Little fires everywhere for March Patch Tuesday
Just 57 CVEs to contend with (plus advisories), but six are already under exploit in the wild
-
-
Pentesters: Is AI Coming for Your Role?
We’ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI and automation. Queue…
-
URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days
Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild. Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote…
-
Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in “extremely sophisticated” attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an out-of-bounds write issue that could allow an attacker…
-
Whopping Number of Microsoft Zero-Days Under Attack
The number of zero-day vulnerabilities getting patched in Microsoft’s March update is the company’s second-largest ever.
-
Trump Taps Sean Plankey To Fill Empty CISA Director Chair
Plankey has served in numerous cybersecurity positions in the past, including during the first Trump presidency from 2018-2020.
-
Hot Button Facebook Ads Tag Middle East, N. Africa Victims
A Libya-linked threat actor has resurfaced, using the same old political phishing tricks to deliver AsyncRAT that have worked for years.
-
Sophos Recognized as Top Employer in British Columbia, Canada
Sophos has been named as one of the top employers in British Columbia, Canada for the ninth year running.
-
Balancing Cybersecurity Accountability & Deregulation
While deregulation may open opportunities for growth and innovation, it also creates new risks that demand a proactive, accountable approach to security.
-
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. “The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates,” Check Point said in a new analysis. “More than 1,600 victims were affected…