News – February 2025

February 14, 2025

The PostgreSQL Global Development Group (also known as Postgres) has released an advisory to address a high severity vulnerability in PostgreSQL. PostgreSQL is a relational SQL database management system. CVE-2025-1094 is an ‘improper neutralisation of quoting syntax’ vulnerability with a CVSSv3 score of 8.1. If exploited, a remote unauthenticated attacker could achieve SQL injection via sending ...

February 14, 2025

The Coast Guard’s personnel and payroll system experienced a data breach resulting in a delay in pay for 1,135 service members. The breach will affect bi-weekly pay for 1,135 members, according to a Coast Guard statement to USNI News. “The Coast Guard Investigative Service and Coast Guard Cyber Command are leading an exhaustive investigation to determine ...

February 14, 2025

A report by BleepingComputer cites a thread posted on an underground hacking forum claiming to have breached Zacks in June 2024, gaining sensitive information on 12 million people, including names, usernames, email addresses, postal addresses, and phone numbers. The forum thread contained a small sample, and an offer for the entire batch in exchange for a ...

February 14, 2025

Two men were arrested on Thursday for operating a sophisticated sexual extortion network. According to the investigation, they posed as women on social media lured victims into sending intimate photos, and then threatened to expose the images unless they paid money. The prosecution stated: “They acted systematically, cynically exploiting their victims.” David Bracha, 26, from Rishon ...

February 14, 2025

The Trump administration on Friday moved to fire more than 400 employees at the Department of Homeland Security, the latest effort in a government-wide campaign to dramatically reduce the federal workforce. Officials at DHS said they had fired hundreds of employees across several of its agencies after supervisors identified “non-mission critical personnel in probationary status” within ...

February 14, 2025

SimpleHelp has released security updates to address one critical and two high severity vulnerabilities in SimpleHelp. SimpleHelp is a remote monitoring and management (RMM) tool that allows administrators and service desk technicians to provide remote support and monitor devices on the network. The three vulnerabilities can be used in an exploit chain, which could allow a ...

February 13, 2025

Security researchers say the Chinese government-linked hacking group, Salt Typhoon, is continuing to compromise telecommunications providers, despite the recent sanctions imposed by the U.S. government on the group. In a report shared with TechCrunch, threat intelligence firm Recorded Future said it had observed Salt Typhoon — which the company tracks as “RedMike” — breaching five telecommunications ...

February 13, 2025

Microsoft discovered cyberattacks being launched by a group they call Storm-2372, who they assess with medium confidence aligns with Russia’s interests and tradecraft. The attacks appear to have been ongoing since August 2024 and have targeted governments, NGOs, and a wide range of industries in multiple regions. The attacks use a specific phishing technique called “device ...

February 13, 2025

Italian spyware maker SIO, known to sell its products to government customers, is behind a series of malicious Android apps that masquerade as WhatsApp and other popular apps but steal private data from a target’s device, TechCrunch has exclusively learned. Late last year, a security researcher shared three Android apps with TechCrunch, claiming they were likely ...

February 13, 2025

Two men have appeared in court charged with terrorism offences linked to a major PSNI data breach. Brian Francis Cavlan, 49, from Coronation Park, Aughnacloy and Rory Martin Logan, 43, with an address given as HMP Maghaberry, appeared before court on Thursday. They were arrested on Tuesday as part of an ongoing police investigation into the ...