Weekly Threat Digest: 24 February to March 02, 2025

For a detailed threat digest, download the PDF file here

Summary

HiveForce Labs has identified a surge in cyber threats, with six attacks executed, nine vulnerabilities uncovered in the past week? highlighting the relentless nature of cyberattacks.

HiveForce Labs has uncovered a critical vulnerability in Microsoft Power Pages (CVE-2025-24989) that is already being actively exploited. This flaw, caused by improper access controls, allows attackers to escalate privileges remotely and bypass user registration restrictions. With hackers taking advantage of this weakness, organizations using Power Pages must apply the patch immediately to prevent unauthorized access and potential system compromise.

Meanwhile, cybercriminals continue to evolve their tactics. Ghost ransomware, first spotted in early 2021, has infiltrated organizations in over 70 countries by exploiting unpatched vulnerabilities. Believed to be operated by China-based threat actors, Ghost employs payload rotation, detection evasion, and high-profile exploits like ProxyShell to maximize damage. Adding to the growing threat landscape, a newly discovered Linux backdoor, Auto-Color. This stealthy malware provides attackers with persistent remote access, making it exceptionally difficult to detect and remove. As cyber threats grow more sophisticated, organizations must prioritize proactive security, continuous monitoring, and timely patching to stay ahead.

Subscribe?to receive our weekly threat digests and newsletters directly in your inbox.