Ransomware attacks jumped 11% in 2024, hitting a record 5,414 incidents. Disruptions in Q2 and Q4 caused a surge, as law enforcement cracked down on major cybercrime groups.

Read the full analysis on this growing threat: https://thehackernews.com/2025/03/the-new-ransomware-groups-shaking-up.html

Paragon Partition Manager's BioNTdrv.sys driver has a critical vulnerability (CVE-2025-0289) exploited in ransomware attacks.

Attackers with local access can escalate privileges and run malicious code on Windows systems.

Read the full analysis here: https://thehackernews.com/2025/03/hackers-exploit-paragon-partition.html

The U.K. ICO is investigating TikTok, Reddit, and Imgur for potential child data privacy violations.

The focus is on whether these platforms are using minors' personal data to target content.

Read the full story here: https://thehackernews.com/2025/03/uk-ico-investigates-tiktok-reddit-and.html

A new phishing campaign uses the ClickFix technique to launch a multi-stage attack via SharePoint.

It hides behind trusted services and uses the Havoc C2 framework to avoid detection.

Read the full analysis here: https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html

A threat group is exploiting AWS misconfigurations to send phishing emails.

TGR-UNK-0011 uses exposed AWS access keys to bypass email security, blending in with trusted communications.

Learn more about their tactics: https://thehackernews.com/2025/03/hackers-exploit-aws-misconfigurations.html

⚠️ Google’s March 2025 Android Security Bulletin warns of 44 vulnerabilities, including two actively exploited flaws: CVE-2024-43093 and CVE-2024-50302, with one tied to a zero-day attack on activists.

Get the full details: https://thehackernews.com/2025/03/googles-march-2025-android-security.html

The U.S. CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) list, affecting software from Cisco, Microsoft, and Progress WhatsUp Gold.

Learn how this impacts you and how to protect yourself: https://thehackernews.com/2025/03/cisco-hitachi-microsoft-and-progress.html

A mass exploitation campaign targets ISPs in China and the U.S. West Coast, affecting over 4,000 IPs with brute-force attacks and malware, including crypto miners and info stealers.

Cybercriminals bypass security and steal data using PowerShell and Telegram.

Read here: https://thehackernews.com/2025/03/over-4000-isp-networks-targeted-in.html

A new phishing campaign targets critical UAE sectors with a Go-based backdoor, Sosano. The attack uses a compromised Indian electronics company to deliver a targeted payload.

Learn more: https://thehackernews.com/2025/03/suspected-iranian-hackers-used.html

Cyberattacks are getting smarter—are you?

Threat-Led Vulnerability Management (TLVM) helps you focus on the vulnerabilities most likely to be exploited, making your defenses stronger and your resources smarter.

Discover how to optimize your strategy: https://thehackernews.com/expert-insights/2025/03/why-now-is-time-to-adopt-threat-led.html

⚠️ ALERT: VMware ESXi, Workstation, and Fusion products have critical vulnerabilities that are being actively exploited.

These flaws could allow remote code execution and information disclosure.

Learn more about the vulnerabilities and fixes here: https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html

Credential stuffing is getting harder to stop, but attackers are evolving. Stolen credentials, often just $10, drive 80% of web app attacks, and the threat is growing.

With billions of compromised credentials out there, attacks can spread quickly and widely.

Learn more about this shift in attack strategies: https://thehackernews.com/2025/03/how-new-ai-agents-will-transform.html

Black Basta and CACTUS ransomware groups now share the same BackConnect module, signaling a shift in attack methods.

The overlap in tactics means cybersecurity professionals must watch for threats across multiple ransomware families.

Read here: https://thehackernews.com/2025/03/researchers-link-cactus-ransomware.html

Portable Gaming Made Easy: Use Your USB Drive
https://www.gizchina.com/2025/03/04/portable-gaming-made-easy-use-your-usb-drive/

For all users updated his MIUI to HyperOS
Don't give up 👋🤘

"Well, this is the last dance."

We believe someone has already noticed that in the later versions of HyperOS on some models, downgrading the Settings has been prohibited (blacklisted), which confirms our previous speculation. In HyperOS 2, it is no longer possible to downgrade the Settings to Android 14 one, as the system has now been updated to Android 15.

While the HyperOS BootLoader Bypass project, in conjunction with the new vulnerabilities we already mastered, can still be used in HyperOS 2 to bypass community qualification, we've decided not to disclose the PoC for these new vulnerabilities. This is due to their slightly more dangerous than the previously disclosed.

We recommend that if you still have the requirement to unlock the BootLoader, then the best approach is not to purchase any devices that release with HyperOS, including overseas variants. Stock devices should always be unlocked before upgrading to HyperOS 2 to avoid any inconvenience. If you have already upgraded your device, please consult the after-sales service to request a system downgrade.

We still look forward to the day when Xiaomi rediscovers its geek spirit, just as Xiaomi always believes that something wonderful is about to happen.

By the way, at 00:00 UTC+8 every day, remember to open the Xiaomi community to apply for unlocking.

Create with love, NekoYuzu
February 15, 2025

Telegram Might Start Using CAPTCHA

Changes in the TDLib source code indicate that the messenger may start using a CAPTCHA — an "I'm not a robot" verification for certain actions. According to the code, the verification will be applied only in official Telegram apps.

Generally, CAPTCHA is used to protect against spam and other unwanted requests. Previously, the messenger could only block such suspicious actions.

It is still unknown for which actions and how often the verification may be required. There is a chance Telegram may use an invisible CAPTCHA, which will collect signals in the background and provide Telegram with a bot score when it needs it.

@tginfo editors think CAPTCHA can reduce the number of errors and floodwaits experienced by some users. Alas, if this leads to more abuse, the messenger may tighten the system instead, and in that case, CAPTCHA will become an additional source of annoyance — and if Telegram will use an invisible CAPTCHA, users would not have alternative paths of remedy in cases when their activity is deemed suspicious.

The source code mentions reCAPTCHA — a user verification solution by Google. This is probably the technology that the messenger will be using. This raises some questions about privacy, since reCAPCHA uses extensive data collection to detect bots. Keep in mind that the feature is still in development, and the Telegram team may modify or cancel it.

#tdlib #antispam