What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-02-14 09:15:47 | PostgreSQL flaw exploited as zero-day in BeyondTrust breach (lien direct) | Rapid7\'s vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December. [...]
Rapid7\'s vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December. [...] |
Vulnerability Threat | ★★ | |
 |
2025-02-14 07:23:48 | Espionage Tools Associated with China Used in Ransomware Attacks (lien direct) | Espionage actors linked to China may be diversifying their operations, as new evidence points to the use of espionage tools in a recent ransomware attack against a South Asian software and services company. Symantec Threat Intelligence reports that the attack, involving the RA World ransomware, stands out due to the distinct toolset typically associated with [...]
Espionage actors linked to China may be diversifying their operations, as new evidence points to the use of espionage tools in a recent ransomware attack against a South Asian software and services company. Symantec Threat Intelligence reports that the attack, involving the RA World ransomware, stands out due to the distinct toolset typically associated with [...] |
Ransomware Tool Threat | ★★★ | |
 |
2025-02-13 22:32:30 | Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication (lien direct) | >KEY TAKEAWAYS Volexity has observed multiple Russian threat actors conducting social-engineering and spear-phishing campaigns targeting organizations with the ultimate goal of compromising Microsoft 365 accounts via Device Code Authentication phishing. Device Code Authentication phishing follows an atypical workflow to that expected by users, meaning users may not recognize it as phishing. Recent campaigns observed have been politically themed, particularly around the new administration in the United States and the changes this might mean for nations around the world. Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried out in a variety of ways. The majority of these attacks originated via spear-phishing emails with different themes. In one case, the eventual breach began with highly tailored outreach via Signal. Through its investigations, Volexity discovered that Russian threat actors were impersonating […]
>KEY TAKEAWAYS Volexity has observed multiple Russian threat actors conducting social-engineering and spear-phishing campaigns targeting organizations with the ultimate goal of compromising Microsoft 365 accounts via Device Code Authentication phishing. Device Code Authentication phishing follows an atypical workflow to that expected by users, meaning users may not recognize it as phishing. Recent campaigns observed have been politically themed, particularly around the new administration in the United States and the changes this might mean for nations around the world. Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried out in a variety of ways. The majority of these attacks originated via spear-phishing emails with different themes. In one case, the eventual breach began with highly tailored outreach via Signal. Through its investigations, Volexity discovered that Russian threat actors were impersonating […] |
Threat | ★★★ | |
 |
2025-02-13 21:32:35 | Chinese APT \\'Emperor Dragonfly\\' Moonlights With Ransomware (lien direct) | Pivoting from prior cyber espionage, the threat group deployed its backdoor tool set to ultimately push out RA World malware, demanding $2 million from its victim.
Pivoting from prior cyber espionage, the threat group deployed its backdoor tool set to ultimately push out RA World malware, demanding $2 million from its victim. |
Ransomware Malware Tool Threat | ★★★ | |
 |
2025-02-13 21:27:54 | Microsoft Uncovers \\'BadPilot\\' Campaign as Seashell Blizzard Targets US and UK (lien direct) | Russian GRU-linked hackers exploit known software flaws to breach critical networks worldwide, targeting the United States and the…
Russian GRU-linked hackers exploit known software flaws to breach critical networks worldwide, targeting the United States and the… |
Threat | APT 44 | ★★★ |
 |
2025-02-13 19:56:00 | North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks (lien direct) | A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors.
The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet
A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors. The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet |
Threat | APT 43 | ★★★ |
 |
2025-02-13 19:10:35 | Salt Typhoon remains active, hits more telecom networks via Cisco routers (lien direct) | >The Chinese nation-state threat group intruded five additional telecom networks between December and January, including two unnamed providers in the U.S., Recorded Future researchers said.
>The Chinese nation-state threat group intruded five additional telecom networks between December and January, including two unnamed providers in the U.S., Recorded Future researchers said. |
Threat | ★★★ | |
|
2025-02-13 17:28:00 | RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (lien direct) | An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity.
"During the attack in late 2024, the attacker deployed a distinct toolset that had
An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity. "During the attack in late 2024, the attacker deployed a distinct toolset that had |
Ransomware Tool Threat | ★★★ | |
|
2025-02-13 15:09:00 | Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (lien direct) | Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass.
The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box.
"An authentication bypass in the Palo Alto Networks PAN-OS software enables an
Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box. "An authentication bypass in the Palo Alto Networks PAN-OS software enables an |
Vulnerability Threat | ★★★ | |
|
2025-02-13 14:41:00 | FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (lien direct) | Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts.
The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university,
Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university, |
Malware Threat | ★★★ | |
 |
2025-02-13 13:00:34 | January 2025\\'s Most Wanted Malware: FakeUpdates Continues to Dominate (lien direct) | >Check Point Software\'s latest threat index highlights that FakeUpdates continues to pose a significant threat in the cyber landscape, playing a crucial role in facilitating ransomware attacks. A recent investigation by security researchers revealed that an affiliate of RansomHub utilized a Python-based backdoor to maintain persistent access and deploy ransomware across various networks. Installed shortly after FakeUpdates gained initial access, this backdoor demonstrated advanced obfuscation techniques along with AI-assisted coding patterns. The attack involved lateral movement through remote desktop protocol (RDP) and established ongoing access by creating scheduled tasks. The advanced techniques highlight an increasing reality: cyber criminals are evolving […]
>Check Point Software\'s latest threat index highlights that FakeUpdates continues to pose a significant threat in the cyber landscape, playing a crucial role in facilitating ransomware attacks. A recent investigation by security researchers revealed that an affiliate of RansomHub utilized a Python-based backdoor to maintain persistent access and deploy ransomware across various networks. Installed shortly after FakeUpdates gained initial access, this backdoor demonstrated advanced obfuscation techniques along with AI-assisted coding patterns. The attack involved lateral movement through remote desktop protocol (RDP) and established ongoing access by creating scheduled tasks. The advanced techniques highlight an increasing reality: cyber criminals are evolving […] |
Ransomware Malware Threat | ★★ | |
 |
2025-02-13 13:00:01 | Why Darktrace / EMAIL excels against APTs (lien direct) | APTs are sophisticated threat actors with the resources to coordinate and achieve long-term objectives. Amidst the skyrocketing numbers of BEC attacks, every organization should be worried about the ability of intruders to infiltrate and exploit. This blog will look at several recent examples of complex email attacks and how Darktrace / EMAIL successfully disarmed and prevented intrusion.
APTs are sophisticated threat actors with the resources to coordinate and achieve long-term objectives. Amidst the skyrocketing numbers of BEC attacks, every organization should be worried about the ability of intruders to infiltrate and exploit. This blog will look at several recent examples of complex email attacks and how Darktrace / EMAIL successfully disarmed and prevented intrusion. |
Threat | ★★★ | |
 |
2025-02-13 11:40:21 | CISA Updates Known Exploited Vulnerabilities Catalog with Four Critical Issues (lien direct) | >
In a recent update to its Known Exploited Vulnerabilities Catalog, the Cybersecurity and Infrastructure Security Agency (CISA) has added four security vulnerabilities that are currently under active exploitation. These vulnerabilities span across multiple platforms and pose substantial security risks for both organizations and individual users.
The vulnerabilities identified in CVE-2024-40891, CVE-2024-40890, CVE-2025-21418, and CVE-2025-21391 can be exploited with relative ease if security updates are not applied promptly. Users and organizations should follow the guidance provided by vendors like Zyxel and Microsoft, ensuring that their systems are updated regularly to address the latest security flaws.
For organizations relying on Zyxel DSL routers or Windows-based systems, it is crucial to assess the exposure to these vulnerabilities and take immediate steps to update firmware or software versions.
Details of the Vulnerabilities and Active Exploitation
CVE-2024-40891 and CVE-2024-40890: Critical Command Injection Vulnerabilities in Zyxel DSL Routers
The two vulnerabilities-CVE-2024-40891 and CVE-2024-40890-are related to a series of Command Injection Vulnerabilities affecting Zyxel DSL CPE devices. Specifically, these vulnerabilities affect the Zyxel VMG4325-B10A router model running firmware version 1.00(AAFR.4)C0_20170615.
Both vulnerabilities share a common thread: they allow authenticated attackers to execute arbitrary operating system (OS) commands on the affected devices via Telnet (CVE-2024-40891) or a crafted HTTP POST request (CVE-2024-40890). This puts devices at high risk of being compromised by threat actors who can exploit these weaknesses to gain control of the affected systems.
According to the official Zyxel advisory, both vulnerabilities have been assigned a CVSS severity score of 8.8 (High). These flaws stem from improper neutralization of special elements used in OS commands (CWE-78: Improper Neutralization of Special Elements used in an OS Command). Once successfully exploited, the vulnerabilities could allow attackers to bypass authentication and execute malicious OS commands, effectively compromising the security of the devices.
Zyxel has issued advisories urging users to update their firmware to mitigate these vulnerabilities. Devices using older firmware versions are especially at risk. The active exploitation of these vulnerabilities could lead to severe consequences, such as unauthorized access, |
Vulnerability Threat | ★★★ | |
|
2025-02-13 11:15:54 | (Déjà vu) Cyble Warns of Exposed Medical Imaging, Asset Management Systems (lien direct) | >
Overview
Cyble\'s weekly industrial control system (ICS) vulnerability report to clients warned about internet-facing medical imaging and critical infrastructure asset management systems that could be vulnerable to cyberattacks.
The report examined six ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities in total, but it focused on two in particular after Cyble detected web-exposed instances of the systems.
Orthanc, Trimble Cityworks Vulnerabilities Highlighted by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued advisories alerting users to vulnerabilities in medical imaging and asset management products.
Orthanc is an open-source DICOM server used in healthcare environments for medical imaging storage and retrieval, while Trimble Cityworks is a GIS-centric asset management system used to manage all infrastructure assets for airports, utilities, municipalities, and counties.
In a February 6 ICS medical advisory, CISA said the Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled, which could result in unauthorized access by a malicious actor. The Missing Authentication for Critical Function vulnerability, CVE-2025-0896, has been assigned a CVSS v3.1 base score of 9.8, just below the maximum score of 10.0.
Orthanc recommends that users update to the latest version or enable HTTP authentication by setting the configuration "AuthenticationEnabled": true in the configuration file.
Cyble provided a publicly accessible search query for its ODIN vulnerability search tool, which users can use to find potentially vulnerable instances.
“This flaw requires urgent attention, as Cyble researchers have identified multiple internet-facing Orthanc instances, increasing the risk of exploitation,” the Cyble report said. “The exposure of vulnerable instances could allow unauthorized access to sensitive medical data, manipulation of imaging records, or even unauthorized control over the server. Given the high stakes in healthcare cybersecurity, immediate patching to version 1.5.8 or later, along with restricting external access, is strongly recommended to mitigate potential threats. |
Tool Vulnerability Threat Patching Industrial Medical | ★★★ | |
 |
2025-02-13 09:40:57 | Cybersécurité : Rapport Threat Intelligence Mimecast 2e semestre 2024 (lien direct) | Cybersécurité : Rapport Threat Intelligence Mimecast 2e semestre 2024
L\'étude s\'appuie sur plus de 90 milliards de données analysées auprès des 42 000 clients de Mimecast au second semestre 2024.
• Plus de 5 milliards de menaces ont été signalées entre juillet et décembre 2024.
• Les secteurs du divertissement et de l\'information ont été les plus ciblés par les attaques, avec plus de 10 menaces par utilisateur.
• Les cybercriminels utilisent des techniques variées pour mener leurs attaques. Dans ce contexte, les attaques par phishing sont en hausse.
• L\'IA reste à la fois un atout et une menace pour la cybersécurité.
-
Investigations
Cybersécurité : Rapport Threat Intelligence Mimecast 2e semestre 2024 L\'étude s\'appuie sur plus de 90 milliards de données analysées auprès des 42 000 clients de Mimecast au second semestre 2024. • Plus de 5 milliards de menaces ont été signalées entre juillet et décembre 2024. • Les secteurs du divertissement et de l\'information ont été les plus ciblés par les attaques, avec plus de 10 menaces par utilisateur. • Les cybercriminels utilisent des techniques variées pour mener leurs attaques. Dans ce contexte, les attaques par phishing sont en hausse. • L\'IA reste à la fois un atout et une menace pour la cybersécurité. - Investigations |
Threat Studies | ★★★★ | |
|
2025-02-13 09:31:54 | Chinese espionage tools deployed in RA World ransomware attack (lien direct) | A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors. [...]
A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors. [...] |
Ransomware Tool Threat | ★★ | |
 |
2025-02-13 06:03:00 | Best Practices for Securing Web Applications Against Modern Threats (lien direct) | Are Your Web Applications Truly Secure? Application programming interfaces (APIs) are critical in modern software development. APIs define rules and protocols that enable applications to communicate and share data with other systems. This communication enables developers to leverage the functionality of existing applications rather than recreating those functions and services from scratch. As a result, APIs accelerate software development and enable innovation, collaboration, and automation. According to data from a 2024 survey by cybersecurity analyst firm Enterprise Strategy Group, organizations are anticipating an explosion in web applications, web sites, and associated APIs in the next two years. Research respondents reported they support an average of 145 applications today and are expecting that number to grow to 201 within 24 months. Additionally, the same research shows that organizations with at least half of their applications using APIs will grow from 32% today to 80% within 24 months. This explosive growth is creating a viable attack vector for cybercriminals and more challenges for security teams. Nearly half (46%) of respondents in the ESG research survey said that web application and API protection is more difficult than it was two years ago, citing environmental changes as one of the main challenges. This includes maintaining visibility and security of APIs, using cloud infrastructure, and securing cloud-native architectures. Organizations are increasingly facing diverse attacks as cybercriminals employ various techniques to gain unauthorized access to API endpoints and expose or steal sensitive information. According to ESG’s recent report findings, the top threat vector being exploited is application and API attacks through lesser-known vulnerabilities, with 41% percent of organizations reporting such attacks. Adopting Best Practices for API Security To mitigate the complexities and challenges of today\'s environment, more organizations recognize the importance of API security and are adopting best practices, including seeking assistance from third-party providers. In fact, according to ESG, 45% of organizations plan to work with managed service providers to manage web application and API protection tools. Application and API protection are quickly becoming a fundamental security control, because when left unprotected, APIs provide an easy way to gain unauthorized access to IT networks and disrupt business, steal data, or launch cyberattacks. By adopting security best practices, organizations can mitigate vulnerabilities and other exposures that attackers could potentially exploit and protect APIs from security threats like unauthorized access and data breaches. Identifying Common Risks and Threats To effectively safeguard your APIs, it is crucial to understand the common risks and threats that exist, including: Injection attacks Vulnerability exploits Authentication issues Broken access controls Distributed Denial of service (DDoS) Brute-force attacks API abuse Machine in the middle (MITM) attacks Cross-site scripting (XSS) Use Proactive Defense with Best Practices to Your APIs from Threats Organizations and security teams should understand and implement API security best practices to prevent APIs from being attacked or abused. Secure development Build API security standards and practices into every stage of API development to find vulnerabilities before APIs enter production. Incorporate automated security testing throughout the entire process and run a wide range of tests simulating malicious traffic. Implement strict input validation and sanitization to prevent injection attack | Tool Vulnerability Threat Cloud | ★★ | |
|
2025-02-13 06:02:16 | Russia-Linked Seashell Blizzard Intensifies Cyber Operations Against Critical Sectors (lien direct) | The Russia-linked threat actor known as Seashell Blizzard has assigned one of its subgroups to gain initial access to internet-facing infrastructure and establish long-term persistence within targeted entity, a Microsoft report has revealed. Also dubbed APT44, BlackEnergy Lite, Sandworm, Telebots, and Voodoo Bear, Seashell Blizzard has been active since at least 2009 and is believed [...]
The Russia-linked threat actor known as Seashell Blizzard has assigned one of its subgroups to gain initial access to internet-facing infrastructure and establish long-term persistence within targeted entity, a Microsoft report has revealed. Also dubbed APT44, BlackEnergy Lite, Sandworm, Telebots, and Voodoo Bear, Seashell Blizzard has been active since at least 2009 and is believed [...] |
Threat | APT 44 | ★★★ |
 |
2025-02-13 00:00:00 | Beware of Romance Scams this Valentine\\'s Day (lien direct) |
As Valentine\'s day approaches, many people are looking to connect with others online. While online dating can be a great way to meet new people, it is also important to be aware of the potential dangers. Romance scams, where fraudsters use fake profiles to financially and emotionally exploit victims are becoming more common. These scammers manipulate their victims into sending money under false pretenses. They often succeed by building trusting relationships over long periods of time.
Warning signs of Romance Scams
Scammers typically gain trust by showering their target with attention and compliments before eventually asking them for money. They may claim it\'s for travel expenses, medical emergencies (typically of a child), or a business opportunity that would help to bring the relationship closer. Common red flags can include rushing the relationship, avoiding personal questions and refusing to meet in person. They may also try to move conversation off dating platforms to a less secure platform to avoid being detected as a scam. If someone you have met online asks for financial help, it\'s a major warning sign.
How to protect yourself
Use trusted dating websites with strong security measures
Keep personal details private and be cautious when sharing information
Never send money or provide financial assistance to someone that you haven\'t met in person.
Be careful with your webcams, as scammers often try to exploit video recordings as ransom.
Trust your instincts - if something feels off, it probably is.
At CyberSkills, We\'re committed to helping people stay safe online. This Valentine\'s Day, protect both your heart and your security and stay safe!
An Garda Síochána. (2025). Beware of Romance Scams. Retrieved from https://www.garda.ie/en/crime/fraud/am-i-a-victim-of-a-romance-scam-.html
As Valentine\'s day approaches, many people are looking to connect with others online. While online dating can be a great way to meet new people, it is also important to be aware of the potential dangers. Romance scams, where fraudsters use fake profiles to financially and emotionally exploit victims are becoming more common. These scammers manipulate their victims into sending money under false pretenses. They often succeed by building trusting relationships over long periods of time. Warning signs of Romance Scams Scammers typically gain trust by showering their target with attention and compliments before eventually asking them for money. They may claim it\'s for travel expenses, medical emergencies (typically of a child), or a business opportunity that would help to bring the relationship closer. Common red flags can include rushing the relationship, avoiding personal questions and refusing to meet in person. They may also try to move conversation off dating platforms to a less secure platform to avoid being detected as a scam. If someone you have met online asks for financial help, it\'s a major warning sign. How to protect yourself Use trusted dating websites with strong security measures Keep personal details private and be cautious when sharing information Never send money or provide financial assistance to someone that you haven\'t met in person. Be careful with your webcams, as scammers often try to exploit video recordings as ransom. Trust your instincts - if something feels off, it probably is. At CyberSkills, We\'re committed to helping people stay safe online. This Valentine\'s Day, protect both your heart and your security and stay safe! An Garda Síochána. (2025). Beware of Romance Scams. Retrieved from https://www.garda.ie/en/crime/fraud/am-i-a-victim-of-a-romance-scam-.html |
Threat Medical | ★★★ | |
 |
2025-02-12 22:06:18 | Cybercrime evolving into national security threat: Google (lien direct) | “The vast cybercriminal ecosystem has acted as an accelerant for state-sponsored hacking, providing malware, vulnerabilities, and in some cases full-spectrum operations to states,” said Ben Read of Google Threat Intelligence Group.
“The vast cybercriminal ecosystem has acted as an accelerant for state-sponsored hacking, providing malware, vulnerabilities, and in some cases full-spectrum operations to states,” said Ben Read of Google Threat Intelligence Group. |
Malware Vulnerability Threat | ★★★ | |
 |
2025-02-12 20:18:47 | Microsoft Patches 63 Flaws, Including Two Actively Exploited Zero-Days (lien direct) | Microsoft, on Tuesday, released its February 2025 Patch Tuesday, which addresses 63 security vulnerabilities, including four zero-day vulnerabilities, of which two are being actively exploited in the wild and two are publicly exposed zero-day vulnerabilities. Of the 63 flaws, three are critical, 53 are Important, and one is moderately severe. These vulnerabilities occurred across different platforms, including Windows and Windows Components, Office and Office Components, Azure, Visual Studio, and Remote Desktop Services. Further, the three vulnerabilities marked as “critical” were fixed in February 2025 Patch Tuesday. All of these were remote code execution (RCE) flaws, which, if exploited, could have allowed an attacker to run arbitrary code on the device. Furthermore, the two actively exploited zero-day vulnerabilities in the wild that Microsoft has addressed in the February 2025 Patch Tuesday update are: CVE-2025-21391 (CVSS 7.1) – Windows Storage Elevation of Privilege Vulnerability This Elevation of Privilege (EoP) vulnerability in Windows Storage allows a local, authenticated attacker to delete targeted files on a system. “An attacker would only be able to delete targeted files on a system. This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable,” reads Microsoft\'s advisory. No details about how this flaw was exploited in attacks or who reported it have been revealed. CVE-2025-21418 (CVSS 7.8) – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability The second actively exploited vulnerability allows an attacker to run a crafted program to gain SYSTEM privileges in Windows. It remains unclear how this flaw was exploited in attacks, and Microsoft states that it was disclosed anonymously. Additionally, the other two publicly disclosed zero-days that were patched in the February 2025 Patch Tuesday update are: CVE-2025-21194 (CVSS 7.1) – Microsoft Surface Security Feature Bypass Vulnerability According to Microsoft, this hypervisor flaw allows attackers to bypass UEFI and compromise the secure kernel on Surface devices. It is likely linked to the PixieFail vulnerabilities. “This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel,” explains Microsoft’s advisory. The tech giant credited Francisco Falcón and Iván Arce of Quarkslabfor discovering and reporting the vulnerability. CVE-2025-21377 (CVSS 6.5) – NTLM Hash Disclosure Spoofing Vulnerability This flaw exposes a Windows user’s NTLM hashes, which allows a remote attacker to steal Windows user hashes via minimal file interaction and potentially log in as the user. “Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability,” explains Microsoft’s advisory. | Vulnerability Threat | ★★ | |
|
2025-02-12 19:34:00 | Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability (lien direct) | Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container\'s isolation protections and gain complete access to the underlying host.
The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions -
NVIDIA Container Toolkit (All
Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container\'s isolation protections and gain complete access to the underlying host. The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions - NVIDIA Container Toolkit (All |
Vulnerability Threat | ★★★ | |
 |
2025-02-12 18:15:38 | Food and Ag-ISAC cyber threat report provides actionable intelligence on cyber threats, ransomware tactics (lien direct) | The Food and Ag-ISAC released its latest publication, the Food and Ag Sector Cyber Threat Report, that employs...
The Food and Ag-ISAC released its latest publication, the Food and Ag Sector Cyber Threat Report, that employs... |
Ransomware Threat | ★★★ | |
|
2025-02-12 18:08:09 | zkLend loses $9.5M in crypto heist, asks hacker to return 90% (lien direct) | Decentralized money lender zkLend suffered a breach where threat actors exploited a smart contract flaw to steal 3,600 Ethereum, worth $9.5 million at the time. [...]
Decentralized money lender zkLend suffered a breach where threat actors exploited a smart contract flaw to steal 3,600 Ethereum, worth $9.5 million at the time. [...] |
Threat | ★★★ | |
|
2025-02-12 17:58:47 | Russian state threat group shifts focus to US, UK targets (lien direct) | >A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said.
>A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said. |
Vulnerability Threat | APT 44 | ★★★ |
|
2025-02-12 17:18:11 | Over two-thirds of cybersecurity breaches linked to human error, finds new Mimecast Threat Intelligence Report (lien direct) | Over two-thirds of cybersecurity breaches linked to human error, finds new Mimecast Threat Intelligence Report
-
Special Reports
Over two-thirds of cybersecurity breaches linked to human error, finds new Mimecast Threat Intelligence Report - Special Reports |
Threat | ★★★ | |
|
2025-02-12 16:13:00 | North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (lien direct) | The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them.
"To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a
The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. "To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a |
Threat | ★★★ | |
 |
2025-02-12 15:00:00 | New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs (lien direct) | >Summary Netskope Threat Labs is tracking a widespread phishing campaign affecting hundreds of Netskope customers and thousands of users. The campaign aims to steal credit card information to commit financial fraud, and has been ongoing since the second half of 2024. The attacker targets victims searching for documents on search engines, resulting in access to […]
>Summary Netskope Threat Labs is tracking a widespread phishing campaign affecting hundreds of Netskope customers and thousands of users. The campaign aims to steal credit card information to commit financial fraud, and has been ongoing since the second half of 2024. The attacker targets victims searching for documents on search engines, resulting in access to […] |
Threat | ★★★ | |
|
2025-02-12 13:45:35 | Apple Confirms \\'Extremely Sophisticated\\' Exploit Threatening iOS Security (lien direct) | Apple fixes the USB Restricted Mode flaw in iOS 18.3.1 and iPadOS 18.3.1. Vulnerability exploited in targeted attacks.…
Apple fixes the USB Restricted Mode flaw in iOS 18.3.1 and iPadOS 18.3.1. Vulnerability exploited in targeted attacks.… |
Vulnerability Threat | ★★★ | |
|
2025-02-12 10:33:38 | New Zealand\\'s National Cyber Security Centre (NCSC) Reports Surge in Cyber Threats and Vulnerabilities (lien direct) | 
Overview
The 2023/24 Cyber Threat Report from New Zealand\'s National Cyber Security Centre (NCSC), led by Lisa Fong, Deputy Director-General for Cyber Security at the Government Communications Security Bureau (GCSB), sheds light on the country\'s rapidly changing cyber threat landscape. The report highlights an increase in cyber incidents targeting individuals, businesses, and critical national sectors, underlining the growing complexity of cyber threats.
For the year ending June 2024, the NCSC recorded a whopping total of 7,122 cybersecurity incidents, marking a new milestone since CERT NZ\'s integration into the NCSC. Of these incidents, 95% (6,799) were handled through the NCSC\'s general triage process. These incidents primarily affected small to medium businesses and individual users and resulted in a reported financial loss of $21.6 million. While these incidents did not require specialized technical interventions, they still had a substantial impact on those affected, particularly in terms of financial losses and reputational damage.
A smaller subset of incidents, 343 in total, was categorized as having national significance. These incidents were more complex and targeted critical infrastructure or large organizations. Among them, 110 were linked to state-sponsored actors, signaling a slight increase in cyber activities from such groups. Financially motivated cybercriminal activities were responsible for 65 of these high-impact incidents, emphasizing the persistent threat from financially driven attacks such as ransomware and data exfiltration.
2023/24 Cyber Threat Report: State-Sponsored Cyber Threats and Ransomware
|
Ransomware Tool Vulnerability Threat Technical | ★★★ | |
|
2025-02-12 10:31:36 | BTMOB RAT: Newly Discovered Android Malware Spreading via Phishing Sites (lien direct) | 
Key Takeaways
BTMOB RAT is an advanced Android malware evolved from SpySolr that features remote control, credential theft, and data exfiltration.
It spreads via phishing sites impersonating streaming services like iNat TV and fake mining platforms.
The malware abuses Android\'s Accessibility Service to unlock devices, log keystrokes, and automate credential theft through injections.
It uses WebSocket-based C&C communication for real-time command execution and data theft.
BTMOB RAT supports various malicious actions, including live screen sharing, file management, audio recording, and web injections.
The Threat Actor (TA) actively markets the malware on Telegram, offering paid licenses and continuous updates, making it an evolving and persistent threat.
Overview
On January 31, 2025, Cyble Research and Intelligence Labs (CRIL) identified a sample lnat-tv-pro.apk (13341c5171c34d846f6d0859e8c45d8a898eb332da41ab62bcae7519368d2248) being distributed via a phishing site “hxxps://tvipguncelpro[.]com/” impersonating iNat TV - online streaming platform from Turkey posing a serious threat to unsuspecting users.
 Figure 1 – Phishing site distributing this ma |
Malware Tool Threat Mobile | ★★★ | |
|
2025-02-12 08:36:11 | DeepTempo announced that it has completed the BNY Ascent Program (lien direct) | DeepTempo Completes BNY Ascent Program to Advance AI-Driven Cybersecurity Innovation
Company collaborates with BNY on deep-learning solution for advanced threat protection
-
Business News
DeepTempo Completes BNY Ascent Program to Advance AI-Driven Cybersecurity Innovation Company collaborates with BNY on deep-learning solution for advanced threat protection - Business News |
Threat | ★★★ | |
 |
2025-02-12 04:58:37 | Microsoft Patch Tuesday, February 2025 Edition (lien direct) | Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.
Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. |
Vulnerability Threat | ★★ | |
|
2025-02-12 00:01:00 | U.S. adversaries increasingly turning to cybercriminals and their malware for help (lien direct) | >A Google Threat Intelligence Group report notes that Russia in particular has been doing this since the Ukraine war began.
>A Google Threat Intelligence Group report notes that Russia in particular has been doing this since the Ukraine war began. |
Malware Threat | ★★★ | |
|
2025-02-11 21:41:57 | Apple Releases Urgent Patch for USB Vulnerability (lien direct) | The vulnerability could allow a threat actor to disable the security feature on a locked device and gain access to user data.
The vulnerability could allow a threat actor to disable the security feature on a locked device and gain access to user data. |
Vulnerability Threat | ★★★ | |
|
2025-02-11 20:40:58 | Apple Patches Critical iOS Zero-Day CVE-2025-24200 (lien direct) | On Monday, Apple rolled out emergency security updates to fix a critical zero-day vulnerability in iOS and iPadOS that was actively exploited in an extremely sophisticated attack.
The high zero-day vulnerability, identified as CVE-2025-24200, is an authorization issue in Apple’s iOS and iPadOS that could allow a physical attacker to disable USB Restricted Mode on a locked device.
In other words, this vulnerability could enable a sophisticated physical attack to bypass USB Restricted Mode on a locked iOS or iPadOS device.
For those unaware, Apple’s USB Restricted Mode is a security feature introduced in iOS 11.4.1 to prevent unauthorized access to an iPhone or iPad via USB accessories.
When enabled, this mode prevents USB accessories that plug into the Lightning port from making data connections with the device if it has not been unlocked within the past hour.
This prevents hacking tools that connect via the Lightning port from bypassing passcodes and encryption.
Meanwhile, Apple has acknowledged the issue and fixed the vulnerability with improved state management.
“A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company wrote in the advisories [(1),(2)] published on Monday.
The Cupertino giant has credited security researcher Bill Marczak of The Citizen Lab at The University of Toronto\'s Munk School for discovering and reporting the vulnerability to Apple.
The CVE-2025-24200 vulnerability affected a broad range of Apple devices, including:
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Apple has resolved the vulnerability above by releasing software updates - iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 - with improved memory management.
While Apple has not provided any information on how the above vulnerability was exploited, it has strongly urged its iOS and iPadOS users to immediately update their devices to the latest versions to mitigate potential security threats.
Further, enable automatic updates to ensure you receive future patches on your devices without delay.
Avoid clicking on suspicious links and only download apps from trusted sources to reduce the risk of vulnerabilities.
For software updates on iPhone or iPad, go to Settings > General > Software Update > Check for the update and install.
On Monday, Apple rolled out emergency security updates to fix a critical zero-day vulnerability in iOS and iPadOS that was actively exploited |
Tool Vulnerability Threat Mobile | ★★★ | |
|
2025-02-11 20:31:47 | Defending Against Living-off-the-Land Attacks: Anomaly Detection in Action (lien direct) | Discover how Darktrace detected and responded to cyberattacks using Living-off-the-Land (LOTL) tactics to exploit trusted services and tools on customer networks.
Discover how Darktrace detected and responded to cyberattacks using Living-off-the-Land (LOTL) tactics to exploit trusted services and tools on customer networks. |
Tool Threat | ★★★ | |
 |
2025-02-11 20:00:00 | Cybercrime: A Multifaceted National Security Threat (lien direct) | Executive Summary Cybercrime makes up a majority of the malicious activity online and occupies the majority of defenders\' resources. In 2024, Mandiant Consulting responded to almost four times more intrusions conducted by financially motivated actors than state-backed intrusions. Despite this overwhelming volume, cybercrime receives much less attention from national security practitioners than the threat from state-backed groups. While the threat from state-backed hacking is rightly understood to be severe, it should not be evaluated in isolation from financially motivated intrusions. A hospital disrupted by a state-backed group using a wiper and a hospital disrupted by a financially motivated group using ransomware have the same impact on patient care. Likewise, sensitive data stolen from an organization and posted on a data leak site can be exploited by an adversary in the same way data exfiltrated in an espionage operation can be. These examples are particularly salient today, as criminals increasingly target and leak data from hospitals. Healthcare\'s share of posts on data leak sites has doubled over the past three years, even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year. The impact of these attacks mean that they must be taken seriously as a national security threat, no matter the motivation of the actors behind it. Cybercrime also facilitates state-backed hacking by allowing states to purchase cyber capabilities, or co-opt criminals to conduct state-directed operations to steal data or engage in disruption. Russia has drawn on criminal capabilities to fuel the cyber support to their war in Ukraine. GRU-linked APT44 (aka Sandworm), a unit of Russian military intelligence, has employed malware available from cybercrime communities to conduct espionage and disruptive operations in Ukraine and CIGAR (aka RomCom), a group that historically focused on cybercrime, has conducted espionage operations against the Ukrainian government since 2022. However, this is not limited to Russia. Iranian threat groups deploy ransomware to raise funds while simultaneously conducting espionage, and Chinese espionage groups often supplement their income with cybercrime. Most notably, North Korea uses state-backed groups to directly generate revenue for the regime. North Korea has heavily targeted cryptocurrencies, compromising exchanges and individual victims\' crypto wallets. Despite the overlaps in effects and collaboration with states, tackling the root causes of cybercrime requires fundamentally different solutions. Cybercrime involves collaboration between disparate groups often across borders and without respect to sovereignty. Any solution requires international cooperation by both law enforcement and intelligence agencies to track, arrest, and prosecute these criminals. Individual takedowns can have important temporary effects, but the collaborative nature of cybercrime means that the disrupted group will be quickly replaced by others offering the same service. Achieving broader success will require collaboration between countries and public and private sectors on systemic solutions such as increasing education and resilience efforts. aside_block | Ransomware Malware Tool Vulnerability Threat Legislation Medical Cloud Technical | APT 41 APT 38 APT 29 APT 43 APT 44 | ★★★ |
|
2025-02-11 15:50:20 | Samoa warns of APT40 hackers targeting organizations in Blue Pacific region, urges immediate action (lien direct) | The Government of Samoa issued an advisory detailing the activities of the cyber threat group APT40 and the...
The Government of Samoa issued an advisory detailing the activities of the cyber threat group APT40 and the... |
Threat | ★★★ | |
|
2025-02-11 15:25:00 | Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (lien direct) | Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025.
NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim\'s host, allowing them to monitor the device\'s screen in real-time, control the keyboard and mouse, upload and download
Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim\'s host, allowing them to monitor the device\'s screen in real-time, control the keyboard and mouse, upload and download |
Threat | ★★★ | |
 |
2025-02-11 14:28:37 | VERT Threat Alert: February 2025 Patch Tuesday Analysis (lien direct) | Today\'s VERT Alert addresses Microsoft\'s February 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1143 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2025-21391 A vulnerability in Windows Storage could lead to elevation of privilege, however, it is important to note that this would not give complete access to the file system. Instead, it only allows attackers to delete files they wouldn\'t otherwise have permission to remove. Microsoft has reported this vulnerability as Exploitation Detected. CVE-2025-21418 A...
Today\'s VERT Alert addresses Microsoft\'s February 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1143 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2025-21391 A vulnerability in Windows Storage could lead to elevation of privilege, however, it is important to note that this would not give complete access to the file system. Instead, it only allows attackers to delete files they wouldn\'t otherwise have permission to remove. Microsoft has reported this vulnerability as Exploitation Detected. CVE-2025-21418 A... |
Vulnerability Threat | ★★★ | |
|
2025-02-11 13:56:13 | Fortinet warns of new zero-day exploited to hijack firewalls (lien direct) | Fortinet warned today that attackers are exploiting another authentication bypass zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...]
Fortinet warned today that attackers are exploiting another authentication bypass zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...] |
Vulnerability Threat | ★★★ | |
 |
2025-02-11 13:00:00 | Dragos Industrial Ransomware Analysis: Q4 2024 (lien direct) | >In the fourth quarter (October to December) of 2024, the ransomware threat landscape presented an increasingly dynamic ecosystem, with multiple...
The post Dragos Industrial Ransomware Analysis: Q4 2024 first appeared on Dragos.
>In the fourth quarter (October to December) of 2024, the ransomware threat landscape presented an increasingly dynamic ecosystem, with multiple... The post Dragos Industrial Ransomware Analysis: Q4 2024 first appeared on Dragos. |
Ransomware Threat Industrial | ★★★ | |
|
2025-02-11 12:46:32 | Cyber Security Agency of Singapore Alerts Users on Active Exploitation of Zero-Day Vulnerability in Apple Products (lien direct) | 
Overview
The Cyber Security Agency of Singapore (CSA) has recently issued a warning regarding the active exploitation of a zero-day vulnerability (CVE-2025-24200) in a range of Apple products. This critical vulnerability is being actively targeted, and Apple has released timely security updates to address the issue. If exploited, the vulnerability could allow attackers to bypass certain security features and gain unauthorized access to sensitive data through USB connections.
The vulnerability, identified as CVE-2025-24200, affects various Apple devices, including iPhones and iPads. Specifically, the issue lies in the USB Restricted Mode, a security feature designed to prevent unauthorized access to a device\'s data when it is locked. A successful attack could disable this mode, allowing an unauthenticated attacker to access the device\'s data via a USB connection, even if the device is locked.
This flaw has been dubbed a "zero-day vulnerability," as it was discovered and actively exploited before a patch or security fix was made available. Apple has moved quickly to resolve the issue with new security updates released on February 10, 2025.
Affected Apple Products
|
Vulnerability Threat Mobile | ★★★★ | |
|
2025-02-11 12:41:56 | Silobreaker, Health-ISAC partner; offer members free trial access to its threat intelligence platform (lien direct) | >Silobreaker announced on Tuesday its partnership with Health Information Sharing and Analysis Center (Health-ISAC) as a Community Services...
>Silobreaker announced on Tuesday its partnership with Health Information Sharing and Analysis Center (Health-ISAC) as a Community Services... |
Threat | ★★★ | |
|
2025-02-11 11:23:25 | EFCC Witness Exposes Shocking Details of Cyber Terrorism and Internet Fraud Scheme (lien direct) | 
Overview
In a highly anticipated trial on February 7, 2025, Rowland Turaki, a former employee of the accused, Xiao Hong Will, a Chinese national, took the stand as the first prosecution witness in the ongoing case concerning alleged cyber terrorism and internet fraud. The trial, which is being heard at the Federal High Court in Ikoyi, Lagos, is centered on Xiao Hong Will and his company, Genting International Co. Limited, both facing serious charges related to cybercrimes, identity theft, and fraud.
The witness, who was studying cybersecurity at the time, described in vivid detail how his employers instructed him to disguise himself as a woman to gain the trust of potential clients for fraudulent schemes. According to Turaki, he was employed by Genting International, a company allegedly linked to a network of cybercriminals engaged in elaborate internet fraud operations. The company is accused of using deceptive tactics, including employing Nigerian youths for identity theft and cyber-terrorism activities aimed at destabilizing Nigeria\'s constitutional structure.
The Arrest of Xiao Hong Will
Xiao Hong Will, arrested during the EFCC\'s "Eagle Flush Operation" in Lagos on December 19, 2024, is charged with a series of crimes under the Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015 (As Amended, 2024). He and his company allegedly facilitated the exploitation of victims by using fraudulent identities and cryptocurrency schemes to gain financial advantage. The prosecution has charged Hong Will and Genting International with using Nigerian youths to create fake personas, potential |
Threat Legislation Medical Technical | ★★★ | |
|
2025-02-11 11:07:51 | Threat Landscape Almond : la menace cyber franchit un nouveau cap (lien direct) | Threat Landscape Almond : la menace cyber franchit un nouveau cap - Investigations | Threat | ★★★ | |
 |
2025-02-11 10:30:00 | Apple Mitigates “Extremely Sophisticated” Zero-Day Exploit (lien direct) | Apple has patched a zero-day vulnerability being exploited in targeted attacks
Apple has patched a zero-day vulnerability being exploited in targeted attacks |
Vulnerability Threat | ★★★ | |
|
2025-02-11 10:02:00 | Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (lien direct) | Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild.
Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack.
This
Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild. Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack. This |
Vulnerability Threat | ★★★ | |
|
2025-02-10 21:58:30 | XE Group Shifts From Card Skimming to Supply Chain Attacks (lien direct) | The likely Vietnam-based threat actor has been using two zero-days in VeraCore\'s warehouse management software in some of its latest cyberattacks.
The likely Vietnam-based threat actor has been using two zero-days in VeraCore\'s warehouse management software in some of its latest cyberattacks. |
Threat | ★★★ |
To see everything:
Our RSS (filtrered)
