"CrushFTP CVE-2025-2825 flaw actively exploited in the wild."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 01 April 2025, 1442 UTC.

 Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

71K followers26 articles per week

#security#tech

13

Most popular

CrushFTP CVE-2025-2825 flaw actively exploited in the wild

by Pierluigi Paganini / 20min

Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code. Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825 , in the CrushFTP file transfer software. Attackers are using exploits based on publicly available proof-of-concept exploit code . The vulnerability impacts Crus

France’s antitrust authority fines Apple €150M for issues related to its App Tracking Transparency

Apple fined 150 million euros

•

by Pierluigi Paganini / 2h

France fines Apple €150M for abusing its dominance in ATT consent practices on iOS and iPadOS from 2021 to 2023. France’s Autorité de la concurrence fined Apple €150M for abusing its dominance in App Tracking Transparency (ATT) consent practices on iOS and iPadOS between April 26, 2021 and July 25, 2023. Apple launched ATT with iOS 14.5, which requires apps to get user consent to access the Ident

CISA warns of RESURGE malware exploiting Ivanti flaw

15 TTPs

•

by Pierluigi Paganini / 1d

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware called RESURGE. The malicious code has been used in attacks targeting the flaw CVE-2025-0282 in Ivanti Connect Secu

Yesterday

Hiding WordPress malware in the mu-plugins directory to avoid detection

10 TTPs

•

by Pierluigi Paganini / 6h

•

Malware targets WordPress mu-plugins directory

Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. “Unlike regular plugins, must-use plugins are automatically loaded on ever

U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog

Collection (Enterprise TA0009)

•

by Pierluigi Paganini / 18h

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Smart Licensing Utility vulnerability, tracked as CVE-2024-20439 , to its Known Exploited Vulnerabilities (KEV) catalog . Last week, Cisco disclosed two vulnerabilities in

Russia-linked Gamaredon targets Ukraine with Remcos RAT

13 TTPs

•

by Pierluigi Paganini / 1d

•

Gamaredon exploits LNK files for Remcos

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon , Primitive Bear , ACTINIUM , Callisto ) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukraini

CoffeeLoader uses a GPU-based packer to evade detection

25 TTPs

•

by Pierluigi Paganini / 1d

•

CoffeeLoader malware evades detection

CoffeeLoader is a sophisticated malware that uses numerous techniques to bypass security solutions, Zscaler ThreatLabz warns. Zscaler ThreatLabz discovered CoffeeLoader, a malware family active since September 2024, that uses multiple techniques to evade endpoint security while downloading second-stage payloads. The advanced techniques used by the malware include GPU-based packing, call stack spo

Mar 30, 2025

Morphing Meerkat phishing kits exploit DNS MX records

11 TTPs

•

by Pierluigi Paganini / 1d

•

Morphing Meerkat phishing kit exploits DNS

to deliver spoofed login pages, targeting over 100 brands. Infoblox researchers discovered a new phishing-as-a-service (PhaaS) platform that generated multiple phishing kits, called Morphing Meerkat, using DNS mail exchange (MX) records to deliver fake login pages and targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamical

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39

by Pierluigi Paganini / 2d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Microsoft Trusted Signing service abused to code-sign malware Shedding light on the ABYSSWORKER driver VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAU

Security Affairs newsletter Round 517 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 2d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme Experts warn of the new sophisticate Crocodilus mobile banking Trojan Crooks are rev

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

4 TTPs

•

by Pierluigi Paganini / 2d

The Walmart-owned membership warehouse club chain Sam’s Club is investigating claims of a Cl0p ransomware security breach. Sam’s Club is a membership warehouse club chain in the United States, owned by Walmart. Founded in 1983 by Sam Walton, Walmart’s founder, as Sam’s Wholesale Club, it was renamed Sam’s Club in 1990. These stores operate on a bulk retail model, offering members discounted price

Mar 29, 2025

FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme

DOJ seizes 8.2M$ in crypto

•

by Pierluigi Paganini / 2d

The U.S. DOJ seized over $8.2 million in USDT stolen through ‘romance baiting’ scams, where victims are tricked into fake investments promising high returns. On February 27, 2025, the U.S. Attorney’s Office in Ohio filed a civil forfeiture complaint for $8.2M in USDT (Tether) linked to a ‘romance baiting’ scam. Fraudsters used anonymous messaging apps to deceive victims into fake financial relati

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

5 TTPs

•

by Pierluigi Paganini / 2d

•

Crocodilus malware targets Android devices

The new Android trojan Crocodilus exploits accessibility features to steal banking and crypto credentials, mainly targeting users in Spain and Turkey. ThreatFabric researchers discovered a new Android trojan called Crocodilus, which exploits accessibility features to steal banking and crypto credentials. “Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the ou

End of feed