Following the introduction of international sanctions against Zservers, Russian ‘bulletproof’ hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.

Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed back in December 2024.

The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking credentials for a wide range of network devices belonging to such companies as Palo Alto Networks, Ivanti, and SonicWall.

According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare services were unavailable for almost an hour.

watchTowr discovered plenty of abandoned Amazon S3 buckets that could be used by attackers to deliver malware and backdoors to government agencies and large corporations.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing attacks exploiting a critical vulnerability in Microsoft Outlook by February 27, 2025.

According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities.