Summary
March 2025 witnessed a notable surge in critical vulnerabilities and ransomware activity, with several zero-day exploits actively leveraged by threat actors. A total of 32 new entries were added to the CISA Known Exploited Vulnerabilities (KEV) catalog, reflecting the expanding threat landscape. High-impact vulnerabilities were discovered across key vendors including Edimax, Google, Mozilla, Juniper, VMware, Microsoft, and Apple—highlighted by sandbox escape flaws in Chromium and Firefox that raised concerns over privilege escalation on Windows platforms.
Concurrently, ransomware groups such as Babuk2, Ransomhub, and SafePay ramped up attacks, focusing on sectors like healthcare, finance, education, and government by exploiting known vulnerabilities for initial access. These trends emphasize the urgent need for timely patching, continuous threat monitoring, and a layered, intelligence-driven cybersecurity approach to effectively defend against evolving threats.
Subscribe to our Newsletter
%20(1).png)
