CSO US First Look
The day's top cybersecurity news and in-depth coverage
February 13, 2025
February Patch Tuesday: CISOs should act now on two actively exploited Windows Server vulnerabilities
Also prioritize patches for vulnerabilities in LDAP and NTLM, as well as Hyper-V, experts say.
Read more
What security teams need to know about the coming demise of old Microsoft servers
While the planned phase-out of Microsoft Exchange 2016 and Exchange 2019 is many months away, evaluate your organizationâs needs now to avoid hassles down the road.
Donât use public ASP.NET keys (duh), Microsoft warns
Microsoft Threat Intelligence has identified 3,000 ASP.NET keys disclosed in code documentation and repos that could be used in code injection attacks.
UK monitoring group to classify cyber incidents on earthquake-like scale
The Cyber Monitoring Centre (CMC) aims to establish a âconsistent and objective frameworkâ to provide clarity to enterprise insurance buyers.
Authorities seize Phobos and 8Base ransomware servers, arrest 4 suspects
An international law-enforcement collaboration has taken down two Russian nationals and two unidentified women in Thailand who ran Phobos ransomware affiliate platforms.
Over 12,000 KerioControl firewalls remain prone to RCE attacks amid active exploits
While unpatched instances were reduced to half within a month, a huge number of them remain vulnerable even as attackers exploit the flaw in the wild for critical RCE attacks.
Hacker allegedly puts massive OmniGPT breach data for sale on the dark web
The unconfirmed breach allegedly includes email, phone numbers, API and crypto keys, credentials, and billing information, from over 30,000 OmniGPT users.
