Weekly February Cybersecurity Newsletter Welcome to this week's pulse on the state of cyber threats, where defenders need to act more quickly as vulnerabilities arise quickly This article explores malware training security. . ESXi servers are being overrun by vicious ransomware gangs; Notepad++ users are facing a supply-chain nightmare due to a malicious update; and Microsoft Office's most recent 0-day is ready for exploitation.

We've broken down these incidents and provided new information on new tactics, patches that need to be applied right away, and ways to strengthen your defenses. To stay ahead of the game, dive in.

Find out more Software for data security Solutions for network security Software for detecting malware Training in security awareness Cybersecurity of servers ZeroOwl membership Software for endpoint detection and response Solutions for data security Apps for secure messaging Highlights for this week include critical patches for Chrome, SolarWinds, and F5 products, as well as actively exploited zero-days in Microsoft Office and React Native tools. Visit https://ZeroOwl.com/threat-actors-abuse-microsoft-google-platforms/ ValleyRAT LINE to learn more. The act of impersonation ValleyRAT uses the PoolParty exfiltration technique to disable Defender, inject into Explorer.exe, and steal login credentials while posing as a LINE installer for Chinese users.

Read more: https://ZeroOwl.com/valleyrat-mimic-as-line-installer-attacking-users/ Interlock Ransomware Exploit Interlock ransomware deploys “Hotta Killer” exploiting a gaming anti-cheat driver zero-day (CVE-2025-61155) to disable EDR/AV before encrypting education sector targets.

See also: https://ZeroOwl.com/interlock-ransomware-actors-new-tool-exploiting-gaming-anti-cheat-driver-0-day/ Cyber Attacks Notepad++ Update Hijack Attackers selectively redirected users to malicious update servers by breaching Notepad++'s previous shared hosting infrastructure between June and December 2025. The release of v8.8.9 with hardened checks and future XMLDSig enforcement was prompted by the likely Chinese state-sponsored group taking advantage of weak validation in previous versions. Visit https://ZeroOwl.com/notepad-hijacked/ NTDS.dit to learn more.

Theft Surge Hackers are using programs like PsExec, vssadmin, and SecretsDump to exfiltrate Active Directory's NTDS.dit file in order to steal domain credentials covertly. With support for custom XML filtering, it is turned off by default. Continue reading