Cl0p Ransomware Group Releases List of Victims Compromised Using Cleo Vulnerability 

The notorious Cl0p ransomware group has published a list of companies compromised through vulnerabilities in Cleo’s managed file transfer (MFT) software. 

Source: https://cybersecuritynews.com/cl0p-ransomware-group-cleo/

UK domain registry Nominet confirms breach via Ivanti zero-day 

Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. 

Source: https://www.bleepingcomputer.com/news/security/uk-domain-registry-nominet-confirms-breach-via-ivanti-zero-day-vulnerability/ 

Treasury hackers also breached US foreign investments review office 

Silk Typhoon Chinese state-backed hackers have reportedly breached a Treasury Department office that reviews foreign investments for national security risks. 

Source: https://www.bleepingcomputer.com/news/security/treasury-hackers-also-breached-us-foreign-investments-review-office/  

CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. 

Source: https://thehackernews.com/2025/01/cisa-adds-new-beyondtrust-flaw-to-kev.html

WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites 

A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. 

Source: https://www.bleepingcomputer.com/news/security/wp3xyz-malware-attacks-add-rogue-admins-to-5-000-plus-wordpress-sites/

Fortinet warns of auth bypass zero-day exploited to hijack firewalls 

Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. 

Source: https://www.bleepingcomputer.com/news/security/fortinet-warns-of-auth-bypass-zero-day-exploited-to-hijack-firewalls/

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks 

Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. 

Source: https://www.bleepingcomputer.com/news/security/hackers-use-fasthttp-in-new-high-speed-microsoft-365-password-attacks/

Phishing texts trick Apple iMessage users into disabling protection 

Cybercriminals are exploiting a trick to turn off Apple iMessage’s built-in phishing protection for a text and trick users into re-enabling disabled phishing links. 

Source: https://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection/

CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer 

Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that’s disguised as an employee CRM application as part of a supposed recruitment process. 

Source: https://thehackernews.com/2025/01/crowdstrike-warns-of-phishing-scam.html

Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware 

Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin’s efforts to gather economic and political intelligence in Central Asia. 

Source: https://thehackernews.com/2025/01/russian-linked-hackers-target.html  

  

Smarttech247