Welcome to This Month in Cybersecurity, the March 2025 edition.
Stay informed about cybersecurity and data privacy for safe credentials collaboration. Keep pace with emerging threats by reading below news summaries.
1. WARNING: Expiring root certificate may disable Firefox add-ons, security features, and DRM playback
Mozilla is urging all Firefox users to update to version 128 or higher (or ESR 115.13+ for older OS users) before March 14, 2025, due to the expiration of a root certificate used to verify add-ons and signed content. Without the update, users may face broken add-ons, disabled DRM media, outdated security blocklists, and other functionality issues. The update includes a new root certificate to prevent disruptions. Tor Browser users must also update to avoid similar problems, as it relies on the same expiring certificate.
| Date: | Mar 13, 2025 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
2. Large enterprises scramble after supply-chain attack spills their secrets
A recent supply-chain attack targeted the widely used open source GitHub Action tj-actions/changed-files, affecting over 23,000 organizations. Attackers compromised a maintainer’s credentials and inserted malicious code that scraped server memory to steal sensitive credentials, which were then exposed in public logs. The incident highlights the risks of trusting version tags instead of verified commit hashes in CI/CD workflows. GitHub and the maintainer have since secured the compromised account, but the event highlight the critical need for secure practices and code auditing in open source automation tools.
| Date: | Mar 17, 2025 |
|---|---|
| Source: | Ars TECHNICA |
| Author: | Dan Goodin |
3. Actively exploited ChatGPT bug puts organizations at risk
A server-side request forgery (SSRF) vulnerability in ChatGPT (tracked as CVE-2024-27564, CVSS 6.5) is being actively exploited to redirect users to malicious URLs. Researchers observed over 10,000 exploit attempts in a single week, with 35% of organizations at risk due to IPS, WAF, or firewall misconfigurations. Finance is the top industry targeted, and the flaw underscores that even medium-severity vulnerabilities can be swiftly weaponized by attackers, particularly where AI-driven services are widely used. Security teams should fine-tune IPS settings, monitor malicious IPs, and incorporate AI-related risks into ongoing assessments.
| Date: | Mar 18, 2025 |
|---|---|
| Source: | Dark Reading |
| Author: | Elizabeth Montalbano |
4. Why Google made a $32 billion bet on Wiz
Google’s acquisition of cloud security startup Wiz for $32 billion is a high-stakes bid to narrow the gap with AWS and Microsoft in the increasingly lucrative AI cloud market. Wiz’s “agentless” security solution and existing Fortune 100 customers could bolster Google Cloud’s credibility, yet the deal carries major risks, including regulatory scrutiny and potential integration challenges. Still, Google hopes Wiz’s multicloud approach will draw AI startups, expand its security portfolio, and ultimately strengthen Google’s presence beyond its own cloud.
| Date: | Mar 19, 2025 |
|---|---|
| Source: | The Verge |
| Author: | Emma Roth |
5. A Win for Encryption: France rejects backdoor mandate
In a significant win for digital rights, the French National Assembly rejected a provision forcing messaging platforms to create “ghost” participants in private chats, effectively creating a backdoor in end-to-end encryption. Lawmakers recognized that undermining encryption would introduce systemic vulnerabilities and erode trust without genuinely improving public safety. This decision serves as a strong signal to governments worldwide that privacy and secure communication should not be sacrificed in the name of crime-fighting measures.
| Date: | Mar 21, 2025 |
|---|---|
| Source: | Electronic Frontier Foundation |
| Author: | Joe Mullin |
6. Mozilla patches critical Firefox bug similar to Chrome’s recent zero-day vulnerability
Mozilla has patched a critical sandbox escape vulnerability (CVE-2025-2857) in Firefox, shortly after Google addressed a similar actively exploited flaw in Chrome. The flaw, found in Firefox’s inter-process communication (IPC) code, could let a compromised child process gain powerful privileges in the parent process. Firefox, Firefox ESR, and the Tor Browser on Windows have been updated to fix the issue; there’s currently no evidence of in-the-wild exploitation. Meanwhile, Google’s recently patched Chrome zero-day (CVE-2025-2783) was observed in targeted attacks via phishing links, highlighting the urgency of applying browser updates.
| Date: | Mar 28, 2025 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
7. New Ubuntu Linux security bypasses require manual mitigations
Researchers discovered three methods for bypassing Ubuntu’s unprivileged user namespace restrictions, allowing local users to create namespaces with full administrative privileges in Ubuntu 23.10 and 24.04. The bypasses involve using aa-exec, busybox, or LD_PRELOAD to launch programs under permissive AppArmor profiles, effectively giving an attacker elevated capabilities within a sandbox. Canonical has acknowledged these findings and is preparing improvements, advising administrators to disable risky AppArmor profiles, adjust kernel parameters, and adopt stricter protections in the meantime.
| Date: | Mar 28, 2025 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Bill Toulas |
Conclusion
That’s all for this roundup. We’d love to hear your thoughts. Share additional stories we may have missed or drop any comments in the passbolt community forum: https://hubs.li/Q02bCy160