🚨 Two hacker groups just joined forces.

Head Mare & Twelve are now working together to hit Russian targets—using WinRAR & Exchange exploits, ransomware like LockBit, and stealthy backdoors.

👉 Full story: https://thehackernews.com/2025/03/kaspersky-links-head-mare-to-twelve.html

👀 While the world was distracted…

China’s Aquatic Panda ran a 10-month global spy op in 2022—hitting the U.S., France, Taiwan & more.

🕵️ Code-named Operation FishMedley
💻 Used malware like ShadowPad & SodaMaster
💣 Targets: Think tanks, NGOs, governments

See how it worked ⬇️ https://thehackernews.com/2025/03/china-linked-apt-aquatic-panda-10-month.html

78% of orgs are vulnerable to a 9.8 CVSS attack—not due to advanced hacks, but basic mDNS spoofing. 👀

Vonahi Security ran 10,000+ internal pentests in 2024. The top risks weren’t zero-days—they were simple, fixable flaws:

• 78% – mDNS spoofing
• 73% – NBNS spoofing
• 66% – LLMNR spoofing
• 50% – misconfigs
• 25% – outdated Windows
• 20% – weak passwords

Most orgs rely on firewalls & SIEMs—but skip real testing.

⚡ Automate it. Stay ahead. Attackers don’t wait. Your security testing shouldn’t either.

👉 Test your network: https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html

🔥 Ransomware just leveled up.

Medusa RaaS is now using a malicious driver—ABYSSWORKER—to kill EDR tools on sight. Signed with stolen Chinese certs, it poses as a legit CrowdStrike driver to slip past defenses.

🛠️ Includes codes to disable antivirus, kill processes, and reboot machines.

See the full breakdown → https://thehackernews.com/2025/03/medusa-ransomware-uses-malicious-driver.html

⚠️ The rise of "Vibe Coding" together with developers' inherent "automation bias" creates the perfect attack surface.


🛑 New Rules File Backdoor attack, discovered by Pillar Security, lets hackers poison AI-powered tools like GitHub Copilot & Cursor, injecting hidden malicious code into projects that appear legitimate to developers.

Learn more: https://thn.news/github-copilot-vulnerability

🚨 UAT-5918 has been quietly breaching Taiwan’s critical infrastructure since 2023—targeting IT, telecom, healthcare, and more.

Linked to China-based groups like Volt Typhoon, it uses open-source tools, web shells & reverse proxies to stay hidden for the long haul. 👀

Credential theft, deep persistence, manual exfiltration—this isn’t smash-and-grab. It’s slow burn espionage.

🔎 Full analysis | Don’t sleep on this: https://thehackernews.com/2025/03/uat-5918-targets-taiwans-critical.html

🔥 Major policy reversal -- US Treasury LIFTS sanctions on Tornado Cash!

After accusing it of laundering $7.6B for North Korea's Lazarus hacker Group, the Treasury now says it "overstepped its authority."

🤯 Rare twist: A court ruled smart contracts aren't "property," leaving OFAC powerless.

Alexey Pertsev, co-founder, jailed in Netherlands, while others face US charges.

See the full story now: https://thehackernews.com/2025/03/us-treasury-lifts-tornado-cash.html

🚨 Coinbase dodged a bullet—but 218 repos weren’t so lucky.

A GitHub supply chain attack hijacked tj-actions/changed-files, leaking secrets from 200+ projects.

🔍 CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6
🎯 Targets: DockerHub, npm, AWS creds
🕵️‍♂️ Tactics: Fork PRs, dangling commits, burner GitHub accounts

This isn’t just a glitch. It’s a playbook for future CI/CD attacks.

Why it matters now? Thousands still trust infected actions. The exploit may be gone—but the method isn’t.

🔗 Dig deeper before your next push: https://thehackernews.com/2025/03/github-supply-chain-breach-coinbase.html

⚠️ Critical Next.js security flaw—PATCH NOW!

A 9.1 CVSS bug (CVE-2025-29927) lets attackers bypass auth checks in middleware and access admin-only pages.

Exploit details are now public.

🛠️ Fixed in: v12.3.5, v13.5.9, v14.2.25, v15.2.3
🛡️ Can't patch? Block x-middleware-subrequest headers.
This is urgent. Middleware-based auth alone isn't safe.

👉 Read the full advisory: https://thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html

⚠️ Developers targeted where it hurts — their tools.

2 malicious VSCode extensions were caught deploying early-stage ransomware, demanding 1 ShibaCoin to decrypt files.

➡️ Names: ahban.shiba & ahban.cychelloworld
➡️ Encrypted a test folder on victims’ desktops
➡️ Demanded 1 ShibaCoin—no wallet address yet

Meanwhile, a fake Maven package is stealing OAuth credentials every 15th of the month—via typosquatting.

🔗 Your tools can betray you. Audit dependencies: https://thehackernews.com/2025/03/vscode-marketplace-removes-two.html

🚨 URGENT: New ransomware "VanHelsing" claims 3 victims in just 17 days since March 7th launch.

This RaaS operation charges newcomers $5K to join while letting experienced hackers in for free. Targets ALL major OS platforms with sophisticated "double extortion" tactics.

See the full story: https://thehackernews.com/2025/03/vanhelsing-raas-launch-3-victims-5k.html

🔥 “Security OR usability?” is the wrong question.

71% of professionals admit to risky password behavior—not because they don't care, but because friction drives shortcuts. 😬

The solution? Smarter design, not stricter rules.

| Reduce complexity
| Use passphrases
| Give real-time feedback

The right tools—like Specops Password Policy—boost both security and UX.

Stop choosing between safety and simplicity. Start balancing both → https://thehackernews.com/2025/03/how-to-balance-password-security.html

Stay informed with the latest in cybersecurity trends, vulnerabilities, and best practices.

🔐 Don't miss out on this week's critical updates on patching, threats, and system protection.

Read the full newsletter here: https://thehackernews.com/2025/03/thn-weekly-recap-github-supply-chain.html

🚨 Microsoft just launched built-in AI data leak protection.

Edge for Business now blocks sensitive info from being typed into ChatGPT, Gemini & more.

Also out:
✅ 11 new Security Copilot AI agents
✅ Stronger phishing defense in Teams

🔗 Details here: https://thehackernews.com/2025/03/microsoft-adds-inline-data-protection.html

🚨 WARNING: 43% of cloud setups at risk from new "IngressNightmare" flaws.

Unauth RCE in Ingress NGINX Controller for Kubernetes could let attackers take over entire clusters—no creds needed. Over 6,500 exposed.

🔥 CVSS 9.8 | 5 CVEs | 1 attack chain | Total cluster compromise.

Patch now → Versions 1.12.1, 1.11.5, 1.10.7 Disable admission controller if not needed Lock down external access to webhooks

This isn’t the NGINX Ingress Controller you think it is.

👉 Full details + fixes → https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html

🚨 306 arrests. 1,842 devices seized. 7 countries.

Operation Red Card (Nov 2024–Feb 2025) exposed scam networks targeting over 5,000 victims through fake investments, SMS phishing & hijacked banking apps.

👥 Nigeria: 130 arrested — 113 were foreign nationals
📲 South Africa: Over 1,000 SIMs seized
💰 Rwanda: $305K stolen via social engineering
💀 Some scammers were human trafficking victims forced into fraud

🔗 Learn more: https://thehackernews.com/2025/03/interpol-arrests-306-suspects-seizes.html

🚨 Malware Alert! Hackers are using Microsoft’s .NET MAUI to build fake banking & social apps targeting Indian and Chinese users.

🎯 Targets include banks, X (Twitter), and photo apps.
🧠 Malware hides in app buttons—stealing info when tapped.
⚠️ .NET MAUI was built for good. Attackers are turning it into a weapon.

🔗 Full McAfee report → https://thehackernews.com/2025/03/hackers-use-net-maui-to-target-indian.html

👀 Using Microsoft 365? You might have 1,000+ connected apps—and not even know it.

Most users guess they have fewer than 10. The reality? That’s a huge blind spot.

AI, not humans, is the only way to secure SaaS at scale.

🔍 AskOmni makes it simple, learn how: https://thehackernews.com/2025/03/ai-powered-saas-security-keeping-pace.html

👀 They hid for 4 YEARS.

Chinese state-backed hackers quietly lived inside a major Asian telecom, siphoning sensitive data via stealth tools like INMemory—a web shell that leaves zero forensic trace.

Meanwhile, China accused 4 Taiwanese ICEFCOM hackers of cyberattacks—Taiwan denies it.

🔗 Details here: https://thehackernews.com/2025/03/chinese-hackers-breach-asian-telecom.html

🚨 One IP. 180+ C2 domains. One malware: Raspberry Robin.

This Russia-linked botnet is back—smarter, stealthier, and spreading fast.

Used by ransomware gangs + nation-state actors like Cadet Blizzard via USBs, Discord, and fast-flux C2s.

Not just a worm—it's a launchpad for LockBit, Dridex, Clop, and more.

🔗 Full report: https://thehackernews.com/2025/03/researchers-uncover-200-unique-c2.html

🚨 Broadcom just patched CVE-2025-22230, a 7.8 CVSS auth bypass in VMware Tools for Windows (v11.x.x & 12.x.x). No workaround. Fixed in v12.5.1—patch now.

Also: CrushFTP v10 & v11 hit by unauth’d HTTP(S) access bug. Not actively exploited, but still dangerous.

🔗 Full details + patch links: https://thehackernews.com/2025/03/new-security-flaws-found-in-vmware.html