In today’s cybersecurity news…
DHS Advisory Committee memberships halted
In swift changes to the U.S. cybersecurity landscape, the new administration has “terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS).” This includes “members of the CISA Cyber Safety Review Board (CSRB), which had been critical of Microsoft for the July 2023 breach by Storm-0558, led an examination into intrusions by the LAPSUS$ cybercrime group, and is said to “have been in the middle of an investigation into a recent spate of cyber attacks targeting telecom providers,” allegedly by Salt Typhoon.
UnitedHealth updates number of data breach victims to 190 million
UnitedHealth, the company that owns Change Healthcare, provided this updated figure on Friday evening, adding that “the vast majority of these people have already been provided individual or substitute notice,” noting that the final number of those impacted will be confirmed and sent to the Department of Health and Human Services’ Office for Civil Rights “at a later date.” UnitedHealth did not provide any additional insight into when it learned of the additional 90 million victims, “how it determined the new number and what changed since the last update.”
Meta’s Llama Framework flaw exposes AI systems to remote code execution risks
According to researchers at Oligo Security, this is a high-severity flaw in Meta’s Llama large language model (LLM) framework that could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, which has a CVE number, has a CVSS score of 6.3, although supply chain security firm Snyk, on the other hand, has assigned it a critical severity rating of 9.3. Oligo says the problem lies in a component called Llama Stack, which “defines a set of API interfaces for artificial intelligence (AI) application development, including using Meta’s own Llama models.”
Clam Antivirus suffers denial-of-service vulnerability and available proof-of-concept exploit code
Cisco has released updates to address a denial-of-service (DoS) vulnerability in Clam AntiVirus, an open-source antivirus tool designed to detect malware, viruses, and other malicious threats. “It is widely used for email scanning, file scanning, and web security, particularly in Linux-based systems.” The vulnerability has a CVE number (CVE-2025-20128). Cisco is also warning of the availability of a proof-of-concept exploit code for this flaw. The ClamAV vulnerability affects the Cisco Secure Endpoint Connector products for Windows, Mac, Linux, and Private Cloud.
Huge thanks to our sponsor, Conveyor
So wtf does that mean?
It means the AI agent goes beyond just sharing NDA-gated documents like a SOC 2 with customers or answering security questionnaires. Conveyor’s AI Agent, Sue, handles the entire security review process from start to finish.
She answers every customer request from sales, completes every questionnaire and executes every communications and coordination task in-between. It’s perfect for B2B infosec teams sick of manual security review work.
Check it out at www.conveyor.com.
Hacker infects script kiddies with fake malware builder
Security researchers at CloudSEK are reporting on a threat actor who has targeted low-skilled hackers, also known as script kiddies “with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers.” The researchers say the infections from this malware hit more than eighteen thousand devices in Russia, the United States, India, Ukraine, and Turkey. In reporting on and describing the details of this malware, the researchers remind everyone to never trust unsigned software, especially those distributed by other cybercriminals.
Hundreds of fake Reddit sites push Lumma Stealer malware
More than one thousand web pages are being distributed that mimic Reddit and the WeTransfer file sharing service, and both are conduits for the Lumma Stealer malware. The pages include a fake discussion thread on a specific topic, in a manner that resembles Reddit. “Using natural online chatting styles, the creator of these threads then “asks for help to download a specific tool, another user offers to help by uploading it to WeTransfer and sharing the link, and a third thanks him to make everything appear legitimate.” The fake WeTransfer page downloads the Lumma Stealer malware.
Cyber diplomacy funding halted for Bureau of Cyberspace and Digital Policy
The incoming administration has quickly frozen a number of foreign assistance programs including the Bureau of Cyberspace and Digital Policy, which had been created in 2022 to “to serve as the focal point for cyber diplomacy against potential threats and pursue international norms on emerging technologies.” Among its achievements to date were sending a first-of-its-kind cyber incident response team to Costa Rica, landing a subsea cable in Tuvalu and delivering training workshop to members of the Vietnamese government focused on malicious North Korean activity. Nate Fick, who had been the first cyber ambassador for the U.S., until his departure last Monday, described the Bureau as “a diplomatic tool — not just to remediate cyber incidents, but to prove to partners the value of working with us, and to build consensus against the malign actors that conduct these attacks.”
Pompompurin to be resentenced after court vacates previous punishment
The infamous founder of the BreachForums website, whose real name is Conor Brian Fitzpatrick, is to be re-sentenced for his actions in building what became the largest English-language cybercrime marketplace to date, personal data including Social Security numbers and bank details from more than 14 billion individual records. “A document filed in court Tuesday found the court chose a lenient sentence, citing a diagnosis of autism and Fitzpatrick’s age as mitigating circumstances.” It was shown that while going through the legal process, he still violated the court’s terms by accessing the internet through a VPN and messaging on Discord. In chatrooms, he “asserted his innocence regarding the crimes he had confessed to…and made light of selling data to foreign nations, encouraging a user to ‘become a foreign asset to China or Russia and to sell government secrets.’” The appeal, filed by the U.S. government, signals that a new sentence could be much more harsh than the one initially issued last year.