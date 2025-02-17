Welcome to this week's Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights.

⚡ Threat of the Week

Russian Threat Actors Leverage Device Code Phishing to Hack Microsoft Accounts — Microsoft and Volexity have revealed that threat actors with ties to Russia are leveraging a technique known as device code phishing to gain unauthorized access to victim accounts, and use that access to get hold of sensitive data and enable persistent access to the victim environment. At least three different Russia-linked clusters have been identified abusing the technique to date. The attacks entail sending phishing emails that masquerade as Microsoft Teams meeting invitations, which, when clicked, urge the message recipients to authenticate using a threat actor-generated device code, thereby allowing the adversary to hijack the authenticated session using the valid access token.

🔔 Top News

whoAMI Attack Exploits AWS AMI Name Confusion for Remote Code Execution — A new type of name confusion attack called whoAMI allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. Datadog, which detailed the attack, said roughly 1% of organizations monitored by the company were affected by the whoAMI, and that it found public examples of code written in Python, Go, Java, Terraform, Pulumi, and Bash shell using the vulnerable criteria. AWS told The Hacker News that there is no evidence of malicious exploitation of the security weakness.

‎️‍🔥 Trending CVEs

Your go-to software could be hiding dangerous security flaws—don't wait until it's too late! Update now and stay ahead of the threats before they catch you off guard.

This week's list includes — CVE-2025-1094 (PostgreSQL), CVE-2025-0108 (Palo Alto Networks PAN-OS), CVE-2025-23359 (NVIDIA Container Toolkit), CVE-2025-21391 (Microsoft Windows Storage), CVE-2025-21418 (Microsoft Windows Ancillary Function Driver for WinSock), CVE-2024-38657, CVE-2025-22467, CVE-2024-10644 (Ivanti Connect Secure), CVE-2024-47908 (Ivanti Cloud Services Application), CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, CVE-2024-56135 (Progress Kemp LoadMaster), CVE-2025-24200 (Apple iOS and iPadOS), CVE-2024-12797 (OpenSSL), CVE-2025-21298 (Microsoft Windows OLE), CVE-2025-1240 (WinZip), CVE-2024-32838 (Apache Fineract), CVE-2024-52577 (Apache Ignite), CVE-2025-26793 (Hirsch Enterphone MESH), CVE-2024-12562 (s2Member Pro plugin), CVE-2024-13513 (Oliver POS – A WooCommerce Point of Sale (POS) plugin), CVE-2025-26506 (HP LaserJet), CVE-2025-22896, CVE-2025-25067, CVE-2025-24865 (mySCADA myPRO Manager), CVE-2024-13182 (WP Directorybox Manager plugin), CVE-2024-10763 (Campress theme), CVE-2024-7102 (GitLab CE/EE), CVE-2024-12213 (WP Job Board Pro plugin), CVE-2024-13365 (Security & Malware scan by CleanTalk plugin), CVE-2024-13421 (Real Estate 7 theme), and CVE-2025-1126 (Lexmark Print Management Client).

📰 Around the Cyber World

Former Google Engineer Charged with Plan to Steal Trade Secrets — Linwei Ding, a former Google engineer who was arrested last March for transferring "sensitive Google trade secrets and other confidential information from Google's network to his personal account," has now been charged with seven counts of economic espionage and seven counts of theft of trade secrets related to the company's AI technology between 2022 and 2023. This included detailed information about the architecture and functionality of Google's Tensor Processing Unit (TPU) chips and systems and Graphics Processing Unit (GPU) systems, the software that allows the chips to communicate and execute tasks, and the software that orchestrates thousands of chips into a supercomputer capable of training and executing cutting-edge AI workloads. The trade secrets also relate to Google's custom-designed SmartNIC, a type of network interface card used to enhance Google's GPU, high performance, and cloud networking products. "Ding intended to benefit the PRC government by stealing trade secrets from Google," the U.S. Department of Justice said. "Ding allegedly stole technology relating to the hardware infrastructure and software platform that allows Google's supercomputing data center to train and serve large AI models." The superseding indictment also stated that Chinese-sponsored talent programs incentivize individuals engaged in research and development outside the country to transmit such information in exchange for salaries, research funds, lab space, or other incentives. If convicted, Ding faces a maximum penalty of 10 years in prison and up to a $250,000 fine for each trade-secret count and 15 years in prison and a $5,000,000 fine for each economic espionage count.

— Meta said it paid out more than $2.3 million in rewards to nearly 200 security researchers as part of its bug bounty program in 2024. In total, the company has handed out more than $20 million since the creation of the program in 2011. The top three countries based on bounties awarded in 2024 are India, Nepal, and the United States. Critical ThinkPHP and OwnCloud Flaws Under Active Exploitation — Threat actors are attempting to actively exploit two known security vulnerabilities impacting ThinkPHP (CVE-2022-47945, CVSS score: 9.8) and OwnCloud (CVE-2023-49103, CVSS score: 10.0) over the past few days, with attacks originating from hundreds of unique IP addresses, most of which are based in Germany, China, the U.S., Singapore, Hong Kong, the Netherlands, the U.K., and Canada. Organizations are recommended to apply the necessary patches (ThinkPHP to 6.0.14+ and ownCloud GraphAPI to 0.3.1+) and restrict access to reduce the attack surface.

🔧 Cybersecurity Tools

WPProbe — It's a fast WordPress plugin scanner that uses REST API enumeration to stealthily detect installed plugins without brute force, scanning by querying exposed endpoints and matching them against a precompiled database of over 900 plugins. It even maps detected plugins to known vulnerabilities (CVE) and outputs results in CSV or JSON format, making your scans both speedy and less likely to trigger security defenses.

BruteShark — It's a powerful and user-friendly Network Forensic Analysis Tool built for security researchers and network administrators. It digs deep into PCAP files or live network captures to extract passwords, rebuild TCP sessions, map your network visually, and even convert password hashes for offline brute force testing with Hashcat. Available as a Windows GUI or a versatile CLI for Windows and Linux.

🔒 Tip of the Week

Segment Your Wi-Fi Network for Better Protection — In today's smart home, you likely have many connected devices—from laptops and smartphones to smart TVs and various IoT gadgets. When all these devices share the same Wi‑Fi network, a breach in one device could potentially put your entire network at risk. Home network segmentation helps protect you by dividing your network into separate parts, similar to how large businesses isolate sensitive information.

To set this up, use your router's guest network or VLAN features to create different SSIDs, such as "Home_Private" for personal devices and "Home_IoT" for smart gadgets. Ensure each network uses strong encryption (WPA3 or WPA2) with unique passwords, and configure your router so devices on one network cannot communicate with those on another. Test your setup by connecting your devices accordingly and verifying that cross-network traffic is blocked, then periodically check your router's dashboard to keep the configuration working smoothly.

Conclusion

That wraps up this week's cybersecurity news. We've covered a broad range of stories—from the case of a former Google engineer charged with stealing key AI secrets to hackers taking advantage of a Windows user interface flaw. We've also seen how cybercriminals are moving into new areas like AI misuse and cryptocurrency scams, while law enforcement and industry experts work hard to catch up.

These headlines remind us that cyber threats come in many forms, and every day, new risks emerge that can affect everyone from large organizations to individual users. Keep an eye on these developments and take steps to protect your digital life. Thank you for joining us, and we look forward to keeping you informed next week.