Originally published at ssojet
Fake BianLian Ransom Claims
A new scam campaign is sending physical letters to organizations, falsely claiming to be from the BianLian ransomware group. The letters demand Bitcoin payments between $250,000 and $350,000. Security analysts confirm these claims are fraudulent, and organizations should verify their network security and report incidents to law enforcement. Read more: Fake BianLian Ransom Claims
Medusa Ransomware Attacks Surge by 42%
Medusa ransomware attacks have surged, doubling in activity early in 2025 compared to 2024. Operated as ransomware-as-a-service (RaaS) by the Spearwing group, Medusa employs double extortion tactics and advanced techniques like Bring Your Own Vulnerable Driver (BYOVD). Read more: Medusa Ransomware Attacks Surge by 42%
New PyPI Malware Targeting Developers
A new malware campaign is exploiting Python Package Index (PyPI) repositories to trick developers into downloading malicious packages. This highlights the importance of secure coding practices and awareness of potential vulnerabilities. Read more: New PyPI Malware Targeting Developers
PeakLight Malware Attacks
PeakLight malware has emerged as a significant threat, targeting users with advanced evasion techniques and capabilities for data exfiltration. Organizations should implement robust security measures to detect and mitigate these threats. Read more: PeakLight Malware Attacks
Exploitation of PHP CGI RCE Vulnerability
Threat actors are exploiting a PHP CGI remote code execution (RCE) vulnerability, enabling unauthorized access and potential system compromise. Organizations should apply security patches and conduct vulnerability assessments. Read more: Exploitation of PHP CGI RCE Vulnerability
Malware Hosted on GitHub Infects 1 Million Devices
Malware hosted on GitHub repositories has infected over 1 million devices. This incident emphasizes the need for vigilance in open-source software usage and regular security audits. Read more: Malware Hosted on GitHub Infects 1 Million Devices
Blind Eagle Targets Organizations with Weaponized URL Files
Blind Eagle, a known threat actor group, is attacking organizations using weaponized URL files to deliver malware payloads. Organizations should enhance their email filtering and user awareness training. Read more: Blind Eagle Targets Organizations with Weaponized URL Files
100 Auto Dealers Compromised via ClickFix Webpage
A ClickFix webpage vulnerability has led to the hacking of over 100 auto dealers’ systems. This incident highlights the need for regular website security assessments. Read more: 100 Auto Dealers Compromised via ClickFix Webpage
RedCurl APT Leveraging Active Directory Explorer
The RedCurl advanced persistent threat (APT) group is using Active Directory Explorer as part of its attack strategy against organizations. Implementing strong identity and access management solutions is critical. Read more: RedCurl APT Leveraging Active Directory Explorer
Vulnerabilities
Microsoft WinDbg RCE Vulnerability
A high-severity remote code execution (RCE) vulnerability (CVE-2025-24043) was discovered in the SOS debugging extension of Microsoft WinDbg. Organizations using this tool should prioritize applying the necessary patches to mitigate risks. Read more: Microsoft WinDbg RCE Vulnerability
Commvault Webserver Vulnerability
Commvault patched a critical webserver vulnerability that could allow attackers to deploy malicious webshells. It is essential for users to update their systems promptly. Read more: Commvault Webserver Vulnerability
Popular Python Library Vulnerability
A vulnerability in a widely-used Python library has raised concerns about potential exploitation risks. Developers should ensure that their applications are using the most secure versions of libraries. Read more: Popular Python Library Vulnerability
Laravel Framework Vulnerability
A vulnerability in the Laravel PHP framework could allow attackers to exploit improperly sanitized inputs. Developers should review their code for potential security gaps. Read more: Laravel Framework Vulnerability
Apache Tomcat RCE Attacks
A newly identified RCE vulnerability in Apache Tomcat poses significant risks. Organizations relying on Tomcat should ensure they are patched against this vulnerability. Read more: Apache Tomcat RCE Attacks
Multiple SCADA Vulnerabilities
Critical vulnerabilities have been identified in SCADA systems, posing risks to operational integrity. Organizations must regularly assess and upgrade their SCADA security measures. Read more: Multiple SCADA Vulnerabilities
Microsoft MMC Vulnerability Warning
CISA has issued a warning regarding a vulnerability in Microsoft Windows Management Console (MMC). Users should ensure their systems are updated to protect against potential exploits. Read more: Microsoft MMC Vulnerability Warning
Windows Remote Desktop Services Code Flaw
A critical vulnerability in Windows Remote Desktop Services has been identified, necessitating an immediate response from affected organizations. Read more: Windows Remote Desktop Services Code Flaw
Zoom Client Vulnerabilities
Multiple vulnerabilities in Zoom clients have been disclosed, highlighting the need for regular updates to all communication tools. Read more: Zoom Client Vulnerabilities
Fortinet Patches Multiple Flaws
Fortinet has addressed several vulnerabilities across its product line, reinforcing the importance of applying security updates promptly. Read more: Fortinet Patches Multiple Flaws
GitLab Security Updates
GitLab has warned users about multiple vulnerabilities affecting its platform. Users should take immediate action to secure their environments. Read more: GitLab Security Updates
Threats
Critical Android Vulnerability: Zygote Injection
A major security flaw, CVE-2024-31317, has been identified in Android devices running versions 11 or older. Users should promptly update their devices to mitigate this risk. Read more: Critical Android Vulnerability: Zygote Injection
MirrorFace APT Exploits Windows Sandbox & Visual Studio Code
The MirrorFace APT group has exploited vulnerabilities in Windows Sandbox and Visual Studio Code, demonstrating the need for enhanced security in development environments. Read more: MirrorFace APT Exploits Windows Sandbox & Visual Studio Code
dCRAT Malware Spread via YouTube
Cybercriminals are leveraging YouTube to distribute dCRAT malware, highlighting the necessity for users to be cautious about the content they engage with online. Read more: dCRAT Malware Spread via YouTube
China Nexus Group Hacks Juniper Networks
A China-linked threat actor has successfully breached Juniper Networks, illustrating the ongoing vulnerabilities organizations face. Read more: China Nexus Group Hacks Juniper Networks
Medusa Ransomware Hits 300 Organizations Worldwide
The Medusa ransomware group has compromised over 300 organizations globally, emphasizing the importance of robust cybersecurity measures. Read more: Medusa Ransomware Hits 300 Organizations Worldwide
Decrypting Linux ESXi Akira Ransomware Files
Security researchers have developed methods to decrypt files affected by Akira ransomware on Linux ESXi systems, providing hope for affected organizations. Read more: Decrypting Linux ESXi Akira Ransomware Files
New Campaign Targets PyPI Users
A malicious campaign targeting PyPI users has emerged, further stressing the need for secure coding practices. Read more: New Campaign Targets PyPI Users
LockBit Ransomware Developer Arrested
Authorities have arrested a key developer behind LockBit ransomware, marking a significant development in the fight against cybercrime. Read more: LockBit Ransomware Developer Arrested
Lazarus Hackers Exploiting IIS Servers
The Lazarus hacking group is actively exploiting IIS servers, demonstrating the ongoing threat to enterprise environments. Read more: Lazarus Hackers Exploiting IIS Servers
Hackers Attack Exposed Jupyter Notebooks
Cybercriminals are increasingly targeting exposed Jupyter Notebooks, reinforcing the need for secure configuration practices. Read more: Hackers Attack Exposed Jupyter Notebooks
Explore how SSOJet's API-first platform can enhance your organization's security through secure single sign-on (SSO), multi-factor authentication (MFA), and user management solutions tailored for enterprise needs at https://ssojet.com.