🚨 CISA KEV 1[−]
28 Apr KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2025-1976 Broadcom Brocade Fabric OS Code Injection Vulnerability CVE-2025-42599 Qualitia Active! Mail Stack-Based Buffer Over…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
28 AprHackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely CompromisedThreat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below v…THEHACKERNEWS.COM
28 AprNVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at RiskTrend Research uncovered misconfigurations in NVIDIA Riva deployments, with two vulnerabilities, CVE-2025-23242 and CVE-2025-23243, contributing to their exposure. These security flaws could lead to unauthorized access, resource abuse, and potential misuse or theft of AI-powered …TRENDMICRO.COM
28 AprA Python client for the Global CVE Allocation System.submitted by cm0002 to cybersecurity 7 points | 0 comments https://github.com/gcve-eu/gcve The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for partic…INFOSEC.PUB
28 AprA Python client for the Global CVE Allocation System.submitted by cm0002 to cybersecurity 7 points | 0 comments https://github.com/gcve-eu/gcve The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for partic…SH.ITJUST.WORKS
⚠️ VULNERABILITY DISCLOSURE 3[−]
28 Apr⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & MoreWhat happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they’re not just after big corporations. Anyone can…THEHACKERNEWS.COM
28 AprHow Breaches Start: Breaking Down 5 Real VulnsNot every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruder’s bug-hunting team, reveal how attackers turn overlooked flaws into …THEHACKERNEWS.COM
28 AprWooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site BackdoorsCybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticat…THEHACKERNEWS.COM
📋 SECURITY BULLETINS 1[−]
28 AprCybersecurity Updates: CEO Legal Troubles, Global Cyber Rules, Microsoft Fix Issues, and AI at B-Side SFIn this episode of 'Cybersecurity Today', host David Shipley covers multiple key stories: Veritaco CEO Jeffrey Bowie is charged with attempting to infect a hospital with malware. Global Chief Information Security Officers (CISOs) call on world governments to harmonize cybersecuri…CYBERSECURITYTODAY.LIBSYN.COM
📢 SECURITY ADVISORIES 1[−]
28 AprNSA, CISA top brass absent from RSA Conferencesubmitted by PhilipTheBucket to cybersecurity 36 points | 5 comments https://go.theregister.com/feed/www.theregister.com/2025/04/28/nsa_cisa_bosses_notably_absent/SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 2[−]
28 AprWindscribe Acquitted on Charges of Not Collecting Users’ DataThe company doesn’t keep logs, so couldn’t turn over data : Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was pe…SCHNEIER.COM
28 AprEarth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft ToolsGovernment and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024. The attacks, per Trend Micro, have leveraged custom malware, rootkits, a…THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 8[−]
28 AprISC Stormcast For Monday, April 28th, 2025 https://isc.sans.edu/podcastdetail/9426, (Mon, Apr 28th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
28 AprFaster, more personalized service begins at the frontline with Microsoft IntuneSecure, cloud-based endpoint management helps healthcare providers empower frontline staff and improve patient care. The post Faster, more personalized service begins at the frontline with Microsoft Intune appeared first on Microsoft Security Blog .MICROSOFT.COM
28 AprNews alert: Case dismissed against VPN executive, affirms no-logs policy as a valid legal defenseToronto, Canada, Apr. 28, 2025, CyberNewswire — Windscribe , a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak … (more…) The pos…LASTWATCHDOG.COM
28 AprMY TAKE: As RSAC 2025 opens, Microsoft, Amazon make GenAI grab — will control tighten?SAN FRANCISCO — RSAC 2025 kicks off today at Moscone Center, with more than 40,000 cybersecurity pros, tech executives, and policy leaders gathering to chart the future of digital risk management. Related: RSAC 2025’s full agenda One dominant undercurrent is … (more…)…LASTWATCHDOG.COM
28 AprDeploy Bravely with Prisma AIRSIntroducing "Secure AI by Design" portfolio for enterprises to build and adopt AI securely, enhancing customer interactions and employee productivity. The post Deploy Bravely with Prisma AIRS appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
28 AprIntroducing XSIAM 3.0XSIAM is expanding from reactive response to proactive defense, transforming exposure management and email security with unified data, AI and automation. The post Introducing XSIAM 3.0 appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
28 AprEmbracing the Future of Work with Innovations in Prisma SASEEmpower users with Prisma Access Browser 2.0: enhanced data security, AI-powered protection and Precision AI to stop advanced threats. The post Embracing the Future of Work with Innovations in Prisma SASE appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
28 AprMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 6 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 2[−]
28 AprSRUM-DUMP Version 3: Uncovering Malware Activity in Forensics, (Sun, Apr 27th)############################%#################…ISC.SANS.EDU
28 AprCitizen Lab says exiled Uyghur leaders targeted with Windows spywareThe researchers said the attackers behind the campaign had "deep understanding of the target community."TECHCRUNCH.COM
🎙️ PODCASTS 1[−]
28 AprSnake Oilers: LimaCharlie, Honeywell Cyber Insights, CobaltStrike and OutflankIn this edition of the Snake Oilers podcast, three sponsors come along to pitch their products: LimaCharlie: A public cloud for SecOps Honeywell Cyber Insights: An OT security/discovery solution Fortra’s CobaltStrike and Outflank: Security tooling for red teamers This episode is …RISKY.BIZ
📡 INFOSEC NEWS 3[−]
28 ApriOS and Android juice jacking defenses have been trivial to bypass for yearsNew ChoiceJacking attack allows malicious chargers to steal data from phones.ARSTECHNICA.COM
28 AprHow to protect your social media accounts from SIM swap attacks | Kaspersky official blogWe explain how scammers are hijacking social media accounts, and what you can do about it.KASPERSKY.COM
28 AprHow safe and secure is your iPhone really?Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.WELIVESECURITY.COM