This Weeks Headlines
- WhatsApp Vulnerability Allowed Remote Code Execution on Windows PCs
- Microsoft Patches 125 Flaws, Including Actively Exploited Windows CLFS Vulnerability
- Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Vulnerability
- CrushFTP File Transfer Vulnerability Exploited by Ransomware Group
- PoisonSeed Exploits CRM Credentials to Launch Cryptocurrency Seed Phrase Attacks
- Elevation of Privilege Vulnerability in Network Configuration Operators Group
- High Court Dismisses Judicial Review Over HSE Ransomware Data Breach
WhatsApp Vulnerability Allowed Remote Code Execution on Windows PCs
Meta has patched a critical vulnerability in WhatsApp for Windows, identified as CVE-2025-30401, which could have allowed attackers to execute arbitrary code on users’ devices.
The flaw involved a spoofing issue where attachments were displayed based on their MIME type but opened according to their filename extension. This discrepancy enabled malicious actors to craft files that, when opened, could run harmful code instead of displaying the intended content.
Users are strongly advised to update to WhatsApp version 2.2450.6 or later to protect against this vulnerability.
View SourceMicrosoft Patches 125 Flaws, Including Actively Exploited Windows CLFS Vulnerability
Microsoft has released security updates addressing 125 vulnerabilities across its software products. Among these, 11 are rated Critical, 112 Important, and two Low in severity.
Notably, an elevation of privilege flaw in the Windows Common Log File System (CLFS) Driver (CVE-2025-29824) has been actively exploited in ransomware attacks. This marks the sixth such CLFS vulnerability exploited since 2022.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, urging federal agencies to apply the fix by April 29, 2025.
Administrators are advised to prioritise these updates to mitigate potential threats.
View SourceFortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Vulnerability
Fortinet has released security updates to address a critical vulnerability in FortiSwitch, identified as CVE-2024-48887, with a CVSS score of 9.3. This flaw allows remote, unauthenticated attackers to modify administrator passwords via specially crafted requests to the FortiSwitch GUI.
Affected versions include FortiSwitch:
- 7.6.0,
- 7.4.0 through 7.4.4,
- 7.2.0 through 7.2.8,
- 7.0.0 through 7.0.10,
- 6.4.0 through 6.4.14.
Fortinet advises users to upgrade to the latest versions to mitigate this risk. As interim measures, disabling HTTP/HTTPS access to administrative interfaces and restricting system access to trusted hosts are recommended.
While no exploitation has been reported, prompt action is essential to maintain network security.
View SourceCrushFTP File Transfer Vulnerability Exploited by Ransomware Group
A critical vulnerability in the CrushFTP file transfer tool, identified as CVE-2025-31161, is being actively exploited by cybercriminals, including the Kill ransomware gang.
CrushFTP alerted customers on March 21, 2025, urging immediate updates to mitigate the flaw, which allows unauthorised access to sensitive data. Despite these warnings, exploitation has continued, prompting the Cybersecurity and Infrastructure Security Agency (CISA) to mandate federal agencies to patch affected systems by April 28, 2025.
Organisations using CrushFTP are strongly advised to upgrade to the latest version and implement recommended security measures to prevent potential data breaches.
View SourcePoisonSeed Exploits CRM Credentials to Launch Cryptocurrency Seed Phrase Attacks
A malicious campaign dubbed PoisonSeed is leveraging compromised credentials from customer relationship management (CRM) tools and bulk email providers to send spam messages containing fraudulent cryptocurrency seed phrases.
The attackers aim to deceive recipients into importing these seed phrases into new cryptocurrency wallets, thereby gaining unauthorised access to their funds. Targets include enterprise organisations and individuals, with notable companies like Coinbase, Ledger, Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho being impersonated. The attackers create lookalike phishing pages to harvest credentials and establish persistence by generating API keys. Subsequently, they export mailing lists and disseminate spam emails prompting users to set up new wallets using the provided seed phrases.
View SourceElevation of Privilege Vulnerability in Network Configuration Operators Group
Security researcher BirkeP discovered a critical elevation of privilege vulnerability, designated as CVE-2025-21293, within Windows Active Directory’s “Network Configuration Operators” group.
This group, intended to allow users to manage network configurations without full administrative rights, was found to possess excessive permissions, notably the “CreateSubKey” right over sensitive registry keys like DnsCache and NetBT. By exploiting these permissions, an attacker could register malicious performance counters, enabling code execution with SYSTEM privileges.
Microsoft addressed this issue in the January 14, 2025, security update by modifying the group’s permissions to prevent such exploits.
View SourceHigh Court Dismisses Judicial Review Over HSE Ransomware Data Breach
The High Court has dismissed a judicial review concerning a data breach from the 2021 ransomware attack on the Health Service Executive (HSE). The applicant, a fire prevention officer, alleged that unauthorised access to his HSE-issued work phone led to breaches of his personal email and cryptocurrency accounts.
The Data Protection Commission (DPC) had previously determined that the HSE was not a “data controller” for the personal data on the device, as personal use was unauthorised.
The High Court upheld this decision, concluding that the DPC’s findings were lawful and that the applicant’s claims were unsubstantiated.
View SourceIf you’re ready to chat about how we can help protect your business from cyber threats, contact us using the form below 👇.
