🚨 China-linked MirrorFace just carried out a stealthy attack on a European diplomatic group—using:

🔹 ANEL backdoor—revived after 6 years
🔹 AsyncRAT & HiddenFace malware
🔹 Stealthy access via VS Code Remote Tunnels

Learn more: https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html

What are the essential skills security analysts need to succeed?

IDC's latest survey of 900+ security leaders reveals the top five.

Uncover these and more findings in a live webinar with sponsors Tines and AWS.

Sign up to attend: https://thn.news/voice-of-security-2025-tw

🚨 331 Malicious Android Google Play Apps, 60 Million+ Downloads!

The Vapor scam used:
🔹 Full-screen ads—locking devices
🔹 Phishing attacks—stealing credentials & credit cards
🔹 Hidden icons & impersonation—evading detection
🔹 Versioning tricks—turning clean apps malicious later

⚠️ Check your phone NOW. Delete suspicious apps!

🔗 Full details — https://thehackernews.com/2025/03/new-ad-fraud-campaign-exploits-331-apps.html

🚨 Critical AMI BMC Vulnerability (CVE-2024-54085) – CVSS 10.0!

A severe authentication bypass flaw allows attackers to:

🔹 Remotely control servers & deploy malware
🔹 Tamper with firmware, brick motherboards & cause reboot loops
🔹 Potentially damage hardware

⚠️ Affected: HPE, ASUS, ASRockRack & more

🔗 Read more: https://thehackernews.com/2025/03/new-critical-ami-bmc-vulnerability.html

📢 Admins: Patch ASAP! Patches released (March 11, 2025), OEM updates required.

🚨 WARNING: Windows Zero-Day!

A still-unpatched flaw (ZDI-CAN-25373) in Windows has been actively exploited since 2017 by state-backed hackers from China, Russia, Iran & North Korea for cyber espionage & data theft.

🔹 1,000+ malicious .LNK files discovered
🔹 Targets: Governments, banks, telecoms, defense sectors

Learn more: https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html

Microsoft won’t release a patch, citing “low severity”

🔥 Breaking: Google is acquiring cloud security firm Wiz for $32 Billion—its largest deal in history.

💰 Largest acquisition in Google’s history
🛡️ Boosts AI-powered cloud security
🌍 Wiz remains independent, still working with AWS, Azure, Oracle

https://thehackernews.com/2025/03/google-acquires-wiz-for-32-billion-in.html

🚨 Android Threat Hunters, Your Job Just Got Easier!

ANY.RUN has just released a brand-new OS designed for real-time Android threat analysis inside a secure sandbox environment.

Now, businesses and security teams can:
✅ Detect Android threats faster
🔍 Investigate APK behavior in real time
⚡ Speed up incident response
💰 Reduce cybersecurity costs

Best part? It’s available for all plans—even FREE users!

👉 Try now: https://thn.news/malware-sandbox-android-tg

🚨 Is Your Okta Environment Secure? Even with best practices, misconfigurations and identity sprawl can leave your system exposed.

⚠️ Key risks:
➝ Inactive admin accounts & weak MFA
➝ Misconfigured security settings
➝ Forgotten API tokens granting access
➝ Lingering access for ex-employees

🔗 Learn how to protect your identity infrastructure: https://thehackernews.com/2025/03/how-to-improve-okta-security-in-four.html

🛑 New Rules File Backdoor attack lets hackers poison AI-powered tools like GitHub Copilot & Cursor, injecting hidden malicious code into projects.

🔹 Invisible backdoors via Unicode tricks
🔹 Supply chain risk—spreads across repos
🔹 No alerts—developers unknowingly ship compromised code

Review AI-generated code carefully—your “trusted assistant” might be compromised.

🔗 Learn more: https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html

🚨 GitHub Actions are under attack!

A supply chain attack hit tj-actions/changed-files, leaking AWS keys, GitHub PATs & more. CISA confirms active exploitation.

🔹 CVE-2025-30066 (CVSS 8.6)
🔹 Attack spread via another compromised Action
🔹 Sensitive secrets exposed via logs

Details: https://thehackernews.com/2025/03/cisa-warns-of-active-exploitation-in.html

⚠️ Rotate secrets, audit workflows, pin actions to commits—this won’t be the last attack.

🚨 Critical SCADA Flaws — Researchers uncovered 2 critical vulnerabilities (CVSS 9.3) in mySCADA myPRO, allowing attackers to execute system commands & hijack operations.

🔹 CVE-2025-20014 & CVE-2025-20061
🔹 Full Industrial Network Compromise Possible

Details here: https://thehackernews.com/2025/03/critical-myscada-mypro-flaws-could-let.html

🚨 ClearFake Malware Spreading Fast!

Hackers use fake reCAPTCHA & Cloudflare checks to deploy Lumma & Vidar Stealer malware.

🔹 9,300+ infected sites
🔹 200,000+ users exposed (July 2024)
🔹 Now using Binance Smart Chain for stealth

Learn more: https://thehackernews.com/2025/03/clearfake-infects-9300-sites-uses-fake.html

🛡 Top 7 AI Risk Mitigation Strategies

AI security secrets? Discover the 7 essential concepts, techniques, and mitigation strategies for securing your AI pipelines.

Learn more: https://thn.news/genai-security-cheat-sheet

⚠️ SaaS identity attacks are exploding!

Hackers are stealing credentials, hijacking logins, and abusing privileges—yet most security tools overlook SaaS identity threats.

🛡️ The Fix? Identity Threat Detection & Response (ITDR)

🔗 Secure SaaS now → https://thehackernews.com/2025/03/5-identity-threat-detection-response.html

🔥 Russia’s Role in Cybercrime Just Got Exposed!

200,000+ leaked messages expose direct ties between the ransomware gang & Russian officials.

🔹 AI-powered fraud & malware dev
🔹 Leader escaped via a "green corridor"

Read the full story 👇 https://thehackernews.com/2025/03/leaked-black-basta-chats-suggest.html

🚨 Severe PHP Flaw Under Attack.

Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers.

🔹 54% of attacks target Taiwan
🔹 5% deploy XMRig miner
🔹 PHP CGI mode at risk

Patch NOW before your servers become a battleground.

🔗 Learn more: https://thehackernews.com/2025/03/hackers-exploit-severe-php-flaw-to.html

🚨 Hackers are hijacking compromised Signal accounts to spread Dark Crystal RAT malware—targeting Ukraine’s military & defense industry.

🔹 Fake meeting minutes 📄
🔹 Hidden malware inside archives 🦠
🔹 Remote control & data theft

Read more: https://thehackernews.com/2025/03/cert-ua-warns-dark-crystal-rat-targets.html

💀 CISA just flagged this backup flaw as actively exploited!

CVE-2024-48248 | Unauthenticated file read in NAKIVO Backup & Replication exposes sensitive data & credentials.

🔹 Exploit already public
🔹 Update before it’s too late

Details: https://thehackernews.com/2025/03/cisa-adds-nakivo-vulnerability-to-kev.html

🚨 Spyware Alert!

Citizen Lab reports Australia, Canada, Denmark & more may be using Paragon's Graphite spyware—the same tool used to target journalists & activists via WhatsApp.

⚠️ 90+ journalists targeted
⚠️ iPhones & Androids hacked

🔗 Full story: https://thehackernews.com/2025/03/six-governments-likely-use-israeli.html

The hidden costs of an in-house SOC could surprise you.

A Security Operations Center (SOC) isn’t just salaries and tools—it’s ongoing costs, operational challenges, and talent shortages. Is building your own SOC really the best move?

Use this SOC Cost Calculator to compare in-house vs. Managed SOC expenses and see where you can optimize costs without sacrificing security.

Calculate your in-house vs managed SOC costs: https://thn.news/soc-cost-calculator-tg

Two major vendors just patched remote code execution flaws—update NOW before attackers exploit them.

🔴 Veeam Backup (CVE-2025-23120, 9.9/10)
➡️ Affects v12.3.0.310 & earlier
➡️ Allows RCE by authenticated users
➡️ Fixed in v12.3.1 (12.3.1.1139)

🔴 IBM AIX (CVE-2024-56346 & CVE-2024-56347, 10/10 & 9.6/10)
➡️ Affects AIX 7.2 & 7.3
➡️ Exploitable via NIM services

⚠️ No attacks seen yet, but don’t wait—patch immediately.

Full details: https://thehackernews.com/2025/03/veeam-and-ibm-release-patches-for-high.html