Another week, another batch of cyber drama that makes you question every login form you've ever seen.

Chinese threat actors camped out in a telco network for four years like it was their personal Airbnb, while a critical Next.js vulnerability quietly said, “Authorization? Never heard of her.”

Meanwhile, ransomware crews are out here disabling anti-malware tools with stolen certs—because apparently, revoked doesn't mean useless. And Kubernetes? Let’s just say 40% of clusters are living dangerously, thanks to the aptly named “IngressNightmare.”

All that and more in this week’s Friday Wrap Up—because if the internet's on fire, we might as well roast some marshmallows. 🔥

🛡️ Cyberattack Campaigns & Threat Actor Activity

A surge in advanced persistent threats and ransomware highlights the evolving cybercrime landscape.

• 🐜 Chinese Weaver Ant hackers infiltrated a telecom network for over 4 years using compromised Zyxel routers. (Published on 3/24/2025, BleepingComputer). Read More

• 🧬 Medusa ransomware disables EDR tools using stolen certificates for stealthy system takeovers. (Published on 3/25/2025, Hackread). Read More

• 🕵️‍♂️ New ransomware group Arkana claims attack on US telecom provider WideOpenWest. (Published on 3/26/2025, SecurityWeek). Read More

• 💰 Malaysia's PM refuses to pay $10M ransomware demand after attack on Kuala Lumpur airport. (Published on 3/28/2025, Dark Reading). Read More

🔓 Critical Vulnerabilities & Exploits

Newly disclosed flaws across popular platforms signal urgent patching needs.

• 🚨 'IngressNightmare' Kubernetes flaws put over 40% of clusters at serious risk. (Published on 3/24/2025, Dark Reading). Read More

• ⚠️ Critical Next.js flaw CVE-2025-29927 could let attackers bypass middleware authorization. (Published on 3/24/2025, The Hacker News). Read More

• 🌞 46 critical flaws found in solar inverters from Sungrow, Growatt, and SMA. (Published on 3/28/2025, The Hacker News). Read More

💻 Cloud & Enterprise Security

Trust and security in cloud platforms and defense contractors face serious challenges.

• ☁️ Oracle customers confirm stolen data in alleged cloud breach is valid, despite denials. (Published on 3/26/2025, BleepingComputer). Read More

• 🧾 Defense contractor MORSE to pay $4.6M over cybersecurity failure allegations. (Published on 3/27/2025, SecurityWeek). Read More

• 🇪🇺 Europe seeks alternatives to US cloud providers amid rising trust concerns. (Published on 3/25/2025, Ars Technica). Read More

🎣 Phishing & PhaaS Evolution

Emerging phishing kits and services show increasing sophistication and global reach.

• 🦊 New Morphing Meerkat phishing kit mimics 114 brands via DNS email record abuse. (Published on 3/27/2025, The Hacker News). Read More

• 🧬 Morphing Meerkat phishing operation evades detection using DNS-over-HTTPS. (Published on 3/28/2025, BleepingComputer). Read More

📉 Platform Abuse & Web Infrastructure Challenges

Open source maintainers and web admins face growing strain from misuse and excessive traffic.

• 🌐 Open source devs report 97% of traffic from AI crawlers, forcing country-level blocks. (Published on 3/25/2025, Slashdot). Read More

• 🔧 The 4 most targeted WordPress plugin flaws of Q1 2025 revealed. (Published on 3/27/2025, BleepingComputer). Read More

📱 Messaging & Communication Security

• ⚠️ Pentagon warned against using Signal for open group chats before Yemen leak fiasco. (Published on 3/25/2025, Gizmodo). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!