Security news.
Today's security brief highlights a critical unpatched vulnerability in Alibaba's XQUIC library, active exploitation of cryptocurrency wallet flaws, and continued efforts by law enforcement against ransomware and cybercrime. We also see warnings about vishing attacks targeting Microsoft 365 users and a focus on patching critical web client flaws.
Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
A critical, unpatched vulnerability dubbed "XRING" in Alibaba's XQUIC library allows remote clients to crash HTTP/3 servers with a small amount of legitimate traffic, requiring no authentication or malformed packets.
Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets
A flaw named 'Ill Bloom' in some crypto wallet software, related to weak randomness in recovery phrase generation, is actively being exploited, leading to over $3.1 million in stolen funds.
Zimbra Urges Customers to Patch Critical Web Client XSS Flaw
Zimbra is urging users to patch a critical cross-site scripting (XSS) vulnerability affecting its Classic Web Client for the Zimbra Collaboration suite.
Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers
Okta has issued a warning regarding active vishing attacks, where threat actors call victims to direct them to sophisticated phishing sites impersonating Microsoft Entra ID login pages.
Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access
A threat actor, O-UNC-066, is using vishing and a panel-controlled phishing kit to target Microsoft 365 users with fake security requests to enroll new Entra passkeys, aiming for data extortion.
Third US Security Expert Sentenced to Prison for Helping Ransomware Gang
Angelo Martino, a former ransomware negotiator, has been sentenced to 70 months in prison for his role in assisting the BlackCat/Alphv ransomware group target US companies.
Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites
A cybercrime operation, now tracked as WP-SHELLSTORM, was exposed after leaving a server open, revealing hacking tools, activity logs, and a target list of over 1.4 million WordPress sites.
GigaWiper Combines Multiple Malware for System-Level Sabotage
The destructive GigaWiper Windows backdoor bundles three older destructive programs, offering options for full disk wiping, overwriting Windows drives, or fake ransomware attacks.