San Mateo, CA, April 14, 2025 — Stories, events, and developments that impacted the cybersecurity landscape last week, including emerging threats, policy changes, and industry responses.
Medusa ransomware gang claims $4M attack on NASCAR
The Medusa ransomware gang has attacked NASCAR and is demanding a $4 million ransom, reports Hackread.com. NASCAR has yet to verify the incident, but hackers have “already posted 37 document images related to NASCAR as proof.” The stolen data appears to contain confidential information, such as “detailed maps of raceway grounds, email addresses, names and titles of staff, and credential-related info, which suggests a real compromise of operational and logistical data.” NASCAR reportedly has a brief timeline to pay up before the hackers release the stolen internal material. If the rumors are true, this marks the second time NASCAR has been the victim of a cyberattack so far this season, with someone hacking into the race’s official radio during an event in Atlanta. Read more.
Hackers steal data of 1.6 million from lab testing provider
Laboratory Services Cooperative (LSC), a nonprofit that provides services to affiliates such as Planned Parenthood, has reported that hackers stole sensitive data belonging to 1.6 million people. LSC supports reproductive health services across more than 35 U.S. states. “On October 27, 2024, LSC identified suspicious activity within its network,” reads the company’s official notice. “In response, LSC immediately engaged third-party cybersecurity specialists to determine the nature and scope of the incident and notified federal law enforcement. The investigation revealed that an unauthorized third party gained access to portions of LSC’s network and accessed/removed certain files belonging to LSC.” The stolen data includes social security numbers, driver’s license numbers, passport numbers, health information, lab results, and more. Read more.
Hackers spied on U.S. bank regulators’ emails for over a year
Hackers spied on the email accounts of around 103 U.S. bank regulators for more than a year, according to two individuals familiar with the matter and a letter sent to Congress. The attackers reportedly accessed employee emails at the Office of the Comptroller of the Currency (OCC) by breaching an administrator’s account. The OCC, an independent bureau of the Treasury Department, “regulates and supervises all national banks, federal savings associations and the federal branches and agencies of foreign banks.” OCC Chief Information Officer Kristen Baldwin wrote that “the analysis concluded that the highly sensitive bank information contained in the emails and attachments is likely to result in demonstrable harm to public confidence.” It remains unclear who is responsible for the breach, which gave threat actors access to around 150,000 emails from May 2023 until earlier this year. Read more.
Microsoft testing Copilot screen and file sharing in Windows 11
Microsoft is testing a new Windows 11 OS-level integration that enables users to share their app screens with Copilot, the company’s AI-powered assistant. The feature is rolling out to Windows Insiders in the U.S. Use cases include sharing your screen with Copilot Vision to better understand how an app works, especially when users encounter navigation issues. A “File Search” function is also being introduced, allowing users to locate specific files and ask Copilot questions about their contents. While privacy concerns about how Microsoft handles the data accessed through these features are being raised, further details are expected once the testing phase concludes. Read more.
Google patches two Android zero-day flaws under active attack
Google has released a patch for Android users addressing two zero-day flaws that “may be under limited, targeted exploitation.” One flaw, CVE-2024-53197, was identified by Amnesty International after discovering that Cellebrite was using it to hack into Android phones. Cellebrite is a company that “sells devices to law enforcement for unlocking and forensically analyzing phones.” The bug was reportedly used against a Serbian student activist by authorities with Cellebrite’s help. The second flaw, CVE-2024-53150, was discovered by Benoît Sevens of Google’s Threat Analysis Group and exists in the operating system’s kernel, though Google has not released further technical details. The updates are expected to roll out within 48 hours of the public disclosure. Read more.
Fortinet urges FortiSwitch updates to fix critical admin flaw
A critical security flaw affecting FortiSwitch has led Fortinet to release a security update. The vulnerability, CVE-2024-48887, carries a CVSS score of 9.3 and impacts multiple FortiSwitch versions. Fortinet describes it as “an unverified password change vulnerability” that “may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request.” The issue was discovered and reported internally. For users unable to update immediately, Fortinet recommends “disabling HTTP/HTTPS access from administrative interfaces and restricting access to the system to only trusted hosts.” The flaw has not yet been observed in active exploitation. Read more.
Xanthorox AI emerges as full-featured tool for cybercriminals
A new AI-driven hacking tool that “provides attackers with a modular architecture for developing and launching a range of cybercriminal operations, such as phishing campaigns, vulnerability exploitation, or even ransomware attacks” raises alarms among researchers who say it confirms long-standing fears. Unlike WormGPT and EvilGPT, which are based on modified existing models, Xanthorox AI is a self-contained platform hosted on its developers’ servers. According to SlashNext security researcher Daniel Kelley, Xanthorox AI “hits most of the marks needed for a versatile hacking assistant… It handles code generation, vulnerability exploitation, data analysis, and integrates voice and image processing, making it capable of both automated and interactive attacks.” Kris Bondi, CEO and co-founder of Mimoto, warns that “because Xanthonox AI’s LLM will continue to evolve, it’s likely its attacks will not remain the same… This adds another significant obstacle for enterprises that rely on after-incident forensics to inform how they fine-tune their detection-and-response capabilities.” Read more.
OpenAI tests image watermarks for ChatGPT 40 amid style controversy
ChatGPT 40’s Image Generation model has sparked controversy online, with users leveraging its advanced features to create text-rich visuals and artworks mimicking iconic styles, notably Studio Ghibli. In response, OpenAI is reportedly testing a new watermark feature for generated images. Once exclusive to paid ChatGPT users, Image Generation is now available to all. However, those subscribed to ChatGPT Plus can still generate images without watermarks. Due to OpenAI’s evolving plans, it remains unclear when or if the watermarking feature will be officially implemented, whether watermark-free images will stay behind a paywall, or if the idea will be dropped entirely. Read more.
U.K. court rules Apple backdoor case must be partly public
Despite attempts to keep it under wraps, the U.K. government’s request for Apple to provide backdoor access to its devices will now be made public, at least in part. In their ruling, judges from the Investigatory Powers Tribunal in London stated they “do not accept that the revelation of the bare details of the case would be damaging to the public interest or prejudicial to national security.†The government’s demand for access to encrypted cloud data of any Apple customer worldwide has not been officially acknowledged, but the ruling suggests that security concerns surrounding the request are credible. Apple told TechCrunch that it had never created a backdoor for its products and “never will.” Read more.
Oracle admits data breach after cover-up lawsuit filed
Oracle has been quietly notifying customers that their data was affected by a breach the company had publicly denied for weeks. The admissions, shared with select clients, use language experts say downplays the incident, referring to the compromised system as a “legacy environment.” However, a source familiar with the breach claims some of the stolen data dates from 2024, contradicting that description. A lawsuit accuses Oracle of attempting a cover-up amid growing evidence of a security incident. The suit alleges the company failed to secure customer data and concealed the breach from those affected. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles sponsored by NetworkTigers
