Critical OpenSSL RCE, Foxit 0-Day Exploits, AI Security Flaws & More: ThreatsDay Bulletin

Post Views: 14

Cybersecurity Landscape Sees Surge in Threats, Vulnerabilities, and Attacks

The ever-evolving threat landscape has witnessed a significant surge in various types of threats, vulnerabilities, and attacks in recent times. This article provides a comprehensive overview of the latest developments in the cybersecurity space, highlighting the key risks, vulnerabilities, and attack techniques that organizations need to be aware of.

Google Enhances Android Privacy and Security

Google has announced the first beta version of Android 17, which includes two significant privacy and security enhancements. The deprecation of Cleartext Traffic Attribute and support for HPKE Hybrid Cryptography aim to enable secure communication using a combination of public key and symmetric encryption.

Ransomware Groups Target Industrial Organizations

There has been a sharp rise in the number of ransomware groups targeting industrial organizations, with 119 groups tracked in 2025, a 49% increase from 2024. The most targeted sector was manufacturing, followed by transportation. A hacking group tracked as Pyroxene has been observed conducting supply chain-leveraged attacks targeting defense, critical infrastructure, and industrial sectors.

ClickFix Campaigns Continue to Evolve

ClickFix campaigns have been observed delivering malware-as-a-service (MaaS) loaders, such as Matanbuchus 3.0, which can lead to ransomware or data exfiltration. The campaigns often rely on typosquatting, fake installation flows, and nested obfuscation to trick victims into executing malicious commands.

Phobos Ransomware Affiliate Detained

A 47-year-old man has been detained in Poland over suspected ties to the Phobos ransomware group. The suspect faces a potential prison sentence of up to five years. The arrest is part of Europol’s Operation Aether, which targets the 8Base ransomware group, believed to be linked to Phobos.

GitLab SSRF Vulnerability Added to CISA’s KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2021-22175 to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the patch by March 11, 2026.

RMM Abuse Surges 277%

The abuse of Remote Monitoring and Management (RMM) software has surged 277% year-over-year, accounting for 24% of all observed incidents. Threat actors have begun to increasingly favor these tools due to their ubiquity in enterprise environments and the trusted nature of the RMM software.

OpenSSL Fixes Several Flaws

The OpenSSL project has patched a stack buffer overflow flaw that can lead to remote code execution attacks under certain conditions. The vulnerability, tracked as CVE-2025-15467, resides in how the library processes Cryptographic Message Syntax data.

Machine Accounts Expand Delegation Risk

New research has revealed that Kerberos delegation applies not just to human users, but also to machine accounts. This means that a computer account can be delegated on behalf of highly privileged machine identities such as domain controllers, increasing the risk of sensitive data exposure.

AI-Generated Passwords Lack True Randomness

Research has found that passwords generated directly by a large language model (LLM) may appear strong but are fundamentally insecure. LLMs are designed to predict tokens, which is incompatible with secure password generation.

PDF Engine Flaws Enable Account Takeover

Cybersecurity researchers have discovered over a dozen vulnerabilities in popular PDF platforms from Foxit and Apryse, potentially allowing attackers to exploit them for account takeover, session hijacking, data exfiltration, and arbitrary JavaScript execution.

Exposed Training Apps Turn Backdoors for Cloud Breaches

A widespread security issue has been discovered where security vendors inadvertently expose deliberately vulnerable training applications to the public internet, opening organizations to severe security risks.

Oyster Loader Refines C2 Stealth

The malware loader known as Oyster has continued to evolve, fine-tuning its C2 infrastructure and obfuscation methods. The malware is distributed mainly through fake websites that distribute installers for legitimate software.

Noodlophile Operators Hit Back

Noodlophile is an information-stealing malware that has been distributed via fake AI tools promoted on social media. The threat actor has been observed padding the malware with millions of repeats of a colorful Vietnamese phrase, suggesting frustration over disrupted campaigns.

Crypto Library RCE Risk Patched

Kerberos Delegation Applies to Computer Accounts

Security News and Trends

The article concludes by highlighting the importance of staying informed about the latest security news and trends. It emphasizes the need for organizations to prioritize cybersecurity and take proactive measures to protect themselves against emerging threats.