Palo Alto Networks Confirms Exploitation of Firewall Vulnerability
Source: Security Week
The existence of CVE-2025-0108 came to light on February 12, when Palo Alto Networks announced the availability of patches and mitigations. The PAN-OS authentication bypass flaw allows an unauthenticated attacker to gain access to the targeted device’s management interface and execute certain PHP scripts.
Threat actors are using legitimate Microsoft feature to compromise M365 accounts
Source: Help Net Security
Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) accounts. “While Device Code Authentication attacks are not new, they appear to have been rarely leveraged by nation-state threat actors.
Venture capital giant Insight Partners hit by cyberattack
Source: Bleeping Computer
New York-based venture capital and private equity firm Insight Partners has disclosed that its systems were breached in January following a social engineering attack. The company manages over $90 billion in regulatory assets and has invested in over 800 software and technology startups and companies worldwide during its 30 years of activity.
'Darcula' Phishing Kit Can Now Impersonate Any Brand
Source: Dark Reading
A new version of the phishing-as-a-service (PhaaS) platform "Darcula" is launching, with a feature that allows anyone to spoof any brand online, with no technical skill required. The most recent Darcula version (V2) was already sleek and user-friendly, with hundreds of templates that allowed subscribers to create phishing content mimicking companies from around the world.
China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
Source: The Hacker News
A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases.