Apple 0-Day Vulnerability Exploited in “Extremely Sophisticated” Attacks in the Wild

Apple 0-Day Vulnerability Exploited in “Extremely Sophisticated” Attacks in the Wild

Apple has rolled out iOS 18.3.1 and iPadOS 18.3.1, addressing a Zero-day vulnerability exploited in targeted extremely sophisticated attacks by taking advantage of disabling the USB-restricted mode.

Apple’s USB Restricted Mode is a security feature that prevents unauthorized access to data on an iOS device. It prevents USB accessories from connecting to a locked device after a certain amount of time.

The update is available for various devices, including iPhone XS and later models, as well as various iPad Pro, iPad Air, iPad, and iPad mini models.

USB Restricted Mode Vulnerability

The update resolves an issue within the Accessibility framework that could allow a physical attacker to disable USB Restricted Mode on a locked device.

“A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”Apple stated in release notes.

This vulnerability posed a serious risk, as it could be exploited in highly sophisticated attacks targeting specific individuals. Apple has acknowledged reports of this issue being used in real-world scenarios.

The flaw was identified as an authorization issue, which Apple addressed by improving state management within the system.

The vulnerability is tracked under the identifier CVE-2025-24200 and was reported by Bill Marczak from The Citizen Lab at the University of Toronto’s Munk School.

Apple maintains its policy of withholding details about security vulnerabilities until investigations are complete and patches are available to protect users. The company emphasizes its dedication to user security by promptly addressing such issues and providing regular updates.

Apple encourages all eligible users to install the update promptly to ensure their devices remain secure against potential threats.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

The post Apple 0-Day Vulnerability Exploited in “Extremely Sophisticated” Attacks in the Wild appeared first on Cyber Security News.

 Read More 

 

8Base Ransomware Dark Web Site Seized, Four Operators Arrested

8Base Ransomware Dark Web Site Seized, Four Operators Arrested

In a significant breakthrough against global cybercrime, Thai authorities announced today the arrest of four European nationals linked to the notorious 8Base ransomware group.

The operation, codenamed “Phobos Aetor,” culminated in the seizure of the group’s dark web infrastructure and the apprehension of two men and two women accused of orchestrating ransomware attacks that affected over 1,000 victims worldwide.

The suspects, whose identities remain undisclosed, were arrested in coordinated raids across four locations in Phuket. The Cyber Crime Investigation Bureau (CCIB), led by Police Lieutenant General Trairong Phiwphan, conducted the operation in collaboration with Immigration Police and Region 8 Police.

The arrests were made following urgent requests from Swiss and U.S. authorities, who had issued Interpol warrants for the suspects.

Arrests Made

Evidence Seized and Charges Filed

During the raids at Mono Soi Palai, Supalai Palm Spring, Supalai Vista Phuket, and Phyll Phuket x Phuketique Phyll residences, law enforcement officials confiscated over 40 items of evidence, according to Thai Media reports.

These included laptops, mobile phones, and cryptocurrency wallets believed to contain proceeds from ransomware payments. The suspects now face charges of conspiracy to commit wire fraud and offenses against the United States.

The group is accused of deploying Phobos ransomware, a variant used by 8Base to compromise corporate networks globally. Between April 2023 and October 2024 alone, they allegedly targeted 17 Swiss companies.

Their modus operandi involved breaching networks to steal sensitive data, encrypting files, and demanding cryptocurrency payments for decryption keys. Victims who refused to pay were threatened with public exposure of their stolen data.

Authorities estimate that the group’s activities caused damages exceeding $16 million (approximately 560 million baht).

The ransomware attacks primarily targeted small to medium-sized businesses across industries such as healthcare, manufacturing, and finance. The United States, Brazil, and the United Kingdom were among the most affected countries.

The 8Base group employed a “double extortion” strategy, encrypting data while simultaneously threatening to leak it on their dark web portal if ransoms were not paid. To obscure their tracks, they utilized cryptocurrency mixing services to launder payments.

The arrests mark a milestone in international law enforcement cooperation. The operation involved agencies from multiple countries, including Switzerland, Germany, Japan, Romania, and the United States. Europol also played a critical role in coordinating efforts across jurisdictions.

As part of the crackdown, Thai authorities confirmed that both the negotiation and data leak sites operated by 8Base on the dark web have been seized. Visitors to these sites now encounter a seizure notice from German authorities on behalf of Bavarian prosecutors.

Website seized

The 8Base ransomware group first emerged in March 2022 but gained notoriety in mid-2023 for its aggressive tactics. Using Phobos ransomware as its primary tool, the group leveraged phishing emails and other vulnerabilities to gain initial access to victims’ systems. The malware encrypted files using AES-256 encryption while appending a “.8base” extension.

Despite branding themselves as “penetration testers,” claiming to expose organizational negligence regarding data security, experts have consistently identified financial motives behind their operations. The group also drew comparisons with other ransomware collectives like RansomHouse due to similarities in tactics.

While the suspects are currently in custody in Thailand, extradition requests from Switzerland and the United States are under consideration. Investigators are now analyzing seized devices to uncover further details about their operations and potential accomplices.

This high-profile takedown underscores growing international resolve to combat ransomware threats. Authorities hope that dismantling groups like 8Base will serve as a deterrent to other cybercriminal organizations operating on a global scale.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free

The post 8Base Ransomware Dark Web Site Seized, Four Operators Arrested appeared first on Cyber Security News.

 Read More