Little fires everywhere for March Patch Tuesday

Blog

Byadmblake March 12, 2025

Just 57 CVEs to contend with (plus advisories), but six are already under exploit in the wild

Blog

Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption

Microsoft has announced that it’s making an “unexpected change” to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. “We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other…

Read More Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption
Blog

The future of MFA is clear – but is it here yet?

Not all authentication is equal to the task in 2025, but there is a best choice within reach

Read More The future of MFA is clear – but is it here yet?
Blog

OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection

A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77. The activity, condemned OBSCURE#BAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It’s currently not known who is behind the campaign. The rootkit “has the ability to cloak or mask any…

Read More OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection
Blog

Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission

Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users’ cellular data when they were idle to passively send information to the company. The verdict marks an end to a legal class-action complaint that was originally filed in August 2019….

Read More Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
Blog

Memento Spyware Tied to Chrome Zero-Day Attacks

While investigating the cyberattacks, researchers uncovered a new spyware product from Memento Labs, the successor to the infamous Hacking Team.

Read More Memento Spyware Tied to Chrome Zero-Day Attacks
Blog

Your SaaS Data Isn’t Safe: Why Traditional DLP Solutions Fail in the Browser Era

Traditional data leakage prevention (DLP) tools aren’t keeping pace with the realities of how modern businesses use SaaS applications. Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networks

Read More Your SaaS Data Isn’t Safe: Why Traditional DLP Solutions Fail in the Browser Era

Related