Microsoft addresses 157 CVEs, including three actively exploited zero-days

Microsoft began 2025 with its largest-ever Patch Tuesday update, addressing 157 CVEs, ten of which are rated critical. The vulnerabilities span various Microsoft products, with several allowing remote code execution, including CVE-2025-21309, assigned a CVSS score of 8.1 and classified as "Exploitation More Likely."

Notably, three zero-day vulnerabilities (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335) are under active attack. These elevation of privilege flaws affect Windows Hyper-V NT Kernel Integration Virtualisation Service Provider (VSP) and have a CVSS score of 7.8. According to Microsoft, they enable authenticated local attackers to elevate their privileges to SYSTEM.

Researchers highlighted that these vulnerabilities are likely part of post-compromise activities, often used after attackers gain initial access to a target system. Narang noted that elevation of privilege vulnerabilities consistently dominate zero-day exploitation trends, with 42% of such flaws exploited in 2023 and 2024.

Organisations are urged to prioritise patching to mitigate risks.

Threat actors exploit FastHTTP for Microsoft 365 brute-force attacks

Threat actors are leveraging the FastHTTP Go library to launch high-speed brute-force attacks against Microsoft 365 accounts globally, according to security researchers. The campaign, which began on 6 January 2025, targets Azure Active Directory Graph API endpoints, with attackers achieving a 9.7% success rate in account takeovers.

FastHTTP, a high-performance HTTP server and client library, is used to automate unauthorised login attempts and overwhelm users with MFA Fatigue attacks. Most traffic originates from Brazil, with notable activity from Turkey, Argentina, and other regions.

The researchers reports that 41.5% of attacks fail, while 21% trigger account lockouts, and 17.7% are blocked due to access policy violations. Administrators can detect these attacks by checking for the FastHTTP user agent in Azure audit logs.

To mitigate risks, organisations should reset compromised credentials, review MFA devices, and utilise SpearTip’s PowerShell script to identify indicators of compromise.

EU unveils cyber security action plan to protect hospitals from attacks

The European Union has launched a new cyber security action plan aimed at strengthening hospitals' defences against cyberattacks. Unveiled by the European Commission, the plan responds to a surge in attacks since the COVID-19 pandemic, which have targeted healthcare systems in Ireland, France, the UK, Finland, and beyond.

In 2023 alone, national governments reported 309 significant incidents in the healthcare sector, the highest among critical industries. The action plan includes establishing a European Cyber security Support Centre at ENISA, the EU's cyber security agency. The centre will offer early warning systems, vulnerability assessments, and guidance on incident response.

Additionally, the EU will create a rapid response service for healthcare under the Cyber security Reserve and introduce "cyber security vouchers" to help smaller hospitals enhance resilience. The plan also encourages reporting ransomware payments and aims to provide decryption tools to victims.

Consultations on funding and implementation are set to begin later this year.

North Korean hackers steal $659 million in cryptocurrency heists, targeting blockchain firms

North Korean state-sponsored hackers have stolen over $659 million in cryptocurrency through multiple heists, according to a joint statement from the United States, South Korea, and Japan. The groups continue to target blockchain companies, deploying malware such as TraderTraitor and AppleJeus via sophisticated social engineering attacks.

The statement confirmed North Korea's involvement in the July 2024 WazirX breach, resulting in a $235 million loss, as well as other significant heists, including $308 million from DMM Bitcoin. Chainalysis reports a record $1.34 billion stolen in 2024, doubling the previous year’s total.

The hackers also exploit remote IT work schemes, impersonating U.S.-based staff using stolen identities and AI tools. These “IT warriors” have infiltrated companies globally, installing malware or extorting employers.

Authorities warn organisations in the blockchain and freelance sectors to enhance vetting processes and review advisories to mitigate risks from North Korean-linked threats.

Cyber security tops IT leaders’ concerns in new 2025 survey

Cyber security has been identified as the leading concern among IT leaders, surpassing artificial intelligence, according to BCS, the Chartered Institute for IT. In their annual survey, 36% of respondents highlighted cyber security as the top issue, while AI and automation ranked second and third.

The survey revealed that only 5% of tech professionals believe their organisations have sufficient resources to meet 2025 priorities, with 63% calling for improved IT capabilities within their workforce.

Steve Sands, chairman of BCS’s information security group, noted that cyber security concerns stem from the increasing boldness of state-backed attackers and the growing use of AI by lower-skilled hackers to create attack tools.

Highlighting the systemic nature of cyber security challenges, Sands emphasised the need for a strong security culture, investment, and leadership. These concerns align with the UK government’s consultation on banning ransomware payments and the forthcoming Cyber Security and Resilience Bill.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.