A supply chain attack known as “s1ngularity” has targeted Nx versions 20.9.0-21.8.0, leading to the theft of thousands of developer credentials. The attack primarily focused on macOS systems and AI tools, as outlined in an analysis by GitGuardian. On August…
Fortinet Alerts: Attackers Maintain Read-Only Access to FortiGate Devices After Patching Using SSL-VPN Symlink Exploit
April 11, 2025
Network Security / Vulnerability
Fortinet has disclosed that cybercriminals have discovered a method to preserve read-only access to compromised FortiGate devices, even after vulnerabilities exploited for initial breaches have been patched. The attackers reportedly utilized known security weaknesses, including CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. “A threat actor exploited a known vulnerability to establish read-only access to affected FortiGate devices,” the network security firm stated in an advisory released Thursday. “This was accomplished by creating a symbolic link that connects the user file system with the root file system in a directory used for SSL-VPN language files.” Fortinet noted that these alterations occurred within the user file system and were able to evade detection, leaving the symlink intact even after the original vulnerabilities were remedied. This situation has enabled the attackers to retain access…
Fortinet Warns of Persistent Access Threats to FortiGate Devices Post-Patching On April 11, 2025, Fortinet disclosed concerning information regarding a persistent security vulnerability affecting its FortiGate devices. The network security firm reported that cybercriminals have successfully established read-only access to…
The UK government is under scrutiny for its delayed response in implementing recommendations from a comprehensive review concerning serious public sector data breaches. These breaches have had significant ramifications, affecting vulnerable populations including Afghans who collaborated with British military forces,…
May 14, 2025
Vulnerability / Malware
Samsung has issued software updates to fix a critical security vulnerability in MagicINFO 9 Server that has been actively targeted. Identified as CVE-2025-4632 (CVSS score: 9.8), this path traversal flaw allows attackers to write arbitrary files with system-level permissions. According to the advisory, the vulnerability arises from “improper limitation of a pathname to a restricted directory” in versions before 21.1052 of the MagicINFO 9 Server. Notably, CVE-2025-4632 serves as a patch bypass for a previously addressed vulnerability, CVE-2024-7399, which was mitigated by Samsung in August 2024. Shortly after a proof-of-concept was released by SSD Disclosure on April 30, 2025, CVE-2025-4632 began to be exploited in the wild, with reports of it being used to deploy the Mirai botnet. Initial investigations into these attacks mistakenly pointed to CVE-2024-7399, but cybersecurity firm Huntress later clarified the situation.
Samsung Addresses Critical Vulnerability in MagicINFO 9 Server Used by Attackers May 14, 2025 In a significant security update, Samsung has released patches to address a critical vulnerability identified as CVE-2025-4632, which affects the MagicINFO 9 Server. This vulnerability, which…
April 5, 2023
Cyber Threat / Malware
A newly identified malware, dubbed CryptoClippy, is specifically targeting Portuguese cryptocurrency users through a malvertising campaign. This sophisticated malware employs SEO poisoning techniques to lure users searching for “WhatsApp web” to malicious domains that host the threat, according to a recent report from Palo Alto Networks’ Unit 42.
CryptoClippy, written in C, is a type of cryware known as clipper malware, which monitors clipboard activity for cryptocurrency addresses. When it detects a match, the malware substitutes the copied address with one controlled by the attacker. “The clipper malware utilizes regular expressions (regexes) to ascertain the cryptocurrency type of the address,” noted researchers from Unit 42. “It then replaces the clipboard entry with a visually similar wallet address belonging to the adversary.”
CryptoClippy Emerges as New Threat Targeting Portuguese Cryptocurrency Users April 05, 2023 A concerning new malware known as CryptoClippy is currently posing risks to cryptocurrency users in Portugal, as reported by cybersecurity experts at Palo Alto Networks’ Unit 42. This…
Taiwan Files Charges Against 14 in $41 Million Fraud; 1,200 Detained in Major Cybercrime Operation Rashmi Ramesh ( @rashmiramesh_) • August 28, 2025 Image: Shutterstock Every week, Information Security Media Group compiles notable cybersecurity incidents involving digital assets. This…
Beware the Hype: New Claims of Passkey Vulnerabilities Under Scrutiny In a striking example of the alarmism that can emerge from cybersecurity marketing, a recent report from SquareX—a startup specializing in browser security—asserts the existence of a significant vulnerability involving…
April 14, 2025
Threat Intelligence / Cybersecurity
Attackers are no longer waiting for patches; they are infiltrating systems before defenses are in place. Trusted security tools are being compromised to spread malware. Even after breaches are detected and addressed, some attackers remain undetected. This week’s incidents highlight a stark reality: reactive measures are insufficient. You must operate under the assumption that any system you trust today could fail tomorrow. In a landscape where AI can be weaponized against you and ransomware strikes faster than ever, effective protection requires proactive planning and maintaining control amidst chaos.
Dive into this week’s update for crucial threat developments, insightful webinars, practical tools, and immediate tips to enhance your cybersecurity posture.
⚡ Threat of the Week
Windows 0-Day Exploited for Ransomware Attacks — A security vulnerability concerning the Windows Common Log File System (CLFS) has been exploited as a zero-day in targeted ransomware attacks, as revealed by Microsoft. The flaw, identified as CVE-2025-29824, is a privilege escalation vulnerability…
Weekly Cybersecurity Recap: Notable Threats and Developments April 14, 2025 In an alarming trend within the cybersecurity landscape, attackers are increasingly beating organizations to the punch, exploiting vulnerabilities before patches can be implemented. This week has underscored a crucial reality:…
TransUnion, one of the largest credit reporting agencies in the United States, has announced a data breach impacting the personal information of approximately 4.4 million customers. This incident, which occurred on July 28, resulted from unauthorized access to a third-party…
May 15, 2025
Vulnerability / Email Security
A cyber espionage operation associated with a Russian threat actor is reportedly compromising webmail servers, including Roundcube, Horde, MDaemon, and Zimbra, by exploiting cross-site scripting (XSS) vulnerabilities, notably a zero-day flaw in MDaemon. This activity, coded as Operation RoundPress by ESET, began in 2023 and has been linked with moderate confidence to the state-sponsored hacking group APT28, also known by various names such as BlueDelta, Fancy Bear, and Sednit.
“The primary objective of this operation is to extract sensitive data from targeted email accounts,” stated ESET researcher Matthieu Faou in a report shared with The Hacker News. “While most victims are governmental and defense entities in Eastern Europe, we have also noted targets across Africa, Europe, and beyond.”
Russia-Linked APT28 Exploits MDaemon Zero-Day to Compromise Government Webmail Servers On May 15, 2025, ESET released a report detailing a cyber espionage campaign attributed to a Russia-linked threat actor targeting webmail servers, including Roundcube, Horde, MDaemon, and Zimbra. This operation,…
