Top News

• Threat actors misuse Node.js to deliver malware and other malicious payloads

"Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration."

Link

TLP¹ : Green

• MITRE CVE Program Gets Last-Hour Funding Reprieve

"The US government’s cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational."

Link

TLP¹ : Green

• Google blocked over 5 billion ads in 2024 amid rise in AI-powered scams

"Google blocked 5.1 billion ads and suspended more than 39.2 million advertiser accounts in 2024, according to its 2024 Ads Safety Report released this week."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

"Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Hertz Discloses Data Breach Linked to Cleo Hack

"Customers of the Hertz, Thrifty, and Dollar brands had their personal information stolen as a result of the Cleo hack last year."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks

"Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild."

Link

TLP¹ : Green

• Cisco Webex Vulnerability Lets Hackers Execute Code Through Malicious Meeting Links

"Cisco has disclosed a high-severity vulnerability in its widely used Webex App, warning users that attackers could exploit the flaw to execute arbitrary code on targeted computers."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• When AI agents go rogue, the fallout hits the enterprise

"In this Help Net Security interview, Jason Lord, CTO at AutoRABIT, discusses the cybersecurity risks posed by AI agents integrated into real-world systems. Issues like hallucinations, prompt injections, and embedded biases can turn these systems into vulnerable targets."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis

"In December 2024, we uncovered an attack chain that employs distinct, multi-layered stages to deliver malware like Agent Tesla variants, Remcos RAT or XLoader. Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution. The phishing campaign we analyzed used deceptive emails posing as an order release request to deliver a malicious attachment."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp