- Mycomputerspot Security Newsletter
- Posts
- Weekly One-Shot: March 24 – March 30, 2025
Weekly One-Shot: March 24 – March 30, 2025
This week's threats and trends.
Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and easy-to-digest information regarding cybersecurity threats to non-tech and technical professionals alike. If this sounds like something that would help someone you know, please share the newsletter!
The gold standard of business news
Morning Brew is transforming the way working professionals consume business news.
They skip the jargon and lengthy stories, and instead serve up the news impacting your life and career with a hint of wit and humor. This way, you’ll actually enjoy reading the news—and the information sticks.
Best part? Morning Brew’s newsletter is completely free. Sign up in just 10 seconds and if you realize that you prefer long, dense, and boring business news—you can always go back to it.

Cybercriminals escalated their game this week—weaponizing drivers, exploiting zero-days, and infiltrating developer tools. Staying ahead requires constant vigilance, proactive patching, and deeper knowledge of adversary tactics.
So grab your coffee (or maybe your incident response plan), and let's unpack the threats that matter most:
This week in Cybersecurity
1. Google Patches Critical Chrome Zero-Day Exploited in Wild (CVE-2025-2783)
Google issued an urgent patch for a Chrome zero-day actively exploited to execute arbitrary code.
March 27 Newsletter
2. UAT-5918 Targets Taiwan’s Critical Infrastructure
Espionage actor UAT-5918 attacked Taiwan's energy and transport sectors with persistent malware.
March 25 Newsletter
3. Critical Next.js Vulnerability Enables Unauthorized Access (CVE-2025-29927)
A severe Next.js vulnerability allows attackers to bypass middleware, accessing protected API endpoints.
March 25 Newsletter
4. Raspberry Robin Worm Linked to Over 200 C2 Domains
Researchers found over 200 C2 domains tied to the Raspberry Robin worm, revealing extensive propagation capabilities.
March 27 Newsletter
5. Atlantis AIO Credential-Stuffing Tool Targets 140+ Platforms
Cybercriminals leverage Atlantis AIO to automate credential stuffing attacks on numerous popular platforms.
March 27 Newsletter
6. Malicious NPM Package Alters Git Repos to Inject Reverse Shells
A malicious NPM package compromises developer machines by injecting reverse-shell payloads into local Git repositories.
March 27 Newsletter
7. Cross-Platform .NET MAUI Malware Targets Indian Users
Attackers distribute malicious Android apps using .NET MAUI, targeting Indian users' financial data.
March 25 Newsletter
8. Critical Ingress-NGINX Vulnerability Impacts Kubernetes Clusters
Ingress-NGINX flaw potentially allows attackers unauthorized access to Kubernetes cluster services.
March 25 Newsletter
9. Two Malicious Extensions Removed from VSCode Marketplace
Malicious VSCode extensions were discovered stealing SSH keys and environment variables, compromising developers.
March 25 Newsletter
10. GitHub Warns of Critical Ruby-SAML Library Vulnerability
GitHub identified a critical Ruby-SAML flaw allowing attackers to bypass SSO authentication mechanisms.
March 13 Newsletter
🔥 Biggest Threat This Week
Medusa Ransomware Deploys Malicious Kernel-Mode Driver for Evasion
The Medusa ransomware group significantly elevated their threat profile by deploying a malicious kernel-mode driver named Abyssworker, signed with a stolen digital certificate. This advanced tactic allows the attackers to disable endpoint security tools, escalate privileges, and maintain deep, persistent control of compromised systems. The move marks a dangerous shift in ransomware attacks, emphasizing the critical importance of safeguarding kernel-level access and continuously auditing driver integrity to prevent devastating breaches.
Risk Level: Critical
MITRE Tactics: Defense Evasion, Persistence, Privilege Escalation
Action Steps: Strengthen policies around digitally signed drivers, regularly update endpoint detection tools, and monitor kernel-level activity for anomalies.
March 25 Newsletter
🛠️ Training Recommendation
Hack The Box - Advanced Windows Exploitation
As attackers like Medusa increasingly exploit advanced Windows internals—such as kernel-level vulnerabilities and signed malicious drivers—security teams need a deeper understanding of Windows exploitation techniques. This hands-on training provides crucial insights into identifying vulnerabilities, defending against sophisticated privilege escalation, and developing proactive strategies to fortify organizational defenses against advanced ransomware and persistent threats.
👉 Sign up here!
Wrapping Up:
Attackers constantly push boundaries, finding innovative methods like kernel-level exploits and software supply-chain infiltration. This week highlighted the urgency of not just patching promptly, but also continuously training your team on advanced adversary techniques. Stay vigilant—it's a digital jungle out there.
(P.S. Supporting our partners helps keep this newsletter running!)
Daily News for Curious Minds
Be the smartest person in the room by reading 1440! Dive into 1440, where 4 million Americans find their daily, fact-based news fix. We navigate through 100+ sources to deliver a comprehensive roundup from every corner of the internet – politics, global events, business, and culture, all in a quick, 5-minute newsletter. It's completely free and devoid of bias or political influence, ensuring you get the facts straight. Subscribe to 1440 today.