Infosec Roundup: Malvertising, Exploited Vulnerabilities, and Data Breaches

2025-03-10
Infosec Roundup: Malvertising, Exploited Vulnerabilities, and Data Breaches

Microsoft uncovered a malvertising campaign distributing malware via GitHub, impacting nearly a million devices. The campaign used pirated video streaming sites embedding malicious redirects, ultimately leading to malware hosted on GitHub that stole system information and browser credentials. Meanwhile, Red Hat becomes a CVE numbering authority of last resort, while several critical vulnerabilities are actively exploited, including an RCE vulnerability in Progress Software WhatsUp Gold and security flaws in Hitachi Vantara Pentaho Business Analytics Server. Cisco warns of the exploitation of CVE-2023-20118 and recommends hardware replacement. Popular phone cleaning apps are revealed to be sharing user data, and the US House passed a bill requiring federal contractors to implement vulnerability disclosure policies. Finally, scammers used AI-generated videos impersonating YouTube CEO Neal Mohan for phishing attacks, while Singapore considers caning for cybercriminals.

Tech