1. 7-Zip vulnerability actively exploited by Russian Cybercrime group in Ukraine
Researchers at Trend Micro recently discovered a zero-day vulnerability in the 7-zip utility that has been actively exploited by a Russian cybercrime group in Ukraine.
The vulnerability allowed the threat actor to override a Windows protection that is designed to restrict the execution of files downloaded from the internet. The threat actors used the vulnerability to make executable files appear to be document files and send them to civic authorities across Ukraine.
If you’re a 7-Zip user, make sure you are using the latest version (v24.00 at time of going to press).
For more information see: CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks | Trend Micro (US)
2. 22 year-old Maths wiz to face trial for $65M cryptocurrency hack
US Federal prosecutors have indicted a man accused of stealing $65 million in cryptocurrency. The attacks against KyberSwap and Indexed Finance occured in 2021 and 2023 and successfully exploited vulnerabilities in the two platforms.
Prosecutors have stated that Andean Medjedovic used “formidable mathematical prowesss” to manipulate trading practices in the attack.
For more information on the heist see: 22-year-old math wiz indicted for alleged DeFI hack that stole $65M – Ars Technica
3. Australian Government Ban DeepSeek from employees devices
Australia’s Department of Home Affairs has banned the use of DeepSeek AI applications on federal government devices.
It is thought that the Australian Goverment have made the move as a result of know issues with DeepSeek including the collection of user keystroke data and poor app security such as exposing user data. The possibility that DeepSeek’s owners may be sharing user data with the Chinese Goverment probably also played a hand in the ban!
For more information see: DeepSeek banned from Australian government devices • The Register
4. Zero-day SysInternals vulnerability could allow attackers to launch DLL injection attacks on Window Devices
A critical zero-day vulnerability in the widely-used suite of Sysunternals utilties could allow threat actors to run DLL injection attacks.
The vulnerability arises from how Sysinternals tools load DLL files and allows attackers to replace legitimate DLLs with malicious ones.
The vulnerability is still unpatched by Microsoft who recommend taking the following precautions to protect computers:
- Avoid Running Tools from Network Locations: Always copy Sysinternals executables to local paths before execution.
- Verify DLL Integrity: Employ security solutions to load only trusted DLLs.
- Audit Your Environment: Use the provided test sheet to identify tools vulnerable to DLL injection and take the necessary safeguards.
For more information see: https://cybersecuritynews.com/0-day-vulnerabilities-in-microsoft-sysinternals-tools
5. Zero-click WhatsApp Spyware attack confirmed by Meta
Meta-owned WhatsApp announced last week that it had disrupted a spyware campaing targeting 90 journalists and civil society Members.
A zero-click attack means that the deployment of the spyware occured without any user interaction. In this attack it is thought that individuals were compromised using specially-designed PDF files sent in group chats. It is thought that the surveillance software Graphite produced by Paragon Group was involved in the attacks.
In a statement to the UK Guardian Newspaper, Meta said that it had contacted affected users to inform them of the attacks.
For more information see: Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists
CyberDialectic 
Leave a comment