Today’s Cybersecurity Threats and Trends - 03/20/2025

Whether it's securing edge devices or patching critical infrastructure, here’s what you need to know:

Author

J.W. Croley
March 22, 2025

In partnership with

News for Everyday Americans!

A massive shift is happening in the American Media. The corporate elite news media has lost the trust of the American people. Half the American people believe national news organizations intend to mislead, misinform, and push their bias.

THERE IS A BETTER WAY!

Sign up today for a FREE newsletter called The Flyover. Without the hidden agenda, slant, or bias, our talented team of editors dig through hundreds of sources and pull out the most important news of the day!

1. Unpatched Edimax Camera Flaw Exploited by Mirai Botnet Variant

Primary Threat: A critical command injection vulnerability in Edimax network cameras is being actively exploited by a new Mirai botnet variant. Akamai’s research reveals that attackers leverage the flaw to gain root access, integrating compromised cameras into botnet-driven DDoS attacks. Exploits are already widespread, affecting thousands of devices running outdated firmware.

Risk: IoT device hijacking, large-scale DDoS attacks, and network compromise.

Detection and Remediation Tips:

  • Immediately update Edimax camera firmware where patches are available.

  • Monitor for suspicious outbound connections from camera IP addresses.

  • Segment IoT devices from critical networks to prevent lateral movement.

2. Apache Tomcat Vulnerability Under Active Exploitation

Primary Threat: A recently disclosed critical vulnerability in Apache Tomcat is now under active exploitation in the wild. Apache’s advisory warns that the flaw allows attackers to execute arbitrary code on vulnerable Tomcat servers via crafted HTTP requests. Organizations running unpatched versions of Tomcat are at immediate risk of server takeover.

Risk: Remote code execution, system compromise, and data theft.

Detection and Remediation Tips:

  • Apply the latest Apache Tomcat security patches.

  • Monitor for unexpected HTTP POST requests with malformed headers or parameters.

  • Harden Tomcat server configurations, disabling unnecessary services and ports.

3. Microsoft Warns of Stilachirat Malware Targeting Cryptocurrency Assets

Primary Threat: Microsoft has issued a warning about Stilachirat, a stealthy malware campaign targeting cryptocurrency users. Microsoft’s analysis highlights how the malware performs detailed reconnaissance on infected systems before stealing crypto wallet credentials and executing clipboard hijacking to redirect transactions.

Risk: Cryptocurrency theft, account compromise, and financial loss.

Detection and Remediation Tips:

  • Monitor for processes accessing cryptocurrency wallet files or clipboard contents.

  • Educate users to verify wallet addresses before sending transactions.

  • Use endpoint protection capable of detecting clipboard hijacking behaviors.

Did you know...?

The original Mirai botnet, which took down Dyn DNS in 2016, was built to exploit poorly secured IoT devices like cameras and routers. Today’s Edimax camera exploits show that many IoT devices remain low-hanging fruit for modern botnets like the latest Mirai variants.

4. BadBox 2.0 Botnet Infects Over One Million Android Devices

Primary Threat: A massive malware campaign dubbed BadBox 2.0 has compromised over one million Android devices, according to Human Security. The malware, pre-installed on low-cost Android phones and TV boxes, grants attackers remote control over devices, used for click fraud, credential theft, and potential botnet-driven attacks.

Risk: Device compromise, credential harvesting, and botnet exploitation.

Detection and Remediation Tips:

  • Avoid purchasing unvetted Android devices, particularly from untrusted vendors.

  • Monitor for anomalous app behavior and excessive network traffic.

  • Enforce mobile device management (MDM) policies for all enterprise devices.

5. Critical AMI BMC Vulnerability Puts Data Centers at Risk

Primary Threat: Eclypsium researchers have identified a critical vulnerability in AMI MegaRAC Baseboard Management Controllers (BMCs) used in many data center servers. Eclypsium’s report highlights how attackers can exploit the flaw to gain low-level control of servers, bypassing traditional security measures and potentially installing firmware implants.

Risk: Persistent system compromise, data center control, and hardware backdoors.

Detection and Remediation Tips:

  • Apply firmware updates for vulnerable BMCs as provided by server vendors.

  • Restrict BMC network access to dedicated management networks with strict ACLs.

  • Monitor for unusual firmware updates or hardware-level events.

6. Unpatched Windows Zero-Day Exploited via Malicious Shortcuts

Primary Threat: A zero-day vulnerability in Windows shortcut (LNK) handling is being actively exploited in targeted attacks. Trend Micro’s research describes how attackers craft malicious shortcut files that, when opened, trigger remote code execution without user interaction. These shortcuts are delivered via email attachments and USB drives.

Risk: Remote code execution, malware deployment, and system compromise.

Detection and Remediation Tips:

  • Block or sandbox emails containing shortcut (LNK) files.

  • Monitor for execution of LNK files from non-standard locations.

  • Apply Microsoft’s latest security updates as soon as they are released.

IN SUMMARY:

Today’s threats highlight widespread IoT vulnerabilities, critical server flaws, and evolving malware campaigns targeting both consumers and enterprises.

🚨 Key Takeaways:
✔️ Edimax camera flaws are being exploited to fuel Mirai botnets.
✔️ Apache Tomcat servers face active exploitation, requiring urgent patching.
✔️ Stilachirat malware focuses on crypto theft through system reconnaissance and clipboard hijacking.
✔️ BadBox 2.0 botnet infects over 1 million Android devices, many via supply chain compromise.
✔️ AMI BMC vulnerabilities pose a critical risk to data center infrastructure.
✔️ Windows zero-day exploit uses malicious LNK files to bypass user interaction.

🔧 Immediate Actions:
✔️ Patch IoT devices, Apache Tomcat servers, and AMI BMC firmware now.
✔️ Secure Windows environments against shortcut file exploits.
✔️ Review mobile device policies, focusing on pre-installed malware risks.
✔️ Harden cryptocurrency storage systems against clipboard and credential theft.

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)