Microsoft Releases Critical Security Updates on Patch Tuesday

Microsoft has released updates to fix 137 security issues in Windows and related software, including 14 critical flaws that could allow hackers to take control of computers with little or no user action. While none of the bugs are currently being used in attacks, the company urges users and system administrators to apply the updates quickly to stay protected.

One notable vulnerability affects Microsoft SQL Server, which is widely used by businesses to manage data. Although not labeled critical, the flaw could expose sensitive information and affect many systems indirectly, even if users aren’t running SQL Server directly. Security experts warn that the bug is easy to exploit and poses a serious risk to organizations handling private or regulated data.

Other dangerous flaws include bugs in Microsoft Office, Windows Defender, and tools used to manage company networks. Some of these can be triggered without any action from users—such as by simply previewing an email attachment. Microsoft also confirmed that older versions of software like SQL Server 2012 will no longer receive security updates. Users are encouraged to back up their files and install the latest updates as soon as possible.

Stealthy Matanbuchus 3.0 Malware Targets Businesses with Advanced Tricks

A new and more advanced version of the Matanbuchus malware, known as Matanbuchus 3.0, has been spotted by cybersecurity experts. This malware isn’t spread through typical spam emails but rather through more direct, hands-on tricks, like impersonating IT support in Microsoft Teams calls. In one case, employees were convinced to launch a remote access tool, allowing attackers to install the malware via a disguised script. Once installed, Matanbuchus can secretly collect system data, avoid detection, and help deliver more dangerous malware like ransomware.

Matanbuchus 3.0 has evolved with powerful new features that allow it to hide in memory, disguise its actions, and run harmful programs without alerting security tools. It uses advanced methods to maintain long-term access to a device, such as setting up tasks using Windows system tools in ways that are hard to trace. The malware is rented out to other cybercriminals for up to $15,000 a month, making it a serious threat to businesses. Security researchers warn that Matanbuchus reflects a growing trend of stealthy, professional-grade hacking tools designed to abuse everyday tools like PowerShell and Microsoft Teams.

New Malware Creates Stealthy Attacks and Data Theft on Outdate SonicWall Devices

A new malware called OVERSTEP has been discovered targeting outdated but previously secure SonicWall remote access devices. Hackers use this malware to secretly take control of these devices, steal passwords, and stay hidden for long periods. The malware was found to be used by a group known as UNC6148, which has been active since at least October and appears to be linked to data theft, extortion, and possibly ransomware attacks.

Researchers believe the attackers first gained access by stealing administrator credentials using older security flaws that hadn’t been patched in time. Once inside, they used a hidden connection to remotely control the device and quietly changed settings to give themselves ongoing access. They then installed OVERSTEP, which hides itself from security tools, clears digital traces, and allows hackers to steal sensitive information such as login credentials and security certificates.

This type of attack shows how dangerous it can be to continue using unsupported or outdated equipment, even if it’s been patched. Organizations using SonicWall devices are strongly urged to check for signs of compromise and take precautions, including creating disk images of affected devices for analysis. Google’s security team has provided warning signs and indicators to help identify if a device has been targeted.

Defensible Strategies

Learn from those who have been attacked

AI Adoption in Cybersecurity Drives Efficiency and New Role Opportunities

A recent survey of cybersecurity professionals by ISC2 reveals that artificial intelligence (AI) is steadily making its way into security operations across various industries. About one-third of respondents said their organizations are already using AI security tools, especially in sectors like industrial enterprises, IT services, and professional services. Larger companies are leading this adoption, while smaller and mid-size organizations remain more cautious. Many teams are still in the evaluation or testing stages, showing both interest and hesitancy in fully integrating AI into their workflows.

Cybersecurity professionals are seeing real benefits from AI, particularly in areas that require processing large volumes of data, such as network monitoring, intrusion detection, endpoint protection, and vulnerability management. These tasks, often complex and time-consuming for humans, are where AI can improve efficiency and reduce errors. As a result, many see AI as a valuable tool for enhancing overall cybersecurity capabilities.

However, the rise of AI is also raising concerns about the future of entry-level cybersecurity jobs. Since many junior roles involve repetitive or time-intensive work, over half of the respondents believe AI will reduce the need for such positions. Still, some are optimistic, suggesting that AI could create new kinds of entry-level roles that combine traditional skills with AI and automation knowledge. Organizations are advised to carefully plan their AI strategies, considering both the technical and workforce impacts as they adopt these powerful new tools.

Co-op Cyberattack Exposes Data of 6.5 Million Members

UK retailer Co-op revealed that personal data from 6.5 million members was stolen during a cyberattack in April that disrupted its systems and caused shortages in stores. While no financial information was taken, attackers accessed contact details after using a social engineering tactic to reset an employee’s password and infiltrate the network. The breach involved the theft of a critical Windows file that stores password data, allowing the hackers to move through Co-op’s systems and deploy ransomware called DragonForce.

Authorities have linked the attack to a cybercrime group known as Scattered Spider, who were also behind a similar ransomware attack on the retailer Marks & Spencer. Recently, UK law enforcement arrested four suspects believed to be involved in these incidents, including one connected to a major 2023 cyberattack on MGM Resorts. Co-op’s CEO expressed deep concern for the impact on members and employees, emphasizing the personal toll the breach has taken on the organization.

Oracle Cloud Code Editor Flaw Exposes Critical Security Risk

Oracle Cloud Infrastructure’s Code Editor, a tool that lets developers write and manage code directly in the cloud, had a serious security flaw that allowed attackers to secretly upload malicious files. This vulnerability was found in how Code Editor shares its file system with Cloud Shell, a command-line tool in the cloud. Because these two tools are tightly connected, if an attacker tricks a logged-in user into visiting a malicious website, they could exploit this flaw to take control of the user’s cloud environment and access sensitive data or services.

The issue came from a missing security check called Cross-Site Request Forgery (CSRF) protection, which normally stops hackers from using a user’s login to perform harmful actions without permission. Oracle has since fixed the problem by adding proper protections to stop unauthorized file uploads. This case highlights how the close integration of cloud services can increase risks — if one part is compromised, attackers might gain access to multiple connected services, showing the need for strong security across all layers of cloud environments.