16Articles
5Categories
2025-04-24Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
24 AprCritical Commvault Command Center Flaw Enables Attackers to Execute Code RemotelyA critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability …THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 6[−]
24 AprYou'll Soon Be Able to Sign in to Have I Been Pwned (but Not Login, Log in or Log On)Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing How do seemingly little things manage to consume so much time?! We had a suggestion this week that instead of being able to login to the new HIBP website, you s…TROYHUNT.COM
24 AprLinux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection ToolsCybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. …THEHACKERNEWS.COM
24 AprAutomating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network RedesignThe Evolving Healthcare Cybersecurity Landscape  Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surfac…THEHACKERNEWS.COM
24 Apr KEV159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of DisclosureAs many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," …THEHACKERNEWS.COM
24 AprCISA Releases Seven Industrial Control Systems AdvisoriesCISA released seven Industrial Control Systems (ICS) advisories on April 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-114-01 Schneider Electric Modicon Controllers ICSA-25-114-02 ALBEDO…CISA.GOV
24 AprRSAC Fireside Chat: The NDR evolution story—from open source start to kill chain clarityAs enterprises brace for a new wave of stealthy intrusions — so-called Typhoon attacks — security leaders are doubling down on network intelligence that goes beyond surface-level alerts. Related: What is NDR? In this RSAC 2025 Fireside Chat, I sat … (more…) The post RSAC Fi…LASTWATCHDOG.COM
🔥 INCIDENT REPORTING 1[−]
24 AprTrojanized Alpine Quest app geolocates Russian soldierssubmitted by PhilipTheBucket to cybersecurity 10 points | 0 comments https://go.theregister.com/feed/www.theregister.com/2025/04/24/hacked_alpine_quest_android_app/SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 6[−]
24 AprNew Linux RootkitInteresting : The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart…SCHNEIER.COM
24 AprLazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle MalwareAt least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industri…THEHACKERNEWS.COM
24 AprDarcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for CybercriminalsThe threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tec…THEHACKERNEWS.COM
24 AprNew whitepaper outlines the taxonomy of failure modes in AI agentsRead the new whitepaper from the Microsoft AI Red Team to better understand the taxonomy of failure mode in agentic AI. The post New whitepaper outlines the taxonomy of failure modes in AI agents appeared first on Microsoft Security Blog .MICROSOFT.COM
24 AprRSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’As RSAC 2025 convenes next week in San Francisco, digital trust is poised to take center stage. Related: PKI and the IoT cloud One quiet but consequential development now taking root in the financial sector could prove pivotal: the emergence … (more…) The post RSAC Fireside…LASTWATCHDOG.COM
24 AprBruce Byrd on Public-Private Partnerships in CybersecurityBruce Byrd offers strategic insights on cybersecurity evolution including public-private partnerships and AI impact. The post Bruce Byrd on Public-Private Partnerships in Cybersecurity appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
📡 INFOSEC NEWS 2[−]
24 AprWhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-DownloadsWhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups. "This new setting available in both chats and groups helps prevent others from takin…THEHACKERNEWS.COM
24 AprSpeak at TechCrunch Disrupt 2025: Applications now openTechCrunch Disrupt returns October 27-29 to Moscone West in San Francisco — and we’re inviting thought leaders, founders, VCs, and tech experts to apply for a chance to take the stage at one of the most anticipated tech events of the year. Applications are now open to speak at Di…TECHCRUNCH.COM