Top 5 Cybersecurity News Stories March 21, 2025

By Editorial Team | March 21, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility

Two critical vulnerabilities in Cisco Smart Licensing Utility (CVE-2024-20439 & CVE-2024-20440), both rated 9.8 on the CVSS scale, are being actively exploited, according to SANS Internet Storm Center.

The flaws allow attackers to gain admin access and extract sensitive log data. Cisco patched the issues in version 2.3.0, so users are urged to update immediately.

2. New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads

Cybersecurity researchers uncovered a large-scale ad fraud campaign, dubbed Vapor, involving over 300 malicious Android apps on Google Play, with more than 60 million downloads.

spot a phishing email

These apps served full-screen ads, hijacked devices, and launched phishing attacks for credit card and login credentials. Bitdefender and IAS say the operation is ongoing, using stealthy techniques to evade detection.

3. WordPress security plugin WP Ghost vulnerable to remote code execution bug

A critical vulnerability (CVE-2025-26909) in the WP Ghost security plugin—used by over 200,000 WordPress sites—could allow unauthenticated attackers to execute remote code and hijack servers.

The flaw affects versions up to 5.4.01 and stems from insufficient input validation in a core function. A patch is available in versions 5.4.02 and 5.4.03, and users are strongly urged to update.

4. Pennsylvania education union data breach hit 500,000 people

The Pennsylvania State Education Association (PSEA) is alerting 517,487 people of a July 2024 data breach that exposed sensitive personal, financial, and health information.

Claimed by the Rhysida ransomware gang, the attack targeted the largest public-sector union in Pennsylvania. PSEA is offering free credit monitoring to affected individuals and urges caution.

5. Hong Kong aims to safeguard key facilities with new cybersecurity law

Hong Kong has passed a new cybersecurity law mandating critical infrastructure operators to bolster systems and report incidents within two hours or face fines up to HK$5 million (~$640,000).

Taking effect in 2026, the law targets sectors like finance, energy, transport, and healthcare. While officials say it doesn’t affect personal or commercial data, experts warn it may impact investor confidence.