A botnet is silently taking over home routers, and defenders are playing catch-up. The Ballista botnet is exploiting an unpatched flaw in TP-Link Archer routers, enabling DDoS attacks across multiple industries in multiple countries. A new clipboard hijacking operation, dubbed MassJacker, is hijacking cryptocurrency transactions by swapping copied wallet addresses with those controlled by attackers. Another month, another batch of urgent security fixes. Microsoft has rolled out 57 patches, including six actively exploited zero-days. Read on for more.
01
The Ballista botnet is exploiting an unpatched vulnerability (CVE-2023-1389) in TP-Link Archer routers. The malware can launch DoS/DDoS attacks and has affected various sectors in the U.S., Australia, China, and Mexico.
02
A new clipboard hijacking operation, MassJacker uses over 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers, with a single Solana wallet amassing over $300,000 in transactions.
03
A new watering hole campaign by the North Korean threat actor Kimsuky exploited a South Korean university website and used malicious Hangul Word Processor files to infect visitors.
04
The DCRat malware is now being distributed as a MaaS primarily through YouTube, targeting gamers by disguising itself as gaming cheats and cracks.
05
Microsoft has discovered a new variant of XCSSET, a sophisticated modular malware that targets macOS. It has enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies.
06
Researchers at CTM360 warned of a new PlayPraetor malware campaign targeting Android users through fake Google Play Store sites, tricking them into downloading the banking trojan via malicious APK files.
07
Microsoft released security updates to address 57 vulnerabilities, including six zero-days that have been actively exploited, with 23 RCE bugs and 22 privilege escalation issues.
08
Siemens and Schneider Electric have released their March 2025 Patch Tuesday ICS security advisories, patching 11 and three vulnerabilities, respectively.
09
Apple has released a security update to address a zero-day flaw (CVE-2025-24201) that has been exploited in highly sophisticated attacks, which is related to the WebKit web browser engine component.
10
A new phishing campaign targeted Microsoft Copilot users with emails containing spoofed invoices. These emails trick users into visiting fake login pages designed to steal credentials.
