April, 2025
April 30, 2025 – Vulnerabilities
PowerDNS DNSdist 1.9.9 released, fixing CVE-2025-30194 Full Text
Abstract
A critical vulnerability (CVE-2025-30194) has been identified in PowerDNS DNSdist versions 1.9.0 to 1.9.8, allowing remote attackers to trigger a denial-of-service (DoS) condition when DNS-over-HTTPS (DoH) is configured using the nghttp2 provider.Power DNS
April 30, 2025 – Vulnerabilities
Chrome 136 Released With Patch For 20-Year-Old Privacy Vulnerability Full Text
Abstract
Google has released Chrome 136 for Windows, Mac, and Linux, introducing critical privacy and security enhancements. The update addresses a 23-year-old privacy flaw and patches multiple vulnerabilities, including a critical heap buffer overflow.Cybersecurity News
April 30, 2025 – Vulnerabilities
Researchers Exploit OAuth Misconfigurations to Gain Unrestricted Access to Sensitive Data Full Text
Abstract
A researcher discovered a critical OAuth2 misconfiguration vulnerability. The flaw allowed unauthorized access to sensitive user and business data due to exposed client credentials and a lack of access controls.GBHackers
April 30, 2025 – Vulnerabilities
Zimbra Collaboration GraphQL Flaw Lets Hackers Steal User Information Full Text
Abstract
A critical Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2025-32354, has been identified in Zimbra Collaboration Suite (ZCS) versions 9.0 to 10.1. The flaw resides in the GraphQL endpoint (/service/extension/graphql).GBHackers
April 30, 2025 – Vulnerabilities
Docker Registry Vulnerability Lets macOS Users Access Any Registry Without Authorization Full Text
Abstract
A medium-severity vulnerability (CVE-2025-4095) in Docker Desktop for macOS allows authenticated users to bypass Registry Access Management (RAM) policies and access unapproved container registries.GBHackers
April 30, 2025 – Vulnerabilities
Apache Tomcat security advisory (AV25-239) Full Text
Abstract
Apache has released security advisories addressing vulnerabilities in multiple versions of Apache Tomcat. Users and administrators are urged to review the advisories and apply the necessary updates to maintain system security.Cyber
April 30, 2025 – Malware
New Gremlin Infostealer Distributed on Telegram Full Text
Abstract
Gremlin Stealer is a newly identified C#-based infostealer malware actively promoted on Telegram since March 2025. It targets Windows systems and is capable of harvesting a broad range of sensitive data.Infosecurity Magazine
April 30, 2025 – Vulnerabilities
GPUAF: Two Methods to Root Qualcomm-Based Android Phones Full Text
Abstract
Security researchers have uncovered two critical vulnerabilities—CVE-2024-23380 and CVE-2024-23373—in Qualcomm GPU drivers, affecting a wide range of Android devices from manufacturers such as Samsung, Xiaomi, Honor, and Vivo.GBHackers
April 30, 2025 – Malware
Yet Another NodeJS Backdoor (YaNB): A Modern Challenge Full Text
Abstract
Trustwave SpiderLabs uncovered a resurgence of malicious campaigns in March 2025 that exploit deceptive CAPTCHA verifications to deploy NodeJS-based backdoors. The campaign is referred to as "Yet Another NodeJS Backdoor (YANB)."TrustWave
April 30, 2025 – Malware
In Plain Sight: Uncovering SuperShell & Cobalt Strike from an Open Directory Full Text
Abstract
Hunt researchers uncovered a malicious server, revealing SuperShell C2 payloads and a Linux ELF Cobalt Strike beacon. The server also hosted reconnaissance tools, highlighting the sophistication and layered nature of modern cyber threats.Hunt
April 29, 2025 – Attack
Spike in Git Configuration Crawling Highlights Risk of Codebase Exposure Full Text
Abstract
A major spike in cyber reconnaissance was observed between April 20–21, 2025, with over 4,800 unique IPs attempting to access Git configuration files. This marked the fourth and largest such spike since September 2024.Grey Noise
April 29, 2025 – Attack
French BEC Threat Actor Targets Property Payments Full Text
Abstract
TA2900, is targeting French-speaking individuals with fraudulent rental payment schemes. The campaigns are designed to steal funds by impersonating rental agencies and redirecting rent payments to attacker-controlled bank accounts.Proof Point
April 29, 2025 – Vulnerabilities
Linux Kernel Exploitation Full Text
Abstract
A critical vulnerability in the Linux kernel, CVE-2025-21756 and dubbed Attack of the Vsock, allows local attackers to escalate privileges to root. The flaw resides in VMware vsock driver and affects systems using vsock for inter-VM communication.Hoefler
April 29, 2025 – Vulnerabilities
Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi Full Text
Abstract
Newly discovered vulnerabilities in Apple’s AirPlay protocol could allow attackers to move laterally across networks via Wi-Fi, spreading malware between devices. These pose a risk by enabling attackers to exploit wireless connections.Wired
April 29, 2025 – Attack
Finding Minhook in a sideloading attack – and Sweden too Full Text
Abstract
A sideloading campaign active from late 2023 to early 2024 targeted organisations in East Asia and later Sweden, delivering Cobalt Strike payloads via legitimate Windows executables and malicious DLLs.Sophos
April 29, 2025 – Botnet
Outlaw botnet detected in an incident contained by Kaspersky Full Text
Abstract
Outlaw (also known as “Dota”) is a Perl-based crypto mining botnet that typically takes advantage of weak or default SSH credentials for its operations. Telemetry data showed victims across the US, Germany, Italy, Thailand, and more.Secure List
April 29, 2025 – Phishing
Uyghur Diaspora Group Targeted with Remote Surveillance Malware Full Text
Abstract
A targeted spear phishing campaign has been uncovered against senior members of the World Uyghur Congress (WUC), aiming to deploy surveillance malware. The malware was delivered through a trojanized version of UyghurEditPP.InfoSecurity Magazine
April 29, 2025 – Malware
Technical Malware Analysis Report: Python-based RAT Malware Full Text
Abstract
A newly discovered Python-based Remote Access Trojan (RAT) leverages Discord as its command-and-control (C2) platform, transforming the popular communication tool into a hub for malicious operations.Cyfirma
April 29, 2025 – Malware
HANNIBAL Stealer: A Rebranded Threat Born from Sharp and TX Lineage - CYFIRMA Full Text
Abstract
Hannibal Stealer is a newly surfaced malware, identified as a cracked and rebranded variant of the Sharp and TX stealers, promoted by the reverse engineering group ‘llcppc_reverse.’Cyfirma
April 29, 2025 – Outage
Ransomware gang says it hacked the Malaysia’s Kuala Lumpur International Airport Full Text
Abstract
Ransomware group Qilin (also known as Agenda) claimed responsibility for a cyberattack on Kuala Lumpur International Airport (KLIA) in Malaysia. The attack disrupted flight information displays, check-in counters, and baggage handling systems.CompariTech
April 28, 2025 – Denial Of Service
Cloudflare mitigates record number of DDoS attacks in 2025 Full Text
Abstract
Cloudflare has reported a record-breaking surge in DDoS attacks, mitigating 21.3 million attacks in 2024—a 358% year-over-year (YoY) increase—and already handling 20.5 million attacks in Q1 2025 alone.Bleeping Computer
April 28, 2025 – Vulnerabilities
Viasat Modems Zero-Day Vulnerabilities Let Attackers Execute Remote Code Full Text
Abstract
A severe zero-day vulnerability has been uncovered in multiple Viasat satellite modem models, including the RM4100, RM4200, EM4100, RM5110, RM5111, RG1000, RG1100, EG1000, and EG1020.GBHackers
April 28, 2025 – Vulnerabilities
Critical FastCGI Library Flaw Exposes Embedded Devices to Code Execution Full Text
Abstract
A critical vulnerability (CVE-2025-23016) in the FastCGI library threatens embedded and IoT devices with remote code execution. The flaw, located in the ReadParams function, allows attackers to exploit heap buffer overflows.GBHackers
April 28, 2025 – Vulnerabilities
iOS and Android juice jacking defenses have been trivial to bypass for years Full Text
Abstract
Researchers have revealed that the defenses implemented by Apple and Google against "juice jacking" attacks have been fundamentally flawed. The input establishes a Bluetooth connection to a second miniaturized keyboard inside the malicious charger.ArsTechnica
April 28, 2025 – Criminals
JokerOTP Dismantled After 28,000 Phishing Attacks, 2 Arrested Full Text
Abstract
Two individuals have been arrested in a joint international operation dismantling JokerOTP, a sophisticated phishing tool used to intercept 2FA codes and steal over £7.5 million.HackRead
April 28, 2025 – Vulnerabilities
React Router Vulnerabilities Allow Attackers to Spoof Content and Alter Values Full Text
Abstract
Two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) have been identified in the React Router library, affecting versions 7.0.0 to 7.5.1. Developers must update to version 7.5.2 immediately.GBHackers
April 28, 2025 – Vulnerabilities
NVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at Risk Full Text
Abstract
Trend Micro Research identified two vulnerabilities (CVE-2025-23242 and CVE-2025-23243) in NVIDIA Riva deployments, exposing AI-powered speech and translation services to unauthorized access, resource abuse, and intellectual property theft.Trend Micro
April 28, 2025 – Vulnerabilities
PII Disclosure Full Text
Abstract
A critical vulnerability chain involving CORS misconfiguration, CSRF, and open redirect flaws was discovered, potentially exposing sensitive PII for approximately 170,000 users.Infosec Writeups
April 28, 2025 – Hacker
AgeoStealer: How Social Engineering Targets Gamers Full Text
Abstract
Instead of relying on traditional malware distribution channels, the threat actors behind AgeoStealer leverage a popular communication platform among gamers to directly contact victims to test their video game.Flash Point
April 28, 2025 – Ransomware
VerdaCrypt: The PowerShell Ransomware That Thinks It’s a Philosophy Professor Full Text
Abstract
VerdaCrypt is a sophisticated PowerShell-based ransomware that blends technical stealth with psychological manipulation. Active since April 2025, it operates filelessly and delivers ransom notes filled with philosophical musings.Smith Brendan
April 26, 2025 – Vulnerabilities
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers Full Text
Abstract
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs.The Hacker News
April 26, 2025 – Breach
Interlock ransomware gang started leaking data allegedly stolen from leading kidney dialysis firm DaVita Full Text
Abstract
The group claimed the theft of 1510 GB of sensitive data, including patient records, insurance, and financial information. Interlock leaked DaVita’s alleged stolen files on their data leak site.Security Affairs
April 26, 2025 – APT
Operation SyncHole: Lazarus APT targets supply chains in South Korea Full Text
Abstract
The campaign has been active since at least November 2024, Lazarus Group is targeting South Korean organizations using watering hole tactics and exploiting software vulnerabilities.Security Affairs
April 26, 2025 – Breach
Data breach at Connecticut’s Yale New Haven Health affects over 5 million Full Text
Abstract
A data breach at Connecticut’s largest healthcare system Yale New Haven Health affects more than 5.5 million people, according to a legally required notice with the U.S. government’s health department.Tech Crunch
April 26, 2025 – Breach
Baltimore City Public Schools data breach affects over 31,000 people Full Text
Abstract
Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network.Bleeping Computer
April 25, 2025 – Outage
M&S Shuts Down Online Orders Amid Ongoing Cyber Incident Full Text
Abstract
Marks & Spencer has paused taking online orders as the British retailer continues to tackle an ongoing cyber incident. It is unclear when these services will be restored.Infosecurity Magazine
April 25, 2025 – Ransomware
ELENOR-corp Ransomware Targets Healthcare Sector Full Text
Abstract
A new variant of the Mimic ransomware, named ELENOR-corp (v7.5), has been identified in targeted attacks against the healthcare sector. It has been deployed in a series of attacks on healthcare organizations, leveraging aggressive techniques.Infosecurity Magazine
April 25, 2025 – Malware
Chrome Extension Uses AI Engine to Act Without User Input Full Text
Abstract
Security researchers from ExtensionTotal have discovered a Chrome extension capable of interacting with local Model Context Protocol (MCP) servers without user permission or detection by Chrome’s security mechanisms.Infosecurity Magazine
April 25, 2025 – Criminals
How NFC-Enabled POS Terminals Facilitate Cybercriminal Money Laundering Chains Full Text
Abstract
Chinese cybercriminals are especially active in NFC-enabled fraud and are known for their well-established money laundering chains across multiple continents. They arrange for an NFC-enabled POS terminal and a merchant account linked to it.RESecurity
April 25, 2025 – Vulnerabilities
SonicWall security advisory (AV25-231) - Canadian Centre for Cyber Security Full Text
Abstract
SonicWall has released a security advisory (AV25-231), addressing a vulnerability affecting multiple SonicOS Gen7 and TZ series firewall products. Timely updates are essential to maintain network integrity and prevent unauthorized access.Canadian Centre for Cyber Security
April 24, 2025 – Business
Push Security raises $30M to expand browser-based identity threat detection Full Text
Abstract
Identity security company Push Security Ltd. announced today that it has raised $30 million. The Series B funding round was led by Redpoint Ventures, with Datadog Ventures also participating.Silicon Angle
April 24, 2025 – Phishing
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals Full Text
Abstract
The Darcula phishing-as-a-service (PhaaS) platform has introduced generative AI (GenAI) capabilities, significantly enhancing its accessibility and effectiveness for cybercriminals.The Hacker News
April 24, 2025 – Outage
Cyberattack hits drinking water supplier in Spanish town near Barcelona Full Text
Abstract
Aigües de Mataró, the municipal water utility serving the town of Mataró in Catalonia, Spain, has confirmed a cyberattack that disrupted its corporate IT systems and website.The Record
April 24, 2025 – Vulnerabilities
Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely Full Text
Abstract
A critical vulnerability (CVE-2025-34028) in Commvault Command Center Innovation Release (versions 11.38.0 through 11.38.19) allows unauthenticated remote attackers to execute arbitrary code.The Hacker News
April 24, 2025 – Vulnerabilities
Linux ‘io_uring’ security blindspot allows stealthy rootkit attacks Full Text
Abstract
A critical security blind spot in the Linux kernel's io_uring interface enables stealthy rootkit attacks that bypass traditional runtime security tools. The io_uring interface supports 61 operation types.Bleeping Computer
April 24, 2025 – Vulnerabilities
Redis DoS Flaw Allows Attackers to Crash Servers or Drain Memory Full Text
Abstract
A high-severity DoS vulnerability in Redis, tracked as CVE-2025-21605, allows unauthenticated attackers to crash servers or exhaust memory by exploiting unlimited client output buffers. Redis versions 2.6 and above are affected.GBHackers
April 24, 2025 – General
9X Surge in Ivanti Connect Secure Scanning Activity Full Text
Abstract
A dramatic surge in reconnaissance activity has been detected targeting ICS and Pulse Secure VPN systems. GreyNoise reported a nine-fold increase in scanning activity, with over 1,000 unique IPs involved in the past 90 days.Grey Noise
April 24, 2025 – Vulnerabilities
SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely Full Text
Abstract
SonicWall has disclosed a high-severity vulnerability (CVE-2025-32818) in its SSLVPN Virtual Office interface that allows unauthenticated attackers to remotely crash firewalls, causing denial-of-service (DoS) and widespread network disruptions.GBHackers
April 24, 2025 – Vulnerabilities
BBOT 2.1.0 - Local Privilege Escalation via Malicious Module Execution Full Text
Abstract
A local privilege escalation vulnerability has been identified in BBOT version 2.1.0. When configured with sudo access, BBOT can be exploited to execute malicious Python modules, allowing attackers to escalate privileges and gain root access.Seclists
April 24, 2025 – Malware
DslogdRAT Malware Installed in Ivanti Connect Secure - JPCERT/CC Eyes Full Text
Abstract
A new malware, DslogdRAT, was deployed via a zero-day vulnerability in Ivanti Connect Secure during targeted attacks in Japan. The malware was installed using a Perl-based CGI web shell and exhibits advanced command-and-control capabilities.JPCert
April 23, 2025 – Breach
Blue Shield of California leaked health data of 4.7 million members to Google Full Text
Abstract
Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms.Bleeping Computer
April 23, 2025 – Ransomware
Ransomware groups test new business models to hit more victims, increase profits Full Text
Abstract
DragonForce and Anubis are attempting to entice hackers to come and work with them by adopting affiliate models that would increase the volume of incidents their services can be used in.The Record
April 23, 2025 – APT
Russian APT Gamaredon targets Ukraine with new LNK Full Text
Abstract
Security researchers have uncovered a new campaign by the Russian-affiliated APT group Gamaredon, leveraging the PteroLNK variant of the Pterodo malware family to target Ukrainian military, government, and infrastructure sectors.SC World
April 23, 2025 – Vulnerabilities
Synology Network File System Vulnerability Allows Unauthorized File Access Full Text
Abstract
A critical vulnerability in Synology DiskStation Manager (DSM), tracked as CVE-2025-1021, allows unauthenticated remote attackers to access arbitrary files via the NFS service.GBHackers
April 23, 2025 – Attack
Hackers Deploy New Malware Disguised as Networking Software Updates Full Text
Abstract
A sophisticated backdoor campaign is actively targeting Russian government, financial, and industrial sectors by masquerading as legitimate ViPNet software updates. The malware leverages trusted update mechanisms to infiltrate systems.GBHackers
April 23, 2025 – APT
APT34 Hackers Use Port 8080 for Fake 404 Responses and Shared SSH Keys Full Text
Abstract
Researchers have identified dormant but potentially malicious infrastructure linked to the Iranian threat group APT34 (OilRig), known for targeting sectors such as education, government, energy, telecom, and NGOs.GBHackers
April 23, 2025 – Malware
AsyncRAT Abusing Python and TryCloudflare For Stealthy Malware Delivery Full Text
Abstract
A sophisticated malware campaign has been exploiting Cloudflare’s tunnel infrastructure since at least February 2024 to distribute multiple Remote Access Trojans (RATs), including AsyncRAT.GBHackers
April 23, 2025 – Breach
SK Telecom warns customer USIM data exposed in malware attack Full Text
Abstract
SK Telecom, South Korea’s largest mobile network operator, has disclosed a malware attack that compromised sensitive USIM-related customer data. The malware enabled access to USIM data, which typically includes IMSI, MSISDN, etc.Bleeping Computer
April 23, 2025 – Vulnerabilities
Samsung One UI Vulnerability Leaks Sensitive Data in Plain Text With no expiration! Full Text
Abstract
A significant privacy vulnerability has been discovered in Samsung’s One UI clipboard history feature. The system stores all copied text—including passwords, 2FA codes, and personal data—in plain text indefinitely, without auto-expiry.GBHackers
April 23, 2025 – Education
Cookie-Bite: How Your Digital Crumbs Let Threat Actors Bypass MFA and Maintain Access to Cloud Environments Full Text
Abstract
A new proof-of-concept attack dubbed Cookie-Bite demonstrates how a malicious Chrome extension can steal Azure Entra ID session cookies to bypass multi-factor authentication (MFA) and maintain unauthorized access to Microsoft cloud services.Varonis
April 22, 2025 – Vulnerabilities
Critical Security Vulnerability Found in WordPress Plugin InstaWP Connect Full Text
Abstract
The vulnerability, identified as CVE-2025-2636, specifically impacts older versions of the plugin. Versions prior to 0.1.0.88 are at risk. This security flaw enables unauthorized attackers to remotely execute malicious PHP code on affected websites.The Cyber Express
April 22, 2025 – Business
AI security firm Pillar raises $9m to secure the future of enterprise software Full Text
Abstract
The $9 million seed funding round for Pillar Security was led by Shield Capital, with participation from Golden Ventures, Ground Up Ventures, and a group of strategic angel investors.FinTech
April 22, 2025 – General
Report: $40bn Southeast Asian Scam Sector Growing “Like a Cancer” Full Text
Abstract
The findings are revealed in a new report from the UN Office on Drugs and Crime (UNODC), Inflection Point: Global Implications of Scam Centres, Underground Banking and Illicit Online Marketplaces in Southeast Asia.InfoSecurity Magazine
April 22, 2025 – Vulnerabilities
PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability Full Text
Abstract
The flaw (CVSSv3 10.0) stems from improper handling of SSH protocol messages, enabling attackers to bypass authentication and send malicious payloads during the connection phase.GBHackers
April 22, 2025 – General
Researchers claim breakthrough in fight against AI’s frustrating security hole Full Text
Abstract
Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves.ArsTechnica
April 22, 2025 – Vulnerabilities
Over 50k WordPress Sites at Takeover Risk Via Vulnerable Plugin Full Text
Abstract
Tracked as CVE-2025-3616 and carrying a CVSS score of 8.8, this flaw allows authenticated users — even those with mere subscriber-level access — to upload arbitrary files, including malicious PHP scripts, and execute them remotely.Security Online
April 22, 2025 – Malware
New Malware Mimics Cisco Webex to Target Users in-the-Wild Full Text
Abstract
According to researchers, the attack begins when victims are persuaded to click on malicious meeting links that exploit a vulnerability in Cisco Webex App’s custom URL parser.Cybersecurity News
April 22, 2025 – Vulnerabilities
Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation Full Text
Abstract
A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, could enable attackers to execute arbitrary code and escalate privileges to SYSTEM level on targeted machines.GBHackers
April 22, 2025 – Phishing
Report: Microsoft Remains the Most Targeted Brand for Phishing Attacks in Q1 2025, Mastercard Makes a Comeback Full Text
Abstract
In Q1 2025, Microsoft maintained its position as the most targeted brand, accounting for 36% of all phishing attempts. Google surged to second place with 12%, while Apple remained in the top 3 with 8%.CXO Today
April 22, 2025 – Vulnerabilities
Critical CVE-2025-1976 Vulnerability in Brocade Fabric OS Actively Exploited Full Text
Abstract
A critical security vulnerability has been identified in Brocade Fabric OS, posing a significant risk to affected systems. The vulnerability could allow a local user with admin privileges to execute arbitrary code with full root privileges.Security Online
April 21, 2025 – Vulnerabilities
WordPress ad-fraud plugins generated 1.4 billion ad requests per day Full Text
Abstract
A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests.Bleeping Computer
April 21, 2025 – Vulnerabilities
Hackers Bypassed Windows Defender Policies Using WinDbg Preview via Microsoft Store Full Text
Abstract
A newly documented technique reveals how attackers can exploit the WinDbg Preview debugger to bypass even the strictest Windows Defender Application Control (WDAC) policies.GBHackers
April 21, 2025 – Malware
Hackers Claim to Sell ‘Baldwin Killer’ Malware That Evades AV and EDR Full Text
Abstract
A notorious threat actor has allegedly begun selling “Baldwin Killer,” a sophisticated malware toolkit designed to bypass leading antivirus (AV) and endpoint detection and response (EDR) systems.GBHackers
April 21, 2025 – General
Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts Full Text
Abstract
Japan’s FSA issued an urgent warning following a surge in unauthorized access and fraudulent trading activities targeting online brokerage accounts. The incident has resulted in hundreds of millions of dollars in unauthorized transactions.The Record
April 21, 2025 – Attack
Zoom has a remote control feature and crypto thieves are abusing it - Risky Business Media Full Text
Abstract
A newly uncovered campaign by the threat group ELUSIVE COMET exploits Zoom’s remote control feature to hijack victims’ systems. The attackers use social engineering tactics, impersonating Bloomberg Crypto.Risky
April 21, 2025 – Phishing
Cybercriminals Exploit Google OAuth Loophole to Evade Gmail Security Full Text
Abstract
A sophisticated phishing attack exploiting a loophole in Google’s OAuth infrastructure has surfaced, raising significant concerns about the security of Gmail users worldwide.GBHackers
April 21, 2025 – Malware
New Android malware steals your credit cards for NFC relay attacks Full Text
Abstract
A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data.Bleeping Computer
April 21, 2025 – Attack
Chinese Ghost Hackers Hit Hospitals And Factories In America And U.K. Full Text
Abstract
Ghost ransomware hackers strike in 70 countries. However, North America and the U.K. have been most attacked by the Ghost ransomware hackers. The campaigns are operated by a financially motivated group from China.Forbes
April 21, 2025 – Ransomware
FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE Full Text
Abstract
Researchers found that FOG ransomware is being distributed by cybercriminals trolling users by abusing the name of the Department of Government Efficiency (DOGE), or individuals connected to the government initiative.Trend Micro
April 21, 2025 – Criminals
SheByte PaaS Launches Subscription Service for Cybercriminals Full Text
Abstract
Launched in June 2024, SheByte has rapidly gained traction among cybercriminals by offering customizable phishing kits and a subscription model, signaling a durable presence in the threat landscape.GBHackers
April 19, 2025 – Malware
New payment-card scam involves a phone call, some malware and a personal tap Full Text
Abstract
A new fraud campaign tracked by Cleafy in Italy leverages Android malware, social engineering, and NFC technology to steal payment card data. The malware, dubbed SuperCard X, is part of a malware-as-a-service (MaaS) operation .The Record
April 19, 2025 – Vulnerabilities
ASUS warns of critical auth bypass flaw in routers using AiCloud Full Text
Abstract
ASUS has disclosed a critical authentication bypass vulnerability (CVE-2025-2492) affecting multiple router models with AiCloud enabled. The flaw allows remote attackers to execute unauthorized functions without authentication.Bleeping Computer
April 19, 2025 – Phishing
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants Full Text
Abstract
A spear-phishing campaign attributed to Russian-speaking threat actors targeted the UK Ministry of Defence (MOD) in late 2024. The attackers deployed a RomCom malware variant known as Damascened Peacock.Talos Intelligence
April 19, 2025 – Malware
KeyPlug Malware Server Leak Exposes Fortinet Firewall and VPN Exploitation Tools Full Text
Abstract
Cybersecurity researchers uncovered a RedGolf/APT41 server inadvertently exposed for less than 24 hours, offering a rare glimpse into an active staging ground used by the threat actor.GBHackers
April 19, 2025 – Cryptocurrency
The Zoom attack you didn’t see coming Full Text
Abstract
A threat actor known as ELUSIVE COMET is exploiting Zoom’s remote control feature to deploy malware during fake podcast interviews. The attacker is targeting individuals in the cryptocurrency and DeFi sectors.HelpNet Security
April 19, 2025 – Government
FBI Warns of Scammers Impersonating the IC3 Full Text
Abstract
The FBI has issued a warning about a persistent fraud scheme in which scammers impersonate employees of the Internet Crime Complaint Center (IC3) to deceive and revictimize individuals, particularly those who have already suffered financial fraud.IC3
April 18, 2025 – Phishing
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States Full Text
Abstract
A widespread and ongoing SMS phishing (smishing) campaign has been targeting toll road users across eight U.S. states since mid-October 2024. The campaign impersonates electronic toll systems.The Hacker News
April 18, 2025 – Malware
npm Malware Targets Telegram Bot Developers with Persistent … Full Text
Abstract
A new supply chain attack has been uncovered targeting Telegram bot developers via typosquatted npm packages. These malicious packages mimic the legitimate `node-telegram-bot-api` library.Socket
April 18, 2025 – Attack
SCAMONOMICS THE DARK SIDE OF STOCK & CRYPTO INVESTMENTS IN INDIA Full Text
Abstract
A coordinated fraud campaign is targeting investors using fake investment platforms, impersonation tactics, and compromised legitimate websites. These schemes aim to steal financial data and defraud victims through social engineering.Cyfirma
April 18, 2025 – Criminals
Look out! CapCut copycats are on the prowl Full Text
Abstract
Cybercriminals are exploiting the popularity of AI-powered content creation tools by deploying fake websites that impersonate platforms like CapCut, Adobe Express, and Canva.WeLive Security
April 17, 2025 – Ransomware
Ghost Ransomware Targets Organizations Across 70+ Countries Full Text
Abstract
A new ransomware variant known as Ghost (also referred to as Cring) has emerged as a significant global threat. The FBI and CISA issued a joint advisory in February 2025 in response to the growing threat.GBHackers
April 17, 2025 – Breach
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns Full Text
Abstract
A recent surge in malicious activity has been observed originating from the Proton66 ASN. This activity includes mass scanning, credential brute forcing, and exploitation attempts. The observed activity is targeting organizations worldwide.Trust Wave
April 17, 2025 – Vulnerabilities
Model Context Protocol Flaw Allows Attackers to Compromise Victim Systems Full Text
Abstract
A critical vulnerability in the widely adopted Model Context Protocol (MCP), an open standard for integrating generative AI (GenAI) tools with external systems, has exposed organizations to risks of data theft, ransomware, and unauthorized access.GBHackers
April 17, 2025 – General
Network Edge Devices the Biggest Entry Point for Attacks on SMBs Full Text
Abstract
Compromised network edge devices accounted for initial compromise in 30% of incidents impacting small and medium-sized businesses (SMBs) in 2024. VPN exploitation alone was the most frequent compromise point across all cases, at 19%.Infosecurity Magazine
April 17, 2025 – Malware
Unmasking the new XorDDoS controller and infrastructure Full Text
Abstract
Cisco Talos observed an existing DDoS malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the U.S.Talos
April 17, 2025 – General
Cyber threats against energy sector surge as global tensions mount Full Text
Abstract
Cyberattacks on the energy sector are rising due to geopolitical/tech factors. A July 2024 Sophos report found 67% of 275 surveyed energy/utility leaders experienced ransomware attacks in the last year.HelpNet Security
April 17, 2025 – Government
CISA warns of increased breach risks following Oracle Cloud leak Full Text
Abstract
On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks.Bleeping Computer
April 17, 2025 – General
Around the World in 90 Days: State-Sponsored Actors Try ClickFix Full Text
Abstract
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over three months from late 2024 through the beginning of 2025.Proof Point
April 17, 2025 – Malware
Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure Full Text
Abstract
Researchers unearthed the PteroLNK variant used by the Russian-nexus threat group, Gamaredon. The group targets Ukrainian entities, focusing on government, military, and critical infrastructure sectors.Harfang Lab
April 17, 2025 – Breach
Harvest Ransomware Attack: Stolen Data Now Publicly Disclosed Full Text
Abstract
French fintech leader Harvest SAS has become the latest high-profile victim of a sophisticated ransomware attack, culminating this week in the public release of a trove of sensitive stolen data.GBHackers
April 16, 2025 – APT
Mustang Panda: PAKLOG, CorKLOG, and SplatCloak Full Text
Abstract
Mustang Panda, a China-linked APT group, has expanded its malware arsenal with PAKLOG and CorKLOG and an EDR evasion driver named SplatCloak. The malware is delivered via RAR archives containing legitimate signed binaries and malicious DLLs.ZScalar
April 16, 2025 – Vulnerabilities
CVE-2025-24054: Actively Exploited NTLM Hash Disclosure Vulnerability Full Text
Abstract
Check Point Research has issued a warning over the active exploitation of a newly disclosed vulnerability—CVE-2025-24054—that allows attackers to leak NTLMv2-SSP hashes through specially crafted .library-ms files.Security Online
April 16, 2025 – Phishing
North Korean Hackers Targeted Nearly 18,000 in Phishing Campaign During Martial Law Turmoil Full Text
Abstract
North Korean hackers sent more than 120,000 phishing emails to nearly 18,000 individuals over a three-month campaign that impersonated South Korea’s Military Counterintelligence Command’s communication during the Martial Law turmoil.The Cyber Express
April 16, 2025 – Hacker
Hacktivist Group Becomes More Sophisticated, Targets Critical Infrastructure to Deploy Ransomware Full Text
Abstract
A recent report shed light on the evolving tactics of hacktivist groups, moving beyond traditional cyber disruptions like DDoS attacks and website defacements to engage in more advanced critical infrastructure attacks and ransomware operations.GBHackers
April 16, 2025 – Malware
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users Full Text
Abstract
Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024.The Hacker News
April 16, 2025 – Malware
New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks Full Text
Abstract
Researchers unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024.The Hacker News
April 16, 2025 – Phishing
Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents Full Text
Abstract
A phishing campaign where threat actors mimicked the legit pdfcandy[.]com site to distribute malware. Users were tricked into running a PowerShell command, triggering the download of a ZIP payload containing ArechClient2.CloudSek
April 16, 2025 – Vulnerabilities
Microsoft warns of blue screen crashes caused by April updates Full Text
Abstract
Microsoft warned customers this week that their systems might crash with a blue screen error caused by a secure kernel fatal error after installing Windows updates released since March.Bleeping Computer
April 16, 2025 – Malware
Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders Full Text
Abstract
Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens.The Hacker News
April 16, 2025 – Vulnerabilities
Firefox Fixes High-Severity Vulnerability Causing Memory Corruption via Race Condition Full Text
Abstract
Mozilla has released Firefox 137.0.2, addressing a high-severity security flaw that could potentially allow attackers to exploit memory corruption. The patched vulnerability, CVE-2025-3608, was found in the nsHttpTransaction component of Firefox.GBHackers
April 15, 2025 – Phishing
China-based SMS Phishing Triad Pivots to Banks – Krebs on Security Full Text
Abstract
China-based SMS phishing group “Smishing Triad” is now converting stolen payment card data into Apple and Google mobile wallets. Previously, they impersonated toll road and shipping firms.Kreb On Security
April 15, 2025 – Attack
Hackers Use Microsoft Teams Chats to Deliver Malware to Windows PCs Full Text
Abstract
A sophisticated cyberattack campaign has emerged, leveraging Microsoft Teams chats to infiltrate Windows PCs with malware, according to a recent report by cybersecurity firm ReliaQuest.GBHackers
April 15, 2025 – Vulnerabilities
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence Full Text
Abstract
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change.The Hacker News
April 15, 2025 – Breach
Ransomware gang says it hacked the Oregon Department of Environmental Quality Full Text
Abstract
The Oregon DEQ said it was investigating a cyber attack on its enterprise information services that forced the department to shut down its email system, computer workstations, help desk, and vehicle inspection stations.CompariTech
April 15, 2025 – Malware
PasivRobber Malware Emerges, Targeting macOS to Steal Data From Systems and Apps Full Text
Abstract
Identified on March 13, 2025, after a suspicious file named “wsus” was uploaded to VirusTotal, PasivRobber is a multi-component threat designed to steal a wide range of data from infected systems and popular applications.GBHackers
April 15, 2025 – Vulnerabilities
Australian Businesses at Risk as Threat Actors Exploit Fortinet Vulnerabilities Full Text
Abstract
Australian organizations using Fortinet products are being urged to take immediate action following a new advisory highlighting the active exploitation of previously known vulnerabilities.The Cyber Express
April 15, 2025 – Malware
Unmasking Xworm Payload Execution Path through Jailbreaking a Malicious JScript Loader Full Text
Abstract
Security researchers are analyzing a sophisticated malware delivery mechanism that uses a JScript loader to deploy different payloads based on the victim’s geographic location.GBHackers
April 15, 2025 – Malware
TROX Stealer: A deep dive into a new Malware as a Service (MaaS) attack campaign Full Text
Abstract
TROX Stealer, first seen by Sublime Security in December 2024, appears to be an obscure and undocumented information stealer with capabilities to exfiltrate sensitive data.Sublime
April 15, 2025 – Vulnerabilities
Gladinet flaw CVE-2025-30406 actively exploited in the wild Full Text
Abstract
Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406, in Gladinet CentreStack and Triofox software.Security Affairs
April 15, 2025 – Breach
Hertz disclosed a data breach following 2024 Cleo zero-day attack Full Text
Abstract
Car rental giant Hertz Corporation disclosed a data breach that impacted its Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024.Security Affairs
April 11, 2025 – Breach
US lab testing provider exposed health data of 1.6 million people Full Text
Abstract
Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems.Bleeping Computer
April 10, 2025 – Criminals
Moroccan Cybercrime Group Atlas Lion Hiding in Plain Sight During Attacks on Retailers Full Text
Abstract
The Atlas Lion group used stolen credentials to enroll its own virtual machines (VMs) into an organization’s cloud domain, according to researchers at cybersecurity firm Expel.The Record
April 10, 2025 – Malware
Atomic and Exodus Crypto Wallets Targeted in Malicious NPM Package Campaign Full Text
Abstract
The new NPM package, pdf-to-office, masquerades as a utility for converting PDF files to Word documents. Instead, it injects malicious code into cryptocurrency wallet software associated with Atomic Wallet and Exodus.Reversing Labs
April 10, 2025 – Phishing
Sapphire Werewolf Upgrades Arsenal With Amethyst Stealer Targeting Energy Firms Full Text
Abstract
Sapphire Werewolf has introduced a potent new weapon into its cyber arsenal, unveiling the latest iteration of the Amethyst stealer in a calculated phishing attack against an energy firm.GBHackers
April 10, 2025 – Ransomware
Emulating the Misleading CatB Ransomware Full Text
Abstract
CatB ransomware, also known as CatB99 or Baxtoy, emerged in late 2022 and has gained attention for its use of DLL hijacking via MSDTC to execute its payload. It is suspected to be a rebrand of Pandora ransomware.Attack IQ
April 10, 2025 – Attack
GOFFEE’s recent attacks: new tools and techniques Full Text
Abstract
GOFFEE continued to launch targeted attacks against organizations in Russia, utilizing PowerTaskel, a non-public Mythic agent written in PowerShell, and introducing a new implant that researchers dubbed “PowerModul”.Security List
April 10, 2025 – Vulnerabilities
Dell Addresses Security Vulnerabilities in PowerScale OneFS Full Text
Abstract
Dell has released a security advisory addressing multiple vulnerabilities in PowerScale OneFS, its scale-out network-attached storage operating system. The vulnerabilities could be exploited by malicious users to compromise affected systems.Security Online
April 10, 2025 – Vulnerabilities
SonicWall Patches Multiple Vulnerabilities in NetExtender VPN Client Full Text
Abstract
SonicWall has issued a security advisory disclosing three newly identified vulnerabilities in its NetExtender Windows client, a popular VPN tool used by organizations for secure remote access to internal networks.Security Online
April 10, 2025 – Botnet
AI-Powered AkiraBot Bypasses CAPTCHAs, Spams Websites At Scale Full Text
Abstract
AkiraBot is designed to post AI-generated spam messages in chats, comments, and contact forms, tailored to the targeted website’s content to promote dubious Search Engine Optimization (SEO) services such as Akira and ServicewrapGO..Sentinel One
April 10, 2025 – Vulnerabilities
SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Full Takeover Full Text
Abstract
A critical vulnerability in the popular WordPress automation plugin SureTriggers has exposed over 100,000 sites to the risk of unauthenticated administrative account creation, potentially allowing full site takeover.Security Online
April 8, 2025 – Vulnerabilities
TVT DVR Devices Under Siege as Massive Exploitation Attempts Expose Critical Flaw Full Text
Abstract
GreyNoise intelligence reports “a significant spike 3 times that of typical activity in exploitation attempts against TVT NVMS9000 DVRs,” with the peak occurring on April 3rd, registering over 2,500 unique attacking IP addresses.Security Online
April 8, 2025 – Vulnerabilities
WhatsApp for Windows Spoofing Vulnerability Poses Code Execution Risk Full Text
Abstract
A security advisory from Facebook detailed a spoofing vulnerability (CVE-2025-30401) in WhatsApp for Windows, highlighting a potential risk where malicious actors could trick users into executing arbitrary code.Security Online
April 8, 2025 – Vulnerabilities
Critical BentoML Flaw Allows Full Remote Code Execution, Exploit Available Full Text
Abstract
The vulnerability, tracked as CVE-2025-27520 (CVSS 9.8), allows for remote code execution (RCE) and poses a significant risk to systems utilizing the affected versions of the library.Security Online
April 8, 2025 – Vulnerabilities
Pexip Issues Urgent Security Update to Address Critical Vulnerabilities Full Text
Abstract
The two high-severity vulnerabilities, tracked as CVE-2025-32095 and CVE-2025-30080, could allow a remote attacker to trigger a software abort, leading to a denial of service. Users are recommended to upgrade to Pexip Infinity v37.0 for the fixes.Security Online
April 8, 2025 – Criminals
EncryptHub’s Dual Life Between Cybercrime and Windows Bug Bounty Research Uncovered Full Text
Abstract
A new report by Outpost24 researchers linked the EncryptHub threat actor with SkorikARI, the account that reported CVE-2025-24061 and CVE-2025-24071, after they allegedly infected themselves and exposed their credentials.Bleeping Computer
April 8, 2025 – Vulnerabilities
PoC Exploit Released for Yelp Flaw Exposes SSH Keys on Ubuntu Systems Full Text
Abstract
A security vulnerability, identified as CVE-2025-3155, has been discovered in Yelp, the GNOME user help application that comes pre-installed on Ubuntu systems. The vulnerability involves the way Yelp handles the “ghelp://” URI scheme.Security Online
April 8, 2025 – Ransomware
Everest Ransomware’s Dark Web Leak Site Defaced, Now Offline Full Text
Abstract
The dark web leak site of the Everest ransomware gang was hacked over the weekend by an unknown attacker and is now offline. The Everest operation has since taken down its leak site.Bleeping Computer
April 8, 2025 – Vulnerabilities
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities Full Text
Abstract
Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two flaws, CVE-2024-53150 (out-of-bounds read) and CVE-2024-53197 (privilege escalation), reside in the USB sub-component of Kernel.The Hacker News
April 8, 2025 – Attack
ToddyCat Group Abused Flaw in ESET Security Software to Plant Malicious DLLs Full Text
Abstract
During the campaign, the hackers exploited the ESET vulnerability (CVE-2024-11859) to load a new tool dubbed TCDSB onto victims' devices, disguising it as a legitimate DLL — a common file type in the Windows operating system.The Record
April 8, 2025 – Vulnerabilities
MediaTek’s April 2025 Security Bulletin Addresses Critical WLAN Vulnerability in Multiple Chipsets Full Text
Abstract
One of the most severe vulnerabilities highlighted in the bulletin is an out-of-bounds write in the WLAN service (CVE-2025-20654). This vulnerability could lead to remote code execution with no additional execution privileges needed.Security Online
April 7, 2025 – Vulnerabilities
Python JSON Logger Vulnerability Enables Remote Code Execution - PoC Released Full Text
Abstract
A recent security disclosure has revealed a remote code execution (RCE) vulnerability, CVE-2025-27607, in the Python JSON Logger package, affecting versions between 3.2.0 and 3.2.1.This vulnerability arises from a missing dependency.GBHackers
April 7, 2025 – Phishing
New Evasive Campaign Uses Fake CAPTCHAs to Deliver LegionLoader Full Text
Abstract
In this newly discovered campaign, the attackers use fake CAPTCHAs and CloudFlare Turnstile as part of their strategy to deliver the LegionLoader payload. The initial infection starts with a drive-by download when a victim searches for a document.Security Online
April 7, 2025 – Vulnerabilities
Critical pgAdmin Flaw Allows Remote Code Execution Full Text
Abstract
Notably, the flaw requires authentication, limiting immediate widespread exploitation. However, compromised accounts or phishing attacks could bypass this barrier. The pgAdmin team resolved the issue in version 9.2.GBHackers
April 7, 2025 – Phishing
E-ZPass toll payment texts return in massive phishing wave Full Text
Abstract
The messages embed links that, if clicked, take the victim to a phishing site impersonating E-ZPass, The Toll Roads, FasTrak, Florida Turnpike, or another toll authority that attempts to steal their personal information.Bleeping Computer
April 7, 2025 – Cryptocurrency
PoisonSeed Campaign: Uncovering a Web of Cryptocurrency and Email Provider Attacks Full Text
Abstract
This campaign involves a two-pronged approach: compromising CRM and bulk email providers and deploying a novel “crypto seed phrase” phishing attack.The PoisonSeed campaign has targeted a range of significant platforms.Security Online
April 5, 2025 – Malware
Lazarus Expands Contagious Interview Campaign With 11 New NPM Packages Containing Malware Loaders and Bitbucket Payloads Full Text
Abstract
These latest malware samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation in the threat actors’ obfuscation techniques.Socket
April 5, 2025 – Criminals
Smishing Triad is Now Targeting Toll Payment Services in a Massive Fraud Campaign Expansion Full Text
Abstract
The Smishing Triad group has been linked to a surge in smishing campaigns targeting the U.S. and the U.K. The fraudulent text messages claim unpaid toll bills or payment requests related to toll services like FasTrak, E-ZPass, and I-Pass.ReSecurity
April 5, 2025 – Breach
State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers Full Text
Abstract
According to an official notice, the breach occurred between January 28, 2025, and February 9, 2025, during which an unauthorized actor gained access to sensitive information stored on the organization’s systems.GBHackers
April 5, 2025 – Criminals
Hunters International Dumps Ransomware, Goes Full-on Extortion Full Text
Abstract
The decision appears to come in the wake of international law enforcement operations over the past two years with names like Endgame, Morpheus, Cronos, and Magnus that disrupted the operations of cybercriminal groups.Security Boulevard
April 5, 2025 – Phishing
Threat Actors Leverage Tax Season To Deploy Tax-Themed Phishing Campaigns Full Text
Abstract
These campaigns lead to phishing pages delivered via the RaccoonO365 phishing-as-a-service (PhaaS) platform, remote access trojans (RATs) like Remcos, and other malware like Latrodectus, BruteRatel C4 (BRc4), AHKBot, and GuLoader.Microsoft
April 5, 2025 – Breach
Update: Port of Seattle Says 90,000 People Impacted in 2024 Ransomware Attack Full Text
Abstract
The Port of Seattle, which runs Seattle-Tacoma International Airport, several parks, container terminals, and other services, is sending breach notification letters to those affected, including about 71,000 people in Washington state.The Record
April 4, 2025 – Phishing
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware Full Text
Abstract
These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection.The Hacker News
April 4, 2025 – Government
CISA, FBI, nations warn of fast flux DNS threat Full Text
Abstract
CISA, on Thursday urged organizations, internet service providers, and security firms to strengthen defenses against so-called fast flux attacks. Malicious cyber actors use fast flux to obfuscate the locations of malicious servers.The Register
April 4, 2025 – Breach
Australian Pension Funds Hacked Full Text
Abstract
Several major Australian pension funds have confirmed they were targeted in a coordinated hacking campaign that compromised thousands of customer accounts. REST Super revealed that about 20,000 people were affected.Security Online
April 4, 2025 – Vulnerabilities
OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code Full Text
Abstract
OpenVPN has patched a security vulnerability (CVE-2025-2704) that could potentially allow attackers to crash servers and execute remote code under certain conditions, with the flaw affecting specific server configurations.GBHackers