Cyberattacks (3)

CISA added a critical Git vulnerability (CVE-2025-48384) to its Known Exploited Vulnerabilities catalog Monday, warning that attackers are actively exploiting the flaw. The bug allows hackers to manipulate Git repositories with malicious .gitmodules files, potentially achieving remote code execution when developers clone infected repos.

The vulnerability affects macOS and Linux systems but not Windows. It stems from Git's handling of carriage return characters in submodule paths, letting attackers write files to unexpected locations. Git patched the issue in July across multiple versions, but CISA now requires federal agencies to update by September 15. Software developers and CI/CD systems remain primary targets.

Source: Security Week

Cybercriminals are exploiting over 100 compromised WordPress sites in a campaign called ShadowCaptcha, first detected in August 2025 by Israel's National Digital Agency. The attack redirects visitors to fake CAPTCHA pages that trick users into downloading ransomware, cryptocurrency miners, and data-stealing malware.

The scam uses social engineering tactics called ClickFix, automatically copying malicious commands to users' clipboards and instructing them to paste and run the code. Victims end up infected with Lumma and Rhadamanthys stealers, Epsilon Red ransomware, or XMRig cryptocurrency miners.

Most targeted sites are in Australia, Brazil, Italy, Canada, Colombia, and Israel across various industries. The campaign demonstrates how attackers now combine multiple attack methods for maximum profit.

Source: The Hacker News

French retail chain Auchan announced on August 21, 2025, that hackers breached their customer loyalty database, exposing personal information from "several hundred thousand" accounts. The stolen data includes names, email addresses, phone numbers, postal addresses, and loyalty card numbers.

Fortunately, financial data, passwords, and reward balances remained secure thanks to the company's segmented database architecture. Auchan immediately notified customers and France's data protection authority (CNIL), warning about potential phishing attacks using the stolen contact information.

This marks Auchan's second major breach in nine months, suggesting persistent vulnerabilities in their systems that need urgent attention.

Source: Cybersecurity News

The Jersey Cyber Security Centre is warning local businesses about a dangerous new cyberattack called 'ToolShell' that exploits vulnerabilities in Microsoft SharePoint software. The attack has hit organizations worldwide, with 31% of successful breaches occurring in the US, followed by Mauritius, Germany, and France.

Five Jersey organizations were identified as highly vulnerable and took immediate action, including shutting down critical systems. The attack combines two security flaws to steal data, damage systems, and enable ransomware attacks.

JCSC director Matt Palmer stressed that outdated software creates serious risks, as Microsoft's patches don't work on older, unsupported systems. The centre recommends organizations install security updates within 14 days and isolate any systems that can't be patched.

Source: Jersey Evening Post

Bouygues Telecom, one of France's largest telecommunications companies, discovered a cyberattack on August 4 that compromised personal information of 6.4 million customers. Hackers accessed contact details, contract data, and bank account numbers for both individual and business customers.

The company assured customers that passwords and payment card information weren't compromised. Affected customers are being notified by email and text, with warnings to watch for fraudulent communications.

This follows another recent attack on French telecom Orange in July, highlighting the sector's vulnerability to cybercriminals.

Source: SecurityWeek

OPSWAT's 2025 Threat Report reveals a staggering 127% increase in malware complexity over six months, with legacy security systems missing one in every 14 threats. The analysis of 890,000 sandbox scans shows attackers are using multi-stage execution chains and hiding payloads in benign formats like .NET Bitmaps and Google services.

Critical infrastructure sectors including manufacturing, energy, and utilities face the heaviest targeting. New techniques like ClickFix clipboard attacks are spreading among criminal and nation-state actors. The report warns that signature-based defenses can't handle today's evasive, behavior-driven malware, urging organizations to adopt dynamic, behavioral detection systems.

Source: Industrial Cyber

Darktrace's latest research reveals cybercriminals are increasingly using artificial intelligence to scale and sharpen their attacks. The company detected over 12.6 million malicious emails between January and May 2025, with threat actors leveraging AI-powered tools like large language models to create convincing phishing campaigns at unprecedented speed.

Advanced persistent threat groups, ransomware-as-a-service operations, and malware distributors are all adopting AI technology. Notable threats include the LameHug malware powered by open-source AI and sophisticated ClickFix social engineering campaigns. Chinese-linked actors exploited critical vulnerabilities in government infrastructure weeks before public disclosure, highlighting the evolving threat landscape that traditional security tools struggle to counter.

Source: Industrial Cyber

Google disclosed Tuesday that hackers breached its corporate Salesforce instance in June, stealing contact information for small and medium businesses. The attack was carried out by threat group UNC6040, linked to notorious cybercrime groups Scattered Spider and ShinyHunters. The same campaign has hit Adidas, Cisco, Dior, and others through sophisticated phishing attacks targeting Salesforce customers.

Google says the stolen data was mostly publicly available business information like company names and contact details. The hackers follow up with extortion demands, threatening victims to pay bitcoin within 72 hours or face data leaks.

Source: Security Week

Ontario Health atHome knew about a massive cyberattack affecting up to 200,000 patients as early as April 14 but didn't tell the public until June 27. The breach at vendor Ontario Medical Supply actually happened in March, compromising patient names, addresses, medical diagnoses, and prescription data.

The agency waited six weeks to notify Ontario's privacy commissioner and only informed patients after Liberal MPP Adil Shamji forced their hand by revealing the incident publicly. Health Minister Sylvia Jones then ordered the agency to contact affected patients. Critics call the delay "deception" and "incompetence," warning the stolen data could enable identity theft and blackmail.

Source: Global News

Cybercriminals are exploiting legitimate email security services from Proofpoint and Intermedia to launch sophisticated phishing attacks targeting Microsoft 365 users. The hackers use these trusted platforms' link-wrapping features to create multi-layered redirects that bypass security filters and appear legitimate to victims.

When users click these disguised links, they're taken through several redirects before landing on fake Microsoft login pages designed to steal their credentials. This technique is particularly dangerous because it leverages trusted security brands, making the malicious emails harder to detect and more likely to fool recipients.

Source: The Hacker News