Infosec bits for 2025 week 11
Sicelo Ncekana | March 14, 2025, 2:14 p.m.
Cybersecurity News:
PowerSchool previously hacked in August, months before data breach [Bill Toulas, Bleeping Computer]
The cyber threats to watch in 2025, and other cybersecurity news to know this month [Akshay Joshi, World Economic Forum]
Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide [Ravie Lakshmanan, The Hacker Newa]
Ongoing Cyber Attack Mimic Booking.com to Spread Password-Stealing Malware [Kaaviya, GB Hackers]
Fake CAPTCHA websites hijack your clipboard to install information stealers [Pieter Arntz, Malwarebytes Labs]
Breaches & Leaks:
Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations [TechCrunch, TechCrunch]
PowerSchool previously hacked in August, months before data breach [Bill Toulas, Bleeping Computer]
South African property giant hit by major data breach [Business Tech, Business Tech]
HDFC Life Data Leak News: ‘data theft incident…no material impact’ – Latest update from insurer [Sarmeeli Mallick, ET Now]
Vulnerabilities & Patches:
SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware [Kaaviya, Cybersecurity News]
Critical Windows Remote Desktop Services Vulnerability Lets Attackers Execute Malicious Code [Guru Baran, Cybersecurity News]
Critical PHP vulnerability under widespread cyberattack [Rob Wright, Cybersecurity Dive]
Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk [Ravie Lakshmanan, The Hacker Newa]
SAP patches severe vulnerabilities in NetWeaver and Commerce apps [John Leyden, CSO]
Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacks” [Pieter Arntz, Malwarebytes Labs]
Malware
SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware [Kaaviya, Cybersecurity News]
New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions [Bill Toulas, Bleeping Computer]
Forescout details SuperBlack ransomware exploiting critical Fortinet vulnerabilities [Anna Ribeiro, Industrial Cyber]
Darktrace's Detection of State-Linked ShadowPad Malware [Dark Trace, Dark Trace]