BuzzSec

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of from The Hacker News https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html

Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the from The Hacker News https://thehackernews.com/2025/03/hackers-exploit-wordpress-mu-plugins-to.html

Transparency is core to Managed Detection & Response (MDR). It’s necessary between Rapid7 and our customers as we conduct security operations on their behalf. And it’s necessary for our customers to communicate transparently and effectively with their stakeholders. Scroll on – because there’s a new executive-level MDR performance dashboard that delivers it. Just the right amount of information Every day, our four global SOCs analyze and triage thousands of alerts – investigating incidents, informing remediation actions, and quarantining breached endpoints. This activity is then translated into strategic guidance by dedicated Cybersecurity Advisors, ensuring security leaders have the insights they need to stay ahead of threats. To deliver on that commitment to transparency, we ensure that all of this activity takes place in InsightIDR, our next-gen SIEM and XDR platform that gives MDR customers a direct line of sight into security activity, logs, detections, and their security ...

If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer’s responsibility. Think of AWS security like protecting a building: AWS provides strong walls and a solid roof, but it's up to the customer to handle the locks, install the alarm systems, from The Hacker News https://thehackernews.com/2025/03/5-impactful-aws-vulnerabilities-youre.html

US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service Signal has security vulnerabilities. "I didn’t see this loser in the group," Waltz  told  Fox News about  Atlantic  editor in chief Jeffrey Goldberg, whom Waltz  invited  to the chat. "Whether he did it deliberately or it happened in some other technical mean, is something we’re trying to figure out." Waltz’s implication that Goldberg may have hacked his way in was followed by a  report  from CBS News that the US National Security Agency (NSA) had sent out a bulletin to its employees last month warning them about a security "vulnerability" identified in Signal. The truth, however, is much more interesting. If Signal has vulnerabilities, then China, Russia, and other US adversaries suddenly have a new incentive to discover them. At the ...

Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geo-fenced servers located in Russia and Germany to from The Hacker News https://thehackernews.com/2025/03/russia-linked-gamaredon-uses-troop.html

“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.” -U.S. Constitution, First Amendment. Image: Shutterstock, zimmytws. In an address to Congress this month, President Trump claimed he had “brought free speech back to America.” But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, lawyers and judges. This story explores a slew of recent actions by the Trump administration that threaten to undermine all five pillars of the First Amendment to the U.S. Constitution, which guarantees freedoms concerning speech, religion, the media, the right to assembly, and the right to petition the government and seek redress for wrongs. THE RIGHT TO PE...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. "RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that from The Hacker News https://thehackernews.com/2025/03/resurge-malware-exploits-ivanti-flaw.html

Windows LPE - Cloud File Mini Filer Driver Heap Overflow This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver. This driver allows users to manage and sync files between a remote server and a local client. The exploit module allows users with an existing session on an affected Windows device to seamlessly escalate their privileges to NT AUTHORITY\SYSTEM. This module has been tested on Windows workstation versions 10_1809 through 11_23H2 and Windows server versions 2022 to 22_23H2. New module content (3) GLPI Inventory Plugin Unauthenticated Blind Boolean SQLi Authors: jheysel-r7 and rz Type: Auxiliary Pull request: #19974 contributed by jheysel-r7 Path: gather/glpi_inventory_plugin_unauth_sqli AttackerKB reference: CVE-2025-24799 Description: This adds an auxiliary module for an Unauth Blind Boolean SQLi (CVE-2025-24799) vulnerability in GLPI <= 1.0.18 when the Inventory Plug...

Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids.  The vulnerabilities have been collectively codenamed SUN:DOWN by Forescout Vedere Labs. "The new vulnerabilities can be from The Hacker News https://thehackernews.com/2025/03/researchers-uncover-46-critical-flaws.html

Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader.  "The purpose of the malware is to download and execute second-stage payloads while evading from The Hacker News https://thehackernews.com/2025/03/coffeeloader-uses-gpu-based-armoury.html

The following is a guest blog post by Zac Youtz, Co-Founder and CTO at valued Rapid7 partner, Furl. Here, Zac discusses how to effectively remediate vulnerabilities discovered by Rapid7’s InsightVM. Scaling vulnerability remediation with AI Vulnerability remediation is a crucial-yet-complex task for organizations striving to maintain a strong security posture. Security teams work tirelessly to identify and prioritize vulnerabilities, often based on severity. However, true remediation remains a challenge due to the involvement of multiple stakeholders, the limitations of traditional tools, and the lack of flexibility in addressing vulnerabilities effectively. The complexity of multi-stakeholder remediation While security teams are responsible for identifying and prioritizing risks, they may not always have full visibility into the broader business context or IT infrastructure. IT teams, on the other hand, must evaluate the potential business impact of each vulnerability and determi...

This is a truly fascinating paper: “ Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography .” The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of privacy can limit the effectiveness of these interactions, as achieving certain goals necessitates sharing private data. Traditionally, addressing this challenge has involved either seeking trusted intermediaries or constructing cryptographic protocols that restrict how much data is revealed, such as multi-party computations or zero-knowledge proofs. While significant advances have been made in scaling cryptographic approaches, they remain limited in terms of the size and complexity of applications they can be used for. In this paper, we argue that capable machine learning models can fulfill the role of a trusted third party, thus enabling secure computations for applications that were previously infeasibl...

Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require solutions that go beyond storage and enable instant recovery to minimize downtime and data loss. This is from The Hacker News https://thehackernews.com/2025/03/how-to-ensure-business-continuity-with-datto-b.html

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. The real website of the Ukrainian paramilitary group “Freedom of Russia” legion. The text has been machine-translated from Russian. Researchers at the security firm Silent Push mapped a network of several dozen phishing domains that spoof the recruitment websites of Ukrainian paramilitary groups, as well as Ukrainian government intelligence sites. The website legiohliberty[.]army features a carbon copy of the homepage for the Freedom of Russia Legion (a.k.a. “Free Russia Legion”), a three-year-old Ukraine-based paramilitary unit made up of Russian citizens who oppose Vladimir Putin and his invasion of Ukraine. The phony version of that website copies the legitimate site — legionliberty[.]army — providing...

Go-Spoof brings an old tool to a new language. The Golang rewrite [of Portspoof] provides similar efficiency and all the same features of the previous tool but with easier setup and useability. The post Go-Spoof: A Tool for Cyber Deception appeared first on Black Hills Information Security, Inc. . from Black Hills Information Security, Inc. https://www.blackhillsinfosec.com/go-spoof-a-tool-for-cyber-deception/

A KnowBe4 Threat Lab Publication Authors: By James Dyer, Threat Intelligence Lead at KnowBe4 and Lucy Gee, Cybersecurity Threat Researcher at KnowBe4 On March 3, 2025, the KnowBe4 Threat Labs team observed a massive influx of phishing attacks originating from legitimate Microsoft domains. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/surge-in-phishing-attacks-hijacking-legitimate-microsoft-communications

The reality of modern cyber threats In today’s evolving cyber landscape, breaches are not a matter of if , but when . Attackers continue to refine their techniques, using stealthy post-compromise tactics to maintain persistence, escalate privileges, and move laterally across networks. The key to staying ahead is not just preventing attacks, but building resilience to withstand and respond to them effectively. This concept of resilience aligns with Continuous Threat Exposure Management (CTEM) , a proactive approach to security validation. According to Gartner, CTEM consists of five pillars: When we look at the five pillars, described by Gartner: Scope of your organization’s attack surface; Discover your attack surface; Prioritize your vulnerabilities; Validate security controls and finally; Mobilize people and processes to operationalize the CTEM findings. Vector Command plays a critical role in the fourth pillar, continuously testing security defenses through post-com...

An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as from The Hacker News https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html

Whether it’s CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more. A new report, Understanding SaaS Security Risks: Why from The Hacker News https://thehackernews.com/2025/03/new-report-explains-why-casb-solutions.html

NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures. from Schneier on Security https://www.schneier.com/blog/archives/2025/03/a-taxonomy-of-adversarial-machine-learning-attacks-and-mitigations.html

The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared by Chinese state-sponsored actors. "FamousSparrow from The Hacker News https://thehackernews.com/2025/03/new-sparrowdoor-backdoor-variants-found.html

Rapid7 has been honored by CRN ®, a brand of The Channel Company , with a 5-Star Award in the 2025 CRN Partner Program Guide. This annual guide is an essential resource for solution providers seeking vendor partner programs that match their business goals and deliver high partner value. Recognition of Rapid7’s continued commitment to channel The 5-Star Award is an elite recognition given to companies that have built their partner programs on the key elements needed to nurture lasting, profitable, and successful channel partnerships When evaluating potential collaborations with IT vendors, Partners must carefully consider the comprehensive support and resources offered through vendors' partner programs. Key program components, including financial incentives, sales and marketing support, training and certification, and technical assistance – can significantly distinguish vendors such as Rapid7. These elements are instrumental in enhancing the long-term growth and profitability of...

The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating from The Hacker News https://thehackernews.com/2025/03/redcurl-shifts-from-espionage-to.html

With Take Command 2025 just around the corner, we sat down with Raj Samani , Chief Scientist at Rapid7, for a preview of his upcoming session: Inside the Mind of an Attacker: Navigating the Threat Horizon . Raj will be joined by Trent Teyema , Founder and President at CSG Strategies and former head of the FBI Cyber Division, and moderator Brian Honan , CEO of BH Consulting. Together, they bring decades of experience across cyber intelligence, national security, and frontline incident response. So what can attendees expect from the session, and the day as a whole? A Panel Built for Practical Impact “This isn’t a talking shop,” Raj told us. “The people on this panel are practitioners. They do the job.” Rather than focus on theory, the session aims to provide clear, actionable guidance rooted in real-world expertise. Raj describes the panel as a rare convergence of perspectives: vendors developing the tools, consultants advising organizations directly, and former government leaders...

“A boxer derives the greatest advantage from his sparring partner…” — Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and—BANG—lands a right hand on Blue down the center. This wasn’t Blue’s first day and despite his solid defense in front of the mirror, he feels the pressure. from The Hacker News https://thehackernews.com/2025/03/sparring-in-cyber-ring-using-automated.html

Cloudflare has a new feature —available to free users as well—that uses AI to generate random pages to feed to AI web crawlers: Instead of simply blocking bots, Cloudflare’s new system lures them into a “maze” of realistic-looking but irrelevant pages, wasting the crawler’s computing resources. The approach is a notable shift from the standard block-and-defend strategy used by most website protection services. Cloudflare says blocking bots sometimes backfires because it alerts the crawler’s operators that they’ve been detected. “When we detect unauthorized crawling, rather than blocking the request, we will link to a series of AI-generated pages that are convincing enough to entice a crawler to traverse them,” writes Cloudflare. “But while real looking, this content is not actually the content of the site we are protecting, so the crawler wastes time and resources.” The company says the content served to bots is deliberately irrelevant to the website being crawled, but it is carefu...