Netizen Blog and News
The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.
Category: Threat Intelligence
-
Ransomware gangs are targeting VMware ESXi hypervisors using SSH tunneling for stealthy persistence and lateral movement in networks. These attacks exploit vulnerabilities and stolen credentials, complicating monitoring due to fragmented log systems. SOC teams must enhance logging, restrict SSH access, apply updates, and actively hunt for anomalies to mitigate risks effectively.
-
Google has reported that state-sponsored hacking groups are increasingly utilizing its Gemini AI for enhancing cyber operations, primarily focusing on reconnaissance and scripting rather than conducting attacks. Meanwhile, Texas has banned the use of Chinese AI platforms DeepSeek and RedNote on government devices, citing security and foreign influence concerns.
-
Organizations must prioritize patching five critical security vulnerabilities from December 2025 to mitigate potential attacks. Key vulnerabilities involve Microsoft Access, Windows Hyper-V, Ivanti Connect Secure, and Windows App Package Installer, all presenting risks for remote code execution and privilege escalation. Timely remediation is essential to safeguard IT environments against exploitation.
-
This post discusses phishing scams, exemplified by a suspicious job offer SMS urging urgent action, highlighting key warning signs. It also examines DeepSeek AI’s security vulnerabilities and privacy issues, including data tracking and keystroke logging. Finally, Apple issued critical security updates addressing vulnerabilities across its platforms, urging immediate user updates.
-
The recent cyberattack on AI platform DeepSeek underscores significant cybersecurity vulnerabilities faced by users of AI services. The attack caused operational disruptions and raised concerns about data exposure and malware development risks. Users are advised to safeguard their data by limiting personal information sharing, using strong passwords, and enabling multi-factor authentication.
-
A recent security campaign has targeted 18,000 low-skilled hackers, or “script kiddies,” with a fake malware builder that installs a backdoor. Meanwhile, Microsoft warns that outdated Exchange servers are exposed due to deprecating a security certificate, emphasizing the necessity for timely updates to mitigate threats.
-
On January 13th, SpearTip identified a brute-force attack exploiting the fasthttp library to target Azure Active Directory, primarily from Brazil. High rates of authentication failures and account lockouts were observed. SpearTip released a PowerShell script for detection and advised SOC teams on proactive measures and response strategies to combat such threats effectively.
-
Trump halted the TikTok ban through an executive order, allowing ByteDance more time for a potential sale amid national security concerns. Meanwhile, Fortinet announced critical vulnerabilities affecting its products, including a zero-day flaw, prompting immediate patch releases and advising organizations on timely updates and monitoring for compromises.
-
A Security Operations Center (SOC) internship is vital for launching a cybersecurity career, offering hands-on experience and professional insight. Key steps to secure a position include understanding SOC roles, developing technical skills, gaining hands-on experience, and crafting a strong resume. Networking within the industry also enhances opportunities for aspiring interns.
-
Ivanti has reported two critical zero-day vulnerabilities in its Connect Secure products, with one already exploited. Customers are urged to upgrade their systems immediately. Meanwhile, Telegram’s increased data sharing with law enforcement raises concerns about user privacy and encryption integrity, potentially eroding trust among its privacy-focused user base.
Netizen Blog and News 