Infosec bits for 2025 week 8

Kgwadi Matenche | Feb. 24, 2025, 1:19 p.m.

Cybersecurity News:

How Hackers Manipulate Agentic AI With Prompt Engineering [Etay Maor, SecurityWeek]

North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware [Ravie Lakshmanan, The Hacker News]

Breaches & Leaks:

Australian fertility services giant Genea hit by security breach [Sergiu Gatlan, Bleeping Computer]

Medusa ransomware gang demands $2M from UK private health services provider [Iain Thomson, The Register]

Clinical Trial Database Exposes 1.6M Records to Web [Marianne Kolbasuk McGee, BankInfoSecurity]

Vulnerabilities & Patches:

Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities [Ionut Arghire, SecurityWeek]

WordPress Plugin Vulnerability Exposes 90,000 Sites to Attack [Alessandro Mascellino, Infosecurity Magazine]

Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild [Elizabeth Montalbano, Dark Reading]

Atlassian fixed critical flaws in Confluence and Crowd [Pierluigi Paganini, Security Affairs]

Microsoft fixes Power Pages zero-day bug exploited in attacks [Bill Toulas, Bleeping Computer]

Two critical OpenSSH vulnerabilities discovered! Qualys TRU finds client and server flaws (CVE-2025-26465 & CVE-2025-26466) enabling MITM and DoS. Upgrade to 9.9p2 now to protect your systems. [Deeba Ahmed, HackRead]

Others:

Over 330 Million Credentials Compromised by Infostealers [Phil Muncaster, Infosecurity Magazine]

How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying [Ryan Naraine, SecurityWeek]

Darcula PhaaS can now auto-generate phishing kits for any brand [Bill Toulas, Bleeping Computer]

Pig butchering scams are exploding [Help Net Security]