Monthly Archives: March 2025

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows...

31
Mar
Cyber Security and Resilience Policy Statement to strengthen regulation of critical sectors
March 31, 2025

New proposals will combat the growing threat to UK critical national infrastructure (CNI)....

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

Threat actors are using the “mu-plugins” directory in WordPress sites to conceal malicious code with...

31
Mar
⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked...

31
Mar
5 Impactful AWS Vulnerabilities You’re Responsible For

If you’re using AWS, it’s easy to assume your cloud security is handled – but...

31
Mar
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine

Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute...

31
Mar
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware...

30
Mar
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that’s primarily designed to...

29
Mar
BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability

In what’s an instance of hacking the hackers, threat hunters have managed to infiltrate the...

29
Mar
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA

Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors,...

28
Mar
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection

Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that’s designed to...

28
Mar
Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity

Long gone are the days when a simple backup in a data center was enough...

28
Mar
PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps

An Android malware family previously observed targeting Indian military personnel has been linked to a...

28
Mar
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked...

28
Mar
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

Mozilla has released updates to address a critical security flaw impacting its Firefox browser for...

28
Mar
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records

Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain...

27
Mar
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like...

27
Mar
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware

An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the...

27
Mar
New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It

Whether it’s CRMs, project management tools, payment processors, or lead management tools – your workforce...

27
Mar
Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in...

27
Mar
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms

An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling...

27
Mar
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting...

27
Mar
NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems

A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could...

27
Mar
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations

The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting...

26
Mar
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as...

26
Mar
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment

The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the...

26
Mar
Malicious npm Package Modifies Local ‘ethers’ Library to Launch Reverse Shell Attacks

Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to...

26
Mar
Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience

“A boxer derives the greatest advantage from his sparring partner…” — Epictetus, 50–135 AD Hands...

26
Mar
How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More

When people think of cybersecurity threats, they often picture external hackers breaking into networks. However,...

26
Mar
Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms

Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing...

26
Mar