BleepingComputer.com.

"Hackers abuse IPv6 networking features to hijack software updates."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 01 May 2025, 1437 UTC.

Content and Source:  "BleepingComputer.com."

Site URL--https://www.bleepingcomputer.com/

Please check URL or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Latest Articles

• 
   
  Deals

Get lifetime access to cybersecurity courses in this $70 deal

• This cybersecurity training platform gives you lifetime access to a growing library of video lessons, practice tests, exam prep guides, and more, and it's on sale for $69.99 (reg. $280).

  • BleepingComputer Deals
   
  • May 01, 2025
   
  • 07:11 AM
   
  •  0
• 
   
  Security

Hackers abuse IPv6 networking feature to hijack software updates

• A China-aligned APT threat actor named "TheWizards" abuses an IPv6 networking feature to launch adversary-in-the-middle (AitM) attacks that hijack software updates to install Windows malware.

  • Lawrence Abrams
   
  • April 30, 2025
   
  • 08:33 PM
   
  •  1
• 
   

2024: A year of identity attacks | Get the new ebook 

• Identity attacks were rampant in 2024 as attackers doubled down on identity-based TTPs. Prepare to defend your organization in 2025 by looking back at identity-based breaches in 2024.

  Get a free Ebook on the most impactful identity breaches of 2024, and the attacker tooling and techniques that we can expect in 2025.

  • Push Security Sponsorship
• 
   
  Security

WordPress plugin disguised as a security tool injects backdoor

• A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it.

  • Bill Toulas
   
  • April 30, 2025
   
  • 05:05 PM
   
  •  0
• 
   
  Security, Artificial Intelligence, Cloud

WhatsApp unveils 'Private Processing' for cloud-based AI features

• WhatsApp has announced the introduction of 'Private Processing,' a new technology that enables users to utilize advanced AI features by offloading tasks to privacy-preserving cloud servers.

  • Bill Toulas
   
  • April 30, 2025
   
  • 03:01 PM
   
  •  0
• 
   
  Deals

Kickstart your CISSP prep with this $30 cybersecurity course deal

• The CISSP certification can be extremely challenging as you have to learn eight domains of security knowledge. This CISSP Security and Risk Management training bundle can make it easier, and it's only $29.97 for lifelong access (reg. $424) for a little while longer.

  • BleepingComputer Deals
   
  • April 30, 2025
   
  • 02:10 PM
   
  •  0
• 
   
  Security

SonicWall warns of more VPN flaws exploited in attacks

• Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks.

  • Sergiu Gatlan
   
  • April 30, 2025
   
  • 01:23 PM
   
  •  0
• 
   
  Security

Commvault says recent breach didn't impact customer backup data

• Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn't gain access to customer backup data.

  • Sergiu Gatlan
   
  • April 30, 2025
   
  • 12:20 PM
   
  •  0
• 
   
  Security

FBI shares massive list of 42,000 LabHost phishing domains

• The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024.

  • Bill Toulas
   
  • April 30, 2025
   
  • 12:01 PM
   
  •  0
• 
   
  Security

UK retailer Co-op shuts down some IT systems after hack attempt

• British supermarket chain Co-op Food has confirmed to BleepingComputer via a statement that it has suffered limited operational disruption as it responds to a cyberattack.

  • Bill Toulas
   
  • April 30, 2025
   
  • 10:12 AM
   
  •  0
• 
   
  Security, Healthcare

Ascension discloses new data breach after third-party hacking incident

• ​Ascension, one of the largest private healthcare systems in the United States, is notifying patients that their personal and health information was stolen in a December 2024 data theft attack, which affected a former business partner.

  • Sergiu Gatlan
   
  • April 30, 2025
   
  • 09:21 AM
   
  •  1
• 
   
  Deals

Protect your devices and data with this $40 five-year AdGuard VPN plan

• AdGuard VPN makes it both easy and affordable to enhance your device security. Right now, you can grab a 5-year subscription to AdGuard VPN for just $39.97 (reg. $359.40). That's under $1 a month for serious peace of mind.

  • BleepingComputer Deals
   
  • April 30, 2025
   
  • 07:09 AM
   
  •  0
• 
   
  Microsoft

Microsoft: Windows 11 24H2 updates fail with 0x80240069 errors

• Microsoft has confirmed that Windows 11 24H2 feature updates via Windows Server Update Services (WSUS) are being blocked after installing the April 2025 security updates.

  • Sergiu Gatlan
   
  • April 30, 2025
   
  • 06:45 AM
   
  •  1
• 
   
  CryptoCurrency, Legal

Grinex exchange suspected rebrand of sanctioned Garantex crypto firm

• A new cryptocurrency exchange named Grinex is believed to be a rebrand of Garantex, a Russian cryptocurrency exchange whose domains were seized by the U.S. authorities and an admin arrested.

  • Bill Toulas
   
  • April 29, 2025
   
  • 04:21 PM
   
  •  0
• 
   
  Microsoft, Security

Microsoft: Windows Server hotpatching to require subscription

• Microsoft has announced it will require paid subscriptions for Windows Server 2025 hotpatching, a service that enables admins to install security updates without restarting.

  • Sergiu Gatlan
   
  • April 29, 2025
   
  • 03:47 PM
   
  •  4
• 
   
  Security

Hackers ramp up scans for leaked Git tokens and secrets

• Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories.

  • Bill Toulas
   
  • April 29, 2025
   
  • 03:02 PM
   
  •  0
• 
   
  Security

France ties Russian APT28 hackers to 12 cyberattacks on French orgs

• Today, the French foreign ministry blamed the APT28 hacking group linked to Russia's military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years.

  • Sergiu Gatlan
   
  • April 29, 2025
   
  • 02:57 PM
   
  •  0
• 
   
  Deals

Deal alert: This Lenovo Chromebook is under $75 and doubles as a tablet

• Right now, you can pick up a refurbished Lenovo 2-in-1 300e Chromebook for just $74.99—a steep discount off its original price of $475.99 and a great value for students, remote workers, or anyone needing a reliable secondary device.

  • BleepingComputer Deals
   
  • April 29, 2025
   
  • 02:10 PM
   
  •  0
• 
   
  Security, Apple

Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks

• ​A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution.

  • Sergiu Gatlan
   
  • April 29, 2025
   
  • 01:32 PM
   
  •  0
• 
   
  Security

SK Telecom cyberattack: Free SIM replacements for 25 million customers

• South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May.

  • Bill Toulas
   
  • April 29, 2025
   
  • 12:49 PM
   
  •  0
• 
   
  Microsoft

Microsoft fixes Outlook paste, blank calendar rendering issues

• Microsoft has confirmed several issues affecting Microsoft 365 customers using the "paste special' option and the calendar feature in the classic Outlook email client.

  • Sergiu Gatlan
   
  • April 29, 2025
   
  • 11:45 AM
   
  •  0

• 1
 
• 2
 
• 3
 
• 4
 
• 5