Cybersecurity

The January 2025 Security Update Review

Trusted-relationship cyberattacks and their prevention

<div>2025-01-09: CVE-2017-0199 XLS --> HTA --> VBS --> steganography --> DBatLoader/GuiLoader style malware</div>

<div>China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again</div>

<div>CVE-2024-47519 - "Acme Backup Man-in-the-Middle Vulnerability"</div>

<div>CVE-2024-57881 - Linux Kernel "pfn_to_page" NULL Pointer Dereference Vulnerability in Buddy Allocator</div>

<div>CVE-2024-9132 - "FortiOS Path Traversal"</div>

<div>CVE-2025-22152 - "Atheos Remote File Inclusion Vulnerability"</div>

<div>CVE-2025-23125 - "Apache Struts Cross-Site Request Forgery Vulnerability"</div>

BadRAM: attack using malicious RAM module | Kaspersky official blog