Cyber attacks Cybersecurity

CyberWednesday: Top 10 Cybersecurity Updates #14

5 min. read
Placeholder for Engineer focused on taskEngineer focused on task

Share

It’s time for this week’s Nomios CyberWednesday Top 10 Cybersecurity updates! Cyber threats are evolving fast, and staying ahead has never been more important. From AI platforms under attack to state-sponsored hackers targeting key systems, no organisation or technology is completely safe. Ransomware groups are getting smarter, security flaws are being exploited, and criminals are using AI to their advantage.

Let’s break down the biggest cybersecurity stories of the week - what happened, why it matters, and what you need to know.

1. Top-rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks

Chinese AI startup DeepSeek has had to suspend new user registrations due to large-scale cyberattacks targeting its AI platform.

DeepSeek is known for its highly efficient AI model training, having completed its entire model training process for just $5.576M. During pre-training, one trillion tokens were processed using 180,000 H800 GPU hours—which equates to 3.7 days on a cluster of 2,048 H800 GPUs. The full training cycle, including context length extension (119K GPU hours) and post-training (5K GPU hours), required 2.788M GPU hours at $2 per GPU hour.

This attack underscores the growing cyber risks faced by AI platforms, particularly those leveraging large-scale cloud computing for machine learning. (Source: The Hacker News)

2. For $50, Cyber attackers Can Use GhostGPT to Write Malicious Code

A rogue AI chatbot, GhostGPT, has emerged on underground cybercrime forums, offering fully unrestricted AI-powered hacking tools.

Unlike mainstream AI chatbots that enforce ethical constraints, GhostGPT enables users to generate phishing emails, ransomware scripts, and malicious code. The service is available for $50 per week, $150 per month, and $300 for three months, making it highly accessible to cybercriminals.

Experts warn that AI-driven cybercrime tools like GhostGPT will accelerate the frequency and sophistication of cyberattacks, allowing even low-skill hackers to generate advanced malware. (Source: Dark Reading)

3. Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs and More

Apple has released critical security updates to fix a zero-day vulnerability (CVE-2025-24085) that is being actively exploited in real-world attacks.

The vulnerability allows attackers to escalate privileges and potentially gain full control over affected devices. Apple’s update applies to iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3, impacting iPhone XS and later as well as various iPad models from the 3rd generation onwards.
(Source: The Hacker News)

4. Fortinet Zero-Day Under Active Exploitation - Attackers Gaining Super-Admin Privileges

A severe authentication bypass vulnerability (CVE-2024-55591) in FortiOS and FortiProxy has been actively exploited, allowing attackers to gain super-admin privileges.

The flaw, which carries a CVSS severity rating of 9.6, allows hackers to create unauthorized admin accounts, alter firewall policies, and establish SSL VPN tunnels. Fortinet has released emergency patches, and companies relying on Fortinet security products are urged to update immediately. (Source: Dark Reading)

5. Google Patches Chrome Security Flaws That Could Lead to Full System Compromise

Google has issued a critical security update for Chrome (version 132.0.6834.110/111), patching multiple high-severity vulnerabilities in its V8 JavaScript engine.

Among the most significant patches was a memory corruption vulnerability, which earned a researcher an $11,000 bug bounty reward. If left unpatched, these flaws could allow attackers to execute arbitrary code through malicious websites, leading to full system takeover. (Source: Cybersecurity News)

6. Akira Ransomeware Group's Linux Variant Targets VMware ESXi Servers

The Akira ransomware gang has launched a new Linux-based variant targeting VMware ESXi servers, impacting 350 victims globally and extorting $42 million USD.

The ransomware uses Rust programming language to evade detection and employs a hybrid encryption model (ChaCha20 + RSA) to lock down enterprise networks in manufacturing, finance, and education sectors. (Source: Cybersecurity News)

7. EU Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia's Key Ministries

The European Union has imposed sanctions on three Russian military intelligence officers from GRU Unit 29155, following cyberattacks on Estonian government systems.

The attacks led to theft of classified data from multiple ministries, including economic, social, and foreign affairs departments. In response, the EU has issued asset freezes and travel bans, bringing the total number of individuals sanctioned under its cybercrime framework to 17, alongside 4 entities.

This move signifies a firm stance by the EU against state-sponsored cyberattacks targeting its member states. (Source: The Hacker News)

8. Hackers using RID Hijacking Technique to Create Secret Windows Admin Accounts

North Korean-linked Andariel group has been found using RID hijacking to create hidden Windows admin accounts, bypassing traditional security controls.

By manipulating Windows Registry values, attackers assign Administrator privileges to low-privilege accounts, granting them full control of targeted systems while remaining undetected. This sophisticated technique requires initial system-level access, making it critical for IT teams to monitor user privilege escalation and review registry changes. (Source: Cybersecurity News)

9. Microsoft Announces Phishing Attack Protection for Teams Chat Starting February 2025

Microsoft is rolling out phishing protection for Teams chats, a move designed to combat the growing number of impersonation attempts and malicious links in corporate communications.

The new feature will automatically scan messages from external users during initial interactions and flag potential impersonation attempts and suspicious links.

The rollout will occur in two phases: the Targeted Release is scheduled for late October 2024, with general availability expected by mid-February 2025.

This update addresses Teams' vulnerability to phishing attacks, a growing concern for organisations relying on the platform for business communication. (Source: Cybersecurity News)

10. OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking

A critical OAuth implementation flaw in a widely used airline travel integration platform has left millions of users vulnerable to account hijacking attacks.

Attackers are exploiting the “tr_returnUrl” parameter to redirect authentication responses containing user session tokens to malicious URLs. Given the platform’s integration with multiple major airline systems, the flaw poses a significant risk to global travellers, potentially affecting airline loyalty accounts and sensitive customer data. (Source: The Hacker News)

With cybercriminals moving faster than ever, staying ahead is not just important - it’s essential. Keep your systems updated, monitor AI models, and strengthen your defences - because attackers won’t wait. Join us every week for the CyberWednesday series, your go-to source for the latest updates and actionable insights.

Sign up for our newsletter

Get the latest security news, insights and market trends delivered to your inbox.

Updates

More updates