Hacker claims to have breached OmniGPT, leaking over 30,000 user email address, phone numbers, and 34 million lines of chat messages. Data includes API keys, credentials, and file links.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
The staffers were tasked with building relationships on the ground across the country in local election jurisdictions, teaching election officials tactics on mitigating cyber threats, cyber hygiene, combating misinformation and foreign influence, and more.
darkreading – Read More
The U.S., the U.K. and Australia sanctioned Russia-based Zservers, connecting the Russian company’s internet hosting services to the LockBit ransomware operation.
The Record from Recorded Future News – Read More
Patch Tuesday: Adobe patches 45 vulnerabilities across multiple products and warn of remote code execution exploitation risks.
The post Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks appeared first on SecurityWeek.
SecurityWeek – Read More
The Microsoft Patch Tuesday machine hummed loudly this month urgent fixes for a pair of already-exploited Windows zero-days.
The post Microsoft Patches ‘Wormable’ Windows Flaw and File-Deleting Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft has released its monthly security update for February of 2025 which includes 63 vulnerabilities affecting a range of products, including 4 that Microsoft marked as “critical” and one marked as “moderate.”
There are two notable “critical” vulnerabilities. The first is CVE-2025-21376, which is a remote code execution (RCE) vulnerability affecting the Windows Lightweight Directory Access Protocol (LDAP). This vulnerability is a remote unauthenticated Out-of-bounds Write (OOBW) caused by a race condition in LDAP and could potentially result in arbitrary code execution in the Local Security Authority Subsystem Service (lsass.exe). This is a process in the Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. Successful exploitation of this vulnerability requires an attacker to win a race condition. CVE-2025-21376 has been assigned a CVSS 3.1 score of 8.1 and is considered “more likely to be exploited” by Microsoft.
CVE-2025-21379 is another notable critical remote code execution vulnerability. It was found in the DHCP Client Service and was also patched this month. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on vulnerable systems. The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This vulnerability has been assigned a CVSS 3.1 score of 7.1 and is considered “less likely to be exploited” by Microsoft.
CVE-2025-21177 is a critical privilege escalation vulnerability in the Microsoft Dynamics 365 Sales customer relationship management (CRM) software. A Server-Side Request Forgery (SSRF) allows an authorized attacker to elevate privileges over a network.
CVE-2025-21381 is a critical remote code execution vulnerability affecting Microsoft Excel and could enable an attacker to execute arbitrary code on vulnerable systems. This vulnerability could be triggered via the preview pane in affected applications. This vulnerability has been listed “less likely to be exploited” by Microsoft.
CVE-2025-21368 and CVE-2025-21369 are RCE vulnerabilities flagged “important” by Microsoft. They have a CVS 3.1 score of 8.8. To successfully exploit one of these remote code execution vulnerability, an attacker could send a malicious logon request to the target domain controller. Any authenticated attacker could trigger these vulnerabilities. It does not require admin or other elevated privileges.
CVE-2025-21400 is also an RCE vulnerability flagged “important” by Microsoft, affecting the Microsoft SharePoint Server. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on vulnerable systems. This attack requires a client to connect to a malicious server and could allow an attacker to gain code execution on the client. Microsoft considers this vulnerability as “more likely to be exploited”.
CVE-2025-21391 and CVE-2025-21418 are the only vulnerabilities this month which are known to be exploited in the wild. Both are privilege elevation vulnerabilities. An attacker can use CVE-2025-21391 to delete critical system files. CVE-2025-21418, nestled within the Ancillary Function Driver (AFD), exposes a pathway to local privilege escalation through the Winsock API. An attacker who successfully exploits this vulnerability could gain SYSTEM privileges.
Talos would also like to highlight the following vulnerabilities that Microsoft considers to be “important”:
A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page.
In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 58316, 58317, 62022, 62023, 64529-64532, 64537, 64539-64542, 64545. There are also these Snort 3 rules: 300612, 301136, 301137, 301139, 301140.
Cisco Talos Blog – Read More
OpenSSL has patched CVE-2024-12797, a high-severity vulnerability found by Apple that can allow man-in-the-middle attacks.
The post High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Russia-based bulletproof hosting services provider Zservers was sanctioned for providing services to support LockBit ransomware operations.
The post Russian Cybercrime Network Targeted for Sanctions Across US, UK and Australia appeared first on SecurityWeek.
SecurityWeek – Read More
Four people have so far come forward as victims of the Paragon spyware campaign targeting WhatsApp users, including one journalist and three activists.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
