Today’s Cybersecurity Threats and Trends - 03/06/2025

Organizations must patch vulnerabilities, monitor package dependencies, and secure WordPress installations to stay ahead of these evolving threats.

Author

J.W. Croley
March 06, 2025

In partnership with

Start learning AI in 2025

Everyone talks about AI, but no one has the time to learn it. So, we found the easiest way to learn AI in as little time as possible: The Rundown AI.

It's a free AI newsletter that keeps you up-to-date on the latest AI news, and teaches you how to apply it in just 5 minutes a day.

Plus, complete the quiz after signing up and they’ll recommend the best AI tools, guides, and courses – tailored to your needs.

1. VMware Security Flaws Exploited in Targeted Attacks

Primary Threat: Multiple critical vulnerabilities in VMware products are being actively exploited by attackers to gain unauthorized access, execute arbitrary code, and hijack virtual environments. Broadcom’s security advisory warns that these exploits are being used in real-world attacks, allowing privilege escalation and lateral movement across networks.

Risk: Cloud and virtualization compromise, unauthorized remote control, and data exfiltration.

Detection and Remediation Tips:

  • Apply VMware security patches immediately to all affected products.

  • Monitor for unauthorized virtual machine modifications or unusual hypervisor activity.

  • Restrict admin privileges for VM management interfaces to prevent unauthorized access.

2. Researchers Link Cactus Ransomware to Black Basta via Shared Backconnect Techniques

Primary Threat: Cactus ransomware is now confirmed to share infrastructure and techniques with Black Basta, one of the most dangerous ransomware groups in recent years. Trend Micro’s research shows that both groups use backconnect malware to establish hidden remote access tunnels, bypassing security controls and maintaining persistence.

Risk: Data encryption, operational downtime, and prolonged stealthy access.

Detection and Remediation Tips:

  • Monitor for abnormal network connections or persistent tunnels in enterprise environments.

  • Detect unusual RDP or SSH activity linked to ransomware operators.

  • Apply threat intelligence feeds to block known Cactus and Black Basta infrastructure.

3. Seven Malicious Go Packages Found in Supply Chain Attack

Primary Threat: Attackers have published seven typosquatted Go packages that deliver malware loaders via dependency confusion attacks. Socket’s security research reveals that these malicious Go packages mimic popular open-source libraries, infecting software developers and cloud applications.

Risk: Software supply chain compromise, backdoored applications, and cloud service infiltration.

Detection and Remediation Tips:

  • Verify package integrity before installing Go modules from untrusted sources.

  • Monitor for suspicious dependencies added to codebases.

  • Implement allowlisting policies to block typosquatted or unauthorized package installations.

Did you know...?

In 2018, Dark Caracal was exposed for running one of the largest cyber espionage campaigns targeting mobile devices. The group’s latest use of Poco RAT shows that espionage actors continue evolving their tactics, adapting to new platforms and communication methods to remain undetected.

4. APT Lotus Panda Targets Gov and Defense Organizations

Primary Threat: Lotus Panda, a Chinese state-sponsored APT, has launched new espionage campaigns targeting government and defense sectors. Cisco Talos’ analysis details the group’s use of custom malware, phishing emails, and supply chain attacks to infiltrate critical infrastructure.

Risk: National security threats, prolonged cyber espionage, and data exfiltration.

Detection and Remediation Tips:

  • Flag email attachments and links associated with Lotus Panda infrastructure.

  • Monitor for long-term persistent access in critical systems.

  • Apply strict endpoint protection and behavior-based detection for Lotus Panda TTPs.

5. Dark Caracal Uses Poco RAT to Target Telecommunications

Primary Threat: Dark Caracal, a notorious espionage group, has been identified using Poco RAT, a custom remote access trojan, to infiltrate telecommunications providers and government agencies. PT Security researchers warn that this malware is capable of remote data theft, keylogging, and command execution.

Risk: Surveillance, espionage, and credential compromise.

Detection and Remediation Tips:

  • Monitor for Poco RAT-related indicators of compromise (IoCs) in telecommunications environments.

  • Detect unauthorized data transfers or credential harvesting attempts.

  • Apply endpoint monitoring solutions to track unusual process execution.

6. 1,000+ WordPress Sites Infected with JavaScript Backdoors

Primary Threat: Attackers have compromised over 1,000 WordPress sites, injecting four different JavaScript-based backdoors to steal credentials and execute malicious redirects. C/side threat analysis reveals that the infection spreads via compromised third-party plugins and themes, allowing attackers to take control of affected sites.

Risk: Website defacement, credential harvesting, and malware distribution.

Detection and Remediation Tips:

  • Audit WordPress plugins and themes for unauthorized modifications.

  • Monitor for unexpected JavaScript injections or redirects on web pages.

  • Apply security updates to all WordPress installations and restrict plugin installations.

IN SUMMARY:

Today’s cyber landscape highlights ransomware-linked backdoors, WordPress infections, and supply chain attacks across multiple sectors:

🚨 Key Takeaways:
✔️ VMware vulnerabilities are being actively exploited, requiring immediate patching.
✔️ Cactus ransomware shares techniques with Black Basta, increasing stealthy attack risks.
✔️ Malicious Go packages are infecting software supply chains via dependency confusion.
✔️ Lotus Panda APT is targeting defense and government entities with cyber espionage.
✔️ Dark Caracal’s Poco RAT is infiltrating telecommunications firms for surveillance.
✔️ Over 1,000 WordPress sites have been infected with JavaScript-based backdoors.

🔎 Immediate Actions:
✔️ Apply VMware security patches to prevent known exploits.
✔️ Harden WordPress security and remove unnecessary third-party plugins.
✔️ Monitor DevOps environments for suspicious Go package dependencies.
✔️ Detect unusual RDP/SSH activity linked to Cactus and Black Basta operations.
✔️ Enhance email security to prevent Lotus Panda and Dark Caracal phishing attacks.

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)