Cyber Briefing: 2025.05.06
👉 What's the latest in the cyber world today?
Critical vulnerabilities, API leaks, and phishing-as-a-service campaigns reveal exposed configurations, EDR bypasses, and global data breaches across Android, AI, government, and financial systems.
Listen to our podcast here!
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents, and news every weekday.
First time seeing this? Please subscribe
Microsoft issued a warning about the security risks associated with default configurations in Kubernetes Helm charts. These charts often lack key security measures like authentication, leaving services exposed to attackers. The security flaws were found in several widely used charts, including Apache Pinot, Meshery, and Selenium Grid. Microsoft advised organizations to carefully review these configurations, ensuring that authentication, network isolation, and secure practices are in place.
Google’s May security updates for Android have fixed 46 security flaws, including one critical vulnerability, CVE-2025-27363. This high-severity flaw in the System component enables local code execution without additional privileges and was exploited in the wild. The flaw, which stems from the FreeType open-source font library, allows attackers to execute code by manipulating TrueType GX and variable font files. Google’s update also addressed eight other vulnerabilities in the Android System and 15 in the Framework module, making exploitation more difficult with improvements in newer Android versions.
A new security vulnerability in SentinelOne's endpoint detection and response (EDR) system has been exploited by attackers. The "Bring Your Own Installer" technique takes advantage of a gap during the agent upgrade process to disable SentinelOne's tamper protection. This leaves devices unprotected, allowing ransomware like Babuk to be installed. Researchers from Stroz Friedberg discovered this attack after investigating a customer's network breach, where attackers used this technique to bypass protections and deploy ransomware. SentinelOne has advised customers to enable the "Online Authorization" feature to mitigate this issue.
For more alerts, click here!
A hacker gained unauthorized access to TeleMessage, an Israeli firm offering modified versions of popular messaging apps like Signal and WhatsApp, which are used by the U.S. government. The breach exposed a variety of sensitive data, including unencrypted messages from government officials and financial entities, such as Customs and Border Protection (CBP) and Coinbase. While cabinet-level messages from top U.S. officials were not compromised, the attack revealed critical contact information and political discussions.
GlobalX, the airline that was used by the Trump administration for deportation flights, has been hacked. The breach was reported by 404 Media, which revealed that hackers defaced the airline’s website and shared stolen data. The attackers, who claimed to be part of the hacktivist group Anonymous, cited court rulings that required the Trump administration to reverse wrongful deportations, particularly involving El Salvador. The hackers’ message condemned the airline for its involvement in deportation flights.
A private API key from Elon Musk’s xAI was exposed on GitHub for over two months, compromising 60 sensitive models. The leak gave unauthorized access to proprietary data from SpaceX, Tesla, and Twitter/X, including Grok’s development versions. Despite initial alerts, xAI took over a month to revoke the exposed key, signaling poor security practices. This breach highlights the need for improved credential management and stronger AI system security, especially in sectors handling sensitive data.
For more incidents, click here!
The White House has proposed slashing the Cybersecurity and Infrastructure Security Agency's (CISA) budget by $491 million. The goal is to refocus the agency on its original mission of hands-on cybersecurity defense, while eliminating waste and inefficiency. CISA has been criticized for becoming too involved in programs dealing with misinformation and external affairs, which the White House claims led to violations of the First Amendment. The proposal aims to remove offices deemed duplicative and reallocate resources
The US Treasury Department sanctioned the Karen National Army (KNA) and its leader, Saw Chit Thu, for their involvement in cyber fraud. KNA has been accused of controlling scamming compounds in Shwe Kokko, where individuals are forced into fraudulent activities. These operations target unsuspecting victims, including through cryptocurrency scams, and have led to significant financial losses, especially in the US. The sanctions aim to disrupt the KNA’s criminal activities.
Security researchers uncovered one of the largest credit card theft operations involving Darcula. This Phishing-as-a-Service platform stole 884,000 credit card details across 32 countries, resulting in losses over $150 million. Darcula’s subscription-based model enabled low-skilled criminals to launch advanced attacks, bypassing multi-factor authentication with session hijacking techniques. The operation used sophisticated methods to conceal its tracks, making it difficult for law enforcement to track and prosecute the criminals behind it.
📈Cyber Stocks
💡 Cyber Tip
Review and Lock Down Public Git Repositories to Prevent API Key Exposure
xAI’s API key leak highlights the risk of storing secrets in public code repositories, exposing sensitive models and systems for months.
✅ Actions You Should Take:
Why it matters: Leaked API keys can silently grant access to sensitive data, models, or infrastructure, making them a prime target for attackers.
📚 Cyber Book
Reconnaissance for Ethical Hackers by @Glen D.Singh
📊 Cyber Poll
What’s the safest way to manage API keys in production?
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: