Cyberattacks are getting smarter—are you?

Threat-Led Vulnerability Management (TLVM) helps you focus on the vulnerabilities most likely to be exploited, making your defenses stronger and your resources smarter.

Discover how to optimize your strategy: https://thehackernews.com/expert-insights/2025/03/why-now-is-time-to-adopt-threat-led.html

⚠️ ALERT: VMware ESXi, Workstation, and Fusion products have critical vulnerabilities that are being actively exploited.

These flaws could allow remote code execution and information disclosure.

Learn more about the vulnerabilities and fixes here: https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html

Credential stuffing is getting harder to stop, but attackers are evolving. Stolen credentials, often just $10, drive 80% of web app attacks, and the threat is growing.

With billions of compromised credentials out there, attacks can spread quickly and widely.

Learn more about this shift in attack strategies: https://thehackernews.com/2025/03/how-new-ai-agents-will-transform.html

Black Basta and CACTUS ransomware groups now share the same BackConnect module, signaling a shift in attack methods.

The overlap in tactics means cybersecurity professionals must watch for threats across multiple ransomware families.

Read here: https://thehackernews.com/2025/03/researchers-link-cactus-ransomware.html

Researchers have found a malicious campaign targeting Go developers with fake libraries.

At least 7 typosquatted packages impersonate popular Go modules to deploy loader malware. These can execute remote code, stealing data or credentials on Linux and macOS systems.

Read the full analysis here: https://thehackernews.com/2025/03/seven-malicious-go-packages-found.html

Lotus Panda is back, using new Sagerunex variants to target key sectors in Asia.

Now, they're hiding in plain sight, using Dropbox and Zimbra for command-and-control—making detection tougher than ever.

Get the full analysis here: https://thehackernews.com/2025/03/chinese-apt-lotus-panda-targets.html

Identity is the top target for cybercriminals—80% of breaches are due to compromised credentials.

With cloud services and fragmented tech stacks, the risk is higher than ever. Securing Identity is crucial to protecting your enterprise.

Learn more about strengthening your security strategy: https://thehackernews.com/2025/03/identity-new-cybersecurity-battleground.html

Google launches AI-powered scam detection for Android, warning users during conversations—without compromising privacy.

Read more: https://thehackernews.com/2025/03/google-rolls-out-ai-scam-detection-for.html

Dark Caracal is targeting Latin American businesses with the Poco RAT trojan. It can upload files, capture screenshots, and run commands.

Discover more about this sophisticated attack: https://thehackernews.com/2025/03/dark-caracal-uses-poco-rat-to-target.html

Silk Typhoon has shifted from exploiting Microsoft Exchange flaws to targeting IT supply chains.

By compromising remote management tools and cloud apps, they gain access to networks, paving the way for large-scale espionage.

Read the full analysis here: https://thehackernews.com/2025/03/china-linked-silk-typhoon-expands-cyber.html

Many organizations rely on 10+ security tools, but they often don’t integrate.

This creates hidden gaps—misconfigurations and untracked devices. Cybersecurity teams need a unified view to spot these risks and close vulnerabilities before attackers do.

Learn more about strengthening your security: https://thehackernews.com/expert-insights/2025/03/why-aggregating-your-asset-inventory.html

USB drive attacks are a serious cybersecurity threat, using everyday devices to bypass network defenses.

Malware spreads through public drop-offs, mailed USBs, and social engineering, putting organizations at risk of data breaches, financial loss, and downtime.

Read the full analysis here: https://thehackernews.com/2025/03/defending-against-usb-drive-attacks.html

The U.S. DOJ has charged 12 Chinese nationals in a major cyber espionage scheme targeting PRC critics worldwide.

They hacked email accounts, servers, and phones, creating years of disruption.

Get the full details here: https://thehackernews.com/2025/03/us-charges-12-chinese-nationals-in.html

🔴 Over 1,000 WordPress sites hit with malicious JavaScript that deploys 4 backdoors for persistent access. Even if one is detected, attackers can still control the site.

Learn how this attack works and how to protect your website: https://thehackernews.com/2025/03/over-1000-wordpress-sites-infected-with.html

Traditional assessments are outdated. Attack graphs map how vulnerabilities combine to target critical assets.

Prioritize real threats based on exploitability and business impact, not just severity.

Find out which attack graph suits your security strategy: https://thehackernews.com/2025/03/outsmarting-cyber-threats-with-attack.html

Elastic has rolled out critical updates to fix a major flaw in Kibana (CVE-2025-25012), a prototype pollution vulnerability with a CVSS score of 9.9.

This issue affects Kibana versions 8.15.0 to 8.17.3, risking remote code execution.

Get details here: https://thehackernews.com/2025/03/elastic-releases-urgent-fix-for.html

Medusa ransomware has targeted over 400 victims since January 2023, with a 42% rise in attacks from 2023 to 2024. In early 2025, more than 40 attacks were reported.

Microsoft Exchange flaws are a common entry point. Cybersecurity professionals must stay alert as this threat grows.

Read the full analysis here: https://thehackernews.com/2025/03/medusa-ransomware-hits-40-victims-in.html

EncryptHub, a financially driven threat actor, is using phishing, trojanized apps, and third-party services to deploy ransomware and info stealers.

As tactics evolve and new tools like EncryptRAT emerge, the threat to organizations grows.

Get details here: https://thehackernews.com/2025/03/encrypthub-deploys-ransomware-and.html

🚨 Cybercriminals are exploiting CVE-2024-4577, a critical PHP flaw, to gain remote access to systems in Japan.

After entry, they use tools like JuicyPotato to escalate privileges and move laterally.

This multi-step attack leads to full system control, disrupting key business operations.

Learn more: https://thehackernews.com/2025/03/php-cgi-rce-flaw-exploited-in-attacks.html

🐱‍💻 North Korean hackers, TraderTraitor, pulled off a $1.5 billion 💰 crypto heist targeting Safe{Wallet} and Bybit.

They bypassed MFA, hijacked AWS tokens, and used tools like Kali Linux for stealth access.

Social engineering also tricked developers into running a malicious Docker project to fuel the breach.

Learn more: https://thehackernews.com/2025/03/safewallet-confirms-north-korean.html

The U.S. Secret Service has seized Garantex’s domain, a major blow to illicit crypto exchanges.

Sanctioned for aiding darknet transactions and laundering ransomware funds, Garantex is now at the center of a global crackdown on crypto crime.

Explore the details: https://thehackernews.com/2025/03/us-secret-service-seizes-russian.html