Welcome to your weekly cybersecurity scoop! Ever considered how the identical AI meant to guard our hospitals may additionally compromise them? This week, we’re breaking down the subtle world of AI-driven threats, key updates in laws, and a few pressing vulnerabilities in healthcare tech that want our consideration.
As we unpack these complicated matters, we’ll equip you with sharp insights to navigate these turbulent waters. Curious in regards to the options? They’re smarter and extra sudden than you would possibly assume. Let’s dive in.
⚡ Menace of the Week
Juniper Networks Routers Focused by J-magic — A brand new marketing campaign focused enterprise-grade Juniper Networks routers between mid-2023 and mid-2024 to contaminate them with a backdoor dubbed J-magic when sure exact situations. The malware is a variant of an almost 25-year-old, publicly obtainable backdoor known as cd00r, and is designed to determine a reverse shell to an attacker-controlled IP deal with and port. Semiconductor, vitality, manufacturing, and knowledge expertise (IT) sectors have been probably the most focused.

The Human Contact In Creating and Securing Non-Human Identities
In in the present day’s digital panorama, a brand new class of identities has emerged alongside conventional human customers: non-human identities (NHIs).This e-book explores every part you could find out about managing NHIs in your atmosphere.
Obtain
🔔 Prime Information
- Palo Alto Firewalls Discovered Weak to Firmware Exploits — An evaluation of three firewall fashions from Palo Alto Networks – PA-3260, PA-1410, and PA-415 – uncovered that they’re susceptible to identified safety flaws that may very well be exploited to attain Safe Boot bypass and modify machine firmware. In response to the findings, Palo Alto Networks mentioned exploiting the failings requires an attacker to first compromise PAN-OS software program by means of different means and acquire elevated privileges to entry or modify the BIOS firmware. It additionally mentioned it is going to be working with third-party distributors to develop firmware updates for a few of them.
- PlushDaemon Linked to Provide Chain Compromise of South Korean VPN Supplier — A never-before-seen China-aligned hacking group named PlushDaemon carried out a provide chain assault concentrating on a South Korean digital personal community (VPN) supplier in 2023 to ship malware often called SlowStepper, a fully-featured backdoor with an in depth set of data gathering options. The menace actor can also be mentioned to have exploited an unknown vulnerability in Apache HTTP servers and performed adversary-in-the-middle (AitM) assaults to breach different targets of curiosity. Energetic since a minimum of 2019, the group has singled out people and entities in China, Taiwan, Hong Kong, South Korea, the US, and New Zealand.
- Mirai Botnet Launches Document 5.6 Tbps DDoS Assault — Cloudflare revealed {that a} Mirai botnet comprising over 13,000 IoT gadgets was accountable for a record-breaking 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) assault aimed toward an unnamed web service supplier (ISP) from Japanese Asia. The assault lasted about 80 seconds. The net infrastructure firm mentioned the common distinctive supply IP deal with noticed per second was 5,500, and the common contribution of every IP deal with per second was round 1 Gbps.
- Over 100 Flaws in LTE and 5G Implementations — A bunch of teachers has disclosed 119 safety vulnerabilities impacting LTE and 5G implementations, Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, srsRAN, that may very well be exploited by an attacker to disrupt entry to service and even achieve a foothold into the mobile core community. A few of the recognized vulnerabilities may very well be weaponized to breach the mobile core community, and leverage that entry to observe cellphone location and connection data for all subscribers at a city-wide degree, perform focused assaults on particular subscribers, and carry out additional malicious actions on the community itself.
- Ex-CIA Analyst Pleads Responsible to Sharing Prime Secret Docs — Asif William Rahman, a former analyst working for the U.S. Central Intelligence Company (CIA), pleaded responsible to transmitting prime secret Nationwide Protection Info (NDI) to unauthorized personnel and tried to cowl up the exercise. The incident, which happened in October 2024, concerned Rahman sharing paperwork ready by the Nationwide Geospatial-Intelligence Company and the Nationwide Safety Company. They have been associated to Israel’s plans to assault Iran, and have been subsequently shared on Telegram by an account known as Center East Spectator. He has pleaded responsible to 2 counts of willful retention and transmission of labeled data associated to the nationwide protection. He’s anticipated to be sentenced on Might 15, 2025, doubtlessly dealing with a most penalty of 10 years in jail.
️🔥 Trending CVEs
Your go-to software program may very well be hiding harmful safety flaws—do not wait till it is too late! Replace now and keep forward of the threats earlier than they catch you off guard.
This week’s listing consists of — CVE-2025-23006 (SonicWall), CVE-2025-20156 (Cisco Assembly Administration), CVE-2025-21556 (Oracle Agile Product Lifecycle Administration Framework), CVE-2025-0411 (7-Zip), CVE-2025-21613 (go-git), CVE-2024-32444 (RealHomes theme for WordPress), CVE-2024-32555 (Straightforward Actual Property plugin), CVE-2016-0287 (IBM i Entry Shopper Options), CVE-2024-9042 (Kubernetes).
📰 Across the Cyber World
- India and the U.S. Signal Cybercrime MoU — India and the US have signed a memorandum of understanding (MoU) to bolster cooperation in cybercrime investigations. “The MoU permits the respective companies of the 2 international locations to step up the extent of cooperation and coaching with respect to using cyber menace intelligence and digital forensics in felony investigations,” the Indian Ministry of Exterior Affairs (MEA) mentioned in a press release.
- Vital Safety Flaws in ABB ASPECT-Enterprise, NEXUS, and MATRIX Merchandise — Greater than a 100 safety flaws have been disclosed in ABB ASPECT-Enterprise, NEXUS, and MATRIX collection of merchandise that might allow an attacker to disrupt operations or execute distant code. Gjoko Krstikj of Zero Science Lab has been credited with discovering and reporting the failings.
- 91% of Uncovered Alternate Server Situations Nonetheless Weak to ProxyLogon — One of many vulnerabilities exploited by the China-linked Salt Storm hacking group for preliminary entry is CVE-2021-26855 (aka ProxyLogon), an almost four-year-old flaw in Microsoft Alternate Server. In accordance with a brand new evaluation from cybersecurity firm Tenable, 91% of the practically 30,000 external-facing cases of Alternate susceptible to CVE-2021-26855 haven’t been up to date to shut the defect thus far. “Salt Storm is understood for sustaining a stealthy presence on sufferer networks and remaining undetected for a big time interval,” it mentioned.
- IntelBroker Resigns from BreachForums — The menace actor often called IntelBroker has introduced his resignation because the proprietor of a bootleg cybercrime discussion board known as BreachForums, citing lack of time. The event marks the most recent twist within the tumultuous historical past of the web felony bazaar, which has been the topic of regulation enforcement scrutiny, leading to a takedown of its infrastructure and the arrest of its earlier directors. Its authentic creator and proprietor Conor Brian Fitzpatrick (aka Pompompurin) was sentenced to time served and 20 years of supervised launch precisely a yr in the past. Nonetheless, newly filed courtroom paperwork present that his sentence has been vacated — i.e., declared void. “Whereas launched on bond awaiting sentencing, Fitzpatrick violated his situations of launch instantly by secretly downloading a digital personal community, which he then used just about each day to entry the Web with out the data of his probation officer,” the doc reads. “Not solely did Fitzpatrick commit critical offenses, however he additionally confirmed a scarcity of regret, joking about committing extra crimes even after coming into a responsible plea.”
- Cloudflare CDN Bug Leaks Consumer Places — A new piece of analysis from a 15-year-old safety researcher who goes by the identify Daniel has uncovered a novel “deanonymization assault” within the extensively used Cloudflare content material supply community (CDN) that may expose somebody’s location by sending them a picture on platforms like Sign, Discord, and X. The flaw permits an attacker to extract the placement of any goal inside a 250-mile radius when a susceptible app is put in on a goal’s telephone, or as a background utility on their laptop computer, just by sending a specially-crafted payload. Utilizing both a one-click or zero-click strategy, the assault takes benefit of the truth that Cloudflare shops caches copies of often accessed content material on information facilities situated in shut proximity to the customers to enhance efficiency. The safety researcher developed a Teleport instrument that allow them test which of Cloudflare’s information facilities had cached a picture, which allowed them to triangulate the approximate location a Discord, Sign, or X consumer is likely to be in. Though the particular situation was closed, Daniel famous that the repair may very well be bypassed utilizing a VPN. Whereas the geolocation functionality of the assault will not be exact, it might present sufficient data to deduce the geographic area the place an individual lives, and use it as a stepping stone for follow-on intelligence gathering. “The assault leverages elementary design selections in caching and push notification techniques, demonstrating how infrastructure meant to boost efficiency could be misused for invasive monitoring,” the researcher mentioned.
- Belsen Group Leaks Fortinet FortiGate Firewall Configs — Just a little-known hacking group named Belsen Group has leaked configuration information for over 15,000 Fortinet FortiGate firewalls on the darkish internet free of charge. This consists of configurations and plaintext VPN consumer credentials, machine serial numbers, fashions, and different information. An evaluation of the info dump performed by safety researcher Kevin Beaumont has revealed that the configuration information has probably been put collectively by exploiting CVE-2022-40684, an authentication bypass zero-day vulnerability disclosed in October 2022, as a zero-day. Of the 15,469 distinct affected IP addresses, 8,469 IPs have been discovered to be nonetheless on-line and reachable in scans. As many as 5,086 IPs are persevering with to reveal the compromised FortiGate login interfaces. A majority of the exposures are in Mexico, Thailand, and the U.S. “In case your group has constantly adhered to routine finest practices in frequently refreshing safety credentials and brought the really helpful actions within the previous years, the chance of the group’s present config or credential element within the menace actor’s disclosure is small,” Fortinet mentioned in response to the disclosure. The disclosure comes as one other important flaw in FortiGate gadgets (CVE-2024-55591 aka Console Chaos) has come beneath lively exploitation within the wild since November 1, 2024.
🎥 Skilled Webinar
- No Extra Commerce-Offs: Safe Code at Full Velocity — Uninterested in safety slowing down growth—or dangerous shortcuts placing you in danger? Be a part of Sarit Tager, VP of Product Administration at Palo Alto Networks, on this must-attend webinar to find find out how to break the Dev-Sec standoff. Discover ways to embed good, seamless safety guardrails into your DevOps pipeline, prioritize code points with full ecosystem context, and substitute “shift left” confusion with the readability of “begin left” success. If pace and safety really feel like a trade-off, this webinar will present you find out how to have each. Save your spot now.
- The Clear Roadmap to Id Resilience — Fighting id safety gaps that improve dangers and inefficiencies? Be a part of Okta’s specialists, Karl Henrik Smith and Adam Boucher, to find how the Safe Id Evaluation (SIA) delivers a transparent, actionable roadmap to strengthen your id posture. Be taught to establish high-risk gaps, streamline workflows, and undertake a scalable, phased strategy to future-proofing your defenses. Do not let id debt maintain your group again—achieve the insights you could cut back danger, optimize operations, and safe enterprise outcomes.
P.S. Know somebody who may use these? Share it.
🔧 Cybersecurity Instruments
- Extension Auditor: With cyber threats turning into extra subtle, instruments like Extension Auditor are important for sustaining on-line security. This instrument evaluates your browser extensions for safety and privateness dangers, offering a transparent evaluation of permissions and potential vulnerabilities. Extension Auditor helps you establish and handle extensions that might expose you to hazard, guaranteeing your searching is safe and your information stays personal.
- AD Menace Looking Instrument: It’s a easy but highly effective PowerShell instrument that helps detect suspicious actions in your Energetic Listing, like password spray assaults or brute drive makes an attempt. It supplies real-time alerts, good evaluation of assault patterns, and detailed experiences with straightforward export choices. With built-in testing to simulate assaults, this instrument is a must have for protecting your AD atmosphere safe and figuring out threats shortly.
🔒 Tip of the Week
Important Community Safety Practices — To successfully safe your community, you do not want complicated options. Hold your community secure with these straightforward ideas: Use a VPN like NordVPN to guard your information and maintain your on-line actions personal. Be sure your firewall is turned on to cease undesirable entry. Hold your software program and gadgets up to date to repair safety weaknesses. Select robust, distinctive passwords for all of your accounts and think about using a password supervisor to maintain monitor of them. Educate your self and others find out how to spot phishing scams to keep away from making a gift of delicate data. These primary actions can vastly enhance your community’s safety and are easy to implement.
Conclusion
As we shut this week’s e-newsletter, let’s deal with the essential situation of vulnerabilities in healthcare expertise. These gaps spotlight a urgent want for enhanced safety measures and extra dynamic regulatory frameworks that may shortly adapt to new threats. How can we fortify our defenses to raised defend important infrastructure? Your experience is important as we deal with these challenges and push for simpler options. Let’s maintain the dialogue open and proceed to drive progress in our discipline. Keep knowledgeable and engaged.