🔴 Over 1,000 WordPress sites hit with malicious JavaScript that deploys 4 backdoors for persistent access. Even if one is detected, attackers can still control the site.

Learn how this attack works and how to protect your website: https://thehackernews.com/2025/03/over-1000-wordpress-sites-infected-with.html

Traditional assessments are outdated. Attack graphs map how vulnerabilities combine to target critical assets.

Prioritize real threats based on exploitability and business impact, not just severity.

Find out which attack graph suits your security strategy: https://thehackernews.com/2025/03/outsmarting-cyber-threats-with-attack.html

Elastic has rolled out critical updates to fix a major flaw in Kibana (CVE-2025-25012), a prototype pollution vulnerability with a CVSS score of 9.9.

This issue affects Kibana versions 8.15.0 to 8.17.3, risking remote code execution.

Get details here: https://thehackernews.com/2025/03/elastic-releases-urgent-fix-for.html

Medusa ransomware has targeted over 400 victims since January 2023, with a 42% rise in attacks from 2023 to 2024. In early 2025, more than 40 attacks were reported.

Microsoft Exchange flaws are a common entry point. Cybersecurity professionals must stay alert as this threat grows.

Read the full analysis here: https://thehackernews.com/2025/03/medusa-ransomware-hits-40-victims-in.html

EncryptHub, a financially driven threat actor, is using phishing, trojanized apps, and third-party services to deploy ransomware and info stealers.

As tactics evolve and new tools like EncryptRAT emerge, the threat to organizations grows.

Get details here: https://thehackernews.com/2025/03/encrypthub-deploys-ransomware-and.html

🚨 Cybercriminals are exploiting CVE-2024-4577, a critical PHP flaw, to gain remote access to systems in Japan.

After entry, they use tools like JuicyPotato to escalate privileges and move laterally.

This multi-step attack leads to full system control, disrupting key business operations.

Learn more: https://thehackernews.com/2025/03/php-cgi-rce-flaw-exploited-in-attacks.html

🐱‍💻 North Korean hackers, TraderTraitor, pulled off a $1.5 billion 💰 crypto heist targeting Safe{Wallet} and Bybit.

They bypassed MFA, hijacked AWS tokens, and used tools like Kali Linux for stealth access.

Social engineering also tricked developers into running a malicious Docker project to fuel the breach.

Learn more: https://thehackernews.com/2025/03/safewallet-confirms-north-korean.html

The U.S. Secret Service has seized Garantex’s domain, a major blow to illicit crypto exchanges.

Sanctioned for aiding darknet transactions and laundering ransomware funds, Garantex is now at the center of a global crackdown on crypto crime.

Explore the details: https://thehackernews.com/2025/03/us-secret-service-seizes-russian.html

⚠️ The "set-utils" package on PyPI has been downloaded 1,077 times, stealing private keys and exposing Ethereum wallets.

Developers unknowingly installed it, putting their assets at risk.

Understand the full attack here: https://thehackernews.com/2025/03/this-malicious-pypi-package-stole.html

Cybercriminals aren’t just targeting systems—they’re exploiting people.

In 2024, a deepfake tricked an employee into losing $25M, all starting with a phishing email. Our psychological biases make us vulnerable, and hackers know it.

Understanding these weaknesses is key to protecting your company: https://thehackernews.com/expert-insights/2025/03/the-psychology-of-identity-security-why.html

Outdated security tools leaving your apps vulnerable? You’re not alone. Many organizations struggle with scattered data.

ASPM unifies code and runtime insights to prevent threats in real-time.

Join our exclusive webinar to see how ASPM can protect your apps: https://thehackernews.com/2025/03/webinar-learn-how-aspm-transforms.html

🛑 Over one million devices were affected by a massive malvertising campaign that stole sensitive data through illegal streaming sites.

The attack employed multi-layered redirection to platforms such as GitHub, Discord, and Dropbox. Both consumers and enterprises are vulnerable.

Read the full analysis here: https://thehackernews.com/2025/03/microsoft-warns-of-malvertising.html

⚠️ The clock is ticking—March 31, 2025, is the PCI DSS v4 compliance deadline. Could an overlooked script cost you $100K/month?

Non-compliance risks web skimming and third-party attacks. For online merchants, securing payment page scripts and continuous monitoring are vital to prevent costly breaches.

Read more: https://thehackernews.com/2025/03/what-pci-dss-v4-really-means-lessons.html

🚨 New research reveals Ragnar Loader, a powerful malware used by cybercrime groups like FIN7 and Ragnar Locker.

With advanced encryption, PowerShell payloads, and stealth injection, it hides deep within networks for long-term access.

Learn how it remains undetected: https://thehackernews.com/2025/03/fin7-fin8-and-others-use-ragnar-loader.html

🚨 Over 2,000 users have been hit by SilentCryptoMiner, disguised as a tool to bypass internet blocks.

Spread through YouTube and Telegram, cybercriminals are masking malware as helpful software, tricking users into downloading miners and other malicious tools.

Read the full analysis here: https://thehackernews.com/2025/03/silentcryptominer-infects-2000-russian.html

Join a half-day event at the House of Lords, London, where industry experts from Cloudflare, Proton, Gcore, and Red Button will discuss the latest DDoS attack trends and share practical strategies for enhancing DDoS protection.

👉Register here: https://thn.news/ddos-day-2025

A new cyber campaign in the Middle East and North Africa is using modified AsyncRAT malware to target over 900 victims, including in oil, IT, and agriculture.

The attack spreads through social media ads and file-sharing platforms.

Learn how to protect your systems: https://thehackernews.com/2025/03/desert-dexter-targets-900-victims-using.html

⚠️🚨 A new browser extension attack is mimicking legit add-ons to steal sensitive data.

By manipulating icons, popups, and disabling real extensions, attackers target all Chromium-based browsers, risking personal and financial info.

Get the full details here: https://thehackernews.com/2025/03/researchers-expose-new-polymorphic.html

🔴 Google Workspace is a top collaboration tool, but its security risks are rising. Cybercriminals are outpacing patchwork defenses, exploiting vulnerabilities.

To secure Google Workspace, businesses need a unified solution that simplifies security and closes critical gaps.

Learn more here: https://thehackernews.com/2025/03/why-modern-google-workspace-needs.html

CISA added 5 critical vulnerabilities to its Known Exploited list, affecting Advantive VeraCore and Ivanti Endpoint Manager.

These flaws are actively being exploited, putting your systems at risk of remote access and credential theft.

Get the full details here: https://thehackernews.com/2025/03/cisa-adds-five-actively-exploited.html

⚠️ A critical flaw (CVE-2024-12297) in Moxa PT switches could let attackers bypass authentication, with a CVSS score of 9.2/10.

This could lead to unauthorized access or service disruptions.

Protect your systems now: https://thehackernews.com/2025/03/moxa-issues-fix-for-critical.html