55Articles
9Categories
2025-04-16Date
🚨 CISA KEV 1[−]
16 Apr KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2021-20035  SonicWall SMA100 Appliances OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malic…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
16 AprCVE Program Almost UnfundedMitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled , as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months…SCHNEIER.COM
16 AprFunding Expires for Key Cyber Vulnerability DatabaseA critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its…KREBSONSECURITY.COM
16 AprU.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on AlertThe U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosy…THEHACKERNEWS.COM
16 AprMY TAKE: The CVE program crisis isn’t over — it’s a wake-up call for cybersecurity’s supply chainJust hours before it was set to expire on April 16, the federal contract funding MITRE’s stewardship of the CVE (Common Vulnerabilities and Exposures) program was given a temporary extension by CISA. Related: Brian Krebs’ take on MITRE funding expiring … (more…) The p…LASTWATCHDOG.COM
16 AprCVE program averts swift end after CISA executes 11-month contract extensionImportant update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program. A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last…CSOONLINE.COM
16 AprThe CVE program for tracking security flaws is about to lose federal fundingsubmitted by cm0002 to cybersecurity 80 points | 6 comments https://www.theverge.com/news/649314/cve-mitre-funding-vulnerabilities-exposures-fundingINFOSEC.PUB
16 AprHomeland Security funding for CVE program expiressubmitted by cm0002 to security 21 points | 2 comments https://www.theregister.com/2025/04/16/homeland_security_funding_for_cve/PROGRAMMING.DEV
16 AprRisky Business #788 -- Trump targets Chris Krebs, SentinelOneOn this week’s show Patrick Gray talks to former NSA Cybersecurity Director Rob Joyce about Donald Trump’s unprecedented, unwarranted and completely bonkers political persecution of Chris Krebs and his employer SentinelOne. They also talk through the week’s cybersecurity news, co…RISKY.BIZ
⚠️ VULNERABILITY DISCLOSURE 19[−]
16 AprNew Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with LogsCybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues hav…THEHACKERNEWS.COM
16 AprFrom Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply ChainsIntroduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabili…THEHACKERNEWS.COM
16 AprCISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud CompromiseCISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credent…CISA.GOV
16 AprAI-Powered Spear Phishing Can Now Outperform Human AttackersResearchers at Hoxhunt have found that AI agents can now outperform humans at creating convincing phishing campaigns.KNOWBE4.COM
16 AprApple says zero-day bugs exploited against ‘specific targeted individuals’ using iOSOne of the bugs was discovered by Google's security researchers who investigate government-backed cyberattacks.TECHCRUNCH.COM
16 AprInsurance firm Lemonade warns of breach of thousands of driving license numbersA data breach at insurance firm Lemonade left the details of thousands of drivers' licenses exposed for 17 months. According to the company, on March 14 2025 Lemonade learnt that a vulnerability in its online car insurance application process contained a vulnerability that was li…BITDEFENDER.COM
16 AprWhistleblower alleges Russian IP address attempted access to US agency’s systems via DOGE-created accountsSomeone using a Russian IP address attempted to access the internal systems of the US National Labor Relations Board (NLRB) using legitimate accounts set up by staff from Elon Musk’s Department of Government Efficiency (DOGE), a whistleblower inside the agency has alleged. The al…CSOONLINE.COM
16 AprCato Networks augments CASB with genAI securityCato Networks recently unveiled new generative AI capabilities in its Cloud Access Security Broker (CASB) that the secure access service edge (SASE) provider says will let enterprise IT organizations detect, analyze, and gain insights into the use of genAI applications. Cato CASB…NETWORKWORLD.COM
16 AprOnline-Betrüger setzen auf KI und synthetische Identitätenwidth="2432" height="1368" sizes="(max-width: 2432px) 100vw, 2432px"> Oft reichen wenige echte Datenfragmente – etwa Name und Geburtsdatum – um eine synthetische Identität zu erschaffen. Studio-M – shutterstock.com Die weltweite Welle der Online-Kriminalität wird nach Einschätzun…CSOONLINE.COM
16 AprÜberwachungssoftware infiziert gezielt SmartphonesFingierte Messenger-Apps täuschen ihre Opfer und führen so freiwillig zur Installation der Schadsoftware. siro46 – shutterstock.com as Bundesamt für Verfassungsschutz und das britische National Cyber Security Centre warnen vor der Gefahr, die von den Schadprogrammen “Moonshine” u…CSOONLINE.COM
16 AprCISOs rethink hiring to emphasize skills over degrees and experienceFor decades security chiefs have trained their sights on job applicants with university degrees. But ongoing skills shortages and experiences with highly talented security pros who do not hold college degrees are spurring some CISOs to rethink their hiring strategies, favoring a …CSOONLINE.COM
16 AprThe most dangerous time for enterprise security? One month after an acquisitionThe period right after an acquisition closes is the most dangerous time for enterprise security, for multiple reasons, and is the most effective period for attackers . The dilemma: Should enterprises sharply shorten this holding period or reinforce the new unit’s defenses? The da…CSOONLINE.COM
16 AprUS Gov Funding Expires for MITRE- Cyber Vulnerability Databasesubmitted by Penguincoder to securitynews 5 points | 2 comments https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/INFOSEC.PUB
16 AprGCVE: Global CVE Allocation Systemsubmitted by cm0002 to cybersecurity 12 points | 0 comments https://gcve.eu/ The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entiti…INFOSEC.PUB
16 AprActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK?submitted by cm0002 to cybersecurity 25 points | 2 comments https://www.theregister.com/2025/04/15/activex_microsoft_365/INFOSEC.PUB
16 AprGCVE: Global CVE Allocation Systemsubmitted by cm0002 to cybersecurity 38 points | 2 comments https://gcve.eu/ The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entiti…SH.ITJUST.WORKS
16 AprWindows 11 Escalation Vulnerability Let Attackers Gain Admin Access Within 300 Millisecondssubmitted by kid to cybersecurity 79 points | 8 comments https://cybersecuritynews.com/windows-11-vulnerability-gain-admin-access/SH.ITJUST.WORKS
16 AprOracle Security Update - Patch for 378 Vulnerabilities Including Remote Exploitssubmitted by kid to cybersecurity 11 points | 1 comments https://cybersecuritynews.com/oracle-security-update-patch-for-378-vulnerabilities/SH.ITJUST.WORKS
📢 SECURITY ADVISORIES 5[−]
16 AprIdentity Theft and Tax Records, Purchasing Fake IDs for Hacker Forums and more: Cyber Security Today for April 16, 2025In this episode of Cybersecurity Today, hosted by Jim Love, the show salutes Katie Moussouris of Luta Security for her courage in speaking truth to power. The episode covers various significant news in the cybersecurity world: the explosion of identity theft in Canada’s tax syste…CYBERSECURITYTODAY.LIBSYN.COM
16 AprFormer CISA director Chris Krebs vows to fight back against Trump-ordered federal investigationThe former cybersecurity chief is the latest to push back on the Trump administration's targeting of critics and dissenters.TECHCRUNCH.COM
16 AprRenewed Russian Phishing Campaign Against European Diplomatssubmitted by Tea to cybersecurity 7 points | 0 comments https://research.checkpoint.com/2025/apt29-phishing-campaign/ Check Point Research has been tracking an advanced phishing campaign conducted by APT29, a Russia linked threat group, which is targeting diplomatic entities acro…INFOSEC.PUB
16 AprRenewed Russian Phishing Campaign Against European Diplomatssubmitted by Tea to cybersecurity 12 points | 1 comments https://research.checkpoint.com/2025/apt29-phishing-campaign/ Check Point Research has been tracking an advanced phishing campaign conducted by APT29, a Russia linked threat group, which is targeting diplomatic entities acr…SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 7[−]
16 AprThe Sophos Annual Threat Report: Cybercrime on Main Street 2025Ransomware remains the biggest threat, but old and misconfigured network devices are making it too easySOPHOS.COM
16 AprNew BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server AttacksCybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. "The controller …THEHACKERNEWS.COM
16 AprProduct Walkthrough: A Look Inside Wing Security's Layered SaaS Identity DefenseIntro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for …THEHACKERNEWS.COM
16 AprHow Does Human Risk Management Differ from Security Awareness Training?In today's cybersecurity landscape, organizations face an ever-present and often underestimated threat: human risk. Despite significant advancements in technological defenses, human error remains a leading cause of data breaches and security incidents.KNOWBE4.COM
16 AprNews alert: SquareX to present on uncovering data splicing attacks at BSides San Francisco 2025Palo Alto, Calif, Apr. 16, 2025, CyberNewswire — SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled “ Data Splicing Attacks: Breaking Enterprise DLP from the … (more……LASTWATCHDOG.COM
16 AprCrazyHunter Campaign Targets Taiwanese Critical SectorsThis blog entry details research on emerging ransomware group CrazyHunter, which has launched a sophisticated campaign aimed at Taiwan's essential services.TRENDMICRO.COM
16 AprErneuter Datenabfluss bei Melting Mind?Es gibt Hinweise auf ein neues Datenleck bei Melting Mind. SuPatMaN – shutterstock.com Noch am Dienstag (15. April) berichtete der Norddeutsche Rundfunk NDR , dass Melting Mind bei dem Cyberangriff im vergangenen Jahr größeren Schaden abwenden konnte. Laut einem Bericht von heise…CSOONLINE.COM
🕵️ THREAT INTELLIGENCE 8[−]
16 AprGamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint LoginsThreat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages. "Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to …THEHACKERNEWS.COM
16 AprISC Stormcast For Wednesday, April 16th, 2025 https://isc.sans.edu/podcastdetail/9410, (Wed, Apr 16th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
16 AprCyber Signals Issue 9 | AI-powered deception: Emerging fraud threats and countermeasuresMicrosoft maintains a continuous effort to protect its platforms and customers from fraud and abuse. This edition of Cyber Signals takes you inside the work underway and important milestones achieved that protect customers. The post Cyber Signals Issue 9 | AI-powered deception: E…MICROSOFT.COM
16 AprResearchers claim breakthrough in fight against AI’s frustrating security holesubmitted by cm0002 to cybersecurity 3 points | 1 comments https://arstechnica.com/information-technology/2025/04/researchers-claim-breakthrough-in-fight-against-ais-frustrating-security-hole/INFOSEC.PUB
16 AprWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 6 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
16 AprVulnerabilities in the SS7 phone system can allow attackers to steal your calls and texts, track your locationsubmitted by cm0002 to cybersecurity 8 points | 0 comments https://www.youtube.com/watch?v=miXRoy-5LLoSH.ITJUST.WORKS
16 AprCVE program gets a last-minute save, maybe a new homesubmitted by PhilipTheBucket to cybersecurity 46 points | 1 comments https://go.theregister.com/feed/www.theregister.com/2025/04/16/cve_program_funding_save/SH.ITJUST.WORKS
16 AprUK Software Firm Exposed 1.1TB of Healthcare Worker Recordssubmitted by kid to cybersecurity 17 points | 0 comments https://hackread.com/uk-software-firm-exposed-healthcare-worker-records/SH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 4[−]
16 AprSophos Annual Threat Report appendix: Most frequently encountered malware and abused softwareThese are the tools of the trade Sophos detected in use by cybercriminals over 2024SOPHOS.COM
16 AprChinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto UsersCheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal…THEHACKERNEWS.COM
16 AprNSO lawyer names Mexico, Saudi Arabia, and Uzbekistan as spyware customers accused of 2019 WhatsApp hacksThis is the first time representatives for the spyware maker have publicly named its government customers.TECHCRUNCH.COM
16 AprThey’re coming for your data: What are infostealers and how do I stay safe?Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive dataWELIVESECURITY.COM
🎙️ PODCASTS 1[−]
16 AprSmashing Security podcast #413: Hacking the hackers… with a credit card?A cybersecurity firm is buying access to underground crime forums to gather intelligence. Does that seem daft to you? And over in Nigeria, even if romance scammers would like to update their LinkedIn profiles, just how easy is it to turn a new leaf after a sweet-talking career in…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 2[−]
16 AprSophos India Volunteers Bring Color to Local SchoolsSophos India volunteers transformed two rural schools with vibrant murals, enhancing learning spaces and strengthening community ties.SOPHOS.COM
16 AprGoogle Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billi…THEHACKERNEWS.COM