News from Italy
Noname strikes again at italian institutions
Similar to last December, the pro-Russian hacker group Noname057(16) carried out DDoS (Distributed Denial of Service) attacks against websites of Italian ministries and institutions, including the Ministries of Foreign Affairs, Infrastructure and Transport, Consob, the Carabinieri, the Navy, and the Air Force. Local public transport companies such as Rome’s Atac, Palermo’s Amat, and Genoa’s Amt were also targeted.
Graphite: a global privacy breach
Equally significant is the espionage scandal involving at least 90 journalists and human rights activists across various countries, including Italy. The Israeli software Graphite, developed by Paragon, was used to infiltrate mobile phones via WhatsApp messages or calls, allowing information theft without any user interaction. In Italy, at least seven individuals were affected, including Francesco Cancellato, director of the digital newspaper Fanpage, and activist Luca Casarini from the NGO Mediterranea. In early February, Paragon suspended its contract with Italy, stating that the ethical terms of the agreement were not respected.
News from the World
Crypto theft on Phemex
The cryptocurrency platform Phemex suffered a sophisticated cyberattack resulting in the theft of over $85 million in cryptocurrency. The incident affected only hot wallets, while cold wallets remained intact. Following the attack, Phemex temporarily suspended deposit and withdrawal operations, implemented additional security measures, and is collaborating with cybersecurity firms and relevant authorities to investigate the incident.
$840,000 stolen: vulnerabilities in orange finance
The Orange Finance platform was targeted in an attack exploiting vulnerabilities in its smart contracts, causing a loss of approximately $840,000 in cryptocurrency. Attackers exploited flaws in smart contract protocols to execute fraudulent transactions and quickly distributed the stolen funds across multiple addresses to evade tracking. In response, security experts advised users to immediately cease all interactions with the platform and revoke permissions granted to the related smart contracts to prevent further losses.
Cyber attacks and vulnerabilities
In January 2025, significant cybersecurity vulnerabilities were reported and/or updated, highlighting gaps in enterprise software, security platforms, and critical infrastructures. Targeted attacks affected the Public Administration, Technology and Corporate Networks, and Critical Infrastructure sectors. A total of 30 vulnerabilities were recorded, 20 of which were classified as high or critical risk.
The Public Administration faced phishing and smishing campaigns targeting users and employees of public entities, while the healthcare sector suffered attacks exploiting flaws in management software and network devices. Critical infrastructures and corporate networks reported 8 vulnerabilities, experiencing active exploits and botnet attacks compromising firewalls and security devices. Finally, the financial sector saw fewer vulnerabilities, but with significant implications for data integrity.
The situation is summarized in the following chart:
The cybersecurity threat landscape has shown a significant increase in reports and/or updates regarding critical vulnerabilities affecting multiple sectors, with particular focus on mobile devices, corporate infrastructures, and security platforms.
The identified vulnerabilities mainly fall into two categories: (1) software flaws and (2) targeted attacks. The former involve security bugs found in widely used products such as Google Android, Google Pixel, Node.js, Oracle WebLogic, and SAP NetWeaver, which could have allowed remote code execution or unauthorized access to sensitive data.
In the corporate realm, critical issues were reported in security systems like Palo Alto Networks, Juniper Networks, and SonicWall, with exploits enabling attackers to bypass protections and compromise enterprise systems. Meanwhile, social engineering attacks such as phishing and smishing continued targeting individuals and employees of public bodies and companies, with campaigns leveraging themes related to Poste Italiane, iCloud, and other commonly used platforms.
Another key element of January’s threats was the active exploitation of critical vulnerabilities by advanced botnets, such as the Aquabot variant, which targeted Mitel devices to conduct DDoS attacks and compromise corporate infrastructures. Additionally, IT infrastructures came under pressure from Advanced Persistent Threats (APTs), with cybercriminal groups exploiting known vulnerabilities in Microsoft Patch Tuesday, 7-Zip, and Rsync — tools widely used in development and IT management environments.
Among the most impactful vulnerabilities were those related to network devices, such as flaws in Fortinet firewalls, which allowed unauthorized remote access to corporate networks and critical infrastructures.
On the attack front, there is a growing use of zero-day exploits—vulnerabilities unknown to developers and thus lacking patches at the time of exploitation. This type of threat is especially dangerous because it enables attackers to infiltrate systems without detection by traditional security tools.
Simultaneously, ransomware attack techniques evolved, with new methods to evade corporate defenses and encrypt sensitive data more effectively. Spear phishing campaigns focused on highly personalized attacks, deceiving targets with tailored messages mimicking trusted corporate communications to harvest credentials and privileged access.
Exploitation of critical vulnerabilities remains the most dangerous attack method, as it allows attackers to infiltrate systems without human interaction, impacting large-scale targets with a high degree of automation (e.g., CVE-2024-55591 – Fortinet FortiOS and FortiProxy). Unlike phishing or ransomware, which require victim involvement, vulnerabilities in firewalls, enterprise software, and security systems can be exploited to gain unauthorized access, compromise entire infrastructures, and launch combined attacks such as data exfiltration or lateral movement within networks.
CVE monitoring – new vulnerabilities
High Risk
Codename: CVE-2024-11128
Description: This is a flaw in the BitdefenderVirusScanner executable used by Bitdefender Virus Scanner for macOS. An attacker with limited privileges could exploit this vulnerability to execute arbitrary code with elevated privileges on the affected macOS system, compromising system confidentiality and integrity. Fortunately, it has been patched.
Source: https://www.cve.org/CVERecord?id=CVE-2024-11128
Critical Risk
Codename: CVE-2025-0282
Description: This is a stack-based buffer overflow that allows an unauthenticated remote attacker to execute arbitrary code. Ivanti has released updates to fix this vulnerability, which is, however, actively exploited in the wild.
Sources: https://www.cve.org/CVERecord?id=CVE-2025-0282 e https://www.acn.gov.it/portale/w/ivanti-rilasciati-aggiornamenti-di-sicurezza
