DJBSEC's CyberNews 7-2-2025

1. Qantas Airlines Hit by Cyberattack

Qantas Airlines has suffered a cyberattack leading to the exposure of sensitive customer data. Hackers reportedly accessed booking details, personal information, and frequent flyer data, raising concerns over potential identity theft. The airline has begun notifying affected customers and is working with cybersecurity experts to investigate the breach. This incident adds to the growing number of attacks targeting the global airline sector in recent months.

2. Critical RCE Flaw in Anthropic’s MCP Inspector

A critical remote code execution (RCE) vulnerability has been discovered in Anthropic’s MCP Inspector tool, exposing developer machines to potential attacks. The flaw allows attackers to execute arbitrary commands on affected systems without authentication. Security researchers urge developers using the tool to apply patches immediately to prevent exploitation. This vulnerability highlights the risks associated with widely used development tools when security practices are overlooked.

3. Vulnerability in Forminator WordPress Plugin

A high-severity vulnerability has been found in the popular Forminator WordPress plugin used for creating forms and quizzes. The flaw allows unauthenticated attackers to upload malicious files, potentially leading to full site compromise. Over 300,000 websites using the plugin are at risk if they do not update to the latest patched version. Security experts recommend immediate updates to prevent exploitation by threat actors scanning for vulnerable WordPress sites.

4. Cl0p Ransomware Exploits RCE Vulnerability in MOVEit

Researchers have uncovered that the Cl0p ransomware group is exploiting a remote code execution vulnerability in MOVEit file transfer software. This flaw enables attackers to steal data from targeted organizations and deploy ransomware to encrypt critical files. The vulnerability has been assigned a critical severity score, and organizations using MOVEit are urged to apply patches immediately. This marks another major exploitation campaign by Cl0p targeting enterprise software.

5. Hacktivist Group Claims Attacks Across 20 Critical Sectors

A hacktivist group has claimed responsibility for cyberattacks targeting 20 critical sectors including healthcare, finance, and energy. The group states their motivation is political and aims to disrupt essential services to push their agenda. Security agencies are investigating these claims to assess the validity and scale of the attacks. This campaign highlights the persistent threat of politically motivated cyberattacks against national infrastructure.

6. Aeza Group Sanctioned for Hosting Ransomware and Infostealer Servers

The US government has sanctioned Russian internet provider Aeza Group for hosting infrastructure used by ransomware gangs and infostealer operations. Aeza allegedly provided services to cybercriminals distributing malware such as RedLine and Raccoon Stealer. The sanctions aim to disrupt the company’s operations and cut off cybercriminals from reliable hosting services. This move underscores continued efforts to dismantle cybercrime ecosystems by targeting their supporting infrastructure.