February, 2025
February 28, 2025 – Malware
Fake WordPress Plugin Impacts SEO by Injecting Casino Spam Full Text
Abstract
The attackers used multiple stealthy methods to evade detection: naming the plugin an innocent-sounding name, and hiding it in the WordPress plugins directory versus a core file to avoid being found by integrity checks.Sucuri
February 28, 2025 – Malware
VSCode Extensions With 9 Million Installs Pulled Over Security Risks Full Text
Abstract
Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code.Bleeping Computer
February 26, 2025 – Cryptocurrency
GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets Full Text
Abstract
Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub. qThe Hacker News
February 26, 2025 – Malware
New Auto-Color Linux Backdoor Targets North American Governments, Universities Full Text
Abstract
A previously undocumented Linux backdoor dubbed 'Auto-Color' was observed in attacks between November and December 2024, targeting universities and government organizations in North America and Asia.Bleeping Computer
February 26, 2025 – Vulnerabilities
Rsync Flaws Allow Hackers to Take Over Servers, PoC Published Full Text
Abstract
Google Cloud Vulnerability Research published the technical details and proof-of-concept (PoC) exploits for five critical Rsync vulnerabilities, identified as CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, and CVE-2024-12088.Security Online
February 26, 2025 – Vulnerabilities
Massive WordPress Plugin Vulnerability Exposes Millions to XSS Attacks Full Text
Abstract
The vulnerability, tracked as CVE-2025-24752, is a reflected Cross-Site Scripting (XSS) issue that could allow malicious actors to inject harmful scripts into unsuspecting users’ browsers.Security Online
February 26, 2025 – Botnet
PolarEdge Botnet: 2,000+ IoT Devices Infected Full Text
Abstract
The botnet has infected over 2,000 devices globally and has been active since at least late 2023. The attack campaign exploits CVE-2023-20118, a remote code execution (RCE) vulnerability affecting multiple Cisco Small Business Router models.Security Online
February 26, 2025 – Vulnerabilities
GRUB2 Bootloader Vulnerabilities Expose Millions of Systems to Attacks Full Text
Abstract
A series of critical vulnerabilities have been discovered in GRUB2, the popular boot loader used by many Linux distributions. These flaws could allow attackers to bypass security measures, potentially compromising millions of systems globally.Security Online
February 26, 2025 – Vulnerabilities
OpenH264 Codec Vulnerability Poses Remote Code Execution Risk Full Text
Abstract
Tracked as CVE-2025-27091 and assigned a CVSSv4 score of 8.6, this vulnerability could allow remote attackers to trigger a heap overflow, potentially leading to arbitrary code execution.Security Online
February 26, 2025 – Breach
Have I Been Pwned Adds 284M Accounts Stolen by Infostealer Malware Full Text
Abstract
HIBP founder Troy Hunt found 284,132,969 compromised accounts while analyzing 1.5TB of stealer logs likely collected from numerous sources and shared on a Telegram channel known as “ALIEN TXTBASE.”Bleeping Computer
February 26, 2025 – Vulnerabilities
Attackers Exploiting Cisco Vulnerabilities Tied to Salt Typhoon Campaign Full Text
Abstract
GreyNoise researchers observed active exploitation of two Cisco vulnerabilities, CVE-2018-0171 and CVE-2023-20198, which reportedly have been used in recent attacks by the Chinese nation-state threat group known as Salt Typhoon.Cybersecurity Dive
February 26, 2025 – Government
CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation Full Text
Abstract
The CISA on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The Hacker News
February 24, 2025 – Vulnerabilities
Zero-Day in Parallels Desktop Allows Root Privilege Escalation, PoC Released Full Text
Abstract
Independent researcher Mickey Jin (@patch1t) publicly disclosed the exploit after Parallels left the vulnerability unpatched for over seven months, despite multiple responsible disclosure attempts.Security Online
February 24, 2025 – Vulnerabilities
Exim Mail Transfer Vulnerability Allows Attackers to Inject Malicious SQL Full Text
Abstract
Systems become vulnerable when compiled with the _USE_SQLITE_ option, which activates SQLite integration for hints database management, and when administrators enable ETRN commands without proper serialization safeguards.GBHackers
February 24, 2025 – Vulnerabilities
Libxml2 Flaws Could Lead to Code Execution Full Text
Abstract
Users of libxml2 are strongly encouraged to update to the latest versions, 2.12.10 or 2.13.6, to address these vulnerabilities. Older branches of libxml2 will not receive updates.Security Online
February 24, 2025 – Malware
New Zhong Stealer Malware Exploit Zendesk to Attack Fintech and Cryptocurrency Industries Full Text
Abstract
The attackers masquerade as customers, leveraging social engineering tactics to trick support agents into downloading malicious files. The attack begins with the creation of fraudulent support tickets by attackers using newly registered accounts.GBHackers
February 24, 2025 – Vulnerabilities
Moxa PT Switches Vulnerable to Denial-of-Service Attack Full Text
Abstract
CVE-2024-9404 poses a significant remote threat if the affected PT switches are exposed to publicly accessible networks. Attackers could exploit this vulnerability to disrupt critical operations in various industrial environments.Security Online
February 24, 2025 – Malware
Null-AMSI Bypasses Security Measures to Deploy AsyncRAT Payload Full Text
Abstract
Once the AsyncRAT payload is loaded, it establishes control over the victim’s system, allowing the attacker to remotely control the machine, steal data, install additional malware, or launch further attacks.The Cyber Express
February 24, 2025 – Vulnerabilities
Critical Vulnerability in Pentaho Business Analytics Server Full Text
Abstract
To fully address the critical vulnerability (CVE-2024-37361), users are advised to upgrade to the latest Hitachi Vantara Pentaho 10.2 release or, for version 9.3, to install Service Pack 9.3.0.9 or higher.Security Online
February 24, 2025 – Phishing
Fake CS2 Tournament Streams Used to Steal Crypto, Steam Accounts Full Text
Abstract
Threat actors are exploiting major Counter-Strike 2 (CS2) competitions, like IEM Katowice 2025 and PGL Cluj-Napoca 2025, to defraud gamers and steal their Steam accounts and cryptocurrency.Bleeping Computer
February 24, 2025 – Malware
GhostSocks - Lumma’s Partner in Proxy Full Text
Abstract
GhostSocks, a Golang-based SOCKS5 backconnect proxy malware, was first identified in October 2023 when it was advertised on a Russian-language criminal forum, and supports Microsoft Windows alongside Linux.Infrawatch
February 24, 2025 – Vulnerabilities
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks Full Text
Abstract
The flaw is tracked as CVE-2025-23209 and is a high severity (CVSS v3 score: 8.0) code injection (RCE) vulnerability impacting Craft CMS versions 4 and 5. Federal agencies have until March 13, 2025, to patch the Craft CMS flaw.The Hacker Newes
February 22, 2025 – Malware
SpyLend Android malware downloaded 100,000 times from Google Play Full Text
Abstract
An Android malware app called SpyLend has been downloaded over 100,000 times from Google Play, where it masqueraded as a financial tool but became a predatory loan app for those in India.Bleeping Computer
February 22, 2025 – Cryptocurrency
Hackers Drained $1.4 Billion of Cryptocurrency From Bybit Exchange Full Text
Abstract
The Dubai-based company said the incident occurred when the company was moving funds from a “cold” wallet — a wallet whose private keys are kept offline for security reasons — to an online “warm” wallet.The Record
February 22, 2025 – Attack
REF7707 Espionage Campaign Targets South America and Southeast Asia Full Text
Abstract
The attackers behind REF7707 deployed novel malware families—FINALDRAFT, GUIDLOADER, and PATHLOADER—to gain persistence and execute highly sophisticated network intrusions.Security Online
February 22, 2025 – Privacy
Russian State Hackers Spy on Ukrainian Military Through Signal App Full Text
Abstract
Google’s security team said in a report on Wednesday that Signal’s popularity among military personnel, politicians, journalists and activists has made it a prime target for espionage operations.The Record
February 22, 2025 – Phishing
Amazon Prime Phishing Scam Steals Login, Payment Info Full Text
Abstract
The Cofense Phishing Defense Center (PDC) has identified a new phishing campaign that specifically targets Amazon Prime users, attempting to steal login credentials, security answers, and payment details.Security Online
February 22, 2025 – Ransomware
New XELERA Ransomware Campaign Spreading Through Malicious Documents Full Text
Abstract
Security researchers at Seqrite Labs APT-Team uncovered a sophisticated spear-phishing attack that delivers a Python-based ransomware via malicious documents disguised as job notifications.Security Online
February 21, 2025 – Government
CISA and FBI Warn of Ghost Ransomware Which has Breached Organizations in 70 Countries Full Text
Abstract
Names linked to this group include Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture, with ransomware samples used in their attacks including Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.Bleeping Computer
February 21, 2025 – Vulnerabilities
Proof-of-Concept Exploit Released for Four Ivanti Vulnerabilities Full Text
Abstract
Horizon3.ai researchers on Wednesday released technical details and a proof-of-concept (PoC) exploit for four critical Ivanti vulnerabilities that were first disclosed and patched last month.Cybersecurity Dive
February 21, 2025 – Phishing
The Bleeding Edge of Phishing: darcula-suite 3.0 Enables DIY Phishing of Any Brand Full Text
Abstract
A new version of the phishing-as-a-service (PhaaS) platform "Darcula" is launching, with a feature that allows anyone to spoof any brand online, with no technical skill required.NetCraft
February 21, 2025 – Breach
Over 330 Million Credentials Compromised by Infostealers Full Text
Abstract
Infostealers became one of the “most significant initial access vectors” in the threat landscape last year, with one threat intelligence company claiming to find over 330 million compromised credentials linked to the malware.Infosecurity Magazine
February 20, 2025 – Malware
New FrigidStealer Malware Infects Macs via Fake Browser Updates Full Text
Abstract
FrigidStealer is a Go-based malware built with the WailsIO framework to make the installer appear legitimate during infection. The malware extracts saved cookies, login credentials, and password-related files stored in Safari or Chrome on macOS.Bleeping Computer
February 20, 2025 – Vulnerabilities
Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit Full Text
Abstract
These vulnerabilities have been assigned Common Vulnerability Scoring System (CVSS) numbers ranging from 2.8 to 3.3 representing a Low level of impact. Successful exploitation could lead to limited denial of service and information disclosure.Palo Alto Networks
February 20, 2025 – Malware
Rhadamanthys Stealer Being Distributed Through MSC Files Full Text
Abstract
The malicious MSC file is often disguised as a harmless document, such as a Word file. When the victim opens the file, it downloads and executes a PowerShell script from an external server. This script then decodes and runs the Rhadamanthys Stealer.ASEC
February 20, 2025 – Vulnerabilities
SICK Warns of Severe Security Flaws in MEAC300 Sensors Full Text
Abstract
The vulnerabilities, tracked as CVE-2022-0778 and CVE-2025-0867, could allow attackers to cause a denial of service or potentially execute arbitrary code on affected devices.Security Online
February 20, 2025 – Malware
Malicious Signal, Line, and Gmail Installers Target Chinese-Speaking Users with Backdoors Full Text
Abstract
The attackers rely on search engine optimization (SEO) poisoning to direct users to fraudulent download pages for apps like Signal, Line, and Gmail, which deliver ZIP files containing executable malware.Hunt
February 20, 2025 – Vulnerabilities
Update: Windows Disk Cleanup Tool Flaw Exploited to Gain SYSTEM Privileges, PoC Released Full Text
Abstract
The vulnerability was anonymously disclosed to Microsoft and subsequently, a proof-of-concept exploit was published on GitHub by a security researcher. The exploit leverages a DLL sideloading technique with cleanmgr.exe.Security Online
February 20, 2025 – Malware
Highly Obfuscated .NET sectopRAT Disguises as Chrome Extension Full Text
Abstract
Recently, cybersecurity researchers uncovered a new campaign where sectopRAT disguises itself as a legitimate Google Chrome extension named “Google Docs,” further amplifying its stealth and data-theft capabilities.GBHackers
February 20, 2025 – Vulnerabilities
Netgear C7800 Router Flaw Exposes User Credentials, No Patch! Full Text
Abstract
An attacker who successfully performs a man-in-the-middle attack on the WLAN or LAN can intercept user credentials. This could grant full control over the router, enabling settings manipulation, data theft, or launch further attacks.Security Online
February 20, 2025 – Criminals
BlackLock Becomes the World’s Fastest Rising Ransomware Operator Full Text
Abstract
BlackLock actively recruits key players, known as traffers, to support the early stages of ransomware attacks. These individuals drive malicious traffic, steer victims to harmful content, and help establish initial access for campaigns.Reliaquest
February 20, 2025 – Vulnerabilities
Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability Full Text
Abstract
The two critical-rated vulnerabilities include CVE-2025-21355 (CVSS score: 8.6), a Microsoft Bing remote code execution vulnerability, and CVE-2025-24989 (CVSS score: 8.2), a Microsoft Power Pages elevation of privilege vulnerability.The Hacker News
February 19, 2025 – Vulnerabilities
Two New OpenSSH Bugs Threaten Enterprise Security, Uptime Full Text
Abstract
Qualys discovered the bugs (CVE-2025-26465 and CVE-2025-26466) in January, per its disclosure timeline. These vulnerabilities enable machine-in-the-middle (MitM) attacks and pre-authentication denial-of-service (DoS) attacks.The Register
February 19, 2025 – Government
CISA Issues Two New ICS Advisories Addressing Exploits and Vulnerabilities Full Text
Abstract
These advisories flagged under ICSA-24-191-01 (Update A) and ICSA-25-035-02 (Update A), address high-severity flaws that could enable remote code execution and denial-of-service attacks across industrial environments.GBHackers
February 19, 2025 – Government
CERT-In Warns of High-Severity Vulnerabilities in Mozilla Firefox and Thunderbird Full Text
Abstract
Mozilla has responded swiftly to these vulnerabilities, releasing a series of security fixes in updated versions, including Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 135, and Thunderbird ESR 128.7.The Cyber Express
February 19, 2025 – Vulnerabilities
Exploit Code Published for Critical GatesAir Transmitter Vulnerabilities, No Patches Available Yet Full Text
Abstract
Security researcher Mohamed Shahat has disclosed three critical vulnerabilities affecting GatesAir Maxiva UAXT and VAXT transmitters. These transmitters are widely used in various industries, including broadcasting, transportation, and public safety.Security Online
February 19, 2025 – Vulnerabilities
Chrome Buffer Overflow Flaws Let Hackers Execute Arbitrary Code & Gain System Access Full Text
Abstract
The update (version 133.0.6943.126/.127 for Windows/Mac and 133.0.6943.126 for Linux) follows the discovery of exploits in Chrome’s V8 JavaScript engine, GPU component, and network stack, underscoring escalating risks to billions of users worldwide.GBHackers
February 19, 2025 – Vulnerabilities
Apache Ignite Vulnerability Could Allow Remote Code Execution Full Text
Abstract
The Apache Ignite team has addressed this vulnerability in version 2.17.0. Users of affected versions are strongly urged to upgrade to the latest release as soon as possible.Security Online
February 19, 2025 – APT
Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign Full Text
Abstract
The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024.The Hacker News
February 19, 2025 – Policy and Law
Estonian Duo Plead Guilty to $577m Crypto Ponzi Scheme Full Text
Abstract
Two Estonian nationals are facing up to 20 years behind bars after pleading guilty to running a huge cryptocurrency fraud scheme that netted hundreds of millions of dollars.Infosecurity Magazine
February 19, 2025 – Vulnerabilities
New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials Full Text
Abstract
Following responsible disclosure on March 26, 2024, the vulnerabilities were addressed as part of Service Pack 57.75.53 released late last month for VersaLink C7020, 7025, and 7030 series printers.The Hacker News
February 18, 2025 – Malware
Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection Full Text
Abstract
Earth Preta’s malware, a variant of the TONESHELL backdoor, is sideloaded with a legitimate Electronic Arts application and communicates with a command-and-control server for data exfiltration.Trend Micro
February 18, 2025 – Phishing
Black-Hat SEO Campaign Lures Indian Users Into Visiting Potential Phishing Schemes Full Text
Abstract
In a recent development, analysts at CloudSEK have discovered the much maligned use of black hat Search Engine Poisoning by threat actors, to push Rummy and Investment focused websites to unsuspecting users.Cloudsek
February 18, 2025 – General
Inconsistent Security Strategies Fuel Third-Party Threats Full Text
Abstract
About 47% of organizations have experienced a data breach or cyberattack over the past 12 months that involved a third-party accessing their network, according to Imprivata and the Ponemon Institute.Help Net Security
February 18, 2025 – Vulnerabilities
PoC Exploits for Two Critical LibreOffice Vulnerabilities Released, Patch ASAP Full Text
Abstract
These flaws—CVE-2024-12425 (Arbitrary File Write) and CVE-2024-12426 (Remote File Read)—require no user interaction beyond opening a malicious document, making them highly exploitable in both desktop and server environments.Security Online
February 18, 2025 – Government
South Korea Suspends Downloads of AI Chatbot DeepSeek Full Text
Abstract
The Personal Information Protection Commission (PIPC) of South Korea announced the suspension on February 15, citing deficiencies in the app’s communication features and data processing practices.Infosecurity Magazine
February 18, 2025 – Hacker
EarthKapre Leverages Cloud Infrastructure and DLL Sideloading for Data Exfiltration Full Text
Abstract
This latest attack chain showcases the group’s ability to weaponize legitimate tools, leveraging DLL sideloading techniques and cloud-based infrastructure to stealthily infiltrate networks and exfiltrate sensitive data.ESentire
February 18, 2025 – Solution
Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls Full Text
Abstract
The new in-call anti-scammer protections include preventing Android users from turning on settings to install apps from unknown sources and granting access to the Accessibility Services.The Hacker News
February 18, 2025 – Vulnerabilities
Juniper Warns of Critical Authentication Bypass Flaw in Session Smart Routers Full Text
Abstract
Currently, Juniper SIRT is not aware of any malicious exploitation of the CVE-2025-21589 vulnerability. However, given the severity of the flaw, prompt action is crucial to prevent potential attacks.Security Online
February 18, 2025 – Malware
Microsoft Warns of New XCSSET macOS Malware Variant Used for Cryptocurrency Theft Full Text
Abstract
A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app.Bleeping Computer
February 18, 2025 – Vulnerabilities
AMD Patches Multiple Vulnerabilities in Embedded Processors Full Text
Abstract
AMD has released security updates addressing multiple vulnerabilities in its EPYC and Ryzen Embedded processors, some of which could allow arbitrary code execution, memory corruption, or privilege escalation.Security Online
February 17, 2025 – Vulnerabilities
Metasploit-Ready: CVE-2025-1094 SQLi in PostgreSQL Exposes Systems to Remote Attacks Full Text
Abstract
CVE-2025-1094 stems from an “incorrect assumption that when attacker-controlled untrusted input has been safely escaped via PostgreSQL’s string escaping routines, it cannot be leveraged to generate a successful SQL injection attack.Security Online
February 17, 2025 – Vulnerabilities
CVE-2022-31631 (CVSS 9.1): Critical PHP Flaw Exposes Websites to SQL Injection Attacks Full Text
Abstract
A serious vulnerability has been discovered in PHP, potentially exposing websites and applications to SQL injection attacks. This function is commonly used to sanitize user-supplied data before it’s used in database queries.Security Online
February 17, 2025 – Vulnerabilities
Palo Alto Networks and SonicWall Firewalls Under Attack Full Text
Abstract
Palo Alto Networks and SonicWall customers are being advised to patch their products, after it emerged that threat actors are actively exploiting vulnerabilities in both.Infosecurity Magazine
February 17, 2025 – Malware
PirateFi game on Steam caught installing password-stealing malware Full Text
Abstract
A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users. Statistics on the title's page shows that up to 1,500 individuals may be impacted.Bleeping Computer
February 17, 2025 – Phishing
OAuth Phishing Alert: Fake ‘Adobe Drive X’ App Abusing Microsoft Login Full Text
Abstract
Threat actors have taken phishing to the next level by weaponizing custom Microsoft 365 applications to request sensitive information from users. User is taken to a legitimate Microsoft authentication page, making the phishing attack more convincing.Confense
February 17, 2025 – Phishing
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication Full Text
Abstract
Volexity has observed multiple Russian threat actors conducting social-engineering and spear-phishing campaigns targeting organizations with the ultimate goal of compromising Microsoft 365 accounts via Device Code Authentication phishing.Volexity
February 17, 2025 – Vulnerabilities
YouTube ID exploited to find Gmail deets, says researcher Full Text
Abstract
A security researcher found that Google could leak the email addresses of YouTube channels. Last week he explained he found two vulnerabilities that, when chained, make it possible to sniff out the email addresses.The Register
February 15, 2025 – Breach
Valve Removed the Game PirateFi From the Steam Platform After Discovery of Hidden Malware Full Text
Abstract
Valve removed the game PirateFi from the Steam video game platform because it contained malicious code designed to steal browser cookies and hijack accounts. The company also advised affected users to reformat their operating systems for mitigation.Security Affairs
February 15, 2025 – Vulnerabilities
Windows Explorer GUI Zero-Day Vulnerability Actively Exploited in the Wild Full Text
Abstract
The flaw involves how Windows handles files extracted from compressed “RAR” archives. When extracted into a folder, these files appear invisible in the Windows Explorer GUI, misleading users into believing the folder is empty.GBHackers
February 15, 2025 – Phishing
Russian-Linked Hackers Found Using ‘Device Code Phishing’ to Hijack Accounts Full Text
Abstract
The Storm-2372 actors use a phishing technique called 'device code phishing.' Users are lured to log in to productivity apps while the actors capture the information from the authentication codes to hijack their accounts.The Hacker News
February 15, 2025 – Attack
China’s Salt Typhoon Hackers Targeting Cisco Devices Used by Telcos, Universities Full Text
Abstract
Recorded Future researchers said the Chinese nation-state threat group intruded five additional telecom networks between December and January, including two unnamed providers in the U.S..CyberScoop
February 14, 2025 – APT
North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks Full Text
Abstract
The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, also tracked as APT43, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet Chollima.The Hacker News
February 14, 2025 – Vulnerabilities
New ‘whoAMI’ Attack Enables Code Execution on Amazon EC2 Instances Full Text
Abstract
Dubbed "whoAMI," the attack was crafted by DataDog researchers in August 2024, who demonstrated that it's possible for attackers to gain code execution within AWS accounts by exploiting how software projects retrieve AMI IDs.Bleeping Computer
February 14, 2025 – Phishing
Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners Full Text
Abstract
A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit financial fraud.The Hacker News
February 14, 2025 – Business
A10 Networks Buys ThreatX Protect To Boost AI And WAAP Security Full Text
Abstract
Network security standout A10 Networks is boosting its cybersecurity portfolio around web application and API protection (WAAP) by purchasing the assets and key employees from ThreatX Protect.CRN
February 14, 2025 – Vulnerabilities
WinZip Vulnerability Opens Door to Remote Code Execution Full Text
Abstract
The vulnerability, tracked as CVE-2025-1240 and with a CVSS score of 7.8, stems from insufficient validation of user-supplied data during 7Z file parsing. While the vulnerability itself is serious, exploitation requires user interaction.Security Online
February 14, 2025 – Business
Quantum-Focused QuSecure Gets $28 Million in Funding Full Text
Abstract
QuSecure has closed its latest round of funding with $28 million, which it will use to advance post-quantum technology and help educate partners on best practices for helping customers battle future security threats.Channel Futures
February 13, 2025 – Vulnerabilities
Surge in Attacks Exploiting Old ThinkPHP and ownCloud Flaws Full Text
Abstract
Threat monitoring platform GreyNoise reported spikes in threat actors leveraging CVE-2022-47945 and CVE-2023-49103 that affect ThinkPHP Framework and the open-source ownCloud solution for file sharing and syncing.Bleeping Computer
February 13, 2025 – Vulnerabilities
Update: PoC Exploit Published for macOS Security Flaw Enabling KASLR Bypass Full Text
Abstract
The vulnerability, tracked as CVE-2024-54531, allows an app to bypass KASLR, effectively revealing the kernel’s memory layout. It leverages speculative execution during system calls, a previously unexploited weakness in Apple’s kernel isolation.Security Online
February 13, 2025 – Vulnerabilities
Palo Alto Networks Fixes Two High-Severity PAN-OS Vulnerabilities Full Text
Abstract
CVE-2025-0108 affects PAN-OS versions 11.2 (before 11.2.4-h4), 11.1 (before 11.1.6-h1), 10.2 (before 10.2.13-h3), and 10.1 (before 10.1.14-h9). CVE-2025-0110 affects PAN-OS OpenConfig plugin versions before 2.1.2.Security Online
February 13, 2025 – Vulnerabilities
Critical Vulnerability in Falcon Sensor for Linux Enables TLS MiTM Exploits Full Text
Abstract
While no evidence of exploitation has been detected, CrowdStrike has rated the flaw as high severity, with a CVSS score of 8.1. The flaw affects versions of the Falcon sensor for Linux, Kubernetes Admission Controller, and Container Sensor.GBHackers
February 13, 2025 – Breach
zkLend Loses $9.5M in Crypto Heist, Asks Hacker to Return 90% Full Text
Abstract
Decentralized money lender zkLend suffered a breach where threat actors exploited a smart contract vulnerability to steal 3,600 Ethereum (ETH), worth $9.5 million at the time.Bleeping Computer
February 13, 2025 – Vulnerabilities
NVIDIA Patches High-Severity Vulnerability in Jetson and IGX Orin Platforms Full Text
Abstract
“NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree,” the bulletin explains.Security Online
February 13, 2025 – Phishing
North Korean Hackers Dupe Targets Into Typing Powershell Commands as Admin Full Text
Abstract
North Korean state actor ‘Kimsuky’ (aka ‘Emerald Sleet’ or ‘Velvet Chollima’) has been observed using a new tactic involving deceptive error messages or prompts that direct victims to execute malicious code themselves, often via PowerShell commands.Bleeping Computer
February 13, 2025 – Vulnerabilities
Google Chrome Gets Patches for Four High-Severity Vulnerabilities in Latest Stable Channel Update Full Text
Abstract
The update, which will roll out over the coming days and weeks, patches vulnerabilities in key components of the Chrome browser, including the V8 JavaScript engine, the Browser UI, and the Navigation component.Security Online
February 13, 2025 – Malware
Magento Credit Card Stealer Disguised in an Tag Full Text
Abstract
Analyzing the decoded version of the malicious script reveals that it first checks whether the user is on the checkout page and ensures the script hasn’t run yet in the current session.Sucuri
February 13, 2025 – Government
CISA Adds Microsoft Windows, Zyxel Device Dlaws to its Known Exploited Vulnerabilities Catalog Full Text
Abstract
The CISA added four vulnerabilities to its KEV catalog, including OS command injection flaws in Zyxel CPE Series devices (CVE-2024-40891 and CVE-2024-40890) and two Windows flaws (CVE-2025-21418 and CVE-2025-21391).Security Affairs
February 12, 2025 – Vulnerabilities
Misconfigured APIs Expose Sensitive Medical Data in Major Diagnostic Chain Full Text
Abstract
A recent investigation by CloudSEK’s BeVigil platform has revealed critical vulnerabilities in the API infrastructure of a prominent diagnostic chain, exposing sensitive personal and medical data of potentially millions of users.Security Online
February 12, 2025 – Vulnerabilities
Over 12,000 KerioControl Firewalls Exposed to Exploited RCE Flaw Full Text
Abstract
GFI Software released a security update for the problem with version 9.4.5 Patch 1 on December 19, 2024, yet three weeks later, according to Censys, over 23,800 instances remained vulnerable.Bleeping Computer
February 12, 2025 – Vulnerabilities
OpenSSL Patched High-Severity Flaw Enabling Man-in-the-Middle Attacks Full Text
Abstract
The vulnerability impacts TLS clients that explicitly enable RPKs and rely on SSL_VERIFY_PEER to detect authentication failures. Project maintainers pointed out that RPKs are disabled by default in both TLS clients and TLS servers.Security Affairs
February 12, 2025 – Attack
Attackers Exploit a New Zero-Day to Hijack Fortinet Firewalls Full Text
Abstract
Fortinet warned that threat actors are exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (CVSS score of 8.1), in FortiOS and FortiProxy to hijack Fortinet firewalls.Security Affairs
February 12, 2025 – Attack
Triplestrength Hits Victims With Ransomware, Cloud Hijacks, Cryptomining Full Text
Abstract
A previously unknown gang dubbed Triplestrength poses a triple threat to organizations: It infects victims' computers with ransomware, then hijacks their cloud accounts to illegally mine for cryptocurrency.The Register
February 12, 2025 – Vulnerabilities
SonicWall Firewall Exploit Lets Hackers Hijack VPN Sessions, Patch Now Full Text
Abstract
Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that bypasses the authentication mechanism in certain SonicOS SSL VPN application versions.Bleeping Computer
February 12, 2025 – Vulnerabilities
Microsoft February 2025 Patch Tuesday Fixes 4 Zero-Days, 55 Flaws Full Text
Abstract
This month's Patch Tuesday fixes two actively exploited and two publicly exposed zero-day vulnerabilities. Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no official fix is available.Bleeping Computer
February 12, 2025 – Vulnerabilities
Ivanti Patches Critical Flaws in Connect Secure and Policy Secure Full Text
Abstract
Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution.The Hacker News
February 12, 2025 – Business
Semgrep Bags $100M in Series D to Elevate AI-Driven Code Security Full Text
Abstract
The round was spearheaded by Menlo Ventures, with significant contributions from existing stakeholders including Felicis Ventures, Harpoon Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital.Fintech
February 12, 2025 – Phishing
University Site Cloned to Evade Ad Detection and Distribute Fake Cisco AnyConnect Installer Full Text
Abstract
The attackers are using a clever technique to evade detection by security systems. They have cloned the website of a German university that uses Cisco AnyConnect and are using it as a “white page” to fool ad detection systems.MalwareBytes
February 11, 2025 – Vulnerabilities
Apple Patches Actively Exploited iOS Zero-Day in Emergency Update Full Text
Abstract
Tracked as CVE-2025-24200, the vulnerability has been described as an authorization issue that could enable a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber-physical attack.The Hacker News
February 11, 2025 – Vulnerabilities
Progress LoadMaster Security Update Addresses Multiple Vulnerabilities Full Text
Abstract
These vulnerabilities stem from improper input validation, enabling attackers with access to the LoadMaster management interface to inject malicious commands via crafted HTTP requests.Security Online
February 11, 2025 – Vulnerabilities
Critical RCE Vulnerability Found in Visual Weather Products Full Text
Abstract
IBL Software Engineering urged users to take immediate action to remediate the CVE-2025-1077 vulnerability. The recommended solution is to upgrade to the patched versions of Visual Weather: 7.3.10 or higher, or 8.6.0 or higher.Security Online
February 11, 2025 – Vulnerabilities
Multiple Vulnerabilities Addressed in SAP Security Patch Day February 2025 Full Text
Abstract
The most severe vulnerability addressed (CVE-2025-0064, CVSS 8.7) allows an attacker with admin rights to impersonate any user within the SAP BusinessObjects Business Intelligence platform.Security Online
February 11, 2025 – Criminals
Police Dismantles 8Base Ransomware Gang Under Operation Phobos Aetor Full Text
Abstract
The police arrested four European citizens in Phuket, Thailand, who are suspected of having stolen over $16 million through ransomware attacks affecting over 1,000 victims worldwide.Security Affairs
February 11, 2025 – Vulnerabilities
Update: GitHub Enterprise SAML Bypass Flaw Uncovered With Technical Analysis and Exploit PoC Full Text
Abstract
Given the severity of this issue, organizations using GitHub Enterprise with SAML authentication enabled are strongly advised to review their authentication configurations and apply patches immediately.Security Online
February 11, 2025 – Malware
Malicious ML Models Discovered on Hugging Face Platform Full Text
Abstract
Researchers at Reversing Labs have discovered two malicious machine learning (ML) models available on Hugging Face, the leading hub for sharing AI models and applications.ReversingLabs
February 11, 2025 – Government
CISA Warns of Critical Elber Flaws – PoC Available, No Patch Full Text
Abstract
Elber has stated that they do not plan to mitigate these vulnerabilities as the affected equipment is either end-of-life or almost end-of-life. CISA recommends that users of affected devices take defensive measures to minimize the risks.Security Online
February 11, 2025 – Attack
DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects Full Text
Abstract
Targets of the campaign include IIS servers located in India, Thailand, Vietnam, Philippines, Singapore, Taiwan, South Korea, Japan, and Brazil. These servers are associated with government, universities, tech companies, and telecommunications firms.The Hacker News
February 11, 2025 – Phishing
Scammers Use Fake Facebook Copyright Notices to Hijack Accounts Full Text
Abstract
This campaign, which began around December 20th, 2024, primarily focuses on companies within the EU, the US, and Australia. Still, some instances have also been detected in Chinese and Arabic languages, indicating a global reach.HackRead
February 10, 2025 – Ransomware
The Anatomy of Abyss Locker Ransomware Attack Full Text
Abstract
The threat actors behind Abyss Locker consistently employ a TTP of deploying malware on critical network devices to tunnel their activity within the network. This includes targeting VPN appliances, network- attached storage (NAS) and ESXi servers.Sygnia
February 10, 2025 – Vulnerabilities
WordPress ASE Plugin Vulnerability Threatens Site Security Full Text
Abstract
Security analysts at Patchstack discovered that the flaw was due to insufficient checks on user role restoration. Specifically, the process failed to include robust permission verification, relying only on a nonce check.Infosecurity Magazine
February 10, 2025 – Malware
Flesh Stealer Snoops on Web Browsers and Cryptocurrency Wallets Full Text
Abstract
Flesh Stealer has been actively promoted on Discord, Telegram channels, and underground forums like Pyrex Guru. Employing Base64 obfuscation techniques to conceal its functions and strings, the stealer first emerged in August 2024.Cyfirma
February 10, 2025 – Vulnerabilities
Critical SQL Injection Bug Patched in Zimbra Collaboration Full Text
Abstract
CVE-2025-25064 (CVSS 9.8) is a critical SQL injection vulnerability that affects Zimbra Collaboration versions 10.0.x before 10.0.12 and 10.1.x before 10.1.4. This vulnerability is due to insufficient sanitization of a user-supplied parameter.Security Online
February 10, 2025 – Attack
Microsoft Says Attackers Use Exposed ASP.NET Keys to Deploy Malware Full Text
Abstract
Threat actors also use machine keys from publicly available sources in code injection attacks to create malicious ViewStates (used by ASP.NET Web Forms to control state and preserve pages) by attaching crafted message authentication code (MAC).Bleeping Computer
February 10, 2025 – Vulnerabilities
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers Full Text
Abstract
The flaw, tracked as CVE-2025-0994, is a high severity (CVSS v4.0 score: 8.6) deserialization problem that allows authenticated users to perform RCE attacks against a customer's Microsoft Internet Information Services (IIS) servers.Bleeping Computer
February 10, 2025 – Phishing
Scalable Vector Graphics Files Pose a Novel Phishing Threat Full Text
Abstract
Attackers have been observed using the graphics file format scalable vector graphics (SVG) for this purpose. SVGs contain Extensible Markup Language (XML)-like text instructions to draw resizable, vector-based images on a computer.Sophos
February 10, 2025 – Vulnerabilities
Critical Flaw in ABB Drive Composer Enables File System Access Full Text
Abstract
The vulnerability stems from improper directory validation, allowing attackers to craft malicious Drive Composer files (such as parameter backup files) that, when opened, can extract files to arbitrary locations on the victim’s system.Security Online
February 10, 2025 – Attack
Massive Brute Force Attack Uses 2.8 Million IPs to Target VPN Devices Full Text
Abstract
A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those from Palo Alto Networks, Ivanti, and SonicWall.Bleeping Computer
February 10, 2025 – Government
CISA Orders Agencies to Patch Linux Kernel Bug Exploited in Attacks Full Text
Abstract
Tracked as CVE-2024-53104, the security bug was first introduced in kernel version 2.6.26 and was patched by Google for Android users on Monday. The February 2025 Android security bulletin warns that it may be under limited, targeted exploitation.Bleeping Computer
February 8, 2025 – Phishing
Hackers Spoof Microsoft ADFS Login Pages to Steal Credentials Full Text
Abstract
A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections.Bleeping Computer
February 8, 2025 – Denial Of Service
DDoS Attacks Reportedly Behind DayZ and Arma Network Outages Full Text
Abstract
An ongoing distributed denial of service (DDoS) attack targets Bohemia Interactive's infrastructure, preventing players of DayZ and Arma Reforger from playing the games online.Bleeping Computer
February 8, 2025 – Vulnerabilities
Researcher Outsmarts, Jailbreaks OpenAI’s New o3-mini Full Text
Abstract
Despite its improvements, a CyberArk researcher found a way to exploit o3-mini by pretending to be a historian seeking knowledge. While engaging with it, he eventually led it to produce steps that could be used to exploit a critical Windows process.Dark Reading
February 8, 2025 – Vulnerabilities
Critical RCE Flaw in Microsoft Outlook Now Exploited in Attacks Full Text
Abstract
Discovered by Check Point vulnerability researcher Haifei Li and tracked as CVE-2024-21413, the flaw is caused by improper input validation when opening emails with malicious links using vulnerable Outlook versions.Bleeping Computer
February 8, 2025 – Breach
Basket of Bank Trojans Defraud Citizens of East India Full Text
Abstract
Victims receive WhatsApp messages containing malicious Android Package Kit (APK) files. Once downloaded, these APKs appear as fake apps of major banks like HDFC Bank and ICICI Bank.Dark Reading
February 8, 2025 – Government
CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks Full Text
Abstract
The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply the available security updates as soon as possible.Bleeping Computer
February 8, 2025 – Policy and Law
Robocallers Posing as FCC Fraud Prevention Team Call FCC Staff Full Text
Abstract
The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC "Fraud Prevention Team," by failing to comply with Know Your Customer (KYC) rules.Bleeping Computer
February 8, 2025 – Vulnerabilities
Update: Hackers Exploit SimpleHelp RMM Flaws to Deploy Sliver malware Full Text
Abstract
The attack started with the threat actors exploiting the vulnerabilities in the SimpleHelp RMM client, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, to establish an unauthorized connection to a target endpoint.Bleeping Computer
February 7, 2025 – Attack
Attackers Use NOVA Stealer to Target Russian Organizations Full Text
Abstract
The BI.ZONE Threat Intelligence team has reported a significant ongoing campaign distributing the NOVA stealer, a new commercial variant of the SnakeLogger malware. This campaign is primarily targeting Russian organizations across various sectors.BI.Zone
February 7, 2025 – Vulnerabilities
Cisco Addressed Two Critical Flaws in its Identity Services Engine Full Text
Abstract
Cisco addressed multiple vulnerabilities, including two critical remote code execution flaws, tracked as CVE-2025-20124 (CVSS score of 9.9) and CVE-2025-20125 (CVSS score of 9.1), in Identity Services Engine (ISE).Security Affairs
February 6, 2025 – Criminals
XE Group Goes From Credit Card Skimming to Exploiting Zero-Days Full Text
Abstract
A Vietnamese cybercrime group, XE Group, has changed its tactics from focusing on credit card skimming to exploiting zero-day vulnerabilities in a widely used software called VeraCore. This software is used to manage orders and operations.Intezer
February 6, 2025 – Business
Riot Raises $30 Million for its Cybersecurity Product Suite Focused on Employees Full Text
Abstract
French startup Riot has raised a $30 million Series B funding round after reaching $10 million in annual revenue in 2024. Left Lane Capital led the round, with participation from existing investors Y Combinator, Base10, and FundersClub.Tech Crunch
February 6, 202 – General
Threefold Increase in Malware Targeting Credential Stores Full Text
Abstract
Infostealers continued to grow in popularity on the cybercrime underground last year, with credentials from password stores appearing in 29% of malware samples analyzed by Picus Security.Infosecurity Magazine
February 6, 2025 – Malware
New ValleyRAT Malware Variant Spreads via Fake Chrome Downloads Full Text
Abstract
Cybersecurity researchers at Morphisec Threat Lab discovered a new version of the sophisticated ValleyRAT malware distributed through various channels including phishing emails, instant messaging platforms, and compromised websites.HackRead
February 6, 2025 – Policy and Law
Canadian Charged With Stealing $65 Million Using DeFi Crypto Exploits Full Text
Abstract
The 22-year-old Canadian national allegedly exploited flaws in the automated smart contracts used by the KyberSwap and Indexed Finance decentralized exchange aggregators and operators of digital token liquidity pools on the Ethereum network.Bleeping Computer
February 6, 2025 – Solution
BadDNS: Open-source tool checks for subdomain takeovers Full Text
Abstract
BadDNS is an open-source Python tool used to check domain and subdomain takeovers. By examining client-side resources and security headers, it can uncover risks that could lead to malicious code being injected if a trusted domain is compromised.HelpNet Security
February 6, 2025 – Criminals
TAG-124 Traffic Distribution System Powers Multiple Malware Campaigns Full Text
Abstract
The TDS network comprises compromised WordPress websites, actor-controlled payload servers, and a sophisticated management system, allowing cybercriminals to dynamically route traffic to malicious content while evading detection.Security Online
February 6, 2025 – General
Report: 768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023 Full Text
Abstract
Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before the day their CVEs were disclosed.The Hacker News
February 6, 2025 – Government
Five Eyes Cyber Agencies Share Security Guidance for Network Edge Devices Full Text
Abstract
Edge devices are often targeted and compromised because they don't support Endpoint Detection and Response (EDR) solutions, allowing threat actors to gain initial access to the targets' internal enterprise networks.Bleeping Computer
February 6, 2025 – Policy and Law
California Man Steals $50 Million Using Fake Investment Sites, Gets Seven Years Full Text
Abstract
A 59-year-old man from Irvine, California, was sentenced to 87 months in prison for his involvement in an investor fraud ring that stole $50 million between 2012 and October 2020.Bleeping Computer
February 5, 2025 – Government
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by February 25 Full Text
Abstract
These include forced browsing in Apache OFBiz (CVE-2024-45195), information disclosure in Microsoft .NET Framework (CVE-2024-29059), and OS command injection and local file inclusion in Paessler PRTG Network Monitor (CVE-2018-9276, CVE-2018-19410).The Hacker News
February 5, 2025 – Criminals
Cybercriminals Aim to Lure Traitorous Insiders via Ransom Notes Full Text
Abstract
Ransomware actors are now using a new tactic by offering individuals millions of dollars to betray their employers and share confidential company information. These actors include groups like Sarcoma and DoNex.Dark Reading
February 5, 2025 – Vulnerabilities
Netgear Warns Users to Patch Critical WiFi Router Vulnerabilities Full Text
Abstract
The two critical security vulnerabilities impact multiple WiFi 6 access points (WAX206, WAX214v2, and WAX220) and Nighthawk Pro Gaming router models (XR1000, XR1000v2, XR500).Bleeping Computer
February 5, 2025 – Phishing
State-Linked Hackers Deploy New FlexibleFerret macOS Malware in Fake Job Interview Campaign Full Text
Abstract
Apple addressed several variants of the macOS malware family in a signature update for XProtect last week. However, the North Korean threat actors adapted to the update by deploying FlexibleFerret, which is not detected by XProtect.Cybersecurity Dive
February 5, 2025 – Vulnerabilities
Critical Veeam Backup Vulnerability Enables Remote Code Execution Full Text
Abstract
The vulnerability affects a wide range of Veeam products, including Veeam Backup for Salesforce, Nutanix AHV, AWS, Microsoft Azure, Google Cloud, Oracle Linux Virtualization Manager, and Red Hat Virtualization.Security Online
February 5, 2025 – Breach
New Russian Threat Group Hacks Into U.S. Oil and Gas Facilities Full Text
Abstract
Sector 16 claimed sole responsibility for hacking into the control systems of a U.S. oil and gas production facility, and released a video “purportedly demonstrating their access to the facility’s operational data and systems,” Cyble said.The Cyber Express
February 5, 2025 – Attack
Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks Full Text
Abstract
The vulnerability was actively exploited by Russian cybercrime groups through spear-phishing campaigns, using homoglyph attacks to spoof document extensions and trick users and the Windows Operating System into executing malicious files.Trend Micro
February 5, 2025 – Vulnerabilities
Update: PoC Exploit Released for Linux Kernel Enabling Privilege Escalation and Container Escape Full Text
Abstract
The vulnerability affects various Linux kernel versions, including v6.8 to v6.9, v5.15.147, v6.1.78, and v6.6.17. System administrators are advised to upgrade to patched versions immediately.Security Online
February 5, 2025 – Malware
AsyncRAT Abusing Python and Cloudflare Tunnels for Stealthy Malware Delivery Full Text
Abstract
AsyncRAT, known for its asynchronous communication capabilities, enables attackers to control compromised systems, exfiltrate sensitive data, and execute commands undetected.GBHackers
February 4, 2025 – Malware
Malicious Package Exploits Go Module Proxy Caching for Persistence Full Text
Abstract
Socket researchers discovered a malicious typosquat package in the Go ecosystem, impersonating the widely used BoltDB database module (github.com/boltdb/bolt), a tool trusted by many organizations including Shopify and Heroku.Socket
February 4, 2025 – Vulnerabilities
Update: PoC Privilege Escalation Exploit Revealed for Active Directory Domain Services Full Text
Abstract
The exploit takes advantage of Windows Performance Counters, a mechanism that allows applications and services to register monitoring routines via PerfMon.exe or Windows Management Instrumentation (WMI).Security Online
February 4, 2025 – Malware
Fully Undetectable macOS Backdoor Called “Tiny FUD” Discovered Full Text
Abstract
This stealthy macOS malware leverages process name manipulation, DYLD injection, and C2-based command execution to operate undetected, making it a significant threat to Apple users.Security Online
February 4, 2025 – Vulnerabilities
AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access Full Text
Abstract
A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2.The Hacker News
February 4, 2025 – Malware
DeepSeek AI Tools Impersonated by Info-Stealer Malware on PyPI Full Text
Abstract
According to Positive Technologies researchers who discovered the campaign and reported it to PyPI, the packages posing as Python clients for DeepSeek AI were infostealers that stole data from developers who utilized them.Bleeping Computer
February 4, 2025 – Vulnerabilities
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score Full Text
Abstract
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.The Hacker News
February 4, 2025 – Vulnerabilities
7-Zip Vulnerability Exploited in Attacks on Ukraine Full Text
Abstract
The vulnerability, tracked as CVE-2025-0411, allows attackers to bypass Windows Mark-of-the-Web (MOTW) protections, which are designed to prevent the execution of malicious files downloaded from the internet.Security Online
February 4, 2025 – Vulnerabilities
Google Fixes Android Kernel Zero-Day Exploited in Attacks Full Text
Abstract
This high-severity zero-day (tracked as CVE-2024-53104) is a privilege escalation security flaw in the Android Kernel's USB Video Class driver that allows authenticated local threat actors to elevate privileges in low-complexity attacks.Bleeping Computer
February 4, 2025 – Vulnerabilities
Microsoft SharePoint Connector Flaw Could Have Enabled Credential Theft Across Power Platform Full Text
Abstract
The vulnerability, at its core, is an instance of server-side request forgery (SSRF) stemming from the use of the "custom value" functionality within the SharePoint connector that permits an attacker to insert their own URLs as part of a flow.The Hacker News
February 4, 2025 – Attack
Kazakhstan to Audit Foreign Ministry After Suspected Russia-Linked Cyberattack Full Text
Abstract
The hacker group behind this operation — tracked as UAC-0063 — is potentially linked to the Russian state-sponsored threat actor APT28, also known as Fancy Bear or BlueDelta.The Record
February 3, 2025 – Vulnerabilities
MediaTek Warns of Critical WLAN Vulnerabilities Expose Millions to Remote Attacks Full Text
Abstract
Three particularly concerning vulnerabilities (CVE-2025-20633, CVE-2025-20632, CVE-2025-20631) reside in the WLAN AP driver. An incorrect bounds check could allow remote code execution without needing any additional privileges or user interaction.Security Online
February 3, 2025 – Phishing
Hackers Use Fake Wedding Invitations to Spread Android Malware in Southeast Asia Full Text
Abstract
The primary goal of the attackers appears to be gaining full control of victims’ WhatsApp and Telegram accounts, allowing them to spread malware further or send fraudulent money requests to contacts.The Record
February 3, 2025 – Skimming
Double-Entry Web Skimming Attack Campaign Hits 17 Websites Full Text
Abstract
Interestingly, unlike typical skimmers that target checkout pages, this one targeted the cart page. It intercepted the checkout button click and presented users with a fake, multi-step payment form within a pop-up window.HackRead
February 3, 2025 – General
DeepSeek’s Popularity Sparks Surge in Crypto Phishing and Malware Campaigns Full Text
Abstract
Following the DeepSeek’s rapid popularity, a concerning trend has emerged. Cybercriminals have begun to exploit its growing recognition to launch scams and malware campaigns.The Cyber Express
February 3, 2025 – Business
Seraphic Raises $29M to Secure Browsers in the Enterprise Full Text
Abstract
The Series A funding round was led by GreatPoint Ventures (GPV), with participation from the CrowdStrike Falcon Fund and existing investors Planven, Cota Capital, and Storm Ventures.Silicon Angle
February 3, 2025 – Vulnerabilities
Update: PoC Exploit Released for macOS Kernel Vulnerability Full Text
Abstract
A newly discovered race condition in Apple’s macOS kernel (XNU) could allow attackers to escalate privileges, corrupt memory, and potentially achieve kernel-level code execution, according to security researcher Joseph Ravichandran of MIT CSAIL.Security Online
February 3, 2025 – General
Google Details Nefarious Gemini Use by Iranian, Chinese, and North Korean Hackers Full Text
Abstract
While state-backed actors have successfully used Gemini for tasks such as creating phishing content and gathering information on surveillance targets, Google has indicated that its protective measures have prevented the generation of malware.The Register
February 3, 2025 – Vulnerabilities
End-of-Life D-Link Routers Vulnerable to Unauthenticated RCE Full Text
Abstract
The affected routers, including D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, and DSR-1000N, reached their end-of-life (EOL) status in 2015 and 2024, meaning they no longer receive security updates or support from D-Link.Security Online
February 3, 2025 – Attack
Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists Full Text
Abstract
The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024.The Hacker News
February 3, 2025 – Business
Oligo Security Raises $50M in Series B Funding Full Text
Abstract
The round was led by Greenfield Partners, with participation from Red Dot Capital Partners, Strait Capital, and existing investors Ballistic Ventures, Lightspeed Venture Partners, and TLV Partners.Finsmes
February 1, 2025 – Breach
Lazarus Group’s Latest Heist Hits Hundreds of Victims Globally Full Text
Abstract
North Korea's Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier this month, according to security researchers.The Register
February 1, 2025 – Attack
Syncjacking Attack Enables Full Browser and Device Takeover Full Text
Abstract
The new attack method, discovered by security researchers at SquareX, involves several steps, including Google profile hijacking, browser hijacking, and, eventually, device takeover.Infosecurity Magazine
February 1, 2025 – Vulnerabilities
FDA, CISA Warn About Vulnerabilities in Patient Health Monitors Full Text
Abstract
Unauthorized users could control the monitors, interrupt their functions, or corrupt patient data. A backdoor in the software allows bypassing cybersecurity controls, exposing patient data.Cybersecurity Dive
February 1, 2025 – APT
CL-STA-0048 Espionage Operation Takes Aim at High-Value Targets in South Asia Full Text
Abstract
The campaign primarily aimed to obtain the personal information of government employees and steal sensitive data from targeted organizations. These objectives bear the hallmarks of a nation-state advanced persistent threat (APT) espionage operation.Palo Alto Networks
February 1, 2025 – Attack
HTTP Client Tools Exploitation for Account Takeover Attacks Full Text
Abstract
Most HTTP-based cloud attacks utilize brute force methods, resulting in low success rates. Proofpoint found that a recent campaign using the unique HTTP client Axios had an especially high success rate, compromising 43% of targeted user accounts.Proofpoint