🚨 Microsoft Warns: Fake Booking[.]com Emails Deploying Malware!

Hackers are using a new social engineering trick—ClickFix—to target the hospitality sector. Victims unknowingly copy-paste a command that launches data-stealing malware.

⚠️ How the scam works:
🔹 Fake Booking[.]com email → "Bad review alert!"
🔹 Clicks lead to a fake CAPTCHA
🔹 Trick: Victim pastes a malicious command = Instant infection

🔎 Who’s behind it? A cybercrime group Storm-1865—now using the same tactics as Russian & Iranian hackers.

🔗 More details: https://thehackernews.com/2025/03/microsoft-warns-of-clickfix-phishing.html

🚨 Backups are failing when it matters most.

🔹 Only 40% of IT teams trust their backups
🔹 Downtime costs $14K/min
🔹 60% think they can recover in a day—only 35% do
🔹 94% of ransomware victims have backups targeted

IT leaders must act now. See the State of Backup & Recovery 2025 for key risks & solutions.

Read now: https://thehackernews.com/2025/03/bcdr-2025-trends-and-challenges-for-msps-and-it-teams.html

🚨 New Malware Alert | OBSCURE#BAT 🦇
Hackers are using fake CAPTCHA pages & Trojanized software (Tor, VoIP apps) to spread the r77 rootkit—hiding files, evading antivirus, and persisting after reboot.

🎭 Targets: 🇺🇸🇨🇦🇬🇧🇩🇪 🛠️ Techniques: Obfuscated batch scripts, AMSI bypass, API hooking 🔍 Stealthy & dangerous—already in the wild!

Read more: https://thehackernews.com/2025/03/obscurebat-malware-uses-fake-captcha.html

🏴‍☠️ Pirates Beware!

Downloading cracked software? You might be installing MassJacker—a new clipper malware hijacking crypto transactions.

🔹 778,531 attacker-controlled wallets
🔹 $336,700 in stolen funds
🔹 Hides inside pirated downloads from pesktop[.]com

Your clipboard isn't safe. Copy a wallet address? It swaps it with the hacker’s.

🔗 Full story: https://thehackernews.com/2025/03/new-massjacker-malware-targets-piracy.html

🔒 GSMA is bringing end-to-end encryption (E2EE) to RCS messages between Android & iOS. That means private, secure chats—no matter the device.

This comes right after Apple agreed to support RCS in iOS 18. Until now, Google encrypted RCS in its Messages app, but cross-platform chats were left exposed.

🔗 Read more: https://thehackernews.com/2025/03/gsma-confirms-end-to-end-encryption-for.html

🚨 LockBit Dev Extradited to U.S.

Rostislav Panev, a 51-year-old dual Russian-Israeli national, is now in U.S. custody—charged for developing LockBit ransomware.

LockBit has hit 2,500+ victims in 120+ countries, raking in $500M+ in profits.

🔗 Full story: https://thehackernews.com/2025/03/alleged-israeli-lockbit-developer.html

🚨 Most microsegmentation projects fail before starting—too complex, slow, and disruptive.

But Andelyn Biosciences succeeded.

✅ 2,700 security policies enforced
✅ No hardware changes needed
✅ Full segmentation in weeks, not years

They replaced legacy VLANs and firewalls with Elisity's identity-based microsegmentation.

🔍 Learn how and get lessons for your Zero Trust journey: https://thehackernews.com/2025/03/why-most-microsegmentation-projects.html

🚨 2025 is the year of cyberattacks.

🔹 Phishing is getting smarter.
🔹 MFA isn’t stopping breaches.
🔹 AppSec tools are still missing the mark.

🔗 Join these webinars to fix security for good: https://www.linkedin.com/pulse/phishing-mfa-bypass-appsec-failuresfix-them-webinars-thehackernews-t1oee/

🚨 Hackers are poisoning PyPI again. Devs, check your dependencies NOW!

Cybercriminals planted 20 fake Python packages on PyPI—stealing cloud access tokens from AWS, Alibaba Cloud, and Tencent Cloud. These packages, disguised as "time" utilities, racked up 14,100+ downloads before removal.

👀 One even snuck into a GitHub project with 519 stars and 42 forks.

🔗 Read more: https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html

🚨 WARNING: A supply chain attack hit tj-actions/changed-files, a GitHub Action used by 23,000+ repos—exposing AWS keys, PATs, and RSA keys in CI/CD logs.

👀 Affected? Update to v46.0.1 NOW and Audit workflows for leaks.

🔗 Read more: https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html

👀 Your email client might be leaking more than you think...

Hackers are exploiting CSS to bypass spam filters and track users without JavaScript.

🚨 Cisco Talos warns that attackers use CSS properties like media, text-indent, and opacity to hide phishing content and fingerprint victims.

Stay ahead—learn how at https://thehackernews.com/2025/03/cybercriminals-exploit-css-to-evade.html.

🚨 Cloud ransomware is evolving—your security settings won’t save you.

66% of cloud storage buckets hold sensitive data. Attackers now exploit legit AWS & Azure features to lock you out.

🔹 Block risky encryption methods
🔹 Enable backups & versioning (not default!)
🔹 Lock down IAM policies

The cloud won’t save you—take action now.

🎥 Read & Watch: https://thehackernews.com/2025/03/sans-institute-warns-of-novel-cloud.html

🚨 Old Cameras, New Threats 🔥

A critical flaw (CVE-2025-1316, CVSS 9.3) in Edimax IC-7100 cameras is under active attack—turning unpatched devices into Mirai botnet soldiers for massive DDoS strikes.

Default creds (admin:1234) = easy pickings for attackers

🔗 Details: https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html

🚨 Last Week in Cybersecurity...

Routers hacked, malicious PyPI packages detected, new ransomware decryptors released, and major threats uncovered.

Read: https://thehackernews.com/2025/03/thn-weekly-recap-router-hacks-pypi.html

Stay informed—stay secure. #THNWeeklyRecap

🚨 Apache Tomcat Under Attack.

Hackers are actively exploiting CVE-2025-24813 just 30 hours after disclosure.

🔹 RCE & Info Disclosure Risk
🔹 No Authentication Needed
🔹 Attackers Upload & Execute Malicious Files

⚠️ Delaying could mean backdoors, config tampering & full compromise.

Read: https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html

Don’t wait—secure your systems NOW

💀 New Malware Alert — Microsoft warns of StilachiRAT, a stealthy remote access trojan that:

🔹 Steals browser passwords & clipboard data
🔹 Targets crypto wallets
🔹 Executes remote commands & monitors RDP sessions
🔹 Evades detection by clearing event logs

Read: https://thehackernews.com/2025/03/microsoft-warns-of-stilachirat-stealthy.html

🕵️‍♂️ No known actor yet, but it’s spreading. Protect your assets NOW.

⚠️ Your Device Might Be Part of the Largest CTV Botnet Ever!

Cybercriminals are exploiting cheap Android devices to build a massive botnet for:

🔹 Ad fraud & fake clicks
🔹 Residential proxy abuse
🔹 DDoS attacks & account takeovers
🔹 Hidden malware pre-installed in devices

Learn more: https://thehackernews.com/2025/03/badbox-20-botnet-infects-1-million.html

💀 1M+ devices infected worldwide, mostly in Brazil, US, & Mexico. Google removed 24 malicious apps, but the operation is still evolving.

🚨 China-linked MirrorFace just carried out a stealthy attack on a European diplomatic group—using:

🔹 ANEL backdoor—revived after 6 years
🔹 AsyncRAT & HiddenFace malware
🔹 Stealthy access via VS Code Remote Tunnels

Learn more: https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html

What are the essential skills security analysts need to succeed?

IDC's latest survey of 900+ security leaders reveals the top five.

Uncover these and more findings in a live webinar with sponsors Tines and AWS.

Sign up to attend: https://thn.news/voice-of-security-2025-tw

🚨 331 Malicious Android Google Play Apps, 60 Million+ Downloads!

The Vapor scam used:
🔹 Full-screen ads—locking devices
🔹 Phishing attacks—stealing credentials & credit cards
🔹 Hidden icons & impersonation—evading detection
🔹 Versioning tricks—turning clean apps malicious later

⚠️ Check your phone NOW. Delete suspicious apps!

🔗 Full details — https://thehackernews.com/2025/03/new-ad-fraud-campaign-exploits-331-apps.html