Noteworthy stories that might have slipped under the radar: stealing browser data via Syncjacking, hackers falsely claim AWS breach, Google prevented 2 million bad apps from reaching Google Play.
January 31, 2025
SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Cybersecurity legislation preparedness initiative for open source
Linux Foundation Europe and OpenSSF announced a joint-initiative to help open source manufacturers, maintainers, and stewards prepare for the implementation of cybersecurity legislation such as the EU Cyber Resilience Act (CRA). The effort will focus on formalizing cybersecurity specifications, offering compliance guidance, and implementing compliance processes and tooling.
BeyondTrust investigation into leaked API key
BeyondTrust announced it has completed its investigation into the December 2024 compromise of an API key for its Remote Support SaaS. The incident led to the discovery of two zero-day vulnerabilities in the Privileged Remote Access (PRA) and Remote Support (RS) enterprise solutions, and impacted 17 customers, including the US Department of the Treasury.
Texas county discloses cyberattack
Matagorda County in Texas disclosed a cyberattack that led to malware being deployed on its network and resulted in the disruption of certain operations after the impacted systems were isolated. Various departments have been affected, but the county has no indication that personal information might have been compromised.
Hackers making exaggerated claims about hacking AWS
It’s not uncommon for some hacker groups to make exaggerated claims. One such group is called GDLockerSec and it recently claimed to have hacked the AWS cloud service. An investigation by threat intelligence firm Kella showed that there was no breach of AWS systems. The data may have been obtained from a third-party’s unprotected AWS S3 instance, but Kela found that it had already been publicly available on other platforms.
North Korea’s Operation Phantom Circuit
North Korean state-sponsored hacking group Lazarus has compromised over 1,500 systems between November 2024 and January 2025 as part of a campaign dubbed Operation Phantom Circuit. Hitting developers in Europe, India, and other countries, the campaign focused on the theft of credentials, tokens, and system information, on monitoring the victims, and on compromising the supply chain for cryptocurrency and authentication systems.