A critical zero-day vulnerability, tracked as CVE-2025-0282, has been discovered in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow allows unauthenticated remote attackers to achieve remote code execution. This is in addition to CVE-2025-0283 which is another stack-based buffer overflow, which requires a local authenticated attacker. This vulnerability is currently being actively exploited in the wild. Organizations are advised to apply the available patches immediately and perform factory resets to ensure complete removal of any potential malware. Ivanti has a long history of being targeted.
Cybercriminals are using fake job offers with the CrowdStrike brand to distribute a cryptominer, specifically XMRig. This is a social engineering scam where malicious actors pose as legitimate recruiters to trick job seekers into downloading malware.
The FunkSec ransomware group emerged in late 2024, quickly gaining notoriety for its high volume of claimed victims. They employ double extortion tactics, combining data theft with encryption, while demanding low ransoms. The group uses AI-assisted malware development enabling inexperienced actors to produce advanced tools. The group straddles the line between hacktivism and cybercrime, making it difficult to ascertain their true intentions. Many of the group’s leaked datasets appear to be recycled, raising questions about their authenticity. This highlights the need for better threat assessment methods, moving away from solely relying on the actors’ claims.
A massive data breach at location data company Gravy Analytics has exposed sensitive location data of millions of users. The breach affects users of popular apps like Candy Crush, Tinder, and MyFitnessPal, among thousands of others. This incident underscores the risks associated with the collection and sale of location data, particularly from advertising bid streams, without users’ or even app developers’ knowledge. The breach was posted on a Russian-language forum by the hacker using the alias “Nightly” and contained coordinates of devices in the US, Europe, and Russia.
A fake proof-of-concept (PoC) exploit is being used to target security researchers, disguising itself as a fix for a critical Microsoft LDAP vulnerability. The attackers used a forked version of the legitimate PoC and embed information-stealing malware that is deployed when the malicious code is executed. The tactic aims to steal credentials, and other sensitive information from security researchers.
A critical command injection vulnerability, CVE-2024-50603, in the Aviatrix Network Controller allows unauthenticated remote attackers to execute arbitrary code. This vulnerability, with a CVSS score of 10.0, stems from improper input handling within the Aviatrix Controller’s API. Exploitation could lead to full system compromise, data theft, and network breaches. There are hundreds of publicly exposed Aviatrix Controllers accessible via the Shodan search engine.
The Chinese state-sponsored group, RedDelta, has been actively targeting Mongolia, Taiwan, and Southeast Asia since July 2023. The group uses evolving cyber threats to distribute its customized PlugX backdoor. RedDelta employs spearphishing techniques with lure documents themed around political and cultural events. They have compromised government and diplomatic organizations in multiple countries using adapted infection chains. The group uses Windows Shortcut (LNK), Microsoft Management Console Snap-In Control (MSC) files, and HTML files hosted on Microsoft Azure. They also use Cloudflare CDN to proxy command-and-control (C2) traffic to blend in with legitimate network activity, complicating victim identification.
The MirrorFace APT, linked to China, has been conducting extensive cyber espionage campaigns against Japan since 2019. The group uses malware delivered via email attachments, and exploits VPN vulnerabilities to steal sensitive information. Targets include the Japanese government, defense, aerospace, semiconductor, communications and research organizations. The group uses tools like ANEL and NOOPDOOR for its attacks. The campaign shows a deep focus on infiltrating Japanese national security and advanced technology sectors.
Multiple vulnerabilities have been discovered in Palo Alto Networks’ Expedition migration tool, including an OS command injection flaw and a vulnerability that exposes sensitive firewall credentials. These vulnerabilities could allow attackers to execute arbitrary code and access usernames, cleartext passwords, device configurations, and API keys. The vulnerabilities pose a significant risk to organizations using the tool for firewall migration and optimization.
PowerSchool has disclosed a data breach that has affected both hosted and self-hosted school districts. The breach, discovered on December 28, has led to the compromise of student information, such as grades, attendance, and enrollment data, potentially impacting numerous K-12 districts. Emails were sent to PowerSchool clients. It is not yet known how the breach happened.
US dental and medical billing firm Medusind is notifying over 360,000 customers that their personal, financial and medical data may have been accessed by a cybercriminal actor. The breach relates to a cyber incident that took place back on December 29, 2023. The compromised information includes names, birthdates, email addresses, phone numbers, Social Security numbers, driver’s licenses, taxpayer IDs, payment details, and health insurance information.
Apple is facing a class-action lawsuit over its Siri voice assistant due to privacy concerns. The lawsuit claims Siri was eavesdropping and recording users without their consent. Apple has agreed to a $95 million settlement to resolve the issue. The settlement impacts millions of users who might have been affected. Some of the recordings have been shared with third parties. Users can disable Siri to avoid being recorded. This settlement highlights the importance of user data privacy and transparency, and it has also resulted in Apple making changes to its Siri privacy policy and functionality.
The White House has launched the Cyber Trust Mark program, a labeling scheme for IoT devices. This program informs consumers that applicable household products meet certain government-vetted cybersecurity standards. The Cyber Trust Mark aims to certify devices’ security, similar to the Energy Star label for energy efficiency. The initiative, coordinated with NIST and FCC, is set to have labeled products on shelves in 2025. This could encourage manufacturers to focus more on cybersecurity, and also help consumers pick safer devices.
Critical security vulnerabilities have been found in the Fancy Product Designer plugin for WordPress. These unpatched flaws in the plugin allow for system compromise, data exposure, and service disruption. The plugin, with over 20,000 sales, is now a major security risk for WordPress websites. Users must take immediate action to mitigate these vulnerabilities, highlighting the need for thorough security practices on WordPress.
A critical vulnerability in the UpdraftPlus WordPress plugin has exposed over 3 million websites to unauthenticated PHP object injection attacks. This vulnerability allows attackers to inject malicious code, potentially leading to complete site compromise. The issue highlights the severe risks associated with vulnerable plugins in popular CMS platforms and the importance of regular updates.
The International Civil Aviation Organization (ICAO), a United Nations agency, has confirmed a cyberattack resulting in the theft of 42,000 records from its recruitment database. The breach has raised concerns about the security of personal information held by international organizations, and a probe is underway to understand the extent of the damage. This incident highlights the need for enhanced security measures to protect sensitive data within international organizations.
A sophisticated phishing campaign is exploiting Microsoft 365 to target PayPal users. Attackers register free Microsoft 365 test domains to create distribution lists for sending authentic-looking PayPal money requests. This method bypasses traditional email protections, increasing the scam’s success rate. The technique leverages genuine PayPal features to deceive victims into revealing their credentials. This is not a new vulnerability, but it is a new use of the legitimate feature.
Researchers have identified critical BIOS/UEFI vulnerabilities in the Illumina iSeq 100 DNA gene sequencer. The device uses an outdated BIOS implementation with CSM mode enabled, lacking Secure Boot and standard firmware write protections. This allows attackers with system access to overwrite the firmware, potentially bricking the device or installing a persistent firmware implant. The vulnerabilities highlight significant supply chain security risks due to the re-use of commodity hardware and outdated firmware. This issue also underscores the need for stringent configuration management and integrity checking for devices handling genomic data. This shows that even devices in a non-traditional tech sector are vulnerable to attack.