SecureFact – Cyber Security News – Week of April 07, 2025

Oracle has acknowledged a breach of a “legacy environment” from 2017, where attackers stole old client credentials.
The attackers, known as rose87168, have shared data, including recent records, on a hacking forum.
Cybersecurity firm CybelAngel reported the breach, which occurred in January 2025, with data exfiltration from the Oracle Identity Manager (IDM) database detected in late February.
Oracle initially denied the breach, stating it didn’t impact Oracle Cloud, but later clarified it affected an older platform, Oracle Cloud Classic. Additionally, Oracle notified customers of a breach at Oracle Health, where patient data was stolen, and hospitals are now being extorted.

AI tools that transform photos into Studio Ghibli-style art have raised privacy concerns. Experts warn that sharing photos with these tools can lead to unforeseen privacy breaches and data misuse because the terms of service are often vague.
Photos contain hidden metadata like location coordinates, timestamps, and device details, which can reveal personal information.
There are vulnerabilities like model inversion attacks, where original pictures may be reconstructed from Ghibli images, and uploaded images can be repurposed for unintended uses like training AI models for surveillance or advertising.
Experts recommend caution when sharing personal photos with AI apps and suggest using specialized tools to strip hidden metadata from photos before uploading them.

Europcar Mobility Group experienced a GitLab breach in late March, resulting in the theft of source code for Android and iOS applications, along with personal information from up to 200,000 customers.
The stolen data includes names and email addresses of Goldcar and Ubeeqo users, with some data from 2017 and 2020 potentially exposed.
The threat actor attempted to extort Europcar by threatening to release 37GB of data, including SQL backups and details about the company’s cloud infrastructure.
Europcar is currently notifying affected customers and has informed the data protection authority.

The State Bar of Texas is warning its members of a data breach that occurred between January 28 and February 9, 2025, and was discovered on February 12.
The INC ransomware group claimed responsibility for the attack and has leaked samples of allegedly stolen files, including legal case documents.
The organization is offering affected members free credit and identity theft monitoring through Experian and recommends activating a credit freeze or placing a fraud alert on their credit files.

The Port of Seattle is notifying around 90,000 people of a data breach after a ransomware attack in August 2024.
The attack, executed by the Rhysida ransomware group, disrupted several services and systems. Stolen data includes names, dates of birth, Social Security numbers, driver’s license numbers, and some medical information of employees, contractors, and parking customers.
The Port refused to pay the ransom, and has stated that the attack did not affect airport or maritime travel safety, airline or cruise partners’ systems, or federal partners’ systems.

Royal Mail is investigating a potential data breach stemming from a cyberattack on Spectos GmbH, a third-party data collection and analytics service provider.
Threat actors claim to have leaked over 144GB of data allegedly stolen from Royal Mail systems.
Spectos confirmed the breach, saying that unauthorized access to systems and personal customer data occurred on March 29, 2025.
The leaked data reportedly includes Royal Mail customers’ PII and confidential documents.
Cybersecurity firm Hudson Rock says the attackers gained access using stolen credentials from a Spectos employee compromised in a 2021 malware incident. Royal Mail says that operations remain unaffected.