0-Day News - May 18, 2025

Cyber Attacks

New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors

A new botnet malware called HTTPBot has launched over 200 precision DDoS attacks targeting the gaming industry, technology companies, and educational institutions, highlighting the evolving threat landscape.

Hackers Now Targeting US Retailers After UK Attacks, Google

The Scattered Spider group, known for attacking UK retailers, is now targeting US retailers and Google cybersecurity, showing a shift in focus and increasing sophistication of cybercriminal activity.

Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

A Russia-linked threat actor, APT28, exploited a zero-day vulnerability in MDaemon to target webmail servers, including Roundcube, Horde, and Zimbra, indicating ongoing cyber espionage operations against government entities.

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

A cyber espionage group known as Earth Ammit has been linked to two campaigns targeting entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors.

Cyber fiends battering UK retailers now turn to US stores

The same miscreants behind recent cyberattacks on British retailers are now trying to dig their claws into major American retailers' IT environment, indicating a shifting target for cybercriminals.

After helping Russia on the ground North Korea targets Ukraine with cyberespionage

North Korea’s involvement is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim's webmail page

Critical Vulnerabilities

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

Microsoft released fixes for 78 security flaws, including five zero-days actively exploited in the wild, with a critical CVSS 10 bug impacting Azure DevOps Server, underscoring the urgency of patching.

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

Google released updates to address a high-severity vulnerability in Chrome, tracked as CVE-2025-4664, which is being exploited in the wild and enables cross-origin data leakage.

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution.

Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks

Researchers at ETH Zürich have discovered a new security flaw affecting all modern Intel CPUs, causing them to leak sensitive data from memory, indicating that the Spectre vulnerability continues to pose a threat.

Defamation case against DEF CON terminated with prejudice

A Seattle court this week dismissed with prejudice the defamation case brought against DEF CON and its organizer Jeff Moss by former conference stalwart Christopher Hadnagy.

INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense

INE Security Alert continuous CVE practice closes critical gap between vulnerability alerts and effective defense.

Data Breaches

Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails

Coinbase disclosed that unknown cyber actors bribed customer support agents to steal account data for a subset of its customers, leading to a $20M extortion attempt that failed, highlighting insider threats and data security risks.

Broadcom employee data stolen by ransomware crooks following hit on payroll provider

A ransomware attack at a Middle Eastern business partner of payroll company ADP has led to customer data theft at Broadcom

Dior Confirms Data Breach Affecting Customer Information

Dior confirmed a data breach compromising customer personal information, discovered on May 7, highlighting the increasing risk to customer data in the retail sector.

Insurance firm Lemonade warns of breach of thousands of driving license numbers

A data breach at insurance firm Lemonade left the details of thousands of drivers' licenses exposed for 17 months.

Hacker stehlen BVG-Kundendaten

Hacker stehlen BVG-Kundendaten.

21 million employee screenshots leaked in bossware breach blunder

Employee-monitoring tool Work Composer has committed a jaw-dropping blunder, leaving a treasure trove of millions of workplace screenshots openly accessible on the internet with no encryption in place, and no password required.

Ransomware & Malware

Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks

A new malware campaign uses a PowerShell-based shellcode loader to deploy Remcos RAT via malicious LNK files embedded in ZIP archives, evading traditional detection methods.

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

A malicious package on PyPI disguised as a Solana tool stole source code and developer secrets in 761 downloads, highlighting supply chain risks in open-source repositories.

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

A malicious npm package, "os-info-checker-es6," uses Unicode steganography to hide its initial payload and Google Calendar as a command-and-control server, showcasing advanced obfuscation techniques.

Printer maker Procolored offered malware-laced drivers for months

For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer.

Here's what we know about the DragonForce ransomware that hit Marks & Spencer

DragonForce, a new-ish ransomware-as-a-service operation, has given organizations another cyber threat to worry about — unless they’re in Russia, which is off limits to the would-be extortionists.

Pro-Ukraine Group Targets Russian Developers with Python Backdoor

ReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data, researchers suspect a pro-Ukraine group is behind it.

AI & Cybersecurity

Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

Google is rolling out new AI-powered countermeasures, utilizing Gemini Nano on-device LLM, to improve Safe Browsing in Chrome and combat scams across Search and Android.

Deepfake Defense in the Age of AI

Generative AI has reshaped the cybersecurity landscape, enabling attackers to impersonate trusted individuals and automate social engineering, requiring robust deepfake detection and prevention strategies.

Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business

As businesses deploy AI agents, new security risks emerge, including data leaks, identity theft, and malicious misuse, necessitating proactive measures to secure these systems.

Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb

There's a Max Schrems-shaped object standing in the way of Meta's plans to train its AI on the data of its European users, and he's come armed with several justifications for why doing so is illegal

From hype to harm: 78% of CISOs see AI attacks already

AI attacks are keeping most practitioners up at night, says Darktrace, and with good reason

How to establish an effective AI GRC framework

Enterprise use of artificial intelligence (AI) is growing rapidly, but with that growth comes increased risk.

Industry Reports

Beyond the kill chain: What cybercriminals do with their money (Part 1)

Sophos X-Ops investigates what financially motivated threat actors invest their ill-gotten profits in, once the dust has settled.

The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That

GitGuardian's State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered remain unfixed, highlighting a critical gap in post-detection remediation.

Security Tools Alone Don't Protect You — Control Effectiveness Does

A recent report indicates that 61% of security leaders suffered breaches due to failed or misconfigured controls despite having an average of 43 cybersecurity tools, emphasizing the need for effective configuration management.

INE Security Alert: Top 5 Takeaways from RSAC 2025

INE Security Alert top 5 takeaways from RSAC 2025.

UK Cyber Vacancies Growing 12% Per Year

An analysis by Robert Walters found there are around 17,000 cybersecurity vacancies in the UK currently, with organizations struggling to fill open positions, highlighting the skills gap in the industry.

New Linux Vulnerabilities Surge 967% in a Year

Researchers discovered over 3000 Linux vulnerabilities in 2024, the most of any category, indicating the increasing complexity and potential attack surface of Linux systems.

Legal and Policy

Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit

Austrian privacy non-profit noyb has threatened Meta with a class action lawsuit if it proceeds with its plans to train users' data for AI models without explicit opt-in consent, citing GDPR violations.

Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection

Google has agreed to pay Texas nearly $1.4 billion to settle lawsuits accusing the company of tracking users' location and maintaining facial recognition data without consent, highlighting the increasing scrutiny of data privacy practices.

Data on sale: Trump administration withdraws data broker oversight proposal

The US Consumer Financial Protection Bureau (CFPB) has scrapped plans to implement Biden-era rules that would've treated certain data brokers as credit bureaus, forcing them to follow stricter laws when flogging Americans' sensitive data.

Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data

German authorities have shut down the eXch cryptocurrency exchange, alleging it facilitated $1.9 billion in money laundering, demonstrating increased law enforcement action against crypto-related crime.

As US vuln-tracking falters, EU enters with its own security bug database

The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the CVE program.

Protecting children online: Where Florida’s new law falls short

Some of the state’s new child safety law can be easily circumvented. Should it have gone further?

Cybersecurity Landscape Shifts as AI-Powered Threats and Data Breaches Dominate Headlines

Cyber Attacks

New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors

Hackers Now Targeting US Retailers After UK Attacks, Google

Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

Cyber fiends battering UK retailers now turn to US stores

After helping Russia on the ground North Korea targets Ukraine with cyberespionage

After helping Russia on the ground North Korea targets Ukraine with cyberespionage

Attackers pwn charter airline helping Trump's deportation campaign

Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials

Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware

Critical Vulnerabilities

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks

Defamation case against DEF CON terminated with prejudice

INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense

CISA adds the notorious TeleMessage flaw to KEV list

INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email

ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files

Data Breaches

Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails

Broadcom employee data stolen by ransomware crooks following hit on payroll provider

Dior Confirms Data Breach Affecting Customer Information

Insurance firm Lemonade warns of breach of thousands of driving license numbers

Hacker stehlen BVG-Kundendaten

21 million employee screenshots leaked in bossware breach blunder

Prescription for disaster: Sensitive patient data leaked in Ascension breach

Dior Confirms Data Breach Affecting Customer Information

Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails

Broadcom employee data stolen by ransomware crooks following hit on payroll provider

21 million employee screenshots leaked in bossware breach blunder

Insurance firm Lemonade warns of breach of thousands of driving license numbers

Ransomware & Malware

Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

Printer maker Procolored offered malware-laced drivers for months

Here's what we know about the DragonForce ransomware that hit Marks & Spencer

Pro-Ukraine Group Targets Russian Developers with Python Backdoor

Ransomware gangs increasingly use Skitnet post-exploitation malware

Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks

NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked

PowerShell-Based Loader Deploys Remcos RAT in New Fileless Attack

New 'Defendnot' tool tricks Windows into disabling Microsoft Defender

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

AI & Cybersecurity

Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

Deepfake Defense in the Age of AI

Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business

Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb

From hype to harm: 78% of CISOs see AI attacks already

How to establish an effective AI GRC framework

From hype to harm: 78% of CISOs see AI attacks already

Everyone's deploying AI, but no one's securing it – what could go wrong?

SecAI Debuts at RSA 2025, Redefining Threat Investigation with AI

Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb

How to establish an effective AI GRC framework

ChatGPT will soon record, transcribe, and summarize your meetings

Industry Reports

Beyond the kill chain: What cybercriminals do with their money (Part 1)

The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That

Security Tools Alone Don't Protect You — Control Effectiveness Does

INE Security Alert: Top 5 Takeaways from RSAC 2025

UK Cyber Vacancies Growing 12% Per Year

New Linux Vulnerabilities Surge 967% in a Year

UK Cyber Vacancies Growing 12% Per Year

Unending ransomware attacks are a symptom, not the sickness

Security Tools Alone Don't Protect You — Control Effectiveness Does

The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That

INE Security Alert: Top 5 Takeaways from RSAC 2025

Security Tools Alone Don't Protect You — Control Effectiveness Does

Legal and Policy