Welcome to the Triad Situation Report, your trusted source for the latest cybersecurity and compliance news. In this edition, we bring you crucial updates on emerging cyber threats, including data breaches, phishing schemes, and sophisticated malware campaigns. Stay informed and take proactive steps to protect your business from evolving cyber risks.
Critical Erlang/OTP Vulnerability Enables Remote Code Execution
A critical vulnerability (CVE-2025-32433) in the Erlang/OTP SSH implementation allows unauthenticated remote code execution. Widely used in telecom and messaging systems, this flaw puts various platforms at risk, especially when SSH daemons run as root. The issue stems from improper message handling before authentication. Developers are urged to update to OTP-27.3.3, OTP-26.2.5.11, or OTP-25.3.2.20, and limit SSH port exposure as a short-term mitigation.
Read More
Four New Windows Task Scheduler Flaws Bypass UAC and Obscure Logs
Researchers uncovered four privilege escalation vulnerabilities in Windows Task Scheduler that allow local attackers to bypass UAC protections, gain SYSTEM-level access, and erase logs. The attacks utilize task manipulation and obfuscated Unicode characters to avoid detection. Microsoft has released patches, and organizations are advised to apply updates and monitor for unusual task creation activity.
Read More
Iran-Backed CyberAv3ngers Hack Global Industrial Systems
The Iranian hacking group CyberAv3ngers has compromised more than 100 industrial devices worldwide, focusing on water and energy sectors. Using malware like IOControl and leveraging MQTT protocols, the group infiltrates systems linked to Israeli-made PLCs. Security agencies warn that these campaigns are part of a broader strategy targeting critical infrastructure. ICS operators are urged to tighten segmentation and monitor OT environments.
Read More
Legends International Data Breach Impacts 1.6 Million Individuals
Entertainment and hospitality company Legends International disclosed a data breach affecting approximately 1.6 million people. The November 2024 incident exposed personal information, including names, Social Security numbers, and medical data. The company is working with cybersecurity experts and law enforcement to assess the full impact. Affected individuals are encouraged to monitor financial accounts and consider identity protection services.
Read More
Chrome Extensions With 6 Million Installs Contain Hidden Trackers
Researchers identified 57 Chrome extensions containing embedded tracking code, collectively installed more than 6 million times. Marketed as ad blockers and privacy tools, these extensions accessed cookies, captured browsing activity, and executed remote scripts. Many were not available through the official Chrome Web Store. Users are advised to audit installed extensions and remove any obtained through unofficial sources.
Read More
How Triad InfoSec Can Assist Your Business:
Navigating the complexities of cybersecurity compliance can be challenging. Triad InfoSec is dedicated to helping businesses prepare for CMMC audits, ensuring compliance, and optimizing cybersecurity strategies. Our services include:
- CMMC Audit Preparation: Guiding your organization through the necessary steps to achieve CMMC certification.
- MSP Partnerships: Collaborating with Managed Service Providers to ensure your business remains compliant while reducing cyber insurance premiums.
- Comprehensive Cybersecurity Solutions: Offering a range of services tailored to meet all your cybersecurity needs.
Partner with Triad InfoSec to secure your business’s future.
Stay vigilant and proactive in addressing cybersecurity challenges to protect your business and its valuable assets.
