Cyber Briefing: 2025.04.29
New CVEs, ransomware attacks, and quantum risks reveal critical flaws, rising DDoS threats, and growing security gaps across Linux, Git servers, government sites, and major enterprises worldwide.
Listen to our podcast here!
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this?
👉 What's the latest in the cyber world today?
🚨 Cyber Alerts
1. Kali Linux Warns Users of Signing Key Issue
Offensive Security has urged Kali Linux users to manually install a new package signing key after the original one was lost. Although the key was not compromised, its disappearance has caused update signature verification to fail across many systems. Users relying on older installations are now encountering errors when attempting to install or upgrade software. OffSec has published detailed steps for securely replacing the key and recommends downloading fresh Kali ISO images for those who prefer a clean reinstall.
2. Surge in Cyberattacks Targeting Git Files
GreyNoise recently observed a record-breaking increase in cyber reconnaissance attempts targeting Git configuration files. On April 20-21, more than 4,800 unique IP addresses were detected trying to access these sensitive files, a clear sign of rising threats. The activity is linked to vulnerabilities like CVE-2021-23263, which exposes .git directories on web servers, allowing attackers to download sensitive information, including credentials and commit history. Organizations are advised to secure .git directories, monitor server logs, and rotate any exposed credentials to prevent breaches.
3. Linux Kernel Flaw Lets Attackers Gain Root
A critical vulnerability in the Linux kernel’s Virtual Socket (vsock) implementation, CVE-2025-21756, allows local attackers to escalate privileges to root level, potentially compromising systems. The flaw, which scores 7.8 (high) on the CVSS scale, stems from improper socket binding handling during transport reassignment, leading to a use-after-free condition. Exploitation allows attackers to bypass security mechanisms like AppArmor, leak memory addresses, and craft a Return-Oriented Programming (ROP) chain for privilege escalation.
For more alerts click here!
💥 Cyber Incidents
4. Hitachi Vantara Hit by Ransomware Attack
Hitachi Vantara confirmed a ransomware attack on April 26, 2025, attributed to the Akira group. The attack led to internal system disruptions, although customer cloud services were unaffected. Hitachi activated its incident response protocols and enlisted external experts to manage the recovery efforts. The breach highlights ongoing vulnerabilities as ransomware gangs continue targeting high-profile enterprises globally.
5. Dutch Websites Targeted in DDoS Attack
Several Dutch provincial and municipal websites were taken offline by a DDoS attack on Monday. The pro-Russian hacker group NoName claimed responsibility, citing the Netherlands' military and financial support for Ukraine as their motive. The targeted sites included those of the provinces of Groningen, North Holland, and North Brabant, as well as cities like Apeldoorn and Nijmegen. These attacks caused significant disruptions, making websites difficult or impossible to reach, but the sites were restored later in the day, with no reports of sensitive data being compromised.
6. DuPage County Targeted by Ransomware Attack
DuPage County, Illinois, experienced a ransomware attack on April 28, 2025, affecting several key offices, including the Sheriff’s Office, 18th Judicial Circuit Court, and Circuit Court Clerk’s Office. As a result, critical systems were taken offline, but the Sheriff’s Office assured there was no impact on jail operations or public safety. While some court operations faced minimal disruption, in-person hearings were able to proceed as scheduled. The County has reached out to the FBI and Secret Service, and the investigation into the attack is ongoing.
For more incidents click here!
📢 Cyber News
7. IBM Announces $150B US Investment Plan
IBM revealed a sweeping $150 billion investment plan to enhance U.S. leadership in computing. This includes over $30 billion dedicated to research and development for mainframe and quantum computing. With a focus on American manufacturing, the company emphasizes the importance of these technologies for national security and economic growth. IBM aims to expand its quantum computing footprint and maintain U.S. dominance in critical technologies like quantum research and national defense.
8. Europol Targets Youth Online Recruitment
Europol has launched the OTF GRIMM task force to tackle the rise of youth recruitment by crime groups. This initiative involves law enforcement from several European countries, including Sweden, Belgium, and Germany. The focus is on dismantling "violence-as-a-service" networks that exploit young people for illegal activities such as cyberattacks and trafficking. The task force will work with tech companies to prevent youth recruitment and strengthen cross-border intelligence sharing.
9. Organizations Unprepared for Quantum Threats
The latest ISACA survey reveals a concerning lack of preparedness among organizations for future quantum-enabled threats. Just 5% of IT professionals reported having a strategy in place to defend against such attacks, with only 3% considering it a high business priority. Experts have raised alarms about the potential of quantum computers breaking existing encryption methods like RSA and AES, which could leave sensitive data exposed. The survey also highlighted a general lack of understanding of NIST's post-quantum cryptography standards, with 44% of IT professionals unfamiliar with these guidelines, despite their importance in securing systems against future quantum threats.
For more news click here!
📈Cyber Stocks
💡 Cyber Tip
Secure .git Directories to Prevent Credential Exposure
A surge in attacks is targeting exposed .git directories on web servers, risking leaks of credentials, source code, and sensitive project history.
✅ Actions You Should Take:
Restrict access – Block public access to .git directories using server configurations (e.g.,
.htaccess,nginxrules).Scan for exposure – Regularly scan your public-facing sites for unintended Git repository leaks.
Rotate credentials – If exposure is detected, immediately rotate any potentially compromised credentials.
Why it matters: Exposed Git directories give attackers a blueprint to your codebase, sensitive data, and even security flaws, making quick mitigation critical.
📚 Cyber Book
The Basics of Hacking and Penetration Testing by Patrick Engebretson
📊 Cyber Poll
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.