IT Security News Daily Summary 2025-04-09

196 posts were published in the last hour

• 21:32 : Hacker Claims WooCommerce Data Breach, Selling 4m User Records
• 21:32 : Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day
• 21:32 : Wyden blocks Trump’s CISA boss nominee, blames cyber agency for ‘actively hiding info’ about telecom insecurity
• 21:32 : Randall Munroe’s XKCD ‘Decay Chain’
• 21:31 : Emulating the Misleading CatB Ransomware
• 21:31 : BSidesLV24 – Breaking Ground – Operation So-Seki: You Are a Threat Actor. As Yet You Have No Name
• 21:31 : Introduction to the Australian Privacy Principles
• 21:4 : 5 ways to avoid spyware disguised as legit apps – before it’s too late
• 21:4 : How to prevent and protect against ransomware
• 21:4 : Sensitive financial files feared stolen from US bank watchdog
• 20:6 : What are the risks of online gaming for kids
• 20:6 : Researchers Uncover Hacking Tools and Techniques Shared on Russian-Speaking Cybercrime Forums
• 20:6 : Anthropic just launched a $200 version of Claude AI — here’s what you get for the premium price
• 20:5 : IT Security News Hourly Summary 2025-04-09 21h : 9 posts
• 19:31 : 5 simple ways to regain your data privacy online – starting today
• 19:2 : Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’
• 18:34 : Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA
• 18:34 : SideCopy APT Hackers Impersonate Government Officials to Deploy Open-Source XenoRAT Tool
• 18:34 : Spyware Maker NSO Group Is Paving a Path Back Into Trump’s America
• 18:34 : Court document reveals locations of WhatsApp victims targeted by NSO spyware
• 18:34 : Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords
• 18:34 : National Social Security Fund of Morocco Suffers Data Breach
• 18:33 : Patch Tuesday Update – April 2025
• 18:33 : Enhanced Network Security Control: Flow Management with AWS Network Firewall
• 18:5 : Scattered Spider Launches Sophisticated Attacks to Steal Login Credentials and MFA Tokens
• 18:4 : Threat Actors Exploit Messaging Services as Lucrative Cybercrime Platforms
• 18:4 : Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools
• 18:4 : Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI
• 17:32 : North Korean Hackers Use Social Engineering and Python Scripts to Execute Stealthy Commands
• 17:32 : Qraved – 984,519 breached accounts
• 17:32 : VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components
• 17:31 : Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy
• 17:5 : IT Security News Hourly Summary 2025-04-09 18h : 8 posts
• 17:4 : 100,000 WordPress Sites Affected by Administrative User Creation Vulnerability in SureTriggers WordPress Plugin
• 17:4 : Amazon Mulls $15 Billion Warehouse Expansion Plan – Report
• 17:4 : Google’s got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft’s $20B+ security biz
• 17:4 : How cyberattackers exploit domain controllers using ransomware
• 16:32 : Musk’s DOGE Uses AI To Detect Anti-Trump Sentiment In Federal Workers
• 16:32 : New AkiraBot Abuses OpenAI API to Spam Website Contact Forms
• 16:31 : Senator puts hold on Trump’s nominee for CISA director, citing telco security ‘cover up’
• 16:31 : The Growing Danger of Hidden Ransomware Attacks
• 16:8 : Clop targets Kellogg and Medusa Ransomware hits NASCAR
• 16:8 : Hackers Claim Magento Breach via Third-Party, Leak CRM Data of 700K Users
• 16:8 : WhatsApp for Windows vulnerable to attacks. Update now!
• 16:8 : March 2025: Malware Spotlight – FakeUpdates and RansomHub Ransomware Group Dominate Cyber Threats
• 16:8 : Check Point Cloud Firewalls Achieve Industry Best 100% Block Rate and Accuracy: CyberRatings.Org Test Results Confirm
• 16:7 : Exploited Windows zero-day addressed on April Patch Tuesday
• 16:7 : How Patch Management Software Solves the Update Problem
• 16:7 : Best Patch Management Software & Tools 2025
• 16:7 : How to Prioritize Vulnerabilities Effectively: Vulnerability Prioritization Explained
• 16:7 : Cybersecurity And The Patching Paralysis Problem
• 16:7 : Hackers Hiding NFC Carders Behind Apple Pay and Google Wallet
• 16:7 : Microsoft Exchange Admin Center Down Globally
• 16:6 : Adobe Security Update – Patch for Multiple Vulnerabilities Across Products
• 16:6 : Hellcat Ransomware Updated It’s Arsenal to Attack Government, Education, and Energy Sectors
• 16:6 : Windows Active Directory Domain Vulnerability Let Attackers Escalate Privileges
• 16:6 : BSidesLV24 – Breaking Ground – Chrome Cookie Theft On macOS, And How To Prevent It
• 16:6 : Automating AWS Private CA audit reports and certificate expiration alerts
• 15:36 : The Database Kill Chain
• 15:36 : Hospital Equipments Can be Used as Murder Weapons, Swiss Experts Warn
• 15:36 : CISA Highlights Major Vulnerabilities in Critical Infrastructure Systems
• 15:36 : Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
• 15:6 : Microsoft Overtakes Apple As Most Valuable Public Company
• 15:6 : QR code phishing: 14 quishing prevention tips
• 15:6 : Wyden to Hold Up Trump CISA Nominee Over Telecom ‘Cover Up’: Report
• 15:6 : WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit
• 14:34 : Shopware Security Plugin Exposes Systems to SQL Injection Attacks
• 14:34 : Hacker’s Dual Identity: Cybercriminal vs Bug Bounty Hunter
• 14:34 : Payment Fraud on the Rise: How Businesses Are Fighting Back with AI
• 14:34 : Cisco CVE-2024-20439: Exploitation Attempts Target Smart Licensing Utility Backdoor
• 14:34 : Precision-Validated Phishing Elevates Credential Theft Risks
• 14:7 : 5 simple ways to start taking control of your online privacy today
• 14:7 : Google Gemini 2.5 Pro extends on-prem GenAI support
• 14:6 : Attackers Exploits SourceForge Software Hosting Platform to Deliver Malware
• 14:6 : Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home
• 14:5 : IT Security News Hourly Summary 2025-04-09 15h : 25 posts
• 13:33 : How Prompt Attacks Exploit GenAI and How to Fight Back
• 13:33 : 5 Reasons Why You Should Use a Password Manager
• 13:32 : The US Treasury’s OCC disclosed an undetected major email breach for over a year
• 13:32 : Enzoic AD Lite Password Audit Report
• 13:31 : Forescout eyeScope provides organizations with insight into their security posture
• 13:4 : Bitcoin Falls Further, As Trump’s Tariffs Roil Markets
• 13:3 : Data security and identity security themes at RSAC 2025
• 13:3 : New Frontier of GenAI Threats: A Comprehensive Guide to Prompt Attacks
• 13:3 : Gmail End-to-End Email Encryption Explained: A Guide for Enterprise Users
• 13:2 : Okta extends identity security fabric to non-human identities
• 13:2 : WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)
• 13:2 : Ransomware Attacks Hit All-Time High as Payoffs Dwindle
• 12:34 : New Mirai Botnet Variant Exploits TVT DVRs to Gain Admin Control
• 12:34 : HollowQuill Malware Targets Government Agencies Globally Through Weaponized PDF Documents
• 12:33 : Google Cloud Next ’25: New AI chips and agent ecosystem challenge Microsoft and Amazon
• 12:33 : Google Cloud intros AI security agents, unified security platform to consolidate ops, triage, threat intel
• 12:33 : Google’s new Ironwood chip is 24x more powerful than the world’s fastest supercomputer
• 12:33 : How Google’s new Unified Security platform aims to simplify the fight against cyberthreats
• 12:33 : U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog
• 12:33 : New GIFTEDCROOK Stealer Attacking Government Orgs To Steal Sensitive Data
• 12:33 : CISA Warns of Microsoft Windows CLFS Vulnerability Exploited in Wild
• 12:33 : Windows Kerberos Vulnerability Let Attackers Bypass Security Feature & Access Credentials
• 12:32 : 72% of people are worried their data is being misused by the government, and that’s not all…
• 12:32 : Qevlar AI Raises $10 Million for Autonomous Investigation Platform
• 12:32 : Solving the Identity Crisis: Okta Redefines Security in a Machine-Led World
• 12:32 : NIST Deprioritizes Pre-2018 CVEs as Backlog Struggles Continue
• 12:32 : Akamai boosts WAF protections across multiple environments
• 12:32 : New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner
• 12:6 : Google’s got a hot cloud security startup, a new unified platform — and its eye on Microsoft’s $20B+ security biz
• 12:6 : Treasury’s OCC Says Hackers Had Access to 150,000 Emails
• 11:34 : Consistent Security Everywhere: Akamai Makes Leading WAF Technology CDN-Agnostic
• 11:34 : Windows Kerberos Vulnerability Enables Security Feature Bypass
• 11:34 : CISA Alerts on Active Exploitation of CentreStack Hard-Coded Key Vulnerability
• 11:34 : How to Leak to a Journalist
• 11:34 : From $2M to $750M: Phaneesh Murthy’s Blueprint for Exponential Growth in Technology Services
• 11:34 : CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days
• 11:33 : Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots
• 11:5 : Gcore Super Transit Brings Advanced DDoS Protection and Acceleration for Superior Enterprise Security and Speed
• 11:5 : Hellcat Ransomware Upgrades Arsenal to Target Government, Education, and Energy Sectors
• 11:5 : Ransomware Groups Target Organizations to Exfiltrate Data and Blackmail via Leak Site Posts
• 11:5 : Vulnerabilities Patched by Ivanti, VMware, Zoom
• 11:5 : IT Security News Hourly Summary 2025-04-09 12h : 15 posts
• 11:4 : Four Tips for Optimizing Data Backup and Recovery Costs
• 11:4 : RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)
• 11:4 : Three-Quarters of IT Leaders Fear Nation-State AI Cyber Threats
• 10:37 : ISC Stormcast For Wednesday, April 9th, 2025 https://isc.sans.edu/podcastdetail/9400, (Wed, Apr 9th)
• 10:37 : Ofcom Launches First ‘Online Safety Act’ Investigation
• 10:37 : Silicon In Focus Podcast: From Hype to Reality – The Real ROI of AI in Business
• 10:37 : Ransomware Group Actively Exploits Windows CLFS Zero-Day Vulnerability
• 10:36 : Governments identify dozens of Android apps bundled with spyware
• 10:36 : Windows Remote Desktop Service Vulnerability Let Attackers Execute Malicious Code Remotely
• 10:36 : Fortinet Patches Critical FortiSwitch Vulnerability
• 10:36 : The Invisible Data Battle: How AI Became a Cybersec Professional’s Biggest Friend and Foe
• 10:2 : Microsoft Fixes Over 130 CVEs in April Patch Tuesday
• 9:37 : A WinRAR Flaw Could Allow MotW Security Bypass
• 9:37 : US DoJ Disbands Crypto Enforcement Team
• 9:37 : MIWIC25: Michelle Corrigan, Director of Digital Care Hub
• 9:36 : 5000+ Exposed Ivanti Connect Secure Devices Vulnerable to RCE Attacks
• 9:36 : Kibana Security Update – Patch for Vulnerability Leads to Code Injection
• 9:36 : NCSC Warns of MOONSHINE & BADBAZAAR Malware Attacking Mobile Devices Worldwide
• 9:36 : Apache mod_auth_openidc Vulnerability Exposes Protected Content to Unauthenticated Users
• 9:36 : WhatsApp for Windows Exposed to Security Risk Through Spoofing Vulnerability
• 9:36 : CISA Warns of CentreStack’s Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
• 9:36 : PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
• 9:5 : CISA Issues Alert on Active Exploits of Windows CLFS Vulnerability
• 9:5 : Master IT Fundamentals with This CompTIA Certification Prep Bundle
• 9:5 : ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider
• 9:5 : NCSC Warns of Spyware Targeting Chinese and Taiwanese Diaspora
• 8:36 : Master IT Fundamentals With This CompTIA Certification Prep Bundle
• 8:36 : AWS Systems Manager Plugin Vulnerability Let Attackers Execute Arbitrary Code
• 8:36 : CISA Warns of CrushFTP Authentication Bypass Vulnerability Exploited in Attacks
• 8:36 : OpenSSL prepares for a quantum future with 3.5.0 release
• 8:36 : Furl introduces AI-powered remediation platform
• 8:7 : NCSC Issues Alert on MOONSHINE and BADBAZAAR Mobile Malware
• 8:7 : Apache mod_auth_openidc Flaw Lets Unauthenticated Users Access Protected Data
• 8:7 : Cyber Fraud: The Primary Culprit in UK Payment Fraud
• 8:7 : The Cost of Ransomware: Shutdowns & Extortion
• 8:7 : Why Intelligent Continuous Security is the Future of Cyber Defense
• 8:6 : PCI DSS 4.0: Time to Pay Up, Securely
• 8:6 : Fastly DDoS Attack Insights helps reveal and explain the unfolding of a DDoS attack
• 8:6 : Fortinet unveils FortiAI innovations enhancing threat protection and security operations
• 8:6 : Index Engines CyberSense 8.10 strengthens AI-driven cyber resilience
• 8:6 : Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
• 8:5 : IT Security News Hourly Summary 2025-04-09 09h : 9 posts
• 7:34 : Tufin Orchestration Suite R25-1 brings expanded device coverage and boosts cloud security
• 7:34 : New WhatsApp vulnerability, Microsoft patches 125 Windows Vulns, Fake Microsoft Office add-in tools push malware
• 7:34 : Critical Security Updates and Identity Management Insights
• 7:10 : Grandoreiro Strikes Again: Geofenced Phishing Attacks Target LATAM
• 6:34 : Obfuscated Malicious Python Scripts with PyArmor, (Wed, Apr 9th)
• 6:34 : Windows CLFS 0-Day Vulnerability Exploited in the Wild
• 6:34 : Chrome Use-After-Free Vulnerability Enables Remote Code Attacks
• 6:33 : 20 Best Incident Response Tools in 2025
• 6:7 : Hackers breach email systems of OCC to gather intelligence from emails
• 6:6 : The Key Differences Between a Data Breach and a Data Leak
• 6:6 : Top 11 Best SysAdmin Tools in 2025
• 6:6 : Chrome Use After Free Vulnerability Let Attackers Execute Remote Code
• 6:6 : Why CISOs are doubling down on cyber crisis simulations
• 5:38 : Kibana Releases Security Patch to Fix Code Injection Vulnerability
• 5:11 : AWS Systems Manager Plugin Flaw Allows Arbitrary Code Execution
• 5:11 : How Protected Are Your Cloud-Based Secrets?
• 5:11 : Are Your NHIs Truly Secure in the Cloud?
• 5:11 : APTRS: Open-source automated penetration testing reporting system
• 5:10 : Transforming cybersecurity into a strategic business enabler
• 5:5 : IT Security News Hourly Summary 2025-04-09 06h : 3 posts
• 4:33 : AI is challenging the geopolitical status quo
• 4:15 : Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
• 3:33 : Patch Tuesday, April 2025 Edition
• 3:6 : Navigating AI risks and rewards in cybersecurity
• 3:6 : Pharmacist accused of using webcams to spy on women in intimate moments at work, home
• 2:33 : CTEM + CREM: Aligning Your Cybersecurity Strategy
• 2:5 : IT Security News Hourly Summary 2025-04-09 03h : 2 posts
• 0:13 : Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug
• 0:13 : Tough luck, Windows 10 users. No fix yet for ransomware-exploited OS bug
• 23:36 : AI-Powered Phishing Kits: The New Frontier in Social Engineering
• 23:36 : Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824)
• 23:36 : BSidesLV24 – Breaking Ground – JIT Happens: How Instacart Uses AI to Keep Doors Open and Risks Closed
• 23:36 : The Renaissance of NTLM Relay Attacks: Everything You Need to Know
• 23:5 : IT Security News Hourly Summary 2025-04-09 00h : 4 posts
• 22:55 : IT Security News Daily Summary 2025-04-08
• 22:13 : What is sustainability risk management (SRM)?