
Cyber Security Morning Brief – Week of March 14–21, 2025
Good morning, pentesters, red team, and blue team members! Welcome to your weekly cyber security briefing from SquidHacker.com, covering the latest threats, vulnerabilities, and tools from March 14 to March 21, 2025. This week’s roundup, as of 08:33 AM PDT on Friday, March 21, 2025, brings you critical updates to stay sharp in the fast-evolving cyber landscape.
Key Vulnerabilities and Exploits
This week’s research highlights a slew of critical vulnerabilities:
- Veeam Backup & Replication RCE (CVE-2025-23120): Allows domain users to compromise backup servers with SYSTEM privileges. Blue team, patch ASAP; red team, study the exploit. Source
- Apache Tomcat Vulnerability (CVE-2025-24813): Actively exploited within 30 hours of disclosure for unauthorized RCE on web servers. Blue team, update servers; red team, analyze exploitation methods. Source
- Nakivo Backup Path Traversal: Added to CISA’s Known Exploited Vulnerabilities list, risking unauthorized access. Blue team, prioritize patching; red team, test attack vectors. Source
- Checkpoint ZoneAlarm Driver Exploit: Hackers leverage this 2016 driver for BYOVD attacks to bypass Windows security. Blue team, secure systems; red team, learn the tactics. Source
- Fortinet Vulnerabilities (CVE-2024-55591, CVE-2025-24472): Exploited since January by Mora_001 to deploy SuperBlack ransomware, tied to LockBit. Blue team, patch FortiOS and FortiProxy; red team, explore post-exploitation patterns. Source
- Windows Zero-Day (ZDI-CAN-25373): Exploited by 11 state-sponsored groups since 2017 for espionage via .LNK files. Blue team, monitor for suspicious activity; red team, study state-backed TTPs. Source
Quick reference table:
Vulnerability | CVE | Impact | Blue Team Action | Red Team Action |
---|---|---|---|---|
Veeam Backup RCE | CVE-2025-23120 | Compromise backup servers | Patch immediately | Study exploitation |
Apache Tomcat RCE | CVE-2025-24813 | Unauthorized RCE on web servers | Update servers | Analyze exploit methods |
Nakivo Backup Path Traversal | N/A | Unauthorized access to backups | Prioritize patching | Explore attack vectors |
Checkpoint ZoneAlarm Driver | N/A | Bypass Windows security via BYOVD | Secure systems | Learn advanced tactics |
Fortinet SuperBlack Exploit | CVE-2024-55591, CVE-2025-24472 | Super-admin access, ransomware | Patch FortiOS/Proxy | Study LockBit patterns |
Windows Zero-Day | ZDI-CAN-25373 | Espionage via .LNK files | Monitor activity | Study state TTPs |
Ransomware and Malware Activities
Ransomware and malware campaigns escalated this week:
- Albabat Ransomware: Targets Windows, Linux, and macOS via GitHub. Both teams, note the cross-platform threat. Source
- Black Basta Ransomware: Uses the BRUTED framework since 2023 for automated brute-force attacks on edge devices like VPNs and firewalls. Blue team, bolster edge defenses; red team, dissect the automation. Source
- StilachiRAT: Steals RDP session data. Blue team, watch RDP logs; red team, test RDP exploits. Source
- Arcane Stealer: Spread via YouTube, hitting network utilities and VPNs. Blue team, train users on phishing; red team, analyze social engineering. Source
- Medusa Ransomware: FBI and CISA warn of its double-extortion model targeting email users (Gmail, Outlook), with over 300 victims since February. Blue team, enable MFA; red team, study phishing TTPs. Source
- RansomHub’s Betruger Backdoor: Linked to recent attacks, showing affiliate collaboration. Both teams, track this evolving threat. Source
Summary table:
Threat | Target | Distribution | Blue Team Action | Red Team Action |
---|---|---|---|---|
Albabat Ransomware | Windows, Linux, macOS | GitHub | Watch cross-platform | Study distribution |
Black Basta | Edge network devices | Brute force (BRUTED) | Strengthen edge defenses | Analyze automation |
StilachiRAT | RDP session data | N/A | Monitor RDP anomalies | Explore RDP exploits |
Arcane Stealer | Network utilities, VPN | YouTube videos | Educate on phishing | Analyze social engineering |
Medusa Ransomware | Email users (Gmail, Outlook) | Phishing | Enable MFA | Study phishing TTPs |
RansomHub Betruger | Various | Backdoor | Track threat evolution | Study affiliate tactics |
AI and Emerging Threats
AI-driven threats gained traction this week:
- AI Agents in Cybercrime: Hackers use AI for account exploitation, with Europol flagging financial system risks. Both teams, understand AI’s dual role. Source
- LLM Jailbreak Technique: Uses fictional worlds to bypass AI security controls, per Cato Networks. Critical for offensive and defensive AI strategies. Source
- ClickFix Phishing: Microsoft warns of a campaign targeting hospitality via fake Booking.com emails. Blue team, enhance email filters; red team, mimic the zero-click approach. Source
Tools and Resources
Notable updates for your toolkit:
- Caido v0.47.0: A Burp Suite alternative for web pentesting, enhancing red team capabilities. Source
- Google’s Wiz Acquisition: A $32 billion cloud security move. Monitor its impact, both teams. Source
- CVE Prioritizer: VulnCheck’s tool combines CVSS, EPSS, and CISA KEV data for smarter patch management. Useful for blue team prioritization. Source
Notable Incidents and Events
Key incidents and opportunities this week:
- US Government Exposure: Over 150 database servers exposed, risking national security. Source
- FishMonger APT: Compromised 7 organizations in 2022. Source
- Hellcat Ransomware: Hit Ascom and Jaguar Land Rover with data theft. Source
- GitHub Supply Chain Attack: CVE-2025-30066 exposed secrets in 23K projects. Source
- Browser Phishing Surge: Up 140%, with 130% in zero-hour attacks. Source
- LockBit Developer Extradition: Rostislav Panev faces U.S. charges for a $500M spree. Source
- Events: Threat Intelligence Summit and AI Risk Summit offer growth opportunities.
Conclusion
This week’s brief, spanning March 14–21, 2025, arms you with the latest cyber security intel. From Medusa’s phishing surge to Black Basta’s brute-force automation, stay proactive and verify with trusted sources like SecurityWeek and CybersecurityNews.com. Keep sharpening your skills!
Tags: cybersecurity, pentesting, red team, blue team, vulnerabilities, ransomware, AI threats