{"id":4303,"date":"2025-01-27T17:37:21","date_gmt":"2025-01-27T17:37:21","guid":{"rendered":"https:\/\/www.d2na.com\/?p=4303"},"modified":"2025-01-27T17:48:18","modified_gmt":"2025-01-27T17:48:18","slug":"weekly-security-news-27th-january-2025","status":"publish","type":"post","link":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/","title":{"rendered":"Weekly Security News – 27th January 2025"},"content":{"rendered":"<\/span> 4<\/span> mins read<\/span><\/span>\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Microsoft release security patches, Fortinet under attack, Google Ads stealing credentials and GoDaddy sued in the US...<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.\u00a0<\/p>\n

<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Vulnerabilities and Patches<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Cloudflare CDN Vulnerability Exposes User Locations on Signal and Discord<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

A flaw in Cloudflare\u2019s CDN allows attackers to infer user locations within a 250-mile radius by exploiting the caching mechanism on platforms like Signal and Discord. This can compromise anonymity, particularly for vulnerable groups. The attack uses malicious images delivered via zero-click or one-click methods, requiring no user awareness.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

CISA Warns of Chained Exploitation of Ivanti Vulnerabilities<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory highlighting that threat actors are chaining multiple vulnerabilities in Ivanti’s Cloud Service Appliance (CSA) to gain unauthorized access, execute remote code, steal credentials, and install web shells on victim networks.<\/p>

Affected Vulnerabilities:<\/p>

  • CVE-2024-8963:<\/strong>\u00a0Administrative bypass vulnerability.<\/li>
  • CVE-2024-9379:<\/strong>\u00a0SQL injection vulnerability.<\/li>
  • CVE-2024-8190 and CVE-2024-9380:<\/strong>\u00a0Remote code execution vulnerabilities.<\/li><\/ul>

    These vulnerabilities affect Ivanti CSA version 4.6x prior to build 519. Additionally, CVE-2024-9379 and CVE-2024-9380 impact CSA versions 5.0.1 and earlier; however, Ivanti reports that these CVEs have not been exploited in version 5.0.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t

    Cisco Patches Critical Vulnerability in Meeting Management<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Cisco has released a patch for a critical vulnerability in its Meeting Management software, identified as CVE-2025-20156 with a CVSS score of 9.9. This flaw affects the REST API and allows remote attackers to escalate privileges to administrator level due to improper authorization enforcement. Exploiting this vulnerability could grant attackers full control over edge nodes managed by the software.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Cyber Attacks<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    AT&T Data Breach Poses Risk to FBI Informants<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    In April 2024, AT&T experienced a data breach that compromised call and text logs of approximately 100 million customers, including FBI agents. While the content of communications was not exposed, the metadata\u2014such as phone numbers contacted\u2014was accessed. This exposure raises concerns that threat actors could analyse these logs to identify confidential informants, potentially jeopardizing ongoing investigations and informant safety.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t

    13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    A botnet of approximately 13,000 compromised MikroTik routers has been hijacked for cyberattacks, including malware distribution and spam campaigns. The attackers likely exploited CVE-2023-30799, a critical privilege escalation vulnerability, turning the routers into SOCKS proxies to disguise malicious traffic. The botnet was also used in a malspam campaign, where freight invoice-themed emails with ZIP file attachments delivered malware via PowerShell scripts, establishing connections to a command-and-control server. Additionally, the attackers took advantage of misconfigured Sender Policy Framework (SPF) records in around 20,000 domains, using overly permissive “+all” settings to spoof email addresses and bypass security measures. To mitigate this, organizations should ensure MikroTik routers are updated to the latest firmware, change default router credentials, and correct SPF record configurations.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    In Other News...<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Hackers Earn $129,000 for Tesla Charger Exploits at Pwn2Own Automotive 2025<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    During the Pwn2Own Automotive 2025 hacking competition in Tokyo, researchers were awarded $129,000 for successfully exploiting vulnerabilities in Tesla’s Wall Connector chargers. The event, organized by Trend Micro\u2019s Zero Day Initiative (ZDI), saw a total of $718,250 distributed over the first two days for various exploits targeting electric vehicle (EV) chargers and infotainment systems.<\/p>

    Notable Tesla Charger Exploits:<\/p>

    • $50,000 Award:<\/strong>\u00a0A team achieved the maximum reward by taking over a Tesla Wall Connector and causing it to crash.<\/li>
    • $45,000 Award:<\/strong>\u00a0Another team received this sum for an inventive exploit leveraging the charging connector.<\/li>
    • Additional Awards:<\/strong>\u00a0Two teams earned $22,500 and $12,500 respectively for their Tesla charger exploits, though these involved previously known vulnerabilities.<\/li><\/ul>

      The competition continues, with further attempts to exploit Tesla’s Wall Connector scheduled, potentially increasing the total rewards. Notably, no attempts to hack Tesla vehicles themselves are planned for this year’s event, despite significant incentives offered for such exploits. These findings underscore the importance of ongoing security assessments in EV infrastructure to ensure user safety and system integrity.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

      \n\t\t\t\t
      \n\t\t\t\t\t

      Top 5 Malware Threats to Prepare Against in 2025<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      As cyber threats continue to evolve, it’s crucial for organizations to stay informed about prevalent malware families. Here are five significant threats identified for 2025:<\/p>

      1. Lumma Stealer<\/strong>: Active since 2022, Lumma is an information-stealing malware that targets login credentials, financial data, and personal information. It spreads through fake CAPTCHA pages, torrents, and phishing emails. Regular updates have enhanced its capabilities, making it a persistent threat.<\/li>
      2. XWorm<\/strong>: Emerging in July 2022, XWorm grants attackers remote control over infected systems. It can capture keystrokes, webcam images, audio, and clipboard data, posing risks to financial and personal information. In 2024, it was linked to large-scale attacks exploiting CloudFlare tunnels and legitimate digital certificates.<\/li>
      3. LockBit Ransomware<\/strong>: Primarily targeting Windows devices, LockBit has become a major ransomware threat, accounting for a substantial portion of Ransomware-as-a-Service (RaaS) attacks. In 2024, it compromised high-profile organizations, including the UK’s Royal Mail and India’s National Aerospace Laboratories.<\/li>
      4. Remcos<\/strong>: Distributed via phishing emails with malicious attachments, Remcos allows attackers to execute commands, access files, and monitor user activities. It often uses password-protected .zip files to evade detection.<\/li>
      5. PlugX<\/strong>: A malware variant that the FBI recently removed from over 4,250 infected computers. PlugX is known to spread via USB devices and can compromise system security.<\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

        <\/span> 4<\/span> mins read<\/span><\/span>Microsoft release security patches, Fortinet under attack, Google Ads stealing credentials and GoDaddy sued in the US… Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please […]<\/p>\n","protected":false},"author":1,"featured_media":4308,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[355],"tags":[287,285,286,289,288,284],"class_list":["post-4303","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-news","tag-cyber-attacks","tag-cyber-security","tag-news","tag-patches","tag-vulnerabilities","tag-weekly-security-news"],"yoast_head":"\nWeekly Security News - 27th January 2025 - D2NA<\/title>\n<meta name=\"description\" content=\"Cloudflare and Ivanti vulnerabilities, MikroTik Routers hijacked, Tesla charger exploits found, top malware threats in 2025...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Weekly Security News - 27th January 2025\" \/>\n<meta property=\"og:description\" content=\"Cloudflare and Ivanti vulnerabilities, MikroTik Routers hijacked, Tesla charger exploits found, top malware threats in 2025...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/\" \/>\n<meta property=\"og:site_name\" content=\"D2NA\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-27T17:37:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-27T17:48:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/01\/2025-01-27.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Shaun Conway\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@D2NA\" \/>\n<meta name=\"twitter:site\" content=\"@D2NA\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Shaun Conway\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/01\\\/27\\\/weekly-security-news-27th-january-2025\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/01\\\/27\\\/weekly-security-news-27th-january-2025\\\/\"},\"author\":{\"name\":\"Shaun Conway\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/person\\\/624fbd3965489b22f6dcfc6d7eb4fb36\"},\"headline\":\"Weekly Security News – 27th January 2025\",\"datePublished\":\"2025-01-27T17:37:21+00:00\",\"dateModified\":\"2025-01-27T17:48:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/01\\\/27\\\/weekly-security-news-27th-january-2025\\\/\"},\"wordCount\":919,\"publisher\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/01\\\/27\\\/weekly-security-news-27th-january-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/2025-01-27.jpg\",\"keywords\":[\"cyber attacks\",\"cyber security\",\"news\",\"patches\",\"vulnerabilities\",\"weekly security news\"],\"articleSection\":[\"Security News\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/01\\\/27\\\/weekly-security-news-27th-january-2025\\\/\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/01\\\/27\\\/weekly-security-news-27th-january-2025\\\/\",\"name\":\"Weekly Security News - 27th January 2025 - D2NA\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/01\\\/27\\\/weekly-security-news-27th-january-2025\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/01\\\/27\\\/weekly-security-news-27th-january-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/2025-01-27.jpg\",\"datePublished\":\"2025-01-27T17:37:21+00:00\",\"dateModified\":\"2025-01-27T17:48:18+00:00\",\"description\":\"Cloudflare and Ivanti vulnerabilities, MikroTik Routers hijacked, Tesla charger exploits found, top malware threats in 2025...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/01\\\/27\\\/weekly-security-news-27th-january-2025\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/01\\\/27\\\/weekly-security-news-27th-january-2025\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/01\\\/27\\\/weekly-security-news-27th-january-2025\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/2025-01-27.jpg\",\"contentUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/2025-01-27.jpg\",\"width\":1200,\"height\":627,\"caption\":\"2025-01-27\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/01\\\/27\\\/weekly-security-news-27th-january-2025\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.d2na.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Weekly Security News – 27th January 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#website\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/\",\"name\":\"D2NA\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.d2na.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\",\"name\":\"D2 Network Associates Limited\",\"alternateName\":\"D2NA\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/Header-Logo.png\",\"contentUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/Header-Logo.png\",\"width\":180,\"height\":60,\"caption\":\"D2 Network Associates Limited\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/D2NA\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/d2-network-associates-ltd\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/person\\\/624fbd3965489b22f6dcfc6d7eb4fb36\",\"name\":\"Shaun Conway\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"caption\":\"Shaun Conway\"},\"sameAs\":[\"https:\\\/\\\/www.d2na.com\"],\"url\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/author\\\/shaun-conway\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Weekly Security News - 27th January 2025 - D2NA","description":"Cloudflare and Ivanti vulnerabilities, MikroTik Routers hijacked, Tesla charger exploits found, top malware threats in 2025...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/","og_locale":"en_GB","og_type":"article","og_title":"Weekly Security News - 27th January 2025","og_description":"Cloudflare and Ivanti vulnerabilities, MikroTik Routers hijacked, Tesla charger exploits found, top malware threats in 2025...","og_url":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/","og_site_name":"D2NA","article_published_time":"2025-01-27T17:37:21+00:00","article_modified_time":"2025-01-27T17:48:18+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/01\/2025-01-27.jpg","type":"image\/jpeg"}],"author":"Shaun Conway","twitter_card":"summary_large_image","twitter_creator":"@D2NA","twitter_site":"@D2NA","twitter_misc":{"Written by":"Shaun Conway","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/#article","isPartOf":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/"},"author":{"name":"Shaun Conway","@id":"https:\/\/www.d2na.com\/#\/schema\/person\/624fbd3965489b22f6dcfc6d7eb4fb36"},"headline":"Weekly Security News – 27th January 2025","datePublished":"2025-01-27T17:37:21+00:00","dateModified":"2025-01-27T17:48:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/"},"wordCount":919,"publisher":{"@id":"https:\/\/www.d2na.com\/#organization"},"image":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/01\/2025-01-27.jpg","keywords":["cyber attacks","cyber security","news","patches","vulnerabilities","weekly security news"],"articleSection":["Security News"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/","url":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/","name":"Weekly Security News - 27th January 2025 - D2NA","isPartOf":{"@id":"https:\/\/www.d2na.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/#primaryimage"},"image":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/01\/2025-01-27.jpg","datePublished":"2025-01-27T17:37:21+00:00","dateModified":"2025-01-27T17:48:18+00:00","description":"Cloudflare and Ivanti vulnerabilities, MikroTik Routers hijacked, Tesla charger exploits found, top malware threats in 2025...","breadcrumb":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/#primaryimage","url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/01\/2025-01-27.jpg","contentUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/01\/2025-01-27.jpg","width":1200,"height":627,"caption":"2025-01-27"},{"@type":"BreadcrumbList","@id":"https:\/\/www.d2na.com\/index.php\/2025\/01\/27\/weekly-security-news-27th-january-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.d2na.com\/"},{"@type":"ListItem","position":2,"name":"Weekly Security News – 27th January 2025"}]},{"@type":"WebSite","@id":"https:\/\/www.d2na.com\/#website","url":"https:\/\/www.d2na.com\/","name":"D2NA","description":"","publisher":{"@id":"https:\/\/www.d2na.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.d2na.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.d2na.com\/#organization","name":"D2 Network Associates Limited","alternateName":"D2NA","url":"https:\/\/www.d2na.com\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.d2na.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/12\/Header-Logo.png","contentUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/12\/Header-Logo.png","width":180,"height":60,"caption":"D2 Network Associates Limited"},"image":{"@id":"https:\/\/www.d2na.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/D2NA","https:\/\/www.linkedin.com\/company\/d2-network-associates-ltd\/"]},{"@type":"Person","@id":"https:\/\/www.d2na.com\/#\/schema\/person\/624fbd3965489b22f6dcfc6d7eb4fb36","name":"Shaun Conway","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","caption":"Shaun Conway"},"sameAs":["https:\/\/www.d2na.com"],"url":"https:\/\/www.d2na.com\/index.php\/author\/shaun-conway\/"}]}},"_links":{"self":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/4303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/comments?post=4303"}],"version-history":[{"count":6,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/4303\/revisions"}],"predecessor-version":[{"id":4311,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/4303\/revisions\/4311"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/media\/4308"}],"wp:attachment":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/media?parent=4303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/categories?post=4303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/tags?post=4303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}