North Korean IT worker army expands operations in Europe
Security researchers with the Google Threat Intelligence Group found that North Korean IT workers are infiltrating European companies using fake identities to secure remote jobs, generating revenue for the DPRK regime…operating through platforms like Upwork and Telegram, with payments processed through cryptocurrency to evade detection. Authorities in the U.S. and UK have issued sanctions and warnings, as some workers have also engaged in extortion using insider knowledge.
Stripe API skimming campaign unveils new techniques for theft
A new skimming attack using the Stripe API has been discovered, where cybercriminals inject malicious JavaScript into e-commerce checkout pages to steal payment information in real-time. Unlike traditional skimming methods, this attack exploits the legitimate Stripe API, making it harder to detect. So far, 49 merchants have been identified as victims, and experts recommend real-time monitoring and secure iFrame solutions to mitigate the risks.
Verizon call filter API flaw exposed customers’ incoming call history
A vulnerability in Verizon’s Call Filter app allowed users to access incoming call logs for other Verizon numbers through an insecure API. Security researcher Evan Connelly discovered the flaw on February 22, 2025, and Verizon fixed it the following month. The issue stemmed from the app’s API failing to verify user phone numbers, enabling unauthorized access to call histories. This posed a privacy risk, especially for high-profile individuals. The API was hosted by a third-party firm, Cequint, whose website is now offline, raising concerns about data security. Verizon has not yet responded to inquiries about the flaw’s impact or potential exploitation.
Latest Ivanti bug, paired with malware, earns an alert from CISA
CISA has issued an alert about a powerful malware called Resurge, used by alleged Chinese hackers to exploit a vulnerability in Ivanti security tools. The malware can manipulate system integrity, harvest credentials, and create backdoors, allowing persistent access even after updates. Google-owned Mandiant confirmed that the malware is linked to China-based espionage actors, who have targeted government, defense, and finance sectors since 2020. Ivanti’s Integrity Checker Tool (ICT) was also compromised, making detection harder. CISA urges administrators to reset credentials and factory reset affected Ivanti devices to mitigate risks.(The Record)
Huge thanks to our sponsor, Qualys
GitHub expands security tools after 39 million secrets leaked in 2024
GitHub has expanded its security tools after detecting over 39 million leaked secrets in repositories in 2024, including API keys and credentials. Despite measures like “Push Protection,” leaks persist due to developer habits and accidental exposure. To combat this, GitHub now offers standalone security products, free organization-wide secret risk assessments, enhanced push protection with bypass controls, AI-powered secret detection via Copilot, and improved detection through cloud provider partnerships. Users are advised to enable push protection, avoid hardcoded secrets, and use secure storage methods.
Google DeepMind unveils framework to exploit AI’s cyber weaknesses
Google DeepMind has developed a new AI evaluation framework to identify weaknesses in adversarial AI attacks, helping cybersecurity defenders prioritize their strategies. Their research found existing AI security frameworks to be inconsistent and ineffective. DeepMind analyzed over 12,000 AI-driven cyberattacks and identified 50 key attack challenges. Their study suggests AI is currently ineffective in certain attack phases, providing defenders with crucial points to break attack chains. The framework also helps AI developers enhance security by addressing vulnerabilities. DeepMind’s approach aims to improve cybersecurity defenses against evolving AI-powered threats.
CSAM platform Kidflix shut down by international operation
Europol announced the takedown of the dark web child sexual abuse material (CSAM) platform Kidflix, leading to 79 arrests and the seizure of tens of thousands of illegal videos. Authorities identified 1,393 suspects out of 1.8 million platform users, with 39 children rescued. The operation, involving 35 countries, was the largest of its kind in Europol’s history. German and Dutch officials seized servers containing 72,000 videos, with estimates suggesting the platform hosted up to 91,000 unique videos. Offenders paid with cryptocurrency and earned tokens by categorizing content.
Gray Bots surge as generative AI scraper activity increases
A surge in generative AI scraper bot activity, known as “gray bots,” is increasingly impacting web applications, according to a report by Barracuda. Bots like ClaudeBot (Anthropic) and Bytespider (TikTok) aggressively collect online data, disrupting web traffic, distorting analytics, increasing hosting costs, and raising compliance risks. Unlike traditional bots, these AI scrapers maintain steady traffic, making mitigation difficult. Organizations are advised to deploy AI-powered bot defense systems, as simple measures like robots.txt are often ignored. The rise of these bots raises ethical, legal, and commercial concerns regarding AI-driven data collection.