Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection.
Let these stories spark your interest and help you understand the changing threats in our digital world.
Lazarus Group Linked to Record-Setting $1.5 Billion Crypto Theft — The North Korean Lazarus Group has been linked to a “sophisticated” attack that led to the theft of over $1.5 billion worth of cryptocurrency from one of Bybit’s cold wallets, making it the largest ever single crypto heist in history. Bybit said it detected unauthorized activity within one of our Ethereum (ETH) Cold Wallets during a planned routine transfer process on February 21, 2025, at around 12:30 p.m. UTC. The incident makes it the biggest-ever cryptocurrency heist reported to date, dwarfing that of Ronin Network ($624 million), Poly Network ($611 million), and BNB Bridge ($586 million).
From cost center to revenue driver, now is the time to transition to a modern approach to GRC. Drata delivers the world’s most advanced Trust Management platform – making risk and compliance accessible, continuous, and 10x more automated than ever before.
Your go-to software could be hiding dangerous security flaws—don’t wait until it’s too late! Update now and stay ahead of the threats before they catch you off guard.
This week’s list includes — CVE-2025-24989 (Microsoft Power Pages), CVE-2025-23209 (Craft CMS), CVE-2024-12284 (Citrix NetScaler Console and NetScaler Agent), CVE-2025-26465, CVE-2025-26466 (OpenSSH), CVE-2025-21589 (Juniper Networks Session Smart Router), CVE-2024-12510, CVE-2024-12511 (Xerox VersaLink C7025 Multifunction printer), CVE-2025-0366 (Jupiter X Core plugin), CVE-2024-50379, CVE-2024-56337, CVE-2024-52316, CVE-2024-50379, CVE-2024-56337 (Atlassian), CVE-2024-53900, CVE-2025-23061 (Mongoose library), CVE-2025-26776 (NotFound Chaty Pro plugin), CVE-2025-26763 (MetaSlider Responsive Slider by MetaSlider plugin), CVE-2024-54756 (ZDoom Team GZDoom), CVE-2024-57401 (Uniclare Student Portal), CVE-2025-20059 (Ping Identity PingAM Java Policy Agent), CVE-2025-0868 (DocsGPT), CVE-2025-1023, CVE-2025-1132, CVE-2025-1133, CVE-2025-1134, CVE-2025-1135 (ChurchCRM), CVE-2024-57045 (D-Link DIR-859 router), CVE-2024-57050 (TP-Link WR840N v6 router), CVE-2024-57049 (TP-Link Archer c20 router), CVE 2025-26794 (Exim), CVE-2024-50608, CVE-2024-50609 (Fluent Bit), CVE-2024-54961 (Nagios XI), CVE-2025-23115, and CVE-2025-23116 (Ubiquiti UniFi Protect Camera).
P.S. Know someone who could use these? Share it.
Easy Steps to Supercharge Your Password Manager — In today’s digital world, using an advanced password manager isn’t just about storing passwords—it’s about creating a secure digital fortress. First, enable two-factor authentication (2FA) for your password manager to ensure that even if someone gets hold of your master password, they’ll need an extra code to gain access. Use the built-in password generator to create long, unique passwords for every account, mixing letters, numbers, and symbols to make them nearly impossible to guess. Regularly run security audits within your manager to spot weak or repeated passwords, and take advantage of breach monitoring features that alert you if any of your credentials show up in data breaches. When you need to share a password, use the manager’s secure sharing option to keep the data encrypted. Finally, ensure your password database is backed up in an encrypted format so you can safely restore your data if needed. These simple yet advanced steps turn your password manager into a powerful tool for keeping your online life secure.
We’ve seen a lot of action in the cyber world this week, with criminals facing charges and new scams coming to light. These stories remind us that keeping informed is key to online safety. Thanks for joining us, and we look forward to keeping you updated next week.
