⚠️ Developers targeted where it hurts — their tools.

2 malicious VSCode extensions were caught deploying early-stage ransomware, demanding 1 ShibaCoin to decrypt files.

➡️ Names: ahban.shiba & ahban.cychelloworld
➡️ Encrypted a test folder on victims’ desktops
➡️ Demanded 1 ShibaCoin—no wallet address yet

Meanwhile, a fake Maven package is stealing OAuth credentials every 15th of the month—via typosquatting.

🔗 Your tools can betray you. Audit dependencies: https://thehackernews.com/2025/03/vscode-marketplace-removes-two.html

🚨 URGENT: New ransomware "VanHelsing" claims 3 victims in just 17 days since March 7th launch.

This RaaS operation charges newcomers $5K to join while letting experienced hackers in for free. Targets ALL major OS platforms with sophisticated "double extortion" tactics.

See the full story: https://thehackernews.com/2025/03/vanhelsing-raas-launch-3-victims-5k.html

🔥 “Security OR usability?” is the wrong question.

71% of professionals admit to risky password behavior—not because they don't care, but because friction drives shortcuts. 😬

The solution? Smarter design, not stricter rules.

| Reduce complexity
| Use passphrases
| Give real-time feedback

The right tools—like Specops Password Policy—boost both security and UX.

Stop choosing between safety and simplicity. Start balancing both → https://thehackernews.com/2025/03/how-to-balance-password-security.html

Stay informed with the latest in cybersecurity trends, vulnerabilities, and best practices.

🔐 Don't miss out on this week's critical updates on patching, threats, and system protection.

Read the full newsletter here: https://thehackernews.com/2025/03/thn-weekly-recap-github-supply-chain.html

🚨 Microsoft just launched built-in AI data leak protection.

Edge for Business now blocks sensitive info from being typed into ChatGPT, Gemini & more.

Also out:
✅ 11 new Security Copilot AI agents
✅ Stronger phishing defense in Teams

🔗 Details here: https://thehackernews.com/2025/03/microsoft-adds-inline-data-protection.html

🚨 WARNING: 43% of cloud setups at risk from new "IngressNightmare" flaws.

Unauth RCE in Ingress NGINX Controller for Kubernetes could let attackers take over entire clusters—no creds needed. Over 6,500 exposed.

🔥 CVSS 9.8 | 5 CVEs | 1 attack chain | Total cluster compromise.

Patch now → Versions 1.12.1, 1.11.5, 1.10.7 Disable admission controller if not needed Lock down external access to webhooks

This isn’t the NGINX Ingress Controller you think it is.

👉 Full details + fixes → https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html

🚨 306 arrests. 1,842 devices seized. 7 countries.

Operation Red Card (Nov 2024–Feb 2025) exposed scam networks targeting over 5,000 victims through fake investments, SMS phishing & hijacked banking apps.

👥 Nigeria: 130 arrested — 113 were foreign nationals
📲 South Africa: Over 1,000 SIMs seized
💰 Rwanda: $305K stolen via social engineering
💀 Some scammers were human trafficking victims forced into fraud

🔗 Learn more: https://thehackernews.com/2025/03/interpol-arrests-306-suspects-seizes.html

🚨 Malware Alert! Hackers are using Microsoft’s .NET MAUI to build fake banking & social apps targeting Indian and Chinese users.

🎯 Targets include banks, X (Twitter), and photo apps.
🧠 Malware hides in app buttons—stealing info when tapped.
⚠️ .NET MAUI was built for good. Attackers are turning it into a weapon.

🔗 Full McAfee report → https://thehackernews.com/2025/03/hackers-use-net-maui-to-target-indian.html

👀 Using Microsoft 365? You might have 1,000+ connected apps—and not even know it.

Most users guess they have fewer than 10. The reality? That’s a huge blind spot.

AI, not humans, is the only way to secure SaaS at scale.

🔍 AskOmni makes it simple, learn how: https://thehackernews.com/2025/03/ai-powered-saas-security-keeping-pace.html

👀 They hid for 4 YEARS.

Chinese state-backed hackers quietly lived inside a major Asian telecom, siphoning sensitive data via stealth tools like INMemory—a web shell that leaves zero forensic trace.

Meanwhile, China accused 4 Taiwanese ICEFCOM hackers of cyberattacks—Taiwan denies it.

🔗 Details here: https://thehackernews.com/2025/03/chinese-hackers-breach-asian-telecom.html

🚨 One IP. 180+ C2 domains. One malware: Raspberry Robin.

This Russia-linked botnet is back—smarter, stealthier, and spreading fast.

Used by ransomware gangs + nation-state actors like Cadet Blizzard via USBs, Discord, and fast-flux C2s.

Not just a worm—it's a launchpad for LockBit, Dridex, Clop, and more.

🔗 Full report: https://thehackernews.com/2025/03/researchers-uncover-200-unique-c2.html

🚨 Broadcom just patched CVE-2025-22230, a 7.8 CVSS auth bypass in VMware Tools for Windows (v11.x.x & 12.x.x). No workaround. Fixed in v12.5.1—patch now.

Also: CrushFTP v10 & v11 hit by unauth’d HTTP(S) access bug. Not actively exploited, but still dangerous.

🔗 Full details + patch links: https://thehackernews.com/2025/03/new-security-flaws-found-in-vmware.html

🚨 Chrome zero-day exploited in the wild...

Google patches CVE-2025-2783, a high-severity flaw in Chrome for Windows—actively used in attacks on Russian orgs.

👀 Update Chrome now | Details: https://thehackernews.com/2025/03/zero-day-alert-google-releases-chrome.html

🔥 Cybercriminals are using one tool to break into millions of accounts.

Atlantis AIO automates credential stuffing—testing real stolen logins across 140+ platforms like Gmail, Netflix, PayPal & DoorDash.

It’s fast, stealthy, and sold with “thousands of satisfied clients.”

Not brute force—these are your leaked passwords reused.

🔗 Full report: https://thehackernews.com/2025/03/hackers-using-e-crime-tool-atlantis-aio.html

Your DDoS protection is lying to you.

Even “basic” DDoS attacks are breaking through so-called advanced protections. In 2024 alone: 25M+ attacks — a 53% spike year-over-year.

Why? Because the real vulnerabilities are inside the protections themselves—hidden policy gaps no one checks.

🔥 Matthew Andriani, CEO of Mazebolt, spent 100K+ hours simulating real attacks. The verdict? Every org had blind spots. No alerts. No logs. Just downtime.

✅ Check your blind spots in 3 mins: https://thehackernews.com/expert-insights/2025/03/the-surprising-gap-in-ddos-protections.html

INSIDERS, not hackers, cause the most damage.

📈 57% of companies face 20+ insider incidents a year
💸 Avg cost? $4.99M per breach (IBM 2024)

Even the U.S. Treasury slipped—staff got unintended access to critical systems in Dec '24.

PAM stops this.
🔐 Just-in-time access
🧠 Identity-first control
⚡ Real-time threat response

👉 See how Syteca helps → https://thehackernews.com/2025/03/how-pam-mitigates-insider-threats.html

Before access turns into a threat—secure it.

🚨 A new kind of npm malware just dropped—and it infects other packages.

Two rogue packages—ethers-provider2 and ethers-providerz—silently patched the legit ethers library to deploy a reverse shell.

Uninstalling won’t help. The malicious code persists, waiting to reinfect when ethers is reinstalled. Even deleted files don’t stop it.

🔗 Learn more: https://thehackernews.com/2025/03/malicious-npm-package-modifies-local.html

Cyber Strikes & Security Insights: Join Vanta at an RSA Happy Hour

Going to RSA? Join Vanta and CISO Series host David Spark for a night of networking, bowling, and games at Lucky Strike’s Einstein Room.

Whether you’re looking to connect with fellow cybersecurity pros, kick off your RSA week with fun, or just see who can throw the best (or worst) strike, this is the place to be.

✓ Mix and mingle with top security professionals
✓ Bowl a few frames (or just cheer from the sidelines)
✓ Enjoy food, drinks, and great conversations
✓ Get insights on the latest in cybersecurity

Space is limited, so grab your spot now: https://thn.news/lucky-security-community-s

🥊 A good defense isn’t built in silence—it’s battle-tested.

Most orgs test their cyber defenses once a year—maybe twice. That’s like a boxer only sparring before a title fight. Gaps grow. Intuition dulls. Defenses drift.

Real resilience requires pressure. Continuous, automated pentesting simulates real attacks—frequently and affordably.

🔥 Your next test shouldn't be the real breach.

Automate, simulate, adapt. Learn how → https://thehackernews.com/2025/03/sparring-in-cyber-ring-using-automated.html

🚨RedCurl, the Russian-speaking group—long known for espionage—has deployed ransomware for the first time.

👀 Their new strain: QWCrypt
🧠 Tactic: Fake CVs + legit Adobe tools = full system compromise

No leak site. No clear motive. Just chaos.

Details: https://thehackernews.com/2025/03/redcurl-shifts-from-espionage-to.html

👀 Running an unpatched Windows system? You’re a target.

Hackers are exploiting CVE-2025-26633: EncryptHub hijacks Windows MMC with a stealthy .msc file swap via MUIPath, loading malware like Rhadamanthys and StealC through a fake “en-US” folder.

🧪 Trend Micro calls it "MSC EvilTwin."

Read: https://thehackernews.com/2025/03/encrypthub-exploits-windows-zero-day-to.html

Patch now. Share widely.