ICS Vulnerabilities, WordPress Exploit & Russian Malware – 11/04/2025

Today’s threat landscape is dominated by critical vulnerabilities in Industrial Control Systems (ICS), with CISA issuing alerts for aviation weather and surveillance systems carrying a CVSS score of 10.0. Concurrently, threat actors are actively exploiting a widespread vulnerability in a popular WordPress plugin to hijack administrator accounts. This summary also covers a novel malware evasion technique used by Russian hackers and the concerning merger of three major cybercrime groups into a unified collective.

Top 5 Critical Security Alerts

• Radiometrics VizAir Vulnerabilities: CISA warns of multiple critical vulnerabilities (CVSS 10.0) in aviation weather systems, allowing remote, unauthenticated attackers to manipulate weather data and disrupt airport operations. Read more
• CISA Adds Two Known Exploited Vulnerabilities to Catalog: CISA has added vulnerabilities in Gladinet CentreStack/Triofox (CVE-2025-11371) and CWP Control Web Panel (CVE-2025-48703) to its KEV catalog, indicating active exploitation. Read more
• Hackers Exploit WordPress Post SMTP Plugin: Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin, affecting over 400,000 sites, to hijack administrator accounts and gain full control. Read more
• Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs: The Russian-aligned group ‘Curly COMrades’ is using a novel technique, hiding malware in a hidden Alpine Linux VM on Windows systems to bypass EDR solutions. Read more
• Survision LPR Camera Lacks Authentication: A critical vulnerability (CVSS 9.3) in Survision’s License Plate Recognition cameras allows attackers full system access without authentication due to password protection being off by default. Read more

Threat Intelligence

• A Cybercrime Merger Like No Other: Scattered Spider, LAPSUS$, and ShinyHunters Join Forces: Three notorious cybercrime groups have reportedly merged, forming a powerful collective for coordinated extortion and data theft operations. Read more
• SesameOp Backdoor Uses OpenAI API for Covert C2: A novel backdoor named ‘SesameOp’ has been discovered using OpenAI’s Assistants API for stealthy command-and-control communications, evading traditional detection methods. Read more
• U.S. Prosecutors Indict Insiders for BlackCat Ransomware Attacks: Federal prosecutors have indicted three individuals for allegedly using BlackCat ransomware to attack and extort five U.S. companies, including a medical device manufacturer. Read more
• Malicious Android Apps on Google Play Downloaded 42 Million Times: A Zscaler report reveals that hundreds of malicious Android applications available on the official Google Play Store have been downloaded over 42 million times in the past year. Read more
• Critical React Native CLI Flaw Exposed Developers to Remote Attacks: A now-patched critical vulnerability in a popular React Native npm package could have allowed remote unauthenticated attackers to execute arbitrary OS commands on developer machines. Read more
• Microsoft Teams Bugs Let Attackers Impersonate Colleagues: Check Point disclosed four security flaws in Microsoft Teams that could allow attackers to manipulate conversations, impersonate users, and exploit notifications for social engineering. Read more

Security Breaches & Incidents

• Data Breach at Major Swedish Software Supplier Impacts 1.5 Million: Swedish IT supplier Miljödata suffered a cyberattack that exposed the personal data of 1.5 million people, prompting an investigation by the country’s privacy authority. Read more
• Phone Location Data of Top EU Officials for Sale: A new report reveals that commercially available location data from data brokers can be easily used to track the movements of high-ranking European Union officials. Read more
• Media Giant Nikkei Reports Data Breach Impacting 17,000 People: Japanese publisher Nikkei disclosed that its Slack platform was compromised, exposing the personal information of more than 17,000 employees and business partners. Read more
• Apache OpenOffice Disputes Data Breach Claims by Ransomware Gang: The Apache Software Foundation is disputing claims made by the Akira ransomware gang that they successfully breached the OpenOffice project and stole 23 GB of documents. Read more
• Polish Loan Platform Hacked; Multiple Businesses Disrupted: A series of cyberattacks in Poland have disrupted a loan platform, a mobile payment system, and other businesses, with officials calling such incidents ‘commonplace’. Read more

Security Tools & Best Practices

• Microsoft Removing Defender Application Guard from Office: Microsoft has announced plans to deprecate and eventually remove the Defender Application Guard sandboxing feature from Microsoft Office, with removal set for December 2027. Read more
• The Top 3 Browser Sandbox Threats That Slip Past Modern Security Tools: Attackers are increasingly exploiting browsers’ built-in behaviors to steal credentials and move laterally, bypassing traditional security defenses that lack browser-layer visibility. Read more

Cloud & Network Security

• Identity Is Now the Top Source of Cloud Risk: According to ReliaQuest data from Q3, identity-related issues were the root cause of 44% of all cloud security alerts, making it the primary source of risk in cloud environments. Read more

Security Standards & Frameworks

• CISA Releases Five Industrial Control Systems Advisories: CISA has published five new ICS advisories detailing vulnerabilities in products from Fuji Electric, Survision, Delta Electronics, Radiometrics, and IDIS. Read more

Emerging Security Technologies

• Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit: Google’s AI-powered security agent, ‘Big Sleep,’ has discovered five security flaws in Apple’s WebKit browser engine, highlighting the potential of AI in vulnerability research. Read more