Cybercriminals are continually refining their tactics, and February 2025 is proving to be another month full of evolving threats. From the rise of fake QR code scams to the hijacking of Microsoft accounts in the education sector, the need for vigilance remains high. This week’s cybersecurity roundup highlights some of the latest vulnerabilities, exploits, and scams that organizations and individuals should be aware of. Stay informed and stay secure!
Quishing: The Emerging Threat of Fake QR Codes
Cybercriminals are exploiting the popularity of QR codes in a new type of phishing attack known as “quishing.” Attackers replace legitimate QR codes with fraudulent ones, leading unsuspecting users to phishing websites designed to steal credentials and financial information. Security experts advise caution when scanning codes, especially from emails or public locations.
Read more on Tripwire
DeepSeek Fails Security Tests, Raising Concerns for Business Use
A recent security assessment of DeepSeek, an AI-powered business tool, revealed multiple security weaknesses. These vulnerabilities could lead to data leaks and unauthorized access, making the platform a potential risk for businesses handling sensitive information. Organizations using AI-based tools should conduct rigorous security evaluations before implementation.
Read more on Dark Reading
“Pig Butchering” Scams on the Rise, Driving Global Fraud Growth
A new wave of “pig butchering” scams, where fraudsters groom victims over time before stealing large sums of money, is rapidly growing worldwide. These scams are often associated with cryptocurrency investments and romance fraud, making awareness and education critical in preventing victimization.
Read more on HelpNetSecurity
Attackers Target Education Sector, Hijack Microsoft Accounts
Threat actors are increasingly targeting the education sector by hijacking Microsoft accounts, leading to widespread disruptions and data breaches. The attacks leverage stolen credentials and phishing techniques, emphasizing the need for multi-factor authentication and security awareness training in schools and universities.
Read more on Dark Reading
120,000 Victims Compromised in Memorial Hospital Ransomware Attack
Memorial Hospital has disclosed a ransomware attack that exposed sensitive data of 120,000 individuals. Healthcare institutions continue to be a prime target for cybercriminals, reinforcing the need for robust cybersecurity frameworks to protect patient information.
Read more on Dark Reading
Chinese-Made Patient Monitor Contains Backdoor, Raising Security Concerns
Security researchers have discovered a hidden backdoor in the Contec CMS8000 patient monitor, a widely used medical device. The backdoor, which could allow unauthorized access to critical hospital equipment, raises concerns over supply chain security and the integrity of medical devices manufactured overseas.
Read more on HelpNetSecurity
Microsoft’s Patch Tuesday Fixes 63 Vulnerabilities
Microsoft’s February 2025 Patch Tuesday addressed 63 security flaws, including multiple critical vulnerabilities that could be exploited by attackers. Organizations are advised to apply these patches immediately to protect against known threats.
Read more on The Hacker News
Apple Releases Urgent Patch for USB Vulnerability
Apple has issued an emergency security update to patch a vulnerability affecting USB connections on macOS and iOS devices. The flaw, if exploited, could allow attackers to execute arbitrary code on vulnerable devices, highlighting the need for immediate updates.
Read more on Dark Reading
Palo Alto Networks Patches Potentially Serious Firewall Vulnerability
Palo Alto Networks has released security patches for a critical firewall vulnerability that could allow unauthorized access to corporate networks. Organizations using Palo Alto firewalls should update their systems promptly to mitigate potential exploitation.
Read more on SecurityWeek
SonicWall Firewalls Under Attack, Urgent Patch Recommended
SonicWall firewalls are actively being exploited in cyberattacks, prompting an urgent security update from the company. Admins are strongly urged to patch affected devices to prevent unauthorized access and potential data breaches.
Read more on The Register
HopeNet reviews a variety of security news sources so you do not have to! This list is curated specifically for churches, nonprofits, and other Organizations of Hope. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.
If this was shared with you and you would like to receive a copy directly to your email, please sign up for this FREE newsletter at HopeNetCISO.com. Also, check out the Services section of our site for ways we can help! Thanks for reading!