New Hak5 Video Highlights Critical Cybersecurity Issues

In this video, the Threatwire team addresses several crucial topics in cybersecurity, including recent vulnerabilities and sophisticated phishing campaigns. The first topic discussed is a phishing campaign discovered by Veronus Threat Labs in May 2025. This campaign exploits a little-known feature of Microsoft 365 called "direct send." This feature allows internal devices to send emails without requiring authentication, enabling attackers to bypass anti-phishing filters by sending spoofed emails that appear to come from within the organization. The attackers used the PowerShell command "send-mail message" to send these fraudulent emails. Although these emails originate from external IP addresses and exhibit other indicators of illegitimacy, this method has been observed in the wild, underscoring the importance of closely monitoring email security configurations. Another major topic is the discovery of eight new vulnerabilities affecting more than 748 models of printers from five different manufacturers, including 689 models from Brother. The most critical vulnerability, CVE 202451978, allows an unauthenticated attacker to generate the device's default administrator password using the printer's unique serial number. While patches are available for seven of the vulnerabilities via firmware updates, the critical vulnerability requires a complete change in the manufacturing process. Brother has indicated that this vulnerability cannot be fully addressed by a firmware update and has implemented a workaround for affected models. The significance of this vulnerability lies in the fact that attackers can use administrative access to reconfigure the printer or install malicious software, thereby stealing sensitive documents. The video also discusses a new series of vulnerabilities affecting Citrix Netscaler Gateway and Netscaler ADC products, similar to the "Citrix Bleed" vulnerability of 2023. The new vulnerabilities, CVE20255349 and CVE20255777, allow attackers to use out-of-bounds memory reads to steal tokens and extract authentication data, thereby bypassing multi-factor authentication (MFA) and hijacking user sessions. Although Citrix initially stated that these vulnerabilities had not been exploited in the wild, researchers at Riaquest observed active exploitations with medium confidence. Citrix has gradually modified the information on these CVEs, making the descriptions more general. It is crucial to update Citrix instances as soon as possible to protect against these threats. In conclusion, this video highlights the importance of constant vigilance in cybersecurity, whether it is protecting email systems, printers, or network infrastructures. Vulnerabilities and phishing campaigns are constantly evolving, requiring regular updates and proactive monitoring. To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=aeLfTB5K72g