Monthly Archives: March 2025

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser...

26
Mar
New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for...

26
Mar
Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker

A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware...

25
Mar
Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years

A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who...

25
Mar
AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface

Organizations now use an average of 112 SaaS applications—a number that keeps growing. In a...

25
Mar
Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps

Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft’s .NET Multi-platform...

25
Mar
INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust

Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices...

25
Mar
macOS Security Compliance Project Developer Conference
March 25, 2025

The National Institute of Standards and Technology will host a developer conference on Tuesday, March...

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller...

24
Mar
Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks

Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge...

24
Mar
CyberFirst Girls Competition: a proud milestone and exciting future
March 24, 2025

The future of the CyberFirst Girls Competition and reflecting on brilliant progress....

VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics

A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on...

24
Mar
Privileged access workstations: introducing our new set of principles
March 24, 2025

Principles-based guidance for organisations setting up a PAW solution....

âš¡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

A quiet tweak in a popular open-source tool opened the door to a supply chain...

24
Mar
VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that...

24
Mar
How to Balance Password Security Against User Experience

If given the choice, most users are likely to favor a seamless experience over complex...

24
Mar
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

A critical security flaw has been disclosed in the Next.js React framework that could be...

24
Mar
GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets

The supply chain attack involving the GitHub Action “tj-actions/changed-files” started as a highly-targeted attack against...

23
Mar
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe

The U.S. Treasury Department has announced that it’s removing sanctions against Tornado Cash, a cryptocurrency...

22
Mar
UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools

Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical...

21
Mar
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious...

21
Mar
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families

The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to...

21
Mar
10 Critical Network Pentest Findings IT Teams Overlook

After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a...

21
Mar
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers

Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to...

21
Mar
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according...

21
Mar
CSF 2.0 Webinar Series: Implementing CSF 2.0—The Why, What, and How
March 20, 2025

To address the ever-evolving cybersecurity landscape and equip organizations with information and resources to more...

YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users

YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware...

20
Mar
Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems

Veeam has released security updates to address a critical security flaw impacting its Backup &...

20
Mar
How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model

Cybersecurity isn’t just another checkbox on your business agenda. It’s a fundamental pillar of survival....

20
Mar
Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data

The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware...

20
Mar