Jan 31 2025
Welcome toย Gone Phishing, your weekly cybersecurity newsletter thatโs celebrating its 400th edition! ๐๐พ๐ฅ Thanks for reading folks ๐๐ป
Patch of the Week!ย ๐ฉนย
First thingโs first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, thatโs itโฆ ๐ณย
Congrats to Cacti, the cybercriminals are no matchโฆ for your patch! ๐ฉน
Check out this freshly hatched patch ๐ฃ
๐จ Cacti RCE Alert โ Patch Now! ๐ง
A critical security flaw (CVE-2025-22604, CVSS 9.1) has been found in Cacti, the open-source network monitoring tool. An authenticated attacker could exploit this to achieve remote code execution (RCE) and compromise affected servers. ๐จ
โก Key Details:
1๏ธโฃ CVE-2025-22604 (Critical RCE)
Flaw in SNMP result parsing allows authenticated users to inject commands.
Affects versions 1.2.28 and earlier โ Fixed in 1.2.29.
Attackers could steal, modify, or delete sensitive data.
2๏ธโฃ CVE-2025-24367 (PHP Script Injection, CVSS 7.2):
Lets authenticated attackers plant arbitrary PHP scripts in the web root.
Can be abused via graph creation functionality for further RCE.
๐ง Action Required:
โ Update to Cacti 1.2.29 ASAP!
โ Restrict device management permissions.
โ Monitor for suspicious activity โ past Cacti flaws have been actively exploited!
Stay safe and keep your network secure! ๐โจ
Now, on to this weekโs hottest cybersecurity news stories:ย
๐ฎ๐ปโโ๏ธ Popular hacking forum domains seized in international sting ๐
๐ค DeepSeek AI Database leak! 1M+ log lines, secret keys exposed ๐Abra, Abracadabra, I wanna reach out and hack ya ๐งโโ๏ธ
Gif by chasingcheese32 on Giphy
๐ Major Takedown! An international law enforcement operation has shut down major cybercrime platforms, including Cracked, Nulled, Sellix, and StarkRDP! ๐๐
๐ Sites Seized!
The following domains were confiscated as part of Operation Talent:
โ ย www.cracked.io
โ ย www.nulled.to
โ ย www.mysellix.io
โ ย www.sellix.io
โ ย www.starkrdp.io
Now, visitors see a seizure banner warning users their data has been taken by authorities. ๐จ๐
๐ต๏ธโโ๏ธ Who Was Involved?
The crackdown was led by officials from Australia, France, Greece, Italy, Romania, Spain, the U.S., and Europol. ๐๐ค
๐ป What Were These Sites Doing?
๐น Selling hacking tools & stolen data ๐พ
๐น Hosting malware obfuscation engines ๐ฆ
๐น Offering AI-based attack tools ๐ค
Cracked and Nulled had 10+ million users and made over โฌ1 million ($1.04M) in profits! ๐ฐ
๐ Arrests & Seizures!
๐ธ 2 suspects arrested ๐ฎโโ๏ธ
๐ธ 7 properties raided ๐ ย
๐ธ 17 servers & 50+ devices seized ๐ฅ๏ธ๐ฑ
๐ธ โฌ300K in cash & crypto confiscated ๐ธ
๐ฅ The Fight Continues!
Authorities are cracking down on cybercrime marketplaces, stopping hackers from profiting & making attacks easier for criminals! ๐ซ๐จโ๐ป
Join The AI Report, trusted by 400,000+ professionals at Google, Microsoft, and OpenAI. Get daily insights, tools, and strategies to master practical AI skills that drive results.
Sign up now for free and work smarter, not harder.
๐ฅ Rising AI Star Exposed! DeepSeek, a booming AI startup, accidentally left a database wide open on the internet, risking sensitive data leaks! ๐๐ป
๐ดโโ ๏ธ What Was Exposed?
๐น 1M+ log entries ๐
๐น Chat history & secret keys ๐
๐น Backend & API secrets ๐ต๏ธ
๐น Full database control ๐ฑ
Security researcher Gal Nagli (Wiz) warned that hackers couldโve taken over DeepSeekโs systems without any login! ๐จ
๐ง Fixedโฆ But Too Late?
DeepSeek closed the security gap after Wiz reached out, but itโs unclear if bad actors got in first. The issue stemmed from a ClickHouse database, accessible via a simple web browser request! ๐
๐ AI's Growing Pains
DeepSeekโs R1 reasoning model is shaking up the AI world, rivaling OpenAIโbut it's facing:
๐ธ Massive cyberattacks ๐ก๏ธ
๐ธ Privacy concerns ๐
๐ธ Scrutiny from U.S. officials ๐บ๐ธ
๐ซ Banned in Italy!
Italyโs data watchdog is questioning how DeepSeek handles user data, leading to app removals. Ireland is also investigating. โ๏ธ
๐ OpenAI & Microsoft Investigating!
Reports suggest DeepSeek may have copied OpenAIโs API outputsโa technique called distillation. OpenAI warns Chinese firms are actively replicating U.S. AI models. ๐งฉ๐ค
DeepSeekโs meteoric rise just hit a serious security roadblock! ๐ง๐
Overwhelmed by biased news? Cut through the clutter and get straight facts with your daily 1440 digest. From politics to sports, join millions who start their day informed.
๐ฏ DDoS Attack Alert! A new Mirai botnet variant, Aquabot, is actively hijacking Mitel phones to launch massive DDoS attacks! ๐๐ฅ
๐ Security Flaw Exploited!
Hackers are targeting CVE-2024-41710 (command injection bug, CVSS 6.8) to take control of:
๐น Mitel 6800, 6900, 6900w Series SIP Phones ๐
๐น Mitel 6970 Conference Unit ๐ข
โ ๏ธ Patch released in July 2024โbut many devices remain vulnerable!
๐ฅ How Aquabot Works
๐ฆ Mirai-based malware, known since Nov 2023
๐ ๏ธ Uses shell scripts & wget to infect devices
๐ต๏ธ Disguises itself as "httpd.x86" for stealth
๐ Kills competing malware & reports activity to its C2 server
๐ Selling DDoS Attacks on Telegram?
๐ฐ Hackers may be renting out compromised devices for DDoS attacks under names like:
๐ธ Cursinq Firewall
๐ธ The Eye Services
๐ธ The Eye Botnet
๐ Stay Safe!
๐น Update your Mitel devices NOW! ๐ข
๐น Change default passwords ๐
๐น Monitor for unusual traffic ๐ฆย
Mirai-based botnets arenโt going awayโsecure your devices before theyโre turned into cyber weapons! ๐ซ๐ป
๐๏ธ Extra, Extra! Read all about it! ๐๏ธ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
๐ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐
๐ตCrypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐
๐Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐พ
Let us know what you think.
So long and thanks for reading all the phish!