Paragon Partition Manager's BioNTdrv.sys driver has a critical vulnerability (CVE-2025-0289) exploited in ransomware attacks.

Attackers with local access can escalate privileges and run malicious code on Windows systems.

Read the full analysis here: https://thehackernews.com/2025/03/hackers-exploit-paragon-partition.html

Is the future of the SOC autonomous?

"Autonomous SOC" has become one of the biggest buzzwords in the post-GPT era. But how much of the hype is real?

In an on-demand webinar, Tines CEO Eoin Hinchy and guest speaker Allie Mellen, Principal Analyst at Forrester, take a deep into the practical applications of AI in security operations.

They explored:
🔸 How SOCs are evolving with AI and workflow orchestration
🔸 Practical applications of AI within the SOC
🔸 How teams can identify areas where AI-driven autonomy makes sense

Watch now: https://thn.news/future-soc-autonomous-fb

The U.K. ICO is investigating TikTok, Reddit, and Imgur for potential child data privacy violations.

The focus is on whether these platforms are using minors' personal data to target content.

Read the full story here: https://thehackernews.com/2025/03/uk-ico-investigates-tiktok-reddit-and.html

A new phishing campaign uses the ClickFix technique to launch a multi-stage attack via SharePoint.

It hides behind trusted services and uses the Havoc C2 framework to avoid detection.

Read the full analysis here: https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html

A threat group is exploiting AWS misconfigurations to send phishing emails.

TGR-UNK-0011 uses exposed AWS access keys to bypass email security, blending in with trusted communications.

Learn more about their tactics: https://thehackernews.com/2025/03/hackers-exploit-aws-misconfigurations.html

⚠️ Google’s March 2025 Android Security Bulletin warns of 44 vulnerabilities, including two actively exploited flaws: CVE-2024-43093 and CVE-2024-50302, with one tied to a zero-day attack on activists.

Get the full details: https://thehackernews.com/2025/03/googles-march-2025-android-security.html

The U.S. CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) list, affecting software from Cisco, Microsoft, and Progress WhatsUp Gold.

Learn how this impacts you and how to protect yourself: https://thehackernews.com/2025/03/cisco-hitachi-microsoft-and-progress.html

A mass exploitation campaign targets ISPs in China and the U.S. West Coast, affecting over 4,000 IPs with brute-force attacks and malware, including crypto miners and info stealers.

Cybercriminals bypass security and steal data using PowerShell and Telegram.

Read here: https://thehackernews.com/2025/03/over-4000-isp-networks-targeted-in.html

A new phishing campaign targets critical UAE sectors with a Go-based backdoor, Sosano. The attack uses a compromised Indian electronics company to deliver a targeted payload.

Learn more: https://thehackernews.com/2025/03/suspected-iranian-hackers-used.html

Cyberattacks are getting smarter—are you?

Threat-Led Vulnerability Management (TLVM) helps you focus on the vulnerabilities most likely to be exploited, making your defenses stronger and your resources smarter.

Discover how to optimize your strategy: https://thehackernews.com/expert-insights/2025/03/why-now-is-time-to-adopt-threat-led.html

⚠️ ALERT: VMware ESXi, Workstation, and Fusion products have critical vulnerabilities that are being actively exploited.

These flaws could allow remote code execution and information disclosure.

Learn more about the vulnerabilities and fixes here: https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html

Credential stuffing is getting harder to stop, but attackers are evolving. Stolen credentials, often just $10, drive 80% of web app attacks, and the threat is growing.

With billions of compromised credentials out there, attacks can spread quickly and widely.

Learn more about this shift in attack strategies: https://thehackernews.com/2025/03/how-new-ai-agents-will-transform.html

Black Basta and CACTUS ransomware groups now share the same BackConnect module, signaling a shift in attack methods.

The overlap in tactics means cybersecurity professionals must watch for threats across multiple ransomware families.

Read here: https://thehackernews.com/2025/03/researchers-link-cactus-ransomware.html

Researchers have found a malicious campaign targeting Go developers with fake libraries.

At least 7 typosquatted packages impersonate popular Go modules to deploy loader malware. These can execute remote code, stealing data or credentials on Linux and macOS systems.

Read the full analysis here: https://thehackernews.com/2025/03/seven-malicious-go-packages-found.html

Lotus Panda is back, using new Sagerunex variants to target key sectors in Asia.

Now, they're hiding in plain sight, using Dropbox and Zimbra for command-and-control—making detection tougher than ever.

Get the full analysis here: https://thehackernews.com/2025/03/chinese-apt-lotus-panda-targets.html

Identity is the top target for cybercriminals—80% of breaches are due to compromised credentials.

With cloud services and fragmented tech stacks, the risk is higher than ever. Securing Identity is crucial to protecting your enterprise.

Learn more about strengthening your security strategy: https://thehackernews.com/2025/03/identity-new-cybersecurity-battleground.html

Google launches AI-powered scam detection for Android, warning users during conversations—without compromising privacy.

Read more: https://thehackernews.com/2025/03/google-rolls-out-ai-scam-detection-for.html

Dark Caracal is targeting Latin American businesses with the Poco RAT trojan. It can upload files, capture screenshots, and run commands.

Discover more about this sophisticated attack: https://thehackernews.com/2025/03/dark-caracal-uses-poco-rat-to-target.html

Silk Typhoon has shifted from exploiting Microsoft Exchange flaws to targeting IT supply chains.

By compromising remote management tools and cloud apps, they gain access to networks, paving the way for large-scale espionage.

Read the full analysis here: https://thehackernews.com/2025/03/china-linked-silk-typhoon-expands-cyber.html

Many organizations rely on 10+ security tools, but they often don’t integrate.

This creates hidden gaps—misconfigurations and untracked devices. Cybersecurity teams need a unified view to spot these risks and close vulnerabilities before attackers do.

Learn more about strengthening your security: https://thehackernews.com/expert-insights/2025/03/why-aggregating-your-asset-inventory.html

USB drive attacks are a serious cybersecurity threat, using everyday devices to bypass network defenses.

Malware spreads through public drop-offs, mailed USBs, and social engineering, putting organizations at risk of data breaches, financial loss, and downtime.

Read the full analysis here: https://thehackernews.com/2025/03/defending-against-usb-drive-attacks.html