Microsoft’s struggles with zero-days have stretched into 2025 with fresh news of a trio of already-exploited vulnerabilities in the Windows Hyper-V platform.

The software giant on Tuesday called urgent attention to three separate flaws in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) and warned that malicious attackers are already launching privilege escalation exploits.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in a series of barebones advisories.

As is customary, the company did not release technical details or IOCs (indicators of compromise) to help defenders hunt for signs of compromise.

The three exploited zero-days — CVE-2025-21334, CVE-2025-21333 and CVE-2025-21335 — affect the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) that handles efficient resource management and communication between the host system and guest virtual machines (VMs).

The January Patch Tuesday rollout includes fixes for a whopping 160 security defects in a range of Windows OS, applications and components.

Microsoft tagged 12 bulletins with critical-severity ratings and stressed that many of these issues can lead to remote code execution attacks.

Remote code execution risks have been identified in Microsoft Digest Authentication, Remote Desktop Services, WIndows OLE, Microsoft Excel and the Windows Reliable Multicast Transport Driver (RMCAST.

According to ZDI, a company that tracks software vulnerabilities , this is the largest number of CVEs addressed in any single month since at least 2017 and is more than double the usual amount of CVEs fixed in January.

Credit --> Security Week

NVIDIA Addresses Critical Vulnerabilities

NVIDIA has released security updates for its Container Toolkit and GPU Operator, addressing three significant vulnerabilities. These flaws could potentially allow attackers to execute malicious code, escalate privileges, or initiate denial-of-service attacks. Users are strongly advised to apply these updates promptly to safeguard their systems.

Credit --> Cyware Social

Emergence of 'Sneaky 2FA' Phishing Kits

Cybersecurity researchers have identified a new adversary-in-the-middle (AitM) phishing kit, dubbed 'Sneaky 2FA,' targeting Microsoft 365 accounts. This sophisticated kit is capable of bypassing two-factor authentication (2FA) codes, posing a heightened risk to users relying on 2FA for account security.

Credit --> Cyware Social

FBI warns agents of call log thefts by hackers who breached AT&T

FBI leaders have warned that hackers who breached AT&T’s system last year likely stole months of agents’ call and text logs, prompting an urgent effort to safeguard confidential informants’ identities, Bloomberg News reported Jan. 16. The breach, believed to have compromised all FBI devices using the bureau’s AT&T public safety service, included agents’ mobile phone numbers and the numbers they used to call and text, according to a document reviewed by Bloomberg and its interviews with a current and a former law enforcement official. FBI officials informed agents nationwide that details about their use on the telecom carrier’s network were likely among billions of records stolen

Credit --> NY Post

Microsoft lays off employees in security, other groups

Microsoft is laying off employees across organizations including security, experiences and devices, sales, and gaming, according to two people familiar with the matter. Employees started receiving notifications on Jan. 14 about layoffs in Microsoft's security unit. The group is run by Charlie Bell, a former top cloud executive at Amazon. Bank Info Secuirty reports that the security layoffs come just four months after Microsoft allocated 34,000 engineers to embed security into the company's operations as part of the largest cybersecurity engineering project in the firm's history. In May 2024, Microsoft vowed to prioritize security about all else

Credit --> Business Insider

AWS Patches Vulnerabilities in Remote Access Services

Amazon Web Services (AWS) has patched vulnerabilities in its WorkSpaces, AppStream 2.0, and DCV clients. Identified as CVE-2025-0500 and CVE-2025-0501, these flaws could allow attackers to perform man-in-the-middle (MITM) attacks, granting unauthorized access to remote sessions. Users are encouraged to update their clients to the latest versions to mitigate these risks.

Credit --> Cyware Social

Malicious PyPI Package Targets Discord Developers

A malicious Python Package Index (PyPI) package named 'pycord-self' has been discovered targeting Discord developers. This package mimics the legitimate 'discord.py-self' library and is designed to steal tokens and execute backdoor exploits. Developers are advised to verify the authenticity of packages before integration.

Credit --> Cyware Social

RansomHub Affiliate Utilizes Python-Based Backdoor

Security analysts have reported that the RansomHub affiliate group is leveraging a Python-based backdoor to maintain access to compromised systems. This backdoor facilitates the deployment of ransomware encryptors, underscoring the evolving tactics of ransomware operators.

Credit --> Cyware Social

Veeam Releases Patch for High-Risk Vulnerability

Veeam has disclosed a critical Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2025-23082, in its Backup for Microsoft Azure product. With a CVSS score of 7.2, this vulnerability could be exploited to gain unauthorized access. Users are urged to apply the available patch to ensure system security.

Credit --> Cyware Social

January 19, 2025

IT CyberSecurity Headlines