Week in review: Backdoor found in SOHO devices running Linux, high-risk WinRAR RCE flaw patched

Week in review: Backdoor found in SOHO devices running Linux, high-risk WinRAR RCE flaw patched

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Stealthy backdoor found hiding in SOHO devices running Linux
SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices they’re calling LapDogs.

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)
A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations.

Breaking the cycle of attack playbook reuse
Threat actors have learned an old business trick: find what works, and repeat it. Across countless cyberattacks, Bitdefender has observed adversaries consistently applying the same steps—the same techniques, the same security bypass patterns—across different targets.

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)
A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths.

Why should companies or organizations convert to FIDO security keys?
In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they’re gaining traction across industries, from healthcare to critical infrastructure.

Windows 10: How to get security updates for free until 2026
Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday.

Money mule networks evolve into hierarchical, business-like criminal enterprises
In this Help Net Security interview, Michal Tresner, CEO of ThreatMark, discusses how cybercriminals are weaponizing AI, automation, and social engineering to industrialize money mule operations.

Trojanized SonicWall NetExtender app exfiltrates VPN credentials
Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?).

Building cyber resilience in always-on industrial environments
In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems.

Microsoft will start removing legacy drivers from Windows Update
Microsoft will start removing legacy drivers from Windows Update to improve driver quality for Windows users but, most importantly, to increase security, the company has announced.

From posture to prioritization: The shift toward unified runtime platforms
In this Help Net Security interview, Rinki Sethi, Chief Security Officer at Upwind, discusses how runtime platforms help CISOs shift from managing tools to managing risk.

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets
The CoinMarketCap and CoinTelegraph websites have been compromised over the weekend to serve clever phishing pop-ups to visitors, asking them to verify/connect their crypto wallets.

Why work-life balance in cybersecurity must start with executive support
In this Help Net Security interview, Stacy Wallace, CISO at Arizona Department of Revenue, talks about the realities of work-life balance in cybersecurity leadership.

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)
Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw.

How CISOs can justify security investments in financial terms
In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses

Quantum risk is already changing cybersecurity
A new report from the Cyber Threat Alliance warns that the era of quantum risk is already underway, and security teams need to stop treating it like a problem for tomorrow.

Managing through chaos to secure networks
The network is what keeps businesses up and running, so it must be resilient. However, several factors contribute to the complexity of networks and the difficulty of enabling business continuity.

Review: Redefining Hacking
Redefining Hacking takes a look at how red teaming and bug bounty hunting are changing, especially now that AI is becoming a bigger part of the job.

Why the SOC needs its “Moneyball” moment
Attacks don’t spread in straight lines – they move laterally, quietly exploiting relationships between systems, users, and services. Yet most SOC tooling still looks at infrastructure in isolation: a network alert here, an identity signal there, a misconfiguration flagged somewhere else.

71% of new hires click on phishing emails within 3 months
New hires are more likely to fall for phishing attacks and social engineering than longer-term employees, especially in their first 90 days, according to Keepnet.

The real story behind cloud repatriation in 2025
In this Help Net Security video, Mark Wilson, Technology and Innovation Director at Node4, shares key insights from the company’s 2025 mid-market report.

Medical device cyberattacks push hospitals into crisis mode
22% of healthcare organizations have experienced cyberattacks that directly impacted medical devices, according to RunSafe Security.

ClickFix attacks skyrocketing more than 500%
ClickFix, a deceptive attack method, saw a surge of more than 500% in the first half of 2025, making it the second most common attack vector after phishing, according to ESET’s latest Threat Report.

Google’s Gemini CLI brings open-source AI agents to developers
Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, extensible, and usable for developers working outside the IDE.

Users lack control as major AI platforms share personal info with third parties
Some of the most popular generative AI and large language model (LLM) platforms, from companies like Meta, Google, and Microsoft, are collecting sensitive data and sharing it with unknown third parties, leaving users with limited transparency and virtually no control over how their information is stored, used, or shared, according to Incogni.

Reconmap: Open-source vulnerability assessment, pentesting management platform
Reconmap is an open source tool for vulnerability assessments and penetration testing. It helps security teams plan, carry out, and report on security tests from start to finish.

Cybersecurity jobs available right now: June 24, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

When synthetic identity fraud looks just like a good customer
People may assume synthetic identity fraud has no victims. They believe fake identities don’t belong to real people, so no one gets hurt. But this assumption is wrong.

Infosec products of the month: June 2025
Here’s a look at the most interesting products from the past month, featuring releases from: Akamai, AttackIQ, Barracuda Networks, BigID, Bitdefender, Contrast Security, Cymulate, Dashlane, Embed Security, Fortanix, Fortinet, Jumio, Lemony, Malwarebytes, SpecterOps, StackHawk, Stellar Cyber, Sumsub, Thales, Tines, Vanta, and Varonis.



Source link