InfoSec Dot - Issue #77. 🚨 WhatsApp Flaw Exploited📥🐛 | CentreStack Zero-Day Under Attack🔓⚠️ | 💼Malaysia Rejects Ransom Demand

In partnership with

Hello, Cybersecurity Enthusiasts!

In this edition, we spotlight a critical vulnerability in WhatsApp for Windows, enabling attackers to bypass system prompts and sneak in malicious files undetected. As exploitation risks rise, users are urged to update immediately.

We also cover Malaysia's firm stance against ransomware, a Chinese threat group exploiting antivirus software flaws, and a newly discovered zero-day vulnerability in CentreStack being actively abused. Stay informed to defend against these evolving cyber threats.

Stay ahead with these vital updates to fortify your security posture.

Stay up-to-date with AI

The Rundown is the most trusted AI newsletter in the world, with 1,000,000+ readers and exclusive interviews with AI leaders like Mark Zuckerberg, Demis Hassibis, Mustafa Suleyman, and more.

Their expert research team spends all day learning what’s new in AI and talking with industry experts, then distills the most important developments into one free email every morning.

Plus, complete the quiz after signing up and they’ll recommend the best AI tools, guides, and courses – tailored to your needs.

Sign up to start learning.

🗓️ What’s New

WooCommerce Data Breach Claimed on Dark Web

A hacker is selling 1.6M allegedly stolen WooCommerce records, including emails, names, addresses, and partial card details. The breach, claimed to have occurred in 2024, hasn’t been confirmed by WooCommerce. Online retailers using the platform may be at serious risk if validated. Read More (3 Mins)

PlayPraetor Botnet Reloaded Targets Middle East

CTM360 has uncovered a reemerged version of the PlayPraetor botnet actively targeting government and telecom sectors across the Middle East. The threat actor is exploiting known vulnerabilities to deploy malware and exfiltrate sensitive data. Regional cyber defenses are on high alert. Read More (5 Mins)

Treasury OCC Hack Exposes 150K Emails

The U.S. Treasury’s Office of the Comptroller of the Currency confirmed that hackers accessed over 150,000 internal emails. The breach is reportedly linked to the same Chinese state-backed group behind the 2023 Microsoft Exchange Online intrusion. Read More (3 Mins)

ToddyCat Exploits ESET Antivirus Bug

The Chinese APT group ToddyCat is abusing a vulnerability in ESET antivirus software to escalate privileges and execute malicious payloads. This sophisticated exploitation technique highlights growing risks in trusted security tools. Read More (3 Mins)

CentreStack Zero-Day Under Active Exploitation

A critical zero-day vulnerability in CentreStack’s file sharing servers is being actively exploited, allowing remote code execution (RCE). Attackers are targeting unpatched systems to gain full control, prompting urgent patching from admins. Read More (3 Mins)

Malaysia Rejects Ransom Demand After Airport Cyberattack

Following a cyberattack targeting Malaysia’s national airports, Prime Minister Anwar Ibrahim confirmed the government refused to pay the ransom. The incident, attributed to a ransomware group, highlights the rising threats to national infrastructure. Read More (2 Mins)

WhatsApp Windows Flaw Lets Hackers Slip In Malicious Files

A critical vulnerability in WhatsApp's Windows version allows attackers to bypass security prompts and plant malicious files directly into systems. This flaw could be exploited to trick users into executing harmful payloads. Patch updates are strongly advised. Read More (3 Mins)

🔗 Quick Links

• WK Kellogg confirms employee data breach tied to Cleo file-transfer flaw

• The hidden costs of security tool bloat and how to fix it

• Singapore's DBS, BoC customer data at risk after ransomware attack on vendor

• AI agents emerge as potential targets for cyberattackers

If you like this issue, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

If you have specific feedback or anything interesting you’d like to share, please let me know by replying to this email.

Regards,

Dot