Threat Briefing: May 16, 2025

This week, we’re spotlighting the risks associated with contractor access to company systems. In one case, cyber threat actors exploited contractors to breach corporate networks. In another, attackers leveraged contractors’ direct access to Coinbase systems, extracting data later used for extortion.

These incidents serve as critical reminders: companies must not only prioritize their own cybersecurity but also ensure their contractors and third parties uphold the same standards.

• Coinbase Offers $20 Million Reward for Information Leading to Arrest of Cyber Extortionists – Coinbase is offering a $20 million reward for information leading to the arrest of cybercriminals attempting to extort the company by threatening to leak stolen customer data. The attackers allegedly obtained the information by paying several customer support agents in India. The breach affected less than 1% of Coinbase’s transacting users, potentially impacting fewer than 100,000 customers. Coinbase estimates that responding to the breach and compensating affected users could cost between $180 million and $400 million. The Record
• Second Chrome Zero-Day Vulnerability of 2025 Disclosed – A newly disclosed zero-day vulnerability in the Chrome browser, identified as CVE-2025-4664, has been actively exploited in the wild. The flaw enables attackers to “leak cross-origin data through maliciously crafted HTML pages.” The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities catalog. This marks the second zero-day vulnerability impacting Chrome that Google has disclosed in 2025. Bleeping Computer
• German Authorities Shut Down Cryptocurrency Mixer eXch in Major Operation – Germany’s Federal Criminal Police Office (BKA) dismantled the cryptocurrency mixer eXch in a late April operation, seizing over $30 million in digital assets, 8 terabytes of data, and the platform’s server infrastructure. eXch was reportedly used by North Korean threat actors to launder funds stolen from Bybit in February. Since its launch in 2014, the platform is estimated to have facilitated $1.9 billion in cryptocurrency transactions. The Record
• Cybercriminals Use AI Tool Lures to Deploy Noodlophile Malware – A new campaign is using social media posts promoting AI tools to lure victims into downloading malicious .exe files that deploy Noodlophile malware. Noodlophile functions as an information stealer, targeting cryptocurrency wallets and browser credentials. The malware has also been distributed alongside the XWorm remote access trojan, amplifying its threat potential. The Hacker News
• Scammers Exploit GovDelivery Email System Using Compromised Contractor Accounts – Government contractors’ compromised accounts were used to send scam emails through the GovDelivery notification system, impacting residents in multiple states. In Indiana, scammers exploited a contractor’s account to send fraudulent toll payment requests, despite the state’s contract for the service ending in December 2024. Indiana officials allege the contractor failed to deactivate the account, leaving it open to misuse. Meanwhile, residents in New Mexico received phishing emails from a govdelivery.com address, attempting to steal payment details. TechCrunch