In an incident response in Q4 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints. The threat actor later leveraged this access to deploy RansomHub encryptors.

Veeam disclosed a critical vulnerability in its Veeam Backup for Microsoft Azure product. Identified as CVE-2025-23082, this Server-Side Request Forgery (SSRF) vulnerability carries a CVSS score of 7.2, placing it in the high-severity category.

Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration.

Any website using W3 Total Cache version 2.8.1 or earlier is vulnerable. Given the plugin’s popularity with over 1 million active installations, this represents a significant portion of the WordPress ecosystem.

The attackers are running ads on Google Search impersonating Google Ads, showing as sponsored results that redirect potential victims to fake login pages hosted on Google Sites but looking like the official Google Ads homepage.

JPCERT/CC has issued a warning regarding multiple vulnerabilities affecting STEALTHONE D220, D340, and D440 network storage servers, urging users to update their firmware immediately.

The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new report from ESET.

The vulnerability resides in the Kubelet component of Kubernetes and is specific to Windows worker nodes. Attackers with the ability to query a node’s /logs endpoint can craft malicious inputs to exploit the vulnerability.

Researchers highlighted separate social engineering campaigns spreading VIP Keylogger and 0bj3ctivityStealer malware, both of which involved malicious code being embedded in image files.

A critical-severity vulnerability (CVE-2024-49375) has been identified in the popular open-source Rasa framework. This flaw, which carries a CVSS score of 9.1, allows attackers to achieve RCE through the remote loading of maliciously crafted models.