Infosec bits for 2025 week 3

Maajied Moos | Jan. 17, 2025, 3:01 p.m.

Cybersecurity News:

Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation [Ravie Lakshmanan, The Hacker News]

Browser-Based Cyber-Threats Surge as Email Malware Declines [Alessandro Mascellino, Info Security Magazine]

Critical vulnerabilities remain unresolved due to prioritization gaps [Help Net Security, Help Net Security]

Breaches, Hacks & Leaks

Stolen Path of Exile 2 admin account used to hack player accounts [Bill Toulas, Bleeping Computer]

New Tooling

Chainsaw: Open-source tool for hunting through Windows forensic artefacts [Help Net Security, Help Net Security]

Contextal Platform: Open-source threat detection and intelligence [Mirko Zorz, Help Net Security]

Vulnerabilities & Patches:

Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices [Ravie Lakshmanan, The Hacker News]

Microsoft DRM Hacking Raises Questions on Vulnerability Disclosures [Eduard Kovacs, Security Week]

Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw [Jai Vijayan, Dark Reading]

Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS [Ionut Arghire, Security Week]

Adobe: Critical Code Execution Flaws in Photoshop [Ryan Naraine, Security Week]

W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks [Bill Toulas, Bleeping Computer]

Malware:

New Web3 attack exploits transaction simulations to steal crypto [Bill Toulas, Bleeping Computer]

How Cracks and Installers Bring Malware to Your Device [Ryan Maglaque, Jay Nebre, Allixon Kristoffer Francisco, Trend Micro]

Phishing texts trick Apple iMessage users into disabling protection [Lawrence Abrams, Bleeping Computer]

Miscreants 'mass exploited' Fortinet firewalls, 'highly probable' zero-day used [Jessica Lyons, The Register]

Credit Card Skimmer campaign targets WordPress via database injection [Pierluigi Paganini, Security Affairs]

Hackers Using Fake YouTube Links to Steal Login Credentials [Owais Sultan, Hack Read]