🚨 One IP. 180+ C2 domains. One malware: Raspberry Robin.
This Russia-linked botnet is back—smarter, stealthier, and spreading fast.
Used by ransomware gangs + nation-state actors like Cadet Blizzard via USBs, Discord, and fast-flux C2s.
Not just a worm—it's a launchpad for LockBit, Dridex, Clop, and more.
🔗 Full report: https://thehackernews.com/2025/03/researchers-uncover-200-unique-c2.html
This Russia-linked botnet is back—smarter, stealthier, and spreading fast.
Used by ransomware gangs + nation-state actors like Cadet Blizzard via USBs, Discord, and fast-flux C2s.
Not just a worm—it's a launchpad for LockBit, Dridex, Clop, and more.
🔗 Full report: https://thehackernews.com/2025/03/researchers-uncover-200-unique-c2.html
👍18😱8😁4
🚨 Broadcom just patched CVE-2025-22230, a 7.8 CVSS auth bypass in VMware Tools for Windows (v11.x.x & 12.x.x). No workaround. Fixed in v12.5.1—patch now.
Also: CrushFTP v10 & v11 hit by unauth’d HTTP(S) access bug. Not actively exploited, but still dangerous.
🔗 Full details + patch links: https://thehackernews.com/2025/03/new-security-flaws-found-in-vmware.html
Also: CrushFTP v10 & v11 hit by unauth’d HTTP(S) access bug. Not actively exploited, but still dangerous.
🔗 Full details + patch links: https://thehackernews.com/2025/03/new-security-flaws-found-in-vmware.html
😁14👍4⚡3👏1
🚨 Chrome zero-day exploited in the wild...
Google patches CVE-2025-2783, a high-severity flaw in Chrome for Windows—actively used in attacks on Russian orgs.
👀 Update Chrome now | Details: https://thehackernews.com/2025/03/zero-day-alert-google-releases-chrome.html
Google patches CVE-2025-2783, a high-severity flaw in Chrome for Windows—actively used in attacks on Russian orgs.
👀 Update Chrome now | Details: https://thehackernews.com/2025/03/zero-day-alert-google-releases-chrome.html
👍17😁10😱7⚡3
🔥 Cybercriminals are using one tool to break into millions of accounts.
Atlantis AIO automates credential stuffing—testing real stolen logins across 140+ platforms like Gmail, Netflix, PayPal & DoorDash.
It’s fast, stealthy, and sold with “thousands of satisfied clients.”
Not brute force—these are your leaked passwords reused.
🔗 Full report: https://thehackernews.com/2025/03/hackers-using-e-crime-tool-atlantis-aio.html
Atlantis AIO automates credential stuffing—testing real stolen logins across 140+ platforms like Gmail, Netflix, PayPal & DoorDash.
It’s fast, stealthy, and sold with “thousands of satisfied clients.”
Not brute force—these are your leaked passwords reused.
🔗 Full report: https://thehackernews.com/2025/03/hackers-using-e-crime-tool-atlantis-aio.html
🤯16👍4😁3🤔3
Your DDoS protection is lying to you.
Even “basic” DDoS attacks are breaking through so-called advanced protections. In 2024 alone: 25M+ attacks — a 53% spike year-over-year.
Why? Because the real vulnerabilities are inside the protections themselves—hidden policy gaps no one checks.
🔥 Matthew Andriani, CEO of Mazebolt, spent 100K+ hours simulating real attacks. The verdict? Every org had blind spots. No alerts. No logs. Just downtime.
✅ Check your blind spots in 3 mins: https://thehackernews.com/expert-insights/2025/03/the-surprising-gap-in-ddos-protections.html
Even “basic” DDoS attacks are breaking through so-called advanced protections. In 2024 alone: 25M+ attacks — a 53% spike year-over-year.
Why? Because the real vulnerabilities are inside the protections themselves—hidden policy gaps no one checks.
🔥 Matthew Andriani, CEO of Mazebolt, spent 100K+ hours simulating real attacks. The verdict? Every org had blind spots. No alerts. No logs. Just downtime.
✅ Check your blind spots in 3 mins: https://thehackernews.com/expert-insights/2025/03/the-surprising-gap-in-ddos-protections.html
🔥13😁7👍5👏4
INSIDERS, not hackers, cause the most damage.
📈 57% of companies face 20+ insider incidents a year
💸 Avg cost? $4.99M per breach (IBM 2024)
Even the U.S. Treasury slipped—staff got unintended access to critical systems in Dec '24.
PAM stops this.
🔐 Just-in-time access
🧠 Identity-first control
⚡ Real-time threat response
👉 See how Syteca helps → https://thehackernews.com/2025/03/how-pam-mitigates-insider-threats.html
Before access turns into a threat—secure it.
📈 57% of companies face 20+ insider incidents a year
💸 Avg cost? $4.99M per breach (IBM 2024)
Even the U.S. Treasury slipped—staff got unintended access to critical systems in Dec '24.
PAM stops this.
🔐 Just-in-time access
🧠 Identity-first control
⚡ Real-time threat response
👉 See how Syteca helps → https://thehackernews.com/2025/03/how-pam-mitigates-insider-threats.html
Before access turns into a threat—secure it.
👍15🤔3👏2🤯2
🚨 A new kind of npm malware just dropped—and it infects other packages.
Two rogue packages—ethers-provider2 and ethers-providerz—silently patched the legit ethers library to deploy a reverse shell.
Uninstalling won’t help. The malicious code persists, waiting to reinfect when ethers is reinstalled. Even deleted files don’t stop it.
🔗 Learn more: https://thehackernews.com/2025/03/malicious-npm-package-modifies-local.html
Two rogue packages—ethers-provider2 and ethers-providerz—silently patched the legit ethers library to deploy a reverse shell.
Uninstalling won’t help. The malicious code persists, waiting to reinfect when ethers is reinstalled. Even deleted files don’t stop it.
🔗 Learn more: https://thehackernews.com/2025/03/malicious-npm-package-modifies-local.html
👍12🤯10🤔2😱1
Cyber Strikes & Security Insights: Join Vanta at an RSA Happy Hour
Going to RSA? Join Vanta and CISO Series host David Spark for a night of networking, bowling, and games at Lucky Strike’s Einstein Room.
Whether you’re looking to connect with fellow cybersecurity pros, kick off your RSA week with fun, or just see who can throw the best (or worst) strike, this is the place to be.
✓ Mix and mingle with top security professionals
✓ Bowl a few frames (or just cheer from the sidelines)
✓ Enjoy food, drinks, and great conversations
✓ Get insights on the latest in cybersecurity
Space is limited, so grab your spot now: https://thn.news/lucky-security-community-s
Going to RSA? Join Vanta and CISO Series host David Spark for a night of networking, bowling, and games at Lucky Strike’s Einstein Room.
Whether you’re looking to connect with fellow cybersecurity pros, kick off your RSA week with fun, or just see who can throw the best (or worst) strike, this is the place to be.
✓ Mix and mingle with top security professionals
✓ Bowl a few frames (or just cheer from the sidelines)
✓ Enjoy food, drinks, and great conversations
✓ Get insights on the latest in cybersecurity
Space is limited, so grab your spot now: https://thn.news/lucky-security-community-s
👍5😁2
🥊 A good defense isn’t built in silence—it’s battle-tested.
Most orgs test their cyber defenses once a year—maybe twice. That’s like a boxer only sparring before a title fight. Gaps grow. Intuition dulls. Defenses drift.
Real resilience requires pressure. Continuous, automated pentesting simulates real attacks—frequently and affordably.
🔥 Your next test shouldn't be the real breach.
Automate, simulate, adapt. Learn how → https://thehackernews.com/2025/03/sparring-in-cyber-ring-using-automated.html
Most orgs test their cyber defenses once a year—maybe twice. That’s like a boxer only sparring before a title fight. Gaps grow. Intuition dulls. Defenses drift.
Real resilience requires pressure. Continuous, automated pentesting simulates real attacks—frequently and affordably.
🔥 Your next test shouldn't be the real breach.
Automate, simulate, adapt. Learn how → https://thehackernews.com/2025/03/sparring-in-cyber-ring-using-automated.html
👍7🤔3
🚨RedCurl, the Russian-speaking group—long known for espionage—has deployed ransomware for the first time.
👀 Their new strain: QWCrypt
🧠 Tactic: Fake CVs + legit Adobe tools = full system compromise
No leak site. No clear motive. Just chaos.
Details: https://thehackernews.com/2025/03/redcurl-shifts-from-espionage-to.html
👀 Their new strain: QWCrypt
🧠 Tactic: Fake CVs + legit Adobe tools = full system compromise
No leak site. No clear motive. Just chaos.
Details: https://thehackernews.com/2025/03/redcurl-shifts-from-espionage-to.html
🔥14👏3😁3🤔3
👀 Running an unpatched Windows system? You’re a target.
Hackers are exploiting CVE-2025-26633: EncryptHub hijacks Windows MMC with a stealthy .msc file swap via MUIPath, loading malware like Rhadamanthys and StealC through a fake “en-US” folder.
🧪 Trend Micro calls it "MSC EvilTwin."
Read: https://thehackernews.com/2025/03/encrypthub-exploits-windows-zero-day-to.html
Patch now. Share widely.
Hackers are exploiting CVE-2025-26633: EncryptHub hijacks Windows MMC with a stealthy .msc file swap via MUIPath, loading malware like Rhadamanthys and StealC through a fake “en-US” folder.
🧪 Trend Micro calls it "MSC EvilTwin."
Read: https://thehackernews.com/2025/03/encrypthub-exploits-windows-zero-day-to.html
Patch now. Share widely.
🔥9👍3⚡2🤔1
Catch Cloud Threats Before They Catch You!
Contain emerging threats in real time - before they impact your business. Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide.
Download now → https://thn.news/cloud-detection-dummies-2
Contain emerging threats in real time - before they impact your business. Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide.
Download now → https://thn.news/cloud-detection-dummies-2
👍9👏2
🚨 New Chinese cyber attack spotted.
FamousSparrow breached a U.S. trade group + Mexican institute using new, modular malware: SparrowDoor + ShadowPad (first use).
▶️ Targets ran outdated Exchange + Windows Server. ▶️ Backdoor includes spying, keylogging, screenshots, file theft.
📰 Full story → https://thehackernews.com/2025/03/new-sparrowdoor-backdoor-variants-found.html
FamousSparrow breached a U.S. trade group + Mexican institute using new, modular malware: SparrowDoor + ShadowPad (first use).
▶️ Targets ran outdated Exchange + Windows Server. ▶️ Backdoor includes spying, keylogging, screenshots, file theft.
📰 Full story → https://thehackernews.com/2025/03/new-sparrowdoor-backdoor-variants-found.html
🔥20😱5👍3👏3🤔3😁1
🚨 One click from insider to admin?
A critical flaw in NetApp SnapCenter (CVE-2025-26512, CVSS 9.9) lets authenticated users escalate privileges to full admin—on remote systems.
SnapCenter powers enterprise backups—this isn’t niche, it’s everywhere.
🔗Read: https://thehackernews.com/2025/03/netapp-snapcenter-flaw-could-let-users.html
A critical flaw in NetApp SnapCenter (CVE-2025-26512, CVSS 9.9) lets authenticated users escalate privileges to full admin—on remote systems.
SnapCenter powers enterprise backups—this isn’t niche, it’s everywhere.
🔗Read: https://thehackernews.com/2025/03/netapp-snapcenter-flaw-could-let-users.html
🤔8👍3😁1
👀 6-year-old bugs are back—and being weaponized.
CISA just flagged two 2019 Sitecore RCE flaws (CVE-2019-9874 & 9875) as actively exploited.
But it doesn’t stop there:
➡️ Next.js auth bypass (CVE-2025-29927) is under live attack
➡️ DrayTek routers face fresh waves targeting old RCE/LFI bugs.
🔗 Details: https://thehackernews.com/2025/03/cisa-flags-two-six-year-old-sitecore.html
Old CVEs. New exploits. Patch now.
CISA just flagged two 2019 Sitecore RCE flaws (CVE-2019-9874 & 9875) as actively exploited.
But it doesn’t stop there:
➡️ Next.js auth bypass (CVE-2025-29927) is under live attack
➡️ DrayTek routers face fresh waves targeting old RCE/LFI bugs.
🔗 Details: https://thehackernews.com/2025/03/cisa-flags-two-six-year-old-sitecore.html
Old CVEs. New exploits. Patch now.
🔥13👍4🤯3
🚨 150,000+ websites hijacked. Millions redirected.
Hackers are injecting malicious JavaScript into legit sites to push Chinese-language gambling ads—using fake Bet365 branding, fullscreen overlays, and iframe tricks.
🔗 Full story: https://thehackernews.com/2025/03/150000-sites-compromised-by-javascript.html
Hackers are injecting malicious JavaScript into legit sites to push Chinese-language gambling ads—using fake Bet365 branding, fullscreen overlays, and iframe tricks.
🔗 Full story: https://thehackernews.com/2025/03/150000-sites-compromised-by-javascript.html
😁11👍3🔥3👏2
🔥 Still opening Office docs without checking? In 2025, that’s a major risk.
Hackers still use Word and Excel to deliver malware—no macros, no clicks.
Top threats: Phishing docs, fake logins, QR traps.
🛡️ Scan before you open. Learn more: https://thehackernews.com/2025/03/top-3-ms-office-exploits-hackers-use-in.html
Hackers still use Word and Excel to deliver malware—no macros, no clicks.
Top threats: Phishing docs, fake logins, QR traps.
🛡️ Scan before you open. Learn more: https://thehackernews.com/2025/03/top-3-ms-office-exploits-hackers-use-in.html
👍17⚡3🤯2😁1
🚨 Fake India Post site used to hack Windows & Android users!
APT36 (aka Transparent Tribe), linked to Pakistan, is behind a phishing site—postindia[.]site—targeting Indian citizens 🇮🇳
👉 Details that matter → https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html
💡 Stay sharp, don’t click blind.
APT36 (aka Transparent Tribe), linked to Pakistan, is behind a phishing site—postindia[.]site—targeting Indian citizens 🇮🇳
👉 Details that matter → https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html
💡 Stay sharp, don’t click blind.
👍9😁8🤔2⚡1
🛑 Shadow SaaS is your biggest blind spot—and CASB can’t save you.
New report reveals why traditional CASB tools fail to detect or stop unsanctioned apps, identity leaks, and data exfiltration.
🔍 80% of SaaS use is shadow IT
⚠️ API scanners can’t block live attacks
🧠 The fix? Security at the browser level
📄 Read the report: https://thehackernews.com/2025/03/new-report-explains-why-casb-solutions.html
New report reveals why traditional CASB tools fail to detect or stop unsanctioned apps, identity leaks, and data exfiltration.
🔍 80% of SaaS use is shadow IT
⚠️ API scanners can’t block live attacks
🧠 The fix? Security at the browser level
📄 Read the report: https://thehackernews.com/2025/03/new-report-explains-why-casb-solutions.html
🤔8👍4⚡1👏1🤯1
🔥 Ransomware cartels are sharing weapons.
A custom EDR killer tool—EDRKillShifter—built by RansomHub is now turning up in attacks by Medusa, BianLian, and Play, per ESET.
Used to silently shut down security defenses via a BYOVD attack—before encrypting your systems.
Even “closed” RaaS gangs like BianLian are repurposing tools from rivals.
🔗 Read full report: https://thehackernews.com/2025/03/hackers-repurpose-ransomhubs.html
A custom EDR killer tool—EDRKillShifter—built by RansomHub is now turning up in attacks by Medusa, BianLian, and Play, per ESET.
Used to silently shut down security defenses via a BYOVD attack—before encrypting your systems.
Even “closed” RaaS gangs like BianLian are repurposing tools from rivals.
🔗 Read full report: https://thehackernews.com/2025/03/hackers-repurpose-ransomhubs.html
👍16🤯8🤔3⚡2👏1
🚨 Phishing just got personal.
A PhaaS kit called Morphing Meerkat fakes login pages for 114+ brands—using your DNS MX records to mimic your email provider (Gmail, Outlook, Yahoo).
It’s global, stealthy, and drops stolen creds via Telegram.
👀 Uses WordPress hacks, ad redirects (even DoubleClick), and blocks right-clicks + hotkeys.
🔗 Read: https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html
A PhaaS kit called Morphing Meerkat fakes login pages for 114+ brands—using your DNS MX records to mimic your email provider (Gmail, Outlook, Yahoo).
It’s global, stealthy, and drops stolen creds via Telegram.
👀 Uses WordPress hacks, ad redirects (even DoubleClick), and blocks right-clicks + hotkeys.
🔗 Read: https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html
🤯24👍10⚡3👏1