Microsoft patches six zero-days in March 2025 update

Microsoft’s March 2025 Patch Tuesday delivers 57 security fixes, including six zero-day vulnerabilities currently being actively exploited. Six flaws are also rated Critical, all enabling remote code execution.

Among the zero-days, several are linked to the NTFS file system, with attackers exploiting vulnerabilities through malicious VHD files or USB drives. One major flaw, CVE-2025-24983, allows attackers to escalate privileges to SYSTEM via a Win32 Kernel Subsystem race condition. Another, CVE-2025-24985, involves remote code execution through an integer overflow in Windows Fast FAT Driver.

Microsoft also patched CVE-2025-26630, a remote code execution vulnerability in Microsoft Access, disclosed by Unpatched.ai.

Beyond Microsoft, vendors like Broadcom, Cisco, Google, Fortinet, and SAP have also issued March updates.

Users and IT teams are strongly advised to apply all available patches promptly to reduce exposure to these active threats. Full details are available via Microsoft’s official security update guide.

Switzerland to mandate cyber incident reporting for critical infrastructure from April 2025

Starting 1 April 2025, operators of critical infrastructure in Switzerland—including energy providers, water suppliers, transport firms, and local governments—will be legally required to report cyber-attacks within 24 hours to the National Cyber Security Centre (NCSC).

The new reporting mandate, introduced by the Federal Council on 7 March, is part of an amendment to the Information Security Act (ISA) and targets incidents that threaten the functionality of infrastructure, involve data leaks or manipulation, or include extortion or coercion.

Organisations must submit an initial report within 24 hours of discovery and a complete report within 14 days. Reports can be filed via the NCSC’s Cyber Security Hub or by email.

Non-compliance may result in fines, although specific penalties have yet to be confirmed. A grace period until 1 October 2025 will allow time to prepare.

Switzerland joins countries like the US, UK, EU, Japan, and Australia in formalising cyber incident reporting for critical sectors.

Meta warns of possible in-the-wild attacks exploiting FreeType vulnerability

Meta has issued a warning about a high-severity vulnerability (CVE-2025-27363) in the FreeType font rendering library, which may have been exploited in the wild.

The flaw, rated 8.1 on the CVSS scale, is an out-of-bounds write vulnerability that could allow remote code execution when parsing specially crafted TrueType GX or variable font files. The issue stems from improper handling of signed and unsigned values, resulting in buffer misallocation and the writing of out-of-bounds data, potentially leading to arbitrary code execution.

While Meta has not shared specifics about exploitation or threat actors, FreeType developer Werner Lemberg confirmed that the issue has been fixed in versions newer than 2.13.0.

However, several Linux distributions, including Ubuntu 22.04, RHEL 8/9, and Debian, are still running vulnerable versions.

Users are urged to upgrade to FreeType 2.13.3 immediately to mitigate the risk of active exploitation.

CVE-2024-4577 PHP flaw under mass exploitation, warns researchers

Threat intelligence researchers have sounded the alarm over widespread exploitation of a critical PHP vulnerability (CVE-2024-4577) that allows remote code execution on Windows systems running PHP in CGI mode.

The flaw was patched in June 2024, but attackers are now exploiting it globally. Successful exploitation allows unauthenticated remote code execution, potentially leading to full system compromise.

The alert follows a Cisco Talos report, which revealed that the flaw had been used in attacks targeting Japanese organisations since January 2025, with goals beyond credential theft—such as persistence, privilege escalation, and the use of TaoWu Cobalt Strike plugins.

The researchers honeypots observed 1,089 unique IPs exploiting the flaw in January alone, with 43% coming from Germany and China. Exploitation has since spread globally.

Admins are urged to patch immediately to mitigate risk, as at least 79 exploit tools are publicly available and ransomware groups have already weaponised the flaw.

USA’s FCC launches national security council to combat Chinese cyber threats

The US Federal Communications Commission (FCC) is forming a national security council to strengthen defences against Chinese cyber threats and ensure America maintains its edge in critical technologies like AI, 5G/6G, satellites, and quantum computing.

New FCC Chair Brendan Carr announced the move on 7 March, citing the “persistent threat from foreign adversaries, particularly the Chinese Communist Party.” The council will coordinate efforts across FCC departments to address cyber attacks, espionage, and supply chain dependencies, and help the US “win the strategic tech race” with China.

The council will be led by Adam Chan, a former adviser to the House China Committee. Early focus areas will include Salt Typhoon, a Chinese cyber campaign targeting US telecoms.

The FCC joins agencies like the CIA, State Department, and Commerce Department in taking a holistic approach to China-related threats. Experts say the council marks a strategic shift from targeting individual companies to sector-wide risk mitigation in areas such as cloud, drones, and IoT.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.