Weekly One-Shot: March 4 – March 10, 2025

This week's threats and trends.

Author

J.W. Croley
March 08, 2025

In partnership with

Optimize global IT operations with our World at Work Guide

Explore this ready-to-go guide to support your IT operations in 130+ countries. Discover how:

  • Standardizing global IT operations enhances efficiency and reduces overhead

  • Ensuring compliance with local IT legislation to safeguard your operations

  • Integrating Deel IT with EOR, global payroll, and contractor management optimizes your tech stack

Leverage Deel IT to manage your global operations with ease.

Cybercriminals are continuing to expand their attack methods, and this week, they’re going after cloud environments, software supply chains, and virtualization platforms. VMware vulnerabilities took center stage, while ransomware gangs and espionage groups ramped up operations against government and corporate targets.

Let’s break it all down.

This week in Cybersecurity

  1. Cactus Ransomware Shares Infrastructure with Black Basta
    New evidence links Cactus ransomware to Black Basta, indicating a shared infrastructure for coordinated ransomware operations.
    March 6 Newsletter

  2. APT Lotus Panda Targets Government and Defense Organizations
    Chinese APT group Lotus Panda is using phishing and supply chain infiltration to breach government and military networks.
    March 6 Newsletter

  3. Space Pirates APT Targets IT Firms in Espionage Campaign
    Space Pirates APT is targeting Russian IT firms, leveraging weaponized software updates to breach supply chains.
    March 4 Newsletter

  4. Seven Malicious Go Packages Found in Supply Chain Attack
    Typosquatted Go packages are being used in malware distribution via dependency confusion attacks, infecting software development environments.
    March 6 Newsletter

  5. Dark Caracal Uses Poco RAT to Target Telecommunications
    Dark Caracal APT is using a custom RAT to steal sensitive telecom data and monitor communications.
    March 6 Newsletter

  6. JavaGhost Exploits AWS for Cloud Phishing Attacks
    Threat actors are exploiting AWS misconfigurations, setting up rogue phishing domains using exposed IAM roles.
    March 4 Newsletter

  7. Hackers Exploit Paragon Partition Manager Vulnerability for Privilege Escalation
    CVE-2025-726882 is being actively exploited, allowing attackers to gain system-level privileges.
    March 4 Newsletter

  8. 1,000+ WordPress Sites Infected with JavaScript Backdoors
    Compromised WordPress sites are injecting JavaScript backdoors, stealing credentials and redirecting users to malicious domains.
    March 6 Newsletter

  9. Hackers Use ClickFix Trick to Deploy FUD C2 Malware
    Microsoft Graph API and SharePoint are being used to deploy fully undetectable malware in enterprise cloud environments.
    March 4 Newsletter

  10. 5,000 Phishing PDFs Found Across 260 Domains in SEO Trap
    Attackers are leveraging SEO poisoning and malicious PDFs to steal credentials via fake CAPTCHA prompts and login forms.
    March 4 Newsletter

Biggest Threat This Week

VMware Security Flaws Exploited in Targeted Attacks

Newly discovered critical vulnerabilities in VMware products are being actively exploited, allowing attackers to gain unauthorized access to virtual environments, move laterally within networks, and take over enterprise workloads.

  • MITRE Tactics: Initial Access, Lateral Movement, Persistence

  • Risk Level: Critical – VMware is a core component of enterprise IT, making this exploit particularly dangerous.

Detection & Prevention Tips:
✔ Apply VMware patches and harden virtual machine configurations immediately.
✔ Monitor for unauthorized access attempts to VMware infrastructure.
✔ Restrict administrative privileges to prevent lateral movement.

Training Recommendation

Master Virtualization Security – Hack The Box SOC Analyst Path

With the increase in VMware exploits, understanding virtualization security best practices is essential. Hack The Box’s Enterprise SOC Analyst patch provides hands-on training in hypervisor security, sandbox evasion, and cloud misconfiguration defenses.

Start training here: Hack The Box SOC Analyst Training

Wrapping Up:

This week’s cybersecurity news highlights the diverse and evolving threats organizations face.

From exploiting software vulnerabilities and targeted attacks to advanced malware tactics and data breaches, it is clear that a proactive, comprehensive defense strategy is more critical than ever.

Staying vigilant, maintaining up-to-date defenses, and promptly responding to incidents are key to protecting against these ever-present threats.

J.W.

(P.S. Supporting our partners helps keep this newsletter running!)