Friday Wrap Up: 7 March 2025

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
π₯ Cybersecurity Incidents & Threats
π Rubrik rotates authentication keys after log server breach β A breach in Rubrikβs log server led to the rotation of potentially leaked authentication keys. (Published on 3/3/2025, Bleeping Computer). Read More
π North Korean fake IT workers pose as blockchain developers β Fraudulent personas on GitHub are helping North Korean operatives secure blockchain development jobs in the U.S. and Japan. (Published on 3/5/2025, SecurityWeek). Read More
πΈ Deepfake videos of YouTube CEO phish creators β Scammers are using deepfake tactics to impersonate YouTube leadership and steal creator credentials. (Published on 3/6/2025, Dark Reading). Read More
π₯ Employee charged with stealing unreleased movies β A Memphis man was arrested for stealing and leaking digital copies of unreleased films. (Published on 3/7/2025, Bleeping Computer). Read More
π Exploits, Vulnerabilities & Patches
π οΈ Hackers exploit Paragon Partition Manager driver vulnerability β A zero-day flaw (CVE-2025-0289) is being used in ransomware attacks to escalate privileges and execute arbitrary code. (Published on 3/3/2025, The Hacker News). Read More
π Android zero-day vulnerabilities actively exploited β Googleβs March 2025 update patches two actively abused zero-days. Update ASAP! (Published on 3/5/2025, Malwarebytes). Read More
π‘οΈ Broadcom patches 3 VMware zero-days β CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 were actively exploited before Broadcomβs patch release. (Published on 3/4/2025, SecurityWeek). Read More
ποΈ Malicious Chrome extensions spoof password managers β A new polymorphic attack allows extensions to mimic trusted apps like password managers and crypto wallets. (Published on 3/6/2025, BleepingComputer). Read More
π¨ Ransomware & Cyber Attacks
π΄ββ οΈ Over 4,000 ISP IPs targeted in brute-force attacks β Attackers are deploying info stealers and cryptominers across ISP networks in China and the U.S. (Published on 3/4/2025, The Hacker News). Read More
π Silk Typhoon hackers target IT supply chains β The Chinese cyber-espionage group is now exploiting remote management tools and cloud services to access downstream networks. (Published on 3/5/2025, BleepingComputer). Read More
π₯ Tata Technologies hit by Hunters International ransomware β The ransomware gang threatens to leak 1.4TB of stolen data. (Published on 3/6/2025, Hackread). Read More
π₯ Ransomware gang encrypts network using a webcam β Akira ransomware operators bypassed EDR protections by launching an encryption attack from an unsecured webcam. (Published on 3/7/2025, BleepingComputer). Read More
β‘ Emerging Tech & AI Security
π§ How new AI agents will transform credential stuffing attacks β AI-powered “Computer-Using Agents” enable cybercriminals to automate web attacks at low cost and effort. (Published on 3/4/2025, The Hacker News). Read More
βοΈ Quantum Wars: Google, Microsoft, and Amazonβs race to fault-tolerant qubits β Amazon introduces a scalable microchip with cat qubit technology, intensifying competition in quantum computing. (Published on 3/3/2025, SecurityWeek). Read More
π€ Why using multiple AIs is trending now β Organizations are shifting towards leveraging multiple AI models for better accuracy, security, and efficiency. (Published on 3/7/2025, InformationWeek). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!