March has been a turbulent month in the world of cyber security, with multiple high-profile vulnerabilities, breaches, and cyber attacks making headlines – read marketing co-ordinator Abbey Wright’s review.
From a critical flaw in Veeam Backup & Replication to a sophisticated zero-click attack on WhatsApp, let’s dive into the most pressing threats and their implications.
Critical Vulnerability in Veeam Backup & Replication
A severe vulnerability with a CVSS3 score of 9.9/10 was discovered in Veeam Backup & Replication, allowing attackers to execute malicious code remotely. If exploited, this flaw could grant unauthorised access and compromise system integrity.
What you need to do: Organisations using Veeam should immediately apply all available patches to mitigate this risk.
Read More – https://socradar.io/veeam-cve-2025-23120-remote-code-execution/
Privacy Alert: Changes to Apple iCloud Backup Encryption
Apple has long been recognised for its strong privacy measures, but recent changes to iCloud backup encryption have raised concerns about data security.
Read More – https://www.indelibledata.co.uk/latest-news/icloud-backup-encryption-practices/
Zero-click attack targets high-risk WhatsApp users
Meta has confirmed that a zero-click spyware attack compromised a group of high-risk WhatsApp users, including journalists. Using spyware developed by Paragon Solutions, attackers infiltrated devices without requiring any user interaction, gaining full access to encrypted messages and sensitive communications.
Who’s at risk? While such targeted attacks remain rare for the average user, high-profile individuals and organisations must stay vigilant.
X (Twitter) suffers large-scale cyber attack
On March 27, X (formerly Twitter) experienced a major cyber attack, disrupting service for thousands of users globally. The attack started at 6 AM Eastern Time, peaking at over 40,000 reported incidents by 10 AM.
Who’s behind it? A hacker group called Dark Storm has claimed responsibility, though this remains unverified. Elon Musk suggested that the scale of the attack indicates involvement from a large group or possibly a nation-state.
Impact: Many users encountered error messages and connectivity issues throughout the day. This incident highlights the ongoing risks faced by major social media platforms.
Scholastic data breach exposes over 8 million users
Publishing giant Scholastic, known for Harry Potter and Goosebumps, suffered a massive data breach exposing sensitive details of 8 million individuals, including 4.2 million unique email addresses.
How it happened: Hacker “Parasocial” exploited weak security measures and compromised employee credentials, gaining access to:
- Names
- Email addresses
- Phone numbers
- Physical addresses
Key takeaway: The absence of multi-factor authentication (MFA) was a major weakness in this breach. Organisations should prioritise MFA implementation and have regular security assessments like Cyber Essentials Plus to prevent similar incidents.
Read more – https://cyberinsider.com/scholastic-data-breach-exposes-info-of-over-4-million-bookworms/
Final Thoughts
This month’s cyber events emphasise the critical importance of proactive cyber security measures. From patching known vulnerabilities to implementing multi-factor authentication, organisations and individuals must stay vigilant to safeguard their digital assets.
/-3.5042587517567103,%2054.70635734010168,15.5/300X450@2X?access_token=pk.eyJ1Ijoid29tYmF0Y2hyaXMiLCJhIjoiY2pqaGEyd2lzMDQ3ZDN2bWQ4OTBsa2pmayJ9.ksVq6arM13qYhr76pco33w)