"Booby-trapped Alpine Quest Android app geolocates Russian soldiers."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 26 April 2025, 1738 UTC.

Content and Source provided by "The Register-Security", 26 April 2025.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.theregister.co.uk%2Fsecurity%2Fheadlines.atom

Please check email subscription link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

95K followers30 articles per week

#security#tech

18

Most popular

Booby-trapped Alpine Quest Android app geolocates Russian soldiers

Malicious app targets Russian soldiers

•

by Iain Thomson / 2d

Back of the nyet! Russian soldiers are being targeted with an Android app specially altered to pinpoint their location and scan their phones for files, with the ability to exfiltrate sensitive documents if instructed.…

M&S stops online orders as 'cyber incident' issues worsen

3 TTPs

•

by Connor Jones / 1d

•

M&S manages cyber incident

One step forward and one step back as earlier hopes of progress dashed by latest update Marks & Spencer has paused online orders for customers via its website and app as the UK retailer continues to wrestle with an ongoing "cyber incident."…

Yesterday

Signalgate lessons learned: If creating a culture of security is the goal, America is screwed

by Jessica Lyons / 17h

Infosec is a team sport … unless you're in the White House Opinion Just when it seems they couldn't be that careless, US officials tasked with defending the nation go and do something else that puts American critical infrastructure, national security, and troops' lives in danger.…

Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member

CVE funding crisis averted

•

by Jessica Lyons / 19h

What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global future Kent Landfield, a founding member of the Common Vulnerabilities and Exposures (CVE) program and member of the board, learned through social media that the system he helped create was just hours away from losing funding.…

More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans

by Connor Jones / 22h

GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures Ivanti VPN users should stay alert as IP scanning for the vendor's Connect Secure and Pulse Secure systems surged by 800 percent last week, according to threat intel biz GreyNoise.…

Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions

Microsoft releases emergency container updates

•

by Iain Thomson / 23h

Where have we heard this before? Feb security update needs its own fix More than one month after complaints starting flying, Microsoft has fixed a Windows bug that caused some Remote Desktop sessions to freeze.…

Emergency patch for potential SAP zero-day that could grant full system control

5 TTPs

•

by Connor Jones / 1d

German software giant paywalls details, but experts piece together the clues SAP's latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been exploited as a zero-day.…

Apr 24, 2025

Claims assistance firm fined for cold-calling people who put themselves on opt-out list

by Dan Robinson / 1d

Third-party data supplier also in hot water with Brit regulator over consent issues Britain's data privacy watchdog has slapped a fine of £90k ($120k) on a business that targeted people with intrusive marketing phone calls, despite them being registered with the official "Do Not Call" opt-out service.…

Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry

4 TTPs

•

by Jessica Lyons / 1d

•

Darcula integrates GenAI into phishing

Because coding phishing sites from scratch is a real pain in the neck Darcula, a cybercrime outfit that offers a phishing-as-a-service kit to other criminals, this week added AI capabilities to its kit that help would-be vampires spin up phishing sites in multiple languages more efficiently.…

SSNs and more on 5.5M+ patients feared stolen from Yale Health

3 TTPs

•

by Jessica Lyons / 1d

•

Yale New Haven Health data breach

At least it wasn't Harvard Yale New Haven Health has notified more than 5.5 million people that their private details were likely stolen by miscreants who broke into the healthcare system's network last month.…

Microsoft mystery folder fix might need a fix of its own

Privilege Escalation (Enterprise TA0004)

•

by Richard Speed / 1d

•

CVE-2025-21204

This one weird trick can stop Windows updates dead in their tracks Turns out Microsoft's latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows updates.…

Assassin's Creed maker faces GDPR complaint for forcing single-player gamers online

Ubisoft accused of illegal data collection

•

by Brandon Vigliarolo / 2d

Collecting data from solo players is a Far Cry from being necessary, says noyb For anyone who's ever been frustrated by the need to go online to play a single-player video game, the European privacy specialists at noyb have heard you, and they've filed a complaint against Ubisoft in Austria dealing specifically with the issue. …

M&S takes systems offline as 'cyber incident' lingers

M&S manages cyber incident

•

29by Connor Jones / 2d

Customers told to expect further delays as contactless payments still down UK high street retailer Marks & Spencer says contactless payments are still down following its "cyber incident" and order delays are likely to continue.…

Apr 23, 2025

Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year

by Connor Jones / 2d

Cybercriminals are targeting software shops, accountants, lawyers The percentage of confirmed data breaches involving third-party relationships doubled last year as cybercriminals increasingly exploited weak links in supply chains and partner ecosystems.…

Ransomware scum and other crims bilked victims out of a 'staggering' $16.6B last year, says FBI

Ransomware complaints rise 9% FBI

•

by Jessica Lyons / 2d

Biggest threat to America's critical infrastructure? Ransomware Digital scammers and extortionists bilked businesses and individuals in the US out of a "staggering" $16.6 billion last year, according to the FBI — the highest losses recorded since bureau’s Internet Crime Complaint Center (IC3) started tracking them 25 years ago.…

Blue Shield says it shared health info on up to 4.7M patients with Google Ads

Blue Shield shares health data breach

•

by Jessica Lyons / 2d

Tech giants don't need smartphone mics to target adverts – your insurer just gives your data away, anyway US health insurance giant Blue Shield of California handed sensitive health information belonging to as many as 4.7 million members to Google's advertising empire, likely without these individuals' knowledge or consent.…

Ripple NPM supply chain attack hunts for private keys

7 TTPs

•

by Connor Jones / 2d

•

CVE-2025-32965

A mystery thief and a critical CVE involved in crypto cash grab Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.…

We’re calling it now: Agentic AI will win RSAC buzzword Bingo

by Jessica Lyons / 2d

All aboard the hype train The security industry loves its buzzwords, and this is always on full display at the annual RSA Conference event in San Francisco. Don't believe us? Take a lap on the expo floor, and you'll be bombarded with enough acronyms and over-the-top claims to send you straight to the nearest bar, which will likely serve specialty cocktails with names like The Great CASB and Firew

End of feed