March, 2025
March 31, 2025 – Malware
Researchers Uncover the Shelby Malware Family Abusing GitHub for Command and Control Full Text
Abstract
Researchers found unused code and dynamic payload loading, hinting at the malware being under active development, indicating future updates may address any issues with contemporary versions.Elastic
March 31, 2025 – Malware
Python-based RAT Abuses Discord API to Execute Data Theft Attacks Full Text
Abstract
The Python-based Discord Remote Access Trojan (RAT) leverages Discord’s API as a C2 server to execute arbitrary system commands, steal sensitive information, capture screenshots, and manipulate both local machines and Discord servers.Cyfirma
March 31, 2025 – Attack
Russian Intelligence-backed Campaigns Impersonate the CIA to Target Ukraine Sympathizers, Russian Citizens, and Informants Full Text
Abstract
Silent Push Threat Analysts discovered a phishing campaign using website lures to gather information against Russian individuals sympathetic to defending Ukraine and willing to share sensitive information.Silent Push
March 31, 2025 – Malware
Python-based Triton RAT Found Targeting Roblox Credentials Full Text
Abstract
Cado Security Labs identified a Python Remote Access Tool (RAT) named Triton RAT. The open source RAT is available on GitHub and allows users to remotely access and control a system using Telegram.Cado Security
March 31, 2025 – Vulnerabilities
Canon Fixes Critical Printer Driver Flaw Full Text
Abstract
The vulnerability, identified as CVE-2025-1268, is described as an out-of-bounds vulnerability that “may prevent printing and/or potentially be able to execute arbitrary code when the print is processed by a malicious application“.Security Online
March 31, 2025 – Phishing
Lucid: The Rising Threat of Phishing-as-a-Service Full Text
Abstract
The end-to-end encryption in RCS and iMessage creates a blind spot, making network-level filtering ineffective. Threat actors also leverage visual trust indicators, such as blue bubbles in iMessage, to create a perception of legitimacy.Security Online
March 31, 2025 – Vulnerabilities
Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw Full Text
Abstract
Dell released an update for Unity OS version 5.4 and earlier, addressing a set of critical vulnerabilities that exposed the enterprise storage systems under Unity, UnityVSA, and Unity XT lines.Security Online
March 31, 2025 – Malware
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials Full Text
Abstract
As with other banking trojans of its kind, the malware is designed to facilitate device takeover (DTO) and ultimately conduct fraudulent transactions. An analysis of the source code and the debug messages revealed that the author is Turkish-speaking.The Hacker News
March 31, 2025 – Vulnerabilities
Mitel Addresses High Severity XSS Vulnerability in MiContact Center Business Full Text
Abstract
Mitel has issued a security advisory regarding a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-23092 (CVSS 7.1), in the Legacy Chat component of its MiContact Center Business software.Security Online
March 31, 2025 – Vulnerabilities
Critical Flaw Discovered in WordPress Plugin with 90,000+ Active Installs Full Text
Abstract
The vulnerability, tracked as CVE-2025-2294, is a Local File Inclusion (LFI) flaw present in the Kubio AI Page Builder plugin. This flaw affects all versions of the plugin up to and including 2.5.1.Security Online
March 29, 2025 – Government
CISA Warns of RESURGE Malware Exploiting Ivanti Vulnerability Full Text
Abstract
This new malware exhibits capabilities similar to the SPAWNCHIMERA variant, notably its ability to survive system reboots. However, RESURGE distinguishes itself through unique commands that enable it to alter its behavior.Security Online
March 29, 2025 – Vulnerabilities
New Ubuntu Linux Security Bypasses Require Manual Mitigations Full Text
Abstract
Three security bypasses have been discovered in Ubuntu Linux’s unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components.Bleeping Computer
March 29, 2025 – Malware
Stealthy Snake Keylogger Malware Targets Credentials in Sophisticated Attacks Full Text
Abstract
A new report from Seqrite Labs detailed a malicious campaign employing SnakeKeylogger, an info-stealing malware known for its advanced techniques and ability to evade detection.Security Online
March 29, 2025 – Government
CHOCO TEI WATCHER mini Devices Found Vulnerable to Critical Remote Exploits, CISA Warns Full Text
Abstract
The CISA has issued an advisory alerting organizations to multiple critical vulnerabilities affecting the CHOCO TEI WATCHER mini (IB-MCT001)—a device manufactured by Inaba Denki Sangyo Co., Ltd. for use in industrial and manufacturing environments.Security Online
March 28, 2025 – Phishing
Classiscam Scams Surge in Central Asia, Leveraging Telegram Bots Full Text
Abstract
These scams, which have evolved from simple fake ads to sophisticated operations using Telegram bots, are targeting online marketplaces and deceiving users into divulging their financial information.Security Online
March 28, 2025 – APT
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware Full Text
Abstract
A Pakistan-linked APT group has been found creating a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country.The Hacker News
March 28, 2025 – Malware
PJobRAT Makes a Comeback, Takes Another Crack at Chat Apps Full Text
Abstract
In the latest campaign, Sophos X-Ops researchers found PJobRAT samples disguising themselves as instant messaging apps. As per their telemetry, all the victims appeared to be based in Taiwan.Sophos
March 28, 2025 – Vulnerabilities
Critical Severity Vulnerabilities in Ghostscript Put Users at Risk Full Text
Abstract
A series of security vulnerabilities has been identified in Artifex Ghostscript, a widely used interpreter for PostScript and PDF files. These vulnerabilities could lead to buffer overflows and unauthorized file access.Security Online
March 28, 2025 – Criminals
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks Full Text
Abstract
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of EDRKillShifter to disable endpoint security software, according to ESET.The Hacker News
March 28, 2025 – Breach
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms Full Text
Abstract
The redirections have been found to occur via JavaScript hosted on five different domains (e.g., "zuizhongyj[.]com") that, in turn, serve the main payload responsible for performing the redirects.The Hacker News
March 27, 2025 – Vulnerabilities
Synology Mail Server Vulnerability Allows Remote Configuration Tampering Full Text
Abstract
“A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions,” according to Synology’s official advisory.Security Online
March 27, 2025 – Ransomware
RedCurl Threat Group Create QWCrypt Ransomware to Target Hyper-V Virtual Machines Full Text
Abstract
While most ransomware operations focus on VMware ESXi servers, RedCurl's new QWCrypt ransomware specifically targets virtual machines hosted on Hyper-V. Bitdefender observed attacks involving phishing emails with ".IMG" attachments disguised as CVs.Bleeping Computer
March 27, 2025 – Vulnerabilities
Millions of Web Applications at Risk Due to PoC Exploit Released for Vite Arbitrary File Read Flaw Full Text
Abstract
Vite, the frontend build tool that powers millions of modern web applications, has been found vulnerable to a file access control bypass flaw that could expose arbitrary file contents to the browser.Security Online
March 27, 2025 – Malware
Malware Found on npm Infecting Local Package With Reverse Shell Full Text
Abstract
In March, two harmful packages called ethers-provider2 and ethers-providerz were added to npm. They hid their malicious payload and modified the legitimate npm package ethers, which led to a reverse shell.Reversing Labs
March 27, 2025 – Vulnerabilities
RCE and Data Leak Vulnerabilities Patched in Splunk Enterprise and Splunk Cloud Platform Full Text
Abstract
CVE-2025-20229 allows low-privileged users to execute arbitrary code remotely by uploading malicious files. The second flaw, CVE-2025-20231, affects the Splunk Secure Gateway App and leads to the exposure of user session and authorization tokens.Security Online
March 27, 2025 – Criminals
BlackLock Ransomware Operation Disrupted by Cybersecurity Firm Full Text
Abstract
Resecurity discovered a local file inclusion flaw in the data leak site used by BlackLock Ransomware, allowing them to uncover clearnet IP addresses and other details about the cybercriminals' network, aiding in the investigation and disruption.Security Affairs
March 27, 2025 – Vulnerabilities
Synapse Servers at Risk Due to Zero-Day DoS Flaw Exploited in the Wild Full Text
Abstract
A critical zero-day vulnerability has been discovered in Synapse, an open-source Matrix homeserver implementation. This flaw is actively being exploited in the wild and can lead to a denial-of-service condition.Security Online
March 27, 2025 – Malware
MacOS Malware ReaderUpdate Adds New Variants Written in Crystal, Nim, Rust, and Go Full Text
Abstract
The ReaderUpdate malware, which previously went relatively unnoticed, now includes variants written in Crystal, Nim, Rust, and most recently, Go, in addition to the original compiled Python binary.Sentinel One
March 27, 2025 – Vulnerabilities
Use-After-Free Vulnerability in Exim Exposes Systems to Privilege Escalation Full Text
Abstract
The use-after-free vulnerability can be exploited to achieve privilege escalation. This could allow an attacker to gain unauthorized access to system resources and execute arbitrary commands with elevated privileges.Security Online
March 27, 2025 – Attack
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations Full Text
Abstract
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad.The Hacker News
March 26, 2025 – Vulnerabilities
New Windows Zero-Day Leaks NTLM Hashes, Gets Unofficial Patch Full Text
Abstract
Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows Explorer.Bleeping Computer
March 26, 2025 – Vulnerabilities
Apache VCL Hit by SQL Injection and XSS Vulnerabilities Full Text
Abstract
Recent advisories revealed two vulnerabilities (CVE-2024-53678 and CVE-2024-53679) in Apache VCL, a widely-used open-source cloud computing platform designed to deliver custom computing environments.Security Online
March 26, 2025 – Malware
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on Over 140 Platforms Full Text
Abstract
Atlantis AIO offers threat actors the ability to launch credential stuffing attacks at scale via pre-configured modules for targeting a range of platforms and cloud-based services, thereby facilitating fraud, data theft, and account takeovers.The Hacker News
March 26, 2025 – Criminals
Researchers Uncover Nearly 200 Unique C2 Domains Linked to Raspberry Robin Access Broker Full Text
Abstract
"Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report.The Hacker News
March 26, 2025 – Vulnerabilities
CrushFTP Warns Users to Patch Unauthenticated Access Flaw Immediately Full Text
Abstract
CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. The vulnerability is mitigated if the DMZ feature of CrushFTP is enabled.Bleeping Computer
March 26, 2025 – Vulnerabilities
NetApp SnapCenter Users at Risk Due to CVSS 9.9 Privilege Escalation Vulnerability Full Text
Abstract
A high-severity security vulnerability has been discovered in NetApp SnapCenter, posing a significant risk to systems utilizing this platform. NetApp has released a security advisory detailing the issue and urging users to take immediate action.Security Online
March 26, 2025 – Attack
Browser-in-the-Browser Attacks Target CS2 Players’ Steam Accounts Full Text
Abstract
This phishing technique creates fake browser windows within real browser windows (Browser in the Browser) to create login pages or other realistic forms to steal users' credentials or one-time MFA passcodes (OTP).Bleeping Computer
March 26, 2025 – Vulnerabilities
Critical Authentication Bypass Flaw Impacts VMware Tools for Windows Full Text
Abstract
The vulnerability is due to improper access control. Low-privileged local attackers can exploit this vulnerability in simple attacks without user interaction to escalate privileges on vulnerable VMs.Security Affairs
March 26, 2025 – Vulnerabilities
Critical RCE Flaw Found in MoxieManager Full Text
Abstract
Tiny Technologies recently issued a security advisory regarding a critical vulnerability discovered in MoxieManager, a file and media management solution popular for its integration into PHP and .NET environments.Security Online
March 26, 2025 – Vulnerabilities
EncryptHub Linked to MMC Zero-Day Attacks on Windows Systems Full Text
Abstract
Attackers can leverage the vulnerability to evade Windows file reputation protections and execute code because the user is not warned before loading unexpected MSC files on unpatched devices.Bleeping Computer
March 25, 2025 – Phishing
Phishing Emails Distribute GuLoader by Impersonating an International Shipping Company Full Text
Abstract
The emails demand users open attachments that combine VBScript with PowerShell scripts, downloading files from external sources like planachiever.au and tripplebanks.duckdns.org.AhnLab
March 25, 2025 – Malware
New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI Full Text
Abstract
The McAfee Mobile Research Team discovered malware campaigns abusing .NET MAUI, a cross-platform development framework, to evade detection. These threats disguise themselves as legitimate apps, targeting users to steal sensitive information.March 25, 2025 – Malware
Rilide Stealer Disguises as a Browser Extension to Steal Crypto Full Text
Abstract
Pulsedive Threat Research identified multiple delivery mechanisms used to distribute Rilide. Phishing websites are the most common method, but newer versions have been adapted to work with Chrome Extension Manifest V3.Security Online
March 25, 2025 – Vulnerabilities
Update: Public Exploit Released for Linux Kernel Privilege Escalation Bug Full Text
Abstract
The vulnerability, tracked as CVE-2025-0927, a heap overflow in the HFS+ file system implementation, could allow an attacker to escalate local privileges on affected systems.Security Online
March 25, 2025 – Attack
Cyberattack Hits Ukrainian State Railway, Disrupting Online Ticket Sales Full Text
Abstract
The attack disrupted online services, including the mobile app used for ticket purchases, but did not affect train schedules, Ukrzaliznytsia said. The railway operator is investigating the incident along with Ukraine’s security services.The Record
March 25, 2025 – APT
Chinese Weaver Ant Hackers Spied on Telco Network for Four Years Full Text
Abstract
A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers.Bleeping Computer
March 25, 2025 – Breach
Inside Hunters International Group: How a Retailer Became the Latest Ransomware Victim Full Text
Abstract
In February 2025, Hunters International exploited CVE-2024-55591 in FortiOS to breach a retailer. They used VPN access, deceptive accounts, Rclone, and WinSCP for data exfiltration before deploying Rust-based ransomware and disabling recovery.Security Online
March 25, 2025 – Criminals
Over 300 Arrested in International Crackdown on Cyber Scams Full Text
Abstract
Law enforcement agencies in seven African countries arrested over 300 suspected cybercriminals involved in mobile banking, investment and messaging app scams, according to a statement on Monday by Interpol.The Record
March 25, 2025 – Malware
AMOS Stealer Revamped to Serve as a Fully Undetected macOS Threat Full Text
Abstract
The malware is distributed via a DMG file named Installer_v2.7.8.dmg, leveraging a clever trick to bypass macOS Gatekeeper. Victims are instructed to right-click and select “Open,” sidestepping Apple’s verification mechanism.Security Online
March 25, 2025 – Vulnerabilities
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication Full Text
Abstract
After responsible disclosure, the vulnerabilities were fixed in Ingress NGINX Controller versions 1.12.1, 1.11.5, and 1.10.7. Users should update promptly and secure the admission webhook endpoint from external exposure.The Hacker News
March 24, 2025 – Vulnerabilities
Critical Flaw in kcp Lets Attackers Manipulate Any Workspace Full Text
Abstract
The vulnerability, tracked as CVE-2025-29922 with a CVSS score of 9.6, allows for unauthorized creation and deletion of objects in arbitrary workspaces through the APIExport Virtual Workspace.Security Online
March 24, 2025 – Phishing
Fake Chat Used in Meta Business Account Phishing Full Text
Abstract
This phishing email warns recipients that their ad accounts have violated EU GDPR or Meta’s ad policies. They are encouraged to click a “Check More Details” button, which leads to a fake Meta page with a support chatbot.Security Online
March 24, 2025 – Ransomware
Babuk2 Ransomware Attempts Extortion Based on False Claims Full Text
Abstract
Babuk2, aka Babuk-Bjorka, appears to be reusing data from earlier breaches to back up its extortion claims. Many of the victims listed in their announcements have already been targeted by other groups such as RansomHub, FunkSec, LockBit, and Babuk.Halcyon
March 24, 2025 – Vulnerabilities
Nuxt Users Warned of Cache Poisoning Attacks Due to High-Severity Flaw Full Text
Abstract
Tracked as CVE-2025-27415 and scored 7.5 on the CVSS scale, this vulnerability affects Nuxt versions 3.0.0 up to but not including 3.16.0. The issue lies in how Nuxt handles certain HTTP requests.Security Online
March 24, 2025 – Malware
Microsoft Trusted Signing service abused to code-sign malware Full Text
Abstract
Signed malware has the advantage of potentially bypassing security filters that would normally block unsigned executable files, or at least treat them with less suspicion.Bleeping Computer
March 24, 2025 – Attack
Cybercriminals Exploit Check Point Driver Flaws in Malicious Campaign Full Text
Abstract
A security researcher found that a component of Check Point’s ZoneAlarm antivirus software is being exploited by threat actors in malicious campaigns to bypass Windows security measures.Infosecurity Magazine
March 24, 2025 – Vulnerabilities
Next.js Patches a Critical Authorization Bypass Flaw Full Text
Abstract
By abusing the flaw, malicious actors could gain unauthorized access to protected resources and functionalities within applications relying on Next.js middleware for authentication and authorization.Security Online
March 24, 2025 – Ransomware
VanHelsing, new RaaS in Town - Check Point Research Full Text
Abstract
In recent weeks, a new and rapidly expanding ransomware-as-a-service (RaaS) program called VanHelsingRaaS has been making waves in the cybercrime world, having infected three victims within just two weeks of its introduction.CheckPoint
March 24, 2025 – General
Report: Rooted Devices 250 Times More Vulnerable to Compromise Full Text
Abstract
A new analysis of mobile security threats by Zimperium has revealed that rooted and jailbroken devices are 250 times more vulnerable to system compromise incidents than standard devices.Infosecurity Magazine
March 24, 2025 – Breach
Update: Coinbase was the Primary Target of Recent Github Actions Breaches Full Text
Abstract
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories.Bleeping Computer
March 22, 2025 – Ransomware
Albabat Ransomware Evolves to Target Linux and macOS Full Text
Abstract
Trend Micro researchers said the Albabat ransomware version 2.0 not only targets Microsoft Windows but also gathers system and hardware information on Linux and macOS systems.Infosecurity Magazine
March 22, 2025 – Vulnerabilities
Critical Security Flaw in ArcGIS Enterprise Exposes Admin Accounts to Remote Takeover Full Text
Abstract
The vulnerability, tracked as CVE-2025-2538, carries a CVSS score of 9.8, marking it as a critical severity issue. It specifically affects certain deployments of Portal for ArcGIS, a core component in the ArcGIS Enterprise ecosystem.Security Online
March 22, 2025 – APT
Chinese APT Aquatic Panda Conducted Global Espionage Campaign Affecting Seven Targets Using Five Malware Families Full Text
Abstract
The targeted entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States.The Hacker News
March 22, 2025 – Malware
Steam Pulls Game Demo Infecting Windows With Info-Stealing Malware Full Text
Abstract
Valve has removed from its Steam store the game title 'Sniper: Phantom's Resolution' following multiple users reporting that the demo installer infected their systems with information stealing malware.Bleeping Computer
March 22, 2025 – Ransomware
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates Full Text
Abstract
Researchers at Elastic Security Labs observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS) called HeartCrypt.The Hacker News
March 22, 2025 – Hacker
Dragon RaaS: Pro-Russian Hacktivist Group Walks the Razor’s Edge Between Cybercrime and Propaganda Full Text
Abstract
Known as Dragon RaaS, or simply Dragon Team, this emerging group blends political hacktivism with opportunistic cybercrime — all while operating under the shadowy umbrella of “The Five Families” cybercrime syndicate.Security Online
March 22, 2025 – Phishing
Fake Semrush Ads Used to Steal SEO Professionals’ Google Accounts Full Text
Abstract
In this latest case of "cascading fraud," the cybercriminals abuse the Semrush brand, a popular software-as-a-service (SaaS) platform used for SEO, online advertising, content marketing, and competitive research.Bleeping Computer
March 21, 2025 – Vulnerabilities
WordPress security plugin WP Ghost vulnerable to remote code execution bug Full Text
Abstract
The flaw, tracked as CVE-2025-26909, impacts all versions of WP Ghost up to 5.4.01 and stems from insufficient input validation in the 'showFile()' function. Exploitation could allow attackers to include arbitrary files via manipulated URL paths.Bleeping Computer
March 21, 2025 – Ransomware
VSCode Extensions Found Downloading Early-Stage Ransomware Full Text
Abstract
The two malicious extensions, named "ahban.shiba" and "ahban.cychelloworld," were downloaded seven and eight times, respectively, before they were eventually removed from the store.Bleeping Computer
March 21, 2025 – Hacker
Chinese Threat Actor UAT-5918 Targets Critical Infrastructure Entities in Taiwan Full Text
Abstract
Typical tooling used by UAT-5918 includes networking tools such as FRPC, FScan, In-Swor, Earthworm, and Neo-reGeorg. Credential harvesting is accomplished by dumping registry hives, NTDS, and using tools such as Mimikatz and browser data stealers.Talos
March 20, 2025 – Government
CISA Warns of Three Actively Exploited Security Vulnerabilities in IoT, Backup, and Enterprise Systems Full Text
Abstract
CISA reported three actively exploited vulnerabilities: a critical Edimax IP camera flaw (CVE-2025-1316) enabling botnet attacks, a NAKIVO backup issue (CVE-2024-48248) exposing data, and an SAP NetWeaver flaw (CVE-2017-12637) allowing file access.Security Online
March 20, 2025 – Malware
New Arcane Info-stealer Infects YouTube, Discord Users via Game Cheats Full Text
Abstract
The campaign distributing Arcane Stealer relies on YouTube videos promoting game cheats and cracks, tricking users into following a link to download a password-protected archive.Bleeping Computer
March 20, 2025 – Vulnerabilities
Multiple Vulnerabilities Patched in Dell SmartFabric OS10 Software Full Text
Abstract
The vulnerabilities, affecting version 10.5.6.x, could allow attackers to perform various malicious activities, including elevation of privileges, unauthorized access, code execution, and server-side request forgery.Security Online
March 20, 2025 – Phishing
Malware Campaign ‘DollyWay’ Targeted 20,000 WordPress Sites Full Text
Abstract
According to GoDaddy researcher Denis Sinegubko, DollyWay has been functioning as a large-scale scam redirection system in its latest version (v3). However, in the past, it has distributed more harmful payloads like ransomware and banking trojans.Bleeping Computer
March 20, 2025 – Vulnerabilities
Critical RCE Vulnerability Discovered in Veeam Backup & Replication Full Text
Abstract
While no public proof-of-concept (PoC) exploit has been released at the time of this publication, the large deployment footprint of Veeam Backup & Replication makes it an attractive target for attackers.Security Online
March 20, 2025 – Criminals
Leaked Black Basta Chats Suggest Russian Officials Aided Leader’s Escape from Armenia Full Text
Abstract
The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities.The Hacker News
March 20, 2025 – Vulnerabilities
PoC Exploit Released for Windows Explorer Vulnerability Exposing NTLM Hashes Full Text
Abstract
A proof-of-concept (PoC) for the CVE-2025-24071 vulnerability is available on GitHub, and a Metasploit module for this flaw is also available. The flaw was addressed in the Microsoft Patch Tuesday this month.Security Online
March 20, 2025 – Attack
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners Full Text
Abstract
Bitdefender reported that hackers are exploiting a severe PHP flaw, CVE-2024-4577, on Windows CGI systems, deploying Quasar RAT and XMRig miners, with significant attacks in Taiwan, Hong Kong, and Brazil since late 2024.The Hacker News
March 19, 2025 – Vulnerabilities
Critical Flaws Expose SICK DL100 Devices to Code Execution and Password Hacks Full Text
Abstract
SICK strongly recommends operating the affected systems within a secure infrastructure to minimize risk. The advisory provides workarounds for each CVE, emphasizing the importance of applying general security practices.Security Online
March 19, 2025 – Vulnerabilities
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems Full Text
Abstract
Organizations are recommended to apply the latest patches, enforce network segmentation by isolating SCADA systems from IT networks, enforce strong authentication, and monitor for suspicious activity.The Hacker News
March 19, 2025 – Government
CISA Warns of Critical Vulnerabilities in Sungrow iSolarCloud App and WiNet Firmware Full Text
Abstract
Sungrow has released updated firmware (WINET-SV200.001.00.P028 or higher) and advises all users to update the iSolarCloud Android App to the latest version immediately via their device’s app store.Security Online
March 19, 2025 – Malware
FIN7’s New Stealth Weapon, Anubis Backdoor, Emerges in the Wild Full Text
Abstract
The Anubis Backdoor is designed to provide attackers with full control over infected machines, employing evasion techniques to bypass traditional security measures. It allows attackers to execute remote shell commands and various system operations.Security Online
March 19, 2025 – Vulnerabilities
Stack Overflow Flaw Threatens Patient Data in PACS Servers, PoC Published Full Text
Abstract
Users of Sante PACS Server are strongly advised to upgrade to version 4.2.0 or later to patch these critical security flaws and protect their systems from potential attacks.Security Online
March 19, 2025 – Hacker
Indonesian Hacking Collective INDOHAXSEC Uncovered Full Text
Abstract
Throughout the last couple of months, the hacktivist group has conducted cyberattacks such as DDoS and has carried out ransomware attacks against numerous entities and governmental bodies in Southeast Asia.Artic Wolf
March 19, 2025 – Vulnerabilities
Node.js Library xml-crypto Hit by Critical Security Flaws Full Text
Abstract
Successful exploitation of these vulnerabilities can allow attackers to bypass authentication or authorization mechanisms in systems that use xml-crypto to verify signed XML documents.Security Online
March 19, 2025 – Attack
Update: GitHub Action Hack Likely Led to Another in Cascading Supply Chain Attack Full Text
Abstract
A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets.Bleeping Computer
March 19, 2025 – Vulnerabilities
Synology Patches Critical Code Execution Flaw in Multiple Products Full Text
Abstract
Synology updated its security advisories to disclose a critical security vulnerability affecting several products, including Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology Unified Controller (DSMUC).Security Online
March 19, 2025 – Malware
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors Full Text
Abstract
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects AI-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code.The Hacker News
March 18, 2025 – Vulnerabilities
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 Full Text
Abstract
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.The Hacker News
March 18, 2025 – Vulnerabilities
Multiple Security Vulnerabilities Plague PHP, Exposing Applications to Risk Full Text
Abstract
Researchers reported multiple security flaws in PHP’s HTTP stream wrapper, exposing web applications to risks like information leaks, denial of service, and request smuggling.Security Online
March 18, 2025 – Attack
Attackers Exploit OpenAI ChatGPT Vulnerability in the Wild Full Text
Abstract
A server-side request forgery (SSRF) vulnerability in ChatGPT, tracked as CVE-2024-27564, has become a significant target for cybercriminals, with over 10,479 attack attempts recorded from a single malicious IP, according to Veriti’s latest research.Security Online
March 18, 2025 – Phishing
Large-Scale Malicious App Campaign Bypasses Android Security to Conduct Ad Fraud Full Text
Abstract
A large-scale ad fraud campaign has resulted in more than 60 million downloads of malicious Android apps from the Google Play Store, according to a new analysis by Bitdefender.Infosecurity Magazine
March 18, 2025 – Phishing
New Steganographic Campaign Found Distributing Multiple Malware Variants Full Text
Abstract
The campaign was found distributing Remcos and AsyncRAT via phishing emails with malicious Excel files. These exploit vulnerabilities, download disguised JPGs with encoded payloads, and use process hollowing to steal data and maintain control.Seqrite
March 18, 2025 – Phishing
Sophisticated Phishing Campaign Exploiting Microsoft 365 Infrastructure Full Text
Abstract
By leveraging legitimate Microsoft domains and tenant misconfigurations, attackers conduct Business Email Compromise (BEC) operations, tricking users to provide information while maintaining a high degree of legitimacy.Quardz
March 18, 2025 – Phishing
OctoV2 Android Banking Trojan Masquerades as Deepseek AI in Phishing Attack Full Text
Abstract
A new report from K7 Labs uncovered a sophisticated Android banking trojan campaign that is disguised as a popular AI chatbot to deceive users. The OctoV2 malware is being spread through deceptive websites that mimic Deepseek AI.Security Online
March 18, 2025 – Government
FBI Issues Warning Over Free Online File Converters That Actually Install Malware Full Text
Abstract
Instead of converting files, the tools actually load malware onto victims’ computers. The FBI warned specifically that the malware infection can also lead to ransomware attacks.Malware Bytes
March 18, 2025 – Malware
Microsoft Warns of New StilachiRAT Malware Used for Crypto Theft, Reconnaissance Full Text
Abstract
While the malware (dubbed StilachiRAT) hasn't yet reached widespread distribution, Microsoft says it decided to publicly share indicators of compromise and mitigation guidance to help network defenders detect this threat and reduce its impact.Bleeping Computer
March 18, 2025 – Business
Varonis Acquires Database Security Firm Cyral Full Text
Abstract
New York City-based Varonis said it has acquired Florida-headquartered Cyral, a next-generation database activity monitoring provider, to enhance its data security platform offerings.CRN
March 15, 2025 – Criminals
Crypto Traps, Fake Giveaways Trick Victims During Ramadan Full Text
Abstract
Cybercriminals use deceptive tactics to target individuals and organizations during Ramadan, employing fraudulent donation requests, fake giveaways, and cryptocurrency schemes.Security Online
March 15, 2025 – Malware
Fake CAPTCHA Malware Exploits Windows Users to Run PowerShell Commands Full Text
Abstract
The attack chain comprises several stages in which attackers use a deceptive fake CAPTCHA prompt to trick users into executing a malicious PowerShell command, making it appear as a legitimate part of the verification process.GBHackers
March 15, 2025 – Cryptocurrency
Mass-Scale Crypto Scam Exploits Fake Investments and Pyramid Schemes Full Text
Abstract
A large-scale crypto investment scam targeted victims via fraudulent websites and mobile apps, impersonating trusted brands and promising unrealistic returns. The scheme operates like a pyramid scam, primarily targeting users in East Africa and Asia.Palo Alto Networks
March 15, 2025 – Ransomware
Black Basta Ransomware Gang Creates Tool to Automate VPN Brute-Force Attacks Full Text
Abstract
The Black Basta ransomware operation created an automated brute-forcing framework dubbed 'BRUTED' to breach edge networking devices like firewalls and VPNs to gain network access and scale ransomware attacks on vulnerable internet-exposed endpoints.Bleeping Computer
March 15, 2025 – Breach
Lazarus Breaches IIS Servers With Web Shells and Evolving C2 Tactics Full Text
Abstract
The notorious North Korean threat actor Lazarus Group has been identified breaching Windows web servers to establish command-and-control (C2) infrastructure, leveraging compromised machines as proxy servers for further attacks.Security Online
March 15, 2025 – Phishing
Coinbase Phishing Email Tricks Users With Fake Wallet Migration Full Text
Abstract
A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers.Bleeping Computer
March 14, 2025 – Malware
JSPSpy Combined With Custom File Management Tool in Webshell Infrastructure Full Text
Abstract
Hunt researchers recently identified a cluster of JSPSpy web shell servers with an unexpected addition: Filebroser, a rebranded version of the open-source File Browser file management project.Hunt
March 14, 2025 – Malware
New Sobolan Malware Campaign Targets Jupyter Notebooks and Cloud-Native Environments Full Text
Abstract
The Sobolan malware campaign utilizes a multi-stage attack chain to infiltrate and compromise systems, deploying cryptominers and establishing persistent backdoors for long-term control.Security Online
March 14, 2025 – Criminals
Zservers: Bulletproof Hosting for Online Crime Full Text
Abstract
Zservers has operated in the open for more than a dozen years, facilitating connectivity for numerous ransomware affiliates and brands including LockBit, BianLian, Hunters International, and other fraudsters.Intel 471
March 14, 2025 – Vulnerabilities
Miniaudio and Adobe Acrobat Reader Vulnerabilities Discovered Full Text
Abstract
CVE-2024-41147 is an out-of-bounds write vulnerability in Miniaudio. CVE-2025-27163 and CVE-2025-27164 are out-of-bounds read vulnerabilities in the font functionality in Adobe Acrobat, which can lead to information disclosure.Talos
March 13, 2025 – APT
SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa Full Text
Abstract
The attacks, observed in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy infrastructure in South Asia and Africa.The Hacker News
March 13, 2025 – Vulnerabilities
Tenda AC7 Routers at Risk of Root Compromise, PoC Released Full Text
Abstract
The vulnerability is a stack-based buffer overflow within the formSetFirewallCfg function. A remote attacker can exploit this flaw by sending a specially crafted payload to the router’s web interface.Security Online
March 13, 2025 – Phishing
AI-Assisted Fake GitHub Repositories Fuel SmartLoader and Lumma Stealer Distribution Full Text
Abstract
Trend Research uncovered a campaign that uses fake GitHub repositories to distribute SmartLoader, which is then used to deliver Lumma Stealer and other malicious payloads.Trend Micro
March 13, 2025 – Vulnerabilities
Siemens Exposes 9.8-Rated Bootloader Flaw in SINAMICS S200 Devices Full Text
Abstract
The vulnerability has been assigned a CVSS v3.1 base score of 9.8. Siemens has not released a firmware update to address the vulnerability. Customers are urged to follow the recommendations in the security advisory to protect their devices.Security Online
March 13, 2025 – Ransomware
Elysium Ransomware: A New Variant of the Ghost Family Targeting Critical Infrastructure Full Text
Abstract
This group has been active since 2021, targeting organizations in critical infrastructure, healthcare, and government sectors. The attackers typically gain initial access by exploiting known vulnerabilities in outdated applications.Security Online
March 13, 2025 – Vulnerabilities
AMI Releases Updates to Address Vulnerabilities in SPx, AptioV and EDK2 Full Text
Abstract
AMI has released updates to address these vulnerabilities. The AptioV and EDK2 vulnerabilities are fixed in version BKC_5.38, while the SPx vulnerability is addressed in versions SPx_12.7+ and SPx_13.5.Security Online
March 13, 2025 – Malware
DCRat Malware Exploits YouTube to Hijack User Credentials Full Text
Abstract
Analysts have identified 34 different plugins associated with DCRat, enabling dangerous functionalities such as keystroke logging, webcam access, file theft, and password exfiltration.Cyber Press
March 13, 2025 – Vulnerabilities
Cisco Issues High-Severity Security Alert for IOS XR Software Full Text
Abstract
The vulnerability impacts Cisco IOS XR 64-bit Software across all device configurations. To determine if a specific Cisco software release is vulnerable, users are advised to consult the “Fixed Software” section of the advisory.Security Online
March 13, 2025 – General
Mozilla Warns Users to Update Firefox Before Certificate Expires Full Text
Abstract
Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates.Bleeping Computer
March 13, 2025 – Breach
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits Full Text
Abstract
The latest activity, spotted in mid-2024, involves the use of implants that are based on TinyShell, a C-based backdoor that has been put to use by various Chinese hacking groups like Liminal Panda and Velvet Ant in the past.The Hacker News
March 12, 2025 – Phishing
Microsoft Copilot Spoofing Emerges as a New Phishing Vector Full Text
Abstract
A new phishing campaign exploited Microsoft Copilot's novelty by sending emails with spoofed invoices. These emails direct users to fake login pages that capture credentials, enhanced by Microsoft branding and a counterfeit MFA page.Cofense
March 12, 2025 – Criminals
Researchers Investigate Potential Links Between Belsen and ZeroSevenGroup Full Text
Abstract
The Belsen Group surfaced in January 2025, leaking Fortinet data and selling network access, while ZeroSevenGroup had been active earlier, breaching companies and monetizing stolen data.Kela
March 12, 2025 – Vulnerabilities
Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches Full Text
Abstract
Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees.The Hacker News
March 12, 2025 – Malware
Fake Binance Wallet Email Promises TRUMP Coin, Installs Malware Full Text
Abstract
The phishing emails, sent under the name “Binance,” urge recipients to claim newly launched Trump-themed cryptocurrency. A link directs users to a counterfeit Binance website that mimics official branding.HackRead
March 12, 2025 – Malware
PlayPraetor Malware Targets Android Users via Fake Play Store Apps to Steal Passwords Full Text
Abstract
The primary motive behind these attacks is financial gain. Threat actors exploit stolen data by draining funds from compromised accounts, making unauthorized transactions, or selling the accounts on dark web marketplaces.GBHackers
March 12, 2025 – Business
Forcepoint Acquires Getvisibility to Strengthen its AI-Driven Data Security Offerings Full Text
Abstract
Forcepoint is acquiring Cork-based Getvisibility in a deal that aims to enhance its risk mitigation and security management offerings while speeding up compliance for its enterprise and government clientele.Silicon Republic
March 12, 2025 – Vulnerabilities
Critical Flaw Found in Siemens SiPass Access Control Systems Full Text
Abstract
Siemens has issued a security advisory warning of multiple vulnerabilities in SiPass integrated access control systems. The vulnerabilities could allow attackers to execute commands on the devices with root privileges and access sensitive data.Security Online
March 12, 2025 – Attack
Update: Critical PHP RCE vulnerability Mass Exploited in New Attacks Full Text
Abstract
GreyNoise detected 1,089 unique IPs exploiting CVE-2024-4577 in January 2025, with attacks spreading beyond Japan to Singapore, Indonesia, the UK, Spain, and India. Over 43% of attacks originate from Germany and China.Bleeping Computer
March 12, 2025 – Government
Switzerland Mandates Cyber Reporting for Critical Infrastructure Full Text
Abstract
Switzerland’s NCSC will require critical infrastructure organizations to report cyberattacks within 24 hours. The new policy related to security breach notification is introduced as a response to the increasing number of cyber incidents.Infosecurity Magazine
March 12, 2025 – Vulnerabilities
Font Library FreeType Flaw Exploited in the Wild, Millions at Risk Full Text
Abstract
A critical vulnerability in the FreeType font rendering library has been revealed, potentially putting millions of devices at risk of RCE. The flaw, tracked as CVE-2025-27363 and having a CVSS score of 8.1, impacts FreeType versions 2.13.0 and below.Security Online
March 11, 2025 – APT
North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts Full Text
Abstract
North Korean state-sponsored hackers, known as APT37 or ScarCruft, have been employing sophisticated tactics to breach systems, leveraging malicious ZIP files containing LNK files to initiate attacks.GBHackers
March 11, 2025 – Malware
Fortinet Identifies Malicious Packages in the Wild: Insights and Trends from November 2024 Onward Full Text
Abstract
1,082 packages employed minimal code within a low file count, around 1,052 packages utilized suspicious installation scripts, 1,043 instances lacked repository URLs, and 974 packages contained suspicious URLs for C2 servers communication.Fortinet
March 11, 2025 – Attack
Blind Eagle: …And Justice for All - Check Point Research Full Text
Abstract
Check Point Research discovered a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. The campaigns are linked to Blind Eagle and deliver malicious .url files.CheckPoint
March 11, 2025 – Vulnerabilities
Multiple vulnerabilities found in ICONICS industrial SCADA software Full Text
Abstract
A popular set of SCADA software systems used in critical infrastructure around the world suffered from at least five known vulnerabilities that could have allowed for privilege escalation, DLL hijacking and the ability to modify critical files.CyberScoop
March 11, 2025 – Vulnerabilities
SAP Patches High-Severity XSS and Authorization Flaws in Latest Security Updates Full Text
Abstract
SAP has released its latest round of security updates, addressing 21 new vulnerabilities and providing 3 updates to previously released Security Notes. The updates include fixes for several high-severity vulnerabilities.Security Online
March 11, 2025 – Malware
Phantom Goblin Malware: Stealthy Attacks via VSCode Tunnels Full Text
Abstract
A new malware campaign, dubbed Phantom Goblin, has been uncovered. This attack uses social engineering tactics to trick victims into executing a malicious LNK file, initiating a multi-stage attack aimed at stealing browser credentials.Security Online
March 11, 2025 – General
US govt says Americans lost record $12.5 billion to fraud in 2024 Full Text
Abstract
Consumers reported that investment scams resulted in the highest losses, totaling around $5.7 billion with a median loss of over $9,000 and exceeding all other fraud categories.Bleeping Computer
March 11, 2025 – Malware
A Deep Dive into Strela Stealer and how it Targets European Countries Full Text
Abstract
The Strela Stealer is an infostealer that exfiltrates email log-in credentials and has been in the wild since late 2022. It is a precisely focused malware, targeting Mozilla Thunderbird and Microsoft Outlook on systems in chosen European countries.TrustWave
March 11, 2025 – Vulnerabilities
Chrome Update: 5 Security Fixes, High-Risk Flaws Addressed ASAP Full Text
Abstract
An important security update has been released for the Chrome Stable channel, addressing five vulnerabilities, including three high-severity flaws that could allow attackers to execute arbitrary code.Security Online
March 11, 2025 – Ransomware
EByte Ransomware: A New Go-Based Threat with Advanced Encryption Techniques Full Text
Abstract
CYFIRMA has identified a new ransomware variant, EByte Ransomware, written in Go and actively targeting Windows systems. This malware leverages advanced cryptographic methods, combining ChaCha20 for encryption and ECIES for secure key transmission.Security Online
March 10, 2025 – Vulnerabilities
PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors Full Text
Abstract
"The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researchers said.The Hacker News
March 10, 2025 – Phishing
Large-Scale Fraud Operation “PrintSteal” Generates Fake KYC Documents Through Spoofed Sites Full Text
Abstract
Operating under a network of impersonating websites, the scheme has exploited Common Service Centre (CSC) platforms to produce and distribute fake Aadhaar cards, birth certificates, PAN cards, and other identity documents.Security Online
March 10, 2025 – Criminals
Microsoft Warns of North Korean Hackers Joining Qilin Ransomware Gang Full Text
Abstract
"Moonstone Sleet has previously exclusively deployed their own custom ransomware in their attacks, and this represents the first instance they are deploying ransomware developed by a RaaS operator," Microsoft researchers said.Bleeping Computer
March 10, 2025 – Attack
Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags Full Text
Abstract
Most (87%) security professionals have reported that their organization has encountered an AI-driven cyber-attack in the last year, with the technology increasingly takes hold, according to a new report by SoSafe.Infosecurity Magazine
March 10, 2025 – Malware
FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations Full Text
Abstract
Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil).The Hacker News
March 10, 2025 – General
Ransomware Groups Favor Repeatable Access Over Mass Exploits Full Text
Abstract
Ransomware groups have shifted away from mass compromise events from vulnerability exploits towards “reliable and repeatable” methods to gain access to victim networks, according to Travelers’ latest Cyber Threat Report.Infosecurity Magazine
March 10, 2025 – Cryptocurrency
US seizes $23 million in crypto linked to LastPass breaches Full Text
Abstract
U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack.Bleeping Computer
March 10, 2025 – Vulnerabilities
New Chirp tool uses audio tones to transfer data between devices Full Text
Abstract
A new open-source tool named 'Chirp' transmits data between computers (and smartphones) through different audio tones. Other microphone-equipped computers running Chirp may capture the sound and translate the message back into text.Bleeping Computer
March 10, 2025 – Vulnerabilities
Undocumented commands found in Bluetooth chip used by a billion devices Full Text
Abstract
Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices.Bleeping Computer
March 10, 2025 – Phishing
US cities warn of wave of unpaid parking phishing texts Full Text
Abstract
US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day.Bleeping Computer
March 8, 2025 – Malware
Malicious Chrome Extensions Can Spoof Password Managers in New Attack Full Text
Abstract
A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information.Bleeping Computer
March 8, 2025 – Phishing
Microsoft Says Malvertising Campaign Impacted One Million PCs Full Text
Abstract
After analyzing the campaign, Microsoft discovered that the attackers injected ads into videos on illegal pirated streaming websites that redirect potential victims to malicious GitHub repositories under their control.Bleeping Computer
March 8, 2025 – Breach
Qilin Ransomware Gang Claims the Hack of the Ministry of Foreign Affairs of Ukraine Full Text
Abstract
The group stated that it stole sensitive data such as private correspondence, personal information, and official decrees. The ransomware group declared that they had already sold some of the alleged stolen information to third parties.Security Affairs
March 8, 2025 – Attack
Akira Ransomware Gang Encrypted Network From a Webcam to Bypass EDR Full Text
Abstract
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows.Bleeping Computer
March 8, 2025 – Breach
Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access Full Text
Abstract
The malicious JavaScript code has been found to be served via cdn.csyndication[.]com. As of writing, as many as 908 websites contain references to the domain in question.The Hacker News
March 8, 2025 – Vulnerabilities
Multiple Vulnerabilities Discovered in ICONICS Suite SCADA System Full Text
Abstract
Unit 42 assessed the ICONICS Suite SCADA system and identified five vulnerabilities in versions 10.97.2 and earlier for Windows. The ICONICS security team issued multiple patches in 2024 to resolve these issues.Palo Alto Networks
March 8, 2025 – Attack
Russia Claims Ukraine Hacked State Youth Organizations to Recruit Minors Full Text
Abstract
A Russian security agency has accused Ukraine of hacking two Kremlin-backed youth military-patriotic organizations to gather student data for potential recruitment in espionage or terrorist activities.The Record
March 8, 2025 – Malware
Cybercriminals Exploit YouTubers to Spread SilentCryptoMiner on Windows Systems Full Text
Abstract
SilentCryptoMiner, based on the open-source XMRig miner, is capable of mining multiple cryptocurrencies using various algorithms. It employs process hollowing techniques to inject miner code into system processes for stealth.GBHackers
March 8, 2025 – Ransomware
Medusa Ransomware Activity Continues to Increase Full Text
Abstract
Medusa ransomware attacks jumped by 42% between 2023 and 2024. This increase in activity continues to escalate, with almost twice as many Medusa attacks observed in January and February 2025 as in the first two months of 2024.Security
March 7, 2025 – Attack
New ‘Desert Dexter’ Campaign Hits Over 900 Victims in Middle East, North Africa, and Other Regions Full Text
Abstract
The threat actors behind Desert Dexter employ a multi-stage attack chain that leverages social media platforms, legitimate file-sharing services, and geopolitical lures to distribute a modified version of the AsyncRAT malware.GBHackers
March 6, 2025 – Botnet
BadBox Malware Disrupted on 500K Infected Android Devices Full Text
Abstract
The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices.Bleeping Computer
March 6, 2025 – Phishing
YouTube Warns of AI-Generated Video of its CEO Used in Phishing Attacks Full Text
Abstract
YouTube warned of an AI-generated video of the company's CEO used in phishing attacks to steal creators' credentials. The scammers share it as a private video with targeted users via emails claiming a change in YouTube's monetization policy.Bleeping Computer
March 6, 2025 – Policy and Law
U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations Full Text
Abstract
The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally.The Hacker News
March 6, 2025 – Vulnerabilities
Critical Code Execution Vulnerability Patched in Elastic Kibana Full Text
Abstract
Elastic has released a security update to address a critical vulnerability in Kibana. The vulnerability, tracked as CVE-2025-25012 and assigned a CVSS score of 9.9, could allow attackers to execute arbitrary code on vulnerable systems.Security Online
March 6, 2025 – Business
Cisco-backed Cybersecurity Startup SpecterOps Raises $75M In Series B Funding Full Text
Abstract
Cybersecurity startup SpecterOps on Wednesday revealed it has raised $75 million in a Series B financing round that will go towards scaling its flagship platform for detecting and removing identity-based attack paths.CRN
March 6, 2025 – Attack
China-Linked Silk Typhoon Expands Cyberattacks to IT Supply Chains for Initial Access Full Text
Abstract
The China-linked threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the IT supply chain as a means to obtain initial access to corporate networks.The Hacker News
March 6, 2025 – General
Report: Over Half of Organizations Report Serious OT Security Incidents Full Text
Abstract
A new report by the SANS Institute revealed that most organizations suffered an incident leading to data loss, unauthorized access, operational disruption, or other events. Just 43% indicated no such incident occurred over the past 12 months.Infosecurity Magazine
March 6, 2025 – Vulnerabilities
Critical Flaw in Chaty Pro Plugin Exposes Thousands of WordPress Sites to Takeover Full Text
Abstract
The vulnerability stems from a lack of proper authorization and security checks in the code responsible for handling user input. The developers of Chaty Pro have addressed CVE-2025-26776 in version 3.3.4.Security Online
March 6, 2025 – Attack
Sophisticated Business Email Compromise Attack Targets B2B Transactions Full Text
Abstract
The attack involved three business partners (Partner A, Partner B, and Partner C) exchanging invoices via email. The threat actor gained access to a third-party email server, giving them complete visibility into ongoing transactions.Trend Micro
March 6, 2025 – Solution
Open-Source Tool ‘Rayhunter’ Helps Users Detect Stingray Attacks Full Text
Abstract
The Electronic Frontier Foundation (EFF) has released a free, open-source tool named Rayhunter that is designed to detect cell-site simulators (CSS), also known as IMSI catchers or Stingrays.Bleeping Computer
March 5, 2025 – Malware
Lumma Stealer Expands Attack Surface with Fake Booking Sites and CAPTCHA Tricks Full Text
Abstract
The campaign’s infection chain was first detected in early 2025, targeting users booking trips to Palawan, Philippines. Within a week, the attack vector shifted to a hotel in Munich, Germany, indicating a broader global focus on travel-related sites.Security Online
March 5, 2025 – Vulnerabilities
Zoho Patches Account Takeover Vulnerability in ADSelfService Plus Full Text
Abstract
The vulnerability stems from improper session management, potentially exposing sensitive user information and enabling attackers to hijack accounts. Zoho has confirmed that the issue has been resolved in ADSelfService Plus version 6511.Security Online
March 5, 2025 – Criminals
Update: North Korean Hackers Finish Initial Laundering Stage After Stealing Over $1 Billion From Bybit Full Text
Abstract
Experts from multiple blockchain security companies said Monday that the hackers were able to move all of the stolen ETH coins to new addresses — the first step taken before the funds can be laundered further.The Record
March 5, 2025 – Vulnerabilities
NVIDIA Addresses High-Severity HGX Management Controller Vulnerability Full Text
Abstract
Nvidia has issued a security update addressing two vulnerabilities (CVE-2024-0114 and CVE-2024-0141) in its Hopper HGX 8-GPU HMC, including a high-severity flaw that could allow unauthorized code execution, privilege escalation, and data tampering.Security Online
March 5, 2025 – Phishing
Dark Caracal Threat Group Likely Refreshed its Malware Arsenal in Recent Campaign Full Text
Abstract
In the latest Poco RAT campaign, the hackers used phishing emails to impersonate financial institutions and business service providers. Victims received emails warning them of overdue invoices, with attachments disguised as official documents.The Record
March 5, 2025 – Vulnerabilities
PoC Exploit Published for Critical HPE Insight RS Flaw Posing RCE Risks Full Text
Abstract
The vulnerability stems from improper path validation in the processAtatchmentDataStream method. This flaw allows attackers to bypass directory restrictions and upload malicious files outside the intended directory.Security Online
March 5, 2025 – Attack
New Cyber-Espionage Campaign Targets UAE Aviation Sector and Transport Infrastructure Full Text
Abstract
The attack campaign, attributed by Proofpoint to a cluster known as UNK_CraftyCamel, employed a sophisticated infection chain to deploy a newly discovered backdoor named Sosano.Infosecurity Magazine
March 5, 2025 – Vulnerabilities
Vim Users Warned Code Execution Flaw That can be Trigged by Crafted TAR Files Full Text
Abstract
The Vim project has released patch v9.1.1164, which addresses CVE-2025-27423. Users are strongly advised to update their Vim installations to this version or later immediately.Security Online
March 5, 2025 – Criminals
North Korean Fake IT Workers Leverage GitHub to Build Personas Full Text
Abstract
Researchers tracked a global network of IT workers posing as Vietnamese, Japanese, and Singaporean nationals attempting to obtain employment in remote engineering and full-stack blockchain developer positions in Japan and the US.Infosecurity Magazine
March 5, 2025 – Vulnerabilities
Broadcom Fixes Three VMware Zero-Days Exploited in Attacks Full Text
Abstract
The three zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) impact VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform.Bleeping Computer
March 1, 2025 – Phishing
New PayPal Scam Tricks Users with Convincing Ads and Pages Full Text
Abstract
The scammers create ads that impersonate PayPal, often using hacked advertiser accounts. They exploit PayPal’s “no-code checkout” feature, designed for merchants to accept payments online or in person without needing a developer or coding knowledge.Security Online
March 1, 2025 – Malware
New Malware Campaign Uses Fake “Mods” and “Cracks” to Steal User Data Full Text
Abstract
A sophisticated malware campaign leveraging GitHub repositories disguised as game modifications and cracked software has been uncovered, exposing a dangerous convergence of social engineering tactics and automated credential harvesting.GBHackers
March 1, 2025 – Vulnerabilities
Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363) Full Text
Abstract
A high-severity vulnerability (CVE-2025-23363) in the Siemens Teamcenter product lifecycle management (PLM) software could allow an attacker to steal users’ valid session data and gain unauthorized access to the vulnerable application.Help Net Security
March 1, 2025 – Botnet
Vo1d malware botnet grows to 1.6 million Android TVs worldwide Full Text
Abstract
A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks.Bleeping Computer
March 1, 2025 – Vulnerabilities
Account Takeover Vulnerability Found in Better Auth Library Full Text
Abstract
A critical security vulnerability has been discovered in the Better Auth library, a popular TypeScript authentication framework. The vulnerability could allow attackers to bypass security measures and potentially take over user accounts.Security Online
March 1, 2025 – Hacker
Lotus Blossom Espionage Group Targets Multiple Industries With Different Versions of Sagerunex and Hacking Tools Full Text
Abstract
Cisco Talos uncovered two new variants of the Sagerunex backdoor, which were detected during attacks on telecommunications and media companies, as well as many Sagerunex variants persistent in the government and manufacturing industries.Talo Intelligence
March 1, 2025 – Vulnerabilities
LibreOffice Flaws Allow Attackers to Run Malicious Files on Windows Full Text
Abstract
The vulnerability, which impacts versions before 24.8.5, revolves around improper validation of non-file URLs interpreted as Windows file paths through the ShellExecute function.GBHackers
March 1, 2025 – Cryptocurrency
North Korea-Linked Threat Actor Uses RustDoor and Koi Stealer for macOS to Target the Cryptocurrency Sector Full Text
Abstract
In this campaign, Unit 42 researchers discovered a Rust-based macOS malware nicknamed RustDoor masquerading as a legitimate software update, as well as a previously undocumented macOS variant of a malware family known as Koi Stealer.Palo Alto Networks