Ethan Grammer
Guillermo Sánchez / March 28, 2025 / 2 minutes of readingAdvisories, Vulnerabilities & Alerts
Malicious Adobe DocuSign OAuth Apps Targeting Microsoft 365 Accounts
Description:
Cybersecurity researchers have uncovered an ongoing phishing campaign that deploys malicious OAuth applications disguised as Adobe and DocuSign services to target Microsoft 365 users. Threat actors use social engineering tactics to trick employees into granting permissions to rogue applications. Once authorized, these apps gain access to corporate email accounts, allowing attackers to steal sensitive data, conduct internal phishing campaigns, and exfiltrate information to external servers.
Recommended Actions:
- Regularly review and audit third-party application permissions within Microsoft 365.
- Revoke unauthorized OAuth apps from enterprise accounts.
- Implement conditional access policies to limit third-party app integrations.
- Train employees to recognize phishing attempts and report suspicious activities.
External Links:
Chinese Hackers Breach Juniper Networks Routers
Source Advisory URL:
Description:
A newly identified cyber-espionage campaign attributed to Chinese state-sponsored hackers has targeted Juniper Networks, a major provider of networking and cybersecurity solutions. The attackers reportedly exploited zero-day vulnerabilities against end-of-life MX series routers to gain access to internal systems, potentially exposing critical infrastructure used by enterprises and government agencies worldwide. The breach raises concerns about supply chain security and the increasing sophistication of nation-state cyber operations.
Recommended Actions:
- Immediately apply the latest security patches released by Juniper Networks.
- Monitor network activity logs for any unusual behaviors or unauthorized access attempts.
- Implement network segmentation to minimize potential lateral movement in case of a breach.
- Conduct a security review of infrastructure reliant on Juniper hardware and software.
External Links:
VMware released Security Advisory VMSA-2025-0004
Description:
On March 4, 2025, VMware released Security Advisory VMSA-2025-0004, addressing multiple vulnerabilities in VMware ESXi, Workstation, and Fusion. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have been assigned severity ratings ranging from Important to Critical, with CVSSv3 base scores between 7.1 and 9.3.
Additionally, VMware has information suggesting that exploitation of these vulnerabilities has occurred in the wild.
Recommended Actions:
- VMware recommends applying the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ to remediate these vulnerabilities.
External Links: