Risky Bulletin: Coinbase Reveals Insider Breach and Extortion Attempt

Hosted by Risky.biz | Release Date: May 16, 2025

In this edition of Risky Bulletin, hosted by Claire Aird and prepared by Catalyn Kim Panu, the Risky Business team delves into a series of significant cybersecurity incidents, regulatory changes, and emerging threats that are shaping the digital landscape as of May 16, 2025.

1. Coinbase Under Siege: Insider Breach and Extortion Attempt

Timestamp: [00:04]

Coinbase, one of the leading cryptocurrency exchanges, has recently fallen victim to a sophisticated cyber extortion scheme. As Claire Aird reports, "Cybercriminals have bribed Coinbase agents to hand over customer data," which was subsequently leveraged in various social engineering attacks. These attacks proved successful in some instances, resulting in financial losses for certain customers. In response, Coinbase has pledged to reimburse those affected.

Beyond compromising customer data, the criminals attempted to extort Coinbase directly by demanding a hefty ransom of $20 million. Demonstrating resilience and a proactive stance against such threats, Coinbase declined to comply. Instead, the company is offering the $20 million as a bounty to incentivize the identification and apprehension of the perpetrators. Claire emphasizes, "Coinbase is putting up that money as a bounty to identify the attackers," highlighting the company's commitment to safeguarding its users and maintaining trust within the cryptocurrency community.

2. Cyber Attack Halts Operations at America's Largest Steel Producer

Timestamp: [00:04]

In another alarming development, America's largest steel producer experienced a significant cyber attack that forced the cessation of production across several of its plants. Newcourt Investors, the entity overseeing the affected facilities, has concluded its investigation into the breach. Assurance has been given that operations are resuming at the impacted sites, which include 26 steel mills spread throughout the United States. This incident underscores the vulnerability of critical infrastructure to cyber threats and the potential repercussions on national industries.

3. Data Exposure at Prep Hero: Unsecured Database Compromises Student Information

Timestamp: [00:04]

The cybersecurity landscape took a concerning turn with the exposure of an internal database belonging to Prep Hero, a company dedicated to helping high school athletes secure sports scholarships. The compromised database, which was left unsecured without a password, contained sensitive information such as identity documents and internal email conversations of thousands of students. This lapse raises significant privacy concerns and highlights the importance of robust data protection measures, especially when handling personal and sensitive information of young individuals.

4. US Consumer Financial Protection Bureau Abandons Data Sale Regulations

Timestamp: [01:46]

Russell Vogt, the Acting Director of the US Consumer Financial Protection Bureau (CFPB), announced a pivotal shift in regulatory approaches. In a statement at [01:50], Vogt declared, "The proposed rules are no longer necessary or appropriate," signaling the abandonment of a plan to regulate the sale of personal information. Initially proposed in response to concerns from the US intelligence community about potential abuses by foreign actors leveraging data brokering services, the CFPB's decision reflects a strategic reevaluation of regulatory priorities in the evolving data economy.

5. Undocumented Devices Found in Chinese Solar Power Inverters

Timestamp: [02:07]

Security analysts have uncovered undocumented communication devices within Chinese-manufactured solar power inverters deployed across the US power grid. As reported by Claire Aird, these devices were not detailed in the official documentation of the inverters. Russell Vogt further elaborated at [02:07], stating, "Chinese solar power inverters deployed across the US power grid," raising alarms about potential security vulnerabilities. While it's unclear whether these devices are actively being exploited, their presence poses significant concerns regarding the integrity and security of critical energy infrastructure.

6. Tajikistan Abolishes Law Criminalizing Interaction with Extremist Content on Social Media

Timestamp: [02:30]

In a notable shift in digital policy, Tajikistan has repealed a law that previously criminalized interactions with extremist content on social media platforms. The law, enacted in 2018, allowed authorities to prosecute individuals for actions such as commenting, liking, or reposting content deemed extremist, with penalties reaching up to 15 years in prison. Over 1,500 individuals are currently serving sentences under this statute. President Imam Ali Racmon championed the abolition of the law, stating that it was being "used for groundless and unreasonable criminal cases," thereby marking a significant move towards digital freedom and reducing governmental overreach.

7. European Commission Criticizes Delayed Implementation of Cybersecurity Directive

Timestamp: [00:04]

The European Commission has expressed dissatisfaction with 19 member states that are lagging in implementing the NIST2 cybersecurity directive, adopted in 2023. This directive aims to bolster cybersecurity measures across critical sectors within the European Union. Originally, member states had until October 2024 to comply with the directive's requirements. The Commission has warned that states failing to meet their obligations within a two-month grace period post-deadline may face referrals to the EU Court of Justice, emphasizing the EU's commitment to enhancing collective cybersecurity resilience.

8. TikTok Faces Penalties for Violating the Digital Services Act

Timestamp: [00:04]

TikTok, the widely-used social media platform, has been charged by European tech regulators for violating the Digital Services Act (DSA). The platform failed to provide essential data concerning its online advertisements, which is crucial for researchers to detect scams, hybrid threat campaigns, and coordinated influence operations. As a consequence, TikTok faces potential fines amounting to up to 6% of its global annual turnover. This enforcement action underscores the EU's stringent stance on digital accountability and the protection of online ecosystems from malicious activities.

9. Europol Dismantles €3 Million Cybercrime Network

Timestamp: [00:04]

Europol has successfully dismantled a criminal network responsible for stealing over €3 million through fraudulent investment websites. In recent operations, one suspect was apprehended in Cyprus, bringing the total arrests since the initial 2022 raid to three. Furthermore, Europol has identified seven additional members of the network who remain at large. This crackdown highlights the persistent threat posed by organized cybercrime groups and the ongoing efforts by international law enforcement to combat financial cyber fraud.

10. Scattered Spider Shifts Focus to Global Retailers Amidst Law Enforcement Pressure

Timestamp: [00:04]

The notorious hacking group Scattered Spider has recalibrated its operations, shifting its focus from UK retail chains to retailers in the US, India, and other English-speaking countries. Google's security team notes that this adaptation follows arrests in early 2024, prompting the group to "lay low" and reestablish connections within the criminal underground. Additionally, Scattered Spider has retooled by aligning with at least two ransomware gangs, exploiting a recent SAP NetWeaver zero-day vulnerability to infiltrate corporate networks.

11. Exploitation of SAP NetWeaver Zero-Day by Ransomware Gangs

Timestamp: [00:04]

Two ransomware groups, Bian Lian and Ransom X, have been identified exploiting a newly discovered zero-day vulnerability in SAP NetWeaver, according to security firm Reliaquest. Initially leveraged by a Chinese Advanced Persistent Threat (APT) last month, the zero-day has since been patched by SAP at the end of April, with a second related flaw addressed this week. The exploitation of such vulnerabilities underscores the critical need for timely software updates and the constant vigilance required to protect corporate networks from evolving threats.

12. Google Patches Dangerous Zero-Day Vulnerability

Timestamp: [00:04]

Google has rolled out a security update to address a zero-day vulnerability that was actively exploited in the wild. Discovered by Solid Labs Security researcher Sevilod Kakarin, the flaw could potentially be used to leak data between websites and facilitate OAuth account takeovers. Kakarin shared a public proof of concept last month, highlighting the severity of the vulnerability. This proactive measure by Google is crucial in mitigating the risks associated with the exploited zero-day and safeguarding user data.

13. Russian Cyber Espionage Targets Ukrainian and Allied Webmail Servers

Timestamp: [00:04]

A persistent Russian cyber espionage campaign has been targeting webmail servers in Ukraine and its allies for the past two years. Exploiting cross-site scripting (XSS) vulnerabilities, the campaign initially focused on Roundcube but has since expanded to include Horde, Mdamon, and Zimbra Systems. The malicious activities involve leveraging email-delivered XSS to harvest credentials and access email content. Security firm ESET attributes this campaign to a group linked to Russia's GRU military intelligence agency, highlighting the ongoing cyber threats in geopolitical conflicts.

14. Russian Disinformation Campaign Targets European Leaders

Timestamp: [00:04]

In a sophisticated disinformation effort, a Russian unit known as Storm 1516 has orchestrated a social media campaign aimed at tarnishing the reputations of European leaders. The group disseminated AI-generated images depicting French, German, and UK leaders as drug users prior to their visits to Kyiv. These manipulated images were widely circulated on Twitter with the intent to erode public support for Ukraine and its allies. Maria Zakharova, a spokesperson for the Russian Foreign Ministry, also shared these images, amplifying the reach and impact of the disinformation campaign.

15. Surge in Fake Online Stores Exploiting US Tariffs

Timestamp: [00:04]

Amidst recent US tariff implementations, cybercriminals are capitalizing on the situation by setting up fake online stores that promise non-tariffed goods from popular brands. Security firm Forcepoint has detected a significant increase in such fraudulent stores, which often advertise substantial discounts to lure unsuspecting consumers. These fake platforms not only deceive customers but also pose substantial risks of financial loss and data breaches.

16. Enhanced Security Features in Google Chrome and Microsoft Edge

Timestamp: [00:04]

In a move to bolster browser security, Google Chrome will incorporate a feature initially developed for Microsoft Edge that prevents the browser from launching with elevated privileges. When attempted to run as an administrator, Chrome will automatically relaunch with user-level permissions unless a specific command-line argument is provided or it is initiated in automation mode. Microsoft introduced this security enhancement in Edge in 2019, and by donating the code to Google, both companies aim to strengthen defenses against privilege escalation attacks.

17. Apple Introduces Clipboard Privacy Controls in macOS

Timestamp: [00:04]

Apple is set to enhance user privacy on macOS by introducing a new feature that allows users to block applications from accessing their Clipboard. This feature, which aligns with existing capabilities in iOS since 2020, aims to prevent unauthorized access to clipboard data, thereby safeguarding sensitive information from potential exploitation by malicious apps. The clipboard privacy feature is scheduled for inclusion in macOS 16, slated for release later this year.

Conclusion

This episode of Risky Bulletin highlights the dynamic and often perilous nature of the cybersecurity environment. From high-profile breaches and sophisticated cyber espionage campaigns to regulatory shifts and proactive security enhancements, the landscape is continually evolving. Staying informed and vigilant is paramount for individuals and organizations alike to navigate and mitigate the myriad of cyber threats that persistently emerge.