Cyber Briefing: 2025.04.22
The cybersecurity updates for today highlight WordPress ad fraud, VPN and SSL flaws, cyberattacks on Abilene and Wan Hai, Maxxis breach, MITRE’s CAD tool, Ukraine’s new law, and CISA officials resign.
Listen to our podcast here!
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this?
👉 What's the latest in the cyber world today?
🚨 Cyber Alerts
1. Scallywag Ad Fraud Uses WordPress Plugins
Cybersecurity researchers uncovered "Scallywag," an extensive ad fraud operation that generated over 1.4 billion fraudulent ad requests each day. The scheme exploited WordPress plugins to monetize pirated content through deceptive intermediary pages, masking its fraudulent nature. Sold as a service, these plugins allowed cybercriminals worldwide to profit from ad fraud. Although exposed, the operation continues to evolve, with scammers rotating domains and adjusting tactics to evade detection.
2. Speedify VPN Flaw Exposes macOS to Attack
A severe vulnerability, CVE-2025-25364, was discovered in Speedify VPN's macOS application, allowing local privilege escalation and full system compromise. The flaw was located in a helper tool, me.connectify.SMJobBlessHelper, which ran with root access, enabling attackers to exploit improper input validation in the XPC interface. This allowed malicious users to inject arbitrary shell commands, granting them root-level access to the system. Once exploited, attackers could read, modify, or delete sensitive files, install malware, or gain full control over the affected device.
3. SSL.com Vulnerability Exposes Major Domain
A critical flaw in SSL.com’s domain validation system allowed attackers to fraudulently obtain TLS certificates for prominent domains, including Alibaba Cloud’s aliyun.com. This vulnerability was found in the Domain Control Validation method, enabling attackers to manipulate DNS records and email addresses to bypass authorization. SSL.com quickly revoked 11 affected certificates and disabled the flawed validation method. The incident highlights the risks of relying on automated systems for certificate validation and underscores the need for more robust checks.
For more alerts click here!
💥 Cyber Incidents
4. Abilene City Shuts Systems After Cyberattack
Abilene, Texas, recently experienced a cyberattack that prompted city officials to take several systems offline. The incident was first detected when city staff reported unresponsive servers within the internal network. In response, the IT team acted quickly, disconnecting affected systems and calling in cybersecurity experts to investigate. While emergency services remained fully operational, certain services were disrupted, including government card payment systems, which forced residents to pay using cash or checks.
5. Maxxis International Reports Data Breach
Maxxis International reported a data breach after an employee inadvertently clicked a malicious link, granting unauthorized access to their network. The breach occurred between October 17 and October 19, 2024, prompting an immediate investigation to determine the extent of the damage. Although Maxxis has not disclosed the exact types of exposed personal information, it may include sensitive data such as Social Security numbers, financial account numbers, or health records.
6. Wan Hai Shipping Targeted by Cyberattack
Wan Hai, a Taiwan-based container shipping company, experienced a hacking attack on its website on the 18th. The company swiftly responded by isolating the site and implementing various security measures to protect its network. Although the website remains offline, Wan Hai assured that there was no significant impact on its operations, personal data, or information security. The company has enlisted external cybersecurity experts to investigate the breach and strengthen its network defenses moving forward.
For more incidents click here!
📢 Cyber News
7. MITRE Launches New Cyber Attack-Defense Tool
MITRE has introduced its new Cyber Attack-Defense (CAD) tool as part of the D3FEND 1.0 release. The CAD tool allows cybersecurity professionals to build structured scenarios using D3FEND’s comprehensive knowledge graph. This innovative tool helps map attack vectors, countermeasures, and digital artifacts, enhancing threat analysis. It aims to improve collaboration and communication across security teams by providing an intuitive platform for building and sharing cybersecurity models.
8. Ukraine Boosts Cybersecurity With New Law
Ukrainian President Zelenskyy recently signed a comprehensive cybersecurity law to safeguard the country’s critical infrastructure. This new law introduces a risk-based approach to cybersecurity, focusing on enhanced coordination between national response teams and improving information sharing. One key aspect is the establishment of a National Cyber Incident Response System, which includes crisis protocols for emergency responses to large-scale cyberattacks. The law also mandates the creation of a Cyber Incident Information Exchange System, designed to streamline reporting and improve public-private sector collaboration.
9. Two Senior CISA Officials Resign Amid Cuts
Bob Lord and Lauren Zabierek, two senior officials at CISA, announced their resignations, citing personal difficulty in leaving but not sharing future plans. Their departures come amid ongoing staff reductions at the agency, which has faced significant cuts under the Trump administration, including potential layoffs of up to 1,300 employees. Lord, who had a background in security roles at the DNC, Yahoo, and Twitter, and Zabierek, formerly with Harvard Kennedy School, both contributed to CISA’s Secure by Design initiative. Despite these changes, CISA remains focused on cybersecurity efforts and collaboration across public and private sectors.
For more news click here!
📈Cyber Stocks
💡 Cyber Tip
Be Cautious with WordPress Plugins to Avoid Ad Fraud Schemes
Researchers uncovered a massive ad fraud operation abusing WordPress plugins to inject malicious code and monetize pirated content through fake ad traffic.
✅ Actions You Should Take:
Audit plugins regularly – Remove outdated or unused plugins and verify sources before installing new ones.
Use trusted marketplaces – Only download plugins from reputable developers or official directories.
Monitor site behavior – Set alerts for unusual traffic spikes or redirects that could indicate hidden fraud scripts.
Why it matters: Malicious plugins can turn your website into part of a fraud network without your knowledge, risking reputational damage and possible blacklisting.
📚 Cyber Book
Cybercrime through Social Engineering by Christopher Kayser
📊 Cyber Poll
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.