1. Ivanti Patches Critical Flaws in Connect Secure and Policy Secure
Ivanti has released security updates to address multiple critical vulnerabilities affecting its Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) products. Among these, CVE-2024-38657 (CVSS score: 9.1) allows remote authenticated attackers with administrative privileges to write arbitrary files, while CVE-2025-22467 (CVSS score: 9.9) is a stack-based buffer overflow that permits remote code execution. The company has patched these issues in Ivanti Connect Secure version 22.7R2.6, Ivanti Policy Secure version 22.7R1.3, and Ivanti CSA version 5.0.5.
Although no evidence exists of these vulnerabilities being exploited in the wild, Ivanti urges users to apply the updates promptly to mitigate potential risks. This action underscores the importance of maintaining up-to-date security measures to protect against emerging threats. (Source: thehackernews.com)
2. Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks
Gcore's latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% year-over-year increase in the total number of DDoS attacks, with the largest attack peaking at a record 2 Tbps. The financial services sector experienced the most dramatic rise, with a 117% increase in attacks, while gaming remained the most-targeted industry. The report also notes a trend toward shorter, high-intensity attacks, which can evade traditional mitigation approaches.
Geopolitical factors are influencing attack patterns, emphasizing the need for robust, adaptive DDoS mitigation strategies. These findings highlight the growing sophistication and frequency of DDoS attacks, underscoring the importance of advanced protection measures. (Source: thehackernews.com)
3. Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
Attackers have been observed using Google Tag Manager (GTM) to deliver credit card skimmer malware to Magento-based e-commerce sites. Website security firm Sucuri says that the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains a shadowy backdoor capable of providing attackers with persistent access. Analysis reveals that the malicious code is loaded from the ‘cms_block.content’ table in the Magento database, and the GTM tag contains coded JavaScript acting as a credit card skimmer.
Once running, this script collects sensitive data entered by users during the payment process and sends it to a remote server controlled by the attackers. This is not the first time GTM has been used for malicious purposes; back in 2018, the tool was used in malvertising campaigns generating revenue for operators through pop-ups and redirects. (Source: thehackernews.com)
4. Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
The North Korea-linked Lazarus Group has initiated a campaign targeting professionals in the cryptocurrency and travel sectors by posing as recruiters on LinkedIn. They entice individuals with promises of remote work and attractive compensation. Once interest is shown, the attackers request personal information, such as CVs or GitHub links, to establish credibility.
Subsequently, they share a link to a repository containing a supposed decentralized exchange project, which includes an obfuscated JavaScript file. This file downloads a cross-platform information stealer designed to extract data from cryptocurrency wallet extensions in the victim's browser. The malware also acts as a loader, deploying a Python-based backdoor that monitors clipboard activity and facilitates further malicious actions. This sophisticated attack chain underscores the evolving tactics of threat actors in targeting sensitive financial information. (Source: thehackernews.com)
5. Windows Driver Zero-Day Vulnerability Allow Attackers To Gain System Access Remotely
A critical zero-day vulnerability, identified as CVE-2025-21418, has been discovered in a Windows driver, allowing attackers to gain remote access to systems. Disclosed on February 11, 2025, this heap-based buffer overflow vulnerability has been assigned a CVSS score of 7.8, indicating its severity. The exploitation of this flaw enables attackers to elevate privileges to SYSTEM level, granting full control over the affected system.
Microsoft has released security updates to address this issue across various Windows versions, including Windows 10, Windows 11, and multiple Windows Server editions. Users are strongly advised to apply these updates promptly to mitigate potential risks. This incident underscores the critical importance of maintaining up-to-date security measures to protect against emerging threats. (Source: cybersecuritynews.com)
6. Google Chrome’s Safe Browsing Now Protect 1 Billion Users With 300,000 Deep Scans
In celebration of Safer Internet Day, Google announced that over 1 billion Chrome users are now protected by the browser's Enhanced Protection mode. Introduced in 2020 as part of Google Safe Browsing, this feature offers twice the protection against phishing and scams compared to the standard mode. Enhanced Protection utilizes advanced AI and machine learning to analyze URLs and website content in real-time, identifying malicious sites that mimic trusted domains.
Additionally, it conducts over 300,000 deep scans of suspicious files monthly to detect previously unknown malware, even those hidden in encrypted archives. Despite its robust capabilities, user privacy remains a priority, with data anonymized and retained only as long as necessary to enhance security. By enabling Enhanced Protection, users not only improve their own safety but also contribute to a safer internet for all. (Source: cybersecuritynews.com)
7. North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack
The North Korean-linked threat actor known as Kimsuky has adopted a novel tactic to compromise targets by convincing them to execute malicious PowerShell commands. Posing as South Korean government officials, the attackers build trust with their victims over time before sending spear-phishing emails containing PDF attachments. These emails direct recipients to a URL with instructions to register their Windows system, which involves running PowerShell as an administrator and executing a provided code snippet.
If followed, this code installs a browser-based remote desktop tool and a certificate file with a hardcoded PIN from a remote server, granting the attackers unauthorized access to the victim's device and enabling data exfiltration. Microsoft has observed this method in limited attacks since January 2025, marking a shift from Kimsuky's traditional techniques. (Source: thehackernews.com)
8. Top 3 Ransomware Threats Active in 2025
In 2025, three ransomware families—LockBit, Lynx, and Virlock—are posing significant threats to organizations across various sectors. LockBit is notorious for its efficient encryption and double extortion tactics, often demanding multi-million dollar ransoms. Lynx employs advanced evasion techniques, making detection challenging for traditional security measures. Virlock distinguishes itself by combining ransomware with self-replicating malware, enabling it to spread rapidly across networks.
These ransomware variants not only encrypt data but also exfiltrate sensitive information, leveraging the threat of public disclosure to pressure victims into paying ransoms. The financial and reputational damages resulting from such attacks underscore the critical need for organizations to implement proactive cybersecurity measures and conduct regular vulnerability assessments. (Source: thehackernews.com)
9. Apple Releases Urgent Patch for USB Vulnerability
Apple has released an urgent security update to address a vulnerability identified as CVE-2025-24200, which may have been exploited in highly sophisticated attacks targeting specific individuals. This flaw allows attackers with physical access to a locked device to disable USB Restricted Mode, a security feature designed to prevent unauthorized data access through the device's Lightning port. USB Restricted Mode restricts data connections after a device has been locked for more than an hour, limiting access to charging only.
The security update is available for iPhone XS and later models, various iPad Pro versions, iPad Air third generation and later, iPad seventh generation and later, and iPad mini fifth generation and later. Users are strongly advised to install the update promptly to protect their devices from potential exploitation. (Source: darkreading.com)
10. DeepSeek AI Fails Multiple Security Tests, Raising Red Flag for Businesses
Recent security assessments have identified significant vulnerabilities in DeepSeek's AI applications. A comprehensive evaluation by AppSOC revealed that DeepSeek's generative AI model failed numerous security tests, exhibiting high failure rates in areas such as malware generation and susceptibility to prompt injection attacks. Additionally, Wiz Research discovered an exposed ClickHouse database belonging to DeepSeek, which contained over a million lines of sensitive information, including chat histories and secret keys.
Further analysis by NowSecure uncovered critical flaws in DeepSeek's iOS mobile app, such as unencrypted data transmission and insecure data storage. These findings underscore the immediate need for organizations to exercise caution and implement robust security measures when considering the integration of DeepSeek's AI solutions into their operations. (Source: darkreading.com)
Recent events underline once again that cyber security is not a one-off action, but an ongoing process.Whether it is addressing vulnerabilities, anticipating new threats or adapting to changing attack methods, constant vigilance is the key to effective protection.Organisations must regularly assess their security strategies and adapt them to the dynamic digital environment.Only through a proactive approach can adequate resilience to cyber threats be ensured.
