In our fast-paced, interconnected world, the dangers of cyberattacks are becoming more frequent and complex. That’s why it’s more important than ever to stay updated and aware of the risks. Every week, our newsletter offers a simple roundup of the most important news, expert opinions, and practical tips to help you protect your online information and stay ahead of potential threats.
In this edition, we examine recent cyberattacks, security weaknesses that have been discovered, and important updates related to laws and regulations affecting businesses everywhere. We highlight key issues such as advanced scams and the rise of ransomware, as well as the latest vulnerabilities affecting cloud services and internet-connected devices.
Our goal is to help you spot potential risks before they become bigger problems. We also share easy-to-follow advice to enhance your organization’s security and promote a culture of awareness about online safety.
Whether you work in cybersecurity, IT, or just have an interest in protecting yourself and your data online, we aim to keep you informed and prepared. Our newsletter combines essential news with useful insights and straightforward tips for everyday readers.
Look forward to regular features that include brief updates on security threats, recommendations for helpful tools, and insights into new technologies that can improve security.
Thank you for trusting us as your source of information on cybersecurity. We encourage you to read on, share your thoughts, and become part of a community dedicated to safeguarding our digital world. Stay safe, stay updated, and remember that being informed is your best defense against online threats.
Cyber Attack
1. Hackers Selling Advanced Stealthy HiddenMiner Malware
A new version of the HiddenMiner cryptomining malware is being sold on underground forums. It features advanced evasion techniques, can bypass virtual machines and Windows UAC, and operates without admin privileges. HiddenMiner hijacks system resources to mine Monero, causing slowdowns and potential hardware damage while remaining undetected for long periods.
Read More
2. RedExt: Chrome Extension Tool for Red Teamers
RedExt, a powerful new red team tool, combines a Chrome extension with a Flask-based C2 server. It enables comprehensive browser data collection-such as cookies, browsing history, screenshots, and system info-through a modern dashboard. While intended for authorized security testing, it highlights the risks posed by browser extensions and the need for strict extension policies.
Read More
3. Nationwide Power Outages in Portugal & Spain
A massive blackout struck Spain and Portugal, affecting millions and causing airport closures, stranded travelers, and hospital disruptions. The outage impacted mobile networks and critical infrastructure, with authorities investigating the cause, believed to be related to the European electric grid.
Read More
4. Hackers Actively Attacking Git Configuration Files
Threat actors have ramped up internet-wide scans for exposed Git configuration files, seeking leaked credentials and tokens. This surge in activity poses risks of cloud service compromise and source code theft. Developers are urged to block public access to .git directories and rotate any exposed credentials immediately.
Read More
5. 20.5 Million DDoS Attacks Blocked in Q1 2025
Cloudflare reported blocking 20.5 million DDoS attacks in the first quarter of 2025-a 358% year-over-year increase. One-third of these targeted the Cloudflare network, underscoring the escalating scale and frequency of distributed denial-of-service threats.
Read More
6. JokerOTP Phishing Platform Dismantled
International law enforcement dismantled the JokerOTP platform, linked to over 28,000 phishing attacks across 13 countries and £7.5 million in losses. The operation led to multiple arrests and signals a significant blow to cybercriminals exploiting one-time password phishing schemes.
Read More
7. New WordPress Malware Masquerades as Anti-Malware Plugin
A new malware campaign targets WordPress sites using a fake security plugin, “WP-antymalwary-bot.php.” Once installed, it grants attackers admin access, executes remote code, and injects malicious JavaScript for ad fraud. The malware is adept at hiding itself and reinfecting sites.
Read More
8. Weaponized PDFs Deliver Remcos RAT Malware on Windows
Researchers have uncovered a malspam campaign using fake payment notices and malicious PDFs to deliver Remcos RAT. The attack chain leverages steganography to hide malware in image files, ultimately granting attackers remote control over infected Windows systems.
Read More
Vulnerabilities
1. React Router Vulnerabilities Threaten Millions of Web Apps
Two high-severity flaws in React Router (CVE-2025-43864, CVE-2025-43865) allow attackers to corrupt content, poison caches, and spoof pre-rendered data in applications using server-side rendering. Exploitation requires no privileges or user interaction. Immediate upgrade to version 7.5.2 is urged.
Read More6
2. SAP NetWeaver 0-Day Actively Exploited
A critical zero-day (CVE-2025-31324, CVSS 10.0) in SAP NetWeaver Visual Composer is being exploited to deploy webshells, granting attackers full system access. The flaw stems from a missing authorization check, enabling unauthenticated remote code execution. Emergency patching is mandatory.
Read More4
3. Apache Tomcat Vulnerability Enables DoS Attacks
CVE-2025-31650 allows attackers to bypass security rules and trigger denial-of-service by sending malformed HTTP priority headers, causing memory leaks and server crashes. Affected Tomcat versions span 9.0.76–9.0.102, 10.1.10–10.1.39, and 11.0.0-M2–11.0.5. Upgrade to the latest version is strongly advised.
Read More9
4. Linux Kernel Vulnerability Under Review
A privilege escalation flaw in the Linux kernel is under active investigation. Details are pending, but administrators should monitor for updates and apply patches promptly once available.
Read More8
5. Google Reports 75 Zero-Day Vulnerabilities Exploited in 2024
Google’s Threat Intelligence Group warns of 75 zero-days exploited this year, with a surge in attacks on enterprise products and Windows platforms. Use-after-free, command injection, and XSS flaws dominate. Organizations are urged to adopt zero-trust and prioritize patching.
Read More7
6. AirPlay Zero-Click RCE Exposes Billions of Devices
The “AirBorne” vulnerability in Apple’s AirPlay protocol enables zero-click remote code execution over Wi-Fi, affecting over 2.35 billion Apple and third-party devices. Patches are available, but many third-party products remain unprotected. Users should update and disable AirPlay if unused.
Read More5
7. Avast Antivirus Privilege Escalation Vulnerability
CVE-2025-3500 in Avast Free Antivirus allows local attackers to gain kernel-level privileges via a flaw in the aswbidsdriver kernel driver. Patched in version 25.3.9983.922; users should update immediately.
Read More11
8. VirtualBox Privilege Escalation Attacks
A new vulnerability in Oracle VirtualBox is being reviewed for privilege escalation risks. Users should watch for official advisories and apply security updates as soon as they are released.
Read More
9. macOS Sandbox Escape Allows Keychain Manipulation
CVE-2025-31191 lets sandboxed apps delete and replace keychain entries, bypassing macOS security boundaries and enabling arbitrary file access. Apple has released patches for all affected platforms. Update your systems promptly.
Read More
Threats
1. Surge of APT Attacks Targeting Asian Organizations
A wave of 19 coordinated Advanced Persistent Threat (APT) campaigns hit South and East Asia in March, with nearly half of the attacks targeting government agencies. Spear phishing remains the top vector, but attackers also exploited server vulnerabilities and watering hole attacks. Groups like APT37 and Lazarus were particularly active, using weaponized documents and exploiting web server vulnerabilities to gain initial access and deploy further payloads.
Read more
2. Ransomware-as-a-Service (RaaS) Evolves with EDR Killers
Threat actors are increasingly adopting Ransomware-as-a-Service platforms, now enhanced by custom Endpoint Detection and Response (EDR) killers. Groups like RansomHub have risen rapidly, offering lucrative affiliate programs and proprietary tools like “EDRKillShifter” to bypass security solutions. The financial impact is severe, with ransomware and extortion accounting for the majority of financially motivated breaches in recent years.
Read more
3. Hackers Exploit GetShared File-Sharing Service
Cybercriminals are leveraging the legitimate GetShared platform to bypass email security and deliver malware. Attackers send convincing notifications with business-related file names, tricking recipients into downloading malicious payloads. This multi-stage approach often evades detection and uses a variety of payloads, from executables to documents with embedded scripts.
Read more
4. Gremlin Stealer: New Info-Stealing Malware on the Rise
A new infostealer, Gremlin Stealer, is being advertised on hacker forums and Telegram. This C# malware targets Windows systems, stealing browser data, cryptocurrency wallets, credit card details, and more. Notably, it can bypass Chrome’s latest cookie protections and exfiltrate a wide array of sensitive data, posing a significant risk to both individuals and organizations.
Read more
5. Konni APT Deploys Multi-Stage Malware in South Korea
The North Korean-linked Konni APT group has launched a multi-stage malware campaign against South Korean organizations. The attack chain starts with a disguised shortcut file, leading to PowerShell-based payload delivery and the deployment of a sophisticated Remote Access Trojan (RAT) for persistent access and data exfiltration.
Read more
6. New Subscription-Based Scams Steal Credit Card Data
A surge in subscription-based scams is targeting users with fake e-commerce storefronts and enticing offers. Victims are lured into recurring payment schemes, often missing the fine print that authorizes ongoing charges. These scams are highly professional, leveraging social media ads and sophisticated web design to bypass skepticism and steal sensitive financial information.
Read more
7. MintsLoader Drops GhostWeaver via Phishing and ClickFix Attacks
The newly identified MintsLoader malware is being used to deliver the GhostWeaver backdoor, primarily targeting financial and healthcare sectors. Attackers use phishing emails and a novel “ClickFix” technique, which manipulates users into granting additional privileges through fake system prompts. The malware is adept at evading detection and can disable endpoint security products.
Read more
Data Breach
Disney Hacker Pleads Guilty After Massive Data Theft
A California man, Ryan Mitchell Kramer, has agreed to plead guilty to federal charges after hacking into a Disney employee’s computer and stealing 1.1 terabytes of confidential company data. Kramer distributed malware disguised as AI art software, which, when downloaded by a Disney staff member, gave him access to sensitive credentials. He then infiltrated Disney’s internal Slack channels and exfiltrated millions of internal messages, including strategic and financial information. After a failed extortion attempt, Kramer leaked the data online. Disney has since shut down internal Slack systems and continues to cooperate with law enforcement. Read more
Harrods Store Hit by Cyber Attack
Harrods, the iconic London department store, confirmed it was the target of a sophisticated cyberattack, making it the third major UK retailer targeted in a week. While store operations and online shopping remain unaffected, Harrods has not disclosed the full extent of the breach or whether customer data was compromised. The attack follows similar incidents at Marks & Spencer and Co-op, raising concerns about a coordinated campaign against the UK retail sector. Authorities urge consumers to monitor their accounts and change passwords as a precaution. Read more
UK Retailer Co-op Shuts Down IT Systems After Cyber Attack Attempt
The Co-operative Group, one of the UK’s largest retailers, shut down parts of its IT infrastructure after detecting an attempted cyber attack. The shutdown affected back-office systems and call centers, but all stores and core services remain operational. There is no evidence that customer data was accessed or compromised. The incident follows a major ransomware attack on Marks & Spencer, fueling concerns about escalating threats to UK retailers. Co-op is working with cybersecurity experts and law enforcement as investigations continue. Read more
Ascension Healthcare Hacked: Ransomware Attack Disrupts Hospitals
Ascension, one of the largest healthcare systems in the U.S., suffered a major ransomware attack in May 2024, affecting operations at 142 hospitals. Attackers gained access after an employee unwittingly downloaded a malicious file, allowing lateral movement and file encryption. While only a small number of servers were compromised, some contained protected health and personal information. Ascension is offering free credit monitoring to patients and continues to work with federal authorities to investigate and recover from the attack. Read more
Other News
Kali Linux Warns of Imminent Update Failures
Kali Linux users are facing a major disruption as the update process is set to fail for nearly all users due to a change in the repository signing key. The team has provided manual steps to resolve the issue and assures there is no security compromise.
Read more
Tor Browser 14.5.1 Released with Critical Security Updates
The Tor Project has launched Tor Browser 14.5.1, delivering essential security patches-especially those backported from recent Firefox versions. This update strengthens privacy and usability for users across all platforms.
Read more
Disney Hacker Pleads Guilty to Massive Data Theft
A California man has admitted guilt after hacking into a Disney employee’s computer, stealing 1.1 terabytes of confidential company data, and threatening to leak it. The breach exposed sensitive internal communications and strategic documents.
Read more
Microsoft Introduces Passwordless Access for Accounts
Microsoft is rolling out passwordless access to its accounts, allowing users to sign in using alternative authentication methods. This move aims to enhance security and reduce reliance on traditional passwords.
Read more
Microsoft Exchange Erroneously Flags Gmail as Spam
A recent issue has caused Microsoft Exchange to incorrectly flag legitimate Gmail messages as spam, impacting email reliability for many users. Microsoft is investigating and working on a fix.
Read more
