Cyber Security Morning Brief – Week of March 22–28, 2025
Good morning, pentesters, red team, and blue team members! Welcome to your weekly cyber security briefing from SquidSec, covering the latest threats, vulnerabilities, and news from March 22 to March 28, 2025. This week’s roundup, as of 08:33 AM PDT on Friday, March 28, 2025, brings you critical updates to stay sharp in the fast-evolving cyber landscape.
Key Vulnerabilities and Exploits
This week’s research highlights critical vulnerabilities requiring immediate action:
| Vulnerability | CVE | Impact | Blue Team Action | Red Team Action |
|---|---|---|---|---|
| Google Chrome Zero-Day | CVE-2025-2783 | Sandbox escape, code execution | Patch immediately, monitor exploitation | Study exploitation techniques |
| Solar Power System Flaws | Multiple | Grid disruption, unauthorized access | Apply patches, enhance monitoring | Explore attack vectors on infrastructure |
| Next.js Middleware Bypass | CVE-2025-29927 | Authentication bypass, unauthorized access | Update to patched versions, block header | Test bypass techniques |
- Google Chrome Zero-Day (CVE-2025-2783): A zero-day flaw in Chrome’s Mojo component enabled sandbox escape and potential code execution. Actively exploited, Google patched it on March 26, 2025, and CISA added it to the Known Exploited Vulnerabilities Catalog. Blue team: Update browsers now. Red team: Analyze exploitation methods.
- Solar Power System Vulnerabilities: Forescout’s SUN:DOWN report identified 46 new vulnerabilities in solar inverters from Sungrow, Growatt, and SMA, threatening power grid stability. Patches are available—blue team, prioritize deployment; red team, test attack scenarios.
- Next.js Middleware Bypass (CVE-2025-29927): A critical flaw in Next.js allowed attackers to bypass middleware authentication by manipulating the
x-middleware-subrequestheader. Disclosed March 21, 2025, and patched in versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it affects self-hosted apps usingnext startwithoutput: standalone. Blue team: Patch or block the header. Red team: Explore bypass tactics.
Ransomware and Malware Activities
Ransomware groups demonstrated increased collaboration this week:
| Threat | Description | Blue Team Action | Red Team Action |
|---|---|---|---|
| RansomHub, Play, Medusa, BianLian | Shared use of EDRKillShifter tool, signaling collaboration | Monitor for EDR-killing tools, enhance threat intel | Study tool usage and tactics |
- Ransomware Group Connections: ESET research revealed ties between RansomHub, Play, Medusa, and BianLian, linked by their shared use of the EDRKillShifter tool. A single affiliate is suspected of conducting attacks for all four groups, indicating resource-sharing. Blue team: Bolster endpoint detection and threat intelligence. Red team: Dissect multi-group campaign tactics.
Notable Incidents and Events
Key incidents and developments shaped the week:
- World of Warcraft DDoS Attack: A DDoS attack disrupted Blizzard’s services, including World of Warcraft, starting March 22, 2025. Blizzard mitigated it and resurrected affected Hardcore mode characters, a first for their permadeath policy.
- Google Chrome Zero-Day Exploitation: CVE-2025-2783 saw active exploitation, prompting a swift patch and CISA catalog addition.
- Next.js Vulnerability Exploitation: CVE-2025-29927 probes began by March 26, 2025, targeting self-hosted Next.js apps, with attackers bypassing middleware security checks. Patches were released, but unpatched systems remain at risk.
- Solar Power System Vulnerabilities: The 46 new flaws build on prior research, underscoring risks to renewable energy infrastructure.
- Ransomware Group Connections: Links between major ransomware operators suggest a shift toward coordinated cybercrime.
- GetReal Security Funding: Raised $17.5 million to combat AI-generated threats like deepfakes, reflecting industry focus on AI risks.
- MORSE Corp Settlement: Paid $4.6 million to settle cybersecurity failure allegations, highlighting accountability.
- T-Mobile SIM Swap Settlement: Paid $33 million in arbitration over a past SIM swap attack, emphasizing mobile security impacts.
Conclusion
This week’s brief, spanning March 22–28, 2025, highlights a dynamic threat landscape—from the Next.js middleware bypass and Chrome zero-day to DDoS attacks on gaming platforms and vulnerabilities in critical infrastructure. Ransomware group collaboration further complicates defenses. Stay proactive: patch systems, monitor threats, and verify details with trusted sources like SecurityWeek and CybersecurityNews.com. Keep sharpening your skills!
Tags: cybersecurity, vulnerabilities, DDoS, ransomware, zero-day, critical infrastructure, Next.js, AI threats