Cyber Briefing: 2025.04.14

Today’s briefing covers SEO scams, Fortinet flaws, DNS hijacks, major breaches, a $2.6M DeFi hack, and new U.S. data security measures.

Apr 14, 2025

Listen to our podcast here!

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this?

👉 What's happening in cybersecurity today?

Get Help

🚨 Cyber Alerts

1. Cybercriminals Exploit SEO Ads to Steal Data

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid ads to manipulate search results. By pushing malicious websites to the top, they deceive users into visiting harmful sites. These fraudulent sites often mimic popular software like Firefox or messaging apps such as WhatsApp and Telegram, aiming to steal sensitive information. Notably, financial services and AI tools have become prime targets for scammers, with campaigns impersonating trusted brands like Mastercard and fake ChatGPT sites.

2. Fortinet Warns of Ongoing FortiGate Access

Fortinet announced that cybercriminals were able to retain read-only access to compromised FortiGate devices, even after security vulnerabilities were patched. These attacks exploited flaws like CVE-2022-42475 and CVE-2023-27997 to create a symbolic link between the user and root file systems. The link remained undetected, allowing attackers to access device configurations and files without being noticed. Despite Fortinet rolling out updates to eliminate this threat, users are advised to review configurations, apply patches, and consider resetting exposed credentials to safeguard against potential risks.

3. Hackers Use Dangling DNS to Take Subdomainsis

Hackers are increasingly targeting Dangling DNS records to take control of corporate subdomains, posing significant security risks. This occurs when DNS entries, especially for unused or discontinued services, remain unupdated, leaving an opportunity for attackers to register and control these subdomains. For example, if a company fails to update DNS records after discontinuing a service or deleting a cloud resource, attackers can hijack the abandoned subdomain. The risks extend beyond website defacement, with attackers potentially injecting malicious code into critical systems, hijacking resources, or even compromising supply chains.

Check Jobs

💥 Cyber Incidents

4. MorphoBlue Exploit Leads to $2.6M Theft

A recent exploit in the MorphoBlue decentralized finance (DeFi) protocol resulted in a $2.6 million theft due to a vulnerability in a front-end update. The issue, caused by a recent update to the Morpho Blue application, allowed a hacker to breach an address and steal the funds. The exploit was intercepted by a white-hat actor known as "c0ffeebabe.eth," who front-ran the transaction and moved the stolen funds to a new address. In response, Morpho Labs rolled back the update, claiming that all funds within the protocol were safe, and further investigation showed no additional security issues.

5. LSC Data Breach Exposes Data of 1.6M People

Laboratory Services Cooperative (LSC), a Seattle-based nonprofit, suffered a data breach affecting 1.6 million individuals. The breach, which occurred in October 2024, exposed sensitive data such as names, SSNs, medical records, insurance details, and financial information. Hackers accessed data primarily belonging to individuals who had lab tests conducted through Planned Parenthood centers that utilize LSC’s services. LSC is offering free credit and medical identity monitoring to affected individuals, with a special program for minors without SSNs.

6. Nippon Life India Reports Cyberattack

Nippon Life India Asset Management Ltd (NAM India) reported a cyberattack on its IT systems late on April 9th. The company swiftly responded by shutting down the affected systems to prevent further damage and began collaborating with cybersecurity experts to assess the situation. Although specific details of the attack remain undisclosed, an official disclosure was made to the stock exchanges. Despite the cyberattack, NAM India's stock price saw a 6 percent increase, reflecting investor confidence.

Report Incident

📢 Cyber News

7. Justice Department Begins Data Security Plan

The U.S. Justice Department introduced the Data Security Program to safeguard sensitive personal and government-related data from foreign adversaries. Targeting threats from countries like China, Russia, and Iran, the initiative aims to prevent espionage, surveillance, and economic sabotage through data exploitation. The program implements export controls, restricting foreign access to critical data types such as financial, biometric, and health information. The initiative includes compliance guidance and a 90-day grace period, giving entities until October 2025 to fully align with its provisions while prioritizing public engagement and support for businesses to comply effectively.

8. China Owns Cyberattacks on US Infrastructure

In December 2024, Chinese officials confirmed in a secret meeting that they had conducted cyberattacks against US infrastructure. These attacks, part of the Volt Typhoon campaign, utilized advanced techniques like zero-day vulnerabilities, targeting critical sectors such as communications, energy, and manufacturing. The US delegation interpreted the attacks as a response to US support for Taiwan, with the aim of deterring US involvement in potential conflicts between China and Taiwan. The meeting also briefly addressed the Salt Typhoon campaign, which compromised telecom systems and involved cyberespionage, but the primary focus remained on the Volt Typhoon threat.

9. US Interior Department Fires Cyber Leaders

The U.S. Department of the Interior recently dismissed senior cybersecurity officials due to a dispute with DOGE over unauthorized data access. This conflict arose from efforts to reduce government spending by analyzing sensitive federal data with AI systems. The dismissed officials, including CIO Darren Ash and CISO Stan Lowe, opposed the push for unvetted access. These moves reflect ongoing tensions between cybersecurity professionals and political figures aiming to cut federal costs.

📈Cyber Stocks

💡 Cyber Tip

Watch Out for Fake Downloads & Malvertising Sites

Cybercriminals are using SEO manipulation and paid ads to impersonate popular apps like Firefox, WhatsApp, and ChatGPT, luring users to malicious sites that steal data.

✅ Actions You Should Take:

Stick to official sources – Always download software directly from verified vendor sites, not through search engine ads.

Use browser security tools – Enable features like safe browsing and install ad-blockers to reduce exposure to malicious links.

Educate your team – Brief employees about the risks of downloading from search results or clicking promoted links.

Why it matters: Fake download sites can silently infect your device or steal sensitive credentials. Even tech-savvy users can be tricked, so vigilance and policy go hand in hand.