Weekly One-Shot: March 11 – March 17, 2025

This week's threats and trends.

Author

J.W. Croley
March 15, 2025

In partnership with

Learn AI in 5 minutes a day

This is the easiest way for a busy person wanting to learn AI in as little time as possible:

  1. Sign up for The Rundown AI newsletter

  2. They send you 5-minute email updates on the latest AI news and how to use it

  3. You learn how to become 2x more productive by leveraging AI

This week in cybersecurity feels like watching a bad sequel where the villains keep upgrading their weapons. The Chinese are back poking holes in our routers, while ransomware-as-a-service is becoming disturbingly plug-and-play. And just when you thought your web browser was safe, here comes another zero-day.

Let’s get into it.

This week in Cybersecurity

  1. Apple Releases Urgent Patch for WebKit Zero-Day (CVE-2025-27291)
    An actively exploited WebKit zero-day could allow remote code execution on iOS and macOS devices. Users should update immediately.
    March 13 Newsletter

  2. EncryptHub RaaS Deploys Ransomware and Infostealers
    The EncryptHub ransomware-as-a-service platform is delivering ransomware payloads alongside infostealers in double-extortion campaigns.
    March 11 Newsletter

  3. Blind Eagle APT Targets Colombian Organizations in Phishing Campaign
    Blind Eagle is targeting Colombian government and legal organizations with phishing campaigns delivering malware.
    March 13 Newsletter

  4. PHP-CGI RCE Flaw Exploited in Attacks Targeting Japan
    Attackers are exploiting a remote code execution flaw in PHP-CGI implementations to target Japanese organizations.
    March 11 Newsletter

  5. GitHub Uncovers Critical Ruby-SAML Library Vulnerability
    GitHub warns of a critical Ruby-SAML flaw that allows attackers to bypass SSO authentication mechanisms.
    March 13 Newsletter

  6. Meta Warns of FreeType Vulnerability (CVE-2025-27363) Used in Targeted Attacks
    Exploited FreeType library vulnerability allows attackers to compromise systems via malicious fonts.
    March 13 Newsletter

  7. Surge in SSRF Exploitation with Over 400 IPs Launching Attacks
    A spike in Server-Side Request Forgery (SSRF) attacks has been observed, targeting cloud services and metadata APIs.
    March 13 Newsletter

  8. Desert Dexter Targets 900 Victims Using Telegram as C2
    Desert Dexter malware campaign infects victims in the Middle East, using Telegram for command and control operations.
    March 11 Newsletter

  9. Ballista Botnet Exploits TP-Link Devices for DDoS Attacks
    Ballista Botnet is compromising TP-Link routers to launch large-scale DDoS campaigns against gaming and finance sectors.
    March 11 Newsletter

  10. Moxa Issues Fix for Vulnerability in Industrial Switches
    Moxa releases a patch addressing a vulnerability in its EDS-G512E industrial switches that could allow remote attackers to disrupt industrial network operations.
    March 11 Newsletter

Biggest Threat This Week

Chinese Hackers Breach Juniper Networks Routers in Espionage Operation

Chinese state-sponsored hackers successfully compromised Juniper Networks routers, conducting a large-scale espionage campaign against government and corporate targets. The attackers exploited zero-day vulnerabilities to gain persistent access, exfiltrate sensitive data, and maintain stealth operations across multiple sectors.

  • Risk Level: Critical

  • MITRE Tactics: Initial Access, Persistence, Collection

  • Action Steps: Patch Juniper devices immediately and audit network traffic for signs of compromise.

    March 13 Newsletter

Training Recommendation

Know Your Weak Points: Network Exploitation & Defense

Hack The Box - Network Exploitation & Defense
With attackers targeting core network infrastructure, this course helps you understand how to exploit and defend routers and switches. Essential for anyone securing enterprise networks.

Wrapping Up:

Core infrastructure got rocked this week. If you’re not patching your routers and VPNs, you’re leaving the door wide open. Meanwhile, the ransomware scene keeps thriving with RaaS platforms dropping plug-and-play pain on organizations everywhere.

Patch early. Audit often. And don’t click on that sketchy “Invoice_2031.pdf.”

See you next week!
J.W.

(P.S. Supporting our partners helps keep this newsletter running!)