⚠️ SaaS identity attacks are exploding!

Hackers are stealing credentials, hijacking logins, and abusing privileges—yet most security tools overlook SaaS identity threats.

🛡️ The Fix? Identity Threat Detection & Response (ITDR)

🔗 Secure SaaS now → https://thehackernews.com/2025/03/5-identity-threat-detection-response.html

🔥 Russia’s Role in Cybercrime Just Got Exposed!

200,000+ leaked messages expose direct ties between the ransomware gang & Russian officials.

🔹 AI-powered fraud & malware dev
🔹 Leader escaped via a "green corridor"

Read the full story 👇 https://thehackernews.com/2025/03/leaked-black-basta-chats-suggest.html

🚨 Severe PHP Flaw Under Attack.

Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers.

🔹 54% of attacks target Taiwan
🔹 5% deploy XMRig miner
🔹 PHP CGI mode at risk

Patch NOW before your servers become a battleground.

🔗 Learn more: https://thehackernews.com/2025/03/hackers-exploit-severe-php-flaw-to.html

🚨 Hackers are hijacking compromised Signal accounts to spread Dark Crystal RAT malware—targeting Ukraine’s military & defense industry.

🔹 Fake meeting minutes 📄
🔹 Hidden malware inside archives 🦠
🔹 Remote control & data theft

Read more: https://thehackernews.com/2025/03/cert-ua-warns-dark-crystal-rat-targets.html

💀 CISA just flagged this backup flaw as actively exploited!

CVE-2024-48248 | Unauthenticated file read in NAKIVO Backup & Replication exposes sensitive data & credentials.

🔹 Exploit already public
🔹 Update before it’s too late

Details: https://thehackernews.com/2025/03/cisa-adds-nakivo-vulnerability-to-kev.html

🚨 Spyware Alert!

Citizen Lab reports Australia, Canada, Denmark & more may be using Paragon's Graphite spyware—the same tool used to target journalists & activists via WhatsApp.

⚠️ 90+ journalists targeted
⚠️ iPhones & Androids hacked

🔗 Full story: https://thehackernews.com/2025/03/six-governments-likely-use-israeli.html

The hidden costs of an in-house SOC could surprise you.

A Security Operations Center (SOC) isn’t just salaries and tools—it’s ongoing costs, operational challenges, and talent shortages. Is building your own SOC really the best move?

Use this SOC Cost Calculator to compare in-house vs. Managed SOC expenses and see where you can optimize costs without sacrificing security.

Calculate your in-house vs managed SOC costs: https://thn.news/soc-cost-calculator-tg

Two major vendors just patched remote code execution flaws—update NOW before attackers exploit them.

🔴 Veeam Backup (CVE-2025-23120, 9.9/10)
➡️ Affects v12.3.0.310 & earlier
➡️ Allows RCE by authenticated users
➡️ Fixed in v12.3.1 (12.3.1.1139)

🔴 IBM AIX (CVE-2024-56346 & CVE-2024-56347, 10/10 & 9.6/10)
➡️ Affects AIX 7.2 & 7.3
➡️ Exploitable via NIM services

⚠️ No attacks seen yet, but don’t wait—patch immediately.

Full details: https://thehackernews.com/2025/03/veeam-and-ibm-release-patches-for-high.html

Cloud security isn't automatic—it's a shared battle.

Think your cloud provider handles everything? Think again. Microsoft 365 users must secure their own data, access, and backups.

🚨 No MFA, weak passwords, or no backup? You're at risk.

🔗 See what you must do now: https://thehackernews.com/2025/03/how-to-protect-your-business-from-cyber.html

🎮 Gamers, beware! That "free cheat" might steal everything.

Hackers are hiding malware in YouTube videos promoting game cheats, infecting PCs with Arcane Stealer.

🕵️ Stealing passwords, crypto wallets, VPN logins, and more.

Full report: https://thehackernews.com/2025/03/youtube-game-cheats-spread-arcane.html

👎 Most SMBs Are Failing Compliance—Are Yours?

📉 60% of U.S. small businesses aren’t fully compliant with security laws like HIPAA, PCI-DSS & GDPR.

💸 Risk: Fines, breaches & reputational damage.
💡 Solution: Continuous compliance monitoring.

MSPs: Turn compliance into profit.

Learn how → https://thehackernews.com/2025/03/why-continuous-compliance-monitoring-is.html

🔥 Hardcoded admin logins. Leaky debug logs. Cisco Smart Licensing Utility is under fire.

Hackers are actively exploiting CVE-2024-20439 & CVE-2024-20440—both rated 9.8.

Access to admin creds & APIs is on the line.

See the full story 👉 https://thehackernews.com/2025/03/ongoing-cyber-attacks-exploit-critical.html

🚨 Two hacker groups just joined forces.

Head Mare & Twelve are now working together to hit Russian targets—using WinRAR & Exchange exploits, ransomware like LockBit, and stealthy backdoors.

👉 Full story: https://thehackernews.com/2025/03/kaspersky-links-head-mare-to-twelve.html

👀 While the world was distracted…

China’s Aquatic Panda ran a 10-month global spy op in 2022—hitting the U.S., France, Taiwan & more.

🕵️ Code-named Operation FishMedley
💻 Used malware like ShadowPad & SodaMaster
💣 Targets: Think tanks, NGOs, governments

See how it worked ⬇️ https://thehackernews.com/2025/03/china-linked-apt-aquatic-panda-10-month.html

78% of orgs are vulnerable to a 9.8 CVSS attack—not due to advanced hacks, but basic mDNS spoofing. 👀

Vonahi Security ran 10,000+ internal pentests in 2024. The top risks weren’t zero-days—they were simple, fixable flaws:

• 78% – mDNS spoofing
• 73% – NBNS spoofing
• 66% – LLMNR spoofing
• 50% – misconfigs
• 25% – outdated Windows
• 20% – weak passwords

Most orgs rely on firewalls & SIEMs—but skip real testing.

⚡ Automate it. Stay ahead. Attackers don’t wait. Your security testing shouldn’t either.

👉 Test your network: https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html

🔥 Ransomware just leveled up.

Medusa RaaS is now using a malicious driver—ABYSSWORKER—to kill EDR tools on sight. Signed with stolen Chinese certs, it poses as a legit CrowdStrike driver to slip past defenses.

🛠️ Includes codes to disable antivirus, kill processes, and reboot machines.

See the full breakdown → https://thehackernews.com/2025/03/medusa-ransomware-uses-malicious-driver.html

⚠️ The rise of "Vibe Coding" together with developers' inherent "automation bias" creates the perfect attack surface.


🛑 New Rules File Backdoor attack, discovered by Pillar Security, lets hackers poison AI-powered tools like GitHub Copilot & Cursor, injecting hidden malicious code into projects that appear legitimate to developers.

Learn more: https://thn.news/github-copilot-vulnerability

🚨 UAT-5918 has been quietly breaching Taiwan’s critical infrastructure since 2023—targeting IT, telecom, healthcare, and more.

Linked to China-based groups like Volt Typhoon, it uses open-source tools, web shells & reverse proxies to stay hidden for the long haul. 👀

Credential theft, deep persistence, manual exfiltration—this isn’t smash-and-grab. It’s slow burn espionage.

🔎 Full analysis | Don’t sleep on this: https://thehackernews.com/2025/03/uat-5918-targets-taiwans-critical.html

🔥 Major policy reversal -- US Treasury LIFTS sanctions on Tornado Cash!

After accusing it of laundering $7.6B for North Korea's Lazarus hacker Group, the Treasury now says it "overstepped its authority."

🤯 Rare twist: A court ruled smart contracts aren't "property," leaving OFAC powerless.

Alexey Pertsev, co-founder, jailed in Netherlands, while others face US charges.

See the full story now: https://thehackernews.com/2025/03/us-treasury-lifts-tornado-cash.html

🚨 Coinbase dodged a bullet—but 218 repos weren’t so lucky.

A GitHub supply chain attack hijacked tj-actions/changed-files, leaking secrets from 200+ projects.

🔍 CVE-2025-30066 + CVE-2025-30154 | CVSS 8.6
🎯 Targets: DockerHub, npm, AWS creds
🕵️‍♂️ Tactics: Fork PRs, dangling commits, burner GitHub accounts

This isn’t just a glitch. It’s a playbook for future CI/CD attacks.

Why it matters now? Thousands still trust infected actions. The exploit may be gone—but the method isn’t.

🔗 Dig deeper before your next push: https://thehackernews.com/2025/03/github-supply-chain-breach-coinbase.html