๐จ Critical Alert: A severe vulnerability (CVE-2025-27363) in the FreeType font library, used by millions, is being actively exploited.
This flaw allows RCE, risking numerous systems. Affected platforms include Linux distributions, Android, and iOS.
Read: https://thehackernews.com/2025/03/meta-warns-of-freetype-vulnerability.html
Update to FreeType version 2.13.3 immediately to protect your devices. Act now!
This flaw allows RCE, risking numerous systems. Affected platforms include Linux distributions, Android, and iOS.
Read: https://thehackernews.com/2025/03/meta-warns-of-freetype-vulnerability.html
Update to FreeType version 2.13.3 immediately to protect your devices. Act now!
๐ฅ20๐คฏ9๐2๐ฑ2โก1
๐ด ruby-saml Flaws Open SAML Auth to Hijacking
GitHub Security Lab found CVE-2025-25291 & CVE-2025-25292 (CVSS 8.8) in ruby-saml, allowing attackers to bypass authentication using a valid signature.
๐ Read: https://thehackernews.com/2025/03/github-uncovers-new-ruby-saml.html
๐ Update now or risk account takeover.
GitHub Security Lab found CVE-2025-25291 & CVE-2025-25292 (CVSS 8.8) in ruby-saml, allowing attackers to bypass authentication using a valid signature.
๐ Read: https://thehackernews.com/2025/03/github-uncovers-new-ruby-saml.html
๐ Update now or risk account takeover.
๐คฏ9๐4โก1๐ฅ1
What are the top priorities for security teams in 2025? And what's threatening to derail them?
IDC asked 900+ security leaders across the US, Europe, and Australia. In a webinar on March 26, Voice of Security 2025 sponsors Tines and AWS will unpack the results.
Join them to uncover:
๐ธ How AI and automation are transforming security strategies
๐ธ The biggest challenges leaders face - and whatโs holding them back
๐ธ What drives job satisfaction (and frustration) in security leadership
๐ธ Where tooling helps vs. where itโs adding to the pain
๐ธ What leaders look for when hiring security analysts
Sign up for a deep dive into the data: https://thn.news/voice-of-security-2025-x
IDC asked 900+ security leaders across the US, Europe, and Australia. In a webinar on March 26, Voice of Security 2025 sponsors Tines and AWS will unpack the results.
Join them to uncover:
๐ธ How AI and automation are transforming security strategies
๐ธ The biggest challenges leaders face - and whatโs holding them back
๐ธ What drives job satisfaction (and frustration) in security leadership
๐ธ Where tooling helps vs. where itโs adding to the pain
๐ธ What leaders look for when hiring security analysts
Sign up for a deep dive into the data: https://thn.news/voice-of-security-2025-x
Tines
Voice of Security 2025 - Essential insights from 900 security leaders | Tines
Mar 26 2025, 11:00 AM โข US Eastern Time โข Learn what 900+ security leaders think about people, processes, and technologies this year, and uncover how to build a more resilient security strategy with your team in 2025 and beyond.
๐7๐1
๐จ A never-before-seen Android spyware KoSpy is targeting Korean & English usersโstealing texts, calls, files & more.
Masquerading as legit apps on Google Play, KoSpy operated undetected for 2 years (2022-2024). Now linked to APT27 & Kimsuky.
Meanwhile, North Korean hackers are also infiltrating npm packages & crypto walletsโdeploying RustDoor, BeaverTail & Koi Stealer.
Find out here: https://thehackernews.com/2025/03/north-koreas-scarcruft-deploys-kospy.html
Masquerading as legit apps on Google Play, KoSpy operated undetected for 2 years (2022-2024). Now linked to APT27 & Kimsuky.
Meanwhile, North Korean hackers are also infiltrating npm packages & crypto walletsโdeploying RustDoor, BeaverTail & Koi Stealer.
Find out here: https://thehackernews.com/2025/03/north-koreas-scarcruft-deploys-kospy.html
๐ค15๐5๐3๐2๐ฑ2โก1
๐จ Microsoft Warns: Fake Booking[.]com Emails Deploying Malware!
Hackers are using a new social engineering trickโClickFixโto target the hospitality sector. Victims unknowingly copy-paste a command that launches data-stealing malware.
โ ๏ธ How the scam works:
๐น Fake Booking[.]com email โ "Bad review alert!"
๐น Clicks lead to a fake CAPTCHA
๐น Trick: Victim pastes a malicious command = Instant infection
๐ Whoโs behind it? A cybercrime group Storm-1865โnow using the same tactics as Russian & Iranian hackers.
๐ More details: https://thehackernews.com/2025/03/microsoft-warns-of-clickfix-phishing.html
Hackers are using a new social engineering trickโClickFixโto target the hospitality sector. Victims unknowingly copy-paste a command that launches data-stealing malware.
โ ๏ธ How the scam works:
๐น Fake Booking[.]com email โ "Bad review alert!"
๐น Clicks lead to a fake CAPTCHA
๐น Trick: Victim pastes a malicious command = Instant infection
๐ Whoโs behind it? A cybercrime group Storm-1865โnow using the same tactics as Russian & Iranian hackers.
๐ More details: https://thehackernews.com/2025/03/microsoft-warns-of-clickfix-phishing.html
๐ฅ16๐8๐2๐ค1
๐จ Backups are failing when it matters most.
๐น Only 40% of IT teams trust their backups
๐น Downtime costs $14K/min
๐น 60% think they can recover in a dayโonly 35% do
๐น 94% of ransomware victims have backups targeted
IT leaders must act now. See the State of Backup & Recovery 2025 for key risks & solutions.
Read now: https://thehackernews.com/2025/03/bcdr-2025-trends-and-challenges-for-msps-and-it-teams.html
๐น Only 40% of IT teams trust their backups
๐น Downtime costs $14K/min
๐น 60% think they can recover in a dayโonly 35% do
๐น 94% of ransomware victims have backups targeted
IT leaders must act now. See the State of Backup & Recovery 2025 for key risks & solutions.
Read now: https://thehackernews.com/2025/03/bcdr-2025-trends-and-challenges-for-msps-and-it-teams.html
๐13๐4๐คฏ1
๐จ New Malware Alert | OBSCURE#BAT ๐ฆ
Hackers are using fake CAPTCHA pages & Trojanized software (Tor, VoIP apps) to spread the r77 rootkitโhiding files, evading antivirus, and persisting after reboot.
๐ญ Targets: ๐บ๐ธ๐จ๐ฆ๐ฌ๐ง๐ฉ๐ช ๐ ๏ธ Techniques: Obfuscated batch scripts, AMSI bypass, API hooking ๐ Stealthy & dangerousโalready in the wild!
Read more: https://thehackernews.com/2025/03/obscurebat-malware-uses-fake-captcha.html
Hackers are using fake CAPTCHA pages & Trojanized software (Tor, VoIP apps) to spread the r77 rootkitโhiding files, evading antivirus, and persisting after reboot.
๐ญ Targets: ๐บ๐ธ๐จ๐ฆ๐ฌ๐ง๐ฉ๐ช ๐ ๏ธ Techniques: Obfuscated batch scripts, AMSI bypass, API hooking ๐ Stealthy & dangerousโalready in the wild!
Read more: https://thehackernews.com/2025/03/obscurebat-malware-uses-fake-captcha.html
๐17๐ฅ4๐ค4๐3๐1
๐ดโโ ๏ธ Pirates Beware!
Downloading cracked software? You might be installing MassJackerโa new clipper malware hijacking crypto transactions.
๐น 778,531 attacker-controlled wallets
๐น $336,700 in stolen funds
๐น Hides inside pirated downloads from pesktop[.]com
Your clipboard isn't safe. Copy a wallet address? It swaps it with the hackerโs.
๐ Full story: https://thehackernews.com/2025/03/new-massjacker-malware-targets-piracy.html
Downloading cracked software? You might be installing MassJackerโa new clipper malware hijacking crypto transactions.
๐น 778,531 attacker-controlled wallets
๐น $336,700 in stolen funds
๐น Hides inside pirated downloads from pesktop[.]com
Your clipboard isn't safe. Copy a wallet address? It swaps it with the hackerโs.
๐ Full story: https://thehackernews.com/2025/03/new-massjacker-malware-targets-piracy.html
๐15๐ฑ8๐ฅ5๐4๐ค2๐1
๐ GSMA is bringing end-to-end encryption (E2EE) to RCS messages between Android & iOS. That means private, secure chatsโno matter the device.
This comes right after Apple agreed to support RCS in iOS 18. Until now, Google encrypted RCS in its Messages app, but cross-platform chats were left exposed.
๐ Read more: https://thehackernews.com/2025/03/gsma-confirms-end-to-end-encryption-for.html
This comes right after Apple agreed to support RCS in iOS 18. Until now, Google encrypted RCS in its Messages app, but cross-platform chats were left exposed.
๐ Read more: https://thehackernews.com/2025/03/gsma-confirms-end-to-end-encryption-for.html
๐ค15๐8๐ฅ4๐2๐1๐คฏ1๐ฑ1
๐จ LockBit Dev Extradited to U.S.
Rostislav Panev, a 51-year-old dual Russian-Israeli national, is now in U.S. custodyโcharged for developing LockBit ransomware.
LockBit has hit 2,500+ victims in 120+ countries, raking in $500M+ in profits.
๐ Full story: https://thehackernews.com/2025/03/alleged-israeli-lockbit-developer.html
Rostislav Panev, a 51-year-old dual Russian-Israeli national, is now in U.S. custodyโcharged for developing LockBit ransomware.
LockBit has hit 2,500+ victims in 120+ countries, raking in $500M+ in profits.
๐ Full story: https://thehackernews.com/2025/03/alleged-israeli-lockbit-developer.html
๐16๐7๐5๐ฅ1๐คฏ1
๐จ Most microsegmentation projects fail before startingโtoo complex, slow, and disruptive.
But Andelyn Biosciences succeeded.
โ 2,700 security policies enforced
โ No hardware changes needed
โ Full segmentation in weeks, not years
They replaced legacy VLANs and firewalls with Elisity's identity-based microsegmentation.
๐ Learn how and get lessons for your Zero Trust journey: https://thehackernews.com/2025/03/why-most-microsegmentation-projects.html
But Andelyn Biosciences succeeded.
โ 2,700 security policies enforced
โ No hardware changes needed
โ Full segmentation in weeks, not years
They replaced legacy VLANs and firewalls with Elisity's identity-based microsegmentation.
๐ Learn how and get lessons for your Zero Trust journey: https://thehackernews.com/2025/03/why-most-microsegmentation-projects.html
๐9๐3๐ฑ1
๐จ 2025 is the year of cyberattacks.
๐น Phishing is getting smarter.
๐น MFA isnโt stopping breaches.
๐น AppSec tools are still missing the mark.
๐ Join these webinars to fix security for good: https://www.linkedin.com/pulse/phishing-mfa-bypass-appsec-failuresfix-them-webinars-thehackernews-t1oee/
๐น Phishing is getting smarter.
๐น MFA isnโt stopping breaches.
๐น AppSec tools are still missing the mark.
๐ Join these webinars to fix security for good: https://www.linkedin.com/pulse/phishing-mfa-bypass-appsec-failuresfix-them-webinars-thehackernews-t1oee/
Linkedin
๐ฅ Phishing, MFA Bypass & AppSec FailuresโFix Them in These Webinars
Cyberattacks are evolving. Are your defenses stuck in the past? Phishing, MFA bypass, and weak credentials fuel the majority of breaches.
๐16๐12โก2๐ฅ2๐1
๐จ Hackers are poisoning PyPI again. Devs, check your dependencies NOW!
Cybercriminals planted 20 fake Python packages on PyPIโstealing cloud access tokens from AWS, Alibaba Cloud, and Tencent Cloud. These packages, disguised as "time" utilities, racked up 14,100+ downloads before removal.
๐ One even snuck into a GitHub project with 519 stars and 42 forks.
๐ Read more: https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html
Cybercriminals planted 20 fake Python packages on PyPIโstealing cloud access tokens from AWS, Alibaba Cloud, and Tencent Cloud. These packages, disguised as "time" utilities, racked up 14,100+ downloads before removal.
๐ One even snuck into a GitHub project with 519 stars and 42 forks.
๐ Read more: https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html
๐19๐11๐ฅ10๐คฏ8๐7โก3๐ค1
๐จ WARNING: A supply chain attack hit tj-actions/changed-files, a GitHub Action used by 23,000+ reposโexposing AWS keys, PATs, and RSA keys in CI/CD logs.
๐ Affected? Update to v46.0.1 NOW and Audit workflows for leaks.
๐ Read more: https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html
๐ Affected? Update to v46.0.1 NOW and Audit workflows for leaks.
๐ Read more: https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html
๐12๐คฏ3๐ค2๐ฅ1
๐ Your email client might be leaking more than you think...
Hackers are exploiting CSS to bypass spam filters and track users without JavaScript.
๐จ Cisco Talos warns that attackers use CSS properties like media, text-indent, and opacity to hide phishing content and fingerprint victims.
Stay aheadโlearn how at https://thehackernews.com/2025/03/cybercriminals-exploit-css-to-evade.html.
Hackers are exploiting CSS to bypass spam filters and track users without JavaScript.
๐จ Cisco Talos warns that attackers use CSS properties like media, text-indent, and opacity to hide phishing content and fingerprint victims.
Stay aheadโlearn how at https://thehackernews.com/2025/03/cybercriminals-exploit-css-to-evade.html.
๐ฅ17๐4๐4๐ค1
๐จ Cloud ransomware is evolvingโyour security settings wonโt save you.
66% of cloud storage buckets hold sensitive data. Attackers now exploit legit AWS & Azure features to lock you out.
๐น Block risky encryption methods
๐น Enable backups & versioning (not default!)
๐น Lock down IAM policies
The cloud wonโt save youโtake action now.
๐ฅ Read & Watch: https://thehackernews.com/2025/03/sans-institute-warns-of-novel-cloud.html
66% of cloud storage buckets hold sensitive data. Attackers now exploit legit AWS & Azure features to lock you out.
๐น Block risky encryption methods
๐น Enable backups & versioning (not default!)
๐น Lock down IAM policies
The cloud wonโt save youโtake action now.
๐ฅ Read & Watch: https://thehackernews.com/2025/03/sans-institute-warns-of-novel-cloud.html
๐15
๐จ Old Cameras, New Threats ๐ฅ
A critical flaw (CVE-2025-1316, CVSS 9.3) in Edimax IC-7100 cameras is under active attackโturning unpatched devices into Mirai botnet soldiers for massive DDoS strikes.
Default creds (admin:1234) = easy pickings for attackers
๐ Details: https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html
A critical flaw (CVE-2025-1316, CVSS 9.3) in Edimax IC-7100 cameras is under active attackโturning unpatched devices into Mirai botnet soldiers for massive DDoS strikes.
Default creds (admin:1234) = easy pickings for attackers
๐ Details: https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html
๐ฅ18๐4
๐จ Last Week in Cybersecurity...
Routers hacked, malicious PyPI packages detected, new ransomware decryptors released, and major threats uncovered.
Read: https://thehackernews.com/2025/03/thn-weekly-recap-router-hacks-pypi.html
Stay informedโstay secure. #THNWeeklyRecap
Routers hacked, malicious PyPI packages detected, new ransomware decryptors released, and major threats uncovered.
Read: https://thehackernews.com/2025/03/thn-weekly-recap-router-hacks-pypi.html
Stay informedโstay secure. #THNWeeklyRecap
๐14โก8๐4
๐จ Apache Tomcat Under Attack.
Hackers are actively exploiting CVE-2025-24813 just 30 hours after disclosure.
๐น RCE & Info Disclosure Risk
๐น No Authentication Needed
๐น Attackers Upload & Execute Malicious Files
โ ๏ธ Delaying could mean backdoors, config tampering & full compromise.
Read: https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html
Donโt waitโsecure your systems NOW
Hackers are actively exploiting CVE-2025-24813 just 30 hours after disclosure.
๐น RCE & Info Disclosure Risk
๐น No Authentication Needed
๐น Attackers Upload & Execute Malicious Files
โ ๏ธ Delaying could mean backdoors, config tampering & full compromise.
Read: https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html
Donโt waitโsecure your systems NOW
๐25๐ฅ15๐11๐คฏ4๐1๐ค1
This media is not supported in your browser
VIEW IN TELEGRAM
๐ New Malware Alert โ Microsoft warns of StilachiRAT, a stealthy remote access trojan that:
๐น Steals browser passwords & clipboard data
๐น Targets crypto wallets
๐น Executes remote commands & monitors RDP sessions
๐น Evades detection by clearing event logs
Read: https://thehackernews.com/2025/03/microsoft-warns-of-stilachirat-stealthy.html
๐ต๏ธโโ๏ธ No known actor yet, but itโs spreading. Protect your assets NOW.
๐น Steals browser passwords & clipboard data
๐น Targets crypto wallets
๐น Executes remote commands & monitors RDP sessions
๐น Evades detection by clearing event logs
Read: https://thehackernews.com/2025/03/microsoft-warns-of-stilachirat-stealthy.html
๐ต๏ธโโ๏ธ No known actor yet, but itโs spreading. Protect your assets NOW.
๐21๐ค7๐ฑ6