Good morning, pentesters, red team, and blue team members! Welcome to your weekly cyber security briefing from SquidHacker.com, covering the latest threats, vulnerabilities, and tools from March 14 to March 21, 2025. This week’s roundup, as of 08:33 AM PDT on Friday, March 21, 2025, brings you critical updates to stay sharp in the fast-evolving cyber landscape.

Key Vulnerabilities and Exploits

This week’s research highlights a slew of critical vulnerabilities:

• Veeam Backup & Replication RCE (CVE-2025-23120): Allows domain users to compromise backup servers with SYSTEM privileges. Blue team, patch ASAP; red team, study the exploit. Source
• Apache Tomcat Vulnerability (CVE-2025-24813): Actively exploited within 30 hours of disclosure for unauthorized RCE on web servers. Blue team, update servers; red team, analyze exploitation methods. Source
• Nakivo Backup Path Traversal: Added to CISA’s Known Exploited Vulnerabilities list, risking unauthorized access. Blue team, prioritize patching; red team, test attack vectors. Source
• Checkpoint ZoneAlarm Driver Exploit: Hackers leverage this 2016 driver for BYOVD attacks to bypass Windows security. Blue team, secure systems; red team, learn the tactics. Source
• Fortinet Vulnerabilities (CVE-2024-55591, CVE-2025-24472): Exploited since January by Mora_001 to deploy SuperBlack ransomware, tied to LockBit. Blue team, patch FortiOS and FortiProxy; red team, explore post-exploitation patterns. Source
• Windows Zero-Day (ZDI-CAN-25373): Exploited by 11 state-sponsored groups since 2017 for espionage via .LNK files. Blue team, monitor for suspicious activity; red team, study state-backed TTPs. Source

Quick reference table:

Vulnerability	CVE	Impact	Blue Team Action	Red Team Action
Veeam Backup RCE	CVE-2025-23120	Compromise backup servers	Patch immediately	Study exploitation
Apache Tomcat RCE	CVE-2025-24813	Unauthorized RCE on web servers	Update servers	Analyze exploit methods
Nakivo Backup Path Traversal	N/A	Unauthorized access to backups	Prioritize patching	Explore attack vectors
Checkpoint ZoneAlarm Driver	N/A	Bypass Windows security via BYOVD	Secure systems	Learn advanced tactics
Fortinet SuperBlack Exploit	CVE-2024-55591, CVE-2025-24472	Super-admin access, ransomware	Patch FortiOS/Proxy	Study LockBit patterns
Windows Zero-Day	ZDI-CAN-25373	Espionage via .LNK files	Monitor activity	Study state TTPs

Ransomware and Malware Activities

Ransomware and malware campaigns escalated this week:

• Albabat Ransomware: Targets Windows, Linux, and macOS via GitHub. Both teams, note the cross-platform threat. Source
• Black Basta Ransomware: Uses the BRUTED framework since 2023 for automated brute-force attacks on edge devices like VPNs and firewalls. Blue team, bolster edge defenses; red team, dissect the automation. Source
• StilachiRAT: Steals RDP session data. Blue team, watch RDP logs; red team, test RDP exploits. Source
• Arcane Stealer: Spread via YouTube, hitting network utilities and VPNs. Blue team, train users on phishing; red team, analyze social engineering. Source
• Medusa Ransomware: FBI and CISA warn of its double-extortion model targeting email users (Gmail, Outlook), with over 300 victims since February. Blue team, enable MFA; red team, study phishing TTPs. Source
• RansomHub’s Betruger Backdoor: Linked to recent attacks, showing affiliate collaboration. Both teams, track this evolving threat. Source

Summary table:

Threat	Target	Distribution	Blue Team Action	Red Team Action
Albabat Ransomware	Windows, Linux, macOS	GitHub	Watch cross-platform	Study distribution
Black Basta	Edge network devices	Brute force (BRUTED)	Strengthen edge defenses	Analyze automation
StilachiRAT	RDP session data	N/A	Monitor RDP anomalies	Explore RDP exploits
Arcane Stealer	Network utilities, VPN	YouTube videos	Educate on phishing	Analyze social engineering
Medusa Ransomware	Email users (Gmail, Outlook)	Phishing	Enable MFA	Study phishing TTPs
RansomHub Betruger	Various	Backdoor	Track threat evolution	Study affiliate tactics

AI and Emerging Threats

AI-driven threats gained traction this week:

• AI Agents in Cybercrime: Hackers use AI for account exploitation, with Europol flagging financial system risks. Both teams, understand AI’s dual role. Source
• LLM Jailbreak Technique: Uses fictional worlds to bypass AI security controls, per Cato Networks. Critical for offensive and defensive AI strategies. Source
• ClickFix Phishing: Microsoft warns of a campaign targeting hospitality via fake Booking.com emails. Blue team, enhance email filters; red team, mimic the zero-click approach. Source

Tools and Resources

Notable updates for your toolkit:

• Caido v0.47.0: A Burp Suite alternative for web pentesting, enhancing red team capabilities. Source
• Google’s Wiz Acquisition: A $32 billion cloud security move. Monitor its impact, both teams. Source
• CVE Prioritizer: VulnCheck’s tool combines CVSS, EPSS, and CISA KEV data for smarter patch management. Useful for blue team prioritization. Source

Notable Incidents and Events

Key incidents and opportunities this week:

• US Government Exposure: Over 150 database servers exposed, risking national security. Source
• FishMonger APT: Compromised 7 organizations in 2022. Source
• Hellcat Ransomware: Hit Ascom and Jaguar Land Rover with data theft. Source
• GitHub Supply Chain Attack: CVE-2025-30066 exposed secrets in 23K projects. Source
• Browser Phishing Surge: Up 140%, with 130% in zero-hour attacks. Source
• LockBit Developer Extradition: Rostislav Panev faces U.S. charges for a $500M spree. Source
• Events: Threat Intelligence Summit and AI Risk Summit offer growth opportunities.

Conclusion

This week’s brief, spanning March 14–21, 2025, arms you with the latest cyber security intel. From Medusa’s phishing surge to Black Basta’s brute-force automation, stay proactive and verify with trusted sources like SecurityWeek and CybersecurityNews.com. Keep sharpening your skills!

---

Tags: cybersecurity, pentesting, red team, blue team, vulnerabilities, ransomware, AI threats