Cyber intrusions and data compromises are causing chaos among establishments and users globally.
From ransomware and distributed denial-of-service (DDoS) assaults to unintended and third-party data revelations, enterprises confront continuous, intricate cyber peril.
Presented here is a summary of notable cyber strikes and data violations that garnered attention this month.
Highlights:
Oracle Cloud breached, 6 million records compromised
A significant breach on Oracle Cloud was discovered by security provider CloudSEK, where 6 million records were illegally accessed using a potentially undisclosed vulnerability. More than 140,000 tenants were affected as the attacker demanded ransom and marketed sensitive data online. The breached data includes JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys.
CloudSEK stated, “Though the threat actor is not known previously, their tactics show advanced complexity. CloudSEK evaluates this threat with moderate confidence and rates it as High in seriousness.” CloudSEK elaborated.
Android users targeted via Telegram by fake banking app
An advanced malware dropper was detected impersonating the IndusInd Bank app to deceive Android users in a phishing plot to steal sensitive financial details. Through a counterfeit banking interface, the malicious app tricks users into providing information like PAN and Aadhaar numbers along with banking credentials.
After collecting the data, it was transmitted to both a phishing server and a Telegram-controlled command and control (C2) channel.
Ukrainian railway system disrupted by cyber assault
A “wide-reaching” cyber strike on Ukraine’s railway network caused disruptions to online services. Ukrzaliznytsia, the nation’s state-owned railway entity, described the attack as “highly organized, complex, and multifaceted.” It led to the shutdown of its online platform, temporarily halting the online ticket sales, yet train operations were unaffected.
“The primary aim of the adversary was unsuccessful: train operations remain unaffected, running as scheduled without interruptions, and all operational processes have shifted to backup mode,” as stated in the latest update from Ukrzaliznytsia. “The railway’s functionality persists despite physical assaults on the infrastructure, and even the most cunning cyber attacks cannot hinder it. As Ukrzaliznytsia has been a target of prior cyber offensives, redundant protocols have been implemented within the organization.”
Trusted sites manipulated for deceitful redirects
Another plot uncovered by ANY.RUN showcased attackers exploiting redirect features on well-established, trustworthy domains to divert users to fraudulent pages. By exploiting weak redirect verification, threat actors transformed seemingly secure URLs into a platform for malicious sites. Due to users presuming they were still on legitimate sites, or transitioning between them, they were more susceptible to falling for the deception.
GitHub Action affected by supply chain violation
A supply chain infiltration affected the widely-used tj-actions/changed-files GitHub Action, impacting over 23,000 repositories. Attackers retroactively altered various version tags to link to a malicious commit, exposing CI/CD secrets in workflow logs. The vulnerability was prevalent between March 14 and March 15, 2025, and has now been resolved.
The intrusion involved modifying the tj-actions/changed-files GitHub Action to execute a malevolent Python script. This script extracted secrets from the Runner Worker process memory and displayed them in GitHub Actions logs, making them publicly accessible in repositories with open workflow logs.
“This CVE affects public GitHub repositories with GitHub Actions enabled. All versions were impacted,” mentioned Dimitri Stiliadis, CTO and co-founder of Endor Labs. “Organizations involved in software development will likely need to reconfigure their pipelines if they were utilizing the compromised Action.”
Confidential New South Wales court files exposed
Approximately 9,000 court documents, including sensitive records like apprehended violence orders and sworn statements, were leaked in a data breach of New South Wales (NSW) court system’s online database. Authorities were notified about the breach at the NSW Online Registry Website with cyber crime investigators from the NSW State Crime Command launching a probe involving the state’s Department of Communities and Justice (DCJ).
The leaked documents might contain names and addresses of victims and offenders, along with descriptions of alleged offenses, as reported.
NSW Attorney-General Michael Daley assured that the department and police were treating the incident seriously and are striving to preserve the system’s integrity post the significant breach. “Efforts are also underway to promptly identify and contact impacted users, with public updates to be provided as more details surface,” he added.
About Author
