News – March 2025

March 19, 2025

A consumer-grade spyware operation called SpyX was hit by a data breach last year, TechCrunch has learned. The breach reveals that SpyX and two other related mobile apps had records on almost 2 million people at the time of the breach, including thousands of Apple users. The data breach dates back to June 2024 but had ...

March 19, 2025

Even if you practice perfect cyber hygiene, you can still wake up to find yourself amid a major security crisis resulting from a data breach, and that’s exactly what happened to half a million teachers. As reported by The Record, over 500,000 teachers and other employees who work in education across Pennsylvania’s public schools had their ...

March 19, 2025

On Wednesday, March 19, 2025, backup and recovery software provider Veeam published a security advisory for a critical remote code execution vulnerability tracked as CVE-2025-23120. The vulnerability affects Backup & Replication systems that are domain joined. Veeam explicitly mentions that domain-joined backup servers are against security and compliance best practices, but in reality, we believe this ...

March 19, 2025

Sperm donor giant California Cryobank has announced it has suffered a data breach that exposed customers’ personal information. California Cryobank (CCB) is a sperm donation and cryopreservation firm and one of the US’ top sperm banks. As such, it services all US states and over 30 countries worldwide. The data breach notification states that the breach ...

March 19, 2025

A hacker group has disrupted the communication networks of ships belonging to two major Iranian shipping companies sanctioned by the US. The group, called Lab Dookhtegan or “Read My Lips”, said it has disrupted the communication networks of 116 ships and therefore, severed the ships’ connections to each other, their ports, and external communication channels, according ...

March 19, 2025

At the end of 2024, Kaspersky researchers discovered a new stealer distributed via YouTube videos promoting game cheats. What’s intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla and DynDNS. The stealer was named Arcane, not ...

March 19, 2025

On March 5, the FBI issued an alert regarding a mail scam targeting U.S. business executives with extortion. The letters claim to be from noted ransomware group BianLian, demanding a payment in Bitcoin ranging from $250,000 to $500,000 within ten days of receipt. The FBI alert reads as follows: “Stamped “Time Sensitive Read Immediately”, the letter ...

March 19, 2025

Following the detainment of Istanbul mayor and leading Turkish opposition politician Ekrem İmamoğlu, several social networks and short message services are only partially usable in the country. Many Turks described restrictions on X, YouTube, Instagram, TikTok, Whatsapp, Signal, Telegram and other services. İmamoğlu was detained this morning; he is accused by the judiciary of corruption and ...

March 18, 2025

Malwarebytes Labs were alerted to Mac and Windows stealers currently distributed via Reddit posts targeting users engaging in cryptocurrency trading. One of the common lures is a cracked software version of the popular trading platform TradingView. The crooks are posting links to both Windows and Mac installers which have been laced with Lumma Stealer and Atomic ...

March 18, 2025

The Trend Zero Day Initiative threat hunting team identified significant instances of the exploitation of ZDI-CAN-25373 across a variety of campaigns dating back to 2017. The researchers analysis revealed that 11 state-sponsored groups from North Korea, Iran, Russia, and China have employed ZDI-CAN-25373 in operations primarily motivated by cyber espionage and data theft. Trend Micro discovered ...