Cyber Attacks on the Rise: Media Group and Webmail Services Targeted

In a disturbing series of events, the RTL Group, a prominent media conglomerate, has fallen victim to a cyber attack, resulting in the theft of sensitive personal data from over 27,000 employees. According to a report by Cybernews, a hacker known as LuneBF has claimed responsibility for the breach, boasting of having accessed the company's intranet website.

The stolen data includes full names, email addresses, work-related postal addresses, and private and professional phone numbers of employees working for RTL Group and its subsidiaries, such as Fremantle and M6. A sample of 100 data sets was released by the hacker as proof of the breach. The company has confirmed the incident, stating that it is unlikely that customer data has been affected, but the investigation is still ongoing.

Meanwhile, a new malware, dubbed Arkanix, has been discovered by Kaspersky researchers. This infostealer is capable of harvesting credentials, browser data, cryptocurrency, and banking assets from infected machines. What's notable about Arkanix is its use of both Python and C++ variants, each tailored for a different stage of data theft. The malware operates on a Malware-as-a-Service (MaaS) model, allowing malicious actors to purchase access to the malware and a control panel with configurable payloads and statistics.

The use of artificial intelligence (AI) in the development of Arkanix suggests that the attackers are seeking quick financial gains rather than a prolonged campaign. According to Kaspersky researchers, the malware collects a vast amount of information, including highly sensitive personal data, and its development may have been assisted by a large language model.

In a separate incident, the Cybersecurity and Infrastructure Security Agency (CISA) has warned that two vulnerabilities in RoundCube Webmail, a web-based email client, are being actively exploited in attacks. The vulnerabilities, tracked as CVE-2025-49113 and CVE-2025-68461, were patched in June and December 2025, respectively. However, CISA has ordered U.S. federal agencies to patch the vulnerabilities within three weeks, citing the ongoing exploitation by threat actors.

The first vulnerability, CVE-2025-49113, is a critical remote code execution flaw that can be exploited by remote, unauthenticated attackers. The second vulnerability, CVE-2025-68461, is a low-complexity cross-site scripting (XSS) flaw that can be exploited through SVG documents. RoundCube has warned that over 84,000 vulnerable installations are at risk of attacks.

These incidents highlight the growing threat of cyber attacks on various industries, including media and webmail services. As the use of AI and other emerging technologies becomes more prevalent, the sophistication and frequency of these attacks are likely to increase. It is essential for organizations to prioritize cybersecurity and take proactive measures to protect their employees' and customers' sensitive data.

Sources:

• Cybernews: "Hacker stiehlt Daten von Tausenden RTL-Mitarbeitern"
• Kaspersky Securelist: "New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads"
• CISA: "Recently patched RoundCube flaws now exploited in attacks"