🛡️ Darkwire Weekly – Issue #3

Your No-Fluff Cybersecurity & Privacy Brief - Week of June 2, 2025

Dark Wire
June 03, 2025

Nation-State Supply Chain Breach: IT software vendor ConnectWise revealed a cyberattack by suspected nation-state hackers that breached its ScreenConnect remote support tool. Only a few MSP customers were impacted, but the attack exploited a now-patched vulnerability (CVE-2025-3935) to achieve remote code execution. ConnectWise has involved Mandiant and law enforcement, hardened its network, and alerted affected clients. (🔗 source)
Thousands of Routers Hijacked: A stealth campaign has backdoored 9,000+ ASUS routers worldwide with persistent SSH access that even survives reboots. Hackers exploited a known bug (CVE-2023-39780) and other flaws to build what looks like a botnet “ORB” network – a tactic used by advanced threat actors to route traffic through IoT devices. Researchers warn this well-resourced operation likely points to a nation-state prepping for large-scale attacks. (🔗 source)

Utility Customer Data Leaked: After Nova Scotia Power refused to pay ransom, criminals dumped data on ~280,000 customers on the dark web. Exposed info includes names, contacts, service and billing records, and even bank account details for autopay users. The attack began in March but was confirmed as ransomware on May 23. No known gang has claimed credit yet, but the leak is out there. (🔗 source)
Coca-Cola Gets Fizzy on Leak Sites: The Everest ransomware gang listed Coca-Cola on its leak site and dumped data when the company ignored a $ ransom demand. Hackers claim to have swiped personal details on 959 Coca-Cola employees (mostly in its Middle East division), including scans of IDs and records. Coca-Cola refused to negotiate, so Everest followed through on its dark web threat. (🔗 source)

Fortinet Zero‑Day (CVE-2025-32756): A critical 9.6/10 RCE in Fortinet products (FortiVoice VOIP systems, plus FortiMail, FortiNDR, etc.) was exploited in the wild as a 0-day. Attackers used this stack overflow bug to hijack devices – even wiping logs and scraping credentials on compromised systems. Fortinet rushed out patches on May 13; admins should update immediately to slam this door shut. (🔗 source)
Chrome Under Attack (CVE-2025-5419): Google pushed an emergency Chrome update after this V8 engine flaw was found actively exploited. The high-severity bug (out-of-bounds read/write in the JS engine) is the third Chrome zero-day this year. Chrome will auto-update, but go to Help → About Google Chrome to force-install version 137.0.7151.68+ now – attackers are already on it. (🔗 source)

LlamaFirewall for AI Security: Meta open-sourced LlamaFirewall, a new framework to defend large language model apps from AI-specific threats. It acts as a system-level firewall for AI agents – mitigating prompt injections, jailbreaks, “goal hijacking,” and insecure code generation. As organizations adopt AI copilots and autonomous agents, this tool adds much-needed layered defenses beyond basic content filters. (🔗 source)
Hanko Passwordless Auth: Check out Hanko, an open-source authentication solution built for the passkey era. Hanko lets developers implement passwordless login (FIDO2/WebAuthn) alongside classic methods (email/pass, MFA, SSO) with a simple API and SDK. It’s AGPL-licensed with a hosted option, aiming to modernize auth flows and ease the transition away from passwords for users and orgs. (🔗 source)

Cartier Breach – Limited Data: Luxury brand Cartier notified customers of a breach after hackers briefly accessed its systems. Exposed info was limited to names, emails, and country of residence – no payment data. Cartier contained the intrusion and is working with police, but warns clients to watch out for phishing attempts. (🔗 source)
Victoria’s Secret Offline: The lingerie retailer Victoria’s Secret took down its website and some services last week due to an ongoing “security incident.” With ~1,380 stores globally, the company is investigating the cause. Notably, this comes on the heels of recent data breaches at Dior and Adidas – suggesting fashion brands are on high alert. (🔗 source)
MATLAB Outage = Ransomware: MathWorks, maker of MATLAB software, confirmed a ransomware attack caused its week-long cloud service outage. Millions of engineers and students were impacted as license servers and online features went down. MathWorks has restored most systems and says no customer code was compromised. The incident underscores that even niche tech companies aren’t immune from cyber disruption. (🔗 source)

Audit Your App Permissions: Take a minute to review what data your mobile apps can access. Does that game really need your location or contact list? Probably not. Regularly prune app permissions in your phone settings – limit access to only what’s necessary. It’s a simple way to reduce oversharing your personal info (and you might be surprised at what some apps have been quietly tracking). (🔗 source)

– The Darkwire Weekly Team
darkwireweekly.com

or to participate.