By 63SATS News Desk
India released its first Digital Threat Report for the BFSI sector, while Canada exposed a China-linked campaign targeting PM candidate Mark Carney. Microsoft patched a zero-day flaw exploited by PipeMagic ransomware. Spyware targeting Uyghur, Tibetan, and Taiwanese groups was uncovered by global cybersecurity allies. CISA flagged a critical CentreStack vulnerability.
Major incidents include the WK Kellogg breach, PoisonSeed crypto scam, Czech PM’s X account hack, and ransomware hits on Taiwan’s hospitals and Australia’s pension funds. The Europcar breach and Seattle port cyberattack further highlight growing vulnerabilities in critical digital infrastructure.
India Releases First Digital Threat Report for BFSI
India’s Digital Threat Report 2024 highlights the rising cyber risk in the BFSI sector, driven by $3.1T digital payment projections. Issued by MeitY, CERT-In, CSIRT-Fin, and SISA, it recommends MFA, patching, and secure network zones to counter AI-led fraud and supply chain attacks.
China-Linked Disinformation Targets Canadian PM Candidate
A China-backed campaign using WeChat is targeting PM hopeful Mark Carney ahead of Canada’s April elections. The disinformation targets Chinese-speaking communities via anonymous accounts, aiming to sway votes. Authorities see it as part of broader geopolitical interference efforts through linguistic manipulation and digital narratives.
Microsoft Flags Zero-Day Ransomware Attacks via PipeMagic
Microsoft patched a zero-day CLFS flaw (CVE-2025-29824) used in ransomware attacks against global IT, finance, and retail sectors. Tracked as Storm-2460, the group used PipeMagic malware to exploit SYSTEM privileges. Immediate patching is urged to prevent further infiltration.
Spyware Targets Uyghur, Tibetan, and Taiwanese Communities
UK’s NCSC and allies warn of BADBAZAAR and MOONSHINE spyware targeting minority groups and activists. Linked to Chinese surveillance, the spyware tracks individuals via smartphones. The advisory highlights ongoing digital repression campaigns against civil society linked to geopolitical dissent.
CISA Flags CentreStack RCE Vulnerability
CISA added CVE-2025-30406 to its KEV list—a critical CentreStack flaw allowing remote code execution via hard-coded MachineKeys. The issue was patched on April 3. CISA urges immediate upgrades to protect cloud file-sharing services.
Maha CM Pushes for Tech-Driven Policing in Maharashtra
CM Devendra Fadnavis launched the Nirbhaya Cyber Lab and new cyber police stations to counter surging digital crime. He also introduced forensic vans and women-focused police cells. He stressed urgent tech adoption to fight cyber fraud and abuse.
WK Kellogg Confirms Data Breach Linked to Cleo Hack
WK Kellogg’s data breach exposed employee and vendor info via Cleo’s exploited file transfer tools. The breach—tied to Clop ransomware—used zero-day vulnerabilities and occurred in December 2024. Investigations are underway to assess damage and bolster data security.
PoisonSeed Scam Steals $46M in Crypto
A phishing campaign, dubbed PoisonSeed, uses CRM platforms to send deceptive wallet seed phrases. Victims unknowingly create wallets controlled by attackers. Coinbase has issued warnings, as $46M in funds have been stolen since mid-March.
Russian CEO Arrested Over Troll Farm, Crime Links
Aeza Group CEO Yuri Bozoyan was arrested in Moscow for criminal and cyber-related activities. Aeza is linked to disinformation campaigns and troll farms tied to the Kremlin. Raids revealed ties to drug trafficking and propaganda networks.
Czech PM’s X Account Hacked, Fake War Alert Posted
Hackers compromised Czech PM Petr Fiala’s X account, posting a false Russian attack alert. Though quickly removed, the incident raised alarms about political disinformation campaigns and cybersecurity gaps in high-level digital platforms.
Allied Nations Warn of ‘Fast Flux’ Attack Method
Cybersecurity agencies from five countries warned of fast flux DNS techniques used to evade detection. By constantly rotating IPs, attackers maintain control of malware infrastructure and make takedowns difficult, posing new challenges for defenders.
J&K Cyber Police Bust 7,200 Mule Accounts in Scam
J&K Cyber Police exposed a scam involving 7,200 mule accounts used to launder money through fake investments and betting. Funds were layered via crypto. 21 arrests were made, underscoring Telegram’s role in fraud networks.
Taiwan IDs Chinese Hacker in Hospital Ransomware Case
A 20-year-old Chinese hacker, “Crazyhunter”, was charged in Taiwan for a ransomware attack on MacKay Memorial Hospital. The attacker posted stolen patient data online after ransom demands were rejected. Authorities confirmed links to Chinese cybercrime forums.
Hackers Breach 20,000+ Australian Pension Accounts
Over 20,000 retirement accounts were compromised in a major cyberattack on Australia’s pension sector. Officials urged enhanced security measures and account monitoring. The breach spotlights the financial sector’s vulnerability to targeted digital threats.
Seattle Port Cyberattack Exposes 90,000 Records
The Port of Seattle reported a ransomware attack by the Rhysida group, affecting 90,000 individuals. The breach disrupted airport and seaport operations. Flight check-ins, reservation apps, and IT systems were temporarily taken offline.
Europcar GitLab Breach Exposes Source Code, Data
A cybercriminal breached Europcar’s GitLab, stealing app source code and customer data. The attacker threatened to leak 37GB of sensitive files unless demands were met. Europcar operates across 140 countries, heightening global concern.
