Weekly One-Shot: February 16 - February 22, 2025

This week's threats and trends.

Author

J.W. Croley
February 22, 2025

In partnership with

There’s a reason 400,000 professionals read this daily.

Join The AI Report, trusted by 400,000+ professionals at Google, Microsoft, and OpenAI. Get daily insights, tools, and strategies to master practical AI skills that drive results.

Cybersecurity threats don’t take breaks, and this week was no exception. From malware abusing trusted platforms to printer vulnerabilities that can steal your credentials, it’s been a rough few days for IT security teams. But don’t worry, I’ve sorted through the chaos and pulled out what you actually need to know.

Let’s dive in.

This week in Cybersecurity

1. PostgreSQL Flaw Used in BeyondTrust Breach
Attackers exploited a zero-day vulnerability in PostgreSQL to infiltrate BeyondTrust's network, a leading privileged access management (PAM) provider. This breach raises concerns about potential compromise of privileged accounts.
February 18 Newsletter

2. ‘PirateFi’ Steam Game Delivers Password-Stealing Malware
A free-to-play Steam game called "PirateFi" was found distributing Vidar infostealer malware, designed to steal credentials and financial data from infected users.
February 18 Newsletter

3. Russian-Linked Hackers Using ‘Device Code Phishing’
A Russian-linked threat group (Storm-2372) is conducting device code phishing attacks, tricking users into logging into productivity apps while stealing login tokens.
February 18 Newsletter

4. Open-Source AI Models Used for Malicious Code Injection
Attackers are embedding malicious code into open-source AI models, creating new risks for organizations integrating AI into their workflows.
February 18 Newsletter

5. FinalDraft Malware Abuses Outlook for Stealthy C2 Communications
A new malware campaign, FinalDraft, is using Outlook email drafts for command-and-control (C2) communication, helping attackers remain undetected.
February 18 Newsletter

6. Xerox Printer Vulnerabilities Enable RCE and Credential Theft
Critical flaws in Xerox VersaLink C7025 printers allow remote code execution (RCE) and unauthorized credential access.
February 20 Newsletter

7. Juniper Router Authentication Bypass Puts Enterprises at Risk
A new authentication bypass vulnerability (CVE-2025-21589) in Juniper routers could allow attackers to gain admin-level access without proper authentication.
February 20 Newsletter

8. FrigidStealer Targets macOS Users via Fake Software Updates
FrigidStealer malware is disguised as software updates to steal credentials and infect macOS systems.
February 20 Newsletter

9. New Ransomware ‘FrostByte’ Disrupts Healthcare Networks
A new ransomware strain, FrostByte, is targeting hospitals, encrypting patient data and demanding steep ransoms.
February 20 Newsletter

10. Chinese APTs Exploiting Mavinject.exe for Malware Execution
Threat actors are using Mavinject.exe, a legitimate Windows process, to inject and execute malware while bypassing traditional security controls.
February 20 Newsletter

Biggest Threat This Week

New Backdoor Uses Telegram for C2 Communication

A newly discovered Golang-based backdoor is abusing Telegram for command-and-control (C2) communication, allowing attackers to execute remote commands, exfiltrate data, and establish persistence on infected systems. By leveraging Telegram bot APIs, threat actors can evade detection and bypass traditional network defenses.

  • MITRE Tactics: Command and Control, Persistence, Exfiltration

  • Risk Level: High – This backdoor enables stealthy remote access with encrypted communication, making detection difficult.

Detection & Prevention Tips:
✔ Monitor for unusual Telegram-related traffic on enterprise networks.
✔ Block unauthorized Golang binaries from running on endpoints.
✔ Restrict bot API communication from corporate environments.

Training Recommendation

Want to Learn Offensive Security? TryHackMe’s Red Teaming Path

If you want to understand how attackers operate and build better defenses, the Red Teaming Path from TryHackMe is a great starting point. Learn about command and control (C2) techniques, privilege escalation, and real-world offensive tactics used by adversaries.

Sign up and start learning here: TryHackMe Red Teaming Path

Wrapping Up:

This week, we saw nation-state espionage, critical vulnerabilities in networking equipment, and malware campaigns exploiting trusted applications. The Cisco router attacks by Salt Typhoon stand out as the most critical threat, given the potential for mass surveillance, data theft, and infrastructure disruption.

Key takeaways:
Patch Cisco routers, PostgreSQL databases, and Juniper devices ASAP.
Monitor for unauthorized device code logins and phishing attempts.
Be wary of AI model vulnerabilities—validate and review any integrations.
Restrict Outlook email drafts from being used for malicious command execution.

That’s all for this week—stay patched, stay informed, and don’t trust Steam games with pirate names. See you next time!