It's time for another CyberWednesday, Nomios! Cyber threats are evolving at a rapid pace, so keeping up is more important than ever. From attacks on artificial intelligence systems to the activities of state-sponsored hacking groups, no technology or organisation is fully immune. Ransomware is becoming more sophisticated, security vulnerabilities are being ruthlessly exploited, and cybercriminals are increasingly bold in turning to AI to enhance the effectiveness of their operations.
1. Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
In February 2025, reports emerged that Russian cybercriminal groups were actively exploiting a recently patched vulnerability in the 7-Zip archiver tool, identified as CVE-2025-0411. This flaw allows attackers to bypass Windows' Mark-of-the-Web (MotW) protections, enabling the execution of arbitrary code on targeted systems. The exploitation method involves spear-phishing campaigns where malicious actors use homoglyph attacks to disguise malicious files as legitimate documents, deceiving both users and the Windows operating system.
Notably, these campaigns have been linked to cyber espionage activities targeting governmental and non-governmental organisations in Ukraine, amidst the ongoing Russo-Ukrainian conflict. The primary payload delivered through this vulnerability is SmokeLoader malware, known for its data theft and system compromise capabilities. The attacks primarily target smaller local government entities, which, due to limited cybersecurity resources, become an easy target for cybercriminals. They can serve as a gateway to larger, more strategic institutions, allowing attackers to escalate the threat further.
Users are strongly advised to update their 7-Zip installations to version 24.09 or later and exercise caution with unsolicited emails and attachments.(Source: thehackernews.com)
2. 768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
In 2024, a total of 768 vulnerabilities identified by CVE numbers were exploited in real-world scenarios, marking a 20% increase from the 639 CVEs exploited in 2023. According to VulnCheck, 23.6% of these known exploited vulnerabilities were weaponised on or before their public disclosure date, a slight decrease from 26.8% in 2023. This trend underscores the persistent threat posed by cyber actors targeting software vulnerabilities. Notably, the Log4j vulnerability (CVE-2021-44228) was associated with 31 identified threat actors, highlighting its widespread exploitation. Organisations are advised to assess their exposure to such vulnerabilities, enhance threat visibility, maintain robust patch management practices, and implement mitigating controls to reduce potential risks. (Source: thehackernews.com)
3. Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists
Meta's WhatsApp announced the disruption of a spyware campaign targeting approximately 90 journalists and civil society members across over two dozen countries, including several in Europe. The spyware, developed by Israeli company Paragon Solutions, was deployed through a zero-click exploit, likely involving specially crafted PDF files sent to individuals added to WhatsApp group chats. This method allowed the spyware to infect devices without any user interaction. WhatsApp has reached out to affected users, expressing "high confidence" that they were targeted and possibly compromised. The company emphasised the need to hold spyware firms accountable for unlawful actions and has issued a cease and desist letter to Paragon while considering further measures. This incident underscores the ongoing challenges in safeguarding user privacy against sophisticated surveillance tools. (Source: thehackernews.com)
4. Critical Veeam Backup Vulnerability Let Attackers Execute Arbitrary Code to Gain Root Access
A critical vulnerability, CVE-2025-23114, has been discovered in the Veeam Updater component, which is essential for various Veeam backup solutions. This flaw enables attackers to execute arbitrary code on affected servers through Man-in-the-Middle (MitM) attacks, potentially granting them root-level access. The issue stems from insecure communication channels used by Veeam Updater during the transmission of sensitive data. By exploiting this weakness, attackers can intercept and manipulate update requests, injecting malicious code to gain full control over the system. Veeam has addressed the problem by releasing updates that patch the affected component in newer software versions. Users are strongly advised to update their backup appliances to the latest versions to mitigate potential risks. (Source: cybersecuritynews.com)
5. ChatGPT-4o Jailbreak Vulnerability “Time Bandit” Let Attackers Create Malware
Recent cybersecurity research has revealed a vulnerability in ChatGPT-4o that allows users to bypass its safety filters. The exploit, known as a "jailbreak", enables the manipulation of the AI's responses to generate potentially harmful content.
Security experts have demonstrated this technique to highlight the risks and challenges associated with deploying such advanced AI systems. The discovery has raised significant concerns regarding the potential misuse of the technology by malicious actors. Developers and researchers are now urged to collaborate and implement stronger safeguards to prevent future exploits. (Source: cybersecuritynews.com)
6. New Threat Hunting Technique to Uncover Malicious Infrastructure Using SSL History
The importance of monitoring SSL/TLS certificates is increasing alongside the development of cyber threats. Certificate analysis enables the quick identification of potential attacks and unauthorised activities online. Effective management of SSL infrastructure allows for the detection of anomalies and the protection of systems against misuse. Available tools and methods facilitate risk assessment and the enhancement of digital security. The use of certificate data combined with other sources of information strengthens defences against cyberattacks. SSL Intelligence constitutes an integral part of modern strategies for protecting against threats in cyberspace. (Source: cybersecuritynews.com)
7. AI-Powered Fraud on the Rise for Financial Institutions
The AuthenticID report reveals a growing threat in the financial sector as cybercriminals use increasingly sophisticated methods to hack into systems. Banks and financial institutions are becoming prime targets for these malicious activities. The study showed a significant increase in identity fraud, reaching 2.1% of transactions in 2024, up from 1.27% in 2022. Additionally, deepfake fraud increased in 2024, affecting 46% of cases. The report emphasises that protecting against this type of threat requires the implementation of comprehensive security systems and continuous monitoring. Attention is drawn to the need for cooperation between the private sector and regulators to respond more effectively to new types of cyberattacks. In the face of a rapidly changing threat landscape, investment in modern security technologies and employee trainingis becoming a key component of security strategies. (Source: cybermagazine.com)
8. 3 Health Groups Report 2024 Hacks Affecting 1.2 Million
Three healthcare organisations in the United States reported significant cyberattacks in 2024, affecting over 1.2 million patients in total. One of the largest breaches involved NorthBay Healthcare in California, where unauthorised access compromised sensitive files of more than 569,000 individuals. Another incident affected River Region Cardiology in Alabama, which notified around 500,000 patients after a cyberattack on a remote connection used by a third-party vendor. Additionally, Delta Health in Colorado experienced a breach impacting approximately 148,000 patients due to suspicious network activity. These incidents highlight a worrying trend of targeted cyberattacks within the healthcare sector, emphasising the urgent need for robust cybersecurity measures and continuous monitoring. (Source: govinfosecurity.com)
9. Browser Syncjacking: How Any Browser Extension can Be Used to Takeover Your Device
SquareX's research team unveiled a critical vulnerability termed "Browser Syncjacking," which exploits the synchronisation features of web browsers. This attack involves malicious browser extensions that, upon installation, can hijack a user's browser profile by synchronising it with an attacker-controlled account. Consequently, attackers gain access to sensitive data such as passwords, browsing history, and autofill information. The exploitation process is divided into three stages: profile hijacking, browser hijacking, and device hijacking. This discovery underscores the pressing need for users to exercise caution when installing browser extensions and to regularly review and manage their browser settings to mitigate potential security risks.(Source: labs.sqrx.com)
10. Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks
In February 2025, Taiwan's Ministry of Digital Affairs announced a ban on the use of DeepSeek's artificial intelligence services by government agencies, citing concerns over national information security. The ministry highlighted that DeepSeek, being a Chinese product, involves cross-border data transmission, raising risks of information leakage. This move aligns with actions taken by other countries, such as Italy, which recently blocked DeepSeek due to insufficient transparency regarding its data handling practices. The growing apprehension stems from fears that the Chinese government could potentially exploit AI systems like DeepSeek for foreign influence operations, disinformation campaigns, surveillance, and cyberweapon development. Consequently, several nations are scrutinising DeepSeek's operations to safeguard their national security and data privacy. (Source: thehackernews.com)
Stay ahead of the latest cybersecurity developments by keeping an eye on these stories, and ensure your organisation's security protocols remain up to date.
