Date: 2.5.25

---

🚨 Top Headlines

Five Eyes Launch Guidance to Improve Edge Device Security

Summary: The UK’s leading cybersecurity agency and its Five Eyes peers have produced new guidance for manufacturers of edge devices designed to improve baseline security. GCHQ’s National Cyber Security Centre (NCSC) and allies in Australia, Canada, New Zealand and the US published the document yesterday in response to mounting threats to virtual and physical devices that sit at the network edge.

Source: Infosecurity Magazine

35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments

Summary: The ransomware landscape experienced significant changes in 2024, with cryptocurrency continuing to play a central role in extortion. However, the total volume of ransom payments decreased year-over-year (YoY) by approximately 35%, driven by increased law enforcement actions, improved international collaboration, and a growing refusal by victims to pay.

Source: ChainAnalysis

Navigating the Evolving Threat Intelligence Landscape and Organisational Responsibility

Summary: This keynote session certainly set the stage for the week, exploring the complexities that organisations must consider when establishing and operating an effective Cyber Threat Intelligence (CTI) program. The panel discussion examined how diverse organisational structures, responsibilities, priorities, and desired outcomes influence the role and integration of CTI.

Source: TechNative

---

🔍 Emerging Threats and Indicators

Malware Campaigns

Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks

Summary: A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.

“This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector,” Seqrite Labs researcher Subhajeet Singha said in a technical report published late last month.

Source: The Hacker News

Phishing Campaigns

Threat Actors Leveraging Free Email Services To Attack Govt & Education Entities

Summary: In recent years, threat actors have increasingly targeted free email services to compromise government and educational entities.

One such group, known as GreenSpot, has been particularly active in this domain. GreenSpot, believed to operate from Taiwan, has been involved in data theft operations since at least 2007.

Source: Cybersecurity News

Hackers Using Fake Microsoft ADFS Login Pages to Steal Credentials

Summary: A global phishing campaign is underway, exploiting a legacy Microsoft authentication system to steal user credentials and bypass multi-factor authentication (MFA), targeting over 150 organizations. A sophisticated phishing campaign is exploiting vulnerabilities in Microsoft’s Active Directory Federation Services (ADFS) to compromise user accounts and bypass multi-factor authentication (MFA), as revealed in research by Abnormal Security.

Source: HACKREAD

---

📈 Sector-Specific Intelligence

Healthcare:

R&D under siege: QuantHealth’s cyber head on how AI is lowering the bar for cyberattacks in pharma and beyond

Summary: Think of the damage sophisticated cybercriminals—“hackers”—have caused in recent years. The pharmaceutical sector offers a sobering example, having weathered a steady barrage of cyberattacks over the past decade.

Source: RDWorld

Resolutions for Healthcare Providers: Part 1 of 2 – Cybersecurity, Privacy and HIPAA Compliance

Summary: As the new year begins, it is useful to review your practice’s processes and policies to ensure that the practice operates with efficiency and remains compliant with ever-changing healthcare regulations. In this first installment of a two-part series, we propose resolutions for health care providers involving Cybersecurity, Privacy, and HIPAA compliance that will help promote the success of your practice in 2025 and beyond. Look for more resolutions in part two of our series.

Source: JDSupra

Infrastructure:

Bipartisan bill requires federal contractors to adopt vulnerability disclosure policies, modernize cybersecurity standards

Summary: A bipartisan House bill has been reintroduced by Congresswoman Nancy Mace in an effort to close a critical loophole in federal cybersecurity standards. The bill would require the Office of Management and Budget (OMB) and the Department of Defense (DoD) to update federal acquisition policies to mandate all federal contractors, both civilian and defense, implement vulnerability disclosure policies (VDPs).

Source: Industrial Cyber

---

🌐 Global Threat Landscape

Notable APT Activities:

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

Summary: The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.

Source: The Hacker News

Critical Vulnerabilities Released (CVE’s): 

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Summary: Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.

Source: The Hacker News

PoC Exploit Released for Active Directory Domain Services Privilege Escalation Vulnerability

Summary: A proof-of-concept (PoC) exploit code has been released for CVE-2025-21293, a critical Active Directory Domain Services Elevation of Privilege vulnerability. This vulnerability, discovered in September 2024 and patched in January 2025, has raised concerns due to its potential to allow attackers to gain system-level privileges within an Active Directory environment.

Source: Cybersecurity News

---

⚠️ Critical Alerts from Official Channels

CISA: 

CISA Issues Exploitation Warning for .NET Vulnerability

Summary: The .NET vulnerability added to the agency’s KEV list is CVE-2024-29059, an information disclosure issue that can lead to unauthenticated remote code execution. Microsoft patched the vulnerability in January 2024, and details and a proof-of-concept (PoC) exploit were made public a few weeks later. 

Source: Security Week

---

Prepared by: Krypt3ia
For inquiries, contact: [email protected]

---

Disclaimer: This digest is for informational purposes only. Use provided intelligence responsibly and validate all IOCs before implementing network or system changes.