SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates;

Log4J Scans for VMWare Hyhbrid Cloud Extensions
An attacker is scanning various login pages, including the authentication feature in the VMWare HCX REST API for Log4j vulnerabilities. The attack submits the exploit string as username, hoping to trigger the vulnerability as Log4j logs the username
https://isc.sans.edu/diary/Scans%20for%20VMWare%20Hybrid%20Cloud%20Extension%20%28HCX%29%20API%20(Log4j%20-%20not%20brute%20forcing)/31762
Patch Tuesday Fallout
Yesterday's Apple patch may re-activate Apple Intelligence for users who earlier disabled it. Microsoft is offering support for users whos USB printers started printing giberish after a January patch was applies.
https://www.macrumors.com/2025/03/11/ios-18-3-2-apple-intelligence-auto-on/
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22h2#usb-printers-might-print-random-text-with-the-january-2025-preview-update
Adobe Updates
Adobe updated seven different products, including Adobe Acrobat. The Acrobat vulnerability may lead to remote code execution and Adobe considers the vulnerablities critical.
https://helpx.adobe.com/security/security-bulletin.html
Medusa Ransomware
CISA and partner agencies released details about the Medusa Ransomware. The document includes many details useful to defenders.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a
Zoom Update
Zoom released a critical update fixing a number of remote code execution vulnerabilities.
https://www.zoom.com/en/trust/security-bulletin/
FreeType Library Vulnerability
https://www.facebook.com/security/advisories/cve-2025-27363