Infosec bits for 2025 week 12

Heloise Meyer | March 21, 2025, 6:33 p.m.

Cybersecurity News:

AI-generated deepfakes financially motivated and a real problem [Christopher Tredger, ITweb]

Security Researcher Proves GenAI Tools Can Develop Google Chrome Infostealers [Kevin Poireault, Infosecurity Magazine]

Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts [Bill Toulas, BleepingComputer]

Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 [Ravie Lakshmanan, The Hacker News]

Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing [Kevin Townsend, SecurityWeek]

Vulnerabilities & Patches:

Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit [Kristina Beek, Dark Reading]

IBM scores perfect 10 ... vulnerability in mission-critical OS AIX [Connor Jones, The Register]

Cisco IOS XR vulnerability lets attackers crash BGP on routers [Sergiu Gatlan, BleepingComputer]

CISA Adds Two Known Exploited Vulnerabilities to Catalog [CISA, CISA]

Technical Advisory: Mass Exploitation of CVE-2024-4577 [Martin Zugec, Bitdefender]

Attacks & Data Breaches:

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts [Lawrence Abrams, BleepingComputer]

ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers [Ravie Lakshmanan, The Hacker News]

New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents [Ziv Karliner, Pillar Security]

Malware:

Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates [Ravie Lakshmanan, The Hacker News]

VSCode extensions found downloading early-stage ransomware [Bill Toulas, BleepingComputer]