Monthly Security Bulletin – February 2025

This month’s security bulletin hot topics:

1. New DoubleClickjacking attack exploits double-clicks to hijack accounts

2. Bad Tenable plugin updates take down Nessus agents worldwide

3. New Mirai botnet targets industrial routers with zero-day exploits

4. SonicWall urges admins to patch exploitable SSLVPN bug immediately

5. Fake CrowdStrike job offer emails target devs with crypto miners

6. Fake LDAPNightmware exploit on GitHub spreads infostealer malware

7. Ransomware abuses Amazon AWS feature to encrypt S3 buckets

8. Microsoft: macOS bug lets hackers install malicious kernel drivers

9. Fortinet warns of auth bypass zero-day exploited to hijack firewalls

10. Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

11. Google OAuth flaw lets attackers gain access to abandoned accounts

12. Hackers leak configs and VPN credentials for 15,000 FortiGate devices

13. New UEFI Secure Boot flaw exposes systems to bootkits, patch now

14. W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks

15. MasterCard DNS Error Went Unnoticed for Years

16. Cisco warns of denial of service flaw with PoC exploit code

17. Telegram captcha tricks you into running malicious PowerShell scripts

18. Stealthy ‘Magic Packet’ malware targets Juniper VPN gateways