Microsoft 365 Email Bypass Attack

Security experts have flagged an emerging attack campaign targeting Microsoft 365 users. The attackers skilfully leverage Microsoft-signed emails to bypass traditional email security controls. This alarming technique can mislead both users and automated security filters into trusting malicious messages. Microsoft 365 administrators and email users are advised to review their security configurations and ensure that additional verification measures are in place to counter such fraudulent emails.

Critical WordPress Vulnerabilities

A host of high-severity vulnerabilities have been discovered affecting various WordPress themes and plugins. These weaknesses pose a considerable risk if left unaddressed. Below is a summary of the most critical issues:

• CiyaShop WordPress Theme (CVE-2024-13824, Critical – 9.8): A PHP Object Injection vulnerability in the ‘add_ciyashop_wishlist’ and ‘ciyashop_get_compare’ functions could allow unauthenticated attackers to inject malicious PHP objects. The impact may depend on the presence of additional plugins or themes forming a POP chain.
• SoundRise Music Plugin (CVE-2025-2103, High – 8.8): A missing capability check in the onMusic_ajax() function exposes the plugin to unauthorised data modification, possibly leading to privilege escalation. Attackers with subscriber-level access may alter registration defaults to gain administrative rights.
• Eco Nature Theme (CVE-2025-0952, High – 8.1): An absence of a proper capability check on the ‘cmsmasters_hide_admin_notice’ AJAX action allows authenticated users to modify site options, potentially causing denial of service through misconfiguration.
• InstaWP Connect Plugin (CVE-2024-13913, High – 8.8): A Cross-Site Request Forgery (CSRF) vulnerability in the /migrate/templates/main.php file can be exploited by unauthenticated attackers to execute arbitrary PHP code on the server.
• Industrial Theme (CVE-2024-13376, High – 8.8): Similar to the SoundRise Music vulnerability, a missing check on the _ajax_get_total_content_import_items() function allows unauthenticated users to modify options and potentially escalate privileges.
• WP JobHunt Plugin Vulnerabilities:
  • Authentication Bypass (CVE-2024-11286, Critical – 9.8): Deficient verification in the cs_parse_request() function could let unauthenticated attackers log into user accounts, including those of administrators.
  • Privilege Escalation via Email Update (CVE-2024-11285, Critical – 9.8): A lack of proper validation in the account_settings_callback() function permits unauthorised modification of user email addresses, facilitating account takeover.
  • Privilege Escalation via Password Change (CVE-2024-11284, Critical – 9.8): An issue in the account_settings_save_callback() function allows unauthenticated attackers to change account passwords, leading to potential unauthorised access.

Additional Threats on the Horizon

The cybersecurity community is also keeping a close watch on other malicious activities:

• OBSCURE#BAT Malware: This strain of malware utilises fake CAPTCHA pages and malvertising to deploy the rootkit r77. By modifying registry settings and patching AMSI, it skilfully evades detection.
• ClickFix Phishing Campaign: Microsoft has issued a warning regarding a phishing campaign targeting the hospitality sector. Attackers are sending emails that mimic Booking.com communications, aiming to trick recipients into divulging their credentials.
• Sante PACS Server.exe Vulnerability (CVE-2025-2263, Critical – 9.8): A stack-based buffer overflow in an OpenSSL decryption function during login could enable unauthenticated remote attackers to exploit the system by supplying overly long encrypted credentials.
• Heightened Geopolitical Cyber Threats: In response to Russian hacker activity against telecommunications and other critical infrastructure, Denmark has raised its cyber threat level to high. This move highlights the escalating risks from state-sponsored and organised cyberattacks.