2025.03.18.News You Should Know

- 4 mins read

Series: News You Should Know

Privacy

Amazon kills off on-device Alexa processing for Echo owners • The Register - “We are reaching out to let you know that the Alexa feature ‘Do Not Send Voice Recordings’ that you enabled on your supported Echo device(s) will no longer be available beginning March 28, 2025,” a copy of the email sent to Echo users relayed to El Reg read.

GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging - Google Messages, iOS Messages, and Android’s default messaging apps will soon all support RCS with End-to-end-encryption (E2EE)! (Currently Google Messages and iOS users can use the protocol, while default Android messaging apps have not.)

AT&T technician Mark Klein, who exposed secret NSA spying, dies | TechCrunch - Mark Klein, Patriot, National Hero, dies at 79. Mark led the way as a whistleblower of FISA and Section 702 prior to Snowden and others by exposing the now infamous, Room 641A. Room 641A was an NSA operated optical wire tap on the back bone of California’s internet in San Francisco, disclosed in 2006. Mark would work with the Electronic Frontier Foundation to bring suit against the US Government.

Crims

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal - Further analysis has revealed that three of the packages, acloud-client, enumer-iam, and tcloud-python-test, has been listed as dependencies of a relatively popular GitHub project named accesskey_tools that has been forked 42 times and starred 519 times.

  • snapshot-photo (2,448 downloads)
  • time-check-server (316 downloads)
  • time-check-server-get (178 downloads)
  • time-server-analysis (144 downloads)
  • time-server-analyzer (74 downloads)
  • time-server-test (155 downloads)
  • time-service-checker (151 downloads)
  • aclient-sdk (120 downloads)
  • acloud-client (5,496 downloads)
  • acloud-clients (198 downloads)
  • acloud-client-uses (294 downloads)
  • alicloud-client (622 downloads)
  • alicloud-client-sdk (206 downloads)
  • amzclients-sdk (100 downloads)
  • awscloud-clients-core (206 downloads)
  • credential-python-sdk (1,155 downloads)
  • enumer-iam (1,254 downloads)
  • tclients-sdk (173 downloads)
  • tcloud-python-sdks (98 downloads)
  • tcloud-python-test (793 downloads)

Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users’ Actions - Custom CSS allows threat actors and marketing pros to track users more efficiently

Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk - Several Linux distros are effected

  • AlmaLinux
  • Alpine Linux
  • Amazon Linux 2
  • Debian stable / Devuan
  • RHEL / CentOS Stream / Alma Linux / etc. 8 and 9
  • GNU Guix
  • Mageia
  • OpenMandriva
  • openSUSE Leap
  • Slackware, and
  • Ubuntu 22.04 “FreeType versions larger than 2.13.0 are no longer affected,” Lemberg said.

US Pol

This is the FBI. China’s Volt Typhoon is on your network • The Register - Longform article about what happens when FBI/Homeland comes knocking.

Filing: DOGE broke Treasury policy with unencrypted email • The Register - The latest filing [PDF] contains sworn testimony of David Ambrose, the chief security and privacy officer at the BFS, who told the court that then-DOGE operative Marko Elez violated Treasury rules by sending the unencrypted database including personally identifiable information and by not obtaining prior approval for the transmission. Elez, who had been granted access to BFS systems and equipment in January and early February, resigned soon after when evidence emerged linking him to a Twitter account that had pushed for hate against Indian people, advocated for a “eugenic immigration policy,” and boasted: “I was racist before it was cool.”

FCC stands up Council on National Security to fight China • The Register - The Council has three goals:

  1. Reduce the American technology and telecommunications sectors’ trade and supply chain dependencies on foreign adversaries;
  2. Mitigate America’s vulnerabilities to cyberattacks, espionage, and surveillance by foreign adversaries;
  3. Ensure the U.S. wins the strategic competition with China over critical technologies, such as 5G and 6G, AI, satellites and space, quantum computing, robotics and autonomous systems, and the Internet of Things.

CISA: We didn’t fire red teams, just unhired some of them • The Register - CISA fires over 80 red teamers and cuts ISAC (Information Sharing and Analysis Centers), including those on Election Security and the Multi-state ISAC.

Patches

‘Dead simple’ RCE exploit in Apache Tomcat under attack • The Register - PUT a file, then GET the file, now you have Remote Code Execution on the box. Patch now

Breaches

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories - tjactions/changed-files GitHub action breached, pointed to malicious commit, and used to record GitHub Runner keys and tokens to logs in b64 format. Hackers then manually scraped build logs. Projects using tjactions/changed-files prior to March 14th were likely effected.

Ransomware

Medusa ransomware infects 300+, uses ’triple extortion’ • The Register - One ransom to decrypt everything, one ransom to not release everything, and one ransom (by an unrelated group) because the “negotiator stole the payment”. Medusa is one of the most prolific current Initial Access Brokers and Ransomware-as-a-Service operators, with over 300 known victims in 2025 so far.

CISA: Medusa ransomware hit over 300 critical infrastructure orgs - CISA provides additional details in cooperation with the FBI, and the now-defunct MS-ISAC (see DOGE story above)

I’m an experienced home cook, security engineer, people leader, and dedicated father and husband. I can be found on Mastodon at @IAintShootinMis@DigitalDarkAge.cc and on Signal at DigitalDarkAge.98. An RSS Feed of this blog is available here and a copy of my current OPML file is here.

This is a post in the News You Should Know series.
Other posts in this series: