Originally reported by BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs
TL;DR
This week brought critical remote code execution vulnerabilities in Juniper PTX routers and Trend Micro Apex One, alongside sophisticated social engineering campaigns abusing Google APIs and trusted video conferencing brands. Ransomware payment rates have dropped to historic lows despite increased attack volume.
The roundup includes critical infrastructure vulnerabilities in Juniper routers and Trend Micro enterprise security software that enable remote code execution, representing immediate threats to organizational security posture.
Juniper Networks disclosed a critical vulnerability in Junos OS Evolved affecting PTX Series routers that enables unauthenticated remote code execution with root privileges. The flaw represents a significant threat to network infrastructure, allowing attackers to completely compromise affected routing equipment without authentication.
Trend Micro patched two critical vulnerabilities in Apex One that permit remote code execution on Windows systems. The security vendor's advisory emphasizes the severity of these flaws, which could allow attackers to compromise systems protected by the enterprise security platform itself.
Researchers discovered that Google API keys originally intended for services like Maps, when embedded in client-side code, can now authenticate to Gemini AI assistant services and potentially access private data. This represents an expansion of attack surface as organizations integrate AI services without updating their API security practices.
European DIY retailer ManoMano disclosed a data breach affecting 38 million customers through a compromised third-party service provider. The incident highlights supply chain security risks in customer data handling.
French football club Olympique de Marseille confirmed a cyberattack after threat actors claimed to have breached the organization's systems and leaked data. The club characterized the incident as an "attempted" attack while acknowledging the data exposure.
New research indicates ransomware victim payment rates fell to 28% in the previous year, marking an all-time low despite increased attack volumes. This trend suggests improved organizational resilience and backup strategies, though threat actors continue expanding their targeting scope.
In an unusual turn of events, a Russian man allegedly attempted to extort money from a notorious ransomware group while impersonating an FSB officer, highlighting the criminal ecosystem's internal dynamics and trust issues.
Malwarebytes researchers analyzed a sophisticated browser-based remote access trojan (RAT) disguised as a Google security check. The attack leverages browser permissions to harvest sensitive data including contacts and location information without traditional malware installation.
Attackers are distributing the legitimate Teramind employee monitoring software through fake Zoom and Google Meet installation prompts. The campaign demonstrates how threat actors increasingly leverage trusted brands and legitimate tools to bypass security controls.
A new Fortra report indicates insider security incident costs have surged 20% over two years, reaching an average of $19.5 million annually per organization. The research suggests AI tools are exacerbating existing insider threat vectors by providing more sophisticated attack capabilities.
Microsoft expanded its Windows restore functionality to additional enterprise devices, allowing users to restore personal settings and Microsoft Store applications from previous Windows 11 installations. The feature aims to improve user experience during device transitions while maintaining security controls.
Malwarebytes published educational content on Advanced Persistent Threat (APT) understanding and avoidance strategies, providing practitioners with foundational knowledge for defending against sophisticated, long-term attack campaigns.
Cisco Talos released commentary drawing parallels between Shakespeare's Hotspur character and cybersecurity leadership challenges, emphasizing the importance of calculated risk-taking and learning from security failures.
Originally reported by BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs