Expert Insights Cybersecurity Decrypted: March 6 – March 13 2025

Joel Witts Laura Iannini
Joel Witts, Laura Iannini Last updated on Jun 6, 2025

Welcome back to Cybersecurity Decrypted, your weekly five-minute cybersecurity news recap from Expert Insights.

This week we’re covering the DDoS attack that caused huge disruption for X, a malvertising campaign that affected over 1 million devices worldwide, and a re-direction scheme that saw two criminals steal $600k worth of Taylor Swift tickets.

  • This week, our team was in Las Vegas attending HumanX, a global conference focusing on the intersection between AI and cybersecurity. Visit our News Hub to read about the hottest topics from this year’s show.

  • We’d love to know your thoughts on the format of this newsletter. What’s interesting and what do you skip? Please email your feedback to [email protected]

  • 🎧 You can now listen to this briefing on the Expert Insights Podcast! Subscribe here to get this newsletter in your feed each week.

📰 Headlines

  • The Dark Storm hacktivist group has taken credit for a large-scale DDoS attack that caused worldwide disruptions for X. In its Telegram channel, the group shared screenshots and links to the check-host.net site as proof the attack was live. (Bleeping Computer)

  • Microsoft has disclosed details of a malvertising campaign that impacted over 1 million consumer and enterprise devices globally. Designed to steal sensitive data, the attack originated from illegal streaming websites and redirected users to GitHub, Discord, and Dropbox to deliver initial access payloads. (The Hacker News)

  • In a bid to “eliminate redundancies”, the CISA has cut around $10 million of federal funding from two cybersecurity initiatives: the Elections Infrastructure Information Sharing and Analysis Center and the Multi-State Information Sharing and Analysis Center. (AP News)

  • Two cybercriminals have been arrested after selling 900 stolen concert tickets—the majority of which were for Taylor Swift’s Eras Tour. The scheme involved redirecting the download URLs of sold tickets to the attackers, who then posted them on ticketing platform StubHub for a profit of over $635,000. (The Record)

📡 Threat Tracking

  • CATO Ctrl researchers have discovered a new global IoT botnet campaign targeting manufacturing, medical/healthcare, services, and technology organizations. The botnet has exploited over 6,000 unpatched TP-Link Archer routers. (The Hacker News)

  • GreyNoise has called for “immediate action” after discovering that an RCE vulnerability in PHP is being exploited worldwide. A patch was released in 2024, and defenders globally are being encouraged to update now. (TechRadar)

  • CyberArk researchers have discovered a new cryptojacking operation dubbed “MassJacker”, which uses over 778,000 wallets to steal digital assets. (Bleeping Computer)

  • Following two data breaches that compromised the personal data of over 165,000 New Yorkers, the New York Attorney General has sued National General and its parent company, Allstate. (Security Week)

  • Check Point Research has found that the South American APT group “Blind Eagle” is targeting Colombia’s government institutions, financial organizations, and critical infrastructure in a series of targeted cyberattacks. (Dark Reading)

🚨 Industry News

  • Fortra has reported that abuse of its Cobalt Strike tool is down 80% after cracking down on unauthorized use and malicious domains. (Fortra)

  • Google has revealed information surrounding its 2024 bug bounty program, in which the company paid out $11.8 million in rewards. (Google)

  • ServiceNow, a cloud-based platform specializing in AI-driven workflow automation, has announced its intent to acquire Moveworks for $2.9 billion in order to develop a powerful universal AI assistant and enterprise search tool. (ServiceNow)

  • Data security provider Forcepoint has agreed to acquire Getvisibility, an AI-powered DSPM and DDR provider, to equip customers with better visibility, automation, and adaptive controls. (Forcepoint)

📟 Product Patches & Updates

  • Google has introduced an AI-only search tool, which is now available for Google One AI Premium users. (The Independent)

  • Sonar has expanded their SonarQube offering with enhanced SAST and SCA capabilities to help developers secure first-party, third-party open source, and AI-generated code. (Silicon Angle)

  • Fortinet has launched an expansion for its OT security program to provide enhance visibility, segmentation, and secure connectivity for critical infrastructure. (Fortinet)

  • Microsoft is replacing its Remote Desktop app with the new Windows App. The tech giant will end support for its legacy app on May 27, 2025. (Windows Central)

🏛️ Cybersecurity Legislation

    • Switzerland’s National Cybersecurity Center (NCSC) has announced a new mandate for critical infrastructure organizations to report cyberattacks within 24 hours of discovery. (Bleeping Computer)

    • The Trump administration has nominated Sean Plankey as the new director for the CISA. (The Record)

    • Switzerland’s National Cybersecurity Center (NCSC) has announced a new mandate for critical infrastructure organizations to report cyberattacks within 24 hours of discovery. (Bleeping Computer)

🎙️ Expert Insights: Latest From Us

Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.

🚀 Unmissable Takeaways from HumanX

We have been attending HumanX – one of the most important AI conferences of the year in Las Vegas.

Don’t miss our coverage live from the show floor:

That’s all for this week! 👋

Expert Insights’ Cybersecurity Resources