InfoSec Dot - Issue #72. Medusa Ransomware Strikes💀🔓 | WhatsApp Zero-Day Exploited📱⚠️ | AI Cloud Security Shift☁️🤖

Hi Cybersecurity Enthusiasts,

In this edition, we explore the growing risks of supply chain attacks, with security experts outlining 10 key mitigations to protect developers. We also dive into Google’s latest AI-driven cloud security move, analyzing its Wiz acquisition and the implications for enterprise security.

Additionally, we break down Medusa ransomware’s use of malicious drivers to bypass EDR defenses, uncover new WhatsApp zero-day exploits used in Paragon spyware attacks, and examine the evolving challenges of password security in balancing usability and protection.

Stay informed with these critical updates to understand and counteract the evolving cybersecurity threats of 2025.

🗓️ What’s New

Ransomware Hits Ascom & Jaguar Land Rover

A ransomware group has claimed responsibility for cyberattacks targeting Ascom and Jaguar Land Rover, potentially disrupting critical operations. Companies are assessing the damage as security teams work to contain the breach. Read More (2 Mins)

Russian Zero-Day Broker Offers $4M for Telegram Exploits

A Russian exploit seller is offering up to $4 million for Telegram zero-days, signaling a high demand for vulnerabilities in encrypted messaging apps. Experts warn of potential espionage and surveillance risks. Read More (3 Mins)

Italian Court Orders Google to Block IPTV Pirate Sites

In a landmark ruling, an Italian court has ordered Google to block access to illegal IPTV streaming sites at the DNS level. This move tightens enforcement against digital piracy, sparking debates on internet censorship and user rights. Read More (2 Mins)

GitHub Supply Chain Breach Hits Coinbase

A sophisticated supply chain attack on GitHub targeted Coinbase and other organizations, exposing repositories and sensitive data. Threat actors exploited stolen credentials, raising concerns about developer security in open-source ecosystems. Read More (4 Mins)

Paragon Spyware Exploits WhatsApp Zero-Day

A newly uncovered WhatsApp zero-day vulnerability was exploited by Paragon spyware to conduct covert surveillance. The attack enabled unauthorized access to user data, raising alarms over mobile security threats. Read More (2 Mins)

Medusa Ransomware Deploys EDR-Killing Driver

The Medusa ransomware gang has weaponized a malicious Windows driver to disable Endpoint Detection and Response (EDR) solutions, making its attacks more stealthy and destructive. Security teams are urged to update defenses against this evolving threat. Read More (3 Mins)

🔍 In-Depth Insights

Google Acquires Wiz to Boost Cloud Security with AI

Google is acquiring Wiz, a leading cloud security firm, to enhance AI-driven threat detection and strengthen its Google Cloud security offerings. This strategic move signals a major investment in AI-powered cybersecurity. Read More (6 Mins)

Top 10 Defenses Against Supply Chain Attacks

Developers are urged to prioritize 10 key mitigations to combat rising software supply chain attacks. From dependency validation to secure build pipelines, these best practices help fortify applications against exploitation. Read More (6 Mins)

🤖 AI in Cybersecurity

AI in the Cloud: Common Security Pitfalls

As AI adoption in cloud environments accelerates, misconfigurations and weak security controls are exposing enterprises to cyber threats. Experts highlight the most common mistakes and how to mitigate AI-driven cloud risks. Read More (5 Mins)

Are Security Leaders Overlooking Exposure Management?

A new study reveals that many security leaders struggle to fully grasp exposure management, leaving organizations vulnerable to emerging threats. Experts emphasize the need for proactive risk assessment and mitigation strategies. Read More (4 Mins)

💡 Actionable Insights

Balancing Password Security & Usability

Striking the right balance between strong passwords and user convenience remains a challenge for businesses. Experts explore best practices, password managers, and passkeys to enhance security without frustrating users. Read More (4 Mins)

Balancing Password Security & Usability

Striking the right balance between strong passwords and user convenience remains a challenge for businesses. Experts explore best practices, password managers, and passkeys to enhance security without frustrating users. Read More (8 Mins)

🔗 Miscellaneous Links

• UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools

• Medusa Ransomware: FBI and CISA Urge Organizations to Act Now to Mitigate Threat

• Free file converter malware scam "rampant" claims FBI

• Top challenge for 57% of end users is outdated physical security or IT

• China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families

Also, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

Regards,

Dot