January, 2025
January 31, 2025 – Malware
Technical Analysis of Xloader Versions 6 and 7 Full Text
Abstract
Xloader is known for its ability to steal sensitive information from web browsers, email clients, and FTP applications, as well as deploy second-stage payloads on infected systems.ZScalar
January 31, 2025 – Attack
Stealthy Attack Deploys Coyote Banking Trojan via LNK Files Full Text
Abstract
Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials.Fortinet
January 31, 2025 – Criminals
FBI Seizes Cracked.io, Nulled.to Hacking Forums in Operation Talent Full Text
Abstract
The FBI has seized the domains for the infamous Cracked.io and Nulled.to hacking forums, which are known for their focus on cybercrime, password theft, cracking, and credential stuffing attacks.Bleeping Computer
January 31, 2025 – Breach
Solana Pump.fun Tool DogWifTool Compromised to Drain Crypto Wallets Full Text
Abstract
Hackers have compromised the Windows version of the DogWifTools software for promoting meme coins on the Solana blockchain in a supply-chain attack that drained users' wallets.Bleeping Computer
January 31, 2025 – Vulnerabilities
Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft Full Text
Abstract
Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information.The Hacker News
January 22, 2025 – Vulnerabilities
Critical Apache Ambari Security Vulnerabilities Discovered Full Text
Abstract
These vulnerabilities (CVE-2025-23195, CVE-2025-23196, and CVE-2024-51941), ranging from moderate to important severity, could allow attackers to gain unauthorized access to sensitive data and execute malicious code on vulnerable systems.Security Online
January 22, 2025 – APT
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack Full Text
Abstract
PlushDaemon is assessed to be a China-nexus group that has been operational since at least 2019, targeting individuals and entities in China, Taiwan, Hong Kong, South Korea, the United States, and New Zealand.The Hacker News
January 22, 2025 – Vulnerabilities
Node.js Vulnerability Exposes Sensitive Data and Resources Full Text
Abstract
The vulnerability, tracked as CVE-2025-23083, affects Node.js versions 20, 22, and 23. It exists in the diagnostics_channel utility, which can be used to hook into events, including worker thread creation.Security Online
January 22, 2025 – Botnet
Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers Full Text
Abstract
The campaign is known to be active since at least July 2024, with over 1,370 systems infected to date. A majority of the infections have been located in Malaysia, Mexico, Thailand, Indonesia, and Vietnam.The Hacker News
January 22, 2025 – Vulnerabilities
Critical Flaw in AdForest Theme Allows Complete Account Takeover, Thousands of Sites at Risk Full Text
Abstract
A severe security flaw (CVE-2024-12857) has been discovered in the AdForest WordPress theme, a popular premium classified ads theme with over 8,743 sales globally. This vulnerability, rated CVSS 9.8, allows attackers to bypass authentication.Security Online
January 22, 2025 – Vulnerabilities
ChatGPT Crawler Vulnerability can Enable DDoS Attacks via HTTP Requests Full Text
Abstract
This intriguing flaw was reported by cybersecurity researcher Benjamin Flesch. According to him, a single HTTP request to the ChatGPT API could trigger a flood of unrelenting network requests targeting a specific web resource.Security Online
January 22, 2025 – Attack
Russian Telecom Giant Rostelecom Investigates Suspected Cyberattack on Contractor Full Text
Abstract
The company stated that the contractor is responsible for maintaining Rostelecom’s corporate website and procurement portal, both of which were reportedly targeted by hackers.The Record
January 22, 2025 – Phishing
Homebrew Phishing Site Appears in Google Search, Raising Concerns Full Text
Abstract
The phishing website was designed to look identical to the official Homebrew website (brew.sh). However, when users clicked on the ad, they were redirected to a malicious website that contained installation code for a backdoor.Security Online
January 22, 2025 – Vulnerabilities
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers Full Text
Abstract
As many as 4.2 million hosts have been found susceptible to the attacks, including VPN servers, ISP home routers, core internet routers, mobile network gateways, and content delivery network (CDN) nodes.The Hacker News
January 21, 2025 – APT
Researchers Found New Android Malware Linked to DoNot Team APT Group Full Text
Abstract
The DoNot APT group has been observed misusing the OneSignal platform, which typically provides tools for sending push notifications, in-app messages, emails, and SMS. The group is leveraging OneSignal to deliver phishing links through notifications.Security Affairs
January 20, 2025 – Government
EU To Launch Support Centre by 2026 to Boost Healthcare Cybersecurity Full Text
Abstract
The action plan was made public on January 15, 2025, after being first mentioned in July 2024 in the EU Commission's Political Guidelines 2024-2029 document. It aims to help healthcare entities mitigate the rapidly increasing cyber threats they face.Infosecurity Magazine
January 20, 2025 – Malware
Weaponized Software Targets Chinese-Speaking Organizations Full Text
Abstract
This campaign stands out due to its unique focus on Chinese-speaking victims and organizations across China, Hong Kong, and Taiwan. It demonstrates an attack that broadly targets one specific demographic.INTEZER
January 20, 2025 – Privacy
FTC Orders GM to Stop Collecting and Selling Driver’s Data Full Text
Abstract
The Federal Trade Commission (FTC) is taking action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and selling drivers' precise geolocation and driving behavior data from millions of vehicles.Bleeping Computer
January 20, 2025 – Vulnerabilities
New PoC Exploit Code Released for Zero-Day Vulnerability in Windows CLFS Driver Full Text
Abstract
The vulnerability, described as an elevation of privilege flaw, is linked to the CLFS Driver, a core Windows component used for logging system operations. Microsoft confirmed it had been actively exploited in the wild before the patch release.Security Online
January 20, 2025 – Botnet
Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation Full Text
Abstract
The attack chains particularly involve attempts to deploy GSocket by leveraging web pre-existing web shells installed on already compromised servers. Most of the attacks have been found to single out servers running the popular LMS, Moodle.The Hacker News
January 20, 2025 – Privacy
Noyb Files GDPR Complaints Against TikTok and Five Chinese Tech Giants Full Text
Abstract
The accused firms include AliExpress, Shein, Temu, TikTok, WeChat and Xiaomi. The non-profit alleges these companies unlawfully send Europeans’ personal data outside of the EU, especially to China.Infosecurity Magazine
January 20, 2025 – Vulnerabilities
Moxa Warns of Critical Authorization Vulnerability in EDS-508A Series Ethernet Switches Full Text
Abstract
This flaw affects EDS-508A Series running the firmware version 3.11 and earlier. Moxa has developed a security patch to address the vulnerability. Administrators are encouraged to “contact Moxa Technical Support for the security patch.”Security Online
January 20, 2025 – Ransomware
Black Basta Ransomware Exploits Microsoft Teams for Phishing Attacks Full Text
Abstract
The campaign begins with an email bombing strategy where victims’ inboxes are flooded with benign spam emails, such as newsletter subscriptions. This tactic aims to distract users and mask the malicious intent.Security Online
January 20, 2025 – Policy and Law
FCC Enacts Rule Requiring Telecom Operators To Secure Networks Full Text
Abstract
The declaratory ruling, which took effect immediately, clarifies that telecom operators are legally obligated to secure networks under Section 105 of the Communications Assistance for Law Enforcement Act.Cybersecurity Dive
January 20, 2025 – Vulnerabilities
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation Full Text
Abstract
Successful exploitation of the flaws could permit an attacker to hijack the execution flow by embedding a shellcode in the HTTP request and gain the ability to execute operating system commands.The Hacker News
January 18, 2025 – Botnet
IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 Full Text
Abstract
The botnet comprises malware variants derived from Mirai and Bashlite and infects IoT devices by exploiting vulnerabilities and weak credentials. The primary devices used in the botnet were wireless routers and IP cameras from well-known brands.Trend Micro
January 18, 2025 – Vulnerabilities
NVIDIA Releases Security Update for Container Toolkit and GPU Operator Full Text
Abstract
The security update released by NVIDIA addresses three security flaws that could potentially allow attackers to execute malicious code, escalate privileges, or launch denial-of-service attacks.Security Online
January 18, 2025 – Phishing
New ‘Sneaky 2FA’ Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass Full Text
Abstract
Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024.The Hacker News
January 18, 2025 – Vulnerabilities
AWS Patches Vulnerabilities in WorkSpaces, AppStream 2.0, and DCV Clients Full Text
Abstract
These vulnerabilities, identified as CVE-2025-0500 and CVE-2025-0501, carry a CVSSv4 score of 7.7. The vulnerabilities, if exploited, could allow attackers to perform man-in-the-middle (MITM) attacks, granting unauthorized access to remote sessions.Security Online
January 18, 2025 – Malware
Malicious PyPI Package ‘pycord-self’ Targets Discord Developers with Token Theft and Backdoor Exploit Full Text
Abstract
The malicious package, named pycord-self, mimics the legitimate discord.py-self library, a widely used Python wrapper for the Discord user API. The legitimate package was released on April 8, 2023, whereas the malicious one appeared on June 20, 2024.Socket
January 17, 2025 – Ransomware
RansomHub Affiliate Leverages Python-based Backdoor to Maintain Access and Deploy Encryptors Full Text
Abstract
In an incident response in Q4 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints. The threat actor later leveraged this access to deploy RansomHub encryptors.GuidePoint
January 17, 2025 – Vulnerabilities
Veeam Releases Patch for High-Risk SSRF Vulnerability CVE-2025-23082 in Azure Backup Solution Full Text
Abstract
Veeam disclosed a critical vulnerability in its Veeam Backup for Microsoft Azure product. Identified as CVE-2025-23082, this Server-Side Request Forgery (SSRF) vulnerability carries a CVSS score of 7.2, placing it in the high-severity category.Security Online
January 17, 2025 – Vulnerabilities
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions Full Text
Abstract
Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration.The Hacker News
January 17, 2025 – Vulnerabilities
Popular WordPress Caching Plugin Exposes Millions of Sites to Attack Full Text
Abstract
Any website using W3 Total Cache version 2.8.1 or earlier is vulnerable. Given the plugin’s popularity with over 1 million active installations, this represents a significant portion of the WordPress ecosystem.Security Online
January 17, 2025 – Attack
Hackers Use Google Search Ads to Steal Google Ads Accounts Full Text
Abstract
The attackers are running ads on Google Search impersonating Google Ads, showing as sponsored results that redirect potential victims to fake login pages hosted on Google Sites but looking like the official Google Ads homepage.Bleeping Computer
January 14, 2025 – Vulnerabilities
Critical IBM DOORS Next Flaw Enables Remote Code Execution Full Text
Abstract
The two vulnerabilities, both rated with a CVSS Base Score of 9.8, reflect severe risks to organizations relying on IBM’s DOORS Next and Rhapsody Model Manager software for engineering requirements management and systems design.Security Online
January 14, 2025 – Phishing
Cyberattackers Hide Infostealers in YouTube Comments Full Text
Abstract
Attackers are targeting people interested in pirated and cracked software downloads by abusing YouTube and Google search results. Threat actors are posing as "guides" offering legitimate software installation tutorials to lure viewers.Dark Reading
January 14, 2025 – Criminals
Attackers are encrypting AWS S3 data without using ransomware Full Text
Abstract
A ransomware gang dubbed Codefinger is encrypting data stored in target organizations’ AWS S3 buckets with AWS’s server-side encryption option with customer-provided keys (SSE-C), and asking for money to hand over the key they used.Help Net Security
January 14, 2025 – Vulnerabilities
Microsoft: macOS bug lets hackers install malicious kernel drivers Full Text
Abstract
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.Bleeping Computer
January 14, 2025 – Government
CISA orders agencies to patch BeyondTrust bug exploited in attacks Full Text
Abstract
CISA has tagged a command injection vulnerability (CVE-2024-12686) in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks.Bleeping Computer
January 14, 2025 – Vulnerabilities
Linux Kernel Privilege Escalation Vulnerability (CVE-2024-27397) Exploited: PoC Released Full Text
Abstract
This vulnerability resides in the netfilter nf_tables component and can be exploited during rollback operations involving expired elements. The issue specifically arises in the nft_set_elem_expired function defined in nf_tables.h.Security Online
January 14, 2025 – Breach
Stolen Path of Exile 2 admin account used to hack player accounts Full Text
Abstract
Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November.Bleeping Computer
January 14, 2025 – Phishing
Fancy Bear spotted using real Kazak government documents in spearpishing campaign Full Text
Abstract
A hacking group linked to Russian intelligence has been observed leveraging seemingly legitimate documents from the Kazakhstan government as phishing lures to infect and spy on government officials in Central Asia.CyberScoop
January 14, 2025 – Attack
Snoops exploited Fortinet firewalls with ‘probable’ 0-day Full Text
Abstract
Miscreants running a "mass exploitation campaign" against Fortinet firewalls, which peaked in December, may be using an unpatched zero-day vulnerability to compromise the equipment.The Register
January 14, 2025 – Vulnerabilities
Zyxel Urges Patch Application for Privilege Escalation Vulnerability (CVE-2024-12398) Full Text
Abstract
Zyxel has issued an advisory for a newly identified security vulnerability, CVE-2024-12398, that affects multiple access points (AP) and security routers. The vulnerability is an improper privilege management flaw within the web management interface.Security Online
January 13, 2025 – General
Software Cracks and Installers Used to Bring Malware to Your Device Full Text
Abstract
Threat actors often leverage reputable file hosting services like Mediafire and Mega.nz to conceal the origin of their malware and make detection and removal more difficult.Trend Micro
January 13, 2025 – Phishing
Phishing Trend Exploiting YouTube URLs Through Microsoft Office 365 Expiry Themes Full Text
Abstract
Researchers at Cyderes warned of a recent wave of phishing campaigns leveraging cleverly disguised URLs and Microsoft 365 password expiry lures to trick users into divulging sensitive credentials.Cyderes
January 13, 2025 – Ransomware
HexaLocker Returns in New Improved Variant Propagated via Skuld Stealer Full Text
Abstract
HexaLocker V2 exhibits a major evolution in both functionality and complexity compared to its predecessor. According to Cyble Research and Intelligence Labs, the ransomware now combines advanced encryption techniques with data theft capabilities.Security Online
January 13, 2025 – Phishing
Phishing Texts Trick Apple iMessage Users Into Disabling Protection Full Text
Abstract
Apple iMessage automatically disables links in messages from unknown senders for protection. However, if users reply to these messages or save the sender's contact information, the links get re-enabled, which can be abused by scammers.Bleeping Computer
January 13, 2025 – Attack
High-Traffic Sites Attacked in “zqxq” Campaign Through Obfuscated Javascript Injection Full Text
Abstract
The malware used in the campaign hides in legitimate files using scrambled variables and custom functions like HttpClient, rand, and token. These methods evade detection and hinder analysis by researchers.Maleware Bytes
January 13, 2025 – Business
Cado Security Poised to be Purchased by Darktrace Full Text
Abstract
Darktrace plans to purchase a cloud forensics and automation startup led by the former head of PwC's incident response business to enhance the security of multi-cloud environments.SC Media
January 13, 2025 – Vulnerabilities
Critical Vulnerability Patched in GiveWP Plugin Full Text
Abstract
The GiveWP plugin (version 3.19.3 and below) suffers from an unauthenticated PHP Object Injection vulnerability. The vulnerability occurred due to the insecure storage of meta in the DB which ended up being unserialized.Patch Stack
January 13, 2025 – Cryptocurrency
New Web3 attack exploits transaction simulations to steal crypto Full Text
Abstract
The attack, spotted by ScamSniffer, highlights a flaw in transaction simulation mechanisms used in modern Web3 wallets, meant to safeguard users from fraudulent and malicious transactions.Bleeping Computer
January 13, 2025 – Vulnerabilities
NETGEAR Router Flaw Exploited in the Wild for Years, PoC Published Full Text
Abstract
A security vulnerability in some Netgear routers allows remote attackers to gain unauthorized access and control over the devices. The vulnerability, tracked as CVE-2024-12847 (CVSS 9.8), has been exploited in the wild since at least 2017.Security Online
January 13, 2025 – Attack
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns Full Text
Abstract
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024.The Hacker News
January 11, 2025 – Ransomware
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics Full Text
Abstract
Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date.The Hacker News
January 11, 2025 – Breach
Hackers Claim to Breach Russian State Agency Managing Property, Land Records Full Text
Abstract
A group of hackers with unknown ties has claimed responsibility for breaching a Russian government agency, Rosreestr, which is responsible for managing property and land records.The Record
January 10, 2025 – Phishing
Security Professionals Baited by Fake Windows LDAP Exploits Full Text
Abstract
Trend Micro spotted what appears to be a fork of the legitimate LDAPNightmare PoC exploit, initially published by SafeBreach Labs on January 1. But the "forked" exploit PoC actually leads to the download and execution of information-stealing malware.The Register
January 10, 2025 – Phishing
Phishing Scam Targets Job Seekers with XMRig Cryptominer Full Text
Abstract
CrowdStrike researchers warned of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process.The Hacker News
January 10, 2025 – Vulnerabilities
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices Full Text
Abstract
Researchers detailed a now-patched security flaw impacting Monkey's Audio decoder on Samsung smartphones that could lead to code execution. The vulnerability, tracked as CVE-2024-49415, affects Samsung devices running Android versions 12, 13, and 14.The Hacker News
January 10, 2025 – Malware
New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption Full Text
Abstract
Offered under a malware-as-a-service (MaaS) model to other cybercriminals for $3,000 a month, Banshee Stealer is capable of harvesting data from web browsers, cryptocurrency wallets, and files matching specific extensions.The Hacker News
January 10, 2025 – Ransomware
Unmasking Play Ransomware: Tactics, Techniques, and Mitigation Strategies Full Text
Abstract
Play ransomware, also known as Balloonfly or PlayCrypt, has emerged as a significant cyber threat since its discovery in June 2022. Responsible for over 300 global attacks, this ransomware encrypts files and appends them with the “.PLAY” extension.Security Online
January 10, 2025 – Malware
Malicious npm Packages Target Solana Private Keys and Drain Victims’ Wallets Full Text
Abstract
The packages – @async-mutex/mutex, dexscreener, solana-transaction-toolkit, and solana-stable-web-huks – exploit typosquatting to deceive developers into downloading them. These packages steal sensitive data and drain victims’ wallets.Socket
January 10, 2025 – Attack
MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan Full Text
Abstract
Japanese authorities have accused a China-linked hacking group, known as MirrorFace, of carrying out a long-running cyberattack campaign against organizations and individuals in Japan since 2019.The Hacker News
January 10, 2025 – Skimming
Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection Full Text
Abstract
The credit card skimmer silently injects malicious JavaScript into database entries to steal sensitive payment details. The malware activates on checkout pages by hijacking existing payment fields or injecting a fake credit card form.Sucuri
January 9, 2025 – Vulnerabilities
CVE-2024-5594 (CVSS 9.1): Critical Vulnerability in OpenVPN Enables Code Execution Full Text
Abstract
The most critical flaw (CVE-2024-5594) allows attackers to inject arbitrary data into third-party executables or plugins. The flaw, with a CVSS score of 9.1, could be exploited by a malicious OpenVPN peer to execute code or cause DoS conditions.Security Online
January 9, 2025 – Vulnerabilities
Command Injection Flaws in HPE Aruba Devices, PoC Publicly Available Full Text
Abstract
To address these vulnerabilities, HPE Aruba Networking has released software version V2.1.2.0-B0033 for the 501 Wireless Client Bridge. Users are strongly advised to upgrade to this version as soon as possible.Security Online
January 9, 2025 – Vulnerabilities
Hackers Exploit KerioControl Firewall Flaw to Steal Admin CSRF Tokens Full Text
Abstract
Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in the GFI KerioControl firewall product.Bleeping Computer
January 9, 2025 – Vulnerabilities
Apache OpenMeetings Users Urged to Patch Critical Flaw Full Text
Abstract
The vulnerability stems from insecure deserialization of untrusted data in OpenMeetings’ cluster mode. This issue arises due to a lack of proper whitelisting and blacklisting configurations for OpenJPA, a Java persistence framework used in it.Security Online
January 9, 2025 – Vulnerabilities
GitLab Tackles Critical Security Flaws in Latest Patch Release Full Text
Abstract
GitLab has released an important patch update to fix several security vulnerabilities affecting its import functionality and other core features. The new versions 17.7.1, 17.6.3, and 17.5.5 are available for download.Security Online
January 9, 2025 – Breach
Russian ISP Confirms Ukrainian Hackers “Destroyed” its Network Full Text
Abstract
?Ukrainian hacktivists, part of the Ukrainian Cyber Alliance group, announced on Tuesday they had breached Russian internet service provider Nodex's network and wiped hacked systems after stealing sensitive documents.Bleeping Computer
January 9, 2025 – Vulnerabilities
Unpatched Critical Flaws Impact Fancy Product Designer WordPress Plugin Full Text
Abstract
Despite Patchstack notifying the vendor of the issues a day after discovering them, Radykal hasn't responded. Even after releasing 20 new versions, with the latest being 6.4.3, released 2 months ago, the two critical security issues remain unpatched.Bleeping Computer
January 9, 2025 – Phishing
“Butcher Shop” Phishing Campaign Targets Legal, Government and Construction Firms Full Text
Abstract
Obsidian uncovered a new phishing campaign targeting Microsoft 365 accounts. The campaign uses a mix of email redirects and open redirect vulnerabilities, which makes it hard for traditional phishing solutions to detect and block.Obsidian
January 9, 2025 – Vulnerabilities
Mutiple Vulnerabilities Found in Palo Alto Networks Expedition Tool Full Text
Abstract
Palo Alto Networks has issued a security advisory addressing multiple vulnerabilities in its Expedition migration tool, which could expose sensitive data and allow unauthorized actions on affected systems.Security Online
January 9, 2025 – Business
1Password Acquires SaaS Access Management Provider Trelica Full Text
Abstract
1Password on Monday announced that it has acquired software-as-a-service (SaaS) access management provider Trelica. Although terms of the transaction were not disclosed, 1Password said it is the largest acquisition by company revenue in its history.Dark Reading
January 8, 2025 – Vulnerabilities
Crims Backdoored Their Backdoors. Then the Domains Lapsed Full Text
Abstract
Thousands of vulnerable backdoors exist on expired domains and abandoned infrastructure, exposing government and academic hosts to potential hijacking by malicious actors.The Register
January 8, 2025 – Vulnerabilities
New Research Highlights Vulnerabilities in MLOps Platforms Like Azure ML, BigML, and Google Cloud Vertex AI Full Text
Abstract
Security researchers have identified multiple attack scenarios targeting MLOps platforms like Azure Machine Learning (Azure ML), BigML and Google Cloud Vertex AI, among others.Infosecurity Magazine
January 8, 2025 – Vulnerabilities
Critical Command Injection Vulnerability in Aviatrix Network Controller Patched Full Text
Abstract
The vulnerability exists in Aviatrix Controller versions 7.x through 7.2.4820, where improper neutralization of special elements in system commands enables unauthenticated attackers to execute arbitrary code remotely.Security Online
January 8, 2025 – Policy and Law
Pig Butchering Victim Sues Banks for Allowing Scammers To Open Accounts Full Text
Abstract
A California man has sued three banks for alleged “willful blindness” in allowing criminals to open accounts used to steal nearly $1 million from him in a cryptocurrency investment scam.The Record
January 8, 2025 – Botnet
New Mirai Botnet Targets Industrial Routers with Zero-Day Exploits Full Text
Abstract
A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices.Bleeping Computer
January 8, 2025 – Vulnerabilities
BIOS Flaws Expose Illumina iSeq 100 DNA Sequencers to Bootkit Attacks Full Text
Abstract
Researchers found that the vulnerable BIOS (B480AM12 - 04/12/2018) on iSeq 100 did not have firmware protections enabled, which allowed modifying the code for booting the device.Bleeping Computer
January 8, 2025 – General
Report: Only 26% of Europe’s Top Companies Earn a High Rating for Cybersecurity Full Text
Abstract
With the EU’s Digital Operational Resilience Act (DORA) deadline approaching on 17th January, 2025, Europe’s top 100 companies face an urgent cybersecurity challenge, according to SecurityScorecard.Help Net Security
January 8, 2025 – Vulnerabilities
Trio of Critical Vulnerabilities in Netis Routers Enables Unauthenticated RCE Full Text
Abstract
These vulnerabilities, tracked as CVE-2024-48455, CVE-2024-48456, and CVE-2024-48457, could be chained together to allow unauthenticated remote code execution (RCE), exposing thousands of devices to exploitation.Security Online
January 8, 2025 – Breach
Washington sues T-Mobile over 2021 data breach that spilled 79 million customer records Full Text
Abstract
The state of Washington has sued T-Mobile over allegations that the phone giant failed to secure the personal data of millions of state residents prior to an August 2021 data breach that affected over 79 million customers across the U.S.Tech Crunch
January 8, 2025 – General
Vulnerability Overload: 40,000+ CVEs in 2024 Full Text
Abstract
Security researcher Jerry Gamblin has released his annual CVE data review. 2024 saw an unprecedented surge in published Common Vulnerabilities and Exposures (CVEs), reaching a record high of 40,009.Security Online
January 7, 2025 – Vulnerabilities
Novel Stealthy Steganography Backdoor Attack Targets Android Apps Full Text
Abstract
BARWM is a novel attack technique that utilizes DNN-based steganography to generate sample-specific backdoor triggers that are imperceptible. It is able to circumvent the limitations of real-world deep learning (DL) models deployed on mobile devices.GBHackers
January 7, 2025 – General
Chinese Hackers Double Cyber-Attacks on Taiwan Full Text
Abstract
According to a new report from Taiwan's National Security Bureau, Taiwanese government networks experienced an average daily of 2.4 million cyber-attacks in 2024, most of which were attributed to Chinese state-backed hackers.Infosecurity Magazine
January 7, 2025 – Vulnerabilities
Exploiting Misconfigurations in Argo Workflows for Kubernetes Cluster Takeover Full Text
Abstract
A researcher at E.V.A Information Security revealed alarming vulnerabilities stemming from misconfigurations in Argo Workflows instances. These flaws could allow attackers to compromise entire Kubernetes clusters.Security Online
January 7, 2025 – Policy and Law
US Sanctions Prominent Chinese Cyber Company for Role in Flax Typhoon Attacks Full Text
Abstract
The Treasury Department said Integrity Technology provided Flax Typhoon actors with infrastructure between the summer of 2022 and fall of 2023 — with the state-backed groups sharing and receiving information from the company.The Record
January 7, 2025 – Attack
Supply Chain Attack Targets Key Ethereum Development Tools Full Text
Abstract
This attack, discovered by Socket, involves the distribution of 20 malicious npm packages created by three primary authors. One package, @nomicsfoundation/sdk-test, was downloaded 1092 times.Infosecurity Magazine
January 7, 2025 – Vulnerabilities
Nuclei Flaw Lets Malicious Templates Bypass Signature Verification Full Text
Abstract
A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems.Bleeping Computer
January 7, 2025 – General
Report: Scammers Drain $500M From Crypto Wallets in a Year Full Text
Abstract
Victims lost close to $500 million from wallet drainer attacks in 2024, a 67% annual increase, according to new data from Scam Sniffers. The firm's Crypto Phishing Report 2024 is based on analysis of Ethereum Virtual Machine (EVM)-compatible chains.Infosecurity Magazine
January 7, 2025 – Vulnerabilities
Critical OpenVPN Connect Vulnerability Leaks Private Keys Full Text
Abstract
A recent vulnerability (CVE-2024-8474) in OpenVPN Connect leaves millions of users exposed. The flaw, present in versions before 3.5.0, allowed the app to log the configuration profile’s private key in clear text within the application log.Security Online
January 7, 2025 – Policy and Law
India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements Full Text
Abstract
"Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a statement released Sunday.The Hacker News
January 7, 2025 – Vulnerabilities
Critical RCE Flaw in MediaTek Chipsets Impacts Millions Full Text
Abstract
MediaTek released its January 2025 Product Security Bulletin, addressing a range of security flaws affecting its various chipsets. The bulletin details flaws found in products ranging from smartphones and tablets to IoT devices and smart TVs.Security Online
January 6, 2025 – Vulnerabilities
PoC Exploit Released for Windows Registry Elevation of Privilege Bug Full Text
Abstract
Reported by Mateusz Jurczyk of Google Project Zero, this flaw exploits a design oversight in Windows registry hive memory management, potentially allowing attackers to gain SYSTEM-level access on vulnerable machines.Security Online
January 6, 2025 – Phishing
Hackers Exploit Social Security Administration Branding to Deliver ConnectWise RAT Full Text
Abstract
Earlier iterations of this campaign relied on ConnectWise’s infrastructure for command-and-control (C2) operations, but later versions use dynamic DNS services and attacker-hosted domains.Security Online
January 6, 2025 – Vulnerabilities
Karmada Vulnerability Grants Attackers Control of Kubernetes Systems Full Text
Abstract
The vulnerability affects all versions of Karmada prior to 1.12.0. Karmada has released version 1.12.0, which includes a patch for this vulnerability. Users are strongly advised to upgrade to this version or a later version as soon as possible.Security Online
January 6, 2025 – Malware
Malicious Packages on npm, PyPI, and RubyGems Weaponize OAST Techniques for Data Exfiltration and Recon Full Text
Abstract
Over the last year, researchers at Socket observed and identified malicious packages leveraging Out-of-Band Application Security Testing (OAST) services such as oastify[.]com and oast[.]fun to exfiltrate sensitive data to attacker-controlled servers.Socket
January 6, 2025 – Vulnerabilities
GoCD Patches Critical Vulnerability Allowing User Privilege Escalation Full Text
Abstract
Users are strongly urged to update to GoCD version 24.5.0, which includes the necessary patch to remediate this vulnerability. For those unable to upgrade, the GoCD project suggests blocking access to vulnerable paths and reducing the user base.Security Online
January 6, 2025 – Vulnerabilities
ASUS Routers at Risk Due to Two Command Injection Flaws Full Text
Abstract
“Injection and execution vulnerabilities in certain ASUS router firmware series that allow authenticated attackers to trigger command execution have been identified in ASUS router AiCloud,” ASUS stated in their advisory.Security Online
January 6, 2025 – Malware
NonEuclid RAT Combines Advanced Stealth, Anti-Detection, and Ransomware Capabilities Full Text
Abstract
Developed in C# for the .NET Framework 4.8, NonEuclid is built to evade detection and offers a suite of advanced capabilities, including ransomware encryption, privilege escalation, and anti-detection mechanisms.Cyfirma
January 6, 2025 – Vulnerabilities
Flaw in UpdraftPlus Plugin Exposes Millions of WordPress Sites to Unauthenticated PHP Object Injection Exploits Full Text
Abstract
Identified as CVE-2024-10957 and assigned a CVSS score of 8.8, the UpdraftPlus Backup & Migration Plugin flaw could allow unauthenticated attackers to exploit PHP Object Injection vulnerabilities under certain conditions.Security Online
January 6, 2025 – Botnet
CryptBot Spread via Websites Promising Cracked Software Full Text
Abstract
CryptBot exploits search engine optimization (SEO) and partnerships with other malware operators to propagate its reach. CryptBot primarily spreads through websites offering fake cracked software.Intrinsec
January 6, 2025 – Vulnerabilities
Moxa Issues Critical Patches for its Cellular Routers and Network Security Appliances Full Text
Abstract
These vulnerabilities, identified as CVE-2024-9138 and CVE-2024-9140, could allow attackers to gain unauthorized access to systems and execute commands, potentially compromising sensitive data and disrupting critical infrastructure.Security Online
January 4, 2025 – Vulnerabilities
SysBumps Attack Breaks macOS Kernel Address Space Layout Randomization for Apple Silicon Full Text
Abstract
The SysBumps attack exploits speculative execution vulnerabilities in macOS system calls. This flaw enables attackers to bypass kernel isolation and infer the validity of kernel addresses.Security Online
January 4, 2025 – Malware
Fake EditThisCookie Chrome Extension Steals User Data Full Text
Abstract
Following its removal from the Chrome Web Store due to the use of Manifest v2, the legitimate extension was replaced by a malicious one called 'EditThisCookie®', using Manifest v3.Security Online
January 4, 2025 – Vulnerabilities
Patched But Still Vulnerable: Windows BitLocker Encryption Bypassed Again Full Text
Abstract
The vulnerability, dubbed “bitpixie” (CVE-2023-21563), was initially addressed by Microsoft in November 2022. However, researchers warned that attackers can exploit an outdated Windows bootloader via Secure Boot to extract encryption keys.Security Online
January 4, 2025 – Phishing
Fake Game Sites Lead to Information Stealers Full Text
Abstract
The new malware campaign targets users by sending direct messages on platforms like Discord, asking if they want to beta test a new video game. These messages often appear to come from the game’s developer.Malware Bytes
January 4, 2025 – Vulnerabilities
iTerm2 Patches Critical Security Flaw Exposing User Input and Output Full Text
Abstract
A critical security vulnerability, tracked as CVE-2025-22275 (CVSS 9.3) has been discovered and patched in iTerm2, a popular terminal emulator for macOS. The flaw is present in versions 3.5.6 through 3.5.10, and beta versions 3.5.6 and later.Security Online
January 4, 2025 – Malware
New Stealthy Malware Leveraging SSH Over TOR Attacking Ukrainian Military Full Text
Abstract
Researchers recently discovered a malicious campaign targeting Ukrainian military personnel through fake “Army+” app websites, which host a malicious installer that, upon execution, extracts the legitimate app alongside the Tor browser.GBHackers
January 4, 2025 – Vulnerabilities
Next.js Patches Denial-of-Service Vulnerability (CVE-2024-56332) in Server Actions Full Text
Abstract
The denial of service vulnerability (CVE-2024-56332) affects Next.js deployments using Server Actions, particularly those without protection against long-running function executions.Security Online
January 3, 2025 – Malware
New FireScam Information Stealer Comes with Spyware Capabilities Full Text
Abstract
FireScam monitors device activities such as screen state changes, e-commerce transactions, clipboard activity, and user engagement to gather valuable information covertly.Cyfirma
January 3, 2025 – Vulnerabilities
Active Directory Flaw can Crash any Microsoft Server Full Text
Abstract
One of two critical Active Directory Domain Controller vulnerabilities patched by Microsoft last month goes beyond the original denial-of-service (DoS) attack chain and can be used to crash multiple, unpatched Windows servers at once.Dark Reading
January 3, 2025 – Vulnerabilities
Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API Full Text
Abstract
The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three flaws reside in Power Platform's OData Web API Filter, while the third vulnerability is rooted in the FetchXML API.The Hacker News
January 2, 2025 – Vulnerabilities
New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections to Enable Account Takeover Full Text
Abstract
Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites.The Hacker News
January 2, 2025 – Malware
Advancing Through the Cyberfront, LegionLoader Commander Full Text
Abstract
LegionLoader is a downloader malware written in C/C++ that first appeared in the wild in 2019. It is also known by other names, including Satacom and RobotDropper, and is tracked as CurlyGate by Mandiant.TRAC Labs
January 2, 2025 – Vulnerabilities
Novel Multi-Turn Technique “Bad Likert Judge” Jailbreaks LLMs by Misusing Their Evaluation Capability Full Text
Abstract
The technique asks the target LLM to act as a judge scoring the harmfulness of a given response using the Likert scale, a rating scale measuring a respondent’s agreement or disagreement with a statement.Palo Alto Networks
January 2, 2025 – Vulnerabilities
Apache NiFi Vulnerability Exposes Sensitive Data to Unauthorized Users Full Text
Abstract
A new vulnerability, tracked as CVE-2024-56512, affects all versions of Apache NiFi from 1.10.0 to 2.0.0. The vulnerability stems from a lack of fine-grained authorization when creating new Process Groups within NiFi.Security Online
January 2, 2025 – Vulnerabilities
PoC Exploit Published for Linux Kernel Privilege Escalation Flaw Full Text
Abstract
The vulnerability affects Linux Kernel versions v5.9-rc1 to v6.5-rc3. Users and administrators are strongly advised to update their systems to the latest patched versions to mitigate the risk of exploitation.Security Online
January 2, 2025 – Vulnerabilities
Progress Issues Critical Patch for WhatsUp Gold Network Monitoring Software Full Text
Abstract
The most severe vulnerability (CVE-2024-12108) patched has a CVSS score of 9.6 and allows attackers to gain complete control of the Progress WhatsUp Gold server via the public API.Security Online
January 2, 2025 – Malware
Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT Full Text
Abstract
The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user named "solidit-dev-416." As of writing, it continues to be available for download. It has been downloaded 66 times to date.The Hacker News
January 2, 2025 – Malware
New NGate Trojan Drains Bank Accounts via NFC-based ATM Withdrawls Full Text
Abstract
The NGate trojan relays data from the compromised device's NFC chip, allowing the attacker to withdraw money from the victim's accounts at ATMs without the victim’s involvement.Security Online
January 2, 2025 – Vulnerabilities
66,000 DrayTek Gateways Vulnerable to Remote Command Injection, PoC Published Full Text
Abstract
Security researcher Netsecfish has discovered a command injection vulnerability, tracked as CVE-2024-12987, in the web management interface of popular DrayTek gateway devices. This flaw could enable attackers to execute arbitrary commands remotely.Security Online
January 2, 2025 – Vulnerabilities
Update: PoC Exploit Code Published for Severe Oracle WebLogic Server Flaw Full Text
Abstract
The vulnerability resides in the Core component of Oracle’s WebLogic Server, a widely used Java EE application server. Supported versions impacted include 12.2.1.4.0 and 14.1.1.0.0.Security Online
December 31, 2024 – Vulnerabilities
TrueNAS CORE Vulnerability Let Attackers Execute Remote Code Full Text
Abstract
Security researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a critical vulnerability in TrueNAS CORE, a widely-used open-source storage operating system developed by iXsystems.GBHackers