Summary
As 2025 unfolds, new cybersecurity challenges emerge quickly, signaling a year filled with evolving threats. January saw 14 critical vulnerabilities added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Microsoft leads with three, followed by Mitel with two, while Apple, Ivanti, SonicWall, Fortinet, and Oracle each contribute one.
Alongside the latest KEV updates, CISA has issued a warning regarding critical vulnerabilities in Contec CMS8000 patient monitors, a key device in healthcare environments. In a joint advisory with the FBI, attention was also drawn to the exploitation of vulnerabilities in Ivanti Cloud Service Appliances, which are being targeted as part of an advanced attack chain. Additionally, threat actors have been actively exploiting vulnerabilities in NETGEAR routers, as well as Zyxel and Mitel products, highlighting the escalating risk and the urgent need for enhanced cybersecurity measures.
Moreover, 14 vulnerabilities were exploited as zero-days in January, amplifying the ongoing risk posed by cyber adversaries as we step into the new year.
Ransomware groups Babuk2, Clop, and Lynx made their presence felt in January 2025, compromising major sectors like healthcare, finance, and manufacturing, underscoring the escalating risk to critical industries.
Subscribe to our Newsletter
%20(1).png)
