"Apple released emergency updates for actively exploited flaws."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 17 April 2025, 1537 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

72K followers25 articles per week

#security#tech

34

Most popular

Apple released emergency updates for actively exploited flaws

by Pierluigi Paganini / 6h

Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks. Apple released out‑of‑band security updates to address two vulnerabilities, tracked as CVE-2025-31200 and CVE-2025-31201, impacting iOS, iPadOS & macOS. The company confirmed that the flaws have been exploited in a small number of “extremely sophisticated” attacks against iOS t

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

by Pierluigi Paganini / 19h

MITRE’s U.S.-funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. U.S. government funding for MITRE ’s CVE program , a key global cybersecurity resource for cataloging vulnerabilities, is set to expire Wednesday, risking disruption. The 25-year-old program has assigned over 274,000 CVE IDs for public sec

Node.js malvertising campaign targets crypto users

17 TTPs

•

by Pierluigi Paganini / 2h

•

Node.js exploited for malware delivery

Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. Microsoft has observed Node.js increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. Threat actors are increasingly using Node.js to deploy malware, shifting from traditio

Yesterday

U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog

Execution (Enterprise TA0002)

•

by Pierluigi Paganini / 6h

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA100 Appliance flaw, tracked as CVE-2021-20035 , to its Known Exploited Vulnerabilities (KEV) catalog . The vulnerability is an OS Command Injection Vulnerability in th

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Malware on cheap Android steals crypto

•

by Pierluigi Paganini / 1d

Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping. These clippers swap copied wallet addresses with the attackers’ own. The campaign targeted low-end phones mimicking fam

Apr 15, 2025

Cyber Threats Against Energy Sector Surge as Global Tensions Mount

by Pierluigi Paganini / 1d

Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims. Resecurity warns about the increase in targeted cyberattacks against enterprises in the energy sector worldwide. Some of these attacks represent much larger campaigns designed to target country-level infrastructure, acting as tools for geopoli

Government contractor Conduent disclosed a data breach

3 TTPs

•

by Pierluigi Paganini / 1d

•

Conduent confirms data theft incident

The business services provider Conduent told the SEC a January cyberattack exposed personal data, including names and Social Security numbers. The business services provider Conduent revealed that personal information, including names and Social Security numbers, was stolen in a January cyberattack. In January, Conduent confirmed a cyberattack caused service disruptions after agencies in multiple

Critical Apache Roller flaw allows to retain unauthorized access even after a password change

4 TTPs

•

by Pierluigi Paganini / 2d

A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected. A critical vulnerability, tracked as CVE-2025-24859 (CVSS score of 10.0), affects the Apache Roller open-source, Java-based blogging server software. The flaw is a session management issue that impacts in Apache Roller before version 6.1.5 where acti

Meta will use public EU user data to train its AI models

Meta to train AI in EU

•

by Pierluigi Paganini / 2d

Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns. Meta will start training its AI models using public data from adults in the EU, after pausing the plan last year over data protection concerns raised by Irish regulators. In June 2024, the social media giant announced it was delaying the training of its large langu

Apr 14, 2025

Hertz disclosed a data breach following 2024 Cleo zero-day attack

2 TTPs

•

by Pierluigi Paganini / 2d

Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Car rental giant Hertz Corporation disclosed a data breach that impacted its Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024. “Cleo is a vendor that provides a file tra

Gladinet flaw CVE-2025-30406 actively exploited in the wild

by Pierluigi Paganini / 2d

Huntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints. Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406 , in Gladinet CentreStack and Triofox software. The vulnerability CVE-2025-30406 (CVSS score 9.0) is a deserialization issue due to the CentreStack p

New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

20 TTPs

•

by Pierluigi Paganini / 2d

•

ResolverRAT malware targets healthcare sector

New malware ‘ResolverRAT’ is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data. Morphisec researchers discovered a new malware dubbed ‘ResolverRAT’ that is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data. ResolverRAT spreads via phishing emails using localized languages and legal lures. Victims dow

Malicious NPM packages target PayPal users

8 TTPs

•

by Pierluigi Paganini / 3d

•

Malicious NPM packages target PayPal

Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. Fortinet researchers discovered multiple malicious NPM packages that are used to target PayPal users. The packages were uploaded to the repository in early March by a threat actor known as tommyboy_h1 and tommyboy_h2 , and were used to steal PayPal credentials and hijack cryptocurrency tra

Apr 13, 2025

Tycoon2FA phishing kit rolled out significant updates

5 TTPs

•

by Pierluigi Paganini / 3d

The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a phishing kit discovered in 2023 by cybersecurity firm Sekoia, was recently updated to improve its evasion capabilities. The phishing kit now uses advanced evasion tactics such as a custom CAPTCHA via HTML5 canvas, invisible Unicode in obfuscat

South African telecom provider Cell C disclosed a data breach following a cyberattack

6 TTPs

•

by Pierluigi Paganini / 3d

•

Cell C data breach exposes user information

Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell C is the fourth-largest mobile network operator in South Africa, ,after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and international calling, SIM-only plans and devic

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41

by Pierluigi Paganini / 4d

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by China’s APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack organizations in Russia Atomic and Exodus

Security Affairs newsletter Round 519 by Pierluigi Paganini – INTERNATIONAL EDITION

by Pierluigi Paganini / 4d

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw Labo

Apr 12, 2025

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

2 TTPs

•

31by Pierluigi Paganini / 4d

•

China admits Volt Typhoon cyberattacks

China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports. China reportedly admitted in a secret meeting with U.S. officials that it carried out cyberattacks on U.S. infrastructure, linked to the Volt Typhoon campaign. According to the Wall Street Journal, at a December Geneva summit, Chinese officials indirectly admitte

Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns

Defense Evasion (Enterprise TA0005)

•

by Pierluigi Paganini / 4d

Fortinet warns attackers can keep read-only access to FortiGate devices even after the original vulnerability is patched. Fortinet warns that threat actors can retain read-only access to FortiGate devices even after the original vulnerability used for the breach has been patched. The cybersecurity firm revealed that attackers exploited known FortiGate flaws like CVE-2022-42475 , CVE-2023-27997 ,

Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw

by Pierluigi Paganini / 5d

Threat actors are exploiting a vulnerability in the OttoKit WordPress plugin, a few hours after public disclosure. Threat actors are exploiting a recently discovered vulnerability, tracked as CVE-2025-3102 (CVSS score of 8.1) in the OttoKit WordPress plugin (formerly SureTriggers), a few hours after public disclosure. An attacker can trigger the vulnerability to create malicious administrator use

Apr 11, 2025

Laboratory Services Cooperative data breach impacts 1.6 Million People

by Pierluigi Paganini / 5d

Laboratory Services Cooperative discloses a data breach from October 2024 that exposed personal and medical info of 1.6 million individuals. Laboratory Services Cooperative disclosed a data breach that impacted the personal and medical information of 1.6 million people . The Laboratory Services Cooperative (LSC) is a clinical laboratory based in Bremerton, Washington, providing diagnostic testing

Palo Alto warns of brute-force login attempts on PAN-OS GlobalProtect gateways indicating possible upcoming attacks

5 TTPs

•

by Pierluigi Paganini / 6d

Experts warn of brute-force login attempts on PAN-OS GlobalProtect gateways following increased scanning activity on its devices. Palo Alto Networks reports brute-force login attempts on PAN-OS GlobalProtect gateways. The security firm pointed out that no known vulnerability has been exploited, but monitoring and analysis continue. “Our teams are observing evidence of activity consistent with pas

Apr 10, 2025

Gamaredon targeted the military mission of a Western country based in Ukraine

19 TTPs

•

by Pierluigi Paganini / 6d

•

Shuckworm targets Ukraine military mission

Gamaredon targeted a foreign military mission in Ukraine with updated GammaSteel malware on Feb 26, 2025, per Symantec. Symantec Threat Hunter researchers reported that the Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon , Primitive Bear , ACTINIUM , Callisto ) targeted a foreign military mission based in Ukraine with an updated version of the GamaSteel infostealer. Shuckworm is k

U.S. CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 6d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Linux Kernel flaws, respectively tracked as CVE-2024-53197 and CVE-2024-53150 , to its Known Exploited Vulnerabilities (KEV) catalog . The vulnerability CVE-2024-53197 (CVSS score of 7.8) resides

AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

by Pierluigi Paganini / 7d

AkiraBot, a CAPTCHA-evading Python framework, has spammed over 80,000 websites with AI-generated messages, targeting small and medium-sized businesses. SentinelOne’s SentinelLabs researchers warn that AkiraBot, a spam framework, targets websites’ chats and contact forms to promote low-quality SEO services, AkiraBot has already targeted more than 400,000 websites and successfully spammed at least

An APT group exploited ESET flaw to execute malware

10 TTPs

•

by Pierluigi Paganini / 7d

•

CVE-2024-11859

At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat , has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security. The vulnerability, tracked as CVE-2024-11859 , is a DLL Search Order Hijacking issue that potential

Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

8 TTPs

•

by Pierluigi Paganini / 7d

•

Oracle faces criticism over security incidents

Oracle confirmed a hacker stole credentials from two obsolete servers but said no Oracle Cloud systems or customer data were affected. Oracle confirmed a hacker stole and leaked credentials from two obsolete servers, but said no Oracle Cloud systems or customer data were affected. The threat actor accessed usernames from two outdated, non-Oracle Cloud Infrastructure (OCI) servers, but no customer

Apr 9, 2025

National Social Security Fund of Morocco Suffers Data Breach

2 TTPs

•

by Pierluigi Paganini / 7d

•

CNSS cyber-attack reveals false documents

Threat actor ‘Jabaroot’ claims breach of National Social Security Fund of Morocco, aiming to steal large volumes of sensitive citizen data. Resecurity has identified a threat actor targeting government systems in Morocco with the goal of exfiltrating large volumes of sensitive data relating to citizens. The actor using the alias ‘Jabaroot’ released claims about the successful compromise of the Na

Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords

2 TTPs

•

by Pierluigi Paganini / 7d

Fortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. Fortinet has released security updates to address a critical vulnerability, tracked as CVE-2024-48887 (CVSS score 9.8), in its FortiSwitch devices. A remote attacker can exploit the vulnerability to change administrator passwords. “An unverified password change

The US Treasury’s OCC disclosed an undetected major email breach for over a year

3 TTPs

•

by Pierluigi Paganini / 8d

•

Hackers accessed US bank regulators' emails

The US Office of the Comptroller of the Currency (OCC) disclosed a major email breach compromising 100 accounts, undetected for over a year. The US Treasury’s Office of the Comptroller of the Currency (OCC) disclosed an undetected major email breach for over a year. The cybersecurity incident involved unauthorized access to emails via a compromised admin account. The breach was confirmed on Feb.

U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 8d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws, respectively tracked as CVE-2025-

Apr 8, 2025

WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

2 TTPs

•

by Pierluigi Paganini / 9d

WhatsApp addressed a flaw, tracked as CVE-2025-30401, that could allow attackers to trick users and enable remote code execution. WhatsApp released a security update to address a vulnerability, tracked as CVE-2025-30401, that could let attackers trick users and enable remote code execution. The spoofing flaw impacts WhatsApp for Windows before version 2.2450.6. An attacker could exploit the vulne

Everest ransomware group’s Tor leak site offline after a defacement

5 TTPs

•

by Pierluigi Paganini / 9d

•

Everest ransomware gang site hacked

The Tor leak site of the Everest ransomware group went offline after being hacked and defaced over the weekend. The Everest ransomware gang’s darknet site went offline after being hacked and defaced, with victim listings replaced by the following message. “Don’t do crime CRIME IS BAD xoxo from Prague” read the message published on the site’s homepage after the defacement. Later, the site went dow

Apr 7, 2025

Google fixed two actively exploited Android zero-days

by Pierluigi Paganini / 9d

Google addressed 62 vulnerabilities with the release of Android ‘s April 2025 security update, including two actively exploited zero-days. Google released Android ‘s April 2025 security updates to address 62 vulnerabilities, including two zero-day vulnerabilities ( CVE-2024-53197 , CVE-2024-53150 ) exploited in targeted attacks. The vulnerability CVE-2024-53197 is a Linux kernel issue affecting A

End of feed