Monthly Archives: April 2025

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known...

18
Apr
CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw...

18
Apr
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack...

17
Apr
IoT Open House: Implementing SP 1800-36 and the Road Ahead
April 17, 2025

Event Location National Cybersecurity Center of Excellence, 9700 Great Seneca Highway, Rockville, MD 20850 Description...

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the...

17
Apr
Artificial Intelligence – What’s all the fuss?

Talking about AI: Definitions Artificial Intelligence (AI) — AI refers to the simulation of human...

17
Apr
Blockchain Offers Security Benefits – But Don’t Neglect Your Passwords

Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds...

17
Apr
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation...

17
Apr
Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to...

17
Apr
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting...

17
Apr
Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks

Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to...

17
Apr
Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler

Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task...

16
Apr
Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024

Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with...

16
Apr
Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins

Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing...

16
Apr
From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains

Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries....

16
Apr
New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks

Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor...

16
Apr
Product Walkthrough: A Look Inside Wing Security’s Layered SaaS Identity Defense

Intro: Why hack in when you can log in? SaaS applications are the backbone of...

16
Apr
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading...

16
Apr
U.S. Govt. Funding for MITRE’s CVE Ends April 16, Cybersecurity Community on Alert

The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common...

16
Apr
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that...

15
Apr
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server...

15
Apr
Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository...

15
Apr
Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers...

15
Apr
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February...

15
Apr
Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and...

15
Apr
Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval

Meta has announced that it will begin to train its artificial intelligence (AI) models using...

15
Apr
ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been...

14
Apr
Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures...

14
Apr
NIST Updates Privacy Framework, Tying It to Recent Cybersecurity Guidelines
April 14, 2025

Targeted changes to content and structure respond to stakeholder needs and make the document easier...

⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready....

14
Apr