Infosec In Brief Organized crime networks are now reliant on digital tech for most of their activities according to Europol, the European agency that fights international crime on the continent and beyond.
"The very DNA of organised crime is changing," Europol executive director Catherine De Bolle said last week at the launch of the org’s annual Serious and Organised Crime Threat Assessment (EU-SOCTA).
"Criminal networks have evolved into global, technology-driven criminal enterprises, exploiting digital platforms, illicit financial flows and geopolitical instability to expand their influence,” De Bolle added."
Organized criminals are rapidly adopting AI to automate tasks, expand operations at scale, and stay a step ahead of law enforcement by making their activities harder to detect, the document states.
"The same qualities that make AI revolutionary – accessibility, adaptability and sophistication – also make it a powerful tool for criminal networks," Europol said.
Even crimes rooted in the physical world—like human smuggling or drug trafficking - almost always come with a digital component today, Europol said. The internet has become "the primary theatre for organised crime," while data is now "the new currency of power" traded, stolen, or exploited by criminal groups.
The report also highlights how organized crime, supercharged by technology, has become a more potent threat because its activities undermine the European Union’s institutions and social fabric.
Criminal networks, Europol warns, are "increasingly operating as proxies in the service of hybrid threat actors," cooperating with state-aligned entities for mutual benefit. No specific nations are named, but it's not hard to guess where the fingers might point.
"Hybrid threat actors and criminal actors cooperate for mutual benefit, leveraging each other's resources, expertise, and protection to achieve their objectives," the report states. "For criminals, cooperation with hybrid threat actors might give them access to cutting-edge tools that [they] can use later."
Critical vulnerabilities of the week: Chrome pwn
If you don’t allow automatic updates to Google’s Chrome browser, perhaps pay the program a little attention as Google last week patched two security flaws, the most pressing of which is CVE-2025-2476 as the tech giant has rated it critical despite no CVSS being assigned.
The flaw is a use-after-free bug in image search tool Lens and means a remote attacker could craft a malicious HTML page to trigger heap corruption and potentially hijack the browser.
Other nasties revealed in recent days include:
CVSS 9.3 - CVE-2025-1316: Edimax IC-7100 IP cameras aren't properly neutralizing requests, allowing an attacker to achieve remote code execution by entering certain commands when using the cameras’ operating system.
CVSS 8.6 - CVE-2024-48248: NAKIVO backup and replication software before version 11.0.0.88174 contains an absolute path traversal flaw that can expose sensitive files and potentially lead to remote code execution across affected systems.
Servers at risk thanks to critical MegaRAC BMC flaw
Researchers at Eclypsium have uncovered a maximum-severity CVSS 10 vulnerability in American Megatrends International's MegaRAC Baseboard Management Controller firmware that could let attackers bypass authentication with the Redfish Host Interface. AMI's MegaRAC BMC is a server management tool offered by server vendors including HPE, Asus and ASRock, per Eclypsium.
The vulnerability (CVE-2024-54085) allows attackers to gain remote control over servers and then deploy malware, tamper with firmware, brick hardware, or even trigger endless reboot loops.
Eclypsium found no evidence the vulnerability has been exploited in the wild, although a Shodan scan revealed more than 1,000 exposed MegaRAC instances online.
"It should be noted that exploits themselves are not challenging to create once the vulnerability is located either in the source code or in a decompiled firmware image, given that the firmware binaries are not encrypted," wrote Eclypsium.
Russian exploit buyers seek Telegram zero-days
Russian-based exploit buyer Operation Zero has announced it's paying big bucks for a full-chain zero day exploit in the Android, iOS or Windows versions of messaging app Telegram.
Operation Zero describes itself as "the only official Russian zero-day purchase platform," and reportedly counts the Russian government and select private Russian organizations among its clients. It is offering up to $1.5 million for a zero-click RCE and up to $500k for a one-click RCE in Telegram.
The group hasn't explained its specific interest in Telegram exploits, but the timing is notable. Telegram CEO Pavel Durov was arrested in France last August.
In September 2024, Durov announced the platform would no longer be a safe haven for criminal activity, saying it would start cooperating more closely with law enforcement and hand over user data - such as IP addresses and phone numbers - when legally required.
Whether that policy shift has impacted Russian interests isn't clear, but it's unlikely to have gone unnoticed in Moscow.
WordPress security plugin has critical security flaw
WP Ghost, a security plugin for WordPress with over 200,000 active installations, has a serious vulnerability that leaves sites exposed—unless they've applied the latest patch.
Discovered by Patchstack Alliance researchers, the vulnerability, tracked as CVE-2025-26909 and rated CVSS 9.6, is an unauthenticated Local File Inclusion (LFI)bug. It could allow an attacker to exploit improper input handling in the showFile function, potentially leading to remote code execution across vulnerable WordPress environments.
While the flaw has a critical-grade CVSS score, Patchstack notes that the vulnerability can only be exploited if WP Ghost's Change Paths feature is set to lite or ghost mode—neither of which is enabled by default.
"When working with user-provided data for a local file inclusion process, always implement a strict check on the supplied value and only allow users to access specific or whitelisted paths or files," Patchstack suggested.
Patchstack advises users to update to version 5.4.02 of the plugin ASAP. Anyone running earlier versions is at risk, and the patch must be applied manually.
NIST's vulnerability backlog still growing
The National Institute of Standards and Technology, which has for the past year struggled with a massive backlog of vulnerabilities to add to the National Vulnerability Database, reported some bad news last week: The backlog isn't getting any smaller.
"We are currently processing incoming CVEs at roughly the rate we had sustained prior to the processing slowdown in spring and early summer of 2024," NIST wrote last Wednesday.
Unfortunately, the CVE submission rate increased by 32 percent in 2024. "As a result, the backlog is still growing," NIST added.
NIST has tried multiple times to get the backlog under control, and in June of last year brought in external IT consultants to help manage the mess. As of May 2024, there were about 12,720 vulnerabilities waiting to be analyzed; by October, that number had grown to more than 17,000.
NIST's intends to use machine learning in the hope it can automate "certain processing tasks" and speed its bug-assessment efforts. ®