DJBSEC's CyberNews 3-24-25

Created in March 24, 2025

2025   ·   CyberNews   ·   News

Cybersecurity Stories Summary

Story 1. Cloudflare Now Blocks All Unencrypted Traffic to Its API Endpoints

Cloudflare has implemented a new security policy that blocks all unencrypted (HTTP) traffic to its API endpoints, enforcing HTTPS-only connections. This move aims to strengthen user data protection and prevent man-in-the-middle attacks that exploit unsecured transmissions. The change could impact older applications or tools that still use HTTP, prompting developers to update their integrations. Cloudflare encourages all users to adopt secure communication protocols going forward.
Read more here

Story 2. FBI Confirms Fake File Converters Are Actively Pushing Malware

The FBI has confirmed that free online file converter websites are being used to distribute malware under the guise of harmless file conversion services. These platforms lure users with promises of converting documents, videos, or images, but secretly deliver spyware and remote access trojans (RATs). Victims unknowingly compromise their systems when downloading the output. Users are advised to stick to trusted software for file conversions and avoid suspicious websites.
Read more here

Story 3. Cybercriminals Exploiting Notification Channels to Spread Malware

Hackers are increasingly abusing legitimate notification systems—like browser alerts, push notifications, and mobile pop-ups—to deliver malicious links and social engineering messages. These tactics exploit user trust in seemingly routine system messages, leading to credential theft or malware downloads. The attacks often mimic well-known platforms like Microsoft, Google, or banking apps. Experts advise users to avoid clicking pop-up messages and to access services directly through official apps or websites.
Read more here

Story 4. Microsoft Exchange Online Bug Mistakenly Quarantines Legitimate Emails

A recent bug in Microsoft Exchange Online caused legitimate user emails to be incorrectly flagged and quarantined. The issue affected both internal and external email delivery, frustrating organizations that rely heavily on cloud-based communication. Microsoft has since acknowledged the problem and issued a fix, but not before users reported disruptions to workflow and delayed correspondence. Administrators are urged to review quarantine policies and adjust filtering settings as needed.
Read more here

Story 5. UAT-5918 Threat Group Targets Critical Infrastructure in Taiwan

A suspected state-sponsored group identified as UAT-5918 has launched cyberattacks against critical infrastructure in Taiwan, including telecom and energy sectors. The group, believed to be aligned with China, is using advanced persistent threat (APT) tactics to steal sensitive data and establish long-term access. The attacks are part of broader geopolitical tensions and efforts to destabilize key industries. Taiwanese authorities are responding with heightened monitoring and coordinated defense strategies.
Read more here

Story 6. Hacker Claims to Have Access to 6 Million Oracle Customer Records

A hacker is claiming responsibility for breaching Oracle and stealing over 6 million customer records, allegedly including sensitive business data and credentials. The individual is offering the stolen data for sale on a dark web forum and has posted samples to prove legitimacy. If true, this breach could have widespread implications for Oracle customers globally. Oracle has denied any confirmed breach, stating it is investigating the claim.
Read more here

Story 7. Oracle Denies Breach After Hacker Offers 6 Million Records for Sale

Following the claims of a massive breach, Oracle has issued a public statement denying any evidence of unauthorized access to its systems. The company asserts that internal reviews have not identified any data compromise and continues to investigate the situation. Meanwhile, cybersecurity experts are analyzing the hacker’s data samples for authenticity. Users are advised to remain cautious and monitor their Oracle services for unusual activity.
Read more here

Story 8. Coinbase Was the Primary Target in Recent GitHub Actions Attacks

Recent breaches involving GitHub Actions have been linked to a campaign targeting Coinbase, with attackers exploiting misconfigured automation workflows. By injecting malicious code into GitHub repositories, the attackers attempted to exfiltrate secrets and steal data from the cryptocurrency platform. Coinbase acted swiftly to mitigate the attack and reported no customer impact. GitHub has advised developers to harden workflow permissions and audit repositories for exposure.
Read more here



Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2025-07-11
  • DJBSEC's CyberNews 2025-07-10
  • DJBSEC's CyberNews 2025-07-09
  • DJBSEC's CyberNews 2025-07-08
  • DJBSEC's CyberNews 2025-07-07