Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but in job offers, hardware, and cloud services we rely on every day.
Hackers don’t need sophisticated exploits anymore. Sometimes, your credentials and a little social engineering are enough.
This week, we trace how simple oversights turn into major breaches — and the silent threats most companies still underestimate.
Let’s dive in.
UNC5221 Exploits New Ivanti Flaw to Drop Malware — The China-nexus cyber espionage group tracked as UNC5221 exploited a now-patched flaw in Ivanti Connect Secure, CVE-2025-22457 (CVSS score: 9.0), to deliver an in-memory dropper called TRAILBLAZE, a passive backdoor codenamed BRUSHFIRE, and the SPAWN malware suite. The vulnerability was originally patched by Ivanti on February 11, 2025, indicating that the threat actors studied the patch and figured out a way to exploit prior versions to breach unpatched systems. UNC5221 is believed to share overlaps with clusters tracked by the broader cybersecurity community under the monikers APT27, Silk Typhoon, and UTA0178.
Companies need to rethink how they protect their private and public use of AI and how they defend against AI-powered attacks. Traditional firewalls, VPNs, and public-facing IPs expose your attack surface and are no match in the AI era. It’s time for a modern approach with Zscaler Zero Trust + AI.
Attackers love software vulnerabilities—they’re easy doors into your systems. Every week brings fresh flaws, and waiting too long to patch can turn a minor oversight into a major breach. Below are this week’s critical vulnerabilities you need to know about. Take a look, update your software promptly, and keep attackers locked out.
This week’s list includes — CVE-2025-22457 (Ivanti Connect Secure, Policy Secure, and ZTA Gateway), CVE-2025-30065 (Apache Parquet), CVE-2024-10668 (Google Quick Share for Windows), CVE-2025-24362 (github/codeql-action), CVE-2025-1268 (Canon), CVE-2025-1449 (Rockwell Automation Verve Asset Manager), CVE-2025-2008 (WP Ultimate CSV Importer plugin), CVE-2024-3660 (TensorFlow Keras), CVE-2025-20139 (Cisco Enterprise Chat and Email), CVE-2025-20212 (Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series), CVE-2025-27520 (BentoML), CVE-2025-2798 (Woffice CRM theme), CVE-2025-2780 (Woffice Core plugin), CVE-2025-31553 (WPFactory Advanced WooCommerce Product Sales Reporting plugin), CVE-2025-31579 (EXEIdeas International WP AutoKeyword plugin), and CVE-2025-31552 (RSVPMarker plugin).
Detecting Threats Early by Tracking First-Time Connections — Most attackers leave their first real clue not with malware, but when they log in for the first time — from a new IP, device, or location. Catching “first-time” access events is one of the fastest ways to spot breaches early, before attackers blend into daily traffic. Focus on critical systems: VPNs, admin portals, cloud dashboards, and service accounts.
You can automate this easily with free tools like Wazuh (detects new devices and IPs), OSQuery (queries unknown endpoints), or Graylog (builds alerts for unfamiliar connections). More advanced setups like Microsoft Sentinel or CrowdStrike Falcon Free also offer “first seen” detection at scale. Simple rules — like alerting when an admin account logs in from a new country or an unexpected device accesses sensitive data — can trigger early alarms without waiting for malware signatures.
Pro Move: Baseline your “known” users, IPs, and devices, then flag anything new. Bonus points if you combine this with honeytokens (fake credentials) to catch intruders actively probing your network. Remember: attackers can steal credentials, bypass MFA, or hide malware — but they can’t fake never having connected before.
In cybersecurity, the threats that worry us most often aren’t the loudest — they’re the ones we never see coming. A silent API flaw. A forgotten credential. A malware-laced package you installed last month without a second thought.
This week’s stories are a reminder: real risk lives in the blind spots.
Stay curious. Stay skeptical. Your next breach won’t knock first.
