Cyber Briefing: 2025.01.07

👉 What’s the latest in the cyber world today?

BARWM, Stealthy Backdoor Attacks, Deep Learning, Hidden Triggers, PhishWP Plugin, Fake Payment Pages, Moxa Critical Vulnerabilities, Routers, Discord, Infostealer Campaign, Gaming, Android Vulnerabilities, Guam Critical Infrastructure, Volt Typhoon, Maine Public School Districts, Bangladesh City Bank, Sensitive Client Data, Philippine President’s Office, Stiiizy, Data Breach, Salt Typhoon, Cyber Espionage, Charter, Consolidated, Windstream, Lithuania, Cyber Command, NATO Interoperability, Wallet Drainer Malware, Cryptocurrency Losses, US Department of Defense, Tencent, UK Government, Criminalize, Sexually Explicit Deepfakes

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

🚨 Cyber Alerts

1. Advanced Backdoor Attack Targets AI Models

BARWM, a new backdoor attack method, is specifically designed to target real-world deep learning (DL) models deployed on mobile devices, addressing the limitations of traditional backdoor attack techniques. Existing methods often rely on easily detectable, sample-agnostic triggers or require changes to the model structure, which can compromise the attack’s stealth and effectiveness. In contrast, BARWM employs a DNN-based steganography technique that generates unique, sample-specific backdoor triggers that are nearly imperceptible to detection systems. This makes the attack much harder to identify, offering a more subtle and effective approach to compromising DL models.

2. PhishWP Plugin Steals Data from Users

PhishWP, a newly discovered WordPress plugin, has been used by cybercriminals to create deceptive payment pages resembling trusted services like Stripe, aimed at stealing financial data. This malicious plugin enables attackers to collect sensitive information such as credit card details, billing addresses, and…