In partnership with

Welcome to Gone Phishing, your weekly cybersecurity newsletter that’s the DOGE to cybercrime’s government spending 🤺

Patch of the Week! 🩹

First thing’s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it… 😳 

Congrats to Elastic, the cybercriminals are no match… for your patch! 🩹

Check out this freshly hatched patch 🐣

Elastic bounces back 🙃

🚨 Critical Kibana Flaw – Patch Now!

Elastic has released an urgent security update for Kibana, fixing a critical prototype pollution vulnerability (CVE-2025-25015, CVSS 9.9) that could allow arbitrary code execution. 🚨

⚡ What’s the Risk?

● Attackers can manipulate JavaScript objects, leading to remote code execution (RCE), data access, or privilege escalation.

● Exploitable via crafted file uploads & HTTP requests.

🛑 Affected Versions:

● Kibana 8.15.0 → 8.17.3 (Fixed in 8.17.3)

● In 8.15.0 to 8.17.1, only Viewer role users can exploit it.

● In 8.17.1 to 8.17.2, attackers need specific privileges (fleet-all, integrations-all, actions:execute-advanced-connectors).

🔧 Immediate Action Required!

✅ Update to Kibana 8.17.3 ASAP!

✅ If patching isn’t possible, disable Integration Assistant (xpack.integration_assistant.enabled: false in kibana.yml).

Elastic has patched similar high-severity flaws before – don’t wait! Secure your systems now! 🔒✨

Now, on to this week’s hottest cybersecurity news stories:  

• 🌊 Chinese ‘Silk Typhoon’ expands attacks to IT supply chains 🌐

• 🚀 Google launches AI conversational scam protection for Android 🤖

• 🐼 Chinese APT Lotus Panda targets governments w/ new variants 👾

Silk Typhoon bursts the banks 🌊

🚨 Silk Typhoon Targets IT Supply Chains for Cyber Espionage 🎯

The China-linked hacking group Silk Typhoon (formerly Hafnium) has shifted tactics, now targeting IT supply chains to infiltrate corporate networks. Instead of direct attacks, they compromise remote management tools, cloud apps, and IT service providers to gain broad access to victims.

🎯 Who’s at Risk?

🔹 IT service providers, MSPs, cloud management firms

🔹 Government agencies, healthcare, legal, defense, and NGOs

🔹 Energy & higher education sectors

🔍 How They Attack

⚠️ Exploiting stolen API keys & credentials for privilege escalation 🔑

⚠️ Zero-day attacks on Ivanti VPN, Palo Alto firewalls & Citrix NetScaler 🌐

⚠️ Password spraying with leaked credentials 💻

⚠️ Deploying web shells for persistence & command execution 🚪

📡 What They Steal

🔹 Email, OneDrive & SharePoint data via MSGraph API 📁

🔹 Cloud infrastructure reconnaissance & lateral movement 🔄

🔹 Sensitive corporate & government information 🕵️

🕶️ Hiding Their Tracks

Silk Typhoon operates through a "CovertNetwork" of compromised routers & appliances from Zyxel, QNAP, and Cyberoam, disguising their real location.

🔐 How to Stay Secure

✅ Apply security patches ASAP for exploited CVEs 🛠️

✅ Use multi-factor authentication (MFA) 🔑

✅ Limit access to critical cloud services & enforce network segmentation 🔄

✅ Monitor for unusual API key use & privilege escalation 🚨

Silk Typhoon’s supply chain attacks are a major cybersecurity threat—proactive defense is crucial! 🚧

Looking for unbiased, fact-based news? Join 1440 today.

Join over 4 million Americans who start their day with 1440 – your daily digest for unbiased, fact-centric news. From politics to sports, we cover it all by analyzing over 100 sources. Our concise, 5-minute read lands in your inbox each morning at no cost. Experience news without the noise; let 1440 help you make up your own mind. Sign up now and invite your friends and family to be part of the informed.

Subscribe to 1440 today.

Pays to be a Paranoid Android 🤖

🚨 Google Rolls Out AI-Powered Scam Detection for Android Users 📱

Google is launching AI-driven scam detection to help Android users avoid conversational scams and spoofed calls that impersonate trusted companies.

🔍 How It Works

✅ AI models analyze conversation patterns in real-time

✅ Detects suspicious messages & alerts users 🚨

✅ Runs entirely on-device for privacy 🔒

✅ Only applies to unknown numbers 📵

Users can dismiss, block, or report scams, with reported details shared with Google & carriers.

📞 AI Scam Detection for Calls Expands

🔹 Available on Pixel 9+ devices in the U.S.

🔹 Beep alerts notify participants when enabled 📢

🔹 Audio is processed ephemerally & not stored

🌍 Where & When?

🚀 First launching in English in the U.S., U.K., & Canada

📆 More regions to follow

🛡️ Safer Browsing with AI

Google also revealed that 1B+ Chrome users now use Enhanced Protection mode, which:

🔹 Detects phishing & scam websites 🕵️‍♂️

🔹 Flags suspicious downloads 🚫

Stay Safe!

🔹 Keep scam detection enabled

🔹 Be cautious of unknown senders & callers

🔹 Use Safe Browsing for extra protection

AI-powered tools are making scams easier to spot—but vigilance is still key! 🚧

Hackers: Lotus cause some Pandamonium 😏

🚨 Lotus Panda Targets Governments & Telecoms with Sagerunex Backdoor 🕵️

The Chinese state-backed hacking group Lotus Panda (aka Billbug, Thrip, Lotus Blossom) has been targeting government, manufacturing, telecom, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with new variants of the Sagerunex backdoor.

🎯 What’s New?

🔹 Two new "beta" versions of Sagerunex spotted

🔹 Uses Dropbox, X (Twitter), and Zimbra for stealthy C2 communications 📡

🔹 Deploys cookie stealers, proxy tools, and privilege escalation software

🚪 How They Get In

⚠️ Likely through spear-phishing & watering hole attacks 🎣

⚠️ Backdoor hides in email drafts & trash folders to evade detection 🕵️‍♂️

⚠️ Steals system data & sends commands via Zimbra webmail

🔥 How They Operate

✅ Collects system details & encrypts exfiltrated data

✅ Runs reconnaissance commands (net, tasklist, ipconfig, netstat)

✅ Uses Venom proxy to bypass internet restrictions

🔐 How to Defend Against Lotus Panda

✅ Monitor for unusual Dropbox/X/Zimbra activity 📊

✅ Restrict unauthorized use of proxy tools 🚫

✅ Educate employees on phishing threats 📧

✅ Strengthen email security & endpoint defenses 🛡️

Lotus Panda remains a persistent threat, evolving its stealth tactics to bypass security measures. Stay vigilant and proactive! 🚨

🗞️ Extra, Extra! Read all about it! 🗞️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

• 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

• 💵Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

• 📈Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think.

So long and thanks for reading all the phish!