Cybersecurity News Review – Week 3 (2025)
Thumbnail
This week’s cybersecurity newsletter highlights critical vulnerabilities in Fortinet and BeyondTrust products, the exploitation of multiple zero-day flaws by Microsoft, and emerging ransomware tactics targeting AWS. Additionally, it discusses a significant data breach at Stiiizy, the impact of healthcare data breaches in the US, and various government responses to cyber threats. Affected: Fortinet, BeyondTrust, Microsoft, AWS, Stiiizy, US Healthcare Sector, Turks and Caicos Government, UK Public Sector

Keypoints :

  • Fortinet disclosed multiple critical vulnerabilities, including a zero-day flaw (CVE-2024–55591) affecting FortiOS and FortiProxy.
  • CISA warned federal agencies about a second vulnerability (CVE-2024–12686) in BeyondTrust’s solutions, linked to attacks on the US Department of Treasury.
  • Microsoft’s January 2025 Patch Tuesday addressed 159 flaws, including eight zero-days actively exploited in attacks.
  • Malicious packages targeting Cursor were discovered on NPM, raising concerns about Snyk’s involvement.
  • A new ransomware tactic by the “Codefinger” group targets AWS S3 buckets using encryption tools.
  • A critical vulnerability (CVE-2024–50603) in Aviatrix Controller is being actively exploited for cryptomining and backdoor deployment.
  • A Russian botnet exploited DNS misconfigurations to deliver malware via hijacked MikroTik routers.
  • A critical flaw in Google’s OAuth system exposes millions of accounts to unauthorized access.
  • Over 4 million internet-connected systems are vulnerable due to tunneling protocol flaws.
  • Stiiizy reported a data breach affecting 380,000 individuals, with ransom threats from the Everest ransomware group.
  • In 2024, over 580 healthcare data breaches compromised nearly 180 million user records in the US.
  • The EU plans to launch a Cybersecurity Support Centre for healthcare by 2026.
  • The UK government is considering a ban on ransomware payments by public bodies.
  • A location data broker reported a breach affecting millions of users’ historical smartphone location data.
  • The FBI removed PlugX malware from over 4,250 hacked computers in a major operation.
  • Scammers are exploiting California wildfires to launch phishing campaigns.

MITRE Techniques :

  • Execution (T1203) – Exploitation of vulnerabilities in Fortinet products to gain super-admin privileges.
  • Command and Control (T1071) – Exploitation of BeyondTrust’s vulnerability for remote access and control.
  • Exploitation for Client Execution (T1203) – Active exploitation of zero-day vulnerabilities in Microsoft products.
  • Data Encrypted for Impact (T1486) – Ransomware tactics used by “Codefinger” to encrypt AWS S3 buckets.
  • Remote File Copy (T1105) – Deployment of cryptomining malware through Aviatrix Controller vulnerability.
  • Credential Dumping (T1003) – Exploitation of Google’s OAuth flaw to access sensitive user accounts.
  • Phishing (T1566) – Scammers creating fake domains related to California wildfires to steal personal information.

Source: https://medium.com/ml4den/cybersecurity-news-review-week-3-2025-77e75fb5484d?source=rss——cybersecurity-5