IT Security News Daily Summary 2025-04-08

188 posts were published in the last hour

• 21:34 : Your Ultimate Website QA Checklist
• 21:34 : April 2025 Patch Tuesday Analysis
• 21:34 : Windows CLFS Zero-Day Vulnerability Actively Exploited by Ransomware Group
• 21:4 : Medusa Ransomware Claims NASCAR Breach in Latest Attack
• 20:31 : UK’s Request to Keep Apple Privacy Case Secret Rejected
• 20:31 : Our Privacy Act Lawsuit Against DOGE and OPM: Why a Judge Let It Move Forward
• 20:5 : IT Security News Hourly Summary 2025-04-08 21h : 14 posts
• 19:35 : AI agents raise stakes in identity and access management
• 19:35 : Xanthorox AI: A New Breed of Malicious AI Threat Hits the Darknet
• 19:35 : Don’t open that JPEG in WhatsApp for Windows. It might be an .EXE
• 19:35 : Exploitation of CLFS zero-day leads to ransomware activity
• 19:34 : Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)
• 19:14 : Microsoft April 2025 Patch Tuesday, (Tue, Apr 8th)
• 19:14 : Microsoft Patch Tuesday for April 2025 — Snort rules and prominent vulnerabilities
• 19:13 : Microsoft April 2025 Patch Tuesday: Fixing 121 Vulnerabilities, Including a Critical Zero-Day
• 19:13 : CISA Adds Two Known Exploited Vulnerabilities to Catalog
• 19:13 : Tax deadline threat: QuickBooks phishing scam exploits Google Ads
• 19:13 : Don’t open that JPEG sent to WhatsApp for Windows. It might be an .EXE
• 19:13 : Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day
• 19:13 : Smishing Surge Expected in 2025 Driven by Sophisticated Phishing-as-a-Service Platform
• 19:13 : Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
• 18:32 : WhatsApp for Windows Flaw Could Let Hackers Sneak In Malicious Files
• 18:32 : New GIFTEDCROOK Stealer Targets Government Organizations to Exfiltrate Sensitive Data
• 18:32 : Attackers Exploit SourceForge Platform to Distribute Malware
• 18:32 : Shopware Security Plugin Vulnerability Enables SQL Injection Attacks
• 18:32 : Hackers Conceal NFC Carders Behind Apple Pay and Google Wallet
• 18:32 : Boulanger – 966,924 breached accounts
• 18:31 : Windows Common Log File System 0-Day Vulnerability Exploited in the Wild
• 18:31 : Microsoft Patch Tuesday April 2025 – 121 Vulnerabilities Fixed Including Actively Exploited Zero-Day
• 18:7 : Microsoft April 2024 Patch Tuesday, (Tue, Apr 8th)
• 18:7 : 2024 Annual WordPress Security Report by Wordfence
• 18:7 : Vidar Stealer Uses New Deception Technique to Hijack Browser Cookies and Stored Credentials
• 18:7 : Why delaying software updates could cost you more than you think
• 18:7 : Adobe Calls Urgent Attention to Critical ColdFusion Flaws
• 18:6 : Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity
• 17:32 : 21 Countries Sign Onto Voluntary Pact to Stem the Proliferation of Spyware
• 17:31 : Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings
• 17:31 : Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
• 17:13 : How Meta’s new teen accounts aim to keep your kids safer on Facebook
• 17:13 : Identity Fraud Costs Orgs Average of $7m Annually
• 17:5 : IT Security News Hourly Summary 2025-04-08 18h : 15 posts
• 16:35 : What Is Patch Management? Definition, Process, Benefits, and Best Practices [UPDATED 2025]
• 16:35 : Patch Management vs. Vulnerability Management: A Comparison
• 16:35 : Six Patch Management Best Practices [Updated 2025]
• 16:35 : Patch management: Best practices, implementation, and tools
• 16:34 : Main Types of Patch Management: A Decision-Making Guide
• 16:34 : Fortinet Addresses Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products
• 16:34 : Vidar Stealer With New Deception Technique to Steal Browser Cookies & Stored Credentials
• 16:34 : Zoom Workplace Apps Vulnerability Let Attackers Inject Malicious Script
• 16:34 : 26,000+ Discussions on Dark Web Forums Towards Hacking Financial Organizations
• 16:34 : New Red Team Technique “RemoteMonologue” Exploits DCOM To Gain NTLM Authentication Remotely
• 16:33 : Network Access Vendor Portnox Secures $37.5 Million Investment
• 16:7 : Zoom Workplace Apps Vulnerability Enables Malicious Script Injection Through XSS Flaws
• 16:7 : Google fixes two Android zero-day bugs actively exploited by hackers
• 16:6 : Octane Raises $6.75M for Smart Contract Security Tech
• 16:6 : 6 Cybersecurity Mistakes That Put Businesses at Risk
• 16:6 : Yoojo Exposes Millions of Sensitive Files Due to Misconfigured Database
• 16:6 : Russians Seize Malware-Infected Ukrainian Drones
• 16:6 : Google Releases April Android Update to Address Two Zero-Days
• 15:32 : Cyber Threat emerges from PDF files
• 15:31 : Fortinet Warns of Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products
• 15:31 : WhatsApp fixed a spoofing flaw that could enable Remote Code Execution
• 15:31 : Vulnerability Management Firm Spektion Emerges From Stealth With $5 Million in Funding
• 15:7 : Ivanti Released Security Update With The Fixes for Critical Endpoint Manager RCE Vulnerabilities
• 15:7 : The default TV setting you should turn off ASAP – and why it makes a big difference
• 15:7 : What is a key risk indicator (KRI) and why is it important?
• 15:7 : Morphing Meerkat PhaaS Using DNS Reconnaissance To Generate Phishing Pages Based on Target
• 15:7 : OpenSSL 3.5.0 Released with Support for Post-Quantum Cryptography
• 15:7 : SAP April 2025 Security Update : Critical Code Injection Vulnerabilities Patched
• 15:7 : Developers Beware of Malicious VS Code Extension Apps With Million of Installations
• 15:6 : Fortinet Warns of FortiSwitch Vulnerability Let Attackers Modify Admin Passwords
• 15:6 : Google AI taken for a ride by April Fools’ Day joke
• 15:6 : DNS: The Secret Weapon CISOs May Be Overlooking In the Fight Against Cyberattacks
• 15:6 : NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog
• 14:36 : Identity Management Day Expert Commentary
• 14:36 : What Microsoft Knows About AI Security That Most CISOs Don’t?
• 14:36 : Hacker Claims Oracle Cloud Breach, Threatens to Leak Data
• 14:36 : Malware Campaign Uses Fake CAPTCHAs, Tricks Online Users
• 14:36 : DragonForce Asserts Dominance Over RansomHub Ransomware Network
• 14:36 : Jit launches AI agents to ease AppSec workload
• 14:11 : The Critical Role of Telemetry Pipelines in 2025 and Beyond
• 14:11 : Threat Actor Leaked Data from Major Bulletproof Hosting Medialand
• 14:11 : Google to Patch 23-years Old Chrome Vulnerability That Leaks Browsing History
• 14:11 : NIST Will Mark All CVEs Published Before 01/01/2018 as ‘Deferred’
• 14:11 : Oracle Confirms that Hackers Broke Systems & Stole Client Login Credentials
• 14:11 : Threat Actors May Leverage CI/CD Environments to Gain Access To Restricted Resources
• 14:10 : OpenSSL 3.5 Final Release – Live
• 14:5 : IT Security News Hourly Summary 2025-04-08 15h : 15 posts
• 13:35 : Critical Linux RCE Vulnerability in CUPS ? What We Know and How to Prepare
• 13:34 : CISA Alerts on Actively Exploited CrushFTP Authentication Bypass Vulnerability
• 13:34 : Over 5,000 Ivanti Connect Secure Devices Exposed to RCE Vulnerabilities
• 13:34 : 6 Reasons to Visit Check Point at RSAC 2025
• 13:34 : 100 Days of YARA: Writing Signatures for .NET Malware
• 13:34 : SAP Patches Critical Code Injection Vulnerabilities
• 13:34 : The race to secure the AI/ML supply chain is on — get out front
• 13:34 : 11 cyber defense tips to stay secure at work and home
• 13:7 : HellCat Ransomware Hits 4 Firms using Infostealer-Stolen Jira Credentials
• 13:7 : Threat Actors Exploit CI/CD Environments to Gain Unauthorized Access to Restricted Resources
• 13:7 : Malicious VS Code Extensions with Millions of Installs Put Developers at Risk
• 13:6 : Over 26,000 Dark Web Discussions Focused on Hacking Financial Organizations
• 13:6 : EFF, Civil Society Groups, Academics Call on UK Home Secretary to Address Flawed Data Bill
• 13:6 : Scattered Spider stops the Rickrolls, starts the RAT race
• 13:6 : Aurascape Banks Hefty $50 Million to Mitigate ‘Shadow AI’ Risks
• 12:34 : Researchers demonstrate the UK’s first long-distance ultra-secure communication over a quantum network
• 12:34 : ESET Vulnerability Exploited for Stealthy Malware Execution
• 12:34 : Netskope One DLP On Demand enhances data security capabilities
• 12:14 : NIST Declares Pre-2018 CVEs Will Be Labeled as ‘Deferred’
• 12:14 : Google to Patch 23-Year-Old Chrome Bug That Leaked Browsing History
• 12:14 : SAP April 2025 Update Fixes Critical Code Injection Vulnerabilities
• 12:13 : Oracle Confirms Breach: Hackers Stole Client Login Credentials
• 12:13 : How to Use a VPN: 4 Easy Steps to Get Started
• 12:13 : Google Patched Android 0-Day Vulnerability Exploited in the Wild
• 12:13 : Linux 6.15-rc1 Released With Major Driver Update & Perfomance Boost
• 12:13 : Nissan Leaf Vulnerability Exploited to Gain Control Over the Car Remotely
• 12:13 : Subwiz – New AI-powered Recon Tool to Hunt for Hidden Subdomains
• 12:13 : Google fixes two actively exploited zero-day vulnerabilities in Android
• 12:13 : Corsha Raises $18 Million to Enhance and Extend Machine-to-Machine Security
• 12:13 : Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges
• 11:38 : Arguing Against CALEA
• 11:38 : UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
• 11:38 : Agentic AI in the SOC – Dawn of Autonomous Alert Triage
• 11:38 : CISA Warns of CrushFTP Vulnerability Exploitation in the Wild
• 11:9 : Year in Review: Key vulnerabilities, tools, and shifts in attacker email tactics
• 11:8 : Attackers distributing a miner and the ClipBanker Trojan via SourceForge
• 11:8 : Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk
• 11:8 : The Web application Penetration Testing Tools That Actually Works
• 11:8 : Ontinue empowers organizations to mitigate phishing threats
• 11:5 : IT Security News Hourly Summary 2025-04-08 12h : 13 posts
• 10:35 : CATL ‘In Talks’ For Controlling Stake In Nio’s Power Unit
• 10:35 : China’s YMTC Publishes Memory Patent Applications
• 10:34 : Online Gaming Risks and How to Avoid Them
• 10:34 : Google Releases April 2025 Android Security Patch Addressing Actively Exploited Vulnerabilities
• 10:34 : Everest ransomware group’s Tor leak site offline after a defacement
• 10:34 : Android Update Patches Two Exploited Vulnerabilities
• 10:6 : Vishing: The voice scam you need to know about
• 9:36 : US Power Utilities Receive Massive AI Data Centre Requests
• 9:36 : BYD Launches Luxury Denza EV Brand In Europe
• 9:36 : How CEOs Can Embrace GenAI for Business Growth
• 9:36 : CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
• 9:36 : Boards Urged to Follow New Cyber Code of Practice
• 9:16 : What Business Leaders Need to Know to Prevent Tax Identity Fraud in 2025
• 9:16 : Linux 6.15-rc1 Released: Better Drivers, Faster Performance
• 9:16 : Hackers Abuse Windows .RDP Files to Launch Unauthorized Remote Desktop Sessions
• 9:16 : Morphing Meerkat: A PhaaS Utilizing DNS Reconnaissance to Generate Targeted Phishing Pages
• 9:15 : Threat Actor Leaks Data from Major Bulletproof Hosting Provider Medialand
• 9:15 : Kelloggs Data Breach – Hackers Breached the Servers and Stolen Data
• 9:15 : ANY.RUN’s Enhanced Threat Intelligence Feeds With Unique IOC for SOC/DFIR Teams
• 9:15 : Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks
• 8:34 : Singapore Banks Hit By Ransomware Data Breach
• 8:34 : Microsoft Ends Projects With Wicresoft In China
• 8:33 : Google Patches Actively Exploited Android 0-Day Vulnerability
• 8:33 : Google fixed two actively exploited Android zero-days
• 8:5 : IT Security News Hourly Summary 2025-04-08 09h : 4 posts
• 7:32 : Kellogg’s Servers Breached, Hackers Steal Sensitive Data
• 7:32 : PoC Exploit Released for Yelp Flaw that Exposes SSH Keys on Ubuntu Systems
• 7:31 : Qevlar Raises $14M to Lead the Agentic AI Revolution
• 7:31 : Apple encryption appeal, Xanthorox AI tool, weaponizing CRM
• 7:6 : Can a DDoS Cyber Attack Lead to Political Warfare?
• 7:6 : Xanthorox AI: New Automated Hacking Tool Surfaces on Hacker Forums
• 7:6 : PowerDMARC to showcase email security advancements at RSAC 2025
• 6:34 : Cyber Attacks make UK SMEs loose £3.4 billion a year
• 6:34 : Apollo Router Vulnerability Enables Resource Exhaustion via Optimization Bypass
• 6:11 : WhatsApp for Windows Flaw Allowed Remote Code Execution via File Attachments
• 6:11 : WhatsApp Vulnerability Let Attackers Execute Malicious Code Via Attachments
• 5:32 : PoC Exploit Reveals SSH Key Exposure via Yelp Vulnerability on Ubuntu
• 5:32 : Observability is security’s way back into the cloud conversation
• 5:31 : Phishing, fraud, and the financial sector’s crisis of trust
• 5:31 : Excessive agency in LLMs: The growing risk of unchecked autonomy
• 5:6 : Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
• 5:5 : IT Security News Hourly Summary 2025-04-08 06h : 2 posts
• 4:34 : Cybersecurity jobs available right now: April 8, 2025
• 4:33 : Cyberattacks on water and power utilities threaten public safety
• 3:45 : Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections
• 3:6 : ISC Stormcast For Tuesday, April 8th, 2025 https://isc.sans.edu/podcastdetail/9398, (Tue, Apr 8th)
• 2:34 : BTS #48 – Hardware Hacking Tips & Tricks
• 2:33 : Global Telecommunications Company Secures Critical Networks
• 2:5 : IT Security News Hourly Summary 2025-04-08 03h : 2 posts
• 1:34 : As CISA braces for more cuts, threat intel sharing takes a hit
• 1:34 : Know Before You Go: AppOmni at RSAC 2025
• 0:34 : GTC 2025: AI, Security & The New Blueprint
• 0:34 : Oracle says its cloud was in fact compromised
• 23:15 : Neptune RAT Variant Spreads via YouTube to Steal Windows Passwords
• 23:5 : IT Security News Hourly Summary 2025-04-08 00h : 3 posts
• 22:55 : IT Security News Daily Summary 2025-04-07
• 22:34 : $115 million just poured into this startup that makes engineering 1,000x faster — and Bezos, Altman, and Nvidia are all betting on its success
• 22:34 : Salt Security and CrowdStrike Strengthen Partnership
• 22:34 : AWS completes the 2025 Cyber Essentials Plus certification
• 22:13 : Court Rejects UK Government Bid For Secrecy On Apple Case