Malware, vulnerabilities, and phishing. These three threats are not going anywhere soon. We have to live with them and do our best that they don't affect us or any internet services that we care about.
Before we proceed, I apologize for missing last week's edition. It was beyond my control and I hope that you understand.
Now, back to our discussion. Based on the introductory paragraph, you should have guessed the articles that we'll review in this edition. Without saying too much at this stage, let's begin.
Medusa Ransomware Uses Malicious Driver to Disable Security Tools
Talk about killing the CCTV before a malicious action, this is similar. As defenders, this also proves that while attackers might not have what it takes to defeat a security solution, they might as well turn it off. Now, if a security tool is down, what's next? The system is ripe for exploitation.
From the article:
The driver was signed with an expired certificate and, to ensure that the driver would run successfully, the attackers used a .bat file to disable the Windows Time Service and set the system date to 2012.
Once up and running, the driver can perform requests for a broad range of operations, including process manipulation, file manipulation, process tampering, API loading, hook removal, driver termination, and system reboot.
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
First, there is more than one vulnerability. They are five and they are given a weird name to show their severity: IngressNightmare. What's more, it potentially affects over 6,500 publicly exposed clusters. The vulnerabilities, assigned CVE identifiers CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974, enable unauthenticated remote code execution.
This grants attackers unauthorized access to all secrets stored across all namespaces within a Kubernetes cluster. The result is unauthorized access that could lead to a complete takeover of the cluster.
From the article:
The vulnerability takes advantage of the fact that admission controllers, deployed within a Kubernetes pod, are accessible over the network without authentication.
Specifically, it involves injecting an arbitrary NGINX configuration remotely by sending a malicious ingress object (aka AdmissionReview requests) directly to the admission controller, resulting in code execution on the Ingress NGINX Controller's pod.
Critical Next.js Vulnerability in Hacker Crosshairs
Would you like to pause and update your Next.js versions to versions 15.2.3, 14.2.25, 13.5.9 or 12.3.5? Why? Here is why:
- It's a critical vulnerability tracked as CVE-2025-29927
- It has a CVSS score of 9.1.
- This flaw allows attackers to bypass middleware-based security controls.
- Threat actors are already probing the internet for servers impacted by the bug.
From the article:
The improper validation of the internal header, which has a predictable value, allows an attacker to send crafted requests mimicking the header and bypass authentication checks within a Next.js application. When the middleware is bypassed, the app does not perform its normal security routines, such as identity or role verification.
Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
It's an interesting read and one that you should not miss. A summary will be an injustice to what you will learn by reading the article.
So, have fun and happy reading!
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)