"Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday targeted attacks."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 14 February 2025, 1545 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

70K followers27 articles per week

#security#tech

10

Yesterday

Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks

3 TTPs

•

by Pierluigi Paganini / 5h

•

CVE-2025-1094

Threat actors are exploiting a zero-day SQL injection vulnerability in PostgreSQL, according to researchers from cybersecurity firm Rapid7. Rapid7 researchers discovered a high-severity SQL injection flaw, tracked as CVE-2025-1094, in PostgreSQL’s psql tool. The experts discovered the flaw while investigating the exploitation of the vulnerability CVE-2024-12356 for remote code execution. BeyondTr

Valve removed the game PirateFi from the Steam video game platform because contained a malware

Steam removes PirateFi for malware

•

by Pierluigi Paganini / 7h

Valve removed a game from Steam because it contained malware, the company also warned affected users to reformat their operating systems. Valve removed the game PirateFi from the Steam video game platform because it contained a Windows malicious code to steal browser cookies and hijack accounts. The company also warned affected users to fully reformatting the operating systems to remove the threa

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets

by Pierluigi Paganini / 20h

Researchers at cybersecurity firm Resecurity detected a rise in cyberattacks targeting UAV and counter-UAV technologies. Resecurity identified an increase in malicious cyber activity targeting UAV and counter-UAV (C-UAV/C-UAS) technologies. That was especially notable during active periods of local conflicts, including the escalation of the Russia-Ukraine war and the Israel-Hamas confrontation. T

China-linked APTs’ tool employed in RA World Ransomware attack

by Pierluigi Paganini / 23h

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups. “Tools that are usually associated with China-based espionag

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

by Pierluigi Paganini / 1d

A subgroup of the Russia-linked Seashell Blizzard APT group (aka Sandworm) ran a global multi-year initial access operation called BadPilot. Microsoft shared findings on research on a subgroup of the Russia-linked APT group Seashell Blizzard behind the global BadPilot campaign, which compromises infrastructure to support Russian cyber operations. Seashell Blizzard (aka Sandworm , BlackEnergy and

Feb 12, 2025

Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron

4 TTPs

•

by Pierluigi Paganini / 1d

•

Unimicron suffers Sarcoma ransomware attack

The Sarcoma ransomware group announced a breach of the Taiwanese printed circuit board (PCB) manufacturing giant Unimicron. The Sarcoma ransomware group claims to have breached Taiwanese PCB manufacturer Unimicron, leaked sample files, and threatened a full data release if no ransom is paid by Tuesday, February 20, 2025. Unimicron Technology Corporation is a Taiwanese company specializing in the

Russian cybercriminal Alexander Vinnik is being released from U.S. custody in exchange for Marc Fogel

Vinnik exchanged for Fogel release

•

by Pierluigi Paganini / 1d

, a Trump administration source told CNN. The New York Times first reported that Alexander Vinnik, a Russian money laundering suspect, is being released from U.S. custody in exchange for Marc Fogel, according to a Trump administration source. Alexander Vinnik , a Russian national, in May 2024 pleaded guilty to conspiracy to commit money laundering for his involvement in operating the cryptocurren

North Korea-linked APT Emerald Sleet is using a new tactic

by Pierluigi Paganini / 2d

Microsoft Threat Intelligence has observed North Korea-linked APT Emerald Sleet using a new tactic, tricking targets into running PowerShell. Microsoft Threat Intelligence researchers spotted North Korea-linked threat actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA ) using a new tactic. They are tricking targets into running PowerShell as an administrator and executing code provide

Feb 11, 2025

U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog

8 TTPs

•

by Pierluigi Paganini / 2d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability CVE-2024-40890 Zyxel DSL CPE OS Comma

Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs

6 TTPs

•

by Pierluigi Paganini / 2d

•

PatchTuesday

Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2025 addressed 57 vulnerabilities in Windows and Windows Components, Office and Office Components, Azure, Visual Studio, and Remote Desktop Services. Two of these vulnerabilities are listed as publicly know

End of feed