Cyber Security Morning Brief – Week of March 22–28, 2025

Cyber Security Morning Brief – Week of March 22–28, 2025

Good morning, pentesters, red team, and blue team members! Welcome to your weekly cyber security briefing from SquidSec, covering the latest threats, vulnerabilities, and news from March 22 to March 28, 2025. This week’s roundup, as of 08:33 AM PDT on Friday, March 28, 2025, brings you critical updates to stay sharp in the fast-evolving cyber landscape.

Key Vulnerabilities and Exploits

This week’s research highlights critical vulnerabilities requiring immediate action:

VulnerabilityCVEImpactBlue Team ActionRed Team Action
Google Chrome Zero-DayCVE-2025-2783Sandbox escape, code executionPatch immediately, monitor exploitationStudy exploitation techniques
Solar Power System FlawsMultipleGrid disruption, unauthorized accessApply patches, enhance monitoringExplore attack vectors on infrastructure
Next.js Middleware BypassCVE-2025-29927Authentication bypass, unauthorized accessUpdate to patched versions, block headerTest bypass techniques
  • Google Chrome Zero-Day (CVE-2025-2783): A zero-day flaw in Chrome’s Mojo component enabled sandbox escape and potential code execution. Actively exploited, Google patched it on March 26, 2025, and CISA added it to the Known Exploited Vulnerabilities Catalog. Blue team: Update browsers now. Red team: Analyze exploitation methods.
  • Solar Power System Vulnerabilities: Forescout’s SUN:DOWN report identified 46 new vulnerabilities in solar inverters from Sungrow, Growatt, and SMA, threatening power grid stability. Patches are available—blue team, prioritize deployment; red team, test attack scenarios.
  • Next.js Middleware Bypass (CVE-2025-29927): A critical flaw in Next.js allowed attackers to bypass middleware authentication by manipulating the x-middleware-subrequest header. Disclosed March 21, 2025, and patched in versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it affects self-hosted apps using next start with output: standalone. Blue team: Patch or block the header. Red team: Explore bypass tactics.

Ransomware and Malware Activities

Ransomware groups demonstrated increased collaboration this week:

ThreatDescriptionBlue Team ActionRed Team Action
RansomHub, Play, Medusa, BianLianShared use of EDRKillShifter tool, signaling collaborationMonitor for EDR-killing tools, enhance threat intelStudy tool usage and tactics
  • Ransomware Group Connections: ESET research revealed ties between RansomHub, Play, Medusa, and BianLian, linked by their shared use of the EDRKillShifter tool. A single affiliate is suspected of conducting attacks for all four groups, indicating resource-sharing. Blue team: Bolster endpoint detection and threat intelligence. Red team: Dissect multi-group campaign tactics.

Notable Incidents and Events

Key incidents and developments shaped the week:

  • World of Warcraft DDoS Attack: A DDoS attack disrupted Blizzard’s services, including World of Warcraft, starting March 22, 2025. Blizzard mitigated it and resurrected affected Hardcore mode characters, a first for their permadeath policy.
  • Google Chrome Zero-Day Exploitation: CVE-2025-2783 saw active exploitation, prompting a swift patch and CISA catalog addition.
  • Next.js Vulnerability Exploitation: CVE-2025-29927 probes began by March 26, 2025, targeting self-hosted Next.js apps, with attackers bypassing middleware security checks. Patches were released, but unpatched systems remain at risk.
  • Solar Power System Vulnerabilities: The 46 new flaws build on prior research, underscoring risks to renewable energy infrastructure.
  • Ransomware Group Connections: Links between major ransomware operators suggest a shift toward coordinated cybercrime.
  • GetReal Security Funding: Raised $17.5 million to combat AI-generated threats like deepfakes, reflecting industry focus on AI risks.
  • MORSE Corp Settlement: Paid $4.6 million to settle cybersecurity failure allegations, highlighting accountability.
  • T-Mobile SIM Swap Settlement: Paid $33 million in arbitration over a past SIM swap attack, emphasizing mobile security impacts.

Conclusion

This week’s brief, spanning March 22–28, 2025, highlights a dynamic threat landscape—from the Next.js middleware bypass and Chrome zero-day to DDoS attacks on gaming platforms and vulnerabilities in critical infrastructure. Ransomware group collaboration further complicates defenses. Stay proactive: patch systems, monitor threats, and verify details with trusted sources like SecurityWeek and CybersecurityNews.com. Keep sharpening your skills!

Tags: cybersecurity, vulnerabilities, DDoS, ransomware, zero-day, critical infrastructure, Next.js, AI threats