Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation.

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108)
Palo Alto Networks has fixed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its next-gen firewalls, a proof-of-concept exploit (PoC) for which has been made public.

February 2025 Patch Tuesday forecast: New directions for AI development
The new year has started with a whirlwind of activity, and one of the hottest topics in the news is the increasing emphasis on AI.

Malicious ML models found on Hugging Face Hub
Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models.

Arvest Bank CISO on building a strong cybersecurity culture in banking
In this Help Net Security interview, Mike Calvi, CISO at Arvest Bank, discusses building a strong cybersecurity culture within the banking sector.

North Korean hackers spotted using ClickFix tactic to deliver malware
North Korean state-sponsored group Kimsuky (aka Emerald Sleet, aka VELVET CHOLLIMA) is attempting to deliver malware to South Korean targets by leveraging the so-called “ClickFix” tactic.

Political campaigns struggle to balance AI personalization and voter privacy
In this Help Net Security interview, Mateusz Łabuz, researcher at the IFSH, discusses the balance between using AI for personalized political campaigns and protecting voter privacy.

Sandworm APT’s initial access subgroup hits organizations accross the globe
A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is interested in.

Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200)
Users of iPhones and iPads that run iOS/iPadOS 18 and iPadOS 17 are urged to implement the latest updates to plug a security feature bypass vulnerability (CVE-2025-24200) exploited in the wild in “an extremely sophisticated” attack.

8Base ransomware group leaders arrested, leak site seized
The Thai police has arrested four individuals suspected of being the leaders of the 8Base ransomware group and of stealing approximately $16 million from 1,000+ victims they targeted with the Phobos ransomware.

Beelzebub: Open-source honeypot framework
Beelzebub is an open-source honeypot framework engineered to create a secure environment for detecting and analyzing cyber threats.

SysReptor: Open-source penetration testing reporting platform
SysReptor is a customizable open-source penetration testing reporting platform built for pentesters, red teamers, and cybersecurity professionals.

Review: Inside Cyber Warfare, 3rd Edition
Inside Cyber Warfare, 3rd Edition by Jeffrey Caruso explores how nation-states, corporations, and hackers engage in digital warfare. It offers insights into the intersection of cybersecurity, geopolitics, and emerging technology.

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance
The United Kingdom government has secretly requested that Apple build a backdoor into its iCloud service, granting the government unrestricted access to users’ private data.

CISOs and boards see things differently
In this Help Net Security video, Kirsty Paine, Field CTO & Strategic Advisor at Splunk, discusses the key findings and what they mean for security teams.

Silent breaches are happening right now, most companies have no clue
The breaches and ransomware attacks of 2024 highlighted systemic vulnerabilities, demonstrating how third-party and fourth-party dependencies amplify risks across industries, according to a Black Kite report.

It’s time to secure the extended digital supply chain
Companies are rapidly increasing the number of cloud-based services they rely upon, often without fully understanding how they connect to their broader network.

Evolving uses of tokenization to protect data
In this Help Net Security video, Ruston Miles, founder of Bluefin, discusses how tokenization will be critical to organizations’ security strategy as cybercriminals target consumers’ valuable personally identifiable information (PII).

Security validation: The new standard for cyber resilience
But what exactly is security validation, and why has it become so critical? In simple terms, it’s the process of “battle-testing” your security defenses to ensure they can withstand real-world attacks.

How to detect and disable Apple AirTags that might be tracking you
Apple’s AirTags are a convenient way to track personal items like keys and bags, but they also raise concerns about unwanted tracking and stalking.

Cybersecurity jobs available right now: February 11, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

New infosec products of the week: February 14, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Armor, EchoMark, Netwrix, Palo Alto Networks, and Socure.