IT Security Weekend Catch Up – February 23, 2025

Comments
close searching

23.02.2025 | 11:13

IT Security Weekend Catch Up – February 23, 2025
avatar

badcyber

comments

IT Security Weekend Catch Up – February 23, 2025

Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. AI, cybersecurity and the European perspective
  2. Pegasus spyware infections found on several private sector phones
  3. Criminal group forging over 12 000 official documents halted in Poland
  4. Black Basta ransomware gang's internal chat logs leak online
  5. Crypto exchange Bybit says it was hacked and lost around $1.4B
  6. Apple removes its highest level data security tool in the UK
  7. X now blocks Signal contact links, flags them as malicious

For the more technical

  1. CVE-2025-26788: Passkey authentication bypass in StrongKey FIDO server
  2. CVE-2025-21420: Windows Disk Cleanup Tool elevation of privilege vulnerability
  3. CVE-2025-1094: PostgreSQL psql SQL injection
  4. Nginx/Apache path confusion to auth bypass in PAN-OS (CVE-2025-0108)
  5. GymTok: Breaking TLS using the Alt-Svc header
  6. Invisible obfuscation technique used in PAC attack
  7. An update on fake updates: Two new actors, and new Mac malware
  8. Technical analysis of Xloader versions 6 and 7 - Part 1 & Part 2
  9. The bleeding edge of phishing: darcula-suite 3.0 enables DIY phishing of any brand
  10. Don’t ghost the SocGholish: GhostWeaver backdoor
  11. Updated Shadowpad malware leads to ransomware deployment
  12. Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors
  13. Lumma stealer chronicles: PDF-themed campaign using compromised educational institutions' infrastructure
  14. GhostSocks - Lumma's partner in proxy
  15. DPRK DriverEasy & ChromeUpdate deep dive
  16. Signals of trouble: Multiple Russia-aligned threat actors actively targeting Signal messenger
  17. Earth Preta mixes legitimate and malicious components to sidestep detection
  18. Unraveling the many stages and techniques used by RedCurl/EarthKapre APT
  19. Cyber threats impacting the financial sector in 2024 – focus on the main actors

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.


Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy! For the less technical AI, cybersecurity and the European perspective Pegasus spyware infections found on several privat 2025-02-23T11:13:02+01:00

Comments