<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/27/2025

SHARE

Top News

Oracle customers confirm data stolen in alleged cloud breach is valid

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. Last week, a person named 'rose87168' claimed to have breached Oracle Cloud servers and began selling the alleged authentication data and encrypted passwords of 6 million users. READ MORE...

Breaches

StreamElements discloses third-party data breach after hacker leaks data

Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. The platform has reassured users that the attack didn't impact its servers, though older data at a third-party provider they stopped working with last year was still exposed. "We recently became aware of a data security incident involving a third-party service provider," the company tweeted on X. READ MORE...

Hacking

China-linked FamousSparrow APT group resurfaces with enhanced capabilities

ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate the compromise, they made an unexpected discovery in the victim's system: malicious tools belonging to FamousSparrow, a China-aligned APT group. The group was considered inactive, as there had been no publicly documented activity by FamousSparrow since 2022. READ MORE...


Malaysian PM says "no way" to $10 million ransom after alleged cyber attack against Kuala Lumpur airport

Malaysian Prime Minister Anwar Ibrahim has said that he refused to pay a US $10 million ransom demanded by hackers who, according to some reports, paralysed operations at Kuala Lumpur International Airport (KLIA). Anwar described how he had refused to comply with a ransom demand after a cyber attack on Malaysia Airports Holdings Berhad (MAHB), which operates the country's airports, in the early hours of Sunday morning. READ MORE...

Software Updates

Google Hastily Patches Chrome Zero-Day Exploited by APT

Google on March 25 issued a patch for a Chrome browser zero-day flaw that was exploited by an advanced persistent threat (APT) actor earlier this month in one-click phishing attacks. The flaw, tracked as CVE-2025-2783, is related to "incorrect handle provided in unspecified circumstances in Mojo on Windows," according to Google's security bulletin for the update. Mojo is a system API used in Chromium, the open source framework that powers Chrome. READ MORE...


CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)

CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant for leveraging 0-day and n-day vulnerabilities in MOVEit Transfer, Cleo, Citrix ShareFile, and other enterprise-grade file transfer and sharing solutions. READ MORE...

Malware

Fake DeepSeek Ads Spread Malware to Google Users

Fake DeepSeek ads in Google search results are delivering infostealing malware to unsuspecting users. DeepSeek, a Chinese generative AI (GenAI) company, became a household name earlier this year when it released its first-generation reasoning models, DeepSeek-R1-Zero and DeepSeek-R1, to much fanfare. But the company quickly became a target of hackers and opportunistic cybercriminals that built social engineering schemes by spoofing the popular AI platform. READ MORE...

Exploits/Vulnerabilities

More Solar System Vulnerabilities Expose Power Grids to Hacking

Researchers at cybersecurity firm Forescout have found dozens of vulnerabilities across solar power system products from Sungrow, Growatt and SMA, including flaws that can pose a serious threat to electrical grids. Solar power has become increasingly important, particularly in the United States and Europe. However, these systems are often plagued by vulnerabilities that expose them to hacker attacks. Forescout has cataloged more than 90 vulnerabilities found over the past years in such products. READ MORE...


Russian threat actor weaponized Microsoft Management Console flaw

A prolific Russian threat actor is exploiting a zero-day flaw in the Microsoft Management Console (MMC) framework to execute malicious code on targeted systems in an ongoing cyberattack campaign that puts unpatched systems at risk. The attacks, by a group that Trend Micro tracks as Water Gamayun, uses the CVE-2025-26633 vulnerability, also known as MSC Evil Twin, to manipulate .msc files and the MCC console's Multilingual User Interface Path (MUIPath). READ MORE...

On This Date

  • ...in 1836, English engineer and businessman Henry Royce is born in Sussex. He later teams with C.S. Rolls to found Rolls-Royce Ltd.
  • ...in 1958, Nikita Khrushchev becomes the Chairman of the Council of Ministers of the Soviet Union, or Premier.
  • ...in 1963, film director and screenwriter Quentin Tarantino ("Pulp Fiction", "Kill Bill") is born in Knoxville, TN.
  • ...in 1971, Canadian actor Nathan Fillion ("Firefly", "Castle") is born in Edmonton, Alberta.