2025 January(178) February(102) March(349) April(412) May(44) June(0) July(0) August(0) September(0)
DATE |
NAME | Info |
CATEG. |
WEB |
| 30.4.25 | Marks & Spencer breach linked to Scattered Spider ransomware attack | Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by threat actors known as "Scattered Spider" BleepingComputer has learned from multiple sources. | Ransom | |
| 30.4.25 | Hitachi Vantara takes servers offline after Akira ransomware attack | Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack. | Ransom | |
| 30.4.25 | VeriSource now says February data breach impacts 4 million people | Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people. | Incindent | BleepingComputer |
| 30.4.25 | Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw | Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. | Exploit | BleepingComputer |
| 30.4.25 | Kali Linux warns of update failures after losing repo signing key | Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures. | OS | |
| 30.4.25 | Microsoft fixes Outlook on the web search issues, failures | Microsoft is working on fully mitigating issues causing Outlook on the web and SharePoint Online users to experience delays or failures when searching. | OS | BleepingComputer |
| 30.4.25 | Cloudflare mitigates record number of DDoS attacks in 2025 | Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase. | Attack | |
| 30.4.25 | Coinbase fixes 2FA log error making people think they were hacked | Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. | Cryptocurrency | |
| 30.4.25 | Brave's Cookiecrumbler tool taps community to help block cookie notices | Brave has open-sourceed a new tool called "Cookiecrumbler," which uses large language models (LLMs) to detect cookie consent notices and then community-driven reviews to block those that won't break site functionality. | AI | BleepingComputer |
| 30.4.25 | TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks | ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks | APT blog | Eset |
| 30.4.25 | Ransomware debris: an analysis of the RansomHub operation | This blog on RansomHub provides an overview into how this Ransomware-as-a-Service (RaaS) group operates, including its extortion tactics, affiliate recruitment strategies, and the features of its affiliate panel. | Ransom blog | GROUP-IB |
| 30.4.25 | ELENOR-corp Ransomware: A New Mimic Ransomware Variant Attacking the Healthcare Sector | Morphisec recently investigated an incident involving a new variant of one of the most aggressive ransomware families: Mimic version 7.5. First observed in 2022, Mimic remains relatively underreported in the public domain, aside from a detailed analysis of Mimic version 6.3 that was previously published by Cyfirma and Kaspersky. | Ransom blog | MORPHISEC |
| 30.4.25 | Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool | A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate | APT | The Hacker News |
| 30.4.25 | Customer Account Takeovers: The Multi-Billion Dollar Problem You Don't Know About | Everyone has cybersecurity stories involving family members. Here's a relatively common one. The conversation usually goes something like this: "The strangest | Security | The Hacker News |
| 30.4.25 | RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control | Cybersecurity researchers have revealed that RansomHub 's online infrastructure has "inexplicably" gone offline as of April 1, 2025, prompting concerns among | Ransom | The Hacker News |
| 30.4.25 | Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code | Meta on Tuesday announced LlamaFirewall , an open-source framework designed to secure artificial intelligence (AI) systems against emerging cyber risks such as | AI | The Hacker News |
| 30.4.25 | Indian Court Orders Action to Block Proton Mail Over AI Deepfake Abuse Allegations | A high court in the Indian state of Karnataka has ordered the blocking of end-to-end encrypted email provider Proton Mail across the country. The High Court of | AI | The Hacker News |
| 30.4.25 | WhatsApp Launches Private Processing to Enable AI Features While Protecting Message Privacy | Popular messaging app WhatsApp on Tuesday unveiled a new technology called Private Processing to enable artificial intelligence (AI) capabilities in a privacy- | AI | The Hacker News |
| 30.4.25 | New Reports Uncover Jailbreaks, Unsafe Code, and Data Theft Risks in Leading AI Systems | Various generative artificial intelligence (GenAI) services have been found vulnerable to two types of jailbreak attacks that make it possible to produce illicit or | AI | The Hacker News |
| 29.4.25 | Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries | In recent months, SentinelOne has observed and defended against a spectrum of attacks from financially motivated crimeware to tailored campaigns by advanced nation-state actors. | Hacking blog | SentinelLabs |
| 29.4.25 | Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors | An APT group dubbed Earth Kurma is actively targeting government and telecommunications organizations in Southeast Asia using advanced malware, rootkits, and trusted cloud services to conduct cyberespionage. | APT blog | Trend Micro |
| 29.4.25 | Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis | Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). | Exploit blog | Google Threat Intelligence |
| 29.4.25 | SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients | Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure | APT | The Hacker News |
| 29.4.25 | Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products | Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023. Of the 75 zero-days, 44% of them targeted | Exploit | The Hacker News |
| 29.4.25 | Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool | In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware | Virus | The Hacker News |
| 29.4.25 | CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and | BigBrothers | The Hacker News |
| 29.4.25 | Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools | Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken by a new advanced persistent | APT | The Hacker News |
| 29.4.25 | Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised | Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized | Exploit | The Hacker News |
| 27.4.25 | DragonForce expands ransomware model with white-label branding scheme | The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. | Ransom | |
| 27.4.25 | WooCommerce admins targeted by fake security patches that hijack sites | A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a "critical patch" that adds a Wordpress backdoor to the site. | Phishing | |
| 27.4.25 | Windows 11's Recall AI is now rolling out on Copilot+ PCs | Microsoft has confirmed that Windows Recall is rolling out to everyone with Windows 11 KB5055627 on Copilot+ PCs. | OS | BleepingComputer |
| 27.4.25 | Windows 11 KB5055627 update released with 30 new changes, fixes | Microsoft has released the KB5055627 preview cumulative update for Windows 11 24H2 with many new features gradually rolling out, and some new bug fixes for everyone. | OS | BleepingComputer |
| 27.4.25 | Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers | Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the | APT | The Hacker News |
| 27.4.25 | Craft CMS RCE exploit chain used in zero-day attacks to steal data | Craft CMS RCE exploit chain used in zero-day attacks to steal data | Exploit | |
| 27.4.25 | Marks & Spencer pauses online orders after cyberattack | British retailer giant Marks & Spencer (M&S) has suspended online orders while working to recover from a recently disclosed cyberattack. | Attack | |
| 27.4.25 | Mobile provider MTN says cyberattack compromised customer data | African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. | Incindent | BleepingComputer |
| 27.4.25 | Windows "inetpub" security fix can be abused to block future updates | A recent Windows security update that creates an 'inetpub' folder has introduced a new weakness allowing attackers to prevent the installation of future updates. | OS | BleepingComputer |
| 27.4.25 | Baltimore City Public Schools data breach affects over 31,000 people | Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network. | Incindent | |
| 27.4.25 | SAP fixes suspected Netweaver zero-day exploited in attacks | SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. | Vulnerebility | BleepingComputer |
| 27.4.25 | FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches | The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. | APT | |
| 27.4.25 | Microsoft announces fix for CPU spikes when typing in Outlook | Microsoft says it will soon fix a known issue causing CPU spikes when typing messages in recent versions of its classic Outlook email client. | OS | |
| 27.4.25 | Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts | In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. | APT | BleepingComputer |
| 26.4.25 | ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion | Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double | Ransom | The Hacker News |
| 26.4.25 | Lazarus hackers breach six companies in watering hole attacks | In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. | APT | |
| 26.4.25 | Microsoft fixes machine learning bug flagging Adobe emails as spam | Microsoft says it mitigated a known issue in one of its machine learning (ML) models that mistakenly flagged Adobe emails in Exchange Online as spam. | Vulnerebility | |
| 26.4.25 | Frederick Health data breach impacts nearly 1 million patients | A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients. | Ransom | BleepingComputer |
| 26.4.25 | Microsoft now pays up to $30,000 for some AI vulnerabilities | Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products. | AI | BleepingComputer |
| 26.4.25 | Interlock ransomware claims DaVita attack, leaks stolen data | The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization. | Ransom | |
| 26.4.25 | Yale New Haven Health data breach affects 5.5 million patients | Yale New Haven Health (YNHHS) is warning that threat actors stole the personal data of 5.5 million patients in a cyberattack earlier this month. | Incindent | BleepingComputer |
| 26.4.25 | Microsoft fixes bug causing incorrect 0x80070643 WinRE errors | Microsoft fixes bug causing incorrect 0x80070643 WinRE errors | OS | |
| 26.4.25 | Linux 'io_uring' security blindspot allows stealthy rootkit attacks | A significant security gap in Linux runtime security caused by the 'io_uring' interface allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software. | Virus | |
| 26.4.25 | Russian army targeted by new Android malware hidden in mapping app | A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning. | BigBrothers | |
| 26.4.25 | WhatsApp's new Advanced Chat Privacy protects sensitive messages | WhatsApp has introduced a new Advanced Chat Privacy feature to protect sensitive information exchanged in private chats and group conversations. | Social | |
| 26.4.25 | Blue Shield of California leaked health data of 4.7 million members to Google | Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms. | Incindent | |
| 26.4.25 | FBI: US lost record $16.6 billion to cybercrime in 2024 | FBI: US lost record $16.6 billion to cybercrime in 2024 | CyberCrime | |
| 26.4.25 | ASUS releases fix for AMI bug that lets hackers brick servers | ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. | Vulnerebility | BleepingComputer |
| 26.4.25 | Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookie | Silent Push Threat Analysts have uncovered three cryptocurrency companies that are actually fronts for the North Korean advanced persistent threat (APT) group Contagious Interview: BlockNovas LLC, Angeloper Agency, and SoftGlide LLC. | Cryptocurrency blog | Silent Push |
| 26.4.25 | Power Parasites: Job & Investment Scam Campaign Targets Energy Companies and Major Brands | Silent Push Threat Analysts are tracking a scam campaign we’ve labeled “Power Parasites” that has been operating through a combination of deceptive websites, social media groups, and Telegram channels, primarily targeting individuals across Asian countries, including Bangladesh, Nepal, and India, with job and investment scams. | Social blog | Silent Push |
| 26.4.25 | IngressNightmare: Understanding CVE‑2025‑1974 in Kubernetes Ingress-NGINX | Get an overview on how the CVE-2025-1974 works, a proof-of-concept demo of the exploit, along with outlined mitigations and detection strategies. | Vulnerebility blog | FOTINET |
| 26.4.25 | Infostealer Malware FormBook Spread via Phishing Campaign – Part I | FortiGuard Labs observed a phishing campaign in the wild that delivered a malicious Word document as an attachment. Learn more. | Malware blog | FOTINET |
| 26.4.25 | New Rust Botnet "RustoBot" is Routed via Routers | FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Learn more about this malware targeting these devices. | BotNet blog | FOTINET |
| 26.4.25 | HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage | EXECUTIVE SUMMARY At CYFIRMA, we are committed to delivering timely intelligence on emerging cyber threats and adversarial tactics targeting individuals and organizations. | Malware blog | Cyfirma |
| 26.4.25 | Technical Malware Analysis Report: Python-based RAT Malware | EXECUTIVE SUMMARY The malware analyzed in this report is a Python-based Remote Access Trojan (RAT) that utilizes Discord as a command-and-control (C2) platform. Disguised as a | Malware blog | Cyfirma |
| 26.4.25 | Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations | In this blog entry, we discuss how North Korea's significant role in cybercrime – including campaigns attributed to Void Dokkaebi – is facilitated by extensive use of anonymization networks and the use of Russian IP ranges. | BigBrother blog | Trend Micro |
| 26.4.25 | Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors | An APT group dubbed Earth Kurma is actively targeting government and telecommunications organizations in Southeast Asia using advanced malware, rootkits, and trusted cloud services to conduct cyberespionage. | APT blog | Trend Micro |
| 26.4.25 | FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE | This blog details our investigation of malware samples that conceal within them a FOG ransomware payload. | Ransom blog | Trend Micro |
| 26.4.25 | Critical TorchServe Vulnerability (CVE-2023-43654) Enables Remote Code Execution | SonicWall Capture Lab's threat research team became aware of the threat CVE-2023-43654, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 26.4.25 | Extortion and Ransomware Trends January-March 2025 | Unit 42 regularly monitors the cyberthreat landscape, including trends in extortion and ransomware. Ransomware actors continue to evolve to increase the effectiveness of their attacks and the likelihood that organizations will pay what is demanded. In our 2025 Unit 42 Global Incident Response Report, we found that 86% of incidents involved business disruption, spanning operational downtime, reputational damage or both. | Ransom blog | Palo Alto |
| 26.4.25 | False Face: Unit 42 Demonstrates the Alarming Ease of Synthetic Identity Creation | Evidence suggests that North Korean IT workers are using real-time deepfake technology to infiltrate organizations through remote work positions, which poses significant security, legal and compliance risks. The detection strategies we outline in this report provide security and HR teams with practical guidance to strengthen their hiring processes against this threat. | APT blog | Palo Alto |
| 26.4.25 | Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs | Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme. | Malware blog | CISCO TALOS |
| 26.4.25 | Lessons from Ted Lasso for cybersecurity success | In this edition, Bill explores how intellectual curiosity drives success in cybersecurity, shares insights on the IAB ToyMaker’s tactics, and covers the top security headlines you need to know. | Cyber blog | CISCO TALOS |
| 26.4.25 | Deepfake 'doctors' take to TikTok to peddle bogus cures | Look out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements | AI blog | Eset |
| 26.4.25 | How fraudsters abuse Google Forms to spread scams | The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe. | Cyber blog | |
| 26.4.25 | Will super-smart AI be attacking us anytime soon? | What practical AI attacks exist today? “More than zero” is the answer – and they’re getting better. | AI blog | |
| 26.4.25 | CVE-2025-32433: Unauthenticated RCE Vulnerability in Erlang/OTP’s SSH Implementation | A critical vulnerability, tracked as CVE-2025-32433, has been discovered in the SSH server component of Erlang/Open Telecom Platform (OTP) | Vulnerebility blog | Cybereason |
| 26.4.25 | A Deep Dive into the Latest Version of Lumma InfoStealer | The Trellix Advanced Research Center has been closely tracking the latest developments in Lumma Infostealer, particularly the recent introduction of sophisticated code flow obfuscation techniques. This report will delve into the threat actors' recent campaign and examine the evolution of their Tactics, Techniques, and Procedures (TTPs). | Malware blog | Trelix |
| 26.4.25 | Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookie | Silent Push Threat Analysts have uncovered three cryptocurrency companies that are actually fronts for the North Korean advanced persistent threat (APT) group Contagious Interview: BlockNovas LLC, Angeloper Agency, and SoftGlide LLC. | APT blog | Silent Push |
| 26.4.25 | ReliaQuest Uncovers New Critical Vulnerability in SAP NetWeaver | On April 22, 2025, ReliaQuest published details of our investigation into exploitation activity targeting SAP NetWeaver systems that could enable unauthorized file uploads and execution of malicious files. On April 24, 2025, SAP disclosed "CVE-2025-31324," a critical vulnerability in SAP NetWeaver Visual Composer with the highest severity score of 10. | Vulnerebility blog | ReliaQuest |
| 26.4.25 | Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 | Through a comprehensive security analysis conducted by OPSWAT's Red Team, security researchers Thai Do and Minh Pham identified multiple vulnerabilities impacting the Rack Ruby framework, specifically CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610. | Vulnerebility blog | OPSWAT |
| 25.4.25 | Phishing detection is broken: Why most attacks feel like a zero day | Phishing attacks now evade email filters, proxies, and MFA — making every attack feel like a zero-day. This article from Push Security breaks down why detection is failing and how real-time, in-browser analysis can help turn the tide. | Phishing | |
| 25.4.25 | Microsoft fixes Remote Desktop freezes caused by Windows updates | Microsoft has resolved a known issue causing Remote Desktop sessions to freeze on Windows Server 2025 and Windows 11 24H2 devices. | OS | |
| 25.4.25 | Microsoft fixes Windows Server 2025 blue screen, install issues | Microsoft has fixed several known issues that caused Blue Screen of Death (BSOD) and installation issues on Windows Server 2025 systems with a high core count. | OS | BleepingComputer |
| 25.4.25 | Marks & Spencer confirms a cyberattack as customers face delayed orders | Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations, including its Click and Collect service. | Incindent | BleepingComputer |
| 25.4.25 | Active! Mail RCE flaw exploited in attacks on Japanese orgs | An Active! Mail zero-day remote code execution vulnerability is actively exploited in attacks on large organizations in Japan. | Exploit | |
| 25.4.25 | Hackers abuse Zoom remote control feature for crypto-theft attacks | A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines. | Cryptocurrency | BleepingComputer |
| 25.4.25 | Windows 10 KB5055612 preview update fixes a GPU bug in WSL2 | Microsoft has released the optional KB5055612 preview cumulative update for Windows 10 22H2 with two changes, including a fix for a GPU paravirtualization bug in Windows Subsystem for Linux 2 (WSL2). | OS | |
| 25.4.25 | SK Telecom warns customer USIM data exposed in malware attack | South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related information for customers. | APT | |
| 25.4.25 | Ripple's recommended XRP library xrpl.js hacked to steal wallets | The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing threat actors to steal all the funds stored in the wallets. | Cryptocurrency | |
| 25.4.25 | Cookie-Bite attack PoC uses Chrome extension to steal session tokens | A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. | Attack | |
| 25.4.25 | Microsoft Entra account lockouts caused by user token logging mishap | Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. | Security | |
| 25.4.25 | WordPress ad-fraud plugins generated 1.4 billion ad requests per day | A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests. | Hack | |
| 25.4.25 | North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures | North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this | APT | The Hacker News |
| 25.4.25 | New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework | Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code | Exploit | The Hacker News |
| 25.4.25 | Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers | Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain | Vulnerebility | The Hacker News |
| 25.4.25 | DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks | Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti | Virus | The Hacker News |
| 24.4.25 | Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware | At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole . | APT | The Hacker News |
| 24.4.25 | Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools | Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring | Virus | The Hacker News |
| 24.4.25 | Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals | The threat actors behind the Darcula phishing-as-a-service ( PhaaS ) platform have released new updates to their cybercrime suite with generative artificial intelligence | AI | The Hacker News |
| 24.4.25 | Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely | A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, | Vulnerebility | The Hacker News |
| 24.4.25 | WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads | WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation | Social | The Hacker News |
| 24.4.25 | DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack | Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and | APT | The Hacker News |
| 23.4.25 | Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign | The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering | APT | The Hacker News |
| 23.4.25 | Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices | Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the | Virus | The Hacker News |
| 23.4.25 | Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp | Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to | Exploit | The Hacker News |
| 23.4.25 | Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack | The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack | Hack | The Hacker News |
| 23.4.25 | Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito | Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. | Security | The Hacker News |
| 23.4.25 | Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals | Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine | Exploit | The Hacker News |
| 22.4.25 | GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages | Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges | Vulnerebility | The Hacker News |
| 22.4.25 | Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials | In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be | Exploit | The Hacker News |
| 22.4.25 | Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach | Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well. | APT | The Hacker News |
| 22.4.25 | Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware | The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed | APT | The Hacker News |
| 22.4.25 | Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan | Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now- | APT | The Hacker News |
| 22.4.25 | Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds | Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people | AI | The Hacker News |
| 22.4.25 | SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks | A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication ( NFC ) relay attacks, enabling cybercriminals to | Virus | The Hacker News |
| 22.4.25 | Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery | Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated | APT | The Hacker News |
| 21.4.25 | Phishers abuse Google OAuth to spoof Google in DKIM replay attack | In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page that collected logins. | Phishing | |
| 21.4.25 | State-sponsored hackers embrace ClickFix social engineering tactic | ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks. | APT | |
| 21.4.25 | Widespread Microsoft Entra lockouts tied to new security feature rollout | Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. | OS | BleepingComputer |
| 21.4.25 | New Android malware steals your credit cards for NFC relay attacks | A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. | Virus | BleepingComputer |
| 21.4.25 | Critical Erlang/OTP SSH RCE bug now has public exploits, patch now | Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. | Exploit | |
| 21.4.25 | Google Gemini AI is getting ChatGPT-like Scheduled Actions feature | Google Gemini is testing a ChatGPT-like scheduled tasks feature called "Scheduled Actions," which will allow you to create tasks that Gemini will execute later. | AI | BleepingComputer |
| 21.4.25 | Interlock ransomware gang pushes fake IT tools in ClickFix attacks | The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. | Ransom | |
| 21.4.25 | FBI: Scammers pose as FBI IC3 employees to 'help' recover lost funds | The FBI warns that scammers posing as FBI IC3 employees are offering to "help" fraud victims recover money lost to other scammers. | Spam | |
| 21.4.25 | ASUS warns of critical auth bypass flaw in routers using AiCloud | ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. | Vulnerebility | |
| 21.4.25 | SonicWall SMA VPN devices targeted in attacks since January | A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. | Vulnerebility | |
| 21.4.25 | Chinese hackers target Russian govt with upgraded RAT malware | Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. | Virus | BleepingComputer |
| 21.4.25 | 7 Steps to Take After a Credential-Based cyberattack | Hackers don't break in—they log in. Credential-based attacks now fuel nearly half of all breaches. Learn how to scan your Active Directory for compromised passwords and stop attackers before they strike. | Cyber | BleepingComputer |
| 21.4.25 | Cisco Webex bug lets hackers gain code execution via meeting links | Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. | Vulnerebility | BleepingComputer |
| 21.4.25 | Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now | A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. | Exploit | |
| 21.4.25 | Entertainment services giant Legends International discloses data breach | Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management. | Incindent | BleepingComputer |
| 21.4.25 | Windows NTLM hash leak flaw exploited in phishing attacks on governments | A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. | Phishing | BleepingComputer |
| 21.4.25 | Chrome extensions with 6 million installs have hidden tracking code | A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. | Security | BleepingComputer |
| 21.4.25 | Ahold Delhaize confirms data theft after INC ransomware claims attack | Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack. | Ransom | BleepingComputer |
| 21.4.25 | APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures | The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with | APT | The Hacker News |
| 20.4.25 | CTM360 Tracks Global Surge in SMS-Based Reward and Toll Scams | Thousands tricked by fake reward & toll scam texts. CTM360 exposes PointyPhish & TollShark—SMS phishing campaigns powered by the Darcula PhaaS platform, with 5K+ domains stealing payment info worldwide. | Spam | |
| 20.4.25 | Microsoft: Office 2016 and Office 2019 reach end of support in October | Microsoft has reminded customers that Office 2016 and Office 2019 will reach the end of extended support six months from now, on October 14, 2025. | Security | BleepingComputer |
| 20.4.25 | CISA warns of increased breach risks following Oracle Cloud leak | On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks. | Incindent | |
| 20.4.25 | New Windows Server emergency updates fix container launch issue | Microsoft has released emergency Windows Server updates to address a known issue preventing Windows containers from launching. | Vulnerebility | |
| 20.4.25 | CISA tags SonicWall VPN flaw as actively exploited in attacks | On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. | Exploit | |
| 20.4.25 | Over 16,000 Fortinet devices compromised with symlink backdoor | Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. | Virus | |
| 20.4.25 | Apple fixes two zero-days exploited in targeted iPhone attacks | Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones. | Vulnerebility | BleepingComputer |
| 20.4.25 | Jira Down: Atlassian users experiencing degraded performance | Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products. | Security | BleepingComputer |
| 20.4.25 | 41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That | Your dashboards say you're secure—but 41% of threats still get through. Picus Security's Adversarial Exposure Validation uncovers what your stack is missing with continuous attack simulations and automated pentesting. | Security | |
| 20.4.25 | CISA extends funding to ensure 'no lapse in critical CVE services' | CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. | Security | BleepingComputer |
| 20.4.25 | Microsoft warns of blue screen crashes caused by April updates | Microsoft warned customers this week that their systems might crash with a blue screen error caused by a secure kernel fatal error after installing Windows updates released since March. | OS | BleepingComputer |
| 20.4.25 | Microsoft: Some devices offered Windows 11 upgrades despite Intune blocks | Microsoft is working to fix an ongoing issue causing some users' Windows devices to be offered Windows 11 upgrades despite Intune policies preventing them. | OS | BleepingComputer |
| 20.4.25 | MITRE warns that funding for critical CVE program expires today | MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. | Security | |
| 20.4.25 | Midnight Blizzard deploys new GrapeLoader malware in embassy phishing | Russian state-sponsored espionage group Midnight Blizzard is behind a new spear-phishing campaign targeting diplomatic entities in Europe, including embassies. | APT | |
| 20.4.25 | Landmark Admin data breach impact now reaches 1.6 million people | Landmark Admin has issued an update to its investigation of a cyberattack it suffered in May 2024, increasing the number of impacted individuals to 1.6 million. | Incindent | |
| 20.4.25 | Infamous message board 4chan taken down following major hack | 4chan, a notorious online forum, was taken offline earlier today after what appears to be a significant hack and has since been loading intermittently. | Hack | |
| 20.4.25 | Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 | Microsoft announced it will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications later this month. | OS | BleepingComputer |
| 20.4.25 | Microsoft: Exchange 2016 and 2019 reach end of support in six months | Microsoft warned that Exchange 2016 and Exchange 2019 will reach the end of support six months from now, on October 14. | OS | BleepingComputer |
| 20.4.25 | Google adds Android auto-reboot to block forensic data extractions | Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. | OS | |
| 20.4.25 | Microsoft warns of CPU spikes when typing in classic Outlook | Microsoft warned Windows users of increased CPU usage when typing while using recent versions of the classic Outlook email client. | OS | BleepingComputer |
| 20.4.25 | Hertz confirms customer info, drivers' licenses stolen in data breach | Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. | Incindent | BleepingComputer |
| 20.4.25 | Govtech giant Conduent confirms client data stolen in January cyberattack | American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack. | Incindent | BleepingComputer |
| 20.4.25 | Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems | Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH | Virus | The Hacker News |
| 20.4.25 | Cybersecurity firm buying hacker forum accounts to spy on cybercriminals | Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals. | Security | |
| 20.4.25 | SSL/TLS certificate lifespans reduced to 47 days by 2029 | The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. | Security | BleepingComputer |
| 20.4.25 | New ResolverRAT malware targets pharma and healthcare orgs worldwide | A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors. | Virus | |
| 20.4.25 | Meta to resume AI training on content shared by Europeans | Meta announced today that it will soon start training its artificial intelligence models using content shared by European adult users on its Facebook and Instagram social media platforms. | AI | |
| 20.4.25 | Kidney dialysis firm DaVita hit by weekend ransomware attack | Kidney dialysis firm DaVita disclosed Monday it suffered a weekend ransomware attack that encrypted parts of its network and impacted some of its operations. | Ransom | |
| 20.4.25 | Enhancing your DevSecOps with Wazuh, the open source XDR platform | Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle. | Security | |
| 20.4.25 | Microsoft tells Windows users to ignore 0x80070643 WinRE errors | Microsoft says some users might see 0x80070643 installation failures when trying to deploy the April 2025 Windows Recovery Environment (WinRE) updates. | OS | BleepingComputer |
| 20.4.25 | Microsoft: New Windows updates fix Active Directory policy issues | Microsoft has released emergency Windows updates to address a known issue affecting local audit logon policies in Active Directory Group Policy. | OS | BleepingComputer |
| 20.4.25 | OpenAI's GPT-4.1, 4.1 nano, and 4.1 mini models release imminent | According to references spotted on OpenAI's website, the Microsoft-backed AI startup is planning to launch five new models this week, including GPT-4.1, 4.1 nano, and 4.1 mini. | AI | |
| 20.4.25 | Microsoft: Windows Server 2025 restarts break connectivity on some DCs | Microsoft warned IT admins that some Windows Server 2025 domain controllers might become inaccessible after a restart, causing apps and services to fail or remain unreachable. | OS | BleepingComputer |
| 20.4.25 | Chrome 136 fixes 20-year browser history privacy risk | Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users' browsing history through the previously visited links. | Vulnerebility | BleepingComputer |
| 19.4.25 | We discovered China-nexus threat actors deployed custom backdoors on Juniper Networks’ Junos OS routers. | APT blog | Google Threat Intelligence | |
| 19.4.25 | Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. | Social blog | Google Threat Intelligence |
| 19.4.25 | Cyber Attack Surge: In Q1 2025, cyber attacks per organization increased by 47%, reaching an ... | Cyber blog | Checkpoint | |
| 19.4.25 | Executive Summary Check Point Research has been observing a sophisticated phishing campaign conducted by Advanced ... | APT blog | Checkpoint | |
| 19.4.25 | Hacktivists Target Critical Infrastructure, Move Into Ransomware | Hacktivists are increasingly adopting more sophisticated - and destructive - attack types. | Ransom blog | Cyble |
| 19.4.25 | DOGE "Big Balls" Ransomware and the False Connection to Edward Coristine | Cyble investigates the DOGE BIG BALLS Ransomware, analyzing its operation and the false ties made to... | Ransom blog | Cyble |
| 19.4.25 | APT PROFILE – EARTH ESTRIES | Earth Estries is a Chinese Advanced Persistent Threat (APT) group that has gained prominence for its sophisticated cyber espionage activities targeting critical infrastructure and | APT blog | Cyfirma |
| 19.4.25 | Fortnightly Vulnerability Summary | Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products Linux | ColdFusion | FrameMaker | Vulnerebility blog | Cyfirma |
| 19.4.25 | Cyber Espionage Among Allies: Strategic Posturing in an Era of Trade Tensions | Executive Summary In the past decade, a pattern of cyber operations and espionage between the United States and its allies has emerged, complicating relationships traditionally | APT blog | Cyfirma |
| 19.4.25 | SCAMONOMICS THE DARK SIDE OF STOCK & CRYPTO INVESTMENTS IN INDIA | EXECUTIVE SUMMARY At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics employed by malicious actors targeting both organizations | Cryptocurrency blog | Cyfirma |
| 19.4.25 | The Top Firmware and Hardware Attack Vectors | As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. | Attack blog | Eclypsium |
| 19.4.25 | Revolutionizing Your SOC: Welcome to Threat Protection Workbench | Email remains the number one threat vector in today’s cyber landscape, responsible for more than 90% of successful cyberattacks. As the volume and sophistication of email threats grow, security operations center (SOC) teams are under constant pressure to investigate and respond to incidents more quickly. Even with strong detection, the sheer number of alerts and investigation steps can slow down response times and strain already limited resources—leading to fatigue and increasing the risk of missed threats. | Security blog | PROOFPOINT |
| 19.4.25 | Around the World in 90 Days: State-Sponsored Actors Try ClickFix | While primarily a technique affiliated with cybercriminal actors, Proofpoint researchers discovered state-sponsored actors in multiple campaigns using the ClickFix social engineering technique for the first time. | Malware blog | PROOFPOINT |
| 19.4.25 | The Expanding Attack Surface: Ways That Attackers Compromise Trusted Business Communications | The modern workplace has expanded beyond email. Attackers now exploit collaboration tools, supplier relationships and human trust to bypass defenses and compromise accounts. This five-part blog series raises awareness around these shifting attack tactics. And it introduces our holistic approach to protecting users. | Attack blog | PROOFPOINT |
| 19.4.25 | Cybersecurity Stop of the Month: Bitcoin Scam—How Cybercriminals Lure Victims with Free Crypto to Steal Credentials and Funds | In recent years, cryptocurrency has grown from a niche interest into a mainstream financial ecosystem. This evolution, however, hasn’t been without drawbacks. Namely, it has attracted cybercriminals who use the allure of digital wealth to perpetrate sophisticated fraud schemes. In 2023, illicit crypto addresses received at least $46.1 billion, up from $24.2 billion. This underscores how rapidly crypto-related crimes are spreading. | Cryptocurrency blog | PROOFPOINT |
| 19.4.25 | Threat actors misuse Node.js to deliver malware and other malicious payloads | Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration. | Malware blog | Microsoft blog |
| 19.4.25 | ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains | In ZDI-23-1527 and ZDI-23-1528 we uncover two possible scenarios where attackers could have compromised the Microsoft PC Manager supply chain. | Vulnerebility blog | Trend Micro |
| 19.4.25 | BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets | A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt. | Malware blog | Trend Micro |
| 19.4.25 | Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks | A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk. | Vulnerebility blog | Trend Micro |
| 19.4.25 | Top 10 for LLM & Gen AI Project Ranked by OWASP | Trend Micro has become a Gold sponsor of the OWASP Top 10 for LLM and Gen AI Project, merging cybersecurity expertise with OWASP's collaborative efforts to address emerging AI security risks. This partnership underscores Trend Micro's unwavering commitment to advancing AI security, ensuring a secure foundation for the transformative power of AI. | AI blog | Trend Micro |
| 19.4.25 | CrazyHunter Campaign Targets Taiwanese Critical Sectors | This blog entry details research on emerging ransomware group CrazyHunter, which has launched a sophisticated campaign aimed at Taiwan's essential services. | Ransom blog | Trend Micro |
| 19.4.25 | Nova RaaS: The Ransomware That ‘Spares’ Schools and Nonprofits—For Now | A new ransomware group calling themselves Nova RaaS, or ransomware-as-a-service, has been active for the past month distributing RaLord ransomware. On their blog, they claim to have no affiliations with other cybercriminal groups—and, in a surprising twist, say they’ve pledged not to target schools or nonprofit organizations. | Ransom blog | SonicWall |
| 19.4.25 | CVE-2025-29927: Next.js Middleware Can Be Bypassed with Crafted Header | The SonicWall Capture Labs threat research team became aware of an authorization bypass vulnerability in Next.js, assessed its impact, and developed mitigation measures. Next.js is a react framework designed to simplify building web applications, focusing on performance, SEO, and ease of use. It provides features like server-side rendering (SSR), static site generation (SSG), and automatic code splitting, making it a popular choice for building fast and scalable web applications. | Vulnerebility blog | SonicWall |
| 19.4.25 | Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis | In December 2024, we uncovered an attack chain that employs distinct, multi-layered stages to deliver malware like Agent Tesla variants, Remcos RAT or XLoader. Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution. The phishing campaign we analyzed used deceptive emails posing as an order release request to deliver a malicious attachment. | Malware blog | Palo Alto |
| 19.4.25 | Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware | Slow Pisces (aka Jade Sleet, TraderTraitor, PUKCHONG) is a North Korean state-sponsored threat group primarily focused on generating revenue for the DPRK regime, typically by targeting large organizations in the cryptocurrency sector. This article analyzes their campaign that we believe is connected to recent cryptocurrency heists. | APT blog | Palo Alto |
| 19.4.25 | CVE-2025-24054, NTLM Exploit in the Wild | CVE-2025-24054 is a vulnerability related to NTLM hash disclosure via spoofing, which can be exploited using a maliciously crafted .library-ms file. Active exploitation in the wild has been observed since March 19, 2025, potentially allowing attackers to leak NTLM hashes or user passwords and compromise systems. Although Microsoft released a patch on March 11, 2025, threat actors already had over a week to develop and deploy exploits before the vulnerability began to be actively abused. | Vulnerebility blog | Checkpoint |
| 19.4.25 | Renewed APT29 Phishing Campaign Against European Diplomats | Check Point Research has been tracking an advanced phishing campaign conducted by APT29, a Russia linked threat group, which is targeting diplomatic entities across Europe. | APT blog | Checkpoint |
| 19.4.25 | Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking | Process Injection is one of the important techniques in the attackers’ toolkit. In the constant cat-and-mouse game, attackers try to invent its new implementations that bypass defenses, using creative methods and lesser-known APIs. | Hacking blog | Checkpoint |
| 19.4.25 | Care what you share | In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it's important to question the platforms you interact with online. | AI blog | Palo Alto |
| 19.4.25 | Unmasking the new XorDDoS controller and infrastructure | Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks. | Malware blog | Palo Alto |
| 19.4.25 | Year in Review: The biggest trends in ransomware | This week, our Year in Review spotlight is on ransomware—where low-profile tactics led to high-impact consequences. Download our 2 page ransomware summary, or watch our 55 second video. | Ransom blog | Palo Alto |
| 19.4.25 | Eclipse and STMicroelectronics vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in STMicroelectronics. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adh | Vulnerebility blog | Palo Alto |
| 19.4.25 | CapCut copycats are on the prowl | Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead | AI blog | Eset |
| 19.4.25 | They’re coming for your data: What are infostealers and how do I stay safe? | Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data | Cyber blog | |
| 19.4.25 | Attacks on the education sector are surging: How can cyber-defenders respond? | Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk? | Attack blog | |
| 19.4.25 | From Shadow to Spotlight: The Evolution of LummaStealer and Its Hidden Secrets | This article is a continuation of the previous research published on the malware LummaStealer: "Your Data Is Under New Lummanagement: The Rise of LummaStealer". | Malware blog | Cybereason |
| 19.4.25 | The Windows Registry Adventure #6: Kernel-mode objects | Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses | Cyber blog | Project Zero |
| 19.4.25 | Closing the Security Gap From Threat Hunting to Detection Engineering | Learn how to use existing tooling to perform threat hunting and detection engineering to find hidden threats and strengthen your defenses. | Cyber blog | Trelix |
| 19.4.25 | ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware | ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions | Vulnerebility | The Hacker News |
| 19.4.25 | Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States | Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft | Phishing | The Hacker News |
| 18.4.25 | Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader | A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such | Virus | The Hacker News |
| 18.4.25 | Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT | Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS , with 71.3 percent of the | Virus | The Hacker News |
| 18.4.25 | CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known | Vulnerebility | The Hacker News |
| 18.4.25 | Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates | The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously | APT | The Hacker News |
| 17.4.25 | State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns | Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to | Virus | The Hacker News |
| 17.4.25 | Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution | A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. | Vulnerebility | The Hacker News |
| 17.4.25 | Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers | Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data | Virus | The Hacker News |
| 17.4.25 | CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access ( SMA ) 100 | Exploit | The Hacker News |
| 17.4.25 | Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks | Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under | Exploit | The Hacker News |
| 17.4.25 | New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs | Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local | Attack | The Hacker News |
| 17.4.25 | Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024 | Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems | Cyber | The Hacker News |
| 16.4.25 | Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins | Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to | AI | The Hacker News |
| 16.4.25 | New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks | Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting | Virus | The Hacker News |
| 16.4.25 | Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users | Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and | Cryptocurrency | The Hacker News |
| 16.4.25 | U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert | The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures ( CVE ) program will expire | BigBrothers | The Hacker News |
| 16.4.25 | Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool | The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a | Virus | The Hacker News |
| 16.4.25 | Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence | A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain | Vulnerebility | The Hacker News |
| 16.4.25 | Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders | Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders | Hack | The Hacker News |
| 15.4.25 | Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds | Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people | Security | The Hacker News |
| 15.4.25 | Crypto Developers Targeted by Python Malware Disguised as Coding Challenges | The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers | APT | The Hacker News |
| 15.4.25 | Gladinet's Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability | A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven | Exploit | The Hacker News |
| 15.4.25 | Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval | Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, | AI | The Hacker News |
| 15.4.25 | ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading | Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare | Virus | The Hacker News |
| 15.4.25 | Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft | Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online | Phishing | The Hacker News |
| 15.4.25 | Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT | A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously | Virus | The Hacker News |
| 13.4.25 | Leak confirms OpenAI's GPT 4.1 is coming before GPT 5.0 | OpenAI is working on yet another AI model reportedly called GPT-4.1, a successor to GPT-4o, which is expected to come before GPT 5.0 | AI | BleepingComputer |
| 13.4.25 | Tycoon2FA phishing kit targets Microsoft 365 with new tricks | Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. | Phishing | |
| 13.4.25 | AI-hallucinated code dependencies become new supply chain risk | A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. | AI | BleepingComputer |
| 13.4.25 | Microsoft Defender will isolate undiscovered endpoints to block attacks | Microsoft is testing a new Defender for Endpoint capability that will block traffic to and from undiscovered endpoints to thwart attackers' lateral network movement attempts. | OS | |
| 13.4.25 | Western Sydney University discloses security breaches, data leak | Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. | Incindent | |
| 13.4.25 | Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks | Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. | Vulnerebility | |
| 13.4.25 | Microsoft: Windows 'inetpub' folder created by security fix, don’t delete | Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty "inetpub" folder and warned users not to delete it. | OS | |
| 13.4.25 | Google's AI video generator Veo 2 is rolling out on AI Studio | Google's AI video generator tool Veo 2, which is the company's take on OpenAI's Sora, is now rolling out to some users in the United States. | AI | BleepingComputer |
| 13.4.25 | US lab testing provider exposed health data of 1.6 million people | Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems. | Incindent | BleepingComputer |
| 13.4.25 | Campaign Targets Amazon EC2 Instance Metadata via SSRF | Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS. | Vulnerebility blog | F5 |
| 13.4.25 | Microsoft says Edge browser is now 9% faster after optimizations | Microsoft claims its Chromium-based Microsoft Edge has seen up to 9% performance improvements following the release of version 134. | OS | |
| 13.4.25 | Ransomware attack cost IKEA operator in Eastern Europe $23 million | Fourlis Group, the operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, has informed that the ransomware attack it suffered just before Black Friday on November 27, 2024, caused losses estimated to €20 million ($22.8M). | Ransom | |
| 13.4.25 | Hackers exploit WordPress plugin auth bypass hours after disclosure | Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. | Exploit | |
| 13.4.25 | Microsoft releases emergency update to fix Office 2016 crashes | Microsoft has released an out-of-band Office update to fix a known issue that caused Word, Excel, and Outlook to crash after installing the KB5002700 security update for Office 2016. | OS | |
| 13.4.25 | OpenAI wants ChatGPT to 'know you over your life' with new Memory update | OpenAI is giving ChatGPT's memory feature its biggest upgrade yet, allowing the AI to know you better by referencing all your past conversations. | AI | BleepingComputer |
| 13.4.25 | Russian hackers attack Western military mission using malicious drive | The Russian state-backed hacking group Gamaredon (aka "Shuckworm") has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. | BigBrothers | BleepingComputer |
| 13.4.25 | Sensata Technologies hit by ransomware attack impacting operations | Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations. | Ransom | BleepingComputer |
| 13.4.25 | ChatGPT's o4-mini, o4-mini-high and o3 spotted ahead of release | OpenAI is preparing to launch as many as three new AI models, possibly called "o4-mini", "o4-mini-high" and "o3". | AI | BleepingComputer |
| 13.4.25 | Google takes on Cursor with Firebase Studio, its AI builder for vibe coding | Google has quietly launched Firebase Studio, which is a cloud-based AI-powered integrated development environment that lets you build full-fledged apps using prompts. | AI | BleepingComputer |
| 13.4.25 | Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials | A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. | Hack | BleepingComputer |
| 13.4.25 | Oracle says "obsolete servers" hacked, denies cloud breach | Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers." | Incindent | BleepingComputer |
| 13.4.25 | Windows 11 April update unexpectedly creates new 'inetpub' folder | Microsoft's April 2025 Patch Tuesday updates are strangely creating an empty "inetpub" folder in the root of the C:\ drive, even on systems that do not have Internet Information Services (IIS) installed. | OS | BleepingComputer |
| 13.4.25 | Critical FortiSwitch flaw lets hackers change admin passwords remotely | Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. | Vulnerebility | BleepingComputer |
| 12.4.25 | CentreStack RCE exploited as zero-day to breach file sharing servers | Hackers exploited a vulnerability in Gladinet CentreStack's secure file-sharing software as a zero-day since March to breach storage servers | Exploit | |
| 12.4.25 | Who's calling? The threat of AI-powered vishing attacks | AI is making voice phishing (vishing) more dangerous than ever, with scammers cloning voices in seconds to trick employees into handing over their credentials. Learn how to defend your organization with Specops Secure Service Desk. | AI | |
| 12.4.25 | Microsoft: April 2025 updates break Windows Hello on some PCs | Microsoft says some Windows users might be unable to log into their accounts via Windows Hello after installing the April 2025 security updates. | OS | |
| 12.4.25 | Phishing kits now vet victims in real-time before stealing credentials | Phishing actors are employing a new evasion tactic called 'Precision-Validated Phishing' that only shows fake login forms when a user enters an email address that the threat actors specifically targeted. | Phishing | |
| 12.4.25 | Police detains Smokeloader malware customers, seizes servers | In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals. | Virus | BleepingComputer |
| 12.4.25 | Fake Microsoft Office add-in tools push malware via SourceForge | Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency. | Virus | BleepingComputer |
| 12.4.25 | Microsoft fixes auth issues on Windows Server, Windows 11 24H2 | Microsoft has fixed a known issue causing authentication problems when Credential Guard is enabled on systems using the Kerberos PKINIT pre-auth security protocol. | OS | BleepingComputer |
| 12.4.25 | Microsoft: Windows CLFS zero-day exploited by ransomware gang | Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems. | OS | BleepingComputer |
| 12.4.25 | Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws | Today is Microsoft's April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. | OS | BleepingComputer |
| 12.4.25 | Windows 10 KB5055518 update fixes random text when printing | Microsoft has released the KB5055518 cumulative update for Windows 10 22H2 and Windows 10 21H2, with nine changes or fixes. | OS | BleepingComputer |
| 12.4.25 | Windows 11 KB5055523 & KB5055528 cumulative updates released | Microsoft has released Windows 11 KB5055523 and KB5055528 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. | OS | BleepingComputer |
| 12.4.25 | Hackers lurked in Treasury OCC’s systems since June 2023 breach | Unknown attackers who breached the Treasury's Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails. | Incindent | BleepingComputer |
| 12.4.25 | WhatsApp flaw can let attackers run malicious code on Windows PCs | Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. | Social | BleepingComputer |
| 12.4.25 | ICS Vulnerability Report: Energy, Manufacturing Device Fixes Urged by Cyble | Multiple industrial control system (ICS) devices are affected by vulnerabilities carrying severity ratings as high as 9.9. | ICS blog | Cyble |
| 12.4.25 | IT Vulnerability Report: VMware, Microsoft Fixes Urged by Cyble | After investigating recent IT vulnerabilities, Cyble threat researchers identified eight high-priority fixes for security teams. | Vulnerebility blog | Cyble |
| 12.4.25 | Ransomware Attack Levels Remain High as Major Change Looms | March saw a potential leadership shift in ransomware attacks, sustained high attack volumes, and the rise of new threat groups. | Ransom blog | Cyble |
| 12.4.25 | TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications | Cyble analyzes TsarBot, a newly identified Android banking Trojan that employs overlay attacks to target over 750 banking, financial, and cryptocurrency applications worldwide. | Malware blog | Cyble |
| 12.4.25 | Hacktivists Increasingly Target France for Its Diplomatic Efforts | Pro-Russian and pro-Palestinian hacktivist groups share a common adversary in France, leading to coordinated cyberattacks against the country. | BigBrother blog | Cyble |
| 12.4.25 | CVE-2025-24813: Remote Code Execution in Apache Tomcat via Malicious Session Deserialization | CVE-2025-24813: Remote Code Execution in Apache Tomcat via Malicious Session Deserialization Apache Tomcat is a popular, open-source web server and servlet container maintained by the Apache Software Foundation. It provides a reliable and scalable environment for executing Java Servlets... | Vulnerebility blog | Seqrite |
| 12.4.25 | Beware! Fake ‘NextGen mParivahan’ Malware Returns with Enhanced Stealth and Data Theft | Cybercriminals continually refine their tactics, making Android malware more insidious and challenging to detect. A new variant of the fake NextGen mParivahan malware has emerged, following its predecessor’s deceptive strategies but introducing significant enhancements. Previously, attackers exploited the government’s. | Malware blog | Seqrite |
| 12.4.25 | Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks | Seqrite Labs APT team has uncovered new tactics of Pakistan-linked SideCopy APT deployed since the last week of December 2024. The group has expanded its scope of targeting beyond Indian government, defence, maritime sectors, and university students to now. | APT blog | Seqrite |
| 12.4.25 | Kimsuky: A Continuous Threat to South Korea with Deceptive Tactics | Kimsuky: A Continuous Threat to South Korea with Deceptive Tactics Contents Introduction Infection Chain Initial Findings Campaign 1 Looking into PDF document. Campaign 2 Looking into PDF document. Technical Analysis Campaign 1 & 2 Conclusion Seqrite Protection MITRE ATT&CK... | APT blog | Seqrite |
| 12.4.25 | NEPTUNE RAT : An advanced Windows RAT with System Destruction Capabilities and Password Exfiltration from 270+ Applications | At CYFIRMA, we are committed to providing up-to-date insights into current threats and the tactics used by malicious actors targeting both organizations and individuals. In this report, we will take an in-depth look at the latest version of Neptune RAT, which has been shared on GitHub using a technique involving PowerShell commands: | Malware blog | Cyfirma |
| 12.4.25 | CYFIRMA INDUSTRY REPORT : MATERIALS INDUSTRY | The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each week for a quarter. This report focuses on the materials industry, presenting key trends and statistics in an engaging infographic format. | Cyber blog | Cyfirma |
| 12.4.25 | TRACKING RANSOMWARE – MARCH 2025 | In March 2025, ransomware attacks targeted critical industries such as Manufacturing, IT, and Healthcare. Notable groups like Black Basta and Moonstone Sleet evolved new strategies, such as automating brute-force VPN attacks and deploying ransomware-as-a-service models. | Ransom blog | Cyfirma |
| 12.4.25 | Tik-Tok : China’s Digital Weapon System? | U.S. President Donald Trump, once a critic but now a supporter of TikTok, is granting the app’s China-based parent company, ByteDance, a second 75-day extension to finalize a deal that would transfer ownership of TikTok to an American entity. | Social blog | Cyfirma |
| 12.4.25 | Microsoft Announces New Authentication Requirements for High-Volume Senders | There was a lot of buzz in security and messaging circles at the end of 2023 when Google, Yahoo and Apple jointly announced that they were going to start enforcing strict email authentication requirements for bulk email senders. Although the implementation that started in the first quarter of 2024 has been slow to fully ramp up, momentum is building. And the overall trend towards mandatory email authentication is quite clear. | Safety blog | PROOFPOINT |
| 12.4.25 | The Expanding Attack Surface: Why Collaboration Tools Are the New Front Line in Cyberattacks | The modern workplace has expanded beyond email. Attackers now exploit collaboration tools, supplier relationships and human trust to bypass defenses and compromise accounts. This five-part blog series raises awareness around these shifting attack tactics. And it introduces our holistic approach to protecting users. | Spam blog | PROOFPOINT |
| 12.4.25 | Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI | Exchange Server and SharePoint Server are business-critical assets and considered crown jewels for many organizations, making them attractive targets for attacks. | Attack blog | Microsoft blog |
| 12.4.25 | Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks | A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk. | AI blog | |
| 12.4.25 | CTEM + CREM: Aligning Your Cybersecurity Strategy | Organizations looking to implement CTEM don’t have to start from scratch. CREM can help you get there faster, with actionable insights, automated workflows, and continuous risk reduction. | Cyber blog | |
| 12.4.25 | GTC 2025: AI, Security & The New Blueprint | From quantum leaps to AI factories, GTC 2025 proved one thing: the future runs on secure foundations. | AI blog | |
| 12.4.25 | Microsoft Security Bulletin Coverage for April 2025 | Microsoft’s April 2025 Patch Tuesday has 123 vulnerabilities, of which 49 are Elevation of Privilege. SonicWall Capture Labs' threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2025 and has produced coverage for ten of the reported vulnerabilities | Vulnerebility blog | SonicWall |
| 12.4.25 | How Prompt Attacks Exploit GenAI and How to Fight Back | Palo Alto Networks has released “Securing GenAI: A Comprehensive Report on Prompt Attacks: Taxonomy, Risks, and Solutions,” which surveys emerging prompt-based attacks on AI applications and AI agents. While generative AI (GenAI) has many valid applications for enterprise productivity, there is also potential for critical security vulnerabilities in AI applications and AI agents. | AI blog | Palo Alto |
| 12.4.25 | Available now: 2024 Year in Review | Download Talos' 2024 Year in Review now, and access key insights on the top targeted vulnerabilities of the year, network-based attacks, email threats, adversary toolsets, identity attacks, multi-factor authentication (MFA) abuse, ransomware and AI-based attacks. | Cyber blog | Palo Alto |
| 12.4.25 | Threat actors thrive in chaos | Martin delves into how threat actors exploit chaos, offering insights from Talos' 2024 Year in Review on how to fortify defenses against evolving email lures and frequently targeted vulnerabilities, even amidst economic disruption. | Cyber blog | Palo Alto |
| 12.4.25 | Unraveling the U.S. toll road smishing scams | Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America. | Spam blog | Palo Alto |
| 12.4.25 | Microsoft Patch Tuesday for April 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for April of 2025 which includes 126 vulnerabilities affecting a range of products, including 11 that Microsoft has marked as “critical”. | Vulnerebility blog | Palo Alto |
| 12.4.25 | Year in Review: Key vulnerabilities, tools, and shifts in attacker email tactics | From Talos' 2024 Year in Review, here are some findings from the top targeted network device vulnerabilities. We also explore how threat actors are moving away from time sensitive lures in their emails. And finally we reveal the tools that adversaries most heavily utilized last year. | Cyber blog | Palo Alto |
| 12.4.25 | One mighty fine-looking report | Hazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files. | BigBrother blog | Palo Alto |
| 12.4.25 | Watch out for these traps lurking in search results | Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results | Cyber blog | Eset |
| 12.4.25 | So your friend has been hacked: Could you be next? | When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe. | Cyber blog | |
| 12.4.25 | 1 billion reasons to protect your identity online | Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t. | Cyber blog | |
| 12.4.25 | Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit | Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to | Exploit | The Hacker News |
| 11.4.25 | Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors | The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul . The activity, | Hack | The Hacker News |
| 11.4.25 | Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways | Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat hunters warned of a | Attack | The Hacker News |
| 11.4.25 | SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps | Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware | Virus | The Hacker News |
| 11.4.25 | OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation | A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public | Exploit | The Hacker News |
| 10.4.25 | New Mirai botnet behind surge in TVT DVR exploitation | A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices. | BotNet | |
| 10.4.25 | AWS rolls out ML-KEM to secure TLS from quantum threats | Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager, making TLS connections more secure. | Safety | |
| 10.4.25 | EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher | EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. | CyberCrime | |
| 10.4.25 | Microsoft delays WSUS driver sync deprecation indefinitely | Microsoft announced today that, based on customer feedback, it will indefinitely delay removing driver synchronization in Windows Server Update Services (WSUS). | OS | |
| 10.4.25 | Six arrested for AI-powered investment scams that stole $20 million | Spain's police arrested six individuals behind a large-scale cryptocurrency investment scam that used AI tools to generate deepfake ads featuring popular public figures to lure people. | AI | BleepingComputer |
| 10.4.25 | Everest ransomware's dark web leak site defaced, now offline | The dark web leak site of the Everest ransomware gang has apparently been hacked over the weekend by an unknown attacker and is now offline. | Ransom | BleepingComputer |
| 10.4.25 | Google fixes Android zero-days exploited in attacks, 60 other flaws | Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks. | OS | BleepingComputer |
| 10.4.25 | Malicious VSCode extensions infect Windows with cryptominers | Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer for Monero. | Cryptocurrency | BleepingComputer |
| 10.4.25 | Food giant WK Kellogg discloses data breach linked to Clop ransomware | US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. | Incindent | BleepingComputer |
| 10.4.25 | Windows 11 24H2 blocked on PCs with code-obfuscation driver BSODs | Microsoft has introduced a new Windows 11 24H2 safeguard hold for systems running security or enterprise software using SenseShield Technology's sprotect.sys driver. | OS | BleepingComputer |
| 10.4.25 | E-ZPass toll payment texts return in massive phishing wave | An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information. | Phishing | BleepingComputer |
| 10.4.25 | OpenAI tests watermarking for ChatGPT-4o Image Generation model | OpenAI is reportedly testing a new "watermark" for the Image Generation model, which is a part of the ChatGPT 4o model. | AI | BleepingComputer |
| 10.4.25 | Carding tool abusing WooCommerce API downloaded 34K times on PyPI | A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. | Cryptocurrency | BleepingComputer |
| 10.4.25 | Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes | Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if | Vulnerebility | The Hacker News |
| 10.4.25 | Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses | Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries and | Cryptocurrency | The Hacker News |
| 10.4.25 | Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine | The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine | BigBrothers | The Hacker News |
| 10.4.25 | Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence | Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. "In | BigBrothers | The Hacker News |
| 10.4.25 | AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections | Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that's used to spam website chats, comment | BotNet | The Hacker News |
| 9.4.25 | Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages | Lovable , a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to | AI | The Hacker News |
| 9.4.25 | New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner | A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a | Virus | The Hacker News |
| 9.4.25 | PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware | Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware | Exploit | The Hacker News |
| 9.4.25 | CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known | Vulnerebility | The Hacker News |
| 9.4.25 | Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability | Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been | Vulnerebility | The Hacker News |
| 9.4.25 | Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered | Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that | Vulnerebility | The Hacker News |
| 9.4.25 | Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw | Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password | Vulnerebility | The Hacker News |
| 9.4.25 | Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal | Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully | Vulnerebility | The Hacker News |
| 9.4.25 | Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings | Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge , a popular software | Cryptocurrency | The Hacker News |
| 8.4.25 | UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine | The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing | BigBrothers | The Hacker News |
| 8.4.25 | CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation | A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known | Vulnerebility | The Hacker News |
| 8.4.25 | Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities | Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE- | Vulnerebility | The Hacker News |
| 7.4.25 | CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks | Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique | BigBrothers | The Hacker News |
| 7.4.25 | PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks | A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email | Cryptocurrency | The Hacker News |
| 6.4.25 | The beginning of the end: the story of Hunters International | Learn about technical details on the ransomware and Storage Software tool, how the criminals use the affiliate panel as well as information on the Hunters International ransomware group from its emergence to the end of the operation. | BigBrother blog | Group-IB |
| 6.4.25 | Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws | A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, | Vulnerebility | The Hacker News |
| 6.4.25 | Coinbase to fix 2FA account activity entry freaking out users | Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised. | Cryptocurrency | |
| 6.4.25 | WinRAR flaw bypasses Windows Mark of the Web security alerts | A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. | Vulnerebility | |
| 6.4.25 | Port of Seattle says ransomware breach impacts 90,000 people | Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. | Ransom | |
| 6.4.25 | PoisonSeed phishing campaign behind emails with wallet seed phrases | A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. | Phishing | |
| 6.4.25 | Australian pension funds hit by wave of credential stuffing attacks | Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts. | Incindent | BleepingComputer |
| 6.4.25 | Europcar GitLab breach exposes data of up to 200,000 customers | A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. | Incindent | BleepingComputer |
| 6.4.25 | OpenAI's $20 ChatGPT Plus is now free for students until the end of May | ChatGPT Plus subscription is now free, but only if you're a student based out of the United States of America and Canada. | AI | BleepingComputer |
| 6.4.25 | Max severity RCE flaw discovered in widely used Apache Parquet | A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. | Vulnerebility | BleepingComputer |
| 6.4.25 | Hunters International shifts from ransomware to pure data extortion | The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to data theft and extortion-only attacks. | Ransom | BleepingComputer |
| 6.4.25 | Microsoft starts testing Windows 11 taskbar icon scaling | Microsoft is testing a new taskbar icon scaling feature that automatically scales down Windows taskbar icons to show more apps when it gets too overcrowded. | OS | |
| 6.4.25 | CISA warns of Fast Flux DNS evasion used by cybercrime gangs | CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. | BigBrothers | |
| 6.4.25 | Ivanti patches Connect Secure zero-day exploited since mid-March | Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. | Vulnerebility | |
| 6.4.25 | Texas State Bar warns of data breach after INC ransomware claims attack | The State Bar of Texas is warning it suffered a data breach after the INC ransomware gang claimed to have breached the organization and began leaking samples of stolen data. | Ransom | BleepingComputer |
| 6.4.25 | Oracle privately confirms Cloud breach to customers | Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017. | Security | BleepingComputer |
| 6.4.25 | Recent GitHub supply chain attack traced to leaked SpotBugs token | A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects. | Hack | BleepingComputer |
| 6.4.25 | Genetic data site openSNP to close and delete data over privacy concerns | The openSNP project, a platform for sharing genetic and phenotypic data, will shut down on April 30, 2025, and delete all user submissions over privacy concerns and the risk of misuse by authoritarian governments. | Security | BleepingComputer |
| 6.4.25 | Verizon Call Filter API flaw exposed customers' incoming call history | A vulnerability in Verizon's Call Filter feature allowed customers to access the incoming call logs for another Verizon Wireless number through an unsecured API request. | Vulnerebility | BleepingComputer |
| 5.4.25 | North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages | The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more | Virus | The Hacker News |
| 5.4.25 | Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data | Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information. | Virus | The Hacker News |
| 5.4.25 | GitHub expands security tools after 39 million secrets leaked in 2024 | Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks. | Incindent | |
| 5.4.25 | Microsoft adds hotpatching support to Windows 11 Enterprise | Microsoft has announced that hotpatch updates are now available for business customers using Windows 11 Enterprise 24H2 on x64 (AMD/Intel) systems, starting today. | OS | |
| 5.4.25 | Royal Mail investigates data leak claims, no impact on operations | Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company's systems. | Incindent | |
| 5.4.25 | ChatGPT is down worldwide with something went wrong error | ChatGPT, the famous artificial intelligence chatbot that allows users to converse with various personalities and topics, has connectivity issues worldwide. | AI | |
| 5.4.25 | Police shuts down KidFlix child sexual exploitation platform | Kidflix, one of the largest platforms used to host, share, and stream child sexual abuse material (CSAM) on the dark web, was shut down on March 11 following a joint action coordinated by German law enforcement. | CyberCrime | BleepingComputer |
| 5.4.25 | Counterfeit Android devices found preloaded with Triada malware | A new version of the Triada trojan has been discovered preinstalled on thousands of new Android devices, allowing threat actors to steal data as soon as they are set up. | Virus | BleepingComputer |
| 5.4.25 | Cisco warns of CSLU backdoor admin account used in attacks | Cisco warns admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor admin account now used in attacks. | Vulnerebility | BleepingComputer |
| 5.4.25 | New Windows 11 trick lets you bypass Microsoft Account requirement | A previously unknown trick lets you easily bypass using a Microsoft Account in Windows 11, just as Microsoft tries to make it harder to use local accounts. | OS | BleepingComputer |
| 5.4.25 | North Korean IT worker army expands operations in Europe | North Korea's IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. | APT | BleepingComputer |
| 5.4.25 | Google rolls out easy end-to-end encryption for Gmail business users | Google has started rolling out a new end-to-end encryption (E2EE) model for Gmail enterprise users, making it easier to send encrypted emails to any recipient. | Safety | |
| 5.4.25 | Nearly 24,000 IPs behind wave of Palo Alto Global Protect scans | A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with researchers concerned it may be a prelude to an upcoming attack or flaw being exploited. | Security | |
| 5.4.25 | Apple backports zero-day patches to older iPhones and Macs | Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. | OS | |
| 5.4.25 | Critical auth bypass bug in CrushFTP now exploited in attacks | Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. | Vulnerebility | BleepingComputer |
| 5.4.25 | VMware Workstation auto-updates broken after Broadcom URL redirect | VMware Workstation users report that the software's automatic update functionality is broken after Broadcom redirected the download URL to its generic support page, triggering certificate errors. | Security | BleepingComputer |
| 5.4.25 | OpenAI says Deep Research is coming to ChatGPT free "very soon" | OpenAI has confirmed that its powerful AI agent "Deep Research" will begin rolling out to free users "very soon." At the moment, Deep Research is available only for Plus and Enterprise customers. | AI | BleepingComputer |
| 5.4.25 | SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack | The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" | Hack | The Hacker News |
| 5.4.25 | Ransomware Attack Levels Remain High as Major Change Looms | March saw a potential leadership shift in ransomware attacks, sustained high attack volumes, and the rise of new threat groups. | Ransom blog | Cyble |
| 5.4.25 | Critical CrushFTP Authentication Bypass (CVE-2025-2825) Exposes Servers to Remote Attacks | The SonicWall Capture Labs threat research team became aware of an authentication bypass vulnerability in CrushFTP Servers, assessed its impact, and developed mitigation measures. CrushFTP is a resourceful enterprise-grade file transfer application used widely among organizations. It also supports multi-protocols for data exchange among systems and users with S3-compatible API access. | Vulnerebility blog | SonicWall |
| 5.4.25 | Hexamethy Ransomware Displays Scary Lock Screen During File Encryption | The Sonicwall Capture Labs threat research team has recently observed new ransomware named HEXAMETHYLCYCLOTRISILOXANE, or Hexamethy in short. This malware produces a scary cinematic display during the encryption process and flashes text stating, “No more files for you,” and “Your files are in hostage by the HEXAMETHYLCYCLOTRISILOXANE Ransomware." | Ransom blog | SonicWall |
| 5.4.25 | Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon | Since late 2024, Unit 42 researchers have observed attackers using several new tactics in phishing documents containing QR codes. One tactic involves attackers concealing the final phishing destination using legitimate websites' redirection mechanisms. | Phishing blog | Palo Alto |
| 5.4.25 | OH-MY-DC: OIDC Misconfigurations in CI/CD | In the course of investigating the use of OpenID Connect (OIDC) within continuous integration and continuous deployment (CI/CD) environments, Unit 42 researchers discovered problematic patterns and implementations that could be leveraged by threat actors to gain access to restricted resources. One instance of such an implementation was identified in CircleCI’s OIDC. | Cyber blog | Palo Alto |
| 5.4.25 | The good, the bad and the unknown of AI: A Q&A with Mária Bieliková | The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us | AI blog | Eset |
| 5.4.25 | This month in security with Tony Anscombe – March 2025 edition | From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news | Cyber blog | |
| 5.4.25 | Resilience in the face of ransomware: A key to business survival | Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage | Cyber blog | |
| 5.4.25 | The Bug Report - March 2025 Edition | March Madness hits infosec: kernel bugs, Tomcat deserialization, and SonicWall shenanigans. Catch the highlights and patch fast before you’re benched! | Vulnerebility blog | Trelix |
| 4.4.25 | Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders | Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. | AI | |
| 4.4.25 | Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks | A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). | Phishing | |
| 4.4.25 | Hackers abuse WordPress MU-Plugins to hide malicious code | Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. | Virus | |
| 4.4.25 | North Korean hackers adopt ClickFix attacks to target crypto firms | The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). | APT | |
| 4.4.25 | Microsoft tests new Windows 11 tool to remotely fix boot crashes | Microsoft has begun testing a new Windows 11 tool called Quick Machine Recovery, which is designed to remotely deploy fixes for buggy drivers and configurations that prevent the operating system from starting. | OS | |
| 4.4.25 | New Crocodilus malware steals Android users’ crypto wallet keys | A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. | Virus | |
| 4.4.25 | Microsoft's killing script used to avoid Microsoft Account in Windows 11 | Microsoft has removed the 'BypassNRO.cmd' script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system. | OS | BleepingComputer |
| 4.4.25 | Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware | Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. | Vulnerebility | The Hacker News |
| 4.4.25 | OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers | A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting ( BPH ) provider called Proton66 to facilitate their operations. | Virus | |
| 4.4.25 | CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware | The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration | Virus | |
| 4.4.25 | Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code | A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library that, if successfully exploited, could allow a remote attacker to | Vulnerebility | The Hacker News |
| 4.4.25 | Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware | Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use | Phishing | The Hacker News |
| 4.4.25 | New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It | Whether it's CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. | Vulnerebility | |
| 4.4.25 | Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware | The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the | APT | The Hacker News |
| 3.4.25 | Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent | Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to | Vulnerebility | |
| 3.4.25 | Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices | Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android | Virus | |
| 3.4.25 | Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign | Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment | Exploit | The Hacker News |
| 3.4.25 | Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation | In one of the largest coordinated law enforcement operations, authorities have dismantled Kidflix, a streaming platform that offered child sexual abuse material | CyberCrime | The Hacker News |
| 3.4.25 | Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse | Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have | Vulnerebility | |
| 2.4.25 | Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers | Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with | Cryptocurrency | |
| 2.4.25 | FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites | The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan | APT | |
| 2.4.25 | New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth | Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new | Virus | The Hacker News |
| 2.4.25 | Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign | Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm | Cryptocurrency | The Hacker News |
| 2.4.25 | Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform | On the 21st birthday of Gmail , Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email | Safety | |
| 2.4.25 | Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing | A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via | Phishing | |
| 1.4.25 | Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices | Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the | OS | The Hacker News |
| 1.4.25 | Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign | Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly | Hack | |
| 1.4.25 | China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions | Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, | APT | |
| 1.4.25 | Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices | Apple has been hit with a fine of €150 million ($162 million) by France's competition watchdog over the implementation of its App Tracking Transparency | OS | The Hacker News |
| 1.4.25 | Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp | The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors | Virus | |