Welcome to your weekly cybersecurity scoop! Ever considered how the identical AI meant to guard our hospitals might additionally compromise them? This week, we’re breaking down the delicate world of AI-driven threats, key updates in rules, and a few pressing vulnerabilities in healthcare tech that want our consideration.
As we unpack these advanced subjects, we’ll equip you with sharp insights to navigate these turbulent waters. Curious concerning the options? They’re smarter and extra surprising than you may suppose. Let’s dive in.
⚡ Risk of the Week
Juniper Networks Routers Focused by J-magic — A brand new marketing campaign focused enterprise-grade Juniper Networks routers between mid-2023 and mid-2024 to contaminate them with a backdoor dubbed J-magic when sure exact situations. The malware is a variant of a virtually 25-year-old, publicly accessible backdoor known as cd00r, and is designed to determine a reverse shell to an attacker-controlled IP deal with and port. Semiconductor, power, manufacturing, and data expertise (IT) sectors have been essentially the most focused.
The Human Contact In Creating and Securing Non-Human Identities
In at present’s digital panorama, a brand new class of identities has emerged alongside conventional human customers: non-human identities (NHIs).This e-book explores all the things you might want to find out about managing NHIs in your atmosphere.
Obtain
🔔 Prime Information
- Palo Alto Firewalls Discovered Weak to Firmware Exploits — An evaluation of three firewall fashions from Palo Alto Networks – PA-3260, PA-1410, and PA-415 – uncovered that they’re weak to identified safety flaws that might be exploited to attain Safe Boot bypass and modify system firmware. In response to the findings, Palo Alto Networks mentioned exploiting the issues requires an attacker to first compromise PAN-OS software program by way of different means and acquire elevated privileges to entry or modify the BIOS firmware. It additionally mentioned it will likely be working with third-party distributors to develop firmware updates for a few of them.
- PlushDaemon Linked to Provide Chain Compromise of South Korean VPN Supplier — A never-before-seen China-aligned hacking group named PlushDaemon carried out a provide chain assault focusing on a South Korean digital personal community (VPN) supplier in 2023 to ship malware often called SlowStepper, a fully-featured backdoor with an intensive set of knowledge gathering options. The menace actor can also be mentioned to have exploited an unknown vulnerability in Apache HTTP servers and carried out adversary-in-the-middle (AitM) assaults to breach different targets of curiosity. Lively since at the least 2019, the group has singled out people and entities in China, Taiwan, Hong Kong, South Korea, the USA, and New Zealand.
- Mirai Botnet Launches File 5.6 Tbps DDoS Assault — Cloudflare revealed {that a} Mirai botnet comprising over 13,000 IoT units was accountable for a record-breaking 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) assault aimed toward an unnamed web service supplier (ISP) from Jap Asia. The assault lasted about 80 seconds. The net infrastructure firm mentioned the typical distinctive supply IP deal with noticed per second was 5,500, and the typical contribution of every IP deal with per second was round 1 Gbps.
- Over 100 Flaws in LTE and 5G Implementations — A gaggle of teachers has disclosed 119 safety vulnerabilities impacting LTE and 5G implementations, Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, srsRAN, that might be exploited by an attacker to disrupt entry to service and even achieve a foothold into the mobile core community. Among the recognized vulnerabilities might be weaponized to breach the mobile core community, and leverage that entry to watch cellphone location and connection info for all subscribers at a city-wide degree, perform focused assaults on particular subscribers, and carry out additional malicious actions on the community itself.
- Ex-CIA Analyst Pleads Responsible to Sharing Prime Secret Docs — Asif William Rahman, a former analyst working for the U.S. Central Intelligence Company (CIA), pleaded responsible to transmitting prime secret Nationwide Protection Info (NDI) to unauthorized personnel and tried to cowl up the exercise. The incident, which occurred in October 2024, concerned Rahman sharing paperwork ready by the Nationwide Geospatial-Intelligence Company and the Nationwide Safety Company. They have been associated to Israel’s plans to assault Iran, and have been subsequently shared on Telegram by an account referred to as Center East Spectator. He has pleaded responsible to 2 counts of willful retention and transmission of categorised info associated to the nationwide protection. He’s anticipated to be sentenced on Might 15, 2025, doubtlessly going through a most penalty of 10 years in jail.
️🔥 Trending CVEs
Your go-to software program might be hiding harmful safety flaws—do not wait till it is too late! Replace now and keep forward of the threats earlier than they catch you off guard.
This week’s listing consists of — CVE-2025-23006 (SonicWall), CVE-2025-20156 (Cisco Assembly Administration), CVE-2025-21556 (Oracle Agile Product Lifecycle Administration Framework), CVE-2025-0411 (7-Zip), CVE-2025-21613 (go-git), CVE-2024-32444 (RealHomes theme for WordPress), CVE-2024-32555 (Simple Actual Property plugin), CVE-2016-0287 (IBM i Entry Shopper Options), CVE-2024-9042 (Kubernetes).
📰 Across the Cyber World
- India and the U.S. Signal Cybercrime MoU — India and the USA have signed a memorandum of understanding (MoU) to bolster cooperation in cybercrime investigations. “The MoU allows the respective agencies of the two countries to step up the level of cooperation and training with respect to the use of cyber threat intelligence and digital forensics in criminal investigations,” the Indian Ministry of Exterior Affairs (MEA) mentioned in a press release.
- Crucial Safety Flaws in ABB ASPECT-Enterprise, NEXUS, and MATRIX Merchandise — Greater than a 100 safety flaws have been disclosed in ABB ASPECT-Enterprise, NEXUS, and MATRIX collection of merchandise that would allow an attacker to disrupt operations or execute distant code. Gjoko Krstikj of Zero Science Lab has been credited with discovering and reporting the issues.
- 91% of Uncovered Trade Server Situations Nonetheless Weak to ProxyLogon — One of many vulnerabilities exploited by the China-linked Salt Hurricane hacking group for preliminary entry is CVE-2021-26855 (aka ProxyLogon), a virtually four-year-old flaw in Microsoft Trade Server. In line with a brand new evaluation from cybersecurity firm Tenable, 91% of the almost 30,000 external-facing situations of Trade weak to CVE-2021-26855 haven’t been up to date to shut the defect so far. “Salt Typhoon is known for maintaining a stealthy presence on victim networks and remaining undetected for a significant time period,” it mentioned.
- IntelBroker Resigns from BreachForums — The menace actor often called IntelBroker has introduced his resignation because the proprietor of a bootleg cybercrime discussion board referred to as BreachForums, citing lack of time. The event marks the most recent twist within the tumultuous historical past of the web felony bazaar, which has been the topic of regulation enforcement scrutiny, leading to a takedown of its infrastructure and the arrest of its earlier directors. Its unique creator and proprietor Conor Brian Fitzpatrick (aka Pompompurin) was sentenced to time served and 20 years of supervised launch precisely a yr in the past. Nonetheless, newly filed courtroom paperwork present that his sentence has been vacated — i.e., declared void. “While released on bond awaiting sentencing, Fitzpatrick violated his conditions of release immediately by secretly downloading a virtual private network, which he then used virtually every day to access the Internet without the knowledge of his probation officer,” the doc reads. “Not only did Fitzpatrick commit serious offenses, but he also showed a lack of remorse, joking about committing additional crimes even after entering a guilty plea.”
- Cloudflare CDN Bug Leaks Consumer Areas — A new piece of analysis from a 15-year-old safety researcher who goes by the identify Daniel has uncovered a novel “deanonymization attack” within the extensively used Cloudflare content material supply community (CDN) that may expose somebody’s location by sending them a picture on platforms like Sign, Discord, and X. The flaw permits an attacker to extract the placement of any goal inside a 250-mile radius when a weak app is put in on a goal’s cellphone, or as a background software on their laptop computer, just by sending a specially-crafted payload. Utilizing both a one-click or zero-click strategy, the assault takes benefit of the truth that Cloudflare shops caches copies of regularly accessed content material on information facilities situated in shut proximity to the customers to enhance efficiency. The safety researcher developed a Teleport software that permit them test which of Cloudflare’s information facilities had cached a picture, which allowed them to triangulate the approximate location a Discord, Sign, or X consumer is perhaps in. Though the precise challenge was closed, Daniel famous that the repair might be bypassed utilizing a VPN. Whereas the geolocation functionality of the assault will not be exact, it may well present sufficient info to deduce the geographic area the place an individual lives, and use it as a stepping stone for follow-on intelligence gathering. “The attack leverages fundamental design decisions in caching and push notification systems, demonstrating how infrastructure meant to enhance performance can be misused for invasive tracking,” the researcher mentioned.
- Belsen Group Leaks Fortinet FortiGate Firewall Configs — A bit-known hacking group named Belsen Group has leaked configuration information for over 15,000 Fortinet FortiGate firewalls on the darkish internet free of charge. This consists of configurations and plaintext VPN consumer credentials, system serial numbers, fashions, and different information. An evaluation of the information dump carried out by safety researcher Kevin Beaumont has revealed that the configuration information has seemingly been put collectively by exploiting CVE-2022-40684, an authentication bypass zero-day vulnerability disclosed in October 2022, as a zero-day. Of the 15,469 distinct affected IP addresses, 8,469 IPs have been discovered to be nonetheless on-line and reachable in scans. As many as 5,086 IPs are persevering with to reveal the compromised FortiGate login interfaces. A majority of the exposures are in Mexico, Thailand, and the U.S. “If your organization has consistently adhered to routine best practices in regularly refreshing security credentials and taken the recommended actions in the preceding years, the risk of the organization’s current config or credential detail in the threat actor’s disclosure is small,” Fortinet mentioned in response to the disclosure. The disclosure comes as one other important flaw in FortiGate units (CVE-2024-55591 aka Console Chaos) has come beneath lively exploitation within the wild since November 1, 2024.
🎥 Professional Webinar
- No Extra Commerce-Offs: Safe Code at Full Velocity — Uninterested in safety slowing down growth—or dangerous shortcuts placing you in danger? Be a part of Sarit Tager, VP of Product Administration at Palo Alto Networks, on this must-attend webinar to find the right way to break the Dev-Sec standoff. Learn to embed good, seamless safety guardrails into your DevOps pipeline, prioritize code points with full ecosystem context, and exchange “shift left” confusion with the readability of “start left” success. If velocity and safety really feel like a trade-off, this webinar will present you the right way to have each. Save your spot now.
- The Clear Roadmap to Identification Resilience — Fighting identification safety gaps that enhance dangers and inefficiencies? Be a part of Okta’s specialists, Karl Henrik Smith and Adam Boucher, to find how the Safe Identification Evaluation (SIA) delivers a transparent, actionable roadmap to strengthen your identification posture. Be taught to establish high-risk gaps, streamline workflows, and undertake a scalable, phased strategy to future-proofing your defenses. Do not let identification debt maintain your group again—achieve the insights you might want to scale back threat, optimize operations, and safe enterprise outcomes.
P.S. Know somebody who might use these? Share it.
🔧 Cybersecurity Instruments
- Extension Auditor: With cyber threats turning into extra subtle, instruments like Extension Auditor are important for sustaining on-line security. This software evaluates your browser extensions for safety and privateness dangers, offering a transparent evaluation of permissions and potential vulnerabilities. Extension Auditor helps you establish and handle extensions that would expose you to hazard, guaranteeing your looking is safe and your information stays personal.
- AD Risk Searching Software: It’s a easy but highly effective PowerShell software that helps detect suspicious actions in your Lively Listing, like password spray assaults or brute pressure makes an attempt. It offers real-time alerts, good evaluation of assault patterns, and detailed reviews with straightforward export choices. With built-in testing to simulate assaults, this software is a must have for preserving your AD atmosphere safe and figuring out threats shortly.
🔒 Tip of the Week
Important Community Safety Practices — To successfully safe your community, you do not want advanced options. Hold your community protected with these straightforward ideas: Use a VPN like NordVPN to guard your information and maintain your on-line actions personal. Make certain your firewall is turned on to cease undesirable entry. Hold your software program and units up to date to repair safety weaknesses. Select sturdy, distinctive passwords for all of your accounts and think about using a password supervisor to maintain observe of them. Train your self and others the right way to spot phishing scams to keep away from gifting away delicate info. These primary actions can drastically enhance your community’s safety and are easy to implement.
Conclusion
As we shut this week’s publication, let’s deal with the essential challenge of vulnerabilities in healthcare expertise. These gaps spotlight a urgent want for enhanced safety measures and extra dynamic regulatory frameworks that may shortly adapt to new threats. How can we fortify our defenses to raised defend important infrastructure? Your experience is important as we deal with these challenges and push for more practical options. Let’s maintain the dialogue open and proceed to drive progress in our subject. Keep knowledgeable and engaged.
