TECHZONE™
رفتن به کانال در Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
نمایش بیشتر595
مشترکین
اطلاعاتی وجود ندارد24 ساعت
-27 روز
-1130 روز
آرشیو پست ها
595
⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
https://thehackernews.com/2025/03/weekly-recap-chrome-0-day.html
Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks?
Step behind the curtain with us this week as we explore breaches born from routine oversights—and the unexpected
595
5 Impactful AWS Vulnerabilities You're Responsible For
https://thehackernews.com/2025/03/5-impactful-aws-vulnerabilities-youre.html
If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer’s responsibility.
Think of AWS security like protecting a building: AWS provides strong walls and a solid roof, but it's up to the customer to handle the locks, install the alarm systems,
595
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
https://thehackernews.com/2025/03/russia-linked-gamaredon-uses-troop.html
Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT.
"The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geo-fenced servers located in Russia and Germany to
595
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
https://thehackernews.com/2025/03/resurge-malware-exploits-ivanti-flaw.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances.
"RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that
595
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
https://thehackernews.com/2025/03/new-android-trojan-crocodilus-abuses.html
Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey.
"Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,"
595
BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
https://thehackernews.com/2025/03/blacklock-ransomware-exposed-after.html
In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process.
Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract
595
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
https://thehackernews.com/2025/03/researchers-uncover-46-critical-flaws.html
Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids.
The vulnerabilities have been collectively codenamed SUN:DOWN by Forescout Vedere Labs.
"The new vulnerabilities can be
595
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
https://thehackernews.com/2025/03/coffeeloader-uses-gpu-based-armoury.html
Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads.
The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader.
"The purpose of the malware is to download and execute second-stage payloads while evading
595
Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity
https://thehackernews.com/2025/03/how-to-ensure-business-continuity-with-datto-b.html
Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require solutions that go beyond storage and enable instant recovery to minimize downtime and data loss. This is
595
PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps
https://thehackernews.com/2025/03/pjobrat-malware-campaign-targeted.html
An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps.
"PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis.
PJobRAT, first
595
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
https://thehackernews.com/2025/03/nine-year-old-npm-packages-hijacked-to.html
Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems.
"Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers," Sonatype researcher Ax Sharma said. "However, [...] the latest
595
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
https://thehackernews.com/2025/03/mozilla-patches-critical-firefox-bug.html
Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape.
"Following the recent Chrome sandbox escape (
595
Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks
https://thehackernews.com/2025/03/hackers-repurpose-ransomhubs.html
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play.
The connection stems from the use of a custom tool that's designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in
595
New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It
https://thehackernews.com/2025/03/new-report-explains-why-casb-solutions.html
Whether it’s CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more.
A new report, Understanding SaaS Security Risks: Why
595
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html
An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country.
Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as
595
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records
https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html
Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands.
DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat.
"The threat actor behind
595
Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!
https://thehackernews.com/2025/03/top-3-ms-office-exploits-hackers-use-in.html
Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system.
Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them.
1.
595
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
https://thehackernews.com/2025/03/150000-sites-compromised-by-javascript.html
An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date.
"The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor's browser," c/side security analyst Himanshu
595
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
https://thehackernews.com/2025/03/cisa-flags-two-six-year-old-sitecore.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities are listed below -
CVE-2019-9874 (CVSS score: 9.8) - A deserialization vulnerability in the Sitecore.Security.AntiCSRF
595
NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems
https://thehackernews.com/2025/03/netapp-snapcenter-flaw-could-let-users.html
A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation.
SnapCenter is an enterprise-focused software that's used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources.
The vulnerability, tracked as
اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
