The Horizon Review: Week of March 3
This week delivered a flurry of cybersecurity developments, from state-sponsored APTs to critical patches and emerging breaches. Here are the top 10 stories shaping the threat landscape.
1. North Korean APT Moonstone Sleet Deploys Qilin Ransomware
Microsoft revealed that Moonstone Sleet, a North Korean hacking group, has begun using Qilin ransomware in targeted attacks. Known for espionage, the group uses fake companies and trojanized software to infiltrate systems, signaling a shift toward financial motives alongside intelligence gathering.
Source: BleepingComputer
2. VMware Patches Three Actively Exploited Zero-Days
Broadcom released urgent fixes for three VMware vulnerabilities, including a critical flaw (CVE-2025-22224, CVSS 9.3) enabling code execution. CISA added these to its Known Exploited Vulnerabilities catalog, mandating federal patches by March 25 amid active exploitation reports.
Source: The Hacker News
3. Belgian State Security Service Faces Potential Chinese Breach
Belgium’s federal prosecutor is probing a suspected breach of the State Security Service (VSSE), with fingers pointing at Chinese hackers. Details are limited, but the incident highlights ongoing APT threats to government infrastructure.
Source: BleepingComputer
4. Google Fixes Two Exploited Android Vulnerabilities
Google’s March 2025 Android Security Bulletin addressed 44 flaws, including two actively exploited Linux kernel bugs (patched late 2024). The update, split into two patch levels, urges rapid deployment to protect Android devices.
Source: The Hacker News
5. Emerging Linux Kernel Vulnerability Sparks Concern
Posts on X flagged a new, unspecified Linux kernel vulnerability this week. While details remain unconfirmed, the chatter suggests potential risks to unpatched systems, with experts calling for vigilance.
Source: Posts on X
6. CrowdStrike Reports 150% Surge in China-Linked Attacks
CrowdStrike’s 2025 Global Threat Report noted a 150% increase in China-linked cyber activity, with attacks breaking out in just 51 seconds. The report warns of sophisticated, malware-free tactics dominating the landscape.
Source: eSecurity Planet
7. Identity-Based Breaches Dominate 2024 Lessons
BleepingComputer highlighted a 2024 trend of identity-driven attacks, with 80% of breaches tied to compromised credentials per Verizon’s 2024 report. This sets the stage for heightened focus on identity security in 2025.
Source: BleepingComputer
8. Philippines Thwarts APT Intelligence Grabs
The Philippines detected foreign APTs targeting intelligence data, though no breaches were confirmed. Minister Ivan Uy credited robust defenses, amid a global cyber arms race.
Source: Reuters
9. NTLM Vulnerability Threatens Windows Environments
Dark Reading detailed a new NTLM vulnerability in Windows, exploitable via a Tech Tip guide. While patches are available, unupdated systems remain at risk of credential theft.
Source: Dark Reading
10. AI-Powered Threats Loom Large
TechRadar warned of AI-driven malware evading defenses in real-time, a trend escalating into 2025. With breaches costing $4.9 million on average (IBM), organizations face mounting pressure to adapt.
Source: TechRadar
Takeaway
From North Korean ransomware to AI-powered attacks, this week underscores a dynamic threat environment. Patch promptly, secure identities, and brace for APTs—2025 is off to a turbulent start.
Liked this post ? You can buy me a coffee