Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, February 01, 2025.
Cyber Incidents at Tata Technologies and ICICI Bank
Tata Technologies, a prominent subsidiary of the Tata Group, recently experienced a significant cyber incident orchestrated by unknown threat actors….
ICICI Bank, one of India’s leading private sector banks, also faced a ransomware attack by the BASHE ransomware group. The group claimed responsibility for the attack and threatened to release sensitive customer data unless their ransom demands were met…..
CVE-2025-24085 Apple fixes Critical Zeroday
CVE-2025-24085 is a critical zero-day vulnerability identified in Apple’s Core Media framework. This framework is integral to the media processing pipeline used by AVFoundation and other high-level media frameworks across Apple’s product ecosystem. This vulnerability enables malicious applications to potentially gain elevated privileges on affected devices, posing a significant security risk…..
CVE-2025-21298 Exploit Code Released
CVE-2025-21298 is a critical use-after-free vulnerability in Microsoft Outlook. This vulnerability can be exploited to achieve remote code execution by leveraging the OLE feature, which allows embedding and linking to documents and other objects. The exploitation relies on the improper handling of memory, where a pointer is used after it has been freed, leading to undefined behavior that attackers can exploit….
New Side-Channel Attacks: FLOP and SLAP in Apple’s Processors
Recent discoveries by security researchers from the Georgia Institute of Technology and Ruhr University Bochum have revealed two new side-channel vulnerabilities in Apple’s modern processors, identified as FLOP (False Load Output Prediction) and SLAP (Speculative Load Address Prediction). These vulnerabilities exploit flaws in speculative execution, a performance optimization technique employed by Apple’s CPUs, and have significant implications for the security of affected devices…..
CVE-2024-55591 Exploit Code Released for FortiOS Flaw
Cybersecurity company watchTowr Labs has released the proof-of-concept (PoC) exploit code for a severe zero-day vulnerability, CVE-2024-55591, affecting Fortinet’s FortiProxy products. This vulnerability, with a CVSS score of 9.8, has already been exploited in active attacks to compromise enterprise networks and hijack firewalls….
This brings the end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us, please follow us on Facebook, Twitter, Instagram
Pingback: TheCyberThrone Security Weekly Review – February 01, 2025 - Alireza Gharib Blog