Cyber Security Morning Brief – Week of March 14–21, 2025

Cyber Security Morning Brief – Week of March 14–21, 2025

Good morning, pentesters, red team, and blue team members! Welcome to your weekly cyber security briefing from SquidHacker.com, covering the latest threats, vulnerabilities, and tools from March 14 to March 21, 2025. This week’s roundup, as of 08:33 AM PDT on Friday, March 21, 2025, brings you critical updates to stay sharp in the fast-evolving cyber landscape.

Key Vulnerabilities and Exploits

This week’s research highlights a slew of critical vulnerabilities:

  • Veeam Backup & Replication RCE (CVE-2025-23120): Allows domain users to compromise backup servers with SYSTEM privileges. Blue team, patch ASAP; red team, study the exploit. Source
  • Apache Tomcat Vulnerability (CVE-2025-24813): Actively exploited within 30 hours of disclosure for unauthorized RCE on web servers. Blue team, update servers; red team, analyze exploitation methods. Source
  • Nakivo Backup Path Traversal: Added to CISA’s Known Exploited Vulnerabilities list, risking unauthorized access. Blue team, prioritize patching; red team, test attack vectors. Source
  • Checkpoint ZoneAlarm Driver Exploit: Hackers leverage this 2016 driver for BYOVD attacks to bypass Windows security. Blue team, secure systems; red team, learn the tactics. Source
  • Fortinet Vulnerabilities (CVE-2024-55591, CVE-2025-24472): Exploited since January by Mora_001 to deploy SuperBlack ransomware, tied to LockBit. Blue team, patch FortiOS and FortiProxy; red team, explore post-exploitation patterns. Source
  • Windows Zero-Day (ZDI-CAN-25373): Exploited by 11 state-sponsored groups since 2017 for espionage via .LNK files. Blue team, monitor for suspicious activity; red team, study state-backed TTPs. Source

Quick reference table:

VulnerabilityCVEImpactBlue Team ActionRed Team Action
Veeam Backup RCECVE-2025-23120Compromise backup serversPatch immediatelyStudy exploitation
Apache Tomcat RCECVE-2025-24813Unauthorized RCE on web serversUpdate serversAnalyze exploit methods
Nakivo Backup Path TraversalN/AUnauthorized access to backupsPrioritize patchingExplore attack vectors
Checkpoint ZoneAlarm DriverN/ABypass Windows security via BYOVDSecure systemsLearn advanced tactics
Fortinet SuperBlack ExploitCVE-2024-55591, CVE-2025-24472Super-admin access, ransomwarePatch FortiOS/ProxyStudy LockBit patterns
Windows Zero-DayZDI-CAN-25373Espionage via .LNK filesMonitor activityStudy state TTPs

Ransomware and Malware Activities

Ransomware and malware campaigns escalated this week:

  • Albabat Ransomware: Targets Windows, Linux, and macOS via GitHub. Both teams, note the cross-platform threat. Source
  • Black Basta Ransomware: Uses the BRUTED framework since 2023 for automated brute-force attacks on edge devices like VPNs and firewalls. Blue team, bolster edge defenses; red team, dissect the automation. Source
  • StilachiRAT: Steals RDP session data. Blue team, watch RDP logs; red team, test RDP exploits. Source
  • Arcane Stealer: Spread via YouTube, hitting network utilities and VPNs. Blue team, train users on phishing; red team, analyze social engineering. Source
  • Medusa Ransomware: FBI and CISA warn of its double-extortion model targeting email users (Gmail, Outlook), with over 300 victims since February. Blue team, enable MFA; red team, study phishing TTPs. Source
  • RansomHub’s Betruger Backdoor: Linked to recent attacks, showing affiliate collaboration. Both teams, track this evolving threat. Source

Summary table:

ThreatTargetDistributionBlue Team ActionRed Team Action
Albabat RansomwareWindows, Linux, macOSGitHubWatch cross-platformStudy distribution
Black BastaEdge network devicesBrute force (BRUTED)Strengthen edge defensesAnalyze automation
StilachiRATRDP session dataN/AMonitor RDP anomaliesExplore RDP exploits
Arcane StealerNetwork utilities, VPNYouTube videosEducate on phishingAnalyze social engineering
Medusa RansomwareEmail users (Gmail, Outlook)PhishingEnable MFAStudy phishing TTPs
RansomHub BetrugerVariousBackdoorTrack threat evolutionStudy affiliate tactics

AI and Emerging Threats

AI-driven threats gained traction this week:

  • AI Agents in Cybercrime: Hackers use AI for account exploitation, with Europol flagging financial system risks. Both teams, understand AI’s dual role. Source
  • LLM Jailbreak Technique: Uses fictional worlds to bypass AI security controls, per Cato Networks. Critical for offensive and defensive AI strategies. Source
  • ClickFix Phishing: Microsoft warns of a campaign targeting hospitality via fake Booking.com emails. Blue team, enhance email filters; red team, mimic the zero-click approach. Source

Tools and Resources

Notable updates for your toolkit:

  • Caido v0.47.0: A Burp Suite alternative for web pentesting, enhancing red team capabilities. Source
  • Google’s Wiz Acquisition: A $32 billion cloud security move. Monitor its impact, both teams. Source
  • CVE Prioritizer: VulnCheck’s tool combines CVSS, EPSS, and CISA KEV data for smarter patch management. Useful for blue team prioritization. Source

Notable Incidents and Events

Key incidents and opportunities this week:

  • US Government Exposure: Over 150 database servers exposed, risking national security. Source
  • FishMonger APT: Compromised 7 organizations in 2022. Source
  • Hellcat Ransomware: Hit Ascom and Jaguar Land Rover with data theft. Source
  • GitHub Supply Chain Attack: CVE-2025-30066 exposed secrets in 23K projects. Source
  • Browser Phishing Surge: Up 140%, with 130% in zero-hour attacks. Source
  • LockBit Developer Extradition: Rostislav Panev faces U.S. charges for a $500M spree. Source
  • Events: Threat Intelligence Summit and AI Risk Summit offer growth opportunities.

Conclusion

This week’s brief, spanning March 14–21, 2025, arms you with the latest cyber security intel. From Medusa’s phishing surge to Black Basta’s brute-force automation, stay proactive and verify with trusted sources like SecurityWeek and CybersecurityNews.com. Keep sharpening your skills!


Tags: cybersecurity, pentesting, red team, blue team, vulnerabilities, ransomware, AI threats