Cyber Briefing: 2025.04.11

Critical flaws in security tools, open-source packages, and infrastructure are fueling attacks across industries, pushing cyber defenses to the edge in today’s threat ecosystem.

Apr 11, 2025

Listen to our podcast here!

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this?

👉 What are the latest cybersecurity alerts, incidents, and news?

Get Help

🚨 Cyber Alerts

1. Windows Defender Bypassed Using XOR

A recent study has highlighted vulnerabilities in Windows Defender, showcasing how attackers bypass its defense mechanisms using advanced techniques like XOR encryption and direct system calls. The research reveals how shellcode, a type of payload used in cyberattacks, can be obfuscated and injected into systems without triggering detection. Researchers demonstrated that XOR encryption could be used to hide the payload's signature, making it harder for Windows Defender’s static analysis to detect it.

2. OttoKit Flaw Allows Admin Account Creation

The OttoKit plugin for WordPress has a severe vulnerability, tracked as CVE-2025-3102, allowing attackers to create administrator accounts without authentication. The flaw affects all versions up to 1.0.78 and is due to a missing check on the 'secret_key' in the 'authenticate_user' function. Attackers exploit this by sending an empty authorization header, bypassing security measures and granting unauthorized access to protected API endpoints. Once exploited, attackers can take full control of the site, upload malicious content, and manipulate site settings.

3. Malicious npm Package Targets Crypto Wallets

A newly discovered npm package named pdf-to-office disguises itself as a tool to convert PDFs to Microsoft Word documents. However, it secretly manipulates cryptocurrency wallets, including Atomic Wallet and Exodus, by swapping transaction destination addresses. The malicious package injects trojanized files into the wallets, allowing attackers to redirect crypto funds to their wallets. Even if the malicious package is removed, the wallets remain compromised, continuing to funnel funds until fully reinstalled, posing a significant threat to users in the cryptocurrency space.

Check Jobs

💥 Cyber Incidents

4. NetJets Investigates Employee Account Breach

NetJets, a private jet company owned by Berkshire Hathaway, has confirmed a data breach involving an employee’s account. The incident was caused by a phishing attack that allowed attackers to steal an employee’s login credentials. The breach affected a limited number of owners, but NetJets quickly contacted those involved and assured that operations and customer service were not disrupted. Following the breach, the company’s cybersecurity team implemented containment measures and initiated an investigation to assess the full impact and prevent similar attacks in the future.

5. Dutch Ministries Hit by Major Data Breach

A significant data breach has affected several Dutch ministries, including the Ministry of the Interior, Economic Affairs, and Climate Policy. The exact cause and impact of the breach are still under investigation, with authorities not yet sharing full details. The Ministry of the Interior confirmed that they are following official data breach procedures and involving the Dutch Data Protection Authority. Investigations are underway to determine the scope of the breach and the measures needed to prevent future incidents.

6. Cell C Confirms Data Leak After Cyberattack

Cell C, South Africa’s fourth-largest telecom provider with 7.7 million subscribers, confirmed a significant data breach. The attack, attributed to the hacker group RansomHouse, resulted in the leak of 2TB of sensitive customer data on the dark web. Among the exposed information were full names, ID numbers, banking details, driver’s license numbers, and medical records. Cell C is working with cybersecurity experts and relevant authorities to mitigate the impact, urging customers to take precautions against identity theft and phishing.

Report Incident

📢 Cyber News

7. Trump Orders Probe of Ex-CISA Director Krebs

President Trump signed a memorandum on Wednesday to investigate Chris Krebs, former Director of CISA, over alleged censorship. The order revokes Krebs' security clearance and applies to SentinelOne employees connected to him. Trump’s order accuses Krebs and CISA of suppressing conservative viewpoints and violating the First Amendment during the 2020 election. Krebs, fired after defending the election’s integrity against false claims of fraud, is now employed by SentinelOne, a cybersecurity firm, which has agreed to cooperate with the investigation into security clearances.

8. Thailand and Malaysia Sign New Partnership

The Bank of Thailand (BOT) and Bank Negara Malaysia (BNM) have formalized a partnership to enhance cybersecurity in their financial systems. By signing a Memorandum of Understanding (MoU), the two central banks aim to improve their collective ability to prevent and respond to cyber threats. The agreement outlines joint efforts in information sharing, joint capacity building, and expert dialogues to boost resilience against digital fraud. With cyber threats becoming increasingly sophisticated, both institutions emphasize the need for cross-border collaboration to safeguard financial consumers and institutions across Southeast Asia.

9. Ransomware Attacks Surge Across UK in 2025

Ransomware attacks against U.K. organizations surged between 2024 and 2025, despite low reporting rates. The government surveyed thousands of businesses, charities, and educational institutions for its annual report. While overall cyberattacks decreased, ransomware incidents significantly increased, impacting an estimated 19,000 businesses. The U.K. government is considering new measures, including a ban on ransom payments and mandatory incident reporting for public sector organizations.

📈Cyber Stocks

💡 Cyber Tip

Vet Open Source Dependencies & Protect Your Software Supply Chain

With malicious npm packages like pdf-to-office compromising crypto wallets, the software supply chain is an increasingly popular attack vector—especially for developers and startups.

✅ Actions You Should Take:

Use trusted sources only - Stick to well-maintained packages with active communities and version control.
Automate dependency scanning - Integrate tools like npm audit, Snyk, or GitHub Dependabot to catch vulnerabilities early.
Isolate sensitive apps - Don’t let wallet apps or critical services rely on unverified third-party code.

Why it matters: One compromised package can silently inject malware or steal sensitive data across your environment. Developers are now prime targets—secure your CI/CD pipeline like your perimeter.