- Patch Tuesday – March 2025
March 11, 2025
Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists all of them. Microsoft is also aware of public disclosure for one other vulnerability. This is ...
- SideWinder targets the maritime and nuclear sectors with an updated toolset
March 10, 2025
Last year, Kaspersky researchers published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In the article, they described activities that had mostly happened in the first half of the year. The researchers tried to draw attention to the group, ...
- Hacker accessed PowerSchool’s network months before massive December breach
March 10, 2025
A hacker compromised the U.S. edtech giant PowerSchool months before its ‘massive’ data breach in December, according to a now-published forensic report into the incident conducted by U.S. cybersecurity firm CrowdStrike. In a letter sent to affected customers last week, seen by TechCrunch, PowerSchool confirmed that an investigation into the incident has revealed that its network ...
- Elon Musk’s X hit by waves of outages in what he claims is ‘a massive cyberattack’
March 10, 2025
Elon Musk’s X has been hit by three waves of outages since this morning, which the billionaire claims was due to a cyberattack. According to outage tracking site DownDetector, the problems began around 6 am ET when up to 20,538 users reported problems. The issues temporarily died down before nearly 40,000 users reported outages at 10 ...
- Allstate sued for not reporting data breach of 165,000 New Yorkers
March 10, 2025
New York state sued Allstate on Monday, accusing the insurer’s National General unit of failing to report a data breach that exposed drivers’ license numbers, and not developing reasonable safeguards to protect policyholders’ private information. The lawsuit by New York Attorney General Letitia James was filed in a state court in Manhattan, and seeks civil fines. ...
- Fake CAPTCHA websites hijack your clipboard to install information stealers
March 10, 2025
There are more and more sites that use a clipboard hijacker and instruct victims on how to infect their own machine. I realize that may sound like something trivial to steer clear from, but apparently it’s not because the social engineering behind it is pretty sophisticated. At first, these attacks were more targeted at people that ...
- Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations
March 10, 2025
Japanese telecom giant NTT Communications (NTT Com) has confirmed that hackers accessed the data of almost 18,000 corporate customers during a February cyberattack, affecting an as-yet-unknown number of individuals. The Tokyo-based NTT Com, which provides phone and network tech to enterprises, said it discovered the data breach on February 5 after determining that the hackers had ...
- European Commission defends EU digital markets rules in the face of US attacks
March 7, 2025
Vice-Presidents Teresa Ribera and Henna Virkkunen have insisted that the EU’s Digital Markets Act (DMA) does not target US companies and applies agnostically to digital platforms designated under its rules as “gatekeepers”, in a letter responding to questions from the US Congress seen by Euronews. “The criteria for gatekeeper designation are based on objectively identified and ...
- Israel: Unit 8200 created AI language learning tool from intercepted Palestinian Arabic comms
March 7, 2025
Israel’s military surveillance Unit 8200 has reportedly developed a vast database of intercepted Palestinian communications in order to construct an artificial intelligence tool similar to ChatGPT, a joint investigation by The Guardian, +972 Magazine and Mekomit alleged on Thursday. Israel reportedly hopes that the resulting AI tool “will transform its spying capabilities.” The investigation by the ...
- New botnet unleashes record-breaking DDoS attacks
March 7, 2025
A new botnet dubbed “Eleven11bot” has emerged, delivering what security researchers believe are the largest distributed denial-of-service (DDoS) attacks ever recorded. The botnet, primarily composed of compromised webcams and video recorders, has triggered widespread service disruptions and ignited a debate within the cybersecurity community about its true size. Nokia’s Deepfield Emergency Response Team first detected the ...
- UK: Healthcare staff illegally accessed medical records belonging to the Nottingham attack victims
March 6, 2025
The families of the Nottingham attack victims have said claims healthcare staff illegally accessed medical records belonging to their loved ones are “sickening” and “inexcusable”. Barnaby Webber and Grace O’Malley-Kumar, both 19, and Ian Coates, 65, were stabbed to death by Valdo Calocane in the city in June 2023. Dr Manjeet Shehmar, medical director at Nottingham ...