Threat Landscape Briefing – February 2025

In this month’s briefing we explore:

• Millions of Accounts Vulnerable Due to Google’s OAuth Flaw (00:55)
  • A critical flaw in Google's "Sign in with Google" OAuth implementation has been found.
  • Learn how Info-Tech can help you Modernize Your Identity Authentication Practices.
• US Government Issues Guidance for Mobile Communication Security (04:05)
  • US law enforcement and security agencies warn about attacks on telecommunications infrastructure by hacking groups linked to the People’s Republic of China.
  • Look to our Assess and Manage Security Risks blueprint for guidance on improving your organization’s security posture.
• Chinese Hackers Exploit Third Party to Access US Treasury Systems and Documents (07:46)
  • Chinese state-backed hacking group Silk Typhoon has been linked to a December breach of the U.S. Treasury Department's Office of Foreign Assets Control.
  • See how Info-Tech can help your organization Build a Vendor Security Assessment Service.
• Phishing in the Age of AI (10:34)
  • A recent study explores how large language models (LLMs) are transforming spear-phishing campaigns, making them more effective and scalable than ever before.
  • Check out our Improve Email Security blueprint.