IT Security News Daily Summary 2025-03-28

144 posts were published in the last hour

• 22:36 : News brief: China-linked APTs and Russian access broker
• 22:36 : Cybersecurity & Infrastructure Security Agency (CISA) Pledge
• 21:34 : Crooks are reviving the Grandoreiro banking trojan
• 21:34 : Friday Squid Blogging: Squid Werewolf Hacking Group
• 21:17 : CISA Adds One Known Exploited Vulnerability to Catalog
• 21:17 : MAR-25993211-r1.v1 Ivanti Connect Secure (RESURGE)
• 21:17 : CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure
• 21:17 : Week in Review: Microsoft Trust abuse, 23andMe bankruptcy risks, NIST’s growing backlog
• 21:17 : AWS continues to support government cloud security and shape FedRAMP’s evolution toward automated compliance
• 20:34 : New Morphing Meerkat Phishing Kit Exploits DNS to Spoof 100+ Brands
• 20:34 : A Congressional Bill to Limit Court Power Through Injunctions Is a Bad, Transparent Effort to Limit Court Power
• 20:5 : IT Security News Hourly Summary 2025-03-28 21h : 4 posts
• 19:38 : Russian authorities arrest three suspects behind Mamont Android banking trojan
• 19:38 : Oracle Hack PR Drama: Deny, Deny, Deny — Despite Damning Data
• 19:11 : Ansible Security and Testing Tools for Automation
• 19:11 : WhatsApp Fixes Security Flaw Exploited by Spyware
• 18:11 : Engaging Online Learning: Strategies to Keep Students Focused and Motivated
• 18:11 : How to Implement CMMS Software in Your Organization
• 18:11 : New Python-Based Discord RAT Attacking Users to Steal Login Credentials
• 17:32 : Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands
• 17:32 : Ascom Confirms Cyberattack as HellCat Hackers Exploit Jira Servers
• 17:32 : Oracle Denies Claim of Server Breach
• 17:32 : Betruger Backdoor Linked to RansomHub Ransomware Attacks on Critical Infrastructure
• 17:11 : PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel
• 17:11 : New Python-Based Discord RAT Targets Users to Steal Login Credentials
• 17:11 : Vulnerability in most browsers abused in targeted attacks
• 17:5 : IT Security News Hourly Summary 2025-03-28 18h : 7 posts
• 16:38 : NASA, Boeing To Begin Starliner Testing After ‘Anomalies’
• 16:38 : Tax Season = Prime Time for Scammers — Here’s How to Stay Safe
• 16:38 : Mozilla patches Firefox bug ‘exploited in the wild,’ similar to bug attacking Chrome
• 16:38 : Again and again, NSO Group’s customers keep getting their spyware operations caught
• 16:38 : Guide to Network Device Configuration Review
• 16:8 : Oracle Health data breach related to hospitals
• 16:8 : A Deep Dive into Water Gamayun’s Arsenal and Infrastructure
• 15:34 : Russian Hackers Mimic as CIA to Steal Ukraine Defense Intelligence Data
• 15:34 : PJobRAT Android RAT as Dating & Instant Messaging Apps Attacking Military Personnel
• 15:34 : Nine in Ten Healthcare Organizations Use the Most Vulnerable IoT Devices
• 15:33 : Solar Power System Vulnerabilities Could Result in Blackouts
• 15:11 : Cybersecurity Trends for 2025
• 15:11 : Security in the CI/CD Pipeline
• 15:11 : Advanced Network Security with Check Point CloudGuard and Nutanix Cloud Platform
• 15:11 : You Can Stockpile Food—But You Can’t Stockpile Trust
• 15:11 : The best VPN for Mac in 2025: Expert tested and reviewed
• 15:11 : Fortinet vs Palo Alto NGFWs 2025: Comparison Guide
• 14:32 : Microsoft’s passwordless future is here for Outlook, Xbox, 365, and more
• 14:32 : Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
• 14:6 : EU To Invest €1.3bn in AI, Cybersecurity, Digital Skills
• 14:6 : SHELBY Malware Steals Data by Abusing GitHub as Command-and-Control Server
• 14:6 : Russian Hackers Impersonate CIA to Steal Ukrainian Defense Intelligence Data
• 14:6 : 5 Chromecast tricks to unlock your TV’s full potential (including a hidden streaming hack)
• 14:5 : IT Security News Hourly Summary 2025-03-28 15h : 10 posts
• 13:34 : 46 New Vulnerabilities in Solar Inverter Systems Allow Attackers to Tamper with Settings
• 13:34 : SHELBY Malware Steal Data Abusing GitHub for Command-and-control Server
• 13:34 : CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
• 13:9 : The CMMC Compliance Journey
• 13:9 : DeBackdoor: A Framework for Detecting Backdoor Attacks in Deep Learning Models
• 13:9 : Backup Data Resiliency: Backups Alone Aren’t Enough
• 13:9 : Mozilla patches Firefox bug ‘exploited in the wild’, similar to bug attacking Chrome
• 13:9 : Addressing Federal Cybersecurity Challenges in the Cloud Era
• 13:9 : Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware
• 13:9 : Cybercriminals Exploit Psychological Vulnerabilities in Ransomware Campaigns
• 12:36 : A Tale of Two Phishing Sites, (Fri, Mar 28th)
• 12:36 : Meta Launches Friends Tab, As Zuck Touts “OG Facebook”
• 12:36 : Cardiff’s children’s chief confirms data leak 2 months after cyber risk was ‘escalated’
• 12:36 : How to create a strong passphrase, with examples
• 12:36 : Threat Actors Hacked 150,000 Sites to Link Chinese Gambling Sites
• 12:36 : RansomHub’s EDRKillShifter Link With Other Well-Established Ransomware Gang’s – New Research
• 12:36 : New FamousSparrow Malware Attacking Hotels & Engineering Companies to New Backdoor
• 12:36 : PlayBoy Locker Ransomware Attacking Windows, NAS and ESXi Operating Systems
• 12:36 : Hackers Abuse MailChimp Email Marketing Platform via Phishing, and Social Engineering Tactics
• 12:36 : 9-Year-Old NPM Crypto Package Hijacked for Information Theft
• 12:9 : SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk
• 12:9 : Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters
• 12:9 : Red Team Tactics Grow More Sophisticated with Advancements in Artificial Intelligence
• 12:9 : In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked
• 12:9 : JFK and the Houthis: Haste Makes Waste of Security
• 12:9 : Trump CISA Cuts Threaten US Election Integrity, Experts Warn
• 11:34 : Malicious Snow White Movie Download Targets Viewers with New Malware
• 11:34 : VanHelsing Ransomware: What You Need To Know
• 11:34 : AIs as Trusted Third Parties
• 11:34 : New Issuance Requirements Improve HTTPS Certificate Validation
• 11:34 : Cloudflare open sources OPKSSH to bring Single Sign-On to SSH
• 11:34 : Morphing Meerkat PhaaS Platform Spoofs 100+ Brands
• 11:7 : Generative AI providers rewriting the rules of automated traffic – F5 report
• 11:7 : GLPI ITSM Tool Flaw Allows Attackers to Inject Malicious SQL Queries
• 11:7 : Hackers Exploit MailChimp Email Marketing Platform Using Phishing and Social Engineering Tactics
• 11:7 : Keeper Unveils Latest WearOS App for Android
• 11:7 : Redcurl Actors New Ransomware Exclusively Attacking Hyper-V Servers
• 11:7 : Blacklock Ransomware Infrastructure Intruded to Uncover Their Planned Attacks
• 11:7 : Cloudflare Announces OpenPubkey SSH to Integrate Single-Sign-on With SSH
• 11:7 : Meta AI Will Begin Rolling Out Across 41 European Countries
• 11:7 : GLPI Open-source ITSM Tool Vulnerability Let Attackers Inject Malicious SQL Queries
• 11:7 : Morphing Meerkat Phishing Kits Target Over 100 Brands
• 11:7 : Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
• 11:6 : Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity
• 11:5 : IT Security News Hourly Summary 2025-03-28 12h : 9 posts
• 10:38 : Safeguarding Patient Data and Embracing Emerging Technologies
• 10:38 : Mozilla fixed critical Firefox vulnerability CVE-2025-2857
• 10:38 : Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe
• 10:9 : Gamaredon campaign abuses LNK files to distribute Remcos backdoor
• 10:9 : How businesses can manage their dark web exposure in 2025
• 10:9 : Kuala Lumpur Airport Suffered Cyberattack – Hackers Demanded US$10 Million Ransom
• 10:9 : Weaponized Google Ads Attacking DeepSeek Users to Deliver Malware
• 10:8 : Mozilla Releases Urgent Patch for Windows Users Following Recently Exploited Chrome Zero-day
• 10:8 : New Lucid PhAAS Platform Leveraging RCS & iMessage to Bypass Detections
• 9:32 : New ‘Lucid’ Phishing Platform Abuses iMessage, Android RCS to Slip Past Defenses
• 9:32 : Cyber Crisis Management Plan: Shield for Brand Reputation
• 9:9 : State of Cloud Security Report 2025
• 9:9 : PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps
• 8:34 : Meta AI Expands to 41 European Countries in New Rollout
• 8:34 : The rise of identity and access management: How IAM evolved to being the new perimeter of cybersecurity
• 8:6 : Thousands of Driver’s Licenses, Bank Records, and PII Exposed in Australian Fintech Data Leak
• 8:5 : IT Security News Hourly Summary 2025-03-28 09h : 9 posts
• 7:41 : Cloudflare Introduces OpenPubkey SSH with Single Sign-On Integration
• 7:41 : The EU AI Act: A Critical Overview of a Necessary Act?
• 7:40 : WoW! A Ransomware Gang Just Took Over One of America’s Largest ISPs
• 7:40 : JavaScript injection campaign, solar power vulnerabilities, SIM swap lawsuit
• 7:9 : AppSOC Research Labs Delivers Damning Verdict on DeepSeek-R1
• 7:9 : After Chrome patches zero-day used to target Russians, Firefox splats similar bug
• 7:9 : Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
• 7:9 : Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
• 7:8 : Government Officials’ Data Leaks: Cyber Security Today for Friday, March 18, 2025
• 6:36 : Mozilla Releases Urgent Patch for Windows After Chrome Zero-Day Exploit
• 6:36 : Oracle’s Data Breach Denial Unravels as Leaked Info Checks Out
• 6:36 : Tor Browser 14.0.8 Released Emergency Update for Windows Users
• 6:36 : Android financial threats: What businesses need to know to protect themselves and their customers
• 6:11 : BlackLock Ransomware gang infrastructure breached and info passed to law enforcement
• 6:11 : The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn’t It
• 6:11 : Cybersecurity spending set to jump 12.2% in 2025
• 5:34 : Kuala Lumpur Airport Hit by Cyberattack, Hackers Demand $10M Ransom
• 5:34 : Healthcare’s alarming cybersecurity reality
• 5:15 : Tor Browser 14.0.8 Emergency Release for Windows Users
• 5:15 : Infosec products of the month: March 2025
• 5:15 : Post-quantum cryptography and the future of online safety
• 3:31 : CISA Warns of Google Chrome Zero-day Vulnerability Exploited in the Wild
• 2:11 : ISC Stormcast For Friday, March 28th, 2025 https://isc.sans.edu/podcastdetail/9384, (Fri, Mar 28th)
• 2:5 : IT Security News Hourly Summary 2025-03-28 03h : 1 posts
• 1:34 : Cyber-crew claims it cracked American cableco, releases terrible music video to prove it
• 0:34 : How do I manage access controls for NHIs to meet compliance requirements?
• 0:34 : What training is necessary for staff regarding NHI compliance?
• 0:34 : What metrics should be tracked to ensure NHI compliance?
• 23:34 : U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog
• 23:5 : IT Security News Hourly Summary 2025-03-28 00h : 3 posts
• 22:55 : IT Security News Daily Summary 2025-03-27