Bradley Duncan and Zach Diehl of Unit 42 have discovered a malware campaign using Bing ads to direct users to fake software pages and upload malware. One example found on 22 January 2025 led users to a fake Microsoft Teams download page where a seemingly innocuous JavaScript file was downloaded, which then downloaded further malware files to the user’s system. The researchers emphasise the importance of checking URLs and avoiding clicking on ads when downloading software.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is