The first week of March saw the addition of nine new vulnerabilities to the CISA Known Exploited Vulnerabilities catalog, pointing to increased targeting of enterprise and IT infrastructure. Notably, botnet threats like EnemyBot and Sysrv-K took advantage of these vulnerabilities. Additionally, advanced threat actor Silk Typhoon exploited a zero-day vulnerability in Ivanti Pulse Connect VPN, underscoring the need for adaptive security measures. Affected: VMware ESXi, Microsoft Windows, Cisco Routers, Linux, Ivanti, Eir D1000 modems
Keypoints :
- Nine new vulnerabilities added to the CISA KEV catalog, including those affecting VMware and Hitachi products.
- Increased botnet activity with threats such as EnemyBot and Sysrv-K exploiting Spring Cloud Gateway.
- Silk Typhoon exploited a zero-day vulnerability in Ivanti Pulse Connect VPN.
- Observed exploitation of multiple confirmed vulnerabilities, indicating a significant threat landscape.
- Proactive monitoring leads to early detection and patching, as demonstrated by the response to Silk Typhoon’s activities.
MITRE Techniques :
- Exploitation of Remote Services (T1210) – EnemyBot and Sysrv-K exploit the Spring Cloud Gateway (CVE-2022–22947) for initial access.
- Exploitation of Software Vulnerability (T1203) – Silk Typhoon’s usage of CVE-2025–0282 in Ivanti Connect Secure for initial access.
- Command and Control (T1071) – Botnets like Bashlite and Mirai utilize known vulnerabilities to maintain their operational capabilities.
- Credential Dumping (T1003) – Observed with various botnets leveraging legacy systems affecting Eir D1000 modems (CVE-2016–10372).
Full Story: https://medium.com/@Loginsoft/march-kicks-off-with-major-exploits-6885d2922d43?source=rss——cybersecurity-5