📄 Original Report (PDF): Download EQST Insight 2025 March →
📄 Original Report: Download EQST Insight 2025 03 Mar PDF
📄 Original Report: Download EQST Insight 2025 03 Mar PDF
📄 Original Report: Download EQST Insight 2025 03 Mar PDF
March 2025’s EQST Insight introduces Zero Trust as the definitive security paradigm for the current threat landscape, provides an update on LockBit’s activity following major law enforcement disruption, and analyses a remote code execution vulnerability in JSONPath-Plus (CVE-2025-1302).
Headline: Zero Trust — A New Security Paradigm
The traditional “castle and moat” security model — trust everything inside the perimeter — has been decisively invalidated by cloud adoption, remote work, and supply chain attacks. EQST makes the case for Zero Trust as the necessary replacement: never trust, always verify, least privilege everywhere. The report distinguishes Zero Trust as a philosophy rather than a product category, and warns against vendors who misuse the term to describe incremental perimeter hardening. True Zero Trust requires identity-centric access control, continuous verification of device health and user behaviour, micro-segmented networks, and comprehensive logging. EQST introduces a five-stage Zero Trust maturity model that this issue launches as a multi-part series (continued in subsequent months with dedicated chapters on identity, devices, networks, and systems).
Keep Up with Ransomware: LockBit’s Recent Movements
Following Operation Cronos — the international law enforcement operation that seized LockBit’s infrastructure and arrested key affiliates — EQST monitored LockBit’s attempts to reconstitute. The group’s administrator published defiant statements and attempted to relaunch the RaaS platform, but internal trust among affiliates had been severely damaged by revelations that LockBit had retained victim data despite claiming to delete it post-payment. EQST assesses that while LockBit brand operations have continued at reduced scale, many former affiliates migrated to competing platforms. The LockBit case study offers valuable lessons in disrupting ransomware ecosystems through coordinated law enforcement and public disclosure of operator misconduct.
Research & Technique: JSONPath-Plus RCE — CVE-2025-1302
EQST disclosed CVE-2025-1302, a remote code execution vulnerability in JSONPath-Plus, a popular JavaScript library used to query and filter JSON data structures. The vulnerability arises from unsafe evaluation of JSONPath filter expressions: by injecting crafted expressions, an attacker can achieve arbitrary code execution in the context of the application. JSONPath-Plus is widely used in Node.js backends and is a transitive dependency in many frameworks. EQST recommends developers audit their dependency trees for JSONPath-Plus usage, upgrade to the patched version immediately, and consider input sanitisation for any user-controlled JSONPath expressions.
Source: SK Shieldus EQST Insight, March 2025 — skshieldus.com
