Cyber Briefing: 2025.04.30

Fresh vulnerabilities, cloud risks, and global breaches reveal zero-click exploits, insecure defaults, and growing threats across Apple devices, AWS, defense systems, retail, and AI platforms.

Apr 30, 2025

Listen to our podcast here!

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this?

👉 What's trending in cybersecurity today?

Get Help

🚨 Cyber Alerts

1. Apple AirPlay Bugs Expose Devices to Attacks

Oligo Security uncovered 23 serious vulnerabilities in Apple’s AirPlay protocol and SDK that expose both Apple and third-party devices to remote attacks, including data theft, malware propagation, and system hijacking. Two of these flaws, CVE-2025-24252 and CVE-2025-24132, enable wormable, zero-click remote code execution, allowing attackers to compromise devices without any user interaction and spread malware across networks. Oligo and Apple collaborated on responsible disclosure, issuing patches for 17 CVEs, while users and organizations are strongly urged to update their systems, limit AirPlay access, and apply firewall restrictions to prevent abuse.

2. AWS Default Roles Expose Cloud to Attacks

Researchers discovered major security flaws in default IAM roles used by Amazon Web Services offerings such as SageMaker, Glue, and EMR, along with open-source tools like Ray. These roles often include overly broad permissions like AmazonS3FullAccess, meant to simplify onboarding but instead create dangerous attack paths. A compromised role can let attackers access all S3 buckets, inject malicious code, and manipulate resources across AWS services. AWS responded by narrowing default permissions and updating guidance, but open-source tools like Ray remain exposed.

3. Gremlin Stealer Malware Sold on Telegram

Gremlin Stealer, a new infostealer variant, has been spreading since mid-March 2025, primarily promoted via a Telegram channel called CoderSharp. It’s capable of stealing a wide range of data from compromised Windows devices, including browser passwords, credit card information, and even cryptocurrency wallet data. The malware, written in C#, stores stolen data in plain text files within the device’s LOCAL_APP_DATA folder before compressing and sending it to a server via a Telegram bot.

For more alerts click here!

Check Jobs

💥 Cyber Incidents

4. Verisource Services Breach Affects 4 Million

Verisource Services, a Houston-based company, suffered a data breach in February 2024. Initially reported as affecting 1,382 individuals, the breach was later revised to impact up to 4 million people. Hackers gained access to sensitive personal information, including Social Security numbers and health data. Affected individuals have been offered credit monitoring and identity theft protection services, with lawsuits filed against the company for negligence.

5. Cyberattack on Four Indian Defense Websites

A Pakistan-based group attempted cyberattacks on four Indian defense-related websites. Targets included Army Public Schools, Army Welfare Housing Organisation, and Indian Air Force Placement Organisation. The attackers sought to deface pages, disrupt services, and steal data, but India’s cybersecurity systems isolated and neutralized the threat. Despite the persistent efforts, no critical systems were affected, showcasing the resilience of India’s defenses against these cyber intrusions.

6. Epicentr Cyberattack Disrupts Ukraine Stores

Epicentr, Ukraine’s largest home improvement retailer, experienced a major cyberattack that disrupted operations across dozens of its stores and disabled key IT systems including checkout, logistics, and accounting functions. Customers nationwide were unable to make purchases, track deliveries, or use the company’s digital platforms, leading to widespread service outages. Although Epicentr confirmed the incident was a deliberate attack, the company did not identify the responsible group or confirm whether ransomware was involved.

For more incidents click here!

Report Incident

📢 Cyber News

7. CISA Reforms Aim to Strengthen Cyber Defense

Homeland Security Secretary Kristi Noem assured cybersecurity professionals that ongoing reforms at CISA will strengthen its mission. Speaking at the RSA Conference in San Francisco, she said recent workforce cuts and program dissolutions are part of efforts to refocus the agency on core cybersecurity functions. Despite criticism from former officials and concerns about discontinued tools and initiatives, Noem emphasized that the changes aim to make CISA more responsive and efficient. She added that upcoming federal budget proposals will further outline the agency’s evolving priorities, including a renewed push for secure-by-design products and a step back from countering online misinformation.

8. India Court Orders Block of Proton Mail

India's Karnataka High Court has ordered the blocking of encrypted email provider Proton Mail following a legal complaint from New Delhi-based M Moser Design Associates. The company alleged that its employees received obscene and vulgar emails sent via Proton Mail, which refused to share sender details despite a police complaint. The court directed the Indian government to block Proton Mail under the Information Technology Act, citing concerns about the email service’s failure to cooperate.

9. Meta Launches LlamaFirewall for AI Security

Meta has launched LlamaFirewall, an open-source framework designed to address emerging cybersecurity risks in artificial intelligence systems. This new framework incorporates three key security components: PromptGuard 2, Agent Alignment Checks, and CodeShield. PromptGuard 2 helps detect real-time prompt injections and jailbreak attempts, while Agent Alignment Checks ensures AI systems' goal alignment to avoid indirect prompt injections. CodeShield, a static analysis engine, focuses on preventing AI agents from generating insecure code.

For more news click here!

📈Cyber Stocks

💡 Cyber Tip

Review and Restrict Overly Permissive AWS IAM Roles Immediately

Researchers found that default IAM roles in services like SageMaker and Glue often grant excessive permissions, creating major cloud security risks.

✅ Actions You Should Take:

Audit IAM roles – Check for roles with broad permissions like AmazonS3FullAccess and limit them to only what’s needed.
Use least privilege – Apply the principle of least privilege to all cloud roles and policies.
Monitor usage – Implement logging and alerts for unexpected role usage or access patterns.

Why it matters: Overly permissive roles make it easier for attackers to move laterally and compromise cloud environments if any component is breached.