FTC sends warning to future 23andMe buyer
An update to the 23andMe data privacy concerns. On Monday, The Federal Trade Commission (FTC) sent a warning to the Department of Justice (DOJ) that any buyer of 23andMe must honor its existing privacy policies, ensuring users remain in control of their genetic data—even in bankruptcy. FTC Chair Andrew Ferguson emphasized that 23andMe has explicitly promised not to share data with insurers, employers, or law enforcement without legal orders and that these protections extend to any new owner.
Global phishing threat targets 88 countries
A phishing-as-a-service platform called Lucid is targeting 169 entities across 88 countries, using iMessage and RCS to bypass spam filters and deliver large-scale phishing campaigns. Run by the Chinese cybercriminal group XinXin, Lucid offers over 1,000 phishing domains, auto-generated phishing sites, and pro-grade spamming tools to its subscribers. Victims clicking the links are redirected to fake landing pages impersonating companies like USPS, Amazon, and major banks, where their personal and financial data is stolen.
Samsung data breach tied to old stolen credentials
Credentials compromised in a 2021 Racoon infostealer infection and never changed led to the leak of 270,000 customer records from Samsung Germany’s ticketing system. The threat actor ‘GHNA’ exploited these stolen Spectos GmbH credentials, which remained unchanged for four years, to access Samsung’s system and expose sensitive customer data, including names, addresses, emails, and transaction details.
North Korea’s fake worker schemes getting worse
North Korean operatives aren’t just freelancing—they’re securing full-time IT and engineering roles, gaining deep access to enterprise networks under legitimate employment. DTEX’s investigation found these insiders operating in Fortune 2000 companies, with privileged access to systems, remote tools, and the ability to pivot into supply chain partners. The workers, often teams posing as one high-performing individual, are funneling salaries back to Pyongyang, but experts warn financial motives could shift to espionage or sabotage. Forcing job candidates to be on camera and show government-issued ID is also not proving to be enough – researchers suggest watching for social red flags, such as candidates looking away for prompts during interviews or avoiding casual conversation about personal interests.
Huge thanks to our sponsor, Qualys
WordPress mu-plugins exploited
Malicious actors have been exploiting the ‘mu-plugins’ directory in WordPress to hide malware and evade standard security checks. These “Must-Use” plugins are automatically loaded on every page without activation, making them ideal for these kinds of attacks. Attackers are using files like redirect.php, index.php, and custom-js-loader.php to redirect visitors to malicious sites, create web shells for command execution, and inject harmful content. A good reminder to work with your WordPress admin to update plugins, weak credentials, or outdated server configurations.
Canadian hacker arrested
Canadian hacker Aubrey Cottle, known by the handle “Kirtaner” and a member of the Anonymous group, has been charged by the U.S. Department of Justice for defacing the Texas Republican Party website in 2021 and stealing personal data from their server. Cottle allegedly accessed the website through a breach of its hosting provider, Epik, and released 180GB of stolen data via BitTorrent. Cottle faces identity theft charges and up to five years in prison if convicted.
Qakbot banking trojan is back
The Qakbot banking Trojan has resurfaced in a wave of attacks leveraging the emerging ClickFix technique, which uses fake CAPTCHA verifications to trick users into executing malicious payloads. The attacks target industries like healthcare, government, and construction, with links posted on LinkedIn and other social media sites. Despite an international effort to dismantle Qakbot’s infrastructure in 2023, the malware continues to evolve, using social engineering tactics to gain initial access and deploy further malicious software.
EU to invest billions in cybersecurity
The European Commission has allocated €1.3 billion ($1.4 billion) for cybersecurity, AI, and digital skills as part of its Digital Europe Programme for 2025-2027. A portion of the funds will strengthen cybersecurity resilience, focusing on critical infrastructures like hospitals and submarine cables, and supporting the deployment of the EU’s Digital Identity Wallet. Additionally, the funding will enhance generative AI applications, digital innovation hubs, and digital skills training while the EU ramps up sanctions against hackers.