in critical applications powering high-value industries. IBM said AIX versions 7.2 and 7.3 are both vulnerable and should be updated immediately.
Huge thanks to our sponsor, DeleteMe
DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals.
With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety.
Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout.
PHP flaw continues to make cyber news by being exploited
Threat actors are exploiting a security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The flaw (CVE-2024-4577) is an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that could allow remote attackers to run arbitrary code. According to Bitdefender, exploitation attempts against the vuln have surged since late last year, with a significant concentration reported in Taiwan (54.65%), Hong Kong (27.06%), Brazil (16.39%), Japan (1.57%), and India (0.33%). In fact, we’ve reported several times on campaigns exploiting this very vulnerability here on Cyber Security Headlines [1][2][3] since last June. Users are advised to update their PHP installations to the latest version to safeguard against potential threats.
Arcane infostealer infects users via game cheats
Researchers at Kaspersky have discovered information-stealing malware called Arcane, which steals user data, including VPN credentials, gaming clients, messaging apps, and information stored in web browsers. The Arcane malware campaign started in November 2024, with most infections occurring in Russia, Belarus, and Kazakhstan. This is notable, as most threat actors based in Russia typically avoid targeting users within the country and other Commonwealth of Independent States (CIS) nations. Arcane’s distribution methods now include the use of a fake software downloader, named ArcanaLoader, supposedly for popular game cracks and cheats. ArcanaLoader has been heavily promoted on YouTube and Discord, with the operators even inviting content creators to promote it on their blogs and videos for a fee.
Scareware combined with phishing targets macOS users
Israeli cybersecurity firm LayerX has reported that throughout 2024 and in early 2025, a scareware campaign phishing for login credentials was targeting Windows users. The Windows version of the attacks leveraged compromised websites to serve fake Microsoft security alerts claiming that users’ computers had been compromised. The malicious code caused the webpages to freeze, creating the illusion of an issue with the user’s browser. Victims were then instructed to provide their Windows username and password to threat actor-hosted phishing pages. However, recent anti-scareware improvements in Chrome, Firefox, and Microsoft Edge have led to a 90% drop in Windows-targeted attacks, forcing the threat actors to switch their focus to macOS. The macOS campaign features phishing pages similar to those used in Windows attacks, but the layout and messaging were tailored for macOS users, with malicious code modified to target Safari.
Browser phishing attacks increase 140%
A new report from Menlo Security revealed that 752,000 browser-based phishing attacks were recorded in 2024, marking a 140% increase from the prior year. The researchers said artificial intelligence (AI)-driven phishing techniques and the exploitation of enterprise browsers have contributed to this trend. Attackers are refining their methods, deploying evasive techniques, including fileless malware and memory-only payloads. Traditional defenses such as firewalls and secure web gateways are proving inadequate against these evolving threats. Secure cloud browsing solutions can isolate user activity to prevent malicious content from compromising network systems. Additionally, using AI-enhanced threat detection tools can help neutralize sophisticated phishing campaigns before they cause damage.