SecurityWeek Briefing.

"In other news:  $chan hacked, Android Auto-Reboot, and Nemesis admin charged...."

Views expressed in this cybersecurity, cyber crime, and cyber espionage update are those of the reporters and correspondents.  Accessed on 18 April 2025, 1510 UTC.

Content and Source:  Email subscription via https://feedly.com.

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 SecurityWeek

86K followers49 articles per week

#security#tech

85

Today

In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged

by SecurityWeek News / 3h

Noteworthy stories that might have slipped under the radar: 4chan hacked, auto-reboot security feature coming to Android, Iranian administrator of Nemesis charged in US. The post appeared first on SecurityWeek .

Cy4Data Labs Raises $10 Million to Secure Data in Use

Cy4Data Labs raises 10M$ funding

•

by Ionut Arghire / 4h

Data protection firm Cy4Data Labs has raised $10 million in a Series A funding round led by Pelion Venture Partners. The post appeared first on SecurityWeek .

Events Giant Legends International Hacked

2 TTPs

•

by Eduard Kovacs / 4h

•

Legends International suffers data breach

Legends International says the personal information of employees and customers was compromised as a result of a cyberattack. The post appeared first on SecurityWeek .

Ahold Delhaize Confirms Data Stolen in Ransomware Attack

3 TTPs

•

by Ionut Arghire / 5h

•

Ahold Delhaize suffers ransomware attack

Ahold Delhaize has confirmed that data was stolen from its systems in November 2024 after a ransomware group claimed the attack. The post appeared first on SecurityWeek .

Yesterday

Fresh Windows NTLM Vulnerability Exploited in Attacks

7 TTPs

•

by Ionut Arghire / 6h

•

CVE-2025-24054

A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions. The post appeared first on SecurityWeek .

Man Helped Individuals in China Get Jobs Involving Sensitive US Government Projects

by Ionut Arghire / 23h

Minh Phuong Ngoc Vong pleaded guilty to defrauding US companies of roughly $1 million in a fake IT worker scheme. The post appeared first on SecurityWeek .

Demystifying Security Posture Management

by Torsten George / 1d

While the Security Posture Management buzz is real, its long-term viability depends on whether it can deliver measurable outcomes without adding more complexity. The post appeared first on SecurityWeek .

Vulnerabilities Patched in Atlassian, Cisco Products

4 TTPs

•

by Ionut Arghire / 1d

Atlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs. The post appeared first on SecurityWeek .

Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking

6 TTPs

•

by Eduard Kovacs / 1d

•

CVE-2025-32433

Servers exposed to complete takeover due to CVE-2025-32433, an unauthenticated remote code execution flaw in Erlang/OTP SSH. The post appeared first on SecurityWeek .

Why ‘One Community’ Resonates in Cybersecurity

by Marc Solomon / 1d

Our collective voices and one community will provide the intelligence we need to safeguard our businesses in today’s modern digital environment. The post appeared first on SecurityWeek .

CISA Issues Guidance After Oracle Cloud Hack

5 TTPs

•

by Eduard Kovacs / 1d

•

Oracle breach denial raises concerns

CISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack. The post appeared first on SecurityWeek .

Chinese APT Mustang Panda Updates, Expands Arsenal

17 TTPs

•

by Ionut Arghire / 1d

•

Mustang Panda updates malware tools

The Chinese state-sponsored group Mustang Panda has used new and updated malicious tools in a recent attack. The post appeared first on SecurityWeek .

SonicWall Flags Old Vulnerability as Actively Exploited

2 TTPs

•

by Eduard Kovacs / 1d

A SonicWall SMA 100 series vulnerability patched in 2021, which went unnoticed at the time of patching, is being exploited in the wild. The post appeared first on SecurityWeek .

Apr 16, 2025

MITRE Hackers’ Backdoor Has Targeted Windows for Years

15 TTPs

•

by Ionut Arghire / 1d

•

BRICKSTORM malware targets European industries

Windows versions of the BrickStorm backdoor that the Chinese APT used in the MITRE hack last year have been active for years. The post appeared first on SecurityWeek .

Krebs Exits SentinelOne After Security Clearance Pulled

Trump revokes Chris Krebs security clearance

•

by Ryan Naraine / 1d

Chris Krebs has resigned from SentinelOne after security clearance withdrawn and an order to review CISA’s conduct under his leadership. The post appeared first on SecurityWeek .

Apple Quashes Two Zero-Days With iOS, MacOS Patches

by Ryan Naraine / 1d

The vulnerabilities are described as code execution and mitigation bypass issues that affect Apple’s iOS, iPadOS and macOS platforms. The post appeared first on SecurityWeek .

MITRE CVE Program Gets Last-Hour Funding Reprieve

MITRE CVE support contract expires

•

by Ryan Naraine / 1d

The US government's cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational. The post appeared first on SecurityWeek .

Many Mobile Apps Fail Basic Security—Posing Serious Risks to Enterprises

Mobile apps expose sensitive data

•

by Kevin Townsend / 2d

Top-ranked mobile apps found using hardcoded keys and exposed cloud buckets. The post appeared first on SecurityWeek .

Pillar Security Banks $9M for AI Security Guardrails

Aurascape secures 50M for AI security

•

by Ryan Naraine / 2d

Shield Capital leads a $9 million seed-stage funding round for Israeli startup building technologies for AI security and privacy guardrails. The post appeared first on SecurityWeek .

Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial

3 TTPs

•

by Eduard Kovacs / 2d

•

Oregon DEQ investigates cyberattack

The Rhysida ransomware gang claims to have stolen 2.5 Tb of files from the Oregon Department of Environmental Quality. The post appeared first on SecurityWeek .

Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild

5 TTPs

•

by Ionut Arghire / 2d

•

BPFDoor malware targets global networks

In recent attacks, the state-sponsored backdoor BPFDoor is using a controller to open a reverse shell and move laterally. The post appeared first on SecurityWeek .

Critical Vulnerability Found in Apache Roller Blog Server

4 TTPs

•

by Ionut Arghire / 2d

A critical vulnerability in Apache Roller could be used to maintain persistent access by reusing older sessions even after password changes. The post appeared first on SecurityWeek .

Microsoft Warns of Node.js Abuse for Malware Delivery

15 TTPs

•

by Eduard Kovacs / 2d

•

Node.js exploited for malware delivery

In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads. The post appeared first on SecurityWeek .

Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities

Execution (Enterprise TA0002)

•

by Ionut Arghire / 2d

Chrome 135 and Firefox 137 updates have been rolled out with patches for critical- and high-severity vulnerabilities. The post appeared first on SecurityWeek .

Oracle Patches 180 Vulnerabilities With April 2025 CPU

by Ionut Arghire / 2d

Oracle’s April 2025 Critical Patch Update contains 378 security patches that resolve approximately 180 unique CVEs. The post appeared first on SecurityWeek .

Apr 15, 2025

Internet Giants Agree to Reduce TLS Certificate Lifespan to 47 Days by 2029

SSL TLS certificate validity reduced

•

by Eduard Kovacs / 2d

Major companies have agreed to gradually reduce the lifetime of TLS certificates over the next few years. The post appeared first on SecurityWeek .

MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty

MITRE CVE support contract expires

•

200+by Ryan Naraine / 2d

MITRE warns of a deterioration of national vulnerability databases and advisories, slowed vendor reaction and limited response operations. The post appeared first on SecurityWeek .

Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks

Aurascape secures 50M for AI security

•

by Ryan Naraine / 2d

San Francisco startup banks $30 million in Seed and Series A funding led by Lightspeed Venture Partners and Walden Catalyst Ventures. The post appeared first on SecurityWeek .

Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers

Lemonade data breach exposes licenses

•

by Ionut Arghire / 2d

Lemonade says the incident is not material and that its operations were not compromised, nor was its customer data targeted. The post appeared first on SecurityWeek .

Kidney Dialysis Services Provider DaVita Hit by Ransomware

3 TTPs

•

by Ionut Arghire / 3d

•

DaVita suffers ransomware attack

DaVita has not named the ransomware group behind the incident or share details on the attacker’s ransom demands. The post appeared first on SecurityWeek .

Conduent Says Names, Social Security Numbers Stolen in Cyberattack

2 TTPs

•

by Ionut Arghire / 3d

•

Conduent confirms data theft incident

The business services provider confirms personal information such as names and Social Security numbers was stolen in a January cyberattack. The post appeared first on SecurityWeek .

2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches

4 TTPs

•

by Ionut Arghire / 3d

In fresh filings, Landmark Admin and Young Consulting say data breaches back in 2024 impacted more people than initially estimated. The post appeared first on SecurityWeek .

China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games

China pursues US operatives for cyberattacks

•

by Associated Press / 3d

China accuses three alleged U.S. NSA operatives of cyberattacks targeting critical infrastructure and the Asian Games in Harbin. The post appeared first on SecurityWeek .

Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats

Quantum-secure satellite communication alliance

•

by Kevin Townsend / 3d

Partisia, Squareroot8, and NuSpace join forces in a global partnership to advance quantum-safe communications. The post appeared first on SecurityWeek .

NetRise Raises $10 Million to Grow Software Supply Chain Security Platform

by Ionut Arghire / 3d

The funding round brings the total amount raised by the NetRise to roughly $25 million. The post appeared first on SecurityWeek .

Hertz Discloses Data Breach Linked to Cleo Hack

3 TTPs

•

by Ionut Arghire / 3d

Customers of the Hertz, Thrifty, and Dollar brands had their personal information stolen as a result of the Cleo hack last year. The post appeared first on SecurityWeek .

CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security Officer at Adobe

by Kevin Townsend / 3d

Van Horenbeeck's career spans some of the biggest companies in tech: Verizon, Microsoft, Google, Amazon, Zendesk, and now SVP and CSO at Adobe. The post appeared first on SecurityWeek .