Infosec bits for 2025 week 13

Maajied Moos | March 28, 2025, 3:03 p.m.

Cybersecurity News:

The hidden risk in SaaS: Why companies need a digital identity exit strategy [Jacob Ideskog, Help Net Security]

Hunting Rituals #5:Why hypothesis-based threat hunting is essential in cybersecurity [Yeo Zi Wei and Yiu Wai Leong, Group-IB]

Encrypted Messaging Apps Promise Privacy. Government Transparency Is Often the Price [Associated Press, Security Week]

New Android malware uses Microsoft’s .NET MAUI to evade detection [Bill Toulas, Bleeping Computer]

Vulnerabilities & Patches:

Critical 'IngressNightmare' Vulns Imperil Kubernetes Environments [Jai Vijayan, Dark Reading]

Critical flaw in Next.js lets hackers bypass authorization [Bill Toulas, Bleeping Computer]

CrushFTP warns users to patch unauthenticated access flaw immediately [Sergiu Gatlan, Bleeping Computer]

VMware Patches Authentication Bypass Flaw in Windows Tools Suite [SecurityWeek News, Security Week]

Attacks & Data Breaches:

Oracle Cloud says it's not true someone broke into its login servers and stole data [Jessica Lyons, The Register]

Oracle customers confirm data stolen in alleged cloud breach is valid [Lawrence Abrams, Bleeping Computer]

Malware:

Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed [Ravie Lakshmanan, The Hacker News]

Steam pulls game demo infecting Windows with info-stealing malware [Bill Toulas, Bleeping Computer]

Checkpoint ZoneAlarm Driver Flaw Exposes Users to Credential Theft [Deeba Ahmed, Hack Read]

Attackers Use Fake CAPTCHAs to Deploy Lumma Stealer RAT [Beth Maundrill, Info-Security Magazine]

VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics [Ravie Lakshmanan, The Hacker News]

DeepSeek users targeted with fake sponsored Google ads that deliver malware [Pieter Arntz, Malware Bytes]

New Tooling:

Malwoverview: First response tool for threat hunting [Mirko Zorz, Help Net Security]