🚨Week 25: No Fresh “16 Billion Credentials” Cyber Breach, Viasat Identified in China-Linked Salt Typhoon Hack, UBS and Pictet Hit by Data Leak, Carrefour Fined €3.2M..

🔐 Highlight: No Fresh “16 Billion Credentials” Cyber Breach — Just an Old Trove Repackaged

BleepingComputer clarifies that the so-called “16 billion‑credentials breach” isn’t a new cyber incident or a direct hack of platforms like Google, Facebook, or Apple. Instead, it's an aggregation of historical credentials—stolen via infostealer malware logs and previous breaches—compiled into a massive dataset. The media hype misrepresents it as a fresh, centralized breach. Readers are urged to focus on cyber hygiene rather than panic over a phantom event.

Key takeaways:

• Not a new breach – No recent compromise of major platforms involved.

• Likely compiled data – Aggregated from infostealer logs, leaks, and credential stuffing breaches.

• Credentials circulated for years – The data had been publicly available or in underground cybercrime channels prior to media attention.

• Risk remains real – Combined old and fresh credentials can still fuel phishing scams, account takeovers, and identity theft.

• Recommended actions:

  • Perform malware scans to remove infostealers before changing any passwords.

  • Use unique, strong passwords and a reputable password manager.

  • Always enable multi-factor authentication (MFA) or ideally, stronger passkeys.

  • Regularly monitor accounts for suspicious activity and reset sessions if breached.

💻 Malware and Vulnerabilities

Group‑IB uncovers “Declaration Trap” malware: Security firm Group‑IB revealed a new “Declaration Trap” malware that exploits document macros to stealthily extract data, raising alert levels for enterprise document security. LINK

Cisco updates security bulletin listings: Cisco refreshed its online security center with newly disclosed bulletins, offering timely guidance on multiple vulnerabilities affecting enterprise products. LINK

CISA adds vulnerability to Known Exploited Catalog: CISA added a recently exploited software vulnerability to its Known Exploited Vulnerabilities Catalog, urging federal agencies and vendors to prioritize patches. LINK

📈 Breaches and Incidents

Viasat hit in China‑linked Salt Typhoon hack: Viasat has been confirmed as a target of the China-linked Salt Typhoon cyberattack, which exploited vulnerabilities in the company’s network service. The breach may have exposed sensitive communications and satellite operations. LINK

Episource Breach Exposes Sensitive Data of 5.4 Million Patients: Healthcare SaaS provider Episource confirmed a data breach after detecting unusual system activity on February 6, 2025—revealing attackers accessed and exfiltrated patient data from January 27 to February 6. The breach compromised personally identifiable and health information—including Social Security numbers, insurance details, medical records—but no payment card data. LINK

UBS and Pictet breach via provider‑chain hack: Swiss banks UBS and Pictet reported a data leak after a cyberattack on their service provider, affecting confidential client information. Both institutions are investigating the extent of compromised data. LINK

AEPD GDPR enforcement document issued: Spain’s AEPD released decision PS‑00128‑2024, detailing penalties and remedial measures following a data privacy breach. The document outlines obligations and sanctions under the GDPR framework. LINK

Carrefour fined €3.2 M in Spain for GDPR violations: Spain’s data protection oversight body slapped Carrefour with a €3.2 million fine for GDPR noncompliance, pointing to deficient data-handling practices and inadequate user consent mechanisms. LINK

Iran’s Nobitex hit by ‘Predatory Sparrow’ hack: Iranian crypto-exchange Nobitex suffered a cybersecurity breach by a group calling itself “Predatory Sparrow,” undermining user trust and prompting an investigation into the methods and stolen assets. LINK

Paddle to pay $5 M to FTC over payment‑processing unfairness: Payment processor Paddle has agreed to a $5 million settlement with the FTC over accusations of deceptive and unfair practices facilitating unauthorized payments and insufficient consumer protection. LINK

ENISA releases 2024 EU Cybersecurity Index: ENISA published its 2024 cybersecurity index report, benchmarking EU member states on security maturity, incident response, and infrastructure resilience. LINK

🚨 Threat Intel & Info Sharing

Intel 471 profiles Tinker/Black Bastas phishing group: Intel 471 published an in-depth analysis of the Tinker/Black Bastas phishing-as-a-service operation, detailing their infrastructure, methods, and emerging targeting strategies. LINK

Cloudflare repels massive 7.3 Tbps DDoS attack: Cloudflare defended against a record-breaking 7.3 terabits-per-second DDoS attack, showcasing its evolving defensive systems and rapid mitigation strategies. LINK

“Meowsterio” weaponizes ClickOnce in 2025: Security researchers at Medium detailed “Meowsterio,” a new malware campaign leveraging ClickOnce technology to distribute payloads, highlighting persistent risks in application launchers. LINK

Argentina shakes up Russian disinformation network: Argentina disclosed it dismantled a Russian-linked disinformation operation aimed at swaying public opinion via coordinated social media campaigns ahead of elections. LINK

⚖️ Laws, Policies and Regulations

DHS warns of surge in Chinese tech firm smuggling Signal: The Department of Homeland Security flagged a spike in China-based technology firms secretly embedding the Signal encrypted messaging app into devices, raising national security and privacy concerns. LINK

Dutch military data to move into sovereign cloud: The Netherlands announced plans to relocate Defence Ministry data to a sovereign cloud infrastructure, aiming to strengthen national cybersecurity and reduce dependence on foreign providers. LINK

Roskomnadzor to intensify data control efforts: Russian internet regulator Roskomnadzor announced intentions to tighten oversight of data transfer by messaging apps and platforms, in another step toward national digital sovereignty. LINK

US forfeits $225 M in crypto linked to criminal networks: The US Justice Department filed a civil forfeiture complaint targeting $225 million in cryptocurrency tied to cross-border illicit activity, underscoring expanding regulatory scrutiny. LINK

Japan scrutinizes Chinese tech firms’ security ties: A Sankei report highlights intensified scrutiny by Japanese authorities into the security links of Chinese tech companies operating within Japan’s critical infrastructure. LINK

NIST explores AI’s impact on cyber workforce: NIST issued a blog analyzing how artificial intelligence is reshaping the cybersecurity workforce—citing both job displacement and new roles in AI-driven defense. LINK

⚖️ Cybersecurity Start Ups and VCs

UK taps university experts to shape cyber‑industry growth strategy: The UK government has launched a Cyber Security Growth Action Plan, commissioning academics from the University of Bristol and Imperial College to map national strengths and growth areas in its £13.2 billion cyber sector. With up to £16 million earmarked over four years, including £10 million for academic commercialisation and £6 million for scaling startups, findings will inform the refreshed National Cyber Strategy this summer. LINK

📊 Trends, Reports, Analysis

Zimperium warns on app virtualization risks: Zimperium’s latest report warns that mobile app virtualization tools are being misused by attackers to bypass security checks, turning legitimate sandboxing methods into a playground for threats. LINK

Huntress examines BlueNoroff’s Web3 intrusion: Huntress released a detailed investigation into BlueNoroff’s sophisticated intrusion into Web3 platforms, exposing new techniques used to target blockchain ecosystems. LINK

📅 Upcoming Events

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected] 

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.