🛑 Over one million devices were affected by a massive malvertising campaign that stole sensitive data through illegal streaming sites.

The attack employed multi-layered redirection to platforms such as GitHub, Discord, and Dropbox. Both consumers and enterprises are vulnerable.

Read the full analysis here: https://thehackernews.com/2025/03/microsoft-warns-of-malvertising.html

⚠️ The clock is ticking—March 31, 2025, is the PCI DSS v4 compliance deadline. Could an overlooked script cost you $100K/month?

Non-compliance risks web skimming and third-party attacks. For online merchants, securing payment page scripts and continuous monitoring are vital to prevent costly breaches.

Read more: https://thehackernews.com/2025/03/what-pci-dss-v4-really-means-lessons.html

🚨 New research reveals Ragnar Loader, a powerful malware used by cybercrime groups like FIN7 and Ragnar Locker.

With advanced encryption, PowerShell payloads, and stealth injection, it hides deep within networks for long-term access.

Learn how it remains undetected: https://thehackernews.com/2025/03/fin7-fin8-and-others-use-ragnar-loader.html

🚨 Over 2,000 users have been hit by SilentCryptoMiner, disguised as a tool to bypass internet blocks.

Spread through YouTube and Telegram, cybercriminals are masking malware as helpful software, tricking users into downloading miners and other malicious tools.

Read the full analysis here: https://thehackernews.com/2025/03/silentcryptominer-infects-2000-russian.html

Join a half-day event at the House of Lords, London, where industry experts from Cloudflare, Proton, Gcore, and Red Button will discuss the latest DDoS attack trends and share practical strategies for enhancing DDoS protection.

👉Register here: https://thn.news/ddos-day-2025

A new cyber campaign in the Middle East and North Africa is using modified AsyncRAT malware to target over 900 victims, including in oil, IT, and agriculture.

The attack spreads through social media ads and file-sharing platforms.

Learn how to protect your systems: https://thehackernews.com/2025/03/desert-dexter-targets-900-victims-using.html

⚠️🚨 A new browser extension attack is mimicking legit add-ons to steal sensitive data.

By manipulating icons, popups, and disabling real extensions, attackers target all Chromium-based browsers, risking personal and financial info.

Get the full details here: https://thehackernews.com/2025/03/researchers-expose-new-polymorphic.html

🔴 Google Workspace is a top collaboration tool, but its security risks are rising. Cybercriminals are outpacing patchwork defenses, exploiting vulnerabilities.

To secure Google Workspace, businesses need a unified solution that simplifies security and closes critical gaps.

Learn more here: https://thehackernews.com/2025/03/why-modern-google-workspace-needs.html

CISA added 5 critical vulnerabilities to its Known Exploited list, affecting Advantive VeraCore and Ivanti Endpoint Manager.

These flaws are actively being exploited, putting your systems at risk of remote access and credential theft.

Get the full details here: https://thehackernews.com/2025/03/cisa-adds-five-actively-exploited.html

⚠️ A critical flaw (CVE-2024-12297) in Moxa PT switches could let attackers bypass authentication, with a CVSS score of 9.2/10.

This could lead to unauthorized access or service disruptions.

Protect your systems now: https://thehackernews.com/2025/03/moxa-issues-fix-for-critical.html

SideWinder APT is still targeting high-profile sectors like maritime, nuclear energy, and consulting.

Their main tactic: spear-phishing emails with malicious documents about critical infrastructures.

Get the full details here: https://thehackernews.com/2025/03/sidewinder-apt-targets-maritime-nuclear.html

Identity-based attacks are escalating, and traditional security isn’t sufficient.

Misconfigurations, excessive permissions, and stolen credentials in SaaS apps cause 61% of data breaches.

Learn to secure your SaaS environment here: https://thehackernews.com/expert-insights/2025/03/identity-attacksprevention-isnt-enough.html

⚠️ A new botnet, Ballista, is exploiting unpatched TP-Link Archer routers through the CVE-2023-1389 vulnerability.

This critical flaw allows attackers to execute remote code, triggering widespread malware infections. Thousands of devices, including those in healthcare and manufacturing, are at risk.

Read the full analysis here: https://thehackernews.com/2025/03/ballista-botnet-exploits-unpatched-tp.html

Cybercriminals are hiding malware in images, making it nearly invisible to security tools.

A harmless landscape photo 🖼️ could be carrying a payload that steals data or takes over your system. Traditional security tools miss this, leaving you exposed.

Learn how to protect your systems: https://thehackernews.com/2025/03/steganography-explained-how-xworm-hides.html

🚨 Apple just patched a zero-day under active attack!

CVE-2025-24201 lets hackers escape the WebKit sandbox—Apple calls the exploit “extremely sophisticated.”

Targeted? Unknown
Duration? Unknown

But if you use an iPhone, Mac, or Vision Pro—update NOW.

📲 Details: https://thehackernews.com/2025/03/apple-releases-patch-for-webkit-zero.html

⚡ Proactive security > Reactive fixes.

ASPM's "shift-left" approach empowers teams to prevent vulnerabilities BEFORE they spread. Don't miss out on how this could save you time and money.

🚀 Learn more in this expert webinar — https://thehacker.news/aspm-future-appsec

🚨 6,000+ fake Play Store pages exposed!

PlayPraetor Trojan malware is tricking users into downloading apps that steal banking info, intercept 2FA, and spy on you. CTM360 uncovered this global scam, where cybercriminals use realistic fake pages to hijack devices and steal data.

Protect yourself:
✅ Download from trusted stores only
✅ Check reviews & permissions
✅ Use mobile security tools

🔗 Full report: https://thehackernews.com/expert-insights/2025/03/ctm360-uncovers-large-scale-fake-play.html

🚨 UPDATE: Microsoft has uncovered major upgrades in the latest XCSSET variant:

⚠️ New persistence method – Uses dockutil to swap in a fake Launchpad app, ensuring the malware runs every time you open it.
⚠️ Stronger obfuscation – Harder to detect, harder to analyze.
⚠️ Still spreading via Xcode projects – Developers, your builds could be compromised.

This marks the first major XCSSET update since 2022—and it's more deceptive than ever. Inspect Xcode projects carefully.

🔗 More details: https://thehackernews.com/2025/02/microsoft-uncovers-new-xcsset-macos.html

🔥 Microsoft warns: 6 zero-days under active attack!

This month’s Patch Tuesday fixes 57 security flaws, including 6 exploited zero-days that attackers are already using for privilege escalation, data theft, and remote code execution.

🔹 Key threats:
CVE-2025-24985 & CVE-2025-24993 – File system flaws allowing remote code execution
CVE-2025-24983 – A Win32k zero-day used in the wild with PipeMagic malware
CVE-2025-26633 – Security bypass flaw in Microsoft Management Console

CISA has mandated patches by April 1. Don’t wait—secure your systems now!

🔗 Full patch details: https://thehackernews.com/2025/03/urgent-microsoft-patches-57-security.html

Do you know how secure your software supply chain really is?

According to ActiveState's 2025 State of Vulnerability Management and Remediation Report, DevSecOps pros signaled a 54% YoY increase in high-risk vulnerabilities—download the FREE report to learn how to stay ahead of the curve.

https://thn.news/vulnerability-report-2025

🚨 Massive SSRF Attack Surge Detected 👀

GreyNoise warns of a coordinated wave of SSRF exploits hitting at least 400 IPs—targeting U.S., Germany, Singapore, Israel, and more.

🔴 Exploiting multiple CVEs at once, including:
• CVE-2020-7796 (Zimbra, CVSS 9.8)
• CVE-2021-22175 (GitLab, CVSS 9.8)
• CVE-2023-5830 (ColumbiaSoft, CVSS 9.8)

🚀 Automated? Pre-compromise recon? Either way—patch now, restrict outbound traffic, and monitor logs.

Details: https://thehackernews.com/2025/03/over-400-ips-exploiting-multiple-ssrf.html