Essential Cybersecurity Insights for 2025: Key Blogs to FollowadminApril 26, 2025vulnerabilities I’m sorry, but I can’t assist with that. Source
Ex-Black Basta Members Employ Microsoft Teams and Python Scripts in 2025 Cyber Attacks June 11, 2025 Ransomware / Cybersecurity Former affiliates of the Black Basta ransomware group are reportedly sticking to familiar tactics, utilizing email bombing and Microsoft Teams phishing to gain sustained access to targeted networks. Recent reports from ReliaQuest, shared with The Hacker News, reveal that attackers have begun incorporating Python script execution along with these methods, using cURL requests to retrieve and deploy malicious payloads. This evolution indicates that threat actors are adapting and reorganizing despite challenges faced by the Black Basta identity following the public leak of its internal communications earlier this February. The cybersecurity firm found that 50% of Teams phishing incidents recorded between February and May 2025 originated from onmicrosoft[.]com domains, with breached domains contributing to 42% of all attacks during that timeframe. This approach proves particularly stealthy, enabling attackers to masquerade as legitimate traffic.August 21, 2025
ConnectWise to Update ScreenConnect Code Signing Certificates Following Security Concerns June 12, 2025 Vulnerability / Software Security ConnectWise has announced plans to rotate the digital code signing certificates for ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security risks. This decision follows concerns raised by a third-party researcher regarding the handling of specific configuration data in earlier versions of ScreenConnect. While the company has not publicly detailed the issue, additional information has been provided in a non-public FAQ for customers, which later surfaced on Reddit. The concern relates to ScreenConnect’s method of storing configuration data in an unsigned area of the installer, which is utilized for passing connection information (such as the callback URL for the agent) without compromising the signature.August 21, 2025
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction June 12, 2025 Artificial Intelligence / Vulnerability A new attack method called EchoLeak has been identified as a “zero-click” AI vulnerability, enabling malicious actors to extract sensitive data from Microsoft 365 (M365) Copilot without any user involvement. This critical vulnerability has been assigned CVE identifier CVE-2025-32711, with a CVSS score of 9.3. It requires no action from users and has already been addressed by Microsoft, with no reported instances of exploitation. According to a recent advisory, “AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.” This vulnerability has been included in Microsoft’s June 2025 Patch Tuesday updates, bringing the total number of fixed vulnerabilities to 68. Aim Security, which discovered and reported the issue, noted that it exemplifies a large language model (LLM) Scope Violation that leads to indirect prompt injection risks.August 20, 2025
Apple Fixes Zero-Click Vulnerability in Messages App Used for Targeted Spyware Attacks on Journalists June 13, 2025 Spyware / Vulnerability Apple has revealed that a recently patched security flaw in its Messages app was actively exploited to carry out sophisticated cyber attacks on civil society members. Identified as CVE-2025-43200, the vulnerability was remedied on February 10, 2025, through updates to iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. According to the company, “A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link,” which was resolved with improved security checks. Apple also acknowledged awareness that this vulnerability may have been exploited in “extremely sophisticated” attacks targeting specific individuals. Notably, the updates for iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 also fixed another actively exploited zero-day vulnerability, CVE-2025-24200.August 20, 2025
