Cyber Security Headlines – Detailed Summary

Hosted by CISO Series

Episode Title: MathWorks Confirms Ransomware Attack, Adidas Has Data Breach, Dutch Intelligence Warns of Cyberattack
Release Date: May 28, 2025

Introduction

In the latest episode of Cyber Security Headlines by the CISO Series, host Sarah Lane delves into a series of significant cybersecurity incidents impacting major organizations worldwide. From ransomware attacks on prominent software companies to data breaches in global sports brands, the episode provides an in-depth analysis of the evolving cyber threat landscape. Key discussions also highlight vulnerabilities in widely-used platforms and the strategic moves of intelligence agencies in combating state-sponsored cyber threats.

MathWorks Confirms Ransomware Attack

At the forefront of today's headlines, MathWorks, the creator of MATLAB, has confirmed suffering a ransomware attack that has severely disrupted its IT infrastructure.

"MathWorks confirmed a ransomware attack that disrupted its IT systems and multiple customer-facing applications, including MATLAB Mobile and Cloud Center" (00:07).

Despite the severity of the incident, MathWorks has not yet disclosed details regarding the perpetrators or the extent of data compromise. The company is actively collaborating with cybersecurity experts and law enforcement agencies to mitigate the impact. While some services have been restored, others remain offline, leaving users and clients in a state of uncertainty.

Adidas Warns of Data Breach After Customer Service Provider Hack

In another major development, Adidas has reported a data breach resulting from a compromised third-party customer service provider.

"Adidas disclosed a data breach after attackers accessed customer contact information via a hacked third-party customer service provider" (00:20).

The affected data includes customer contact details; however, Adidas assures that sensitive information such as payment data and passwords remain secure. The company is currently notifying affected customers and relevant authorities. The name of the compromised provider and the full scope of the breach have not been made public, raising concerns about supply chain security vulnerabilities.

Dutch Intelligence Agencies Report Russian Cyberattacks

Dutch intelligence agencies have issued a stark warning about ongoing cyber threats from a Kremlin-linked hacking group known as Laundry Bear.

"Dutch intelligence agencies say a Kremlin-linked hacking group dubbed Laundry Bear stole Dutch police data in a 2023 cyber attack and is actively targeting the EU and NATO nations supporting Ukraine" (00:37).

Laundry Bear's operations are part of a broader strategy to gather intelligence on Western military capabilities, specifically focusing on weapons production and deliveries to Kyiv. The breach has exposed sensitive work contract details for Dutch police officers. This incident aligns the Netherlands with the United States and France in attributing recent cyberattacks to Russian military-linked hackers, underscoring the geopolitical dimensions of cyber warfare.

GitHub's Model Context Protocol (MCP) Exploit

Security researchers Marco Melanta and Luca Burer Kellner have uncovered a critical vulnerability in GitHub's Model Context Protocol (MCP).

"Researchers Marco Melanta and Luca Burer Kellner discovered a prompt injection exploit in GitHub's Model Context Protocol, or MCP, that lets LLMs access and leak private repository data" (01:00).

This exploit allows hackers to manipulate Large Language Models (LLMs) to leak sensitive information from private repositories by submitting malicious issues to public repositories. The inherent design of MCP, which grants LLMs access to private data with read-write permissions and the ability to submit pull requests, exacerbates the risk of data exfiltration. Researcher Simon Willison advises users to exercise caution when utilizing MCP to prevent potential breaches.

Fake AI Video Generators Laced with Malware

Mandiant and Google Cloud have identified a sophisticated malware campaign by a Vietnam-linked group known as UNC 6032, which masquerades as providers of AI video generation tools such as Luma AI and Canva Dream Lab.

"Mandiant and Google Cloud have identified a Vietnam-linked group UNC 6032 running a large-scale malware campaign by posing as providers of AI video generation tools like Luma AI and Canva Dream Lab" (02:15).

Since mid-2024, UNC 6032 has been deploying fake advertisements and websites on platforms like Facebook and LinkedIn to lure victims. Once engaged, victims are subjected to information stealers and backdoors, primarily targeting content creators and small businesses attracted by the AI video trend. Meta's assistance in the investigation revealed thousands of fake ads linked to over 30 malicious sites. Notably, UNC 6032's operations appear to lack direct state affiliation, indicating a possible independent or financially motivated agenda.

Iranian National Pleads Guilty to Robinhood Ransomware Attacks

In a significant legal development, an Iranian national, Sina Golenajad (alias Sina Gaff), has pleaded guilty to orchestrating ransomware attacks against the Robinhood platform.

"An Iranian national, Sina Golenajad, aka Sina Gaff, pleaded guilty to deploying Robinhood ransomware between 2019 and 2024 targeting US cities, hospitals, and nonprofits" (03:30).

Golenajad's ransomware operations targeted various institutions, including Baltimore, Greenville, and Meridian Medical Group. The attack method involved the use of stolen administrative credentials, VPNs, and a vulnerable Gigabyte driver to disable antivirus software. Ransoms were demanded in Bitcoin via Tor, and the attackers escalated their tactics to include data theft as leverage. Golenajad now faces up to 30 years in prison on charges of conspiracy, computer intrusion, extortion, and money laundering.

Quantum Computing Threatens RSA Encryption

A groundbreaking study by Google researchers has unveiled vulnerabilities in RSA encryption, a cornerstone of modern cryptographic security used in banking and cryptocurrency wallets.

"Google says it's figured out how to crack RSA encryption with a Quantum computer using 20 times fewer resources than previously estimated" (04:45).

In a recently published paper, researcher Craig Gidney asserts that a 2048-bit RSA key could potentially be broken in under a week using less than a million noisy qubits. This revelation is alarming, as it suggests that current RSA-based security systems, including those securing Bitcoin transactions, may be more vulnerable to quantum attacks than previously thought. Google attributes this advancement to improvements in algorithms and error correction techniques, highlighting the urgent need for post-quantum cryptographic solutions.

CISA Leadership Departures Amidst Internal Turmoil

The Cybersecurity and Infrastructure Security Agency (CISA) is experiencing significant leadership turnover, with nearly all top leaders, including heads of five out of six operational divisions and six of ten regional offices, departing or planning to leave in May.

"Several senior officials at CISA have recently left or are planning to leave, according to the Washington Post" (05:15).

These departures occur against a backdrop of challenges under the new U.S. administration, which has included attempts to dismantle election security initiatives and the near-collapse of the Common Vulnerabilities and Exposures (CVE) program. The exodus of leadership may impact CISA's ability to effectively manage and respond to emerging cyber threats, raising concerns about the agency's stability and future direction.

Conclusion

Today's episode of Cyber Security Headlines underscores the dynamic and multifaceted nature of cybersecurity threats facing organizations globally. From ransomware attacks and data breaches to sophisticated exploits in major platforms and the looming threat of quantum computing on encryption standards, the landscape is continuously evolving. Additionally, the geopolitical dimensions of cyber warfare and internal challenges within key security agencies like CISA highlight the complex interplay between technology, policy, and international relations in the realm of information security.

For those seeking to stay informed about the latest developments in cybersecurity, CISO Series remains a vital resource, offering timely and comprehensive coverage of the issues that matter most.

Notable Quotes:

• Sarah Lane (00:07): "MathWorks confirmed a ransomware attack that disrupted its IT systems and multiple customer-facing applications, including MATLAB Mobile and Cloud Center."

• Sarah Lane (00:20): "Adidas disclosed a data breach after attackers accessed customer contact information via a hacked third-party customer service provider."

• Sarah Lane (00:37): "Laundry Bear stole Dutch police data in a 2023 cyber attack and is actively targeting the EU and NATO nations supporting Ukraine."

• Sarah Lane (01:00): "Here involves submitting a malicious issue to a public repo, tricking the LLM into exposing private repo names from a pull request."

• Sarah Lane (02:15): "UNC 6032's operations show no clear state affiliation."

• Sarah Lane (03:30): "Golenajad faces up to 30 years in prison for conspiracy, computer intrusion, extortion, and money laundering."

• Sarah Lane (04:45): "Google says it's figured out how to crack RSA encryption with a Quantum computer using 20 times fewer resources than previously estimated."

• Sarah Lane (05:15): "Several senior officials at CISA have recently left or are planning to leave, according to the Washington Post."

For more detailed stories and daily updates, visit CISOseries.com.