Welcome to this week’s Cybersecurity Newsletter, which provides the latest updates and key insights from the ever-evolving field of cybersecurity.In the current fast-paced digital landscape, it is essential to remain informed. Our objective is to deliver the most pertinent information that will assist you in effectively navigating these challenges.This edition focuses on emerging threats and the evolving dynamics of digital defenses. Topics of particular significance include advanced ransomware attacks and the growing impact of state-sponsored cyber activities on global security.Our analysis presents a comprehensive examination of the changing nature of these threats, alongside actionable strategies to strengthen your organization’s defenses. We will evaluate how cutting-edge technologies, such as artificial intelligence (AI), machine learning (ML), and quantum computing, are not only redefining cybersecurity as protective tools but also serving as potential mechanisms for exploitation by adversaries.Specific examples include AI-driven phishing attacks, ML-enhanced malware, and the ability of quantum computing to compromise encrypted systems. Furthermore, we will investigate how various industries are addressing urgent cybersecurity challenges, including the protection of remote work environments and the mitigation of vulnerabilities in Internet of Things (IoT) devices.These issues highlight the critical need for proactive measures in safeguarding digital infrastructure.Additionally, we will review recent regulatory developments that are shaping global cybersecurity practices, including frameworks such as the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA). These regulations are establishing new standards for data privacy and security, thereby ensuring that your compliance strategies remain current.We encourage you to stay engaged each week as we explore these complex topics and more, equipping you with the necessary knowledge to remain ahead in the rapidly evolving cybersecurity landscape.**Cybersecurity News**———————-### 1. **Healthcare Sector Breach: 1 Million Patients Exposed**Community Health Center, Inc. (CHC) disclosed a breach impacting **1,060,936 individuals**, including patients and COVID-19 test/vaccine recipients. Exposed data includes:* Social Security Numbers (SSNs)* Medical diagnoses, test results, and treatment details* Insurance informationCHC offered 24 months of free identity theft protection via IDX. No operational disruptions occurred, and the attacker’s access was terminated swiftly. **Read more** : [U.S. Community Health Center Hacked](https://cybersecuritynews.com/u-s-community-health-center-hacked/)### 2. **Globe Life Cyberattack: 850,000+ Records Stolen**A data exfiltration attack targeted Globe Life’s subsidiary, American Income Life Insurance Company (AILIC). Compromised data includes:* Names, SSNs, addresses* Policy-related health dataThe attackers used **double extortion** tactics, sharing stolen data with short sellers to pressure the company. No financial data was exposed. **Read more** : [Globe Life Ransomware Attack](https://cybersecuritynews.com/globe-life-ransomware-attack/)### 3. **AWS S3 Bucket Hijacking Risks Global Software Supply Chains**Researchers identified **150+ abandoned AWS S3 buckets** previously used by governments and Fortune 500 firms. Attackers can re-register these to distribute malicious updates, risking SolarWinds-level breaches. Over 8 million requests were observed, including from NASA and military networks. **Read more** : [Abandoned AWS S3 Buckets](https://cybersecuritynews.com/abandoned-aws-s3-buckets/)### 4. **Grubhub Third-Party Breach Exposes Customer Data**A compromised third-party contractor account led to unauthorized access to:* Names, emails, phone numbers* Partial payment card details (last 4 digits)No full payment details or passwords were stolen, but Grubhub reset all affected credentials. **Read more** : [Grubhub Data Breach](https://cybersecuritynews.com/grubhub-data-breach/)### 5. **Spanish Authorities Arrest Hacker Behind 40+ Cyberattacks**A suspect linked to breaches at **NATO, U.S. Army, and Spanish government agencies** was arrested in Alicante. The hacker used dark web forums to leak data and laundered profits via 50+ cryptocurrency accounts. **Read more** : [Hacker Arrested for Compromising 40+ Organizations](https://cybersecuritynews.com/hacker-arrested-compromised-40-organizations/)### 6. **Critical Microsoft Outlook Vulnerability Actively Exploited****CVE-2024-21413** allows attackers to bypass Protected View via malicious links, enabling remote code execution and NTLM credential theft. CISA mandates federal agencies to patch by February 27. **Read more** : [Microsoft Outlook Vulnerability](https://cybersecuritynews.com/critical-microsoft-outlook-vulnerability-actively-exploited-in-cyber-attacks/)### 7. **New Active Directory Attack Exploits Kerberos Delegation**Attackers abuse **Unconstrained Delegation** to create ‘Ghost Servers,’ impersonate users, and escalate privileges in AD networks. Mitigation includes transitioning to Constrained Delegation and monitoring SPN configurations. **Read more** : [Kerberos Delegation Attack](https://cybersecuritynews.com/abusing-kerberos-delegation-in-active-directory/)### 8. **HPE Discloses Breach by Russian APT Group**Midnight Blizzard (APT29) infiltrated HPE’s Office 365 emails, stealing employee SSNs, driver’s licenses, and credit card data. The breach began in May 2023 and was contained in December. **Read more** : [HPE Data Breach](https://cybersecuritynews.com/hpe-alerts-employees-of-data-breach/)**Cyber Attacks**—————–1. **Hackers Exploit AWS -& Azure for Large-Scale Attacks** Threat actors are abusing cloud platforms via infrastructure laundering (1,200+ AWS IPs hijacked), API key theft, and misconfigured S3 buckets. The FUNNULL group has targeted 200,000+ domains in phishing campaigns and ransomware schemes. [Read more](https://cybersecuritynews.com/hackers-abusing-aws-microsoft-azure/)2. **High-Profile X Accounts Hijacked in Crypto Phishing Campaign** Verified accounts (Tor Project, Nasdaq, Microsoft India) were compromised to promote fraudulent crypto schemes. Attackers used Google AMP Cache domains and Evilginx for MitM token theft. [Read more](https://cybersecuritynews.com/new-phishing-attack-hijacking-high-profile-x-accounts/)3. **HTTP Client Tools Weaponized for Microsoft 365 Takeovers** Axios, OkHttp, and Node Fetch tools enabled attacks on 78% of M365 tenants, with 43% success in credential/MFA token theft. Campaigns targeted executives via spear phishing. [Read more](https://cybersecuritynews.com/hackers-using-http-client-tools/)4. **ScreenConnect RMM Tool Abused for Persistent Access** Socially engineered fake agents (e.g., ‘eStatementsForum_Viewr…exe’) exploited CVE-2024-1709 to deploy malware via bulletproof hosting providers. [Read more](https://cybersecuritynews.com/hackers-exploiting-screenconnect-rmm-tool/)5. **3,000+ ASP.NET Keys Exposed IIS Servers to RCE** Hackers exploited publicly disclosed `ValidationKey`/`DecryptionKey` pairs to inject malicious ViewState payloads, deploying the Godzilla framework. [Read more](https://cybersecuritynews.com/hackers-exploited-3000-asp-net-keys/)6. **Weaponized Go Package Targets Developers** The typosquatted `boltdb-go` module hid a backdoor (C2: `49.12.198[.]231:20022`) using obfuscated IPs and Go Module Proxy caching. [Read more](https://cybersecuritynews.com/weaponized-go-package-module-let-attackers-gain-remote-access-to-infected-systems/)7. **TinyZero: $30 AI Model Replicates DeepSeek’s R1-Zero** Researchers replicated a 3B-parameter LLM using reinforcement learning for math/logical tasks, showcasing low-cost AI advancements. [Read more](https://cybersecuritynews.com/tinyzero/)8. **Free Email Services Targeted in Gov/Education Phishing** GreenSpot group impersonated 163.com with domains like `mail[.]II63[.]net` to steal credentials from Chinese military/academic entities. [Read more](https://cybersecuritynews.com/threat-actors-leveraging-free-email-services/)**Threats**———–### **1. Microsoft Advertisers Targeted by Malicious Google Ads**A phishing campaign impersonated Microsoft Ads via fraudulent Google Ads, redirecting users to fake login pages to steal credentials. Attackers employed cloaking and Cloudflare challenges to evade detection, while phishing domains mimicked legitimate URLs (e.g., `ads[.]mcrosoftt[️⃣]com`). The campaign also attempted to bypass 2FA and displayed ‘rickroll’ pages to direct visitors. **Read more** : [Link](https://cybersecuritynews.com/microsoft-advertisers-account-hacked/)### **2. Devil-Traff SMS Platform Fuels Phishing Attacks**Devil-Traff, a bulk SMS service, enables attackers to send spoofed messages impersonating entities like PayPal. Features include sender ID customization, API automation, and global reach (starting at $0.02/SMS). The platform facilitates OTP interception and bypasses spam filters. **Read more** : [Link](https://cybersecuritynews.com/devil-traff-new-malicious-bulk-sms-portal/)### **3. ValleyRAT Targets Finance Teams with New Tactics**The Silver Fox APT group deployed ValleyRAT via phishing sites impersonating Chrome and telecom companies. The malware uses DLL sideloading, process monitoring, and VMware checks to evade detection. Key IOCs include C2 IPs like `149.115.250.19` and domains like `karlost[️⃣]club`. **Read more** : [Link](https://cybersecuritynews.com/valleyrat-attacking-orgs-accounting-department/)### **4. macOS Users Hit by ‘Tiny FUD’ Malware**Tiny FUD bypasses Gatekeeper and SIP using forged code signatures and DYLD injection. It spoofs process names (e.g., `com.apple.Webkit.Networking`) and communicates with C2 server `69[️⃣]197[️⃣]175[️⃣]10:9999` for command execution. **Read more** : [Link](https://cybersecuritynews.com/new-tiny-fud-attacking-macos-users/)### **5. Chinese Hackers Deploy Linux SSH Backdoor**DaggerFly’s ELF/Sshdinjector.A!tr malware infects Linux devices via modified SSH libraries (`libsshd.so`) and compromised utilities (`ls`, `crond`). The backdoor uses C2 IP `45.125.64[️⃣]200` and executes commands like credential theft and directory listing. **Read more** : [Link](https://cybersecuritynews.com/chinese-hackers-attacking-linux-devices/)### **6. Indian Banking Malware ‘FatBoyPanel’ Steals Aadhar/PAN Data**Nearly 900 Android malware samples disguised as banking apps intercept SMS/OTPs. Variants exfiltrate data via SMS forwarding, Firebase endpoints, or hybrid methods. Over 50,000 users’ financial details were compromised. **Read more** : [Link](https://cybersecuritynews.com/new-malware-attacking-users-of-indian-banks/)### **7. Surge in macOS Password Stealers*** **Atomic Stealer**: Targets Chrome credentials via malvertising.* **Poseidon Stealer**: Uses fake installers and AppleScript.* **Cthulhu Stealer** : Prompts for MetaMask passwords and uploads data to C2 servers. **Read more** : [Link](https://cybersecuritynews.com/password-stealing-malware-attacking-macos-users/)### **8. North Korean Hackers Abuse Custom RDP Wrapper**Kimsuky group’s RDP Wrapper modifies `termsrv.dll` to enable stealthy remote access. The attack chain includes proxy malware, keyloggers, and reflective PowerShell payloads. **Read more** : [Link](https://cybersecuritynews.com/north-korean-hackers-use-custom-made-rdp-wrapper/)### **9. SVG Phishing Campaigns Target Major Platforms**SVG files with embedded links redirect users to fake login portals (e.g., Office365, Dropbox). Attackers use CAPTCHA gates and region-specific lures. Some SVGs deliver AutoIt-based keyloggers like Nymeria. **Read more** : [Link](https://cybersecuritynews.com/weaponized-svg-files-with-google-drive-links/)### **10. Flesh Stealer Malware Bypasses Chrome Encryption**This .NET-based malware extracts passwords from Chrome, Firefox, and Signal while avoiding CIS countries. Anti-VM checks target VMware/Hyper-V, and Wi-Fi credentials are harvested via `netsh`. **Read more** : [Link](https://cybersecuritynews.com/flesh-stealer-malware/)**Vulnerabilities**——————-### **1. Windows 11 Kernel Race Condition Vulnerabilities**A critical race condition flaw dubbed **KernelSyncLeaks** (CVE-2025-XXXX) was discovered in Windows 11’s x64 kernel, allowing attackers to escalate privileges, execute arbitrary code, or crash systems. Proof-of-concept exploits are circulating, raising concerns about enterprise and industrial systems. *Read more* : [Windows 11 Kernel Flaw](https://cybersecuritynews.com/windows-11-modern-kernel-race-conditions/)### **2. BeyondTrust SaaS Platform Breach**Silk Typhoon, a China-linked hacking group, exploited **zero-day vulnerabilities** (CVE-2024-12356 and CVE-2024-12686) in BeyondTrust’s Remote Support SaaS, compromising 17 customers. The breach involved stolen AWS API keys and unauthorized access to U.S. Treasury data. *Read more* : [BeyondTrust Breach](https://cybersecuritynews.com/beyondtrust-zero-day-breach/)### **3. Linux 6.14-rc1 Released**The latest Linux kernel update includes **500,000+ lines of code changes** , focusing on driver optimizations, x86 architecture fixes, and security enhancements for SELinux and BPF. A smaller release due to holiday slowdowns. *Read more* : [Linux 6.14 Update](https://cybersecuritynews.com/linux-6-14/)### **4. ChatGPT Launches Deep Research Feature**OpenAI’s new **Deep Research** tool, powered by the o3 model, automates complex tasks like data synthesis and report generation, achieving 26.6% accuracy on expert-level benchmarks. Available for ChatGPT Pro users. *Read more* : [ChatGPT Deep Research](https://cybersecuritynews.com/chatgpt-announces-deep-research/)### **5. Active Directory Privilege Escalation Exploit**A PoC exploit for **CVE-2025-21293** targets the ‘Network Configuration Operators’ group, allowing SYSTEM-level access via malicious Performance Counter DLLs. Patched in January 2025 updates. *Read more* : [AD Exploit](https://cybersecuritynews.com/poc-exploit-active-directory-domain-services/)### **6. Dell PowerProtect Critical Flaws**Multiple vulnerabilities (e.g., **CVE-2024-33871** in Ghostscript and **CVE-2024-41110** in Docker) expose Dell’s data protection systems to remote code execution. Updates urged for DDOS 8.3.0.0+. *Read more* : [Dell Vulnerabilities](https://cybersecuritynews.com/multiple-dell-powerprotect-vulnerabilities/)### **7. Roundcube Webmail XSS Vulnerability****CVE-2024-57004** lets attackers upload malicious files as email attachments, executing scripts when viewed. Patch available in Roundcube 1.6.10. *Read more* : [Roundcube Flaw](https://cybersecuritynews.com/roundcube-xss-vulnerability/)### **8. 7-Zip Zero-Day Exploited for SmokeLoader**Russian hackers weaponized **CVE-2025-0411** to bypass Mark-of-the-Web protections via nested archives. Update to 7-Zip 24.09+ to mitigate. *Read more* : [7-Zip Exploit](https://cybersecuritynews.com/7-zip-zero-day-vulnerability-smokeloader-malware/)### **9. Apple Service Portal Data Exposure**An **IDOR flaw** in Apple’s service ticket portal exposed Mac serial numbers, IMEIs, and customer data. Patched after researcher disclosure. *Read more* : [Apple Portal Vulnerability](https://cybersecuritynews.com/apple-service-ticket-portal-vulnerability/)### **10. Windows OLE Zero-Click RCE Flaw****CVE-2025-21298** (CVSS 9.8) in Outlook allows code execution via malicious RTF attachments. Patch Tuesday updates address the issue. *Read more* : [Windows OLE Vulnerability](https://cybersecuritynews.com/critical-windows-ole-zero-click-vulnerability/)### **11. Chrome Use-After-Free Bugs Patched**High-severity flaws in Skia (**CVE-2025-0444** ) and V8 (**CVE-2025-0445** ) fixed in Chrome 133. Update to mitigate remote code execution risks. *Read more* : [Chrome Update](https://cybersecuritynews.com/chrome-use-after-free-vulnerabilities/)### **12. Cisco ISE Command Execution Vulnerabilities****CVE-2025-20124** (Java deserialization) and **CVE-2025-20125** (auth bypass) in Cisco ISE allow root access. Patch to versions 3.1P10/3.2P7/3.3P4. *Read more* : [Cisco Flaws](https://cybersecuritynews.com/cisco-ise-vulnerabilities-arbitrary-command/)### **13. Microsoft Edge Remote Code Flaws**Four vulnerabilities (e.g., **CVE-2025-21342** ) patched in Edge 133.0.3065.51. Requires user interaction via malicious links. *Read more* : [Edge Update](https://cybersecuritynews.com/edge-vulnerabilities-remote-code/)**Other News**————–### **1. Microsoft Unveils AI-Powered Avatars for Teams**Microsoft has launched **AI-generated avatars** for Teams meetings, enabling users to join video calls with a customizable digital representation instead of live video.**Key features**:* **Biometric customization**: Upload a photo to generate an avatar matching your facial features, hairstyle, and skin tone.* **3D immersion**: Avatars adapt to Microsoft Mesh’s 3D meeting spaces.* **Privacy-focused**: Uploaded photos are deleted after processing, and biometric data isn’t stored.* **Accessibility**: Built-in text-to-speech (Ctrl + B) for visually impaired users.*Read more* : [Microsoft Announces AI Avatar for Teams](https://cybersecuritynews.com/microsoft-announces-ai-avatar/)### **2. New EDR Bypass Technique Exploits Unicode Path Spoofing**A novel attack method allows threat actors to **evade EDR systems** using standard user privileges by disguising malicious payloads in spoofed directories.**How it works**:* Attackers create folders like `C:-Program[U+2000]Files` (using Unicode whitespace characters).* Legitimate-looking paths (e.g., `C:-Program Files-Windows Defender-SuperJuicy.exe`) trick analysts.* Sysmon logs show deceptive process creation events, delaying detection.*Read more* : [Bypassing EDR as a Standard User](https://cybersecuritynews.com/bypassing-edr-as-standard-user/)The post [Cybersecurity Weekly Brief: Latest on Attacks, Vulnerabilities, -& Data Breaches](https://cybersecuritynews.com/cybersecurity-weekly-brief-feb-3-to-9/) appeared first on [Cyber Security News](https://cybersecuritynews.com).
Related Tags:
CVE-2025-20125
CVE-2025-20124
CVE-2025-0445
CVE-2025-0444
CVE-2024-57004
CVE-2024-33871
CVE-2025-0411
CVE-2025-21298
CVE-2025-21293
Associated Indicators:
8.3.0.0
libsshd.so
49.12.198.231
149.115.250.19