Top 5 Cybersecurity Headlines to Know this Month

BARR Advisory Cybersecurity Consulting Director Mitch Evans picked out five security and compliance headlines from the past month that you need to know. Take a look to find out what Mitch has been reading this March—plus, scroll to see his CISO Pick of the Month for a must-see on-demand webinar.

SaaS Startup Rippling Sues Deel Over Alleged Spying

Rippling, a workforce management software startup, has sued its competitor Deel, alleging corporate espionage. The lawsuit claims that a Rippling employee in Ireland secretly accessed and shared sensitive company data, including sales leads and pricing strategies, with Deel. To confirm their suspicions, Rippling set up a “honeypot” trap, which they say the employee fell for. When confronted, the individual allegedly tried to destroy evidence and evade investigation.

Deel has denied the accusations, calling them a distraction from Rippling’s own legal troubles. The case highlights growing tensions in the competitive HR software industry.

➡️ Read more

Google Buys Cybersecurity Firm Wiz for $32B

Alphabet Inc., Google’s parent company, is in advanced discussions to acquire Israeli cybersecurity startup Wiz for approximately $30 billion, potentially marking Alphabet’s largest acquisition to date. This move aims to bolster Alphabet’s cloud security offerings, especially as cybersecurity becomes increasingly critical in the digital landscape. Previously, Alphabet had proposed a $23 billion deal in 2024, which did not materialize due to antitrust concerns and Wiz’s consideration of an initial public offering.

Founded in 2020, Wiz specializes in AI-driven cloud security solutions and has rapidly grown, serving major clients like Morgan Stanley and DocuSign. The potential acquisition underscores Alphabet’s commitment to enhancing its cybersecurity capabilities amid growing digital threats.

➡️ Read more

Report: Apache Tomcat Vulnerability Exploited Just Hours After Disclosure

A critical remote code execution (RCE) vulnerability identified in Apache Tomcat (CVE-2025-24813) has been actively exploited in the wild within 30 hours of its public disclosure. Attackers can exploit this flaw using a simple PUT request, potentially leading to complete server compromise without requiring authentication. The vulnerability affects Apache Tomcat versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98.

Administrators are strongly advised to upgrade to the patched versions—Tomcat 11.0.3, 10.1.35, or 9.0.99—to mitigate this critical security risk. This is another story that highlights just how fast a vulnerability can be exploited and how important it is to have procedures in place to detect, evaluate, and patch vulnerabilities as soon as possible. 

➡️ Read more

Ransomware Group Uses Brute-Forcing Tool to Attack Edge Devices

Black Basta, a notorious ransomware-as-a-service group, has developed an automated brute-forcing framework called “BRUTED” to target network edge devices like VPNs and firewalls. This tool conducts credential-stuffing attacks against widely used products from vendors such as Cisco, Fortinet, Palo Alto Networks, SonicWall, WatchGuard, and Citrix.

The emergence of BRUTED underscores the persistent issue of weak or reused passwords for edge devices, highlighting the need for organizations to enforce stronger password policies and implement multifactor authentication to mitigate such threats.

➡️ Read more

More Than 400 IPs Exploit Multiple SSRF Vulnerabilities in Coordinated Attack

Threat intelligence firm GreyNoise has identified a coordinated surge in the exploitation of multiple Server-Side Request Forgery (SSRF) vulnerabilities across various platforms, involving over 400 unique IP addresses. This activity, observed on March 9, 2025, targets vulnerabilities in widely used software, including DotNetNuke, Zimbra Collaboration Suite, VMware vCenter, VMware Workspace ONE UEM, GitLab CE/EE, ColumbiaSoft DocumentLocator, BerriAI LiteLLM, and Ivanti Connect Secure. The affected countries include the United States, Germany, Singapore, India, Lithuania, Japan, and Israel.

GreyNoise notes that many of the same IP addresses are exploiting multiple SSRF flaws simultaneously, suggesting structured exploitation, automation, or pre-compromise intelligence gathering. Organizations are advised to apply the latest patches, restrict outbound connections to necessary endpoints, and monitor for unusual outbound requests to mitigate potential risks associated with these vulnerabilities.

➡️ Read more

Mitch Evans,
Director, Cybersecurity Consulting

CISO Pick of the Month:

From Curricula to Huntress: The Past, Present, and Future of Managed SAT

My friend and colleague Larry Kinkaid, manager of cybersecurity consulting at BARR, spoke alongside experts at Huntress in an exclusive webinar this week showcasing Huntress’ game-changing features and offering a peek into what’s coming soon. Watch the on-demand webinar to learn more about the powerful tools designed by Huntress to level up your security awareness game.

Get The Scoop

Want to get these insights straight to your inbox? Subscribe to Take5, our monthly newsletter featuring top security and compliance headlines, events, and resources—brought to you by CISOs from BARR’s cybersecurity consulting team.