39Articles
8Categories
2025-04-18Date
🚨 CISA KEV 1[−]
18 Apr KEVEUVD: Vulnerability Database operated by ENISA (beta)submitted by vf2000 to cybersecurity 14 points | 2 comments https://euvd.enisa.europa.eu/ the EUVD comes with a holistic approach and aims for ensuring a high level of interconnection of information sources. It does so by leveraging the open-source software Vulnerability-Lookup w…SH.ITJUST.WORKS
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
18 Apr KEVCVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File DownloadThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned t…THEHACKERNEWS.COM
18 AprCVE-2025-25000 Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityCorrected Build Number in the Security Updates table. This is an informational change only.MSRC.MICROSOFT.COM
18 AprHow I Got Hacked: A Warning about Malicious PoCssubmitted by ByteOnBikes to cybersecurity 25 points | 2 comments https://chocapikk.com/posts/2025/s1nk/ Late at night, I was testing a proof-of-concept (PoC) exploit for CVE-2020-35489 ( github/[.]com/gh202503/poc-cve-2020-35489 ) that I found on GitHub. The repository looked leg…SH.ITJUST.WORKS
⚠️ VULNERABILITY DISCLOSURE 14[−]
18 AprThe Secret CISO: Insights and Reflections from Cybersecurity LeadersIn this episode of Cybersecurity Today titled 'The Secret CISO,' host Jim Love, along with guests Octavia Howell, Daniel Pinsky, and John Pinard, delves into the personal and professional experiences of Chief Information Security Officers (CISOs). They share their journeys into c…CYBERSECURITYTODAY.LIBSYN.COM
18 AprOracle Quarterly Critical Patches Issued April 15, 2025Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution.CISECURITY.ORG
18 AprASUS warns of critical auth bypass flaw in routers using AiCloudASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. [...]BLEEPINGCOMPUTER.COM
18 AprSonicWall SMA VPN devices targeted in attacks since JanuaryA remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. [...]BLEEPINGCOMPUTER.COM
18 AprCisco Webex bug lets hackers gain code execution via meeting linksCisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. [...]BLEEPINGCOMPUTER.COM
18 AprFresh Windows NTLM Vulnerability Exploited in AttacksA Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions. The post Fresh Windows NTLM Vulnerability Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
18 Apr[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent BreachYour employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal—until it is. If this sounds familiar, you're not alone.…THEHACKERNEWS.COM
18 AprExperts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoTCybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has incr…THEHACKERNEWS.COM
18 AprPowering Down Vulnerability: Securing the Energy Sector's Supply ChainThe energy sector stands as a critical pillar of our society. From the electricity powering our homes to the fuel driving our industries, reliable energy is essential. However, the very interconnectedness that makes the energy sector so vital also exposes it to significant vulner…KNOWBE4.COM
18 AprChina Cybercriminals Behind Toll-Themed Smishing Attacks Surge in the US and UKResecurity warns that a China-based cybercriminal gang dubbed the “Smishing Triad” is launching a wave of road toll-themed SMS phishing (smishing) attacks against users across the US and the UK.KNOWBE4.COM
18 AprWhen AI moves beyond human oversight: The cybersecurity risks of self-sustaining systemsArtificial intelligence is no longer just a tool executing predefined commands, it is increasingly capable of modifying itself, rewriting its own parameters, and evolving based on real-time feedback. This self-sustaining capability, sometimes referred to as autopoiesis , allows A…CSOONLINE.COM
18 AprBedrohungs-Monitoring: Die 10 besten Tools zur Darknet-ÜberwachungLesen Sie, worauf es beim Darknet-Monitoring ankommt und welche Tools dafür am besten geeignet sind. Foto: sashk0 – shutterstock.com Das Dark Web ist ein Ort, von dem jeder CISO hofft, dass die Daten seines Unternehmens dort nicht landen. Es besteht aus Websites, die von gängigen…CSOONLINE.COM
18 AprWill politicization of security clearances make US cybersecurity firms radioactive?With the US government now tying security clearances to the support of specific political positions, many in the security community fear it may tar US vendors with the same brush as their Russian and Chinese counterparts. Will enterprise CISOs now have to worry about whether they…CSOONLINE.COM
18 AprThis CVE Tool Just Made My Job 10x Easier 🔍Cybersecurity just got a major upgrade. In this short, Adrian Sanabria highlights a ridiculously simple yet powerful free tool that converts any CVE into an EPSS score in seconds. No complex setups, no fluff — just actionable data at lightning speed. Perfect for pros who need fas…YOUTUBE.COM
📢 SECURITY ADVISORIES 2[−]
18 AprIn Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin ChargedNoteworthy stories that might have slipped under the radar: 4chan hacked, auto-reboot security feature coming to Android, Iranian administrator of Nemesis charged in US. The post In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged appeared first on SecurityWee…SECURITYWEEK.COM
18 AprWhat If Cybersecurity Had an Elven Council? 👨‍💻🧙‍♂️In this hilarious and relatable short, Mike imagines cybersecurity professionals forming an "Elven Council" straight out of Lord of the Rings. Inspired by CISA’s Secure by Design guidelines, he jokes about developers uniting to drop insecure code into Mount Doom. A must-watch for…YOUTUBE.COM
🔥 INCIDENT REPORTING 4[−]
18 AprInterlock ransomware gang pushes fake IT tools in ClickFix attacksThe Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. [...]BLEEPINGCOMPUTER.COM
18 Apr7 Steps to Take After a Credential-Based cyberattackHackers don't break in—they log in. Credential-based attacks now fuel nearly half of all breaches. Learn how to scan your Active Directory for compromised passwords and stop attackers before they strike. [...]BLEEPINGCOMPUTER.COM
18 AprEvents Giant Legends International HackedLegends International says the personal information of employees and customers was compromised as a result of a cyberattack. The post Events Giant Legends International Hacked appeared first on SecurityWeek .SECURITYWEEK.COM
18 AprAhold Delhaize Confirms Data Stolen in Ransomware AttackAhold Delhaize has confirmed that data was stolen from its systems in November 2024 after a ransomware group claimed the attack. The post Ahold Delhaize Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 9[−]
18 AprFriday Squid Blogging: Live Colossal Squid FilmedA live colossal squid was filmed for the first time in the ocean. It’s only a juvenile: a foot long. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.SCHNEIER.COM
18 AprChinese hackers target Russian govt with upgraded RAT malwareChinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. [...]BLEEPINGCOMPUTER.COM
18 AprThe Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI ToolsWith unapproved AI tools entrenched in daily workflows, experts say it’s time to shift from monitoring to managing Shadow AI use across the enterprise. The post The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools appeared first on SecurityWeek .SECURITYWEEK.COM
18 AprCy4Data Labs Raises $10 Million to Secure Data in UseData protection firm Cy4Data Labs has raised $10 million in a Series A funding round led by Pelion Venture Partners. The post Cy4Data Labs Raises $10 Million to Secure Data in Use appeared first on SecurityWeek .SECURITYWEEK.COM
18 AprChinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 StatesCybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated…THEHACKERNEWS.COM
18 AprISC Stormcast For Friday, April 18th, 2025 https://isc.sans.edu/podcastdetail/9414, (Fri, Apr 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 AprHow To Detect Obfuscated Malware That Evades Static Analysis ToolsObfuscated malware presents one of the most challenging threats in cybersecurity today. As static analysis tools have become standard components of security defenses, malware authors have responded by developing increasingly sophisticated obfuscation techniques that can bypass th…GBHACKERS.COM
18 AprHR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet... - SWN #469HR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-469YOUTUBE.COM
18 AprOff-Topic Fridaysubmitted by shellsharks to cybersecurity 5 points | 3 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 2[−]
18 AprMulti-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoaderA new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and…THEHACKERNEWS.COM
18 AprThe Weird Psychological Effect of Using AI at WorkWhen cybersecurity expert Doug White explored how AI affects team performance, he uncovered something unexpected—people love talking to AI, even saying it reduces loneliness. But there's a twist. In one study, when team members believed one of them was an AI, the entire group und…YOUTUBE.COM
📡 INFOSEC NEWS 4[−]
18 AprOpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limitsOpenAI has launched three new reasoning models - o3, o4-mini, and o4-mini-high for Plus and Pro subscribers, but as it turns out, these models do not offer 'unlimited' usage. [...]BLEEPINGCOMPUTER.COM
18 AprFBI: Scammers pose as FBI IC3 employees to 'help' recover lost fundsThe FBI warns that scammers posing as FBI IC3 employees are offering to "help" fraud victims recover money lost to other scammers. [...]BLEEPINGCOMPUTER.COM
18 AprBetter A Dog In Peace Than A Hacker In Chaos 🐶💻A legendary cybersecurity expert drops a chilling quote from the 16th century... and then compares the future of AI + quantum to the invention of gunpowder. In under a minute, he paints a picture of what’s about to hit the cybersecurity world like a runaway train. This isn’t just…YOUTUBE.COM
18 AprNew Windows Update Might Be WORSE Than The Crash 🤯When a Windows 11 driver crashes, most expect a quick fix—not remote access from Microsoft. In this short, cybersecurity pros react to a controversial new feature that automatically shares crash data and grants Microsoft the ability to connect directly to your PC. Is it innovatio…YOUTUBE.COM