Cyber Briefing: 2025.04.18
Today's update covers SSH and NTLM bugs, Docker-targeted malware, major breaches, spyware client leaks, U.S. cyber law renewal, and risks from data routed via Chinese networks.
Listen to our podcast here!
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this?
👉 What are the latest cybersecurity alerts, incidents, and news?
🚨 Cyber Alerts
1. Erlang OTP SSH Vulnerability Exposes Systems
A newly discovered critical vulnerability in Erlang/OTP SSH, tracked as CVE-2025-32433, allows unauthenticated remote code execution. The flaw, identified by researchers from Ruhr University Bochum, carries a maximum severity score of 10.0, posing significant risks to all affected devices. The vulnerability results from improper handling of pre-authentication SSH protocol messages, enabling attackers to execute commands with the same privileges as the SSH daemon, which often runs as root.
2. XorDDoS Expands Attacks to Docker Servers
XorDDoS malware has seen significant growth in its attacks, with an increasing focus on Docker servers alongside Linux systems. Between November 2023 and February 2025, 71.3% of these attacks targeted the U.S., with other countries like Japan, Canada, and Italy also heavily impacted. Initially entering through SSH brute-force attacks, the malware establishes persistence on compromised devices through scripts, enabling it to launch automatically at system startup. A new version of the XorDDoS sub-controller, along with a central controller, suggests that the malware is now being sold as a service for conducting widespread DDoS campaigns.
3. CISA Adds NTLM Flaw to Exploited List
CISA has added CVE-2025-24054 to its Known Exploited Vulnerabilities catalog due to active exploitation targeting Windows systems. The flaw, affecting the NTLM authentication protocol, allows attackers to leak NTLM hashes with little user interaction, making it an attractive target. Since March 2025, various phishing campaigns have been observed distributing malicious files to harvest NTLM hashes, with attacks reported in Poland and Romania. CISA has urged federal agencies to apply patches by May 8, 2025, to secure their systems against these evolving attacks and mitigate risks such as lateral movement and privilege escalation within compromised networks.
Click here for more alerts!
💥 Cyber Incidents
4. Jani-King Reports Breach Impacting Users
Jani-King International, Inc. recently informed the Attorney General of California about a data breach affecting sensitive personal information. The breach, which occurred between November 26, 2024, and December 21, 2024, resulted from an unauthorized third party accessing internal systems. The company’s investigation confirmed that the exposed data included names, Social Security numbers, and addresses. Jani-King is notifying the affected individuals and offering free credit monitoring services to protect against potential identity theft and misuse of their personal information.
5. KWS Manufacturing Reports Data Breach
KWS Manufacturing Company, LLC recently reported a potential data breach to the Attorney General of Maine. The breach was identified after suspicious activity was detected in its computer systems between January 24 and 25, 2025. Sensitive personal information, including Social Security numbers, financial details, and medical information, may have been accessed by an unauthorized third party. KWS has begun notifying affected individuals and is providing complimentary credit monitoring services to mitigate risks.
6. William Buck Investigates Cyber Incident
William Buck, a consulting company in Australia, is investigating a cyber incident involving unauthorized access to its IT systems and potentially impacted data. Upon detecting the breach, the company swiftly activated its incident response plan and mobilized its Crisis Management Team to ensure the security of its systems. External experts were brought in to assist with the investigation and ensure appropriate steps were taken in response. While a limited number of files have been identified as potentially impacted, the company is directly notifying affected clients and remains committed to keeping all stakeholders informed as more details emerge.
Click here for more incidents!
📢 Cyber News
7. US Cybersecurity Info Sharing Bill Extension
Two U.S. senators have introduced a bill to extend the Cybersecurity Information Sharing Act of 2015. The proposed legislation encourages companies to voluntarily share data on cybersecurity threats with the Department of Homeland Security (DHS). This law has been essential in helping federal agencies prevent cyberattacks, including major incidents like the SolarWinds breach. By extending the law for another decade, the senators aim to maintain a collaborative approach to cybersecurity between the government and private sector, ensuring continued protection against evolving cyberthreats.
8. NSO Lawyer Names Customers in Hearing
NSO Group’s lawyer, during a court hearing, confirmed that Mexico, Saudi Arabia, and Uzbekistan were clients of the company, using its Pegasus spyware in the 2019 WhatsApp hacking campaign. This marks the first time NSO Group has publicly acknowledged its clients, after years of secrecy surrounding the issue. The hack targeted over 1,200 WhatsApp users, including journalists, human rights activists, and other members of civil society, through a vulnerability in the app’s system. WhatsApp, in its lawsuit, seeks damages and an injunction against NSO Group to prevent further misuse of Pegasus and protect users' private communications.
9. US Allies Use Chinese Networks Raising Risks
A new report reveals that several U.S. allies, including Japan and South Korea, route sensitive mobile traffic through Chinese-owned networks. These providers, such as China Mobile International, can access unencrypted mobile data, exposing users to potential surveillance. The report warns of serious risks, including real-time location tracking, interception of communications, and malware installation. It calls for urgent policy changes to secure global mobile networks and protect privacy.
Click here for more news!
📈Cyber Stocks
💡 Cyber Tip
Patch Critical Erlang SSH Vulnerability to Prevent Remote Exploits
A newly discovered flaw in Erlang/OTP SSH (CVE-2025-32433) allows unauthenticated attackers to execute remote code with root privileges, posing a severe risk to affected systems.
✅ Actions You Should Take:
Update immediately – Apply the latest Erlang/OTP patches to eliminate the vulnerability.
Restrict SSH access – Limit SSH access to trusted IPs and monitor login attempts for anomalies.
Harden daemon privileges – Run SSH services with the least privileges necessary to reduce potential impact.
Why it matters: This vulnerability is rated 10.0 in severity, making it a prime target for exploitation. Left unpatched, it allows attackers to take full control of systems with no login required.
📚 Cyber Book
Malware Analysis and Detection Engineering by Abhijit Mohanta and Anoop Saldanha
📊 Cyber Poll
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.