Government CVE funding set to end, 4chan down following an alleged hack, China accuses US of launching advanced cyberattacks - Cybersecurity Headlines

Summary8 min read

Cyber Security Headlines – Episode Summary
Hosted by CISO Series
Release Date: April 16, 2025

In this episode of Cyber Security Headlines, hosted by Sarah Lane from the CISO Series, a comprehensive overview of the most pressing cybersecurity news from April 16, 2025, is presented. The episode delves into critical developments affecting government cybersecurity funding, major data breaches, sophisticated cyberattacks by state actors, and emerging threats in the digital landscape. Below is a detailed summary of the key topics discussed:

1. Government CVE Funding Set to End

Overview:
The episode opens with alarming news about the termination of funding for the Common Vulnerabilities and Exposures (CVE) program. Mitre, the organization managing CVE, confirmed to Reuters that their contract funding expires on April 16, the very day of the episode's release.

Key Points:

Mitre's Confirmation: Mitre announced that the expiration of their contract necessitates urgent measures to mitigate the impact and maintain the CVE services critical to global cybersecurity stakeholders.
Lack of Comments from Authorities: Reuters reported that neither the Cybersecurity and Infrastructure Security Agency (CISA) nor Mitre provided reasons for the lapse in funding.

Notable Quote:
Sarah Lane highlights the urgency of the situation: “SISA confirmed the status of the contract, saying that we are urgently working to mitigate impact and to maintain CVE services on which global stakeholders rely” [01:15].

Implications:
The cessation of CVE funding poses significant risks to the identification and management of security vulnerabilities across various sectors. The CVE database is a fundamental resource for organizations worldwide to track and address potential security threats.

2. 4chan Down Following an Alleged Hack

Overview:
The infamous internet forum, 4chan, experienced a major disruption as it went offline due to an alleged cyberattack. The attack resulted in unauthorized server access, leading to the leakage of the site's source code and the doxxing of moderators and registered users.

Key Points:

Details of the Attack: Attackers accessed servers, leaked sensitive information including emails with educational (.edu) and government (.gov) addresses, raising severe privacy concerns.
Exposed Security Flaws: The breach has shed light on longstanding security vulnerabilities within 4chan's infrastructure, prompting discussions on the need for enhanced security measures.

Notable Quote:
Sarah Lane emphasizes the severity: “Many of the leaked emails included Edu and Gov addresses, raising concerns about user privacy” [02:30].

Implications:
The incident underscores the persistent threats faced by online communities and the critical need for robust security protocols to protect user data and maintain platform integrity.

3. China Accuses US of Launching Advanced Cyberattacks

Overview:
Tensions escalate as China publicly accuses the United States of conducting sophisticated cyberattacks against its infrastructure. The allegations specifically name three alleged NSA agents responsible for the attacks.

Key Points:

Targeted Events and Entities: The cyberattacks reportedly took place during the Asian Games in Harbin in February, targeting Games-related systems, critical services in Heilongjiang Province, and the tech giant Huawei.
China's Response: China alleges that these cyber operations caused significant harm and demands that the US cease such activities.

Notable Quote:
Sarah Lane reports on the diplomatic fallout: “China claims the attacks caused serious harm and continues to demand that the US stop such operations” [03:45].

Implications:
This accusation marks a significant escalation in US-China cyber relations, potentially leading to increased cyber warfare and retaliatory measures between the two superpowers.

4. Midnight Blizzard Deploys New Grape Loader Malware in Embassy Phishing

Overview:
The Russian state-backed hacking group known as Midnight Blizzard, also referred to as APT 29 or Cozy Bear, has launched a new phishing campaign targeting European embassies. The campaign utilizes a sophisticated malware loader named Grape Loader.

Key Points:

Phishing Tactics: The malicious campaign disguises itself as invitations to wine tasting events, enticing recipients to open malicious ZIP files.
Technical Breakdown: Grape Loader employs DLL sideloading to execute malware, performing reconnaissance, and installing WineLoader—a modular backdoor for system information collection and further espionage.
Evasion Techniques: The malware is heavily obfuscated and operates entirely in memory, making detection and analysis extremely challenging.

Notable Quote:
Sarah Lane explains the technical sophistication: “Grape Loader performs reconnaissance and installs WineLoader, a modular backdoor that collects system information and helps with further espionage” [04:50].

Implications:
The deployment of Grape Loader highlights the evolving tactics of state-sponsored hacking groups, emphasizing the need for advanced detection mechanisms to counter such stealthy and effective malware.

5. Hertz Confirms Data Breach Affecting Customers

Overview:
Hertz, along with its brands Thrifty and Dollar, has confirmed a significant data breach compromising customer information. The breach originated from zero-day vulnerabilities in Clio’s file transfer platform, exploited by the Clop ransomware gang.

Key Points:

Data Compromised: Stolen information includes names, contact details, driver's licenses, credit card information, and potentially Social Security numbers and government IDs.
Current Status: Although no misuse of the data has been reported yet, the leaked information has surfaced on Clop’s extortion site.
Mitigation Efforts: Hertz is offering affected individuals two years of free identity monitoring to address the potential fallout from the breach.

Notable Quote:
Sarah Lane outlines the breach: “Stolen data may include names, contact details, driver's licenses and credit card information, and in some situations Social Security numbers and government IDs” [05:45].

Implications:
The breach at Hertz underscores the vulnerabilities present in third-party platforms and the cascading effects such incidents can have on large customer bases, emphasizing the importance of robust cybersecurity practices and swift incident response.

6. Major Banks Limit Information Sharing Following OCC Breach

Overview:
Following a significant cyber breach of the Treasury Department's Office of the Comptroller of the Currency (OCC) email system, several major US banks have restricted their information-sharing activities with the OCC.

Key Points:

Affected Institutions: Notable banks such as JPMorgan Chase and Bank of New York Mellon have halted electronic information exchanges with the OCC.
Reason for Caution: These banks cited concerns over potential security risks that could threaten their own networks, leading to a precautionary halt in information sharing.

Notable Quote:
Sarah Lane reports the banks’ defensive stance: “JPMorgan Chase and Bank of New York Mellon have halted electronic information exchanges with the OCC due to concerns about potential security risks to their own networks” [06:30].

Implications:
The decision by major financial institutions to limit information sharing reflects heightened fears surrounding the security of governmental email systems and the broader impact of such breaches on inter-agency and private sector collaborations.

7. Chinese Espionage Group Leans on Open Source Tools to Mask Intrusions

Overview:
Researchers at SYSDIG have identified a shift in tactics by the Chinese espionage group UNC5174, which is now leveraging open-source tools to conceal their cyber intrusions.

Key Points:

Use of Open-Source Tools: The group utilizes tools like vShell and WebSockets to communicate with command and control (C2) infrastructure and conduct post-exploitation activities.
Strategic Shift: This move away from custom-built malware to widely available open-source solutions signifies an adaptation to evade traditional detection methods.
Target Focus: UNC5174 continues to target Western governments, technology companies, and research institutions, maintaining its focus on high-value entities.

Notable Quote:
Sarah Lane highlights the strategic change: “This marks a new approach for UNC5174, which has historically relied on bespoke malware for attacks targeting Western governments, technology companies and research institutions” [07:00].

Implications:
The adoption of open-source tools by sophisticated espionage groups like UNC5174 indicates a trend towards more adaptable and less detectable cyberattack methods, necessitating enhanced monitoring and defense strategies.

8. Bot Traffic Overtakes Human Activity as Threat Actors Turn to AI

Overview:
A significant shift in web traffic dynamics has been observed, with automated bot traffic now surpassing human activity for the first time in a decade. This surge is primarily driven by the integration of artificial intelligence (AI) and large language models (LLMs) into malicious operations.

Key Points:

Statistics: According to Tails 2025 Imperva Bad Bot Report, bot traffic constitutes 51% of web activity.
Leading Threats: The Byte Spider bot leads AI-powered attacks, particularly targeting sectors such as travel, retail, financial services, and healthcare through API attacks.
Nature of Attacks: These bots engage in activities like credential stuffing, scraping, and launching API-based assaults, leveraging AI to enhance their efficiency and evasiveness.

Notable Quote:
Sarah Lane discusses the trend: “Bot traffic now makes up 51% of web activity, surpassing human traffic for the first time in a decade” [07:25].

Implications:
The dominance of AI-driven bot traffic presents new challenges for cybersecurity professionals, necessitating advanced detection and mitigation techniques to combat increasingly sophisticated and automated threats.

9. 23andMe Bankruptcy Draws Investigation from House Panel Over Data Concerns

Overview:
The impending bankruptcy of 23andMe has triggered an investigation by the US House Oversight Committee focusing on the privacy implications of the company's sensitive genetic data handling.

Key Points:

Privacy Risks: The investigation centers on fears that customer genetic data could be transferred to various entities, including the Chinese government, especially following a 2023 data breach affecting 6 million customers.
Potential Misuse: Concerns include the use of genetic data for purposes such as higher insurance premiums and targeted advertising.
Upcoming Testimony: Former CEO Anne Wojcicki is slated to testify at a hearing in May, shedding light on the company's data protection measures and bankruptcy proceedings.

Notable Quote:
Sarah Lane underscores the gravity of the investigation: “The Investigation follows a 2023 data breach affecting 6 million customers and raising alarms about the potential misuse of genetic data” [07:30].

Implications:
The investigation into 23andMe's handling of genetic data highlights the broader issues of data privacy, regulatory oversight, and the ethical responsibilities of companies managing sensitive personal information.

Conclusion

This episode of Cyber Security Headlines offers an in-depth analysis of significant cybersecurity events shaping the landscape in April 2025. From government funding challenges and high-profile data breaches to state-sponsored cyberattacks and the rise of AI-driven threats, the discussions underscore the evolving complexity and urgency of cybersecurity in the modern era. For listeners seeking to stay informed on the latest developments in information security, this episode provides valuable insights and comprehensive coverage of critical issues.

For more detailed stories behind these headlines, visit CISOseries.com.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series It's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Wednesday, April 16, 2025. I'm Sarah Lane. Government CVE funding set to End Today Mitre confirmed to Reuters that it's contract to fund the common vulnerabilities and exposures. The familiar CVE database expires on April 16, which is today. SISA confirmed the status of the contract, saying that we are urgently working to mitigate impact and to maintain CVE services on which global stakeholders rely. Reuters says it did not receive comment from CISA or Mitre as to why the contract lapsed. 4chan the Internet's most infamous forum, is down following an alleged attack. 4chan was down Tuesday after an apparent hack with attackers gaining server access, leaking the site's source code and doxxing moderators and registered users. Many of the leaked emails included Edu and. Gov addresses, raising concerns about user privacy. The breach has exposed what some say are long standing security flaws. China accuses the US of launching advanced cyber attacks, names alleged NSA agents China has accused three alleged USA NSA operatives of launching cyberattacks on infrastructure during the Asian Games in Harbin back in February. The alleged targets included Games Related Systems Critical Services in the Heilongjiang Province and tech giant Huawei. China claims the attacks caused serious harm and continues to demand that the US stop such operations. Midnight Blizzard deploys new Grape Loader malware in embassy phishing Russian state backed hacking group Midnight Blizzard, also Apt 29 or Cozy Bear, is behind a new phishing campaign targeting European embassies using a stealthy malware loader named Grape Loader. Disguised as an invite to a wine tasting event. The attack uses malicious zip files that execute the malware via DLL sideloading. Grape Loader performs Reconnaissance and installs WineLoader, a modular backdoor that collects system information and helps with further espionage. The malware is heavily obfuscated and runs entirely in memory, making it hard to detect and analyze. Hertz confirms customer info, driver's licenses, stolen and data breach Hertz has confirmed a data breach affecting customers of its Hertz, Thrifty and Dollar brands stemming from zero day vulnerabilities in Clio's file transfer platform exploited by the Clop ransomware gang. Stolen data may include names, contact details, driver's licenses and credit card information, and in some situations Social Security numbers and government IDs, though no misuse has been reported yet. Leaked data has appeared on Clops extortion site and Hertz is offering affected individuals two years of free identity monitoring. Huge thanks to our sponsor Vanta. Do you know the status of your compliance controls right now? Right this second? Right this second we know that real time visibility is critical for our security, but when it comes to our GRC programs, we rely on point in time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collections across over 35 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and help you get security questionnaires done five times faster with AI. Now that's a new way to GR. Get started at Vanta.com headlines Major Banks Limit information sharing following breach of Treasury Departments OCC Following a major cyber breach of the Treasury Department's Office of the Comptroller of the Currency, or OCC email System, several major US banks are limiting information sharing with the agency. JPMorgan Chase and Bank of New York Mellon have halted electronic information exchanges with the OCC due to concerns about potential security risks to their own networks. Chinese Espionage Group leans on open source tools to mask intrusions In a new campaign observed by researchers at SYSDIG, Chinese espionage group, UNC5174 has been using open source tools like v, Shell and WebSockets to mask its presence in recent campaigns. Researchers note that the group's use of these tools communicate with command and control infrastructure and perform post exploitation tasks which point to a shift away from custom built malware. This marks a new approach for UNC5174, which has historically relied on bespoke malware for attacks targeting Western governments, technology companies and research institutions. Bot traffic Overtakes Human activity as threat actors turn to AI automated bot traffic now makes up 51% of web activity, surpassing human traffic for the first time in a decade. This is according to Tails 2025 Imperva Bad Bot Robot, which includes a surge in malicious bot traffic driven by AI and large language models, with Byte Spider bot leading AI powered attacks. Sectors like travel and retail saw high levels of bad bot activity, with API attacks being the most common, targeting industries like financial services and health care. 23andMe bankruptcy draws investigation from House Panel over Data concerns the US House Oversight Committee is investigating the privacy risks surrounding 23andMe's bankruptcy, particularly concerns about the potential transfer of customers sensitive genetic data to various entities, including the Chinese government. The Investigation follows a 2023 data breach affecting 6 million customers and raising alarms about the potential misuse of genetic data for purposes like higher insurance premiums and targeted advertising. Former CEO Anne Wojcicki has been asked to testify at a hearing in May. Remember to check out our new episode of Security youy Should Know. We just posted an episode with Promiso Security learning about what they're doing to help defend against compromise credentials. If you want a 15 minute deep dive into their solution, look for Security youy Should Know wherever you get your podcasts. I'm Sarah Lane reporting for the CISO series. Thank you so much for listening.
[07:34]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.

Cyber Security Headlines – Episode Summary
Hosted by CISO Series
Release Date: April 16, 2025

1. Government CVE Funding Set to End

Key Points:

Mitre's Confirmation: Mitre announced that the expiration of their contract necessitates urgent measures to mitigate the impact and maintain the CVE services critical to global cybersecurity stakeholders.
Lack of Comments from Authorities: Reuters reported that neither the Cybersecurity and Infrastructure Security Agency (CISA) nor Mitre provided reasons for the lapse in funding.

2. 4chan Down Following an Alleged Hack

Key Points:

Details of the Attack: Attackers accessed servers, leaked sensitive information including emails with educational (.edu) and government (.gov) addresses, raising severe privacy concerns.
Exposed Security Flaws: The breach has shed light on longstanding security vulnerabilities within 4chan's infrastructure, prompting discussions on the need for enhanced security measures.

Notable Quote:
Sarah Lane emphasizes the severity: “Many of the leaked emails included Edu and Gov addresses, raising concerns about user privacy” [02:30].

Implications:
The incident underscores the persistent threats faced by online communities and the critical need for robust security protocols to protect user data and maintain platform integrity.

3. China Accuses US of Launching Advanced Cyberattacks

Key Points:

Targeted Events and Entities: The cyberattacks reportedly took place during the Asian Games in Harbin in February, targeting Games-related systems, critical services in Heilongjiang Province, and the tech giant Huawei.
China's Response: China alleges that these cyber operations caused significant harm and demands that the US cease such activities.

Notable Quote:
Sarah Lane reports on the diplomatic fallout: “China claims the attacks caused serious harm and continues to demand that the US stop such operations” [03:45].

Implications:
This accusation marks a significant escalation in US-China cyber relations, potentially leading to increased cyber warfare and retaliatory measures between the two superpowers.

4. Midnight Blizzard Deploys New Grape Loader Malware in Embassy Phishing

Key Points:

Phishing Tactics: The malicious campaign disguises itself as invitations to wine tasting events, enticing recipients to open malicious ZIP files.
Technical Breakdown: Grape Loader employs DLL sideloading to execute malware, performing reconnaissance, and installing WineLoader—a modular backdoor for system information collection and further espionage.
Evasion Techniques: The malware is heavily obfuscated and operates entirely in memory, making detection and analysis extremely challenging.

5. Hertz Confirms Data Breach Affecting Customers

Key Points:

Data Compromised: Stolen information includes names, contact details, driver's licenses, credit card information, and potentially Social Security numbers and government IDs.
Current Status: Although no misuse of the data has been reported yet, the leaked information has surfaced on Clop’s extortion site.
Mitigation Efforts: Hertz is offering affected individuals two years of free identity monitoring to address the potential fallout from the breach.

6. Major Banks Limit Information Sharing Following OCC Breach

Key Points:

Affected Institutions: Notable banks such as JPMorgan Chase and Bank of New York Mellon have halted electronic information exchanges with the OCC.
Reason for Caution: These banks cited concerns over potential security risks that could threaten their own networks, leading to a precautionary halt in information sharing.

7. Chinese Espionage Group Leans on Open Source Tools to Mask Intrusions

Overview:
Researchers at SYSDIG have identified a shift in tactics by the Chinese espionage group UNC5174, which is now leveraging open-source tools to conceal their cyber intrusions.

Key Points:

Use of Open-Source Tools: The group utilizes tools like vShell and WebSockets to communicate with command and control (C2) infrastructure and conduct post-exploitation activities.
Strategic Shift: This move away from custom-built malware to widely available open-source solutions signifies an adaptation to evade traditional detection methods.
Target Focus: UNC5174 continues to target Western governments, technology companies, and research institutions, maintaining its focus on high-value entities.

8. Bot Traffic Overtakes Human Activity as Threat Actors Turn to AI

Key Points:

Statistics: According to Tails 2025 Imperva Bad Bot Report, bot traffic constitutes 51% of web activity.
Leading Threats: The Byte Spider bot leads AI-powered attacks, particularly targeting sectors such as travel, retail, financial services, and healthcare through API attacks.
Nature of Attacks: These bots engage in activities like credential stuffing, scraping, and launching API-based assaults, leveraging AI to enhance their efficiency and evasiveness.

Notable Quote:
Sarah Lane discusses the trend: “Bot traffic now makes up 51% of web activity, surpassing human traffic for the first time in a decade” [07:25].

9. 23andMe Bankruptcy Draws Investigation from House Panel Over Data Concerns

Key Points:

Privacy Risks: The investigation centers on fears that customer genetic data could be transferred to various entities, including the Chinese government, especially following a 2023 data breach affecting 6 million customers.
Potential Misuse: Concerns include the use of genetic data for purposes such as higher insurance premiums and targeted advertising.
Upcoming Testimony: Former CEO Anne Wojcicki is slated to testify at a hearing in May, shedding light on the company's data protection measures and bankruptcy proceedings.

Conclusion

For more detailed stories behind these headlines, visit CISOseries.com.