Five for Friday - 18 April 2025
Sherpa Intelligence: Your Guide Up a Mountain of Information!
Check out these five Information Security and Data Privacy news items from this past week that may have been overlooked.
Monday, April 14 - Friday, April 18, 2025
AI hallucinations lead to a new cyber threat: Slopsquatting
(CSO Online, 14 April 2025)
- Slopsquatting, as researchers are calling it, is a term first coined by Seth Larson, a security developer-in-residence at Python Software Foundation (PSF), for its resemblance to the typosquatting technique. Instead of relying on a user’s mistake, as in typosquats, threat actors rely on an AI model’s mistake. Threat actors can register hallucinated packages and distribute malicious codes using them.Hertz says personal data breached in connection with Cleo file-transfer flaws
(Cybersecurity Dive, 15 April 2025)
- Threat actor gained access to sensitive personal data in a breach linked to vulnerabilities in Cleo file-transfer software.
- Unauthorized third party obtained the data in connection with an attack spree that took place between October and December 2024.Poland Says Russian Cyberattacks Intensify Ahead of Vote
(The Defense Post, 16 April 2025)
- Poland’s ministry of digital affairs reported growing number of Russian cyberattacks, one month ahead of the country’s presidential election.
- Russian military intelligence was “trying to recruit agents of influence at all costs,” paying them between “3,000 and 4,000 euros ($3,300 to $4,500) for 10 days’ work, to spread disinformation.”U.S. issues warning over new Zambian cyber-security law
(BBC News, 17 April 2025)
- New law that requires the interception and surveillance of all electronic communications in the country, includes calls, emails, texts and streamed content.
- Zambia's government said the law was needed to tackle online fraud and child pornography, as well as the spread of disinformation; fears that the law could be use against anyone who criticises the government, especially with elections due next year.Frauds Testing Saint Lucia’s Cyber Laws
(St. Lucia Times, 18 April 2025)
- An alarming rise in cybercrime, including fake news, online scams, and deepfake impersonations targeting the public and political leaders, becoming more frequent and sophisticated, posing significant challenges for investigation and prosecution.
- Saint Lucia relies on provisions for malicious communication and impersonation, which are harder to enforce without clear evidence.
