Analyst Insight
This week in cyber, we’ve come across an intriguing article about hardware supply chain compromises. One notable case involves a threat actor selling counterfeit Android devices pre-loaded with malware designed to steal sensitive information. We predict that such hardware supply chain attacks may become more common, as they provide direct access to victims’ personal information without their knowledge and bypass any software security measures on the device. Meanwhile, Microsoft has patched 134 vulnerabilities in this month’s Patch Tuesday update. A critical vulnerability was patched in the WhatsApp client for Windows. And a rental car company experienced a data breach affecting over 200,000 customers. Read below to discover more this week in cyber.
2,600+ Android Devices Preloaded With Triada Malware in Hardware Supply Chain Compromise
Over 2,600 counterfeit Android phones have been discovered to be preloaded with Triada malware. Triada is a sophisticated remote access trojan (RAT) and is capable of stealing sensitive information, hijacking cryptocurrency wallets and sending fake messages. This malware embeds itself deep within the system, making it extremely difficult to remove without re-flashing the device’s ROM. Previously Triada has been packaged with applications published on the Google Play Store, but this discovery goes a step further with hardware supply chains being compromised to gain control over a user’s device. In a hardware supply chain attack, attackers obtain genuine devices, tamper with them, and then redistribute the compromised products to achieve their malicious objectives.
April Patch Tuesday: Microsoft Releases Fixes for 134 Vulnerabilities
Microsoft’s April 2025 Patch Tuesday has addressed 134 security vulnerabilities across its systems, including one actively exploited zero-day vulnerability. The zero-day vulnerability, identified as CVE-2025-29824 with a severity score of 7.8 (HIGH), is an elevation of privilege issue in the Windows Common Log File System Driver. This vulnerability allows attackers to escalate their permissions on compromised systems, posing significant risks to users. More information about this months patch Tuesday can be found on Microsoft MSRC.
Meta Urges WhatsApp Update to Patch Critical Vulnerability
Meta has urged Windows users to make sure that they have the latest update of WhatsApp. This comes after a recent patch has resolved the critical vulnerability CVE-2025-30401. The vulnerability allows for attackers to execute malicious code by sending files with altered file types, it is suspected to affect all versions of WhatsApp prior to the 2.2450.6 update. The vulnerability was identified by an external researcher through Meta’s Bug Bounty program. Meta has not confirmed if the vulnerability has been exploited in the wild. Meta has previously faced exploitation of its zero-day vulnerabilities and is frequently targeted by various spyware campaigns.
Rental Car Company Europcar Breached Affecting 200,000 Customers
This week, Europcar a global leader in car and van rental suffered a data breach affecting up to 200,000 customers. First reported by BleepingComputer, the hacker announced that they have “successfully breached Europcar’s systems and obtained all their GitLab repositories.” The forum post stated that the hacker obtained the source code for the Europcar and GoldCar Android/IoS applications, Cloud Infrastructure and Internal Applications including over 9000 SQL Files and over 269 .env files. In total, the hacker has more than 37GB of data, including 645,041 files and 183,476 folders. As proof, the hacker provided screenshots of the data with credentials present in the code. Europcar is currently investigating the breach, and notifying affected customers.
PipeMagic Trojan Leverages Windows Zero-Day to Deploy Ransomware
Microsoft has revealed a now-patched zero-day vulnerability in the Windows Common Log File System (CLFS), known as CVE-2025-29824. This flaw has been exploited in the wild, with indicators that suggest RansomEXX have exploited the vulnerability in order to deploy Ransomware. PipeMagic was also found to have been used. PipeMagic, which takes the form of a malicious MSBuild file, primarily exploits vulnerabilities in an effort to escalate its privileges. Once it has successfully injected itself into SYSTEM processes; threat actors are able to utilise the malware in order to deploy further malware, ransomware and engage in data exfiltration. With the vulnerability now patched; Microsoft are advising users to update their devices as soon as possible.
Go Back
Blog & News
