Friday Wrap Up: 14 March 2025

It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
Cybersecurity Threats & Incidents π₯
π¨ Americans lost a record $12.5 billion to fraud in 2024, marking a 25% increase from the previous year. (Published on 3/10/2025, BleepingComputer). Read More
π΄ββ οΈ A former employee was found guilty of a revenge kill-switch scheme, locking out users if their account was disabled. (Published on 3/10/2025, Dark Reading). Read More
π Chinese cyberspies have backdoored Juniper routers, exploiting outdated hardware for stealthy access. (Published on 3/12/2025, BleepingComputer). Read More
π¦ GitHub-hosted malware infected 1M Windows users via a complex malvertising attack chain. (Published on 3/11/2025, Dark Reading). Read More
π North Koreaβs ScarCruft group deployed KoSpy malware to spy on Android users via fake utility apps. (Published on 3/13/2025, The Hacker News). Read More
β‘ Salt Typhoon cyberattacks highlight critical infrastructure vulnerabilities, urging stronger defenses. (Published on 3/13/2025, Dark Reading). Read More
Vulnerabilities & Security Updates π§
π₯ Microsoft patched 57 security flaws, including six actively exploited zero-days. (Published on 3/12/2025, The Hacker News). Read More
π οΈ GitLab patched critical authentication bypass vulnerabilities in Community and Enterprise Editions. (Published on 3/13/2025, BleepingComputer). Read More
ποΈ SAP released critical security updates for Commerce and NetWeaver platforms. (Published on 3/11/2025, SecurityWeek). Read More
βοΈ SCADA vulnerabilities in Mitsubishi Electric and Iconics could facilitate industrial cyberattacks. (Published on 3/10/2025, SecurityWeek). Read More
π‘ Cisco patched a critical IOS XR vulnerability that could crash BGP routers with a single update message. (Published on 3/14/2025, BleepingComputer). Read More
Emerging Cybercrime Techniques π΅οΈββοΈ
π New Ballista IoT botnet linked to an Italian threat actor, targeting TP-Link Archer routers. (Published on 3/11/2025, SecurityWeek). Read More
π PowerSchoolβs portal was compromised months before its massive data breach, exposing user credentials. (Published on 3/12/2025, SecurityWeek). Read More
π΄ββ οΈ Black Basta ransomware gang developed an automated brute-force tool to breach VPNs and firewalls. (Published on 3/14/2025, BleepingComputer). Read More
π Remote access infrastructure remains the riskiest corporate attack surface, tripling ransomware risks. (Published on 3/14/2025, Dark Reading). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!