H January(270) February(364) March(400) April(276) May(343) June(373) July(336) August(388) September(287) October(57) November(67) December(107) 2025 January(178) February(102) March(232) April(193) May(0) June(0) July(0) August(0) September(0)
DATE |
NAME | Info |
CATEG. |
WEB |
| 16.4.25 | Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins | Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to | AI | The Hacker News |
| 16.4.25 | New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks | Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting | Virus | The Hacker News |
| 16.4.25 | Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users | Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and | Cryptocurrency | The Hacker News |
| 16.4.25 | U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert | The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures ( CVE ) program will expire | BigBrothers | The Hacker News |
| 16.4.25 | Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool | The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a | Virus | The Hacker News |
| 16.4.25 | Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence | A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain | Vulnerebility | The Hacker News |
| 16.4.25 | Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders | Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders | Hack | The Hacker News |
| 15.4.25 | Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds | Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people | Security | The Hacker News |
| 15.4.25 | Crypto Developers Targeted by Python Malware Disguised as Coding Challenges | The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers | APT | The Hacker News |
| 15.4.25 | Gladinet's Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability | A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven | Exploit | The Hacker News |
| 15.4.25 | Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval | Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, | AI | The Hacker News |
| 15.4.25 | ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading | Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare | Virus | The Hacker News |
| 15.4.25 | Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft | Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online | Phishing | The Hacker News |
| 15.4.25 | Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT | A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously | Virus | The Hacker News |
| 13.4.25 | Leak confirms OpenAI's GPT 4.1 is coming before GPT 5.0 | OpenAI is working on yet another AI model reportedly called GPT-4.1, a successor to GPT-4o, which is expected to come before GPT 5.0 | AI | BleepingComputer |
| 13.4.25 | Tycoon2FA phishing kit targets Microsoft 365 with new tricks | Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. | Phishing | |
| 13.4.25 | AI-hallucinated code dependencies become new supply chain risk | A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. | AI | BleepingComputer |
| 13.4.25 | Microsoft Defender will isolate undiscovered endpoints to block attacks | Microsoft is testing a new Defender for Endpoint capability that will block traffic to and from undiscovered endpoints to thwart attackers' lateral network movement attempts. | OS | |
| 13.4.25 | Western Sydney University discloses security breaches, data leak | Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. | Incindent | |
| 13.4.25 | Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks | Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. | Vulnerebility | |
| 13.4.25 | Microsoft: Windows 'inetpub' folder created by security fix, don’t delete | Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty "inetpub" folder and warned users not to delete it. | OS | |
| 13.4.25 | Google's AI video generator Veo 2 is rolling out on AI Studio | Google's AI video generator tool Veo 2, which is the company's take on OpenAI's Sora, is now rolling out to some users in the United States. | AI | BleepingComputer |
| 13.4.25 | US lab testing provider exposed health data of 1.6 million people | Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems. | Incindent | BleepingComputer |
| 13.4.25 | Campaign Targets Amazon EC2 Instance Metadata via SSRF | Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS. | Vulnerebility blog | F5 |
| 13.4.25 | Microsoft says Edge browser is now 9% faster after optimizations | Microsoft claims its Chromium-based Microsoft Edge has seen up to 9% performance improvements following the release of version 134. | OS | |
| 13.4.25 | Ransomware attack cost IKEA operator in Eastern Europe $23 million | Fourlis Group, the operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, has informed that the ransomware attack it suffered just before Black Friday on November 27, 2024, caused losses estimated to €20 million ($22.8M). | Ransom | |
| 13.4.25 | Hackers exploit WordPress plugin auth bypass hours after disclosure | Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. | Exploit | |
| 13.4.25 | Microsoft releases emergency update to fix Office 2016 crashes | Microsoft has released an out-of-band Office update to fix a known issue that caused Word, Excel, and Outlook to crash after installing the KB5002700 security update for Office 2016. | OS | |
| 13.4.25 | OpenAI wants ChatGPT to 'know you over your life' with new Memory update | OpenAI is giving ChatGPT's memory feature its biggest upgrade yet, allowing the AI to know you better by referencing all your past conversations. | AI | BleepingComputer |
| 13.4.25 | Russian hackers attack Western military mission using malicious drive | The Russian state-backed hacking group Gamaredon (aka "Shuckworm") has been targeting a military mission of a Western country in Ukraine in attacks likely deployed from removable drives. | BigBrothers | BleepingComputer |
| 13.4.25 | Sensata Technologies hit by ransomware attack impacting operations | Sensata Technologies (known as Sensata) has suffered a ransomware attack last weekend that encrypted parts of the company network and disrupted operations. | Ransom | BleepingComputer |
| 13.4.25 | ChatGPT's o4-mini, o4-mini-high and o3 spotted ahead of release | OpenAI is preparing to launch as many as three new AI models, possibly called "o4-mini", "o4-mini-high" and "o3". | AI | BleepingComputer |
| 13.4.25 | Google takes on Cursor with Firebase Studio, its AI builder for vibe coding | Google has quietly launched Firebase Studio, which is a cloud-based AI-powered integrated development environment that lets you build full-fledged apps using prompts. | AI | BleepingComputer |
| 13.4.25 | Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials | A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. | Hack | BleepingComputer |
| 13.4.25 | Oracle says "obsolete servers" hacked, denies cloud breach | Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers." | Incindent | BleepingComputer |
| 13.4.25 | Windows 11 April update unexpectedly creates new 'inetpub' folder | Microsoft's April 2025 Patch Tuesday updates are strangely creating an empty "inetpub" folder in the root of the C:\ drive, even on systems that do not have Internet Information Services (IIS) installed. | OS | BleepingComputer |
| 13.4.25 | Critical FortiSwitch flaw lets hackers change admin passwords remotely | Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. | Vulnerebility | BleepingComputer |
| 12.4.25 | CentreStack RCE exploited as zero-day to breach file sharing servers | Hackers exploited a vulnerability in Gladinet CentreStack's secure file-sharing software as a zero-day since March to breach storage servers | Exploit | |
| 12.4.25 | Who's calling? The threat of AI-powered vishing attacks | AI is making voice phishing (vishing) more dangerous than ever, with scammers cloning voices in seconds to trick employees into handing over their credentials. Learn how to defend your organization with Specops Secure Service Desk. | AI | |
| 12.4.25 | Microsoft: April 2025 updates break Windows Hello on some PCs | Microsoft says some Windows users might be unable to log into their accounts via Windows Hello after installing the April 2025 security updates. | OS | |
| 12.4.25 | Phishing kits now vet victims in real-time before stealing credentials | Phishing actors are employing a new evasion tactic called 'Precision-Validated Phishing' that only shows fake login forms when a user enters an email address that the threat actors specifically targeted. | Phishing | |
| 12.4.25 | Police detains Smokeloader malware customers, seizes servers | In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals. | Virus | BleepingComputer |
| 12.4.25 | Fake Microsoft Office add-in tools push malware via SourceForge | Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims' computers to both mine and steal cryptocurrency. | Virus | BleepingComputer |
| 12.4.25 | Microsoft fixes auth issues on Windows Server, Windows 11 24H2 | Microsoft has fixed a known issue causing authentication problems when Credential Guard is enabled on systems using the Kerberos PKINIT pre-auth security protocol. | OS | BleepingComputer |
| 12.4.25 | Microsoft: Windows CLFS zero-day exploited by ransomware gang | Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems. | OS | BleepingComputer |
| 12.4.25 | Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws | Today is Microsoft's April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. | OS | BleepingComputer |
| 12.4.25 | Windows 10 KB5055518 update fixes random text when printing | Microsoft has released the KB5055518 cumulative update for Windows 10 22H2 and Windows 10 21H2, with nine changes or fixes. | OS | BleepingComputer |
| 12.4.25 | Windows 11 KB5055523 & KB5055528 cumulative updates released | Microsoft has released Windows 11 KB5055523 and KB5055528 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. | OS | BleepingComputer |
| 12.4.25 | Hackers lurked in Treasury OCC’s systems since June 2023 breach | Unknown attackers who breached the Treasury's Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails. | Incindent | BleepingComputer |
| 12.4.25 | WhatsApp flaw can let attackers run malicious code on Windows PCs | Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. | Social | BleepingComputer |
| 12.4.25 | ICS Vulnerability Report: Energy, Manufacturing Device Fixes Urged by Cyble | Multiple industrial control system (ICS) devices are affected by vulnerabilities carrying severity ratings as high as 9.9. | ICS blog | Cyble |
| 12.4.25 | IT Vulnerability Report: VMware, Microsoft Fixes Urged by Cyble | After investigating recent IT vulnerabilities, Cyble threat researchers identified eight high-priority fixes for security teams. | Vulnerebility blog | Cyble |
| 12.4.25 | Ransomware Attack Levels Remain High as Major Change Looms | March saw a potential leadership shift in ransomware attacks, sustained high attack volumes, and the rise of new threat groups. | Ransom blog | Cyble |
| 12.4.25 | TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications | Cyble analyzes TsarBot, a newly identified Android banking Trojan that employs overlay attacks to target over 750 banking, financial, and cryptocurrency applications worldwide. | Malware blog | Cyble |
| 12.4.25 | Hacktivists Increasingly Target France for Its Diplomatic Efforts | Pro-Russian and pro-Palestinian hacktivist groups share a common adversary in France, leading to coordinated cyberattacks against the country. | BigBrother blog | Cyble |
| 12.4.25 | CVE-2025-24813: Remote Code Execution in Apache Tomcat via Malicious Session Deserialization | CVE-2025-24813: Remote Code Execution in Apache Tomcat via Malicious Session Deserialization Apache Tomcat is a popular, open-source web server and servlet container maintained by the Apache Software Foundation. It provides a reliable and scalable environment for executing Java Servlets... | Vulnerebility blog | Seqrite |
| 12.4.25 | Beware! Fake ‘NextGen mParivahan’ Malware Returns with Enhanced Stealth and Data Theft | Cybercriminals continually refine their tactics, making Android malware more insidious and challenging to detect. A new variant of the fake NextGen mParivahan malware has emerged, following its predecessor’s deceptive strategies but introducing significant enhancements. Previously, attackers exploited the government’s. | Malware blog | Seqrite |
| 12.4.25 | Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks | Seqrite Labs APT team has uncovered new tactics of Pakistan-linked SideCopy APT deployed since the last week of December 2024. The group has expanded its scope of targeting beyond Indian government, defence, maritime sectors, and university students to now. | APT blog | Seqrite |
| 12.4.25 | Kimsuky: A Continuous Threat to South Korea with Deceptive Tactics | Kimsuky: A Continuous Threat to South Korea with Deceptive Tactics Contents Introduction Infection Chain Initial Findings Campaign 1 Looking into PDF document. Campaign 2 Looking into PDF document. Technical Analysis Campaign 1 & 2 Conclusion Seqrite Protection MITRE ATT&CK... | APT blog | Seqrite |
| 12.4.25 | NEPTUNE RAT : An advanced Windows RAT with System Destruction Capabilities and Password Exfiltration from 270+ Applications | At CYFIRMA, we are committed to providing up-to-date insights into current threats and the tactics used by malicious actors targeting both organizations and individuals. In this report, we will take an in-depth look at the latest version of Neptune RAT, which has been shared on GitHub using a technique involving PowerShell commands: | Malware blog | Cyfirma |
| 12.4.25 | CYFIRMA INDUSTRY REPORT : MATERIALS INDUSTRY | The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each week for a quarter. This report focuses on the materials industry, presenting key trends and statistics in an engaging infographic format. | Cyber blog | Cyfirma |
| 12.4.25 | TRACKING RANSOMWARE – MARCH 2025 | In March 2025, ransomware attacks targeted critical industries such as Manufacturing, IT, and Healthcare. Notable groups like Black Basta and Moonstone Sleet evolved new strategies, such as automating brute-force VPN attacks and deploying ransomware-as-a-service models. | Ransom blog | Cyfirma |
| 12.4.25 | Tik-Tok : China’s Digital Weapon System? | U.S. President Donald Trump, once a critic but now a supporter of TikTok, is granting the app’s China-based parent company, ByteDance, a second 75-day extension to finalize a deal that would transfer ownership of TikTok to an American entity. | Social blog | Cyfirma |
| 12.4.25 | Microsoft Announces New Authentication Requirements for High-Volume Senders | There was a lot of buzz in security and messaging circles at the end of 2023 when Google, Yahoo and Apple jointly announced that they were going to start enforcing strict email authentication requirements for bulk email senders. Although the implementation that started in the first quarter of 2024 has been slow to fully ramp up, momentum is building. And the overall trend towards mandatory email authentication is quite clear. | Safety blog | PROOFPOINT |
| 12.4.25 | The Expanding Attack Surface: Why Collaboration Tools Are the New Front Line in Cyberattacks | The modern workplace has expanded beyond email. Attackers now exploit collaboration tools, supplier relationships and human trust to bypass defenses and compromise accounts. This five-part blog series raises awareness around these shifting attack tactics. And it introduces our holistic approach to protecting users. | Spam blog | PROOFPOINT |
| 12.4.25 | Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI | Exchange Server and SharePoint Server are business-critical assets and considered crown jewels for many organizations, making them attractive targets for attacks. | Attack blog | Microsoft blog |
| 12.4.25 | Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks | A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk. | AI blog | |
| 12.4.25 | CTEM + CREM: Aligning Your Cybersecurity Strategy | Organizations looking to implement CTEM don’t have to start from scratch. CREM can help you get there faster, with actionable insights, automated workflows, and continuous risk reduction. | Cyber blog | |
| 12.4.25 | GTC 2025: AI, Security & The New Blueprint | From quantum leaps to AI factories, GTC 2025 proved one thing: the future runs on secure foundations. | AI blog | |
| 12.4.25 | Microsoft Security Bulletin Coverage for April 2025 | Microsoft’s April 2025 Patch Tuesday has 123 vulnerabilities, of which 49 are Elevation of Privilege. SonicWall Capture Labs' threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2025 and has produced coverage for ten of the reported vulnerabilities | Vulnerebility blog | SonicWall |
| 12.4.25 | How Prompt Attacks Exploit GenAI and How to Fight Back | Palo Alto Networks has released “Securing GenAI: A Comprehensive Report on Prompt Attacks: Taxonomy, Risks, and Solutions,” which surveys emerging prompt-based attacks on AI applications and AI agents. While generative AI (GenAI) has many valid applications for enterprise productivity, there is also potential for critical security vulnerabilities in AI applications and AI agents. | AI blog | Palo Alto |
| 12.4.25 | Available now: 2024 Year in Review | Download Talos' 2024 Year in Review now, and access key insights on the top targeted vulnerabilities of the year, network-based attacks, email threats, adversary toolsets, identity attacks, multi-factor authentication (MFA) abuse, ransomware and AI-based attacks. | Cyber blog | Palo Alto |
| 12.4.25 | Threat actors thrive in chaos | Martin delves into how threat actors exploit chaos, offering insights from Talos' 2024 Year in Review on how to fortify defenses against evolving email lures and frequently targeted vulnerabilities, even amidst economic disruption. | Cyber blog | Palo Alto |
| 12.4.25 | Unraveling the U.S. toll road smishing scams | Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America. | Spam blog | Palo Alto |
| 12.4.25 | Microsoft Patch Tuesday for April 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for April of 2025 which includes 126 vulnerabilities affecting a range of products, including 11 that Microsoft has marked as “critical”. | Vulnerebility blog | Palo Alto |
| 12.4.25 | Year in Review: Key vulnerabilities, tools, and shifts in attacker email tactics | From Talos' 2024 Year in Review, here are some findings from the top targeted network device vulnerabilities. We also explore how threat actors are moving away from time sensitive lures in their emails. And finally we reveal the tools that adversaries most heavily utilized last year. | Cyber blog | Palo Alto |
| 12.4.25 | One mighty fine-looking report | Hazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files. | BigBrother blog | Palo Alto |
| 12.4.25 | Watch out for these traps lurking in search results | Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results | Cyber blog | Eset |
| 12.4.25 | So your friend has been hacked: Could you be next? | When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe. | Cyber blog | |
| 12.4.25 | 1 billion reasons to protect your identity online | Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t. | Cyber blog | |
| 12.4.25 | Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit | Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to | Exploit | The Hacker News |
| 11.4.25 | Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors | The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul . The activity, | Hack | The Hacker News |
| 11.4.25 | Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways | Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat hunters warned of a | Attack | The Hacker News |
| 11.4.25 | SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps | Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware | Virus | The Hacker News |
| 11.4.25 | OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation | A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public | Exploit | The Hacker News |
| 10.4.25 | New Mirai botnet behind surge in TVT DVR exploitation | A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices. | BotNet | |
| 10.4.25 | AWS rolls out ML-KEM to secure TLS from quantum threats | Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager, making TLS connections more secure. | Safety | |
| 10.4.25 | EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher | EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. | CyberCrime | |
| 10.4.25 | Microsoft delays WSUS driver sync deprecation indefinitely | Microsoft announced today that, based on customer feedback, it will indefinitely delay removing driver synchronization in Windows Server Update Services (WSUS). | OS | |
| 10.4.25 | Six arrested for AI-powered investment scams that stole $20 million | Spain's police arrested six individuals behind a large-scale cryptocurrency investment scam that used AI tools to generate deepfake ads featuring popular public figures to lure people. | AI | BleepingComputer |
| 10.4.25 | Everest ransomware's dark web leak site defaced, now offline | The dark web leak site of the Everest ransomware gang has apparently been hacked over the weekend by an unknown attacker and is now offline. | Ransom | BleepingComputer |
| 10.4.25 | Google fixes Android zero-days exploited in attacks, 60 other flaws | Google has released patches for 62 vulnerabilities in Android's April 2025 security update, including two zero-days exploited in targeted attacks. | OS | BleepingComputer |
| 10.4.25 | Malicious VSCode extensions infect Windows with cryptominers | Nine VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer for Monero. | Cryptocurrency | BleepingComputer |
| 10.4.25 | Food giant WK Kellogg discloses data breach linked to Clop ransomware | US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. | Incindent | BleepingComputer |
| 10.4.25 | Windows 11 24H2 blocked on PCs with code-obfuscation driver BSODs | Microsoft has introduced a new Windows 11 24H2 safeguard hold for systems running security or enterprise software using SenseShield Technology's sprotect.sys driver. | OS | BleepingComputer |
| 10.4.25 | E-ZPass toll payment texts return in massive phishing wave | An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information. | Phishing | BleepingComputer |
| 10.4.25 | OpenAI tests watermarking for ChatGPT-4o Image Generation model | OpenAI is reportedly testing a new "watermark" for the Image Generation model, which is a part of the ChatGPT 4o model. | AI | BleepingComputer |
| 10.4.25 | Carding tool abusing WooCommerce API downloaded 34K times on PyPI | A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. | Cryptocurrency | BleepingComputer |
| 10.4.25 | Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes | Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if | Vulnerebility | The Hacker News |
| 10.4.25 | Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses | Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries and | Cryptocurrency | The Hacker News |
| 10.4.25 | Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine | The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine | BigBrothers | The Hacker News |
| 10.4.25 | Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence | Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. "In | BigBrothers | The Hacker News |
| 10.4.25 | AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections | Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that's used to spam website chats, comment | BotNet | The Hacker News |
| 9.4.25 | Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages | Lovable , a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to | AI | The Hacker News |
| 9.4.25 | New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner | A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a | Virus | The Hacker News |
| 9.4.25 | PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware | Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware | Exploit | The Hacker News |
| 9.4.25 | CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known | Vulnerebility | The Hacker News |
| 9.4.25 | Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability | Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been | Vulnerebility | The Hacker News |
| 9.4.25 | Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered | Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that | Vulnerebility | The Hacker News |
| 9.4.25 | Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw | Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password | Vulnerebility | The Hacker News |
| 9.4.25 | Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal | Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully | Vulnerebility | The Hacker News |
| 9.4.25 | Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings | Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge , a popular software | Cryptocurrency | The Hacker News |
| 8.4.25 | UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine | The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing | BigBrothers | The Hacker News |
| 8.4.25 | CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation | A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known | Vulnerebility | The Hacker News |
| 8.4.25 | Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities | Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE- | Vulnerebility | The Hacker News |
| 7.4.25 | CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks | Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique | BigBrothers | The Hacker News |
| 7.4.25 | PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks | A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email | Cryptocurrency | The Hacker News |
| 6.4.25 | The beginning of the end: the story of Hunters International | Learn about technical details on the ransomware and Storage Software tool, how the criminals use the affiliate panel as well as information on the Hunters International ransomware group from its emergence to the end of the operation. | BigBrother blog | Group-IB |
| 6.4.25 | Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws | A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, | Vulnerebility | The Hacker News |
| 6.4.25 | Coinbase to fix 2FA account activity entry freaking out users | Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised. | Cryptocurrency | |
| 6.4.25 | WinRAR flaw bypasses Windows Mark of the Web security alerts | A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. | Vulnerebility | |
| 6.4.25 | Port of Seattle says ransomware breach impacts 90,000 people | Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. | Ransom | |
| 6.4.25 | PoisonSeed phishing campaign behind emails with wallet seed phrases | A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. | Phishing | |
| 6.4.25 | Australian pension funds hit by wave of credential stuffing attacks | Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts. | Incindent | BleepingComputer |
| 6.4.25 | Europcar GitLab breach exposes data of up to 200,000 customers | A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. | Incindent | BleepingComputer |
| 6.4.25 | OpenAI's $20 ChatGPT Plus is now free for students until the end of May | ChatGPT Plus subscription is now free, but only if you're a student based out of the United States of America and Canada. | AI | BleepingComputer |
| 6.4.25 | Max severity RCE flaw discovered in widely used Apache Parquet | A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. | Vulnerebility | BleepingComputer |
| 6.4.25 | Hunters International shifts from ransomware to pure data extortion | The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to data theft and extortion-only attacks. | Ransom | BleepingComputer |
| 6.4.25 | Microsoft starts testing Windows 11 taskbar icon scaling | Microsoft is testing a new taskbar icon scaling feature that automatically scales down Windows taskbar icons to show more apps when it gets too overcrowded. | OS | |
| 6.4.25 | CISA warns of Fast Flux DNS evasion used by cybercrime gangs | CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. | BigBrothers | |
| 6.4.25 | Ivanti patches Connect Secure zero-day exploited since mid-March | Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. | Vulnerebility | |
| 6.4.25 | Texas State Bar warns of data breach after INC ransomware claims attack | The State Bar of Texas is warning it suffered a data breach after the INC ransomware gang claimed to have breached the organization and began leaking samples of stolen data. | Ransom | BleepingComputer |
| 6.4.25 | Oracle privately confirms Cloud breach to customers | Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017. | Security | BleepingComputer |
| 6.4.25 | Recent GitHub supply chain attack traced to leaked SpotBugs token | A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects. | Hack | BleepingComputer |
| 6.4.25 | Genetic data site openSNP to close and delete data over privacy concerns | The openSNP project, a platform for sharing genetic and phenotypic data, will shut down on April 30, 2025, and delete all user submissions over privacy concerns and the risk of misuse by authoritarian governments. | Security | BleepingComputer |
| 6.4.25 | Verizon Call Filter API flaw exposed customers' incoming call history | A vulnerability in Verizon's Call Filter feature allowed customers to access the incoming call logs for another Verizon Wireless number through an unsecured API request. | Vulnerebility | BleepingComputer |
| 5.4.25 | North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages | The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more | Virus | The Hacker News |
| 5.4.25 | Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data | Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information. | Virus | The Hacker News |
| 5.4.25 | GitHub expands security tools after 39 million secrets leaked in 2024 | Over 39 million secrets like API keys and account credentials were leaked on GitHub throughout 2024, exposing organizations and users to significant security risks. | Incindent | |
| 5.4.25 | Microsoft adds hotpatching support to Windows 11 Enterprise | Microsoft has announced that hotpatch updates are now available for business customers using Windows 11 Enterprise 24H2 on x64 (AMD/Intel) systems, starting today. | OS | |
| 5.4.25 | Royal Mail investigates data leak claims, no impact on operations | Royal Mail is investigating claims of a security breach after a threat actor leaked over 144GB of data allegedly stolen from the company's systems. | Incindent | |
| 5.4.25 | ChatGPT is down worldwide with something went wrong error | ChatGPT, the famous artificial intelligence chatbot that allows users to converse with various personalities and topics, has connectivity issues worldwide. | AI | |
| 5.4.25 | Police shuts down KidFlix child sexual exploitation platform | Kidflix, one of the largest platforms used to host, share, and stream child sexual abuse material (CSAM) on the dark web, was shut down on March 11 following a joint action coordinated by German law enforcement. | CyberCrime | BleepingComputer |
| 5.4.25 | Counterfeit Android devices found preloaded with Triada malware | A new version of the Triada trojan has been discovered preinstalled on thousands of new Android devices, allowing threat actors to steal data as soon as they are set up. | Virus | BleepingComputer |
| 5.4.25 | Cisco warns of CSLU backdoor admin account used in attacks | Cisco warns admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor admin account now used in attacks. | Vulnerebility | BleepingComputer |
| 5.4.25 | New Windows 11 trick lets you bypass Microsoft Account requirement | A previously unknown trick lets you easily bypass using a Microsoft Account in Windows 11, just as Microsoft tries to make it harder to use local accounts. | OS | BleepingComputer |
| 5.4.25 | North Korean IT worker army expands operations in Europe | North Korea's IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. | APT | BleepingComputer |
| 5.4.25 | Google rolls out easy end-to-end encryption for Gmail business users | Google has started rolling out a new end-to-end encryption (E2EE) model for Gmail enterprise users, making it easier to send encrypted emails to any recipient. | Safety | |
| 5.4.25 | Nearly 24,000 IPs behind wave of Palo Alto Global Protect scans | A significant spike in scanning activity targeting Palo Alto Network GlobalProtect login portals has been observed, with researchers concerned it may be a prelude to an upcoming attack or flaw being exploited. | Security | |
| 5.4.25 | Apple backports zero-day patches to older iPhones and Macs | Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. | OS | |
| 5.4.25 | Critical auth bypass bug in CrushFTP now exploited in attacks | Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. | Vulnerebility | BleepingComputer |
| 5.4.25 | VMware Workstation auto-updates broken after Broadcom URL redirect | VMware Workstation users report that the software's automatic update functionality is broken after Broadcom redirected the download URL to its generic support page, triggering certificate errors. | Security | BleepingComputer |
| 5.4.25 | OpenAI says Deep Research is coming to ChatGPT free "very soon" | OpenAI has confirmed that its powerful AI agent "Deep Research" will begin rolling out to free users "very soon." At the moment, Deep Research is available only for Plus and Enterprise customers. | AI | BleepingComputer |
| 5.4.25 | SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack | The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" | Hack | The Hacker News |
| 5.4.25 | Ransomware Attack Levels Remain High as Major Change Looms | March saw a potential leadership shift in ransomware attacks, sustained high attack volumes, and the rise of new threat groups. | Ransom blog | Cyble |
| 5.4.25 | Critical CrushFTP Authentication Bypass (CVE-2025-2825) Exposes Servers to Remote Attacks | The SonicWall Capture Labs threat research team became aware of an authentication bypass vulnerability in CrushFTP Servers, assessed its impact, and developed mitigation measures. CrushFTP is a resourceful enterprise-grade file transfer application used widely among organizations. It also supports multi-protocols for data exchange among systems and users with S3-compatible API access. | Vulnerebility blog | SonicWall |
| 5.4.25 | Hexamethy Ransomware Displays Scary Lock Screen During File Encryption | The Sonicwall Capture Labs threat research team has recently observed new ransomware named HEXAMETHYLCYCLOTRISILOXANE, or Hexamethy in short. This malware produces a scary cinematic display during the encryption process and flashes text stating, “No more files for you,” and “Your files are in hostage by the HEXAMETHYLCYCLOTRISILOXANE Ransomware." | Ransom blog | SonicWall |
| 5.4.25 | Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon | Since late 2024, Unit 42 researchers have observed attackers using several new tactics in phishing documents containing QR codes. One tactic involves attackers concealing the final phishing destination using legitimate websites' redirection mechanisms. | Phishing blog | Palo Alto |
| 5.4.25 | OH-MY-DC: OIDC Misconfigurations in CI/CD | In the course of investigating the use of OpenID Connect (OIDC) within continuous integration and continuous deployment (CI/CD) environments, Unit 42 researchers discovered problematic patterns and implementations that could be leveraged by threat actors to gain access to restricted resources. One instance of such an implementation was identified in CircleCI’s OIDC. | Cyber blog | Palo Alto |
| 5.4.25 | The good, the bad and the unknown of AI: A Q&A with Mária Bieliková | The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us | AI blog | Eset |
| 5.4.25 | This month in security with Tony Anscombe – March 2025 edition | From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news | Cyber blog | |
| 5.4.25 | Resilience in the face of ransomware: A key to business survival | Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage | Cyber blog | |
| 5.4.25 | The Bug Report - March 2025 Edition | March Madness hits infosec: kernel bugs, Tomcat deserialization, and SonicWall shenanigans. Catch the highlights and patch fast before you’re benched! | Vulnerebility blog | Trelix |
| 4.4.25 | Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders | Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. | AI | |
| 4.4.25 | Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks | A phishing-as-a-service (PhaaS) platform named 'Lucid' has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). | Phishing | |
| 4.4.25 | Hackers abuse WordPress MU-Plugins to hide malicious code | Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. | Virus | |
| 4.4.25 | North Korean hackers adopt ClickFix attacks to target crypto firms | The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). | APT | |
| 4.4.25 | Microsoft tests new Windows 11 tool to remotely fix boot crashes | Microsoft has begun testing a new Windows 11 tool called Quick Machine Recovery, which is designed to remotely deploy fixes for buggy drivers and configurations that prevent the operating system from starting. | OS | |
| 4.4.25 | New Crocodilus malware steals Android users’ crypto wallet keys | A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. | Virus | |
| 4.4.25 | Microsoft's killing script used to avoid Microsoft Account in Windows 11 | Microsoft has removed the 'BypassNRO.cmd' script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system. | OS | BleepingComputer |
| 4.4.25 | Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware | Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. | Vulnerebility | The Hacker News |
| 4.4.25 | OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers | A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting ( BPH ) provider called Proton66 to facilitate their operations. | Virus | |
| 4.4.25 | CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware | The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration | Virus | |
| 4.4.25 | Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code | A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library that, if successfully exploited, could allow a remote attacker to | Vulnerebility | The Hacker News |
| 4.4.25 | Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware | Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use | Phishing | The Hacker News |
| 4.4.25 | New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It | Whether it's CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. | Vulnerebility | |
| 4.4.25 | Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware | The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the | APT | The Hacker News |
| 3.4.25 | Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent | Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to | Vulnerebility | |
| 3.4.25 | Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices | Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android | Virus | |
| 3.4.25 | Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign | Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment | Exploit | The Hacker News |
| 3.4.25 | Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation | In one of the largest coordinated law enforcement operations, authorities have dismantled Kidflix, a streaming platform that offered child sexual abuse material | CyberCrime | The Hacker News |
| 3.4.25 | Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse | Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have | Vulnerebility | |
| 2.4.25 | Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers | Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with | Cryptocurrency | |
| 2.4.25 | FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites | The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan | APT | |
| 2.4.25 | New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth | Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new | Virus | The Hacker News |
| 2.4.25 | Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign | Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm | Cryptocurrency | The Hacker News |
| 2.4.25 | Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform | On the 21st birthday of Gmail , Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email | Safety | |
| 2.4.25 | Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing | A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via | Phishing | |
| 1.4.25 | Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices | Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the | OS | The Hacker News |
| 1.4.25 | Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign | Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly | Hack | |
| 1.4.25 | China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions | Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, | APT | |
| 1.4.25 | Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices | Apple has been hit with a fine of €150 million ($162 million) by France's competition watchdog over the implementation of its App Tracking Transparency | OS | The Hacker News |
| 1.4.25 | Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp | The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors | Virus | |