Daily Security Review

GitHub Supply Chain Attack Exposes Secrets in 218 Repositories

March 21, 2025

A GitHub Action supply chain attack exposed secrets from 218 repositories due to malicious code in tj-actions/changed-files, impacting popular projects

WordPress Plugin WP Ghost Vulnerable to Critical Remote Code Execution Bug

March 21, 2025

Critical remote code execution vulnerability in WordPress plugin WP Ghost allows attackers to hijack servers. Urgent updates are required.

Critical Cisco Smart Licensing Utility Flaws Exploited in Attacks

March 21, 2025

Cisco’s Smart Licensing Utility vulnerabilities CVE-2024-20439 and CVE-2024-20440 are now exploited, allowing unauthorized access through a backdoor admin account.

HellCat Hacking Spree Targets Jira Servers Worldwide

March 21, 2025

HellCat hackers are exploiting compromised Jira credentials in a worldwide hacking spree, targeting companies like Ascom and Jaguar Land Rover,

RansomHub Ransomware Leverages New Betruger Backdoor for Enhanced Attacks

March 21, 2025

RansomHub ransomware uses a new multi-function backdoor, Betruger, for enhanced attacks, streamlining the deployment process and minimizing detection.

Critical MegaRAC Bug Lets Attackers Hijack and Brick Servers

March 21, 2025

MI MegaRAC BMC vulnerability (CVE-2024-54085) lets attackers remotely hijack and brick servers, impacting numerous vendors and potentially causing significant damage.

This Week In Cybersecurity: 17th March to 21st March, 2025

March 21, 2025

This week in cybersecurity reports on a range of incidents, including a major data breach at California Cryobank and a

Veeam Backup & Replication Flaw Allows Remote Execution of Malicious Code

March 20, 2025

A critical vulnerability in Veeam Backup & Replication allows remote code execution, affecting various versions and posing significant security risks.

Microsoft Exchange Online Outage Impacts Outlook Web Users

March 20, 2025

A Microsoft Exchange Online outage severely impacted Outlook on the web users globally, causing login and access issues. Microsoft attributed

DollyWay Malware Campaign Compromises 20,000 WordPress Sites

March 20, 2025

The DollyWay malware campaign, active since 2016, has compromised over 20,000 WordPress sites, redirecting users to malicious sites and generating

Security Spotlight

GitHub Supply Chain Attack Exposes Secrets in 218 Repositories

WordPress Plugin WP Ghost Vulnerable to Critical Remote Code Execution Bug

Critical Cisco Smart Licensing Utility Flaws Exploited in Attacks

HellCat Hacking Spree Targets Jira Servers Worldwide

RansomHub Ransomware Leverages New Betruger Backdoor for Enhanced Attacks

Critical MegaRAC Bug Lets Attackers Hijack and Brick Servers

Veeam Backup & Replication Flaw Allows Remote Execution of Malicious Code

Microsoft Exchange Online Outage Impacts Outlook Web Users

DollyWay Malware Campaign Compromises 20,000 WordPress Sites

GitHub Supply Chain Attack Exposes Secrets in 218 Repositories

WordPress Plugin WP Ghost Vulnerable to Critical Remote Code Execution Bug

Critical Cisco Smart Licensing Utility Flaws Exploited in Attacks

HellCat Hacking Spree Targets Jira Servers Worldwide

RansomHub Ransomware Leverages New Betruger Backdoor for Enhanced Attacks

Critical MegaRAC Bug Lets Attackers Hijack and Brick Servers

Veeam Backup & Replication Flaw Allows Remote Execution of Malicious Code

Microsoft Exchange Online Outage Impacts Outlook Web Users

DollyWay Malware Campaign Compromises 20,000 WordPress Sites

What is a Whaling Phishing Attack?

Phishing Attacks on the Rise: Businesses Face Growing Cyberthreat

Email Spoofing 101: Understanding the Basics and How to Protect Your Enterprise Data

How AI is Revolutionizing Phishing Attacks

How to Identify Fake Emails: A Guide to Email Threat Detection

10 Ways to Protect Your Enterprise from Phishing Attacks

Social Media Scams: How Cybercriminals Steal Personal Information

Patients Data Exposed in Phishing Attack Targeting LA County Health Services

FIN7 Attempts Phishing at American Automaker’s IT Staff

Hackers Leverage Okta Phishing Attacks to Target FCC and Popular Crypto Firms

Daily Briefing Newsletter