Top 5 Cybersecurity News Stories March 28, 2025

By Editorial Team | March 28, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. Even Troy Hunt Got Phished – Here’s What Happened

Troy Hunt’s personal Mailchimp account was compromised after he fell for a phishing email posing as Mailchimp. Attackers used the stolen credentials and 2FA code to log into his account and export the full subscriber list (including unsubscribed addresses).

Troy quickly reset his credentials, worked with Mailchimp to investigate, and published details of the breach—highlighting how phishing can bypass basic two-factor authentication. He remains a Mailchimp customer but is pushing for phishing-resistant 2FA (such as passkeys) going forward.

2. CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

CISA has added two critical Sitecore deserialization bugs (CVE-2019-9874/9875) to its KEV catalog due to active exploitation, urging U.S. agencies to patch by April 16, 2025.

Meanwhile, Akamai warns of attacks probing a new Next.js auth bypass flaw (CVE-2025-29927), and GreyNoise reports real-world exploits targeting DrayTek router vulnerabilities. The global attack surface continues to grow.

3. Oracle customers confirm data stolen in alleged cloud breach is valid

Despite Oracle denying a breach of its Cloud SSO servers, BleepingComputer has verified leaked data tied to 6 million users with multiple affected companies.

A threat actor named ‘rose87168’ claims they exploited CVE-2021-35587 to access Oracle Fusion Middleware servers and leaked files indicating real access. Oracle insists no customer data was compromised, but mounting evidence says otherwise.

4. New Windows zero-day leaks NTLM hashes, gets unofficial patch

A newly discovered zero-day vulnerability allows remote attackers to steal NTLM hashes simply by tricking users into viewing malicious files in Windows Explorer.

Impacting all Windows versions, the flaw enables NTLM relay and pass-the-hash attacks. Free micropatches are available via 0patch while Microsoft investigates. This comes amid ongoing efforts to phase out NTLM in future Windows versions.

5. UK supermarket Morrisons’ sales growth slows after cyber attack

UK grocer Morrisons reported a Q1 like-for-like sales rise of 2.1%, down from 4.9% in the previous quarter, due to a cyberattack on its tech provider Blue Yonder that disrupted operations.

While total sales reached £4 billion, Morrisons continues to lag behind rivals. The company announced 365 job cuts and raised its cost-saving target to £1 billion amid rising expenses.