FlagThis

A novel JavaScript obfuscation technique utilizing invisible Unicode characters has been observed in phishing attacks targeting affiliates of an American political action committee (PAC). Juniper Threat Labs identified this method, which employs two Unicode filler characters to encode binary values, making the malicious JavaScript payload invisible in the script.

The carding website B1ack’s Stash has released a collection of over 1 million credit and debit cards to attract customers. D3 Lab researchers reported that on February 19, 2025, the carding website released a collection of over 1 million unique credit and debit cards. Experts speculate that B1ack’s Stash used the free card release as a marketing strategy. Cybercriminals are increasingly using stolen credit card information for financial gain, and individuals must take proactive measures to protect their personal and financial information.

The Medusa ransomware group has claimed responsibility for a cyberattack on UK healthcare giant HCRG Care Group. The attackers are demanding $2 million in ransom for the stolen data, totaling 2.3 TB. The incident is under investigation, and HCRG is working to assess the extent of the breach and its impact on operations. This attack highlights the increasing targeting of healthcare organizations by ransomware groups, threatening the confidentiality and integrity of sensitive patient data.

Medusa ransomware has been known for targeting healthcare organizations and demanding huge ransoms. This is a direct threat to privacy of patients and its expected that a full scale security review will be undertaken to find out the root causes of this breach.

Juniper Threat Labs discovered a new JavaScript obfuscation technique used in phishing attacks targeting affiliates of a major American political action committee (PAC) in early January 2025. The attack uses an invisible obfuscation technique. Check Point researchers have discovered an extremely sophisticated attack, perpetrated by nation state threat actors, that targeted the CEO and a high-ranking employee of a well-known organization.

Genea, a major Australian IVF provider, confirmed it experienced a cyber incident involving unauthorized third-party access to its data. The clinic is investigating the extent of the breach and working to ensure patient data is secured.

This incident highlights the vulnerability of healthcare providers and the need for robust security measures to protect sensitive patient information. Data breaches can have serious consequences for individuals and organizations, and it is crucial for healthcare providers to prioritize cybersecurity to safeguard against such incidents.

INE Security is emphasizing the importance of cybersecurity training for career stability in a volatile tech job market. With AI and machine learning driving new technologies, practical training and certification programs are crucial for professionals. INE’s focus on hands-on experience enhances career prospects in the cybersecurity field.

Versa Networks launches sovereign SASE, challenging the cloud-only security model. Sovereign SASE allows enterprises and service providers to deploy a SASE platform within their own on-premises or private cloud environments, rather than relying on a shared cloud-based service. Versa’s sovereign SASE runs entirely on customer-controlled infrastructure.

The Chinese nation-state-backed threat actor Salt Typhoon has been actively targeting telecommunications providers, compromising at least five companies between December and January of 2025. This campaign demonstrates the persistence of the group, despite sanctions. Exploitation attempts involved vulnerabilities in Cisco devices, highlighting the continued need for robust security measures in the telecommunications sector.

A sophisticated phishing campaign, tracked as Storm-2372, has been targeting global organizations via device code phishing. The threat actor, with medium confidence linked to Russian interests, has been active since August 2024. Lures resembling messaging app experiences, such as WhatsApp and Signal, are being used to deceive targets, potentially granting persistent access to networks. Targets include government entities, NGOs, IT services, and technology, defense, telecommunications, health, higher education, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East.

Russian state-sponsored hackers are actively exploiting the “linked devices� feature in Signal Messenger to conduct cyber-espionage campaigns. Groups like APT44 (Sandworm), UNC5792, UNC4221, and Turla target military personnel, politicians, and activists to compromise their secure communications. These actors abuse Signal’s feature to gain persistent access to accounts, using phishing tactics to trick users into linking their devices to attacker-controlled systems. Mandiant warns of the real-time spying risks associated with this activity, which primarily targets Ukrainian entities amidst Russia’s ongoing invasion.

Google Chrome has updated the existing Enhanced protection feature with AI technology to provide real-time protection against malicious websites, downloads, and browser extensions. This updated protection is part of Safe Browsing and enables real-time analysis of patterns to identify suspicious or dangerous webpages.

The RedCurl APT is actively abusing PowerShell for data collection and exfiltration. The attackers are using 7-Zip to archive collected data and exfiltrating it via PowerShell using MSXML2.ServerXMLHTTP and ADODB.Stream. These techniques allow them to gather and steal sensitive information from compromised systems.

The Qualys Threat Research Unit (TRU) disclosed two vulnerabilities in OpenSSH: CVE-2025-26465, a machine-in-the-middle (MitM) attack against the OpenSSH client when the VerifyHostKeyDNS option is enabled, and CVE-2025-26466, an asymmetric denial-of-service (DoS) attack affecting both client and server. CVE-2025-26465 allows attackers to intercept communications by spoofing DNS records, while CVE-2025-26466 enables resource exhaustion through excessive memory and CPU consumption. These vulnerabilities impact OpenSSH client and server components, potentially exposing millions to risks.

A critical security vulnerability, CVE-2022-31631, has been identified in PHP, affecting versions before 8.0.27, 8.1.15, and 8.2.2. It stems from an integer overflow issue in the PDO::quote() function when used with SQLite databases, potentially allowing SQL injection attacks. Successful exploitation could lead to unauthorized access, data breaches, and system compromise. Users are urged to update PHP immediately to patched versions.

The North Korea-linked APT group Kimsuky, also known as Emerald Sleet, is using a new tactic to compromise its traditional espionage targets. The group is tricking targets into running PowerShell as an administrator and executing malicious code. They build rapport with targets before sending a spear-phishing email with an attached PDF. The registration link has instructions to open PowerShell as an administrator and paste code provided by Emerald Sleet. If the target runs the code as an administrator, the code downloads and installs a browser-based remote desktop tool. This allows the threat actor to access the device and carry out data exfiltration.

The Sarcoma ransomware group has claimed responsibility for a breach at Unimicron, a Taiwanese printed circuit board (PCB) manufacturer. The attackers claim to have stolen 377 GB of data, including SQL files, and are threatening to release it if a ransom is not paid. The company confirmed a ransomware intrusion at its China-based subsidiary but has not yet confirmed the data breach.

Palo Alto Networks has introduced Cortex Cloud, integrating its cloud detection and response (CDR) and cloud-native application protection platform (CNAPP) capabilities onto the unified Cortex platform. This solution uses AI and automation to provide real-time cloud security, reducing risks and preventing threats. Unit 42 reports show that 80% of security incidents occur during runtime, highlighting the need for real-time protection.