This week, ISMG has compiled various significant cybersecurity incidents and breaches from around the globe. Notable events include the exposure of sensitive data by Chinese AI firm DeepSeek, exploitation of unpatched vulnerabilities in Zyxel devices by hackers, intrusions involving infostealer malware targeting Mexican government systems, a cyberattack against the Smiths Group, PowerSchool’s issuance of breach notifications, Apple’s patching of a critical zero-day vulnerability, exploitation of the XWorm Remote Access Trojan (RAT), and Credit Control Corporation’s settlement regarding a 2023 data breach.
DeepSeek Exposes Sensitive Database Online
Chinese artificial intelligence company DeepSeek has revealed a significant security lapse, allowing unauthorized access to a real-time data processing database. This exposure has put a considerable amount of sensitive information at risk, including chat histories, backend data, log streams, and API secrets.
According to research conducted by Wiz, security experts discovered DeepSeek’s ClickHouse database configured without any authentication, enabling them to run SQL queries directly against it. The findings indicate that a vast array of company data was stored in plaintext, thereby facilitating potential privilege escalation without any defenses in place. Wiz promptly alerted DeepSeek, which has since secured the vulnerable database.
DeepSeek gained notoriety following the launch of its R1 model in January, which notably required fewer chips than those used by other leading tech firms. The company’s ascent has generated scrutiny, with allegations surfacing that it may have utilized an OpenAI model to power its systems, raising questions about its competitive practices.
Unpatched Zyxel Vulnerabilities Targeted by Cybercriminals
Meanwhile, cybercriminals are capitalizing on a critical command injection vulnerability in Zyxel’s CPE Series devices, which remain unpatched since a vulnerability announcement in July. This flaw, identified as CVE-2024-40891, permits unauthenticated attackers to execute arbitrary commands through the “supervisor” or “zyuser” service accounts.
VulnCheck had initially reported this vulnerability last year, and security research firm GreyNoise has indicated ongoing active exploitation attempts from various IP addresses. The vulnerability mirrors another flaw, CVE-2024-40890, but utilizes the telnet protocol for exploitation instead of HTTP.
Research from Censys indicated that over 1,500 Zyxel devices, particularly in countries like the Philippines, Turkey, the UK, France, and Italy, are still exposed online. As of now, Zyxel has not issued a security advisory or patch. System administrators are advised to implement IP blocking, monitor anomalous telnet traffic, and limit access to management interfaces as preventive measures.
Mexican Government Systems Breached by Infostealer Malware
In a significant breach, over 570 computers linked to Mexico’s government domain, gob.mx, have been compromised by infostealer malware, jeopardizing sensitive governmental data and credentials.
Mexican cybersecurity firm Silikn has reported that the malware deployed includes various strains such as RedLine Stealer, Raccoon Stealer, FormBook, and Lumma Stealer, which have been actively harvesting passwords and system data from infected devices.
Investigations by the Mexican newspaper Publimetro have revealed that approximately 2,000 government agency credentials, including those from prosecutor’s offices, were discovered on platforms like BreachForums, highlighting the scale and severity of this intrusion.
Smiths Group Experiences Cyber Incident and Network Access Breach
British engineering firm Smiths Group has recently reported a cyber incident which resulted in unauthorized network access. The company noted that affected systems were quickly isolated, and business continuity plans were implemented. Following the breach’s disclosure, Smiths Group’s stock price saw a decline of over 2%, underlining the market’s reaction to the security incident.
The company has confirmed that critical business operations are remaining intact despite the breach, but the potential impact on their ongoing projects and partnerships remains an area of concern in the industry.
PowerSchool Data Breach Potentially Affects Millions
In the educational technology sector, U.S.-based PowerSchool has started notifying individuals about a data breach that compromised millions of student and teacher records across North America, dating back to December 2024.
Among the most impacted institutions is the Toronto District School Board, which faced exposure of nearly 1.5 million students’ personal data, including sensitive information such as gender, health records, and academic performance. Other districts, including the Calgary Board of Education and West Ada School District, have also confirmed breaches.
Apple Resolves Critical Zero-Day Threat
Additionally, Apple has addressed a zero-day vulnerability tracked as CVE-2025-24085 in its latest updates, which had been actively exploited prior to the release. This vulnerability, stemming from a use-after-free issue in the Core Media component, could allow malicious applications to gain elevated privileges.
The updates also mitigate various issues within AirPlay and Core Audio that might lead to application crashes or code execution. The U.S. Cybersecurity and Infrastructure Security Agency emphasized the importance of addressing this vulnerability by incorporating it into its catalog of known exploited vulnerabilities.
XWorm RAT Exploited to Target Inexperienced Users
Hackers have turned to the use of a Trojanized XWorm RAT builder to target novice users, leading to the compromise of over 18,000 devices globally. This malicious software has proliferated through file-sharing services, GitHub repositories, Telegram channels, and YouTube, enabling the theft of sensitive information, including browser credentials and platform tokens.
Equipped with advanced features for system reconnaissance and data exfiltration, the malware utilizes Telegram for command-and-control operations. While researchers at CloudSEK discovered a “kill switch” capability within the malware, full eradication has posed challenges due to device disconnections and preventative measures imposed by Telegram.
Credit Control Corporation Settles Class Action Over Data Breach
In the context of legal ramifications following data breaches, Credit Control Corporation has reached a $1.61 million settlement in a class action lawsuit related to a 2023 data breach that left personal and financial data of around 286,700 individuals exposed. The breach, occurring within a narrow timeframe in March 2023, involved unauthorized copies of sensitive client information, including Social Security numbers and banking details.
The settlement received preliminary approval from the U.S. District Court for the Eastern District of Virginia in July 2024, with final approval secured recently.
Additional Insights
The information in this article is derived from contributions by David Perera, a journalist for Information Security Media Group located in Washington, D.C.
