🚨 Last Week in Cybersecurity...

Routers hacked, malicious PyPI packages detected, new ransomware decryptors released, and major threats uncovered.

Read: https://thehackernews.com/2025/03/thn-weekly-recap-router-hacks-pypi.html

Stay informed—stay secure. #THNWeeklyRecap

🚨 Apache Tomcat Under Attack.

Hackers are actively exploiting CVE-2025-24813 just 30 hours after disclosure.

🔹 RCE & Info Disclosure Risk
🔹 No Authentication Needed
🔹 Attackers Upload & Execute Malicious Files

⚠️ Delaying could mean backdoors, config tampering & full compromise.

Read: https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html

Don’t wait—secure your systems NOW

💀 New Malware Alert — Microsoft warns of StilachiRAT, a stealthy remote access trojan that:

🔹 Steals browser passwords & clipboard data
🔹 Targets crypto wallets
🔹 Executes remote commands & monitors RDP sessions
🔹 Evades detection by clearing event logs

Read: https://thehackernews.com/2025/03/microsoft-warns-of-stilachirat-stealthy.html

🕵️‍♂️ No known actor yet, but it’s spreading. Protect your assets NOW.

⚠️ Your Device Might Be Part of the Largest CTV Botnet Ever!

Cybercriminals are exploiting cheap Android devices to build a massive botnet for:

🔹 Ad fraud & fake clicks
🔹 Residential proxy abuse
🔹 DDoS attacks & account takeovers
🔹 Hidden malware pre-installed in devices

Learn more: https://thehackernews.com/2025/03/badbox-20-botnet-infects-1-million.html

💀 1M+ devices infected worldwide, mostly in Brazil, US, & Mexico. Google removed 24 malicious apps, but the operation is still evolving.

🚨 China-linked MirrorFace just carried out a stealthy attack on a European diplomatic group—using:

🔹 ANEL backdoor—revived after 6 years
🔹 AsyncRAT & HiddenFace malware
🔹 Stealthy access via VS Code Remote Tunnels

Learn more: https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html

What are the essential skills security analysts need to succeed?

IDC's latest survey of 900+ security leaders reveals the top five.

Uncover these and more findings in a live webinar with sponsors Tines and AWS.

Sign up to attend: https://thn.news/voice-of-security-2025-tw

🚨 331 Malicious Android Google Play Apps, 60 Million+ Downloads!

The Vapor scam used:
🔹 Full-screen ads—locking devices
🔹 Phishing attacks—stealing credentials & credit cards
🔹 Hidden icons & impersonation—evading detection
🔹 Versioning tricks—turning clean apps malicious later

⚠️ Check your phone NOW. Delete suspicious apps!

🔗 Full details — https://thehackernews.com/2025/03/new-ad-fraud-campaign-exploits-331-apps.html

🚨 Critical AMI BMC Vulnerability (CVE-2024-54085) – CVSS 10.0!

A severe authentication bypass flaw allows attackers to:

🔹 Remotely control servers & deploy malware
🔹 Tamper with firmware, brick motherboards & cause reboot loops
🔹 Potentially damage hardware

⚠️ Affected: HPE, ASUS, ASRockRack & more

🔗 Read more: https://thehackernews.com/2025/03/new-critical-ami-bmc-vulnerability.html

📢 Admins: Patch ASAP! Patches released (March 11, 2025), OEM updates required.

🚨 WARNING: Windows Zero-Day!

A still-unpatched flaw (ZDI-CAN-25373) in Windows has been actively exploited since 2017 by state-backed hackers from China, Russia, Iran & North Korea for cyber espionage & data theft.

🔹 1,000+ malicious .LNK files discovered
🔹 Targets: Governments, banks, telecoms, defense sectors

Learn more: https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html

Microsoft won’t release a patch, citing “low severity”

🔥 Breaking: Google is acquiring cloud security firm Wiz for $32 Billion—its largest deal in history.

💰 Largest acquisition in Google’s history
🛡️ Boosts AI-powered cloud security
🌍 Wiz remains independent, still working with AWS, Azure, Oracle

https://thehackernews.com/2025/03/google-acquires-wiz-for-32-billion-in.html

🚨 Android Threat Hunters, Your Job Just Got Easier!

ANY.RUN has just released a brand-new OS designed for real-time Android threat analysis inside a secure sandbox environment.

Now, businesses and security teams can:
✅ Detect Android threats faster
🔍 Investigate APK behavior in real time
⚡ Speed up incident response
💰 Reduce cybersecurity costs

Best part? It’s available for all plans—even FREE users!

👉 Try now: https://thn.news/malware-sandbox-android-tg

🚨 Is Your Okta Environment Secure? Even with best practices, misconfigurations and identity sprawl can leave your system exposed.

⚠️ Key risks:
➝ Inactive admin accounts & weak MFA
➝ Misconfigured security settings
➝ Forgotten API tokens granting access
➝ Lingering access for ex-employees

🔗 Learn how to protect your identity infrastructure: https://thehackernews.com/2025/03/how-to-improve-okta-security-in-four.html

🛑 New Rules File Backdoor attack lets hackers poison AI-powered tools like GitHub Copilot & Cursor, injecting hidden malicious code into projects.

🔹 Invisible backdoors via Unicode tricks
🔹 Supply chain risk—spreads across repos
🔹 No alerts—developers unknowingly ship compromised code

Review AI-generated code carefully—your “trusted assistant” might be compromised.

🔗 Learn more: https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html

🚨 GitHub Actions are under attack!

A supply chain attack hit tj-actions/changed-files, leaking AWS keys, GitHub PATs & more. CISA confirms active exploitation.

🔹 CVE-2025-30066 (CVSS 8.6)
🔹 Attack spread via another compromised Action
🔹 Sensitive secrets exposed via logs

Details: https://thehackernews.com/2025/03/cisa-warns-of-active-exploitation-in.html

⚠️ Rotate secrets, audit workflows, pin actions to commits—this won’t be the last attack.

🚨 Critical SCADA Flaws — Researchers uncovered 2 critical vulnerabilities (CVSS 9.3) in mySCADA myPRO, allowing attackers to execute system commands & hijack operations.

🔹 CVE-2025-20014 & CVE-2025-20061
🔹 Full Industrial Network Compromise Possible

Details here: https://thehackernews.com/2025/03/critical-myscada-mypro-flaws-could-let.html

🚨 ClearFake Malware Spreading Fast!

Hackers use fake reCAPTCHA & Cloudflare checks to deploy Lumma & Vidar Stealer malware.

🔹 9,300+ infected sites
🔹 200,000+ users exposed (July 2024)
🔹 Now using Binance Smart Chain for stealth

Learn more: https://thehackernews.com/2025/03/clearfake-infects-9300-sites-uses-fake.html

🛡 Top 7 AI Risk Mitigation Strategies

AI security secrets? Discover the 7 essential concepts, techniques, and mitigation strategies for securing your AI pipelines.

Learn more: https://thn.news/genai-security-cheat-sheet

⚠️ SaaS identity attacks are exploding!

Hackers are stealing credentials, hijacking logins, and abusing privileges—yet most security tools overlook SaaS identity threats.

🛡️ The Fix? Identity Threat Detection & Response (ITDR)

🔗 Secure SaaS now → https://thehackernews.com/2025/03/5-identity-threat-detection-response.html

🔥 Russia’s Role in Cybercrime Just Got Exposed!

200,000+ leaked messages expose direct ties between the ransomware gang & Russian officials.

🔹 AI-powered fraud & malware dev
🔹 Leader escaped via a "green corridor"

Read the full story 👇 https://thehackernews.com/2025/03/leaked-black-basta-chats-suggest.html

🚨 Severe PHP Flaw Under Attack.

Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers.

🔹 54% of attacks target Taiwan
🔹 5% deploy XMRig miner
🔹 PHP CGI mode at risk

Patch NOW before your servers become a battleground.

🔗 Learn more: https://thehackernews.com/2025/03/hackers-exploit-severe-php-flaw-to.html

🚨 Hackers are hijacking compromised Signal accounts to spread Dark Crystal RAT malware—targeting Ukraine’s military & defense industry.

🔹 Fake meeting minutes 📄
🔹 Hidden malware inside archives 🦠
🔹 Remote control & data theft

Read more: https://thehackernews.com/2025/03/cert-ua-warns-dark-crystal-rat-targets.html