Juniper edge devices face a stealthy threat with J-magic malware, a modified backdoor that stays hidden until it detects a magic packet. Andariel has deployed a malicious file to execute RID Hijacking, a clever tactic that manipulates system permissions to elevate low-privilege accounts undetected. In other news, the FBI has flagged North Korean IT workers for infiltrating U.S. companies, stealing source code, and leveraging extortion tactics. Here are the top 10 highlights from the past 24 hours.
01
A malicious campaign is targeting Juniper edge devices, mainly used as VPN gateways, with the J-magic malware. This malware opens a reverse shell only upon detecting a magic packet in network traffic.
02
The Andariel threat group utilized a malicious file to perform RID Hijacking, a technique that deceives the system into treating an account with low privileges as having higher privileges.
03
Microsoft issued a critical patch to address the CVE-2025-21298 vulnerability, a zero-click RCE flaw in Windows OLE. This vulnerability impacts millions of systems with little user interaction necessary.
04
A flaw in Cloudflare CDN can reveal someone’s location through images sent via apps like Signal and Discord. It enables an attacker to determine a target’s location within a 250-mile radius if a vulnerable app is on their device.
05
As per Tenable, 91% of around 30,000 openly reachable instances of Microsoft Exchange vulnerable to ProxyLogon (CVE-2021-26855) have not been updated even four years after a patch was issued.
06
The FBI issued a warning about North Korean IT workers stealing source code and extorting U.S. companies. These workers hide their identities and infiltrate organizations.
07
The CISA added an actively exploited XSS vulnerability in the jQuery JavaScript library, CVE-2020-11023, the KEV catalog. The bug has been recently patched.
08
Analysis revealed striking similarities between the HellCat and Morpheus ransomware payloads, indicating potential shared codebase or builder application.
09
A new report noted that 45% of third-party applications access sensitive user data without proper authorization, increasing the risk of data exposure.
10
Security data curation platform Axoflow raised $7 million in a seed funding round led by EBRD Venture Capital, with participation from Credo Ventures and e2vc.
