Schneier on Security

MARCH 20, 2025

This is serious : A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used tj-actions/changed-files utility, is now believed to have originated from an earlier breach of the reviewdog/action-setup@v1 GitHub Action, according to a report. […] CISA confirmed the vulnerability has been patched in version 46.0.1.

Adam Shostack

MARCH 20, 2025

A group of us have urged HHS to require better handling of security reports A group of us have urged HHS to require that health care providers to act on (and facilitate reporting of) security issues by good faith cybersecurity researchers. The core of what we recommend is that HHS should require cooperation with Good Faith researchers. All regulated entities should be required to enable people to report security issues in a way thats easy to discover and aligned with standards.

Software

SecureWorld News

MARCH 20, 2025

March Madness is here, and while fans are busy filling out brackets and making last-minute bets, cybercriminals are running their own full-court presstargeting unsuspecting fans with phishing scams, fake betting apps, and credential-harvesting schemes. This annual college basketball bonanza presents a prime opportunity for scammers to capitalize on excitement, urgency, and, of course, the lure of easy money.

Scams

eSecurity Planet

MARCH 20, 2025

Cybercriminal activity is reaching unprecedented levels, with 2024 witnessing a dramatic surge in malware-fueled attacks that have left organizations scrambling to safeguard their data. A recent report from Flashpoint paints a stark picture of a threat landscape defined by infostealers, credential theft, and escalating vulnerabilities, urging organizations to strengthen their defenses against these relentless adversaries.

Ransomware

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

MARCH 20, 2025

CERT-UA warns of a cyber campaign using Dark Crystal RAT to target Ukraine’s defense sector, including defense industry employees and Defense Forces members. The Computer Emergency Response Team of Ukraine (CERT-UA) uncovered a new cyber espionage campaign targeting employees of defense-industrial complex enterprises and representatives of the Defense Forces of Ukraine with Dark Crystal RAT.

Computers and Electronics

Centraleyes

MARCH 20, 2025

Hong Kong has officially enacted a new cybersecurity law aimed at securing critical infrastructure, a move that brings its regulatory framework closer to mainland Chinas. The Protection of Critical Infrastructures (Computer Systems) Bill , passed on March 19, 2025 , requires key industriessuch as banking, energy, healthcare, and telecommunicationsto strengthen their cybersecurity defenses, conduct regular risk assessments, and promptly report security incidents.

Cybersecurity

Malwarebytes

MARCH 20, 2025

This blog post was co-authored with Elie Berreby, Senior SEO Strategist Criminals are highly interested in online marketing and advertising tools that they can leverage as part of their ongoing malware campaigns. In particular, we have previously detailed how Google advertiser accounts can be hijacked to create new malicious ads and perpetuate a vicious cycle leading to more compromised accounts.

Scams

Security Affairs

MARCH 20, 2025

Veeam released security patches for a critical Backup & Replication vulnerability that could let attackers remotely execute code. Veeam addressed a critical security vulnerability, tracked asCVE-2025-23120 (CVSS score of 9.9), impacting its Backup & Replication software that could lead to remote code execution. The vulnerability impacts 12.3.0.310 and all earlier version 12 builds, it was fixed with the release of version 12.3.1 (build 12.3.1.1139). “A vulnerability allowing remote

Backups

SecureWorld News

MARCH 20, 2025

A newly discovered Windows zero-day vulnerability is actively being exploited by nation-state threat actors, raising serious cybersecurity concerns across government, financial, and critical infrastructure sectors. The vulnerability, tracked as ZDI-CAN-25373, allows attackers to execute hidden malicious commands via specially crafted Windows shortcut (.lnk) files.

Cryptocurrency

Security Boulevard

MARCH 20, 2025

Amost a dozen state-sponsored threat groups from Russia, China, and North Korea have been exploiting a security flaw in WIndows in attacks on governments and critical infrastructure that date back to 2017. According to Trend Micro's VDI unit, Microsoft has no plans to patch the vulnerability. The post China, Russia, North Korea Hackers Exploit Windows Security Flaw appeared first on Security Boulevard.

Government

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Centraleyes

MARCH 20, 2025

Cybersecurity Relies on Visualization Raw data often tells a story thats hidden in plain sight. No matter how accurate or comprehensive, numbers on a spreadsheet can easily blur into an incomprehensible haze when patterns and anomalies are buried deep within thousands or millions of rows. The human brain processes visuals 60,000 times faster than text, a testament to our evolutionary wiring for spotting patterns and making decisions based on what we see.

Cyber Attacks

Malwarebytes

MARCH 20, 2025

Experts are again warning about the proliferating market for targeted spyware and espionage. Before we dive into the world of targeted spyware, it’s worth looking at a few of the main players that are active in and against this industry. Paragon Solutions is an Israeli company which sells high-end surveillance technology primarily to government clients, positioning its products as essential for combating crime and national security.

Spyware

Security Boulevard

MARCH 20, 2025

Protecting your cloud environment for the long term involves choosing a security partner whose priorities align with your needs. Here's what you need to know. As organizations embrace multi-cloud and hybrid environments, the complexity of securing that landscape increases. However, the overlooked risks may not come solely from threat actors. Choosing a security provider that has conflicting priorities can also introduce risk.

Risk

NetSpi Executives

MARCH 20, 2025

Businesses are under a lot of pressure to ensure that their endpoint protection solutions effectively secure the network. However, NetSPI’s research reveals a startling gap in security detection controls nearly 60% of common attack tactics are missed by endpoint protection tools using out-of-the-box settings. To address this growing challenge, NetSPI is proud to announce the evolution of our Breach and Attack Simulation (BAS) into BAS as a Service.

Ransomware

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

MARCH 20, 2025

A data breach at the Pennsylvania State Education Association exposed the personal information of over 500,000 individuals. The Pennsylvania State Education Association (PSEA) suffered a data breach that impacted 517,487 individuals. PSEA is a labor union representing teachers, education support professionals, and other school employees in Pennsylvania.

Data breaches

Security Boulevard

MARCH 20, 2025

Many districts remain unaware of CASBs or their necessity despite relying on cloud applications. This guide explains how these tools protect student safety in cloud-driven environments. A Cloud Access Security Broker (CASB) enforces security policies as an intermediary between cloud applications and users. Districts using Google Workspace, Microsoft 365, or similar platforms for collaboration and.

Cybersecurity

Acunetix

MARCH 20, 2025

What is DAST and how does it work? Dynamic application security testing (DAST) is a cybersecurity assessment method that analyzes running applications to identify security vulnerabilities. Unlike static application security testing (SAST), which examines source code before deployment, DAST scanning simulates real-world attacks by probing. Read more The post Top 10 dynamic application security testing (DAST) tools for 2025 appeared first on Acunetix.

Cybersecurity

Security Boulevard

MARCH 20, 2025

Two highly respected technology analysts from different cybersecurity disciplines are coming together to recommend that companies consider Application Detection and Response. Organizations face a constant barrage of cyber threats, including zero-day vulnerabilities that can exploit unknown weaknesses in software. Traditional security solutions often fall short in detecting and responding to these attacks, leaving organizations vulnerable.

Cyber threats

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

SecureBlitz

MARCH 20, 2025

Have you ever lost important files due to accidental deletion, formatting, system crashes, or even BitLocker encryption? Youre not alone but the solution is here: Stellar Data Recovery Professional for Windows. After previously reviewing their Android recovery tool with great results, were diving into another powerful utility from the Stellar suite and this […] The post Stellar Data Recovery Professional Review: The Ultimate Windows Data Rescue Tool appeared first on SecureBlitz Cybersec

Encryption

Security Boulevard

MARCH 20, 2025

An analysis of 93,000 threats published this week by Red Canary, a provider of a managed detection and response (MDR) service, finds the number of cyberattacks seeking to compromise an identity increased by a factor of four in 2024. The post Red Canary Report Surfaces Sharp Increase in Cyberattacks Involving Identity appeared first on Security Boulevard.

Social Engineering

Heimadal Security

MARCH 20, 2025

In early 2024, background checking service National Public Data was hit by a massive cyberattack that potentially compromised the sensitive, personal information of millions, or possibly even billions, of people around the world, including U.S. residents. A year later, new security threats have gained traction. While artificial intelligence has transformed the ability to prevent, detect, […] The post The Social Security data breach compromised ‘billions’ of accounts.

Data breaches

Security Boulevard

MARCH 20, 2025

Scammers are in on the sextortion trend. Our expert analysis on this trend found that the likelihood of being targeted by sextortion scammers in the first few months of 2025 increased by a whopping 137% in the U.S., while the risk jumped to 49% in the U.K. and 34% in Australia. The post Sextortion scams are on the rise and theyre getting personal appeared first on Security Boulevard.

Scams

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

MARCH 20, 2025

Chinese ecommerce giants like Temu and AliExpress sell drone accessories like those used by soldiers in the Russia-Ukraine conflict.

eCommerce

Security Boulevard

MARCH 20, 2025

Ive been on the road lately asking security leaders how their teams reply to the question: Can we defend our most valuable information assets against techniques known to be used by this threat actor, and, if not, what can we do about it? Answering this question quickly and with confidence is at the core of what security teams are paid to do. However, the cyber risk analysis required to answer this basic question is too costly for all but the most well-resourced security teams.

Risk

The Hacker News

MARCH 20, 2025

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below - CVE-2024-20439 (CVSS score: 9.

Cyber Attacks

Security Boulevard

MARCH 20, 2025

E-commerce thrives on real customer engagement, yet malicious bots regularly threaten to disrupt this digital ecosystem. To combat these ever-evolving attacks, retail businesses must implement modern bot management. Bot management refers to the deployment of security measures to detect, mitigate, and prevent malicious bot activity. Without robust bot defense, businesses suffer revenue loss, compromised security, [] The post Effective Bot Management and E-Commerce Security: Protecting Retailers f

Retail

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

MARCH 20, 2025

YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What's intriguing about this malware is how much it collects," Kaspersky said in an analysis.

Malware

Security Boulevard

MARCH 20, 2025

Compliance as a Service (CaaS) strengthens a companys posture and defensibility, making it more attractive to insurers. The post CaaS: The Key to More Affordable Cyber Insurance appeared first on Security Boulevard.

Cyber Insurance

Zero Day

MARCH 20, 2025

Large language models are now commodities, making OpenAI's business model vulnerable to the economics of open-source AI such as DeepSeek, says Kai-Fu Lee.

Security Boulevard

MARCH 20, 2025

A report published today by Zimperium, a provider of a platform for securing mobile devices and applications, today finds devices running the Android operating system that have enabled root-level privileges are 3.5 times more likely to be attacked, resulting in 250 times more cybersecurity incidents. The post Report: More Attacks Aimed at Android Devices Configured with Root Access appeared first on Security Boulevard.

Mobile

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!