---
title: "Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News [December 23, 2024] | DuoCircle"
description: "Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News [December 23."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2025/"
---

Quick Answer

Week ending December 23, 2024 covered: Microsoft's disclosure of CVE-2024-49071 in Windows Defender, an information-disclosure flaw the company has already mitigated, continuing a transparency strategy adopted in June 2024; a Chrome security update fixing four high-severity flaws, CVE-2024-12692 (V8 Type Confusion), CVE-2024-12693 (V8 out-of-bounds memory), CVE-2024-12694 (Composting), and CVE-2024-12695, with versions 131.0.6778.204/.205 rolling to Windows and macOS; a Google Calendar phishing wave with over 4,000 emails using Forms, Drawings, and Calendar invitations to bypass scanners and route victims to fraudulent crypto-mining pages, mitigated by limiting calendar invitations and enabling MFA; Google Forms abuse to spoof Google Support callbacks (a Seattle firefighter lost roughly $50,000 in cryptocurrency to a call from 650-203-0000); and 2025 watch-list trends covering AI-powered phishing, faster ransomware, and IoT device exposure.

Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News \[December 23, 2024\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2025/01/Microsoft-Cybersecurity-Transparency-Chrome-Update-Required-Google-Calendar-Phishing---Cybersecurity-News-December-23-2024.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-1-of-2025%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Microsoft%20Cybersecurity%20Transparency%2C%20Chrome%20Update%20Required%2C%20Google%20Calendar%20Phishing%2C%20Cybersecurity%20News%20%5BDecember%2023%2C%202024%5D&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-1-of-2025%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-1-of-2025%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-1-of-2025%2F&title=Microsoft%20Cybersecurity%20Transparency%2C%20Chrome%20Update%20Required%2C%20Google%20Calendar%20Phishing%2C%20Cybersecurity%20News%20%5BDecember%2023%2C%202024%5D "Share on Reddit") [ ](mailto:?subject=Microsoft%20Cybersecurity%20Transparency%2C%20Chrome%20Update%20Required%2C%20Google%20Calendar%20Phishing%2C%20Cybersecurity%20News%20%5BDecember%2023%2C%202024%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-1-of-2025%2F "Share via Email") 

![cybersecurity news](https://media.mailhop.org/duocircle/images/2025/01/spf-permerror.jpg) 

The year 2024 is ending, but unfortunately, cybercrime never ends. Criminals are always on the look out for innovative ways to scam user accounts and steal data. So, service providers have their tasks cut out and keep users in the loop about the various security measures they initiate. Microsoft has taken the lead in adopting greater transparency in cybersecurity matters. This week, we shall also discuss the various Google Support Services criminals use to launch cyberattacks. Finally, we round off **2024 and welcome the new year 2025** by listing [cybersecurity](/) trends users must watch out for to secure their credentials and prevent them from being compromised.

[![Microsoft cybersecurity](https://media.mailhop.org/duocircle/images/2025/01/buy-smtp-4626.jpg)](https://media.mailhop.org/duocircle/images/2025/01/buy-smtp-4626.jpg)

## Microsoft Takes New Approach Towards Ensuring Transparency In Cybersecurity Matters

Every organization should display transparency in cybersecurity to infuse user **confidence and trustworthiness**. Microsoft has set an example by revealing that a [critical vulnerability in Windows Defender](https://en.softonic.com/articles/microsoft-fixes-a-serious-security-issue-that-affected-windows-defender) could have resulted in a massive security breach. The company has identified this breach as CVE-2024-49071 in its security update guide. This vulnerability could have allowed [unauthorized users to access](https://debricked.com/vulnerability-database/vulnerability/CVE-2024-49071) confidential user credentials. However, exploiting it required the cybercriminal to have prior access to Windows Defender. Fortunately, nobody has exploited this vulnerability so far.

Microsoft has also advised users that they need not take any action. Microsoft has fixed the vulnerability. The critical aspect is that it reflects a new approach by Microsoft towards ensuring greater transparency in **cybersecurity matters**. _Microsoft has followed this strategy since June 2024, when they notified users about cloud vulnerabilities even if they did not need corrective action_. As far as the [CVE-2024-49071](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49071) is concerned, Microsoft has confirmed that they have successfully mitigated the threat. 

## Google Chrome Users Must Update Their Browsers To Prevent Exposure To Serious Potential Attacks

Google recently released a [security update](https://chromium.googlesource.com/chromium/src/+log/131.0.6778.140..131.0.6778.204?pretty=fuller&n=10000) for its Chrome browser that addresses several high-severity vulnerabilities that can allow unauthorized memory access and cause data breaches. 

1. **CVE-2024-12692**, a V8 JavaScript engine Type Confusion issue, can cause heap corruption in a **crafted HTML page**.
2. **CVE-2024-12693**, an out-of-bounds Memory Access in V8, can allow malicious actors to access restricted memory areas.
3. **CVE-2024-12694**, a vulnerability in the Composting component, can cause unexpected system crashes by accessing memory.
4. **CVE-2024-12695** is another critical vulnerability that cybersecurity criminals can exploit.

Users can easily [update their Google Chrome](https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop%5F18.html) browsers.

1. Open Chrome and click the 3-dot menu.
2. Click “Navigate to Help” followed by “**About Google Chrome**.”
3. _Chrome automatically checks for updates and installs the latest version_.
4. Users must restart Chrome to apply the changes.

Google emphasizes the importance of keeping browsers updated to prevent any untoward cybersecurity activity that could lead to potential [data breaches](https://www.bleepingcomputer.com/news/security/leaked-info-of-122-million-linked-to-b2b-data-aggregator-breach/). It has released the updated versions 131.0.6778.204 and .205 for **Windows and macOS users**, whereas the Linux version, 131.0.6778.204, will be rolled out soon. 

[![prevent any untoward cybersecurity activity](https://media.mailhop.org/duocircle/images/2025/01/spf-record.jpg)](https://media.mailhop.org/duocircle/images/2025/01/spf-record.jpg)

## Beware Of Google Calendar Phishing Techniques

_With the new year around the corner, the use of Google Calendar increases as users start marking their schedules_. It is a welcome trend, but users must be careful when they receive email requests resembling [Google Calendar invitations](https://www.sans.org/newsletters/newsbites/xxvi-97/). Researchers have found over 4000 examples of emails containing links to Google Forms, Google drawings, or Google Calendar files that present a counterfeit “Support Button” or reCAPTCHA, which can lead to users accessing a fraudulent crypto mining landing page used to steal user credentials and financial data. These [tempting emails](https://blog.checkpoint.com/securing-user-and-access/google-calendar-notifications-bypassing-email-security-policies/) abuse legitimate Google services to **bypass security scans** and make users vulnerable to cyberattacks.

Cybersecurity experts advise users to take **preventative measures** by being careful with new calendar invitations. Google’s settings allow users to limit who can send calendar invitations. Implementing MFA to protect your accounts is another [precautionary measure](https://cloud.google.com/architecture/bps-for-protecting-against-crytocurrency-attacks) that can protect users from Google Calendar phishing techniques.

## Cyber Criminals Use Google Support Services To Scam Users

Malicious actors have now started using Google Support Services to [scam unsuspecting users](https://krebsonsecurity.com/2024/12/how-to-lose-a-fortune-with-just-one-bad-click/). Generally, users trust Google Support Services, which [sends alerts](https://www.tripwire.com/state-of-security/google-forms-used-call-back-phishing-scam) over Gmail whenever someone accesses their Google accounts from different locations. A firefighting professional from Seattle received a call from an official **Google number (650-203-0000)** convincing him to click “Yes” to a Google Support Services prompt on his mobile. Simultaneously, he received an email warning that someone had compromised his Gmail account in Germany. He found out that he was robbed of nearly $50K in cryptocurrencies. _The concern is that this request was sent via Google Forms, a legitimate Google service used to send surveys and other communication_.

Phishers use Google Forms to create security alerts, change the form’s settings, and automatically send the form to an email address included in the form. Attackers then send the form to themselves and fill it out by entering the victim’s email address instead of their own. Users can protect their accounts by **syncing Google Authenticator** to their Cloud account. Using unique passphrases for your email addresses and changing them frequently can safeguard users from [phishing scams](/resources/phishing-scams-and-the-simple-ways-you-can-protect-yourself). Users can also enroll in Google’s free [Advanced Protection Program](https://landing.google.com/advancedprotection/), which has more extensive security features. 

## Cybersecurity Trends Users Must Watch Out For In 2025

_The year 2024 is ending, and we are at the doorstep of 2025_. The New Year is the time to make resolutions, and increasing **cybersecurity awareness** should be foremost on everyone’s mind. The digital world is evolving rapidly, and cybersecurity threats are surging forward tremendously. Everyone must understand the threat of [AI-driven attacks](https://www.infosecurity-magazine.com/news/security-leaders-ai-driven-attacks/), especially as cybercriminals innovate new methods to [access systems and steal data.](https://en.softonic.com/articles/cybersecurity-trends-to-watch-in-the-new-year)

1. AI-powered phishing is a critical threat where [malicious actors](https://thehackernews.com/2024/01/threat-actors-increasingly-abusing.html) use machine learning to mimic trusted sources and entice users to give access to critical information. Therefore, traditional defenses are no longer enough to counter these innovative threats. Users must be more **proactive and exercise greater flexibility**.
2. At the same time, [ransomware](/resources/locky-ransomware) has become more innovative, faster, and accurate.
3. _With more users adopting IoT and using new gadgets like thermostats and smart cameras, vulnerabilities have also increased_. Therefore, securing IoT devices is crucial because one vulnerable, unsecured device can allow access to an entire network and cause a significant data breach.

The solution is that users must update their software, install the **latest antivirus programs**, and remain vigilant at all times.

We end this cybersecurity news bulletin by wishing all readers a happy and cyber-safe New Year 2025.

## Topics

cyber securityNewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 6m  Trust Wallet Hack, Browser Extension Espionage, Unleash Protocol Loss, Cybersecurity News \[December 29, 2025\]  Jan 5, 2026 ](/blog/announcements/cyber-security-news-update-week-1-of-2026/)[  News 7m  Bybit’s $1.5B Loss, FatalRAT Hits APAC, GitVenom Targets Wallets,, Cybersecurity News \[February 24, 2025\]  Mar 3, 2025 ](/blog/announcements/cyber-security-news-update-week-10-of-2025/)[  News 6m  LastPass Users Phished, Amazon Down US, UK Cybersecurity Boost, Cybersecurity News \[March 02, 2026\]  Mar 9, 2026 ](/blog/announcements/cyber-security-news-update-week-10-of-2026/)[  News 6m  Life Insurance Breach, Notorious Malware Identified, Fake Ransom Scam, Cybersecurity News \[March 03, 2025\]  Mar 10, 2025 ](/blog/announcements/cyber-security-news-update-week-11-of-2025/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News [December 23, 2024]","description":"Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News [December 23.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2025/","datePublished":"2025-01-02T18:02:47.000Z","dateModified":"2025-04-22T12:12:36.000Z","dateCreated":"2025-01-02T18:02:47.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2025/"},"articleSection":"announcements","keywords":"cyber security, News, Security, Updates","wordCount":1050,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/01/spf-permerror.jpg","caption":"cybersecurity news","width":900,"height":506},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News [December 23, 2024]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2025/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News [December 23, 2024]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2025/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News [December 23, 2024]","description":"Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News [December 23.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2025/","datePublished":"2025-01-02T18:02:47.000Z","dateModified":"2025-04-22T12:12:36.000Z","dateCreated":"2025-01-02T18:02:47.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-1-of-2025/"},"articleSection":"announcements","keywords":"cyber security, News, Security, Updates","wordCount":1050,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/01/spf-permerror.jpg","caption":"cybersecurity news","width":900,"height":506},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```