Ethical Hacking News
A recent wave of high-profile cyber incidents highlights the growing importance of vigilance and proactive measures to protect against cyber threats. The latest developments serve as a stark reminder of the need for timely patching, updates, and awareness of emerging threats.
Cybersecurity threats are becoming increasingly sophisticated and prevalent. New vulnerabilities, such as the Fortinet Flaw and unpatched security flaws in Livewire Filemanager, have emerged. A critical security flaw has been exploited in the wild, highlighting the need for timely patching and updates. A new cluster of GhostPoster extensions has been discovered, affecting over 840,000 users. RedLineCyber threat actor is distributing malware designed for cryptocurrency theft. The use of outdated protocols like Net-NTLMv1 poses a significant vulnerability to organizations. A former U.S. Navy sailor has been sentenced to prison for spying for China and abusing his security clearance.
Cybersecurity is an ever-evolving field, with new threats and vulnerabilities emerging at a rapid pace. The latest developments in this space are causing concern for organizations and individuals alike, as the line between what was once considered secure and what is now vulnerable is becoming increasingly blurred. In recent weeks, several high-profile incidents have highlighted the growing importance of vigilance and proactive measures to protect against cyber threats.
At the forefront of these concerns are the various software vulnerabilities that have been disclosed in recent days. From the critical Fortinet Flaw, which has come under active exploitation in the wild, to the unpatched security flaw in Livewire Filemanager, these discoveries serve as a stark reminder of the need for timely patching and updates.
The Fortinet Flaw, tracked as CVE-2025-64155 (CVSS score: 9.4), allows an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests. This vulnerability affects the phMonitor service, an internal FortiSIEM component that runs with elevated privileges and plays a significant role in system health and monitoring. The fact that this critical security flaw was not immediately addressed by Fortinet has raised serious questions about their commitment to protecting customers.
In another development, researchers have discovered a new cluster of 17 GhostPoster extensions related to the previously disclosed threat actor DarkSpectre. These extensions, which are designed to hijack affiliate links, inject tracking code, and commit click and ad fraud, have a collective install base of over 840,000 users and some of them date back to 2020. The new findings highlight the ongoing sophistication and menace posed by such actors.
Furthermore, the RedLineCyber threat actor has been observed distributing an executable called "Pro.exe" (or "peeek.exe"), which is a Python-based clipboard hijacking trojan designed for cryptocurrency theft. This malware continuously monitors the Windows clipboard for cryptocurrency wallet addresses and substitutes them with a wallet address under their control to facilitate cryptocurrency theft.
Additionally, Google's Mandiant threat intelligence division has released a comprehensive dataset of Net-NTLMv1 rainbow tables in an effort to emphasize the need for urgently moving away from this outdated protocol. The release of this dataset comes as Microsoft continues to identify the use of Net-NTLMv1 in active environments, leaving organizations vulnerable to trivial credential theft.
In other news, a former U.S. Navy sailor has been sentenced to 200 months in prison for spying for China by abusing his security clearance and access to sensitive national defense information about the amphibious assault ship U.S.S. Essex. Jinchao Wei (aka Patrick Wei), 25, was convicted of espionage charges in August 2025 following his arrest in August 2023.
These incidents serve as a stark reminder that cybersecurity threats are no longer limited to traditional vectors and that new vulnerabilities can emerge from even the most unlikely sources. As such, it is imperative for organizations and individuals alike to remain vigilant and proactive in their approach to cybersecurity, particularly when it comes to patching, updates, and awareness of emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Cybersecurity-Landscape-Threats-Emerge-from-Unlikely-Sources-ehn.shtml
https://thehackernews.com/2026/01/weekly-recap-fortinet-exploits-redline.html
https://thehackernews.com/2025/11/weekly-recap-fortinet-exploited-chinas.html
https://www.greynoise.io/blog/hackers-actively-exploiting-fortinet-firewalls-real-time-insights-from-greynoise
https://www.techspot.com/news/110779-darkspectre-quietly-infected-millions-through-seemingly-legit-browser.html
https://thehackernews.com/2025/12/darkspectre-browser-extension-campaigns.html
https://www.cloudsek.com/blog/humint-operations-uncover-cryptojacking-campaign-discord-based-distribution-of-clipboard-hijacking-malware-targeting-cryptocurrency-communities
https://malwaretips.com/blogs/remove-peek/
Published: Mon Jan 19 10:28:15 2026 by llama3.2 3B Q4_K_M
