Threat Intel Solutions

Welcome to this week’s Cybersecurity Newsletter, where we bring you the latest updates and key insights from the ever-evolving world of cybersecurity. In today’s fast-paced digital environment, staying informed is crucial, and our goal is to provide you with the most relevant information to navigate these challenges effectively.This edition focuses on emerging threats and the shifting dynamics of digital defenses. We’ll cover critical topics such as sophisticated ransomware attacks and the growing impact of state-sponsored cyber activities on global security.Our analysis includes an in-depth look at the changing nature of these threats, alongside actionable strategies to strengthen your organization’s defenses. We’ll examine how cutting-edge technologies like artificial intelligence (AI), machine learning (ML), and quantum computing are reshaping cybersecurity—both as tools for protection and as weapons for attackers. Examples include AI-driven phishing schemes, ML-enhanced malware, and the potential for quantum computing to compromise encrypted systems.Additionally, we’ll explore how various industries are adapting to pressing cybersecurity challenges, such as securing remote work environments and addressing vulnerabilities in IoT devices. These issues highlight the urgency of proactive measures in safeguarding digital infrastructure.We’ll also review recent regulatory developments shaping global cybersecurity practices, including frameworks like the EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA). These regulations are setting new benchmarks for data privacy and security, ensuring your compliance strategies remain up-to-date.Stay tuned each week as we tackle these complex topics and more, equipping you with the knowledge needed to stay ahead in the rapidly changing cybersecurity landscape.**Threats**———–#### **1. Hackers Weaponize npm Packages to Steal Solana Private Keys**Hackers have deployed malicious npm packages to exfiltrate Solana private keys via Gmail’s trusted infrastructure. These packages, such as `@async-mutex/mutex` and `solana-transaction-toolkit`, use typosquatting techniques to masquerade as legitimate tools. They intercept private keys and programmatically drain wallets, exploiting GitHub repositories to appear credible. Developers are urged to exercise caution when installing npm packages with low download counts or recent publication dates. **[Read more](https://cybersecuritynews.com/hackers-weaponize-npm-packages/)**#### **2. New Android Malware Mimics Chat App to Steal Data**A sophisticated Android malware campaign, attributed to the DONOT APT group, targets users in South Asia. Disguised as a chat app named ‘Tanzeem,’ the malware requests extensive permissions, steals sensitive data, and employs advanced evasion techniques. Organizations in the region are advised to implement robust security measures. **[Read more](https://cybersecuritynews.com/new-android-malware-mimics-chat-app/)**#### **3. LinkedIn Exploited by North Korean Hackers**North Korean hackers, particularly the Lazarus Group, are leveraging LinkedIn for cyberattacks. They use fake profiles and social engineering tactics to distribute malware and steal cryptocurrency. Organizations are advised to reassess their policies on social networking platforms and educate employees on the risks. **[Read more](https://cybersecuritynews.com/beware-of-your-linkedin-contacts/)**#### **4. Sliver Implant Targets German Entities**A cyberattack targeting German organizations uses weaponized LNK files to deploy the Sliver implant. The attack involves DLL sideloading and obfuscated payloads, making detection challenging. Organizations are recommended to implement strong email filtering and endpoint detection solutions. **[Read more](https://cybersecuritynews.com/sliver-implant-attacking-german-entities/)**#### **5. MintsLoader Malware Employs Advanced Techniques**The MintsLoader malware loader uses Domain Generation Algorithms (DGA) and anti-virtual machine techniques to evade detection. Delivered via phishing emails, it dynamically generates domains for communication with its command-and-control servers, complicating detection efforts. **[Read more](https://cybersecuritynews.com/new-mintsloader-employs-domain-generation-algorithm-anti-vm-techniques/)**#### **6. Contacto Ransomware Evades Detection**The new ransomware strain ‘Contacto’ showcases advanced evasion techniques, including privilege escalation and multi-threaded encryption. It disables Windows Defender, deletes recovery options, and targets specific file segments for encryption. **[Read more](https://cybersecuritynews.com/new-contacto-ransomware-evades-av-detection/)**#### **7. Over 1,000 Malicious Domains Mimic Reddit -& WeTransfer**Cybercriminals have created over 1,000 malicious domains impersonating platforms like Reddit and WeTransfer to distribute Lumma Stealer malware. These domains exploit SSL certificates to appear legitimate, tricking users into downloading harmful software. **[Read more](https://cybersecuritynews.com/1000-malicious-domains-mimic-reddit-wetransfer/)**#### **8. GhostGPT: AI Tool for Cybercrime**GhostGPT, an uncensored AI chatbot distributed via Telegram, is being used for phishing schemes, malware creation, and exploit development. Its ease of access lowers the barrier for cybercriminals to execute sophisticated attacks. **[Read more](https://cybersecuritynews.com/ghostgpt-jailbreak-version-of-chatgpt/)****Cyber Attacks**—————–#### **1. Ransomware Attack Shuts Down Blacon High School**Blacon High School in Cheshire, UK, was forced to close after a ransomware attack on January 17. The incident disrupted IT systems, leaving students and staff unable to access critical resources. While investigations are ongoing, ransomware attacks targeting educational institutions have surged globally, with attackers often using double extortion tactics. *Read more:* [Ransomware Attack on Blacon High School](https://cybersecuritynews.com/ransomware-attack-balcom-high-school/)#### **2. Fake SBI Reward App Delivers Android Malware**A malicious app disguised as an official State Bank of India (SBI) rewards application is targeting users via WhatsApp messages. The app lures victims with promises of redeeming ₹9,980 in reward points but instead steals sensitive data like banking credentials and OTPs. Users are advised to avoid downloading APK files from unverified sources and verify messages with official bank channels. *Read more:* [Fake SBI Reward APK Campaign](https://cybersecuritynews.com/beware-fake-sbi-reward-apk-attacking-users/)#### **3. Fake AnyDesk Requests Exploiting Remote Access**CERT-UA has warned of scams involving fake AnyDesk connection requests under the guise of security audits. Attackers exploit social engineering tactics to gain unauthorized access to devices, potentially leading to data theft. Users are urged to verify remote access requests through official channels and enable such software only when necessary. *Read more:* [Fake AnyDesk Requests Warning](https://cybersecuritynews.com/beware-of-fake-anydesk-requests/)#### **4. Record-Breaking 5.6 Tbps DDoS Attack**Cloudflare recently mitigated the largest-ever DDoS attack, peaking at 5.6 Tbps and launched by a Mirai-variant botnet comprising over 13,000 IoT devices. The attack highlights a growing trend of short, intense DDoS bursts that demand robust automated defenses for effective mitigation. *Read more:* [5.6 Tbps DDoS Attack](https://cybersecuritynews.com/record-breaking-5-6-tbps-ddos-attack/)#### **5. Ransomware Delivered via Microsoft Teams**Threat actors are exploiting Microsoft Teams’ default settings to deliver ransomware through social engineering tactics such as posing as IT support during Teams calls. Sophos researchers identified two campaigns leveraging tools like Quick Assist and malicious DLLs for lateral movement and data exfiltration. Organizations are advised to restrict external Teams communication and enhance employee awareness of such tactics. *Read more:* [Ransomware via Microsoft Teams](https://cybersecuritynews.com/threat-actors-delivering-ransomware-via-microsoft-teams/)#### **6. VPN Supply Chain Attack by PlushDaemon APT**A China-aligned APT group named PlushDaemon compromised a South Korean VPN provider in a supply-chain attack, replacing legitimate installers with malicious versions containing the SlowStepper backdoor. This sophisticated operation underscores the importance of securing software supply chains against advanced threats. *Read more:* [VPN Supply Chain Attack](https://cybersecuritynews.com/vpn-service-provider-hacker-supply-chain-attack/)**Vulnerabilities**——————-### Weekly Cybersecurity Newsletter: Vulnerabilities#### **1. Microsoft Configuration Manager RCE Vulnerability (CVE-2024-43468)**A critical remote code execution (RCE) vulnerability in Microsoft Configuration Manager (ConfigMgr), rated CVSS 9.8, allows unauthenticated attackers to exploit SQL injection flaws. This could lead to system compromise, unauthorized access, and data breaches. Organizations should apply patch KB29166583 immediately. [Read more](https://cybersecuritynews.com/microsoft-configuration-manager-rce-vulnerability/)#### **2. Windows 11 BitLocker Exploit (‘Bitpixie’)**The ‘Bitpixie’ exploit (CVE-2023-21563) bypasses Secure Boot, allowing attackers to decrypt BitLocker-encrypted drives without physical tampering. Users are advised to enable pre-boot authentication and apply updates like KB5025885 to mitigate risks. [Read more](https://cybersecuritynews.com/windows-11-bitlocker-encrypted-files-accessed/)#### **3. Windows CLFS Zero-Day Vulnerability (CVE-2024-49138)**A heap-based buffer overflow in the Windows Common Log File System driver enables privilege escalation to SYSTEM level. Actively exploited, this vulnerability requires immediate patching via Microsoft’s December 2024 updates. [Read more](https://cybersecuritynews.com/clfs-zero-day-cve-2024-49138/)#### **4. HPE Aruba Network Vulnerabilities**Critical vulnerabilities (CVE-2025-23051 and CVE-2025-23052) in HPE ArubaOS allow authenticated attackers to execute arbitrary code remotely. Administrators should upgrade to the latest ArubaOS versions and restrict access to management interfaces. [Read more](https://cybersecuritynews.com/hpe-aruba-network/)#### **5. Azure DevOps Vulnerabilities**Azure DevOps is affected by SSRF and CRLF injection flaws, enabling attackers to access internal services and manipulate HTTP headers. Users should apply security patches and monitor for unusual activity in their environments. [Read more](https://cybersecuritynews.com/multiple-azure-devops-vulnerabilities/)#### **6. Vim Text Editor Crash Vulnerability (CVE-2025-24014)**A segmentation fault vulnerability in Vim’s silent Ex mode can cause crashes under specific conditions. Users are urged to update to version 9.1.1043 or later to prevent disruptions from this medium-severity flaw. [Read more](https://cybersecuritynews.com/vim-vulnerability-binary/)#### **7. 7-Zip Arbitrary Code Execution (CVE-2025-0411)**A flaw in 7-Zip allows attackers to bypass Windows’ Mark-of-the-Web protections, potentially executing arbitrary code from malicious archives. Update to version 24.09 or later immediately to mitigate risks. [Read more](https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code-2/)#### **8. Mercedes-Benz MBUX Exploits**Vulnerabilities in the MBUX infotainment system allow remote manipulation of vehicle features like lighting and displays but do not affect critical systems like steering or brakes. Mercedes-Benz has released patches for affected models. [Read more](https://cybersecuritynews.com/mercedes-benz-user-experience-systems-exploited/)#### **9. Linux Kernel Vulnerabilities**Canonical has patched 126 vulnerabilities affecting Linux kernel subsystems, including networking, file systems, and drivers, for Ubuntu 22.04 LTS users. Immediate updates are recommended to secure systems against potential exploits. [Read more](https://cybersecuritynews.com/126-linux-kernel-vulnerabilities/)#### **10. OpenVPN Easy-RSA Weak Encryption Flaw (CVE-2024-13454)**A misconfiguration in Easy-RSA versions 3.0.5–3.1.7 allows brute-forcing of private CA keys encrypted with DES-EDE3-CBC instead of AES-256-CBC. Update to version 3.2.0 or later and re-encrypt existing keys with stronger algorithms immediately. [Read more](https://cybersecuritynews.com/openvpn-easy-rsa-vulnerability/)#### **11. Windows BitLocker Randomization Attack (CVE-2025-21210)**This vulnerability targets AES-XTS encryption mode, allowing plaintext data exposure via manipulated ciphertext blocks during crash dump configurations. Microsoft has released patches addressing this flaw; users should update immediately. [Read more](https://cybersecuritynews.com/windows-bitlocker-vulnerability-exploited/)#### **12. Fortinet Firewall Zero-Day Exploit (CVE-2024-55591)**Over 50,000 Fortinet firewalls remain vulnerable to an authentication bypass flaw enabling super-admin access via crafted WebSocket requests. Organizations must urgently patch affected devices or implement workarounds like restricting admin interface access. [Read more](https://cybersecuritynews.com/50000-fortinet-firewalls-remain-vulnerable-to-critical-zero-day-exploit/)#### **13. Oracle January 2025 Critical Patch Update**Oracle patched 318 vulnerabilities across its product suite, including critical flaws in Fusion Middleware, MySQL, and Database Server with CVSS scores up to 9.9. Customers should prioritize applying these updates immediately to avoid exploitation risks. [Read more](https://cybersecuritynews.com/oracle-critical-security-update-january/)#### **14. Cisco Meeting Management Privilege Escalation (CVE-2025-20156)**A REST API flaw in Cisco Meeting Management allows low-level users to escalate privileges to administrator by sending crafted API requests. Users must upgrade to version 3.9 or later as no workarounds are available. [Read more](https://cybersecuritynews.com/cisco-meeting-management-vulnerability/)**Data Breach**—————#### **1. ICICI Bank Data Breach by BASHE Ransomware Group**The BASHE ransomware group, also known as APT73 or Eraleig, has reportedly breached the database of ICICI Bank, one of India’s largest private sector banks. The group has threatened to leak sensitive customer data unless an undisclosed ransom is paid by January 24, 2025.Key details:* The breach was revealed on the dark web, where the group operates a TOR-based Data Leak Site (DLS).* ICICI Bank, classified as ‘critical information infrastructure’ by the Indian government, has not officially confirmed the breach.* This attack follows a similar pattern observed in December 2024 when BASHE targeted Federal Bank.Cybersecurity experts are urging ICICI Bank to act swiftly to mitigate risks, including enhancing security protocols and collaborating with law enforcement. The incident highlights the growing cyber threats to financial institutions globally.*Read more:* [ICICI Bank Data Breach](https://cybersecuritynews.com/icici-bank-data-breach/)#### **2. North Korean IT Workers Exploiting Remote Work for Cyber Extortion**The FBI has flagged a new wave of insider threats posed by North Korean IT operatives masquerading as remote workers. These individuals infiltrate Western companies, steal source codes, and demand ransoms in cryptocurrency.Key details:* These operatives use fake identities and AI-enhanced credentials to secure IT roles.* Once employed, they exfiltrate proprietary data from platforms like GitHub and use it for extortion.* Over six years, such schemes have generated at least $88 million for North Korea.Recommendations from the FBI include implementing robust hiring practices, network monitoring, and deploying Data Loss Prevention (DLP) tools. This tactic represents a blend of ransomware and insider threats without malware deployment.*Read more:* [North Korean IT Workers](https://cybersecuritynews.com/north-korean-it-workers/)**Other news**————–#### **1. OWASP Top 10 for 2025: Smart Contract Vulnerabilities**The Open Web Application Security Project (OWASP) has released its updated **Smart Contract Top 10 for 2025** , highlighting the most critical vulnerabilities in blockchain ecosystems. Key additions include **Price Oracle Manipulation** and **Flash Loan Attacks** , reflecting their growing prevalence in decentralized finance (DeFi). The report underscores the need for robust security practices, as over $1.42 billion was lost in 2024 due to smart contract flaws. *Read more* : [OWASP Top 10 2025 — Smart Contract Vulnerabilities](https://cybersecuritynews.com/owasp-top-10-2025-smart-contract/)#### **2. Microsoft Introduces Administrator Protection in Windows**Microsoft has unveiled a new security feature called **Administrator Protection** in Windows 11 Insider Preview Build 27774. This feature enforces the Principle of Least Privilege (PoLP) by treating admin accounts as standard users by default and granting elevated privileges only on a just-in-time basis. It also introduces enhanced elevation prompts for better security awareness. *Read more* : [New Administrator Protection Feature](https://cybersecuritynews.com/new-administrator-protection-feature/)#### **3. ‘Cookie Sandwich’ Attack Bypasses HttpOnly Cookies**A newly discovered attack technique, dubbed the **’cookie sandwich’** , enables attackers to bypass the HttpOnly flag on certain servers. By exploiting legacy cookie parsing mechanisms and crafting malicious headers, attackers can expose sensitive cookies, such as session identifiers, to client-side scripts. This vulnerability emphasizes the importance of modernizing cookie-handling practices. *Read more* : [Cookie Sandwich Attack Details](https://cybersecuritynews.com/cookie-sandwich-stealing-httponly-cookies/)#### **4. Researcher Jailbreaks AI System Prompt Using Storytelling**A researcher demonstrated a creative exploit by manipulating an AI system’s storytelling capabilities to indirectly access its restricted system prompt. This highlights a significant vulnerability in AI systems where unconventional approaches, like contextual loopholes, can bypass safeguards. The incident underscores the need for stronger AI security protocols that account for behavioral exploits. *Read more* : [AI System Prompt Jailbreaking](https://cybersecuritynews.com/researcher-jailbreaking-an-ais-system-prompt/)#### **5. Bypassing EDR Detection with Hardware Breakpoints**Adversaries have developed a sophisticated method to bypass Endpoint Detection and Response (EDR) systems by leveraging **hardware breakpoints** at the CPU level. This technique exploits gaps in Event Tracing for Windows (ETW) telemetry and avoids detection by directly modifying debug registers using APIs like `NtContinue`. Security teams are urged to adopt advanced monitoring strategies to mitigate this threat. *Read more* : [Bypassing EDR Detection](https://cybersecuritynews.com/bypassing-edr-detection-hardware-breakpoints/)The post [Weekly Cybersecurity Update: Recent Cyber Attacks, Vulnerabilities, and Data Breaches](https://cybersecuritynews.com/weekly-cybersecurity-update-jan/) appeared first on [Cyber Security News](https://cybersecuritynews.com).

Related Tags:
CVE-2024-13454

CVE-2025-0411

CVE-2025-24014

CVE-2025-23051

CVE-2025-23052

CVE-2025-21210

CVE-2024-55591

CVE-2023-21563

CVE-2024-49138

Associated Indicators: