This Weeks Headlines
- Microsoft’s February Patch Tuesday Addresses 63 Vulnerabilities, Including Two Actively Exploited Elevation of Privilege Flaws
- Ivanti Releases Patches for Critical Vulnerabilities in Connect Secure and Policy Secure
- HSE Faces Nearly 500 Legal Actions Following €102 Million Cyberattack
- New Exploit Bypasses Patched NVIDIA Container Toolkit Vulnerability
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux
Microsoft’s February Patch Tuesday Addresses 63 Vulnerabilities, Including Two Actively Exploited Elevation of Privilege Flaws
On February 12, 2025, Microsoft released security updates addressing 63 vulnerabilities across its software products. Among these, two elevation of privilege vulnerabilities are currently under active exploitation:
- CVE-2025-21391: A Windows Storage vulnerability allowing attackers to delete targeted files, potentially leading to service disruptions.
- CVE-2025-21418: A flaw in the Windows Ancillary Function Driver for WinSock (AFD.sys) that could be exploited to gain SYSTEM privileges.
Additionally, the update addresses a critical remote code execution vulnerability, CVE-2025-21198, in the High Performance Compute (HPC) Pack, which could allow attackers to execute arbitrary code via specially crafted HTTPS requests.
Users are strongly advised to apply these updates promptly to mitigate potential security risks.
View SourceIvanti Releases Patches for Critical Vulnerabilities in Connect Secure and Policy Secure
Ivanti has issued security updates to address multiple critical vulnerabilities affecting its Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) products.
The most severe of these, CVE-2025-22467, is a stack-based buffer overflow in ICS that allows remote authenticated attackers to execute arbitrary code. Other notable flaws include CVE-2024-38657 and CVE-2024-10644, which permit remote code execution through external control of file names and code injection, respectively.
Although there is no evidence of these vulnerabilities being exploited in the wild, Ivanti’s products have been frequent targets for threat actors. Users are strongly advised to update to the latest versions—ICS 22.7R2.6, IPS 22.7R1.3, and CSA 5.0.5—to mitigate potential risks.
View SourceHSE Faces Nearly 500 Legal Actions Following €102 Million Cyberattack
The Health Service Executive (HSE) is confronting at least 473 legal actions stemming from a cyberattack by Russian hackers that severely disrupted its systems.
The May 2021 ransomware attack compromised sensitive patient data and led to significant operational challenges. The immediate response to the breach cost taxpayers approximately €101 million, with an additional €657 million allocated to bolster cybersecurity measures and prevent future incidents.
Many of the legal claims pertain to the psychological impact experienced by patients and staff due to the data breach and subsequent service disruptions.
View SourceNew Exploit Bypasses Patched NVIDIA Container Toolkit Vulnerability
Cybersecurity researchers have identified a new vulnerability, tracked as CVE-2025-23359, in the NVIDIA Container Toolkit for Linux. This Time-of-Check Time-of-Use (TOCTOU) flaw allows a crafted container image to gain access to the host file system, potentially leading to code execution, denial of service, privilege escalation, information disclosure, and data tampering.
The issue affects all versions up to and including 1.17.3 of the NVIDIA Container Toolkit and has been fixed in version 1.17.4. Similarly, the NVIDIA GPU Operator versions up to and including 24.9.1 are affected, with a fix available in version 24.9.2.
Users are advised to update to the latest versions and ensure that the “–no-cntlibs” flag is not disabled in production environments.
View SourceFINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux
Security researchers have uncovered a sophisticated cyber-espionage campaign deploying a custom malware named FINALDRAFT. Attributed to the threat group REF7707, the campaign has targeted entities including a South American foreign ministry, a Southeast Asian telecommunications company, and a university.
FINALDRAFT is a C++-based remote administration tool that abuses the Microsoft Graph API, utilizing Outlook’s email service for command-and-control operations. It communicates by parsing commands stored in the mailbox’s drafts folder and writing execution results into new draft emails.
The malware features 37 command handlers facilitating process injection, file manipulation, and network proxy capabilities. Notably, a Linux variant of FINALDRAFT has also been identified, indicating cross-platform targeting. The campaign’s advanced tooling and extended operational timeframe suggest a well-organized, espionage-focused effort.
View SourceIf you’re ready to learn how we can help protect your business from cyber threats, contact us using the form below 👇.
