WEEKLY TOP TEN: February 16, 2025, 16:00 GMT
- Apple Patches Zero-Day Used in Targeted Attacks
Apple released security updates addressing a zero-day vulnerability actively exploited in the wild that affected a broad range of Apple devices. The flaw was used by sophisticated attackers to compromise systems prior to a patch being available, and Apple urged all users—especially enterprise and education customers—to install the fixes immediately to prevent further exploitation. While full details of the exploit chain remain undisclosed, the incident underscores that even well-resourced platforms face active threats that rapidly move from discovery to exploitation. - Microsoft 365 Admin Center Outage Investigated as Security Event
Microsoft reported a significant outage affecting the Microsoft 365 admin center in North America, blocking admin access for business and enterprise accounts. While Microsoft did not explicitly call it a cyberattack, the disruption is under investigation and raised concerns among IT teams about unauthorized access or exploitation of management interfaces. The impact inhibited key administrative functions including user provisioning and policy enforcement, emphasizing the need for resilience plans for cloud management platforms. - CISA Adds Multiple Exploited Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple device flaws to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation. Organizations dependent on these products—especially enterprise and managed service providers—must prioritize patching and mitigation to prevent intrusions that are already being leveraged by threat actors. Inclusion in the KEV catalog triggers binding operational directives for federal agencies and guides private sector risk reduction strategies. - Chrome 145 Update Addresses High-Severity Vulnerabilities
Google issued security patches for Chrome 145, including fixes for multiple high-severity vulnerabilities that could be exploited for remote code execution and privilege escalation. Since Chrome is a ubiquitous enterprise browser, unpatched flaws here can be leveraged as an initial access vector into corporate networks. Enterprises should accelerate browser update deployments and monitor for exploitation attempts targeting web access layers. - Odido Breach Coverage: Dutch Telco Data Loss Explosion
Additional reporting on the Odido breach reinforces the scale and specifics of data exposure across the company’s telecom customer base. Millions of customers’ personal identifiers and financial data were accessed, making this one of the largest telecom data breaches in Europe to date. - BeyondTrust Critical Vulnerability Being Actively Exploited
Security researchers observed that a critical remote code execution (RCE) flaw in BeyondTrust’s Remote Support and older Privileged Remote Access products is being exploited in the wild. With a CVSS score of 9.9, the vulnerability allows unauthenticated attackers to execute commands without logging in, creating a pathway to full system takeover. Tens of thousands of internet-exposed installations remain unpatched. Organizations using these privileged access tools should apply updates urgently to neutralize the active threat. - Volvo Group North America Customer Data Exposed via Conduent Hack
Volvo Group North America revealed a data exposure linked to a breach at service provider Conduent. This attack resulted in unauthorized access to customer information tied to vehicles and services. Although details on exact data types were limited, the impact spans tens of thousands of Volvo customers. Corporate notification filings indicate that affected individuals may be at heightened risk for fraud and identity misuse, prompting Volvo to recommend vigilance and protective measures such as credit monitoring. The incident highlights risks posed by third-party IT providers in the automotive supply chain. - Trojanized 7-Zip Installer Spreads Proxy Malware
Cybercriminals set up a fake 7-Zip download site that served a malicious installer laced with a proxy tool used for stealthy command-and-control and traffic routing. Developers and enterprise users tempted to grab open-source utilities from unverified mirrors instead obtained a package that compromises host systems. The malware can undermine corporate VPNs, internal access controls, and logging infrastructure, potentially giving attackers lateral connectivity within enterprise environments. This campaign is a sharp reminder that supply chain and installer integrity must be safeguarded even for widely used freeware. - Conpet S.A. (Romania) Confirms Data Theft After Ransomware Attack
Romania’s national oil pipeline operator Conpet S.A. confirmed that the Qilin ransomware group breached its corporate IT environment, exfiltrating company data. While pipeline operations and critical OT/SCADA systems remained unaffected, nearly 1 TB of internal documents were reportedly stolen, including financial records and sensitive personal information. Conpet is investigating with national cybersecurity authorities and warned of fraud risks from leaked data. This incident highlights the continued targeting of critical infrastructure firms by double-extortion ransomware actors. - New Malware and Exploit Campaigns Target Email and macOS Users
Threat intel sources reported several active campaigns: a new XWorm RAT phishing attack that leverages a historical Excel exploit, ClickFix DNS hijacking for malware delivery, and a macOS malware campaign riding on Google Ads and leveraging AI-related targets. These multi-vector campaigns illustrate that social engineering combined with legacy exploits remain potent and that macOS environments are increasingly targeted with sophisticated delivery mechanisms.
Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The previous 10 stories were determined to be most significant during the course of the week, ranked by highest risk, and using multiple sources when available.