As cybersecurity threats evolve, staying ahead of the latest attack vectors is crucial for CISOs and IT professionals. This article highlights key cybersecurity events in January 2025, providing actionable insights into fraud trends, major breaches, API supply chain risks, and critical vulnerabilities.
1. 2025 Payment Fraud Trends: The Rise of Sophisticated Payment Attacks
Highlights from 2024
♦️ Surge in Stolen Data – In 2024, 269 million card records and 1.9 million stolen US bank checks were posted on dark and clear web platforms. (🔗 Source)
♦️ Magecart E-Skimmer Infections – Nearly 11,000 unique e-commerce domains were infected, a threefold increase from 2023, driven by the CosmicSting vulnerability (CVE-2024-34102) and pre-built e-skimmer kits like Sniffer by Fleras. (🔗 Source)
♦️ Scam E-Commerce Websites – Over 1,200 scam domains were linked to fraudulent merchant accounts, primarily registered in the UK and Hong Kong.
♦️ Dark Web Activity – Underground marketplaces continued to facilitate fraud, with Telegram playing a key role despite enforcement disruptions.
Trends to Watch in 2025
♦️ Digital E-Skimming & Scam E-Commerce – Attackers will advance e-skimmer tactics and leverage scam websites to exploit digital wallets, with OTP interception emerging as a new threat.
♦️ Dark Web Marketplaces – Despite law enforcement efforts, underground markets will thrive, with Telegram remaining an active hub for less experienced fraudsters.
♦️ Persistent Check Fraud – Check fraud in the US will continue to rise, though intelligence-driven prevention strategies will help financial institutions mitigate losses.
2. Breaches You Need to Know: FortiGate Firewall Leak
A massive breach has exposed 15,000 FortiGate firewalls, including VPN credentials, posing a major risk to enterprises relying on these security solutions. (🔗 Source)
How Attackers Exploit This:
- Leaked credentials enable unauthorized access to corporate networks.
- Attackers use compromised VPNs to bypass security controls.
3. DeepSeek AI: Release, Security Vulnerabilities & Bans
The release of DeepSeek AI has triggered security alarms, with multiple vulnerabilities and bans affecting its adoption.
Key Risks Identified:
- Database leaks due to infrastructure misconfiguration, exposing sensitive user data. (🔗Source)
- Cross-Site Scripting (XSS) vulnerabilities, enabling unauthorized code execution on user interfaces.
- Account Takeover risks through insecure authentication mechanisms.
- Bias concerns, raising ethical issues regarding decision-making fairness.
- Banned in US States & Organizations(Texas, NASA), Australia, Taiwan, South Korea, citing security and compliance concerns. (🔗 Source)(🔗 Source)(🔗Source)
4. API Supply Chain Attacks: Exploiting Weak Links in the Software Supply Chain
API-based attacks target vulnerabilities within the software supply chain, exploiting weak points in third-party integrations. Attackers can manipulate authentication flows to hijack credentials and gain unauthorized access, as seen in the airline loyalty program breach. These attacks expose sensitive data and allow malicious actions, such as fraud and account takeovers. (🔗 Source)
Major Risks:
- API Credential Leaks: Attackers intercept authentication tokens, gaining unauthorized access to enterprise systems.
- Dependency Hijacking: Weak security in third-party services or open-source libraries can allow attackers to compromise the entire ecosystem.
5. 2025 CVEs You Should Know: Critical Security Flaws You Need to Patch Now
CVE-2025-0411 – 7-Zip Vulnerability
Allows attackers to bypass Mark of the Web (MotW) and execute malicious code.
The ZDI report states that the vulnerability was actively exploited by Russian cybercrime groups through spear-phishing campaigns.
- Exploit Details: https://securityonline.info/poc-for-7-zip-cve-2025-0411-lets-attackers-bypass-motw-and-run-malicious-code/
- 7-Zip Vulnerability Exploited in Attacks on Ukraine: https://securityonline.info/cve-2025-0411-7-zip-vulnerability-exploited-in-attacks-on-ukraine/?&web_view=true
CVE-2024-52012 & CVE-2025-24814 – Apache Solr File Write Risks
- Attackers can execute remote code and manipulate files, putting enterprise systems at risk.
- Exploit Details: https://securityonline.info/apache-solr-vulnerabilities-cve-2024-52012-and-cve-2025-24814-expose-systems-to-file-write-and-code-execution-risks/
6. Hacker Simulation: Vulnerability of the Month
Each month, our cybersecurity research team uncovers a a common vulnerability pattern see across SaaS web applications that poses a major risk to enterprises. This week’s featured vulnerability:
🚨 BROKEN ACCESS CONTROLS – This issue arises when applications fail to enforce user permissions effectively, allowing attackers to escalate privileges, access restricted resources, or manipulate system behaviors.
How it Works:
Broken access controls occur when an application does not properly enforce user permissions, allowing unauthorized access to sensitive data or actions. In API environments, missing or improperly configured authorization checks can expose critical functionalities to attackers. Common issues include:
- IDOR (Insecure Direct Object References): Attackers manipulate object identifiers to access unauthorized data.
- Missing Role-Based Access Controls (RBAC): APIs failing to verify user roles, granting excessive permissions.
- Unrestricted API Endpoints: APIs lacking authentication mechanisms allow unauthorized requests.
Who is Affected:
- E-commerce platforms: Exposure of user order history, payment data, or personal information.
- Financial services APIs: Unauthorized fund transfers, account modifications, or data leaks.
- Enterprise applications: Employees accessing privileged systems without authorization.
- Healthcare APIs: Exposure of patient records due to weak access controls.
By continuously assessing API security and reinforcing access controls, organizations can significantly reduce their exposure to these threats and protect their critical digital assets.