March 2025 – Page 7 – Learn and Explore

March 19, 2025
Uncategorized

ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers

The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web...

March 19, 2025
Uncategorized

Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen

In today’s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and MFA bypass—remain a major challenge. Instead of accepting these risks and pouring resources into fixing problems after they occur, why not prevent attacks from happening...

March 19, 2025
Uncategorized

5 Identity Threat Detection & Response Must-Haves for Super SaaS Security

Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily...

March 19, 2025
Uncategorized

Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems

Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems. “These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks,...

March 19, 2025
Uncategorized

CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject...

March 18, 2025
Uncategorized

New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. “This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into...

March 18, 2025
Uncategorized

New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking

A critical security vulnerability has been disclosed in AMI’s MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. “A local or remote attacker can...

March 18, 2025
Uncategorized

Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security

Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. “This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to...

March 18, 2025
Uncategorized

Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017

An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373,...

March 18, 2025
Uncategorized

New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads

Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks. “The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card...