Data Breaches, OpenShift Flaw & China APT – 10/01/2025

Today’s security landscape is defined by several massive data breaches, with incidents at Allianz Life and WestJet impacting a combined 2.7 million people. A critical vulnerability in Red Hat’s OpenShift AI platform poses a severe risk, potentially allowing a full infrastructure takeover. Additionally, a new China-aligned APT group, Phantom Taurus, has been identified targeting government and telecom sectors, while a new Android banking trojan called Klopatra is gaining traction in Europe. Here is the critical intelligence you need to know.

Top 5 Critical Security Alerts

• Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover: A severe security flaw has been disclosed in Red Hat OpenShift AI that could allow attackers to escalate privileges and gain control of the entire infrastructure. Read more
• Allianz Life says July data breach impacts 1.5 million people: Insurance giant Allianz Life has confirmed that a cyberattack in July compromised the personal information of nearly 1.5 million individuals. Read more
• WestJet data breach exposes travel details of 1.2 million customers: Canadian airline WestJet has disclosed that a June cyberattack, attributed to the Scattered Spider group, compromised the personal data of 1.2 million customers, including passports. Read more
• China-linked hacking group Phantom Taurus targeting embassies, foreign ministries: A newly identified espionage group, Phantom Taurus, aligned with China, is actively targeting foreign ministries, embassies, and telecommunication companies across multiple continents. Read more
• New Android Banking Trojan “Klopatra” Uses Hidden VNC to Control Infected Smartphones: A new Android banking trojan named Klopatra is infecting devices across Europe, using hidden VNC capabilities to give attackers remote control and steal financial data. Read more

Threat Intelligence

• That annoying SMS phish you just got may have come from a box like this: Security researchers are highlighting the creative infrastructure used by smishing operators, including specialized hardware for sending mass phishing text messages. Read more
• Seniors targeted in global Facebook scam spreading new Android malware: A global scam campaign on Facebook is targeting senior citizens with a new strain of Android malware, originating in Australia and now seen worldwide. Read more
• Nvidia and Adobe vulnerabilities: Cisco Talos has disclosed five vulnerabilities in Nvidia products and one in Adobe Acrobat, with patches now available from the vendors. Read more

Security Breaches & Incidents

• Millions impacted by data breaches at insurance giant, auto dealership software firm: In addition to the Allianz breach, auto dealership software developer Motility suffered a ransomware attack, leading to significant data exposure. Read more
• Adobe Analytics bug leaked customer tracking data to other tenants: Adobe has warned Analytics customers of an ingestion bug that caused some organizations’ tracking data to be exposed to other tenants for approximately one day. Read more

Security Tools & Best Practices

• Forensic journey: hunting evil within AmCache: Kaspersky provides a deep dive into using the AmCache artifact for incident investigation and has released a command-line tool for data extraction. Read more

Cloud & Network Security

• Hackers Exploit Milesight Routers to Send Phishing SMS to European Users: Threat actors are abusing APIs in Milesight industrial cellular routers to send smishing messages with phishing links to users across Europe. Read more

Security Standards & Frameworks

• UK government tries again to access encrypted Apple customer data: Report: The U.K. Home Office is reportedly making a second attempt to compel Apple to provide access to users’ encrypted iCloud backups. Read more
• How To Simplify CISA’s Zero Trust Roadmap with Modern Microsegmentation: This article explores how modern, automated, and agentless microsegmentation can help organizations meet CISA’s Zero Trust foundational requirements. Read more

Emerging Security Technologies

• Google Drive for desktop gets AI-powered ransomware detection: Google is rolling out an AI-powered feature for Google Drive that automatically detects ransomware attacks and pauses file syncing to minimize damage. Read more
• Anker offered to pay Eufy camera owners to share videos for training its AI: Raising privacy concerns, Anker offered compensation to Eufy smart camera owners in exchange for their video footage to be used for training AI systems. Read more