Internet Security

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities

March 13, 2025 add comment
Researchers warn of a “coordinated surge” in the exploitation attempts of SSRF vulnerabilities in multiple platforms. Threat intelligence firm GreyNoise observed Grafana path traversal exploitation attempts before the Server-Side... Read more »

Meta warns of actively exploited flaw in FreeType library

March 13, 2025 add comment
Meta warned that a vulnerability, tracked as CVE-2025-27363, impacting the FreeType library may have been exploited in the wild. Meta warned that an out-of-bounds write flaw, tracked as CVE-2025-27363 (CVSS score... Read more »

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

March 13, 2025 add comment
The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory... Read more »

China-linked APT UNC3886 targets EoL Juniper routers

March 13, 2025 add comment
Mandiant researchers warn that China-linked actors are deploying custom backdoors on Juniper Networks Junos OS MX routers. In mid-2024, Mandiant identified custom backdoors on Juniper Networks’ Junos OS routers, and... Read more »

U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

March 12, 2025 add comment
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to... Read more »

Microsoft Patch Tuesday security updates for March 2025 fix six actively exploited zero-days

March 12, 2025 add comment
Microsoft Patch Tuesday security updates for March 2025 address 56 security vulnerabilities in its products, including six actively exploited zero-days. Microsoft Patch Tuesday security updates for March 2025 addressed... Read more »

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

March 12, 2025 add comment
The Ballista botnet is exploiting an unpatched TP-Link vulnerability, targeting over 6,000 Archer routers, Cato CTRL researchers warn. Cato CTRL researchers observed a new botnet, called Ballista botnet, which... Read more »

Apple fixed the third actively exploited zero-day of 2025

March 11, 2025 add comment
Apple addressed a zero-day vulnerability, tracked as CVE-2025-24201, that has been exploited in “extremely sophisticated” cyber attacks. Apple has released emergency security updates to address a zero-day vulnerability, tracked... Read more »

Switzerland’s NCSC requires cyberattack reporting for critical infrastructure within 24 hours

March 11, 2025 add comment
Switzerland’s NCSC mandates critical infrastructure organizations to report cyberattacks within 24 hours of discovery. Switzerland’s National Cybersecurity Centre (NCSC) now requires critical infrastructure organizations to report cyberattacks within 24... Read more »

SideWinder APT targets maritime and nuclear sectors with enhanced toolset

March 11, 2025 add comment
The APT group SideWinder targets maritime and logistics companies across South and Southeast Asia, the Middle East, and Africa. Kaspersky researchers warn that the APT group SideWinder (also known... Read more »
Subscribe to our Newsletter