15Articles
4Categories
2025-04-22Date
⚠️ VULNERABILITY DISCLOSURE 6[−]
22 AprA Vulnerability in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface Could Allow for Remote Code ExecutionA vulnerability has been discovered in SonicWall Secure Mobile Access (SMA) 100 Management Interface, which could allow for remote code execution. SonicWall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees access to applicat…CISECURITY.ORG
22 AprWeekly Update 448Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing I'm a few days late this week, finally back from a month of (almost) non-stop travel with the last bit being completely devoid of an internet connection &#…TROYHUNT.COM
22 AprCISA Releases Five Industrial Control Systems AdvisoriesCISA released five Industrial Control Systems (ICS) advisories on April 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-112-01 Siemens TeleControl Server Basic SQL ICSA-25-112-02 Siemens T…CISA.GOV
22 AprAI models can generate exploit code at lightning speedsubmitted by cm0002 to cybersecurity 18 points | 6 comments https://www.theregister.com/2025/04/21/ai_models_can_generate_exploit/INFOSEC.PUB
22 AprMicrosoft rated this bug as low exploitability. Miscreants weaponized it in just 8 dayssubmitted by BrikoX to cybersecurity 110 points | 8 comments https://www.theregister.com/2025/04/21/microsoft_apple_patch/ It’s now hitting govt, enterprise targetsSH.ITJUST.WORKS
22 AprAuditing Moodle's core hunting for logical bugsThe following article explains how, during an audit, we examined Moodle (v4.4.3) and found ways of bypassing all the restrictions preventing SSRF vulnerabilities from being exploited.QUARKSLAB.COM
🔥 INCIDENT REPORTING 5[−]
22 AprMarks & Spencer confirms cybersecurity incident amid ongoing disruptionThe company said it was necessary to make operational changes to protect the business.TECHCRUNCH.COM
22 AprThe AI Fix #47: An AI is the best computer programmer in the worldIn episode 47 of The AI Fix, o3 becomes the best competitive programmer in the world, hacked California crosswalks speak with the voice of Elon Musk and Mark Zuckerberg, Meta introduces a herd of Llamas, Graham explains what a "lollipop lady" is, and Google talks to some dolphins…GRAHAMCLULEY.COM
22 AprCrosswalks hacked to play fake audio of Musk, Zuck, and Jeff Bezos"Stop, look, and listen" is the standard advice we should allow follow when crossing the road - but pedestrians in some parts are finding that they cannot believe their ears - after a hacker compromised crosswalks to play deepfake audio mocking tech bosses Elon Musk, Mark Zuckerb…BITDEFENDER.COM
22 AprRipple’s recommended XRP library xrpl.js hacked to steal walletssubmitted by BrikoX to cybersecurity 6 points | 1 comments https://www.bleepingcomputer.com/news/security/ripples-recommended-xrp-library-xrpljs-hacked-to-steal-wallets/ The recommended Ripple cryptocurrency NPM JavaScript library named “xrpl.js” was compromised to steal XRP wall…SH.ITJUST.WORKS
22 AprTexas city takes systems offline after cyberattacksubmitted by Amoxtli to cybersecurity 33 points | 1 comments https://therecord.media/texas-abilene-offline-cyberattack-systemsSH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 2[−]
22 AprAndroid Improves Its SecurityAndroid phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it’s nice to see Google add it to their phones.SCHNEIER.COM
22 AprBug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 stepssubmitted by BrikoX to cybersecurity 55 points | 2 comments https://www.theregister.com/2025/04/22/ssl_com_validation_flaw/ 10 other certificates ‘were mis-issued and have now been revoked’SH.ITJUST.WORKS
📡 INFOSEC NEWS 2[−]
22 AprWhistleblower: DOGE Siphoned NLRB Case DataA security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few…KREBSONSECURITY.COM
22 AprWill super-smart AI be attacking us anytime soon?What practical AI attacks exist today? “More than zero” is the answer – and they’re getting better.WELIVESECURITY.COM