TAAUS Top 10 - March 2025

There is never a dull moment in the managed information technology and cybersecurity space. Here is our TAAUS Top Ten for March 2025 - we hope you find them interesting.

Threat Actors Trick Hotel Staff With Fake Booking.com Email to Gain System Access

- Cyber Security News

A sophisticated phishing campaign has emerged targeting the hospitality industry, where cybercriminals impersonate Booking.com to trick hotel staff into installing malware on their systems

Oracle customers confirm data stolen in alleged cloud breach is valid

- Bleeping Computer

A person named ‘rose87168’ claimed to have breached Oracle Cloud servers and began selling the alleged authentication data and encrypted passwords of 6 million users

VanHelsing Ransomware Attacking Windows Systems With New Evasion Technique & File Extension

- Cyber Security News

A new ransomware strain named VanHelsing has emerged, targeting Windows systems with sophisticated encryption techniques and advanced evasion tactics

Security Expert Troy Hunt Lured in by Mailchimp Phish

- Dark Reading

Hunt quickly took to his blog to notify the public of the breach and provide further details on how this could have happened

US cities warn of wave of unpaid parking phishing texts

- Bleeping Computer

US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day

Threat Actors Stolen Over 3.2 Billion Login Credentials & Infected 23 Million Devices Worldwide

- Cyber Security News

In what security experts are calling one of the largest credential theft campaigns in history, sophisticated threat actors have successfully exfiltrated over 3.2 billion login credentials and compromised approximately 23 million devices across six continents

The most notorious and damaging ransomware of all time

- CSO

The ransomware gangs and their malware listed here have victimized millions of companies and caused billions of dollars in costs

Microsoft365 Themed Attack Leveraging OAuth Redirection for Account Takeover

- Cyber Security News

Two sophisticated phishing campaigns were observed targeting Microsoft 365 users by exploiting OAuth redirection vulnerabilities combined with brand impersonation techniques

Ransomware gang encrypted network from a webcam to bypass EDR

- Bleeping Computer

The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows

Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide

- The Hacker News

Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information