DJBSEC's CyberNews 3-20-25

Created in March 20, 2025

2025   ·   CyberNews   ·   News

Story 1. Phishing-Based Attacks Have Risen 140% Year Over Year

A new report highlights a staggering 140% increase in phishing-based attacks compared to the previous year. Cybercriminals are leveraging advanced social engineering tactics, AI-generated messages, and brand impersonation to trick victims into divulging credentials. The financial sector, healthcare, and government agencies have been among the most targeted. Security experts emphasize the importance of user education, multi-factor authentication (MFA), and improved email filtering to mitigate these growing threats.
Read more here

Story 2. Attackers Embedding Malicious Word Files Inside PDFs to Evade Detection

Cybercriminals have developed a new attack technique that embeds malicious Microsoft Word files inside PDFs, allowing them to bypass traditional security filters. When victims open the seemingly harmless PDF, the hidden Word document automatically executes malware, granting attackers access to the system. This method effectively evades email security solutions that scan for standalone Word file threats. Users are advised to be cautious when opening unexpected PDF attachments and keep their software updated.
Read more here

Story 3. Threat Actors Exploiting Legacy Drivers to Evade Security Tools

Hackers are increasingly exploiting outdated and vulnerable drivers to bypass modern security defenses. Known as Bring Your Own Vulnerable Driver (BYOVD) attacks, this technique allows cybercriminals to disable endpoint detection and response (EDR) systems, gaining deeper access to compromised networks. Security researchers warn that legacy drivers, even if digitally signed, pose a significant threat if left unpatched. Organizations should enforce strict driver policies and use allowlists to prevent unauthorized installations.
Read more here

Story 4. Microsoft Exchange Online Outage Disrupts Outlook Web Users

Microsoft Exchange Online experienced a major outage, leaving Outlook Web users unable to access their emails. The issue, which lasted several hours, affected customers worldwide, with Microsoft attributing it to an unexpected infrastructure issue. The downtime frustrated businesses and individuals relying on cloud-based email services for daily operations. Microsoft has since restored service and is investigating the root cause to prevent future incidents.
Read more here

Story 5. Critical Fortinet Vulnerability Draws Fresh Attention from Attackers

A critical vulnerability in Fortinet’s network security devices has gained renewed interest from cybercriminals looking to exploit unpatched systems. The flaw, which allows remote code execution, could enable attackers to take full control of affected devices. Security experts warn that many organizations have yet to apply the necessary patches, leaving them vulnerable to potential breaches. Fortinet urges all users to update their devices immediately and monitor for suspicious activity.
Read more here



Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2025-07-11
  • DJBSEC's CyberNews 2025-07-10
  • DJBSEC's CyberNews 2025-07-09
  • DJBSEC's CyberNews 2025-07-08
  • DJBSEC's CyberNews 2025-07-07