Daily News - Abril (20/04 - 26/04) - 17 Semana de 2025

Information & Cyber Security, Privacy and Hacking News --- Daily Updates !! Weekly Resume...

26/04

CEO of cybersecurity firm charged with installing malware on hospital systems

Critical Craft CMS RCE 0-Day Vulnerability Exploited in Attacks to Steal Data

Critical ScreenConnect Vulnerability Let Attackers Inject Malicious Code

Cyber attack investigation on Wallonia handed over to Federal Prosecutor's Office

FBI offers $10M for info on China's Salt Typhoon hackers

If we want a passwordless future, let's get our passkey story straight

Top 5 Cybersecurity Risks CISOs Must Tackle in 2025

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

Veeam Report finds close to 70% of organizations still under cyber-attack despite improved defenses

25/04

5 Most Common Security Attack Methods in 2024: Mandiant's M-Trends Report

6 types of risk every organization must manage — and 4 strategies for doing it

13 core principles to strengthen AI cybersecurity

A worrying stealthy Linux security bug could put your systems at risk - here's what we know

AI agents feeding the dark web require new security tactics

All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack

Almost a million patients hit by Frederick Health data breach

Baltimore City Public Schools data breach affects over 31,000 people

Blue Shield of California reports major data breach affecting 4.7 million members

Commvault backup systems have an extremely worrying security issue, so patch now

Craft CMS RCE exploit chain used in zero-day attacks to steal data

Critical Commvault Flaw Allows Full System Takeover – Update NOW

Critical Commvault Flaw Rated 10/10: CSA Urges Immediate Patching

Cybercriminals switch up their top initial access vectors of choice

Darcula is now AI-enabled, draining the life from victims everywhere

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

Exposure validation emerges as critical cyber defense component

FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches

Flexible working models fuel surge in device theft

Governance First, GenAI Next: How Indian CIOs Are Prioritizing AI

Identity and Access Management to steal the spotlight at RSAC 2025

Interlock ransomware gang started leaking data allegedly stolen from leading kidney dialysis firm DaVita

Interlock Ransomware Say It Stole 20TB of DaVita Healthcare Data

Is your Roku TV spying on you? Probably, but here's how to put an end to it

JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure

Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes

M&S checkout chaos persists as cyberattack fallout continues

M&S Shuts Down Online Orders Amid Ongoing Cyber Incident

Major AI vulnerability discovered: single prompt grants researchers complete control

Major data breach at healthcare giant Yale Health affects 5.5 million people - here's what we know

Marks & Spencer imploding in wake of cyberattack, shuts down app, online sales

Marks & Spencer pauses online orders after cyberattack

Microsoft Defender misfire leads to users posting over 1,700 sensitive documents online

Microsoft fixes annoying bug which marked Adobe emails as spam

Microsoft is paying out some huge rewards for spotting AI security issues

Microsoft Office 365 MFA targeted by ‘SessionShark’ phishing kit

Mobile provider MTN says cyberattack compromised customer data

Navigating the 8D city: Why multi-dimensional network security is no longer optional

New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework

North Korean hackers are using advanced AI tools to help them get hired at Western firms

North Korean cyber spies created U.S. firms to dupe crypto developers

North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

North Korean Hackers Use Fake Crypto Firms in Job Malware Scam

North Korean IT Workers Using AI to Trick Firms into Remote Jobs

Operation SyncHole: Lazarus APT targets supply chains in South Korea

PF e PCDF investigam hackers que vendiam dados do MS por R$ 69,99

Popular LLMs Found to Produce Vulnerable Code by Default

Pro-Russian hackers NoName hit Germany with DDoS Attacks

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Salt Typhoon Cyberattack: FBI Investigates PRC-linked Breach of US Telecoms

SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

SAP Fixes Critical Vulnerability After Evidence of Exploitation

SAP fixes suspected Netweaver zero-day exploited in attacks

SAP NetWeaver zero-day allegedly exploited by an initial access broker

SAP patches zero day rated 10.0 in NetWeaver

SAP Zero-Day Possibly Exploited by Initial Access Broker

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

South Korea says DeepSeek transferred user data, prompts without consent

The Ursala of AI Wants Your Voice

Top must-visit companies at RSAC 2025

UK Bans Video Game Controllers Exports to Russia to Disrupt Drone Use

US conducting criminal antitrust investigation into TP-Link, Bloomberg News reports

US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures

US lawmakers subpoena China telecom giants over security concerns

WhatsApp introduces Advanced Chat Privacy to protect your chats

Why Developers Should Care About Generative AI (Even They Aren’t AI Expert)

Why hack when you can snatch: hackers stealing laptops to gain initial access

Why NHIs Are Security's Most Dangerous Blind Spot

Windows "inetpub" security fix can be abused to block future updates

Yale New Haven Health System reports data breach affecting over 5.5 million patients

You googled about Pope, hackers got your password

24/04

3 ways to build a ransomware IR strategy that works

5.5 Million Patients Affected by Data Breach at Yale New Haven Health

10 key questions security leaders must ask at RSA 2025

159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure

A new era of cyber threats is approaching for the energy sector

Alleged hacker who allegedly accessed thousands of sensitive court documents cops phone ban - as his identity is revealed

Android spyware hidden in mapping software targets Russian soldiers

Após vazamento, XP admite acesso indevido a base de dados, mas nega ataque hacker: o que sabemos até agora

Assassin’s Creed maker Ubisoft gobbles too much user data, privacy advocates claim

Asus patches security flaw which could have bricked servers

Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign

Backdoor Found in Official XRP Ledger NPM Package

Blue Shield Data Breach: Medical Info of 4.7M Members Leaked

Blue Shield Leaked Millions of Patient Info to Google for Years

Blue Shield of California Data Breach Affects 4.7 Million Members

Breach at health insurance giant Blue Shield of California leaked health data of millions to Google - see if you are affected

Carrefour raises alarm over breach involving personal data of Carrefour Mobile customers

Casino hackers say they've got maps to slot machine vault and server room

Coaching AI agents: Why your next security hire might be an algorithm

Commvault Command Center bug rated 10.0 patched

Companies are increasingly using AI for cybersecurity protection - now will it work?

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)

Crooks exploit the death of Pope Francis

Crypto drainer-as-a-service crime model on the rise

Cyber Attack in Long Beach, California, May Have Included Sensitive Info

Cyberattack hits drinking water supplier in Spanish town near Barcelona

Cyberattacks surged in 2025, with third party attacks seeing a huge rise

Cybercrime Losses Jump 33% in 2024, FBI Report Shows

Cybercriminals flood internet with over thousand malicious domains daily

Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

‘Dark web’: Major data breach for Aussie sleep study patients

Data breach exposes 21 Million employee screenshots from a workplace surveillance tool

DDoS Attack Hits Adyen, Causing Transaction Failures in EU

dRPC Launches NodeHaus to Streamline Blockchain and Web3 Infrastructure

DslogdRAT Malware Deployed in Ivanti Connect Secure Zero-Day Campaign

Elusive Comet Attack: Hackers Use Zoom Remote-Control to Steal Crypto

ETSI Unveils New Baseline Requirements for Securing AI

Exposed and unaware: The state of enterprise security in 2025

Hackers claim to hack TikTok, 927,000 passwords might hit the internet

Hackers criam anúncios falsos no Instagram para roubar dados de brasileiros!

Hacking groups are now increasingly in it for the money, not the chaos

Highest-Risk Security Flaw Found in Commvault Backup Solutions

Interlock ransomware claims DaVita attack, leaks stolen data

Investment firm Nth Degree says cyber attack affected over 25,000 customers

Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware

LinkedIn adds new verification tool to ensure security across the internet

Linux has a major weakness: invisible rootkit abuses security systems’ blind spot

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

Linux 'io_uring' security blindspot allows stealthy rootkit attacks

Medusa ransomware attack on Bell Ambulance impacted 114,000 individuals

Microsoft fixes bug causing incorrect 0x80070643 WinRE errors

Moroccan watchdog condemns government’s handling of massive CNSS data leak

Most organisations are notified of compromise from external sources, says Mandiant

New SessionShark Phishing Kit Bypasses MFA to Steal Office 365 Logins

Ofcom Finalizes Online Child Safety Rules to Protect UK’s Youngest Internet Users

Ofcom Lays Down the Law with Child Safety Rules for Tech Giants

One in three security teams trust AI to act autonomously

Op-Ed: What the Brydens Lawyers data breach reveals about data protection in law firms

Ransomware Attacks Fall Sharply in March

Ransomware cost US victims $16.6 billion in 2024, FBI warns

Review: Artificial Intelligence for Cybersecurity

Securing Fintech Operations Through Smarter Controls and Automation

Sleep study patients' personal data accessed in ransomware attack, SA Health says

South Korea Accuses DeepSeek of Unlawful Data Transfers Amid AI Expansion

Stolen Boulanger customer database from 2024 ransomware attack now offered for free online

The Baltimore City Public Schools (BCPS) Cyberattack Confirmed: Employee and Student Data Potentially Compromised

This Ruby middleware could hand hackers your password

Top employee monitoring app leaks 21 million screenshots on thousands of users

Understanding 2024 cyber attack trends

Understanding the Cryptocurrency Recovery Landscape in 2025

Users torn about WhatsApp feature, threaten to quit the app

Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks

XP confirma vazamento de dados e saldos de clientes após ataque hacker

WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads

WhatsApp introduces Advanced Chat Privacy to protect sensitive communications

Yale New Haven Health data breach affects 5.5 million patients

23/04

AI impact on data breach outcomes remains ‘limited’: Verizon

Alabama Ophthalmology Associates confirms data breach affecting over 130,000 patients

Almost 70% of organizations still fall victim to cyber attacks

Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices

Another blow to XRP Ledger as “crypto stealing backdoor” found

Apple fined $570M and Meta $228M for breach of EU law

ASUS releases fix for AMI bug that lets hackers brick servers

Attackers abused a bug within SSL.com to authorize fake certificates

Attackers phish OAuth codes, take over Microsoft 365 accounts

Attempted hacker attack on the XRP Ledger ecosystem: security averts the catastrophe

Baltimore Schools Ransomware Attack Exposes Data of Thousands

Blue Shield of California leaked health data of 4.7 million members to Google

Businesses Unprepared for Incoming Ransomware Attacks

Chrome will not ask users if they agree to be tracked by third-party cookies

CNAPP buyer’s guide: Top cloud-native app protection platforms compared

Employee monitoring app leaks 21 million screenshots in real time

FBI: US lost record $16.6 billion to cybercrime in 2024

Global firms succumb to ransomware: 86% pay up despite having advanced backup tools

Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito

Hackers podiam colocar anúncios falsos no Instagram de brasileiros

LinkedIn confession exposes the human cost of the gig economy in India

Marks & Spencer Confirms Cybersecurity Incident After Days of Service Disruptions

Massive botnet bigger than some countries discovered as DDoS attacks soar

Microsoft fixes Remote Desktop freezes caused by Windows updates

Microsoft fixes Windows Server 2025 blue screen, install issues

New South Wales man charged over ‘serious data breach’ that exposed thousands of sensitive court documents

Phishing detection is broken: Why most attacks feel like a zero day

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

Russian army targeted by new Android malware hidden in mapping app

Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp

Russian hackers ramp up cyberattacks to obstruct European societies

Secretaria da Saúde de São Jerônimo sofre tentativa de ataque hacker

Three Reasons Why the Browser is Best for Stopping Phishing Attacks

US Garmin users question the actual reason behind data collection: more reasons to revoke your insurance?

WhatsApp's new Advanced Chat Privacy protects sensitive messages

22/04

5 Major Concerns With Employees Using The Browser

$40bn Southeast Asian Scam Sector Growing “Like a Cancer”

80% of ransomware-hit Indian organisations had to pay off attackers to recover data

900K Roblox accounts may be on sale. Here’s what we know

AI Ethics, Cybersecurity and Finance: Navigating the Intersection

Billbug Espionage Group Deploys New Tools in Southeast Asia

Border-crossing records between Ukraine and Moldova left open

Charleston Fire Department warns neighbors about email scam, possible data breach

Check Point Research report highlights surge in phishing tactics using trusted digital platforms

Check Point Research Unveils Q1 2025 Brand Phishing Trends: Microsoft Dominates as Top Target, Mastercard Makes a Comeback

Compliance weighs heavily on security and GRC teams

Cookie-Bite attack PoC uses Chrome extension to steal session tokens

Critical Security Vulnerability Found in WordPress Plugin InstaWP Connect

Cyber attack on collection agency compromised Vitruvian Health’s patient data

Cyber attack on Marks and Spencer (M&S) leads to click and collect delays

Cybercrooks spreading malware and trolling victims using DOGE jargon

Cybersecurity firm CEO arrested for installing malware on hospital’s computer

Data breach prompts increased cybersecurity for Baltimore City Public Schools, State's Attorney's office

Deepfake-enabled fraud caused more than $200 million in losses

Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals

Dutch intelligence reports Russian cyber attack

Dutch payment processor Adyen hit by cyber attack

Email pretending it’s a Google subpoena alert is a phishing scam

Exposure assessment platforms promise to become a GPS for security pros

Fog ransomware channels Musk with demands for work recaps or a trillion bucks

FTC sues Uber over alleged unauthorized charges and difficult cancellations

GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages

Google does about turn on OAuth issue behind ‘extremely sophisticated phishing attack’

Hacker infects XRP Ledger software with crypto stealing ‘backdoor’

Hacker Tricked SSL.com To Get Certificate Issued for Alibaba Cloud Domain

Hackers russos atacam instalação pública holandesa, diz relatório

Here's how Bybit hackers moved stolen billions – 28% of the funds have “gone dark”

High Court rules landlord entitled to additional £6m indemnity from insurance broker after data breach

IBM Asks: How is the Cybersecurity Landscape Evolving?

Information Commissioner’s Office (ICO) fines law firm DPP £60,000 over a major client data breach

Insurance data breach exposes sensitive info of 1.6 million people

Korea forms emergency response team after SK Telecom customer data breach

Law firm fined £60,000 following cyber attack

Legacy Google Service Abused in Phishing Attacks

Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware

Marks & Spencer confirms cybersecurity incident amid ongoing disruption

Marks & Spencer suffers retail chaos, ongoing ‘cyber incident’ forces payment systems offline

Medical Express Ambulance Inc. announces data breach

Microsoft Entra ID Lockouts After MACE App Flags Legit Users

Microsoft Reports 92% Adoption Rate for Phishing-Resistant MFA Among Corporate Users

Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach

Morphing Meerkat Phishing Kit: A Deep Dive into Its Threats & Tactics

Next-Gen Phishing: The Rise of AI Vishing Scams

New Cryptojacking Malware Targets Docker with Novel Mining Technique

New Google email scams are alarmingly convincing - how to spot them

OCH Regional Medical Center Notifies 51,000 Patients About September 2023 Data Breach

Over 135,000 ransomware attacks detected in Southeast Asia in 2024

Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials

Phishing scams are everywhere in Spain — here’s how to spot them and stay safe

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)

Ripple's recommended XRP library xrpl.js hacked to steal wallets

Russian Host Proton66 Tied to SuperBlack and WeaXor Ransomware

Scalllywag Ad Fraud Network Generates 1.4 Billion Bid Requests Daily

Sophisticated Phishing Attack Targets Gmail Users: What To Know

SuperCard X Enables Contactless ATM Fraud in Real-Time

Teach young people about ransomware risks before they enter work, expert urges

The C-suite gap that’s putting your company at risk

The legal blind spot of shadow IT

The State of Ransomware in the First Quarter of 2025: Record-Breaking 126% Spike in Public Extortion Cases

This new Android malware can drain your bank account with a single card tap

Transparency Maroc raises alarm over data breach at Moroccan Employment Ministry, CNSS

Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000

University of Michigan faces lawsuit due hacking and privacy breach

What school IT admins are up against, and how to help them win

21/04

5 Reasons Device Management Isn't Device Trust​

66% of CISOs are worried cybersecurity threats surpass their defenses

Ahold Delhaize USA Confirms Data Stolen in 2024 Cyberattack

Akira Ransomware Launches New Cyberattacks Using Stolen Credentials and Public Tools

Akira Ransomware Using Compromised Credentials and Public Tools in New Wave of Cyberattacks

Attack Via Infostealers Increased by 84% Via Phishing Emails Per Week

Beware of Fake Google Emails: How to Protect Your Gmail from Scammers

Beware, hackers can apparently now send phishing emails from “no-reply@google.com”

Beware of this sneaky Google phishing scam

Booking.com Phishing Scam Uses Fake CAPTCHA to Install AsyncRAT

Credential theft outpaces ransomware as cyber threat landscape evolves, report claims

Cryptocurrency Recovery in 2025: Essential Steps and Professional Services to Reclaim Your Assets

Cyber threats now a daily reality for one in three businesses

Cybercriminals blend AI and social engineering to bypass detection

Cybercriminals Deploy FOG Ransomware Disguised as DOGE via Malicious Emails

Devices exposed to remote hacking via Erlang/OTP SSH vulnerability

DOGE is a national security threat, a giant data breach, and theft of your personal information

Emails delivering infostealers rose by 84% year-over-year

Fake Google Emails Are Fooling Gmail Users: Here’s How to Stay Safe

FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE

Fraud expert issues warning to prevent spear phishing scams

Gmail users be warned: New phishing scam uses THIS trick to steal your data

Google OAuth vulnerability exploited in advanced phishing attack

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Hackers Can Now Exploit AI Models via PyTorch – Critical Bug Found

Hawk Eye: Open-source scanner uncovers secrets and PII across platforms

IBM X-Force reports evolving threat landscape amid shifting tactics, marking rise in stealth and identity exploits

Indian businesses face nearly 700 ransomware attacks per day: Kaspersky

Infostealer Attacks Surge 84% Weekly Through Phishing Emails

Israeli social security warns of phishing scam using fake messages, spoofed website

It’s Time to Stop Accepting Losses in Cybersecurity

Japan Warns of Hacked Trading Accounts and Unauthorized Trades

Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts

Kaspersky warns of rising SVG-based phishing attacks

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

Long-Term Cyber Attack Reaches 35 Percent Of Total Incidents In 2024

Massive ongoing US toll fraud underpinned by Chinese smishing kit

Microsoft improving Secure By Design for its products and services

Moscow Court Finds Google Guilty Of Data Breach

Multi-billion-dollar cyberscam industry spreading worldwide, UN says

Native Language Phishing Spreads ResolverRAT to Healthcare

New FOG Ransomware Attack Mimic as DOGE Attacking Organization Via Weaponized Email

New Gmail Phishing Attack Uses Real Google Email to Trick Users

New Phishing Attack Appending Weaponized HTML Files Inside SVG Files

New sophisticate malware SuperCard X targets Androids via NFC relay attacks

NighSpire Stole 30GB Data from France’s Municipality of Ardon, Set to Leak it on 30 April

Nintendo is going after the leaker behind major Pokémon ‘Teraleak’

Nintendo is Trying to Find the Pokemon Teraleak Hacker

Nippon India MF solves cyber attack issue

North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks

Novel Advanced Malware-as-a-Service (MaaS) Platform for Android Used in Phishing Campaign Impersonating Banks

Oracle releases Unbreakable Enterprise Kernel 8 (UEK 8)

Outdated network devices are the hidden backdoors for Cyberattacks

Phishing attacks leveraging HTML code inside SVG files

Ransomware Attacks Cost Banks $6.08 Million on Average, Triggering Downtime and Reputation Damage

RedGolf Hackers Linked to Fortinet Zero-Day Exploits and Cyber Attack Tools

Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Russian bulletproof hosting system targeted by hackers to spread malware

Russian Hackers Target European Diplomats with ‘Wine-Tasting’ Phishing Scams

Security Tools: First, They’re Good, Then They’re Bad

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

Two ways AI hype is worsening the cybersecurity skills crisis

VibeScamming: Hackers Leverage AI to Craft Phishing Schemes and Functional Attack Models

VPNs Driving 25% of Incident Response Cases, Sophos Finds

Warning for Gmail users! Google’s own tools used in major phishing scam

Watch out for ultra-convincing phishing emails from Google & PayPal

Why CISOs are watching the GenAI supply chain shift closely

Yokogawa Recorder Vulnerability Could Let Attackers Hijack Critical Industrial Systems

20/04

APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures

Gmail user? Beware of this sophisticated phishing attack

Google issues urgent warning to Gmail users about phishing attacks from verified emails, says working on fix

Nintendo Files Subpoena To Catch Hacker Behind GameFreak “Teraleak”

Phishers abuse Google OAuth to spoof Google in DKIM replay attack

Ransomware attacks are increasing sharply

State-sponsored hackers embrace ClickFix social engineering tactic

Last Week

Daily News - Abril (13/04 - 19/04) - 16 Semana de 2025