BleepingComputer.com.

"Hackers abuser OAuth 2.0 workflows to hijack Microsoft 365 accounts."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 25 April 2025, 0303 UTC.

Content and Source:  "BleepingComputer.com."

https://www.bleepingcomputer.com/
 

Please check the link or scroll down to read your selections.

Russ Robers (https://www.hawaiicybersecurityjournal.net)

Latest Articles

• 
   
  Security

Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts

• Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights.

  • Bill Toulas
   
  • April 24, 2025
   
  • 04:24 PM
   
  •  0
• 
   
  Security

Lazarus hackers breach six companies in watering hole attacks

• In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea.

  • Bill Toulas
   
  • April 24, 2025
   
  • 03:13 PM
   
  •  0
• 
   

2024: A year of identity attacks | Get the new ebook 

• Identity attacks were rampant in 2024 as attackers doubled down on identity-based TTPs. Prepare to defend your organization in 2025 by looking back at identity-based breaches in 2024.

  Get a free Ebook on the most impactful identity breaches of 2024, and the attacker tooling and techniques that we can expect in 2025.

  • Push Security Sponsorship
• 
   
  Microsoft

Microsoft fixes machine learning bug flagging Adobe emails as spam

• Microsoft says it mitigated a known issue in one of its machine learning (ML) models that mistakenly flagged Adobe emails in Exchange Online as spam.

  • Sergiu Gatlan
   
  • April 24, 2025
   
  • 03:02 PM
   
  •  0
• 
   
  Security, Healthcare

Frederick Health data breach impacts nearly 1 million patients

• ​A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients.

  • Sergiu Gatlan
   
  • April 24, 2025
   
  • 12:19 PM
   
  •  0
• 
   
  Microsoft

Microsoft now pays up to $30,000 for some AI vulnerabilities

• Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products.

  • Sergiu Gatlan
   
  • April 24, 2025
   
  • 11:06 AM
   
  •  0
• 
   
  Security

Interlock ransomware claims DaVita attack, leaks stolen data

• The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization.

  • Bill Toulas
   
  • April 24, 2025
   
  • 10:59 AM
   
  •  0
• 
   
  Security, Healthcare

Yale New Haven Health data breach affects 5.5 million patients

• Yale New Haven Health (YNHHS) is warning that threat actors stole the personal data of 5.5 million patients in a cyberattack earlier this month.

  • Bill Toulas
   
  • April 24, 2025
   
  • 10:12 AM
   
  •  0
• 
   
  Microsoft

Microsoft fixes bug causing incorrect 0x80070643 WinRE errors

• Microsoft says it resolved a known issue causing erroneous 0x80070643 installation failure errors when deploying the April 2025 Windows Recovery Environment (WinRE) updates.

  • Sergiu Gatlan
   
  • April 24, 2025
   
  • 09:54 AM
   
  •  1
• 
   
  Security, Linux

Linux 'io_uring' security blindspot allows stealthy rootkit attacks

• A significant security gap in Linux runtime security caused by the 'io_uring' interface allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software.

  • Bill Toulas
   
  • April 24, 2025
   
  • 08:00 AM
   
  •  0
• 
   
  Deals

This Costco membership comes with $20 to spend in-store or online

• If you want to cut costs and simplify your home shopping, try Costco. Their 1-Year Gold Star Membership is still $65, but now it also comes with a $20 Digital Costco Shop Card to spend however you want. 

  • BleepingComputer Deals
   
  • April 24, 2025
   
  • 07:19 AM
   
  •  0
• 
   
  Security, Mobile

Russian army targeted by new Android malware hidden in mapping app

• A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning.

  • Bill Toulas
   
  • April 23, 2025
   
  • 02:30 PM
   
  •  0
• 
   
  Deals

Parents love this creative children's app, now $50 for life

• Pok Pok is a thoughtfully designed app for kids that focuses on creative play. Inspired by the Montessori approach, it encourages hands-on exploration, storytelling, and problem-solving instead of loud sounds and win/lose mechanics. Through April 27, you can get lifetime access for $49.99 with code SAVE10 at checkout (reg. $250).

  • BleepingComputer Deals
   
  • April 23, 2025
   
  • 02:02 PM
   
  •  0
• 
   
  Security

WhatsApp's new Advanced Chat Privacy protects sensitive messages

• WhatsApp has introduced a new Advanced Chat Privacy feature to protect sensitive information exchanged in private chats and group conversations.

  • Sergiu Gatlan
   
  • April 23, 2025
   
  • 01:42 PM
   
  •  0
• 
   
  Security, Healthcare

Blue Shield of California leaked health data of 4.7 million members to Google

• Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms.

  • Bill Toulas
   
  • April 23, 2025
   
  • 11:38 AM
   
  •  3
• 
   
  Security

FBI: US lost record $16.6 billion to cybercrime in 2024

• The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year.

  • Sergiu Gatlan
   
  • April 23, 2025
   
  • 11:21 AM
   
  •  0
• 
   
  Security, Hardware

ASUS releases fix for AMI bug that lets hackers brick servers

• ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers.

  • Bill Toulas
   
  • April 23, 2025
   
  • 10:50 AM
   
  •  1
• 
   
  Security

Phishing detection is broken: Why most attacks feel like a zero day

• Phishing attacks now evade email filters, proxies, and MFA — making every attack feel like a zero-day. This article from Push Security breaks down why detection is failing and how real-time, in-browser analysis can help turn the tide.

  • Push Security
   
  • April 23, 2025
   
  • 10:02 AM
   
  •  0
• 
   
  Deals

Learn a new language with Babbel for life with this special deal price

• StackSocial has a new deal where you get a steep discount to the Babbel learning app. While you'd normally have to pay monthly or a yearly fee to access the app, you can get forever access for just $129.99 with code LEARN40 at checkout while codes last (reg. $169.99).

  • BleepingComputer Deals
   
  • April 23, 2025
   
  • 07:15 AM
   
  •  0
• 
   
  Microsoft

Microsoft fixes Remote Desktop freezes caused by Windows updates

• ​Microsoft has resolved a known issue causing Remote Desktop sessions to freeze on Windows Server 2025 and Windows 11 24H2 devices.

  • Sergiu Gatlan
   
  • April 23, 2025
   
  • 03:59 AM
   
  •  0
• 
   
  Microsoft

Microsoft fixes Windows Server 2025 blue screen, install issues

• Microsoft has fixed several known issues that caused Blue Screen of Death (BSOD) and installation issues on Windows Server 2025 systems with a high core count.

  • Sergiu Gatlan
   
  • April 23, 2025
   
  • 03:33 AM
   
  •  0

• 1
 
• 2
 
• 3
 
• 4
 
• 5
 

View More