IT Security Weekend Catch Up – February 9, 2025

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. U.S. government disclosed 39 zero-day vulnerabilities in 2023, per first-ever report
  2. Internet Archive played crucial role in tracking shady CDC data removals
  3. DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers
  4. New target of Paragon spyware comes forward
  5. Britain orders Apple to give it access to encrypted accounts
  6. Cybercrime websites selling hacking tools to transnational organized crime groups seized
  7. [VIDEO] Russian cyber-spies attack

For the more technical

  1. Polish IT security projects – what’s new in LKRG?
  2. ZeroTier – home VPN without a public IP address
  3. DeepSeek’s growing influence sparks a surge in frauds and phishing attacks
  4. Llama’s paradox – Delving deep into Llama.cpp and exploiting Llama.cpp’s heap maze, from heap-overflow to remote-code execution
  5. 8 million requests later, we made the SolarWinds supply chain attack look amateur
  6. 2024 trends in vulnerability exploitation
  7. Zyxel won’t patch newly exploited flaws in end-of-life routers
  8. 35% year-over-year decrease in ransomware payments, less than half of recorded incidents resulted in victim payments
  9. A comprehensive analysis of the year’s new macOS malware
  10. macOS FlexibleFerret: Further variants of DPRK malware family unearthed
  11. Let’s Encrypt: Ending support for expiration notification emails
  12. Cloudflare incident on February 6, 2025
  13. Scalable Vector Graphics files pose a novel phishing threat
  14. Go supply chain attack: Malicious package exploits Go module proxy caching for persistence
  15. Adversarial misuse of generative AI
  16. Lazarus group targets organizations with sophisticated LinkedIn recruiting scam
  17. Operation Phantom Circuit: North Korea’s global data exfiltration campaign
  18. Persistent threats from the Kimsuky group using RDP wrapper
  19. CVE-2025-0411: Ukrainian organizations targeted in zero-day campaign and homoglyph attacks
  20. Code injection attacks using publicly disclosed ASP.NET machine keys
  21. LegionLoader exposed
  22. The anatomy of Abyss Locker ransomware attack
  23. Mobile Indian cyber heist: FatBoyPanel and his massive data breach
  24. AsyncRAT reloaded: Using Python and TryCloudflare for malware delivery again
  25. Rat race: ValleyRAT malware targets organizations with new delivery techniques
  26. Tracing the path from SmartApeSG to NetSupport RAT
  27. ClickFix vs. traditional download in new DarkGate campaign

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *