IT Security News Daily Summary 2025-04-17

173 posts were published in the last hour

• 21:32 : Google Digital Ad Network Ruled Illegal Monopoly By Judge
• 21:31 : CISA Urges Action on Potential Oracle Cloud Credential Compromise
• 21:31 : CrazyHunter Hacker Group Using Open-Source Tools from GitHub to Attack Organizations
• 21:2 : Announcing AWS Security Reference Architecture Code Examples for Generative AI
• 20:32 : Publisher’s Spotlight: Veriti
• 20:31 : China-linked APT Mustang Panda upgrades tools in its arsenal
• 20:5 : IT Security News Hourly Summary 2025-04-17 21h : 9 posts
• 19:32 : CrazyHunter Hacker Group Exploits Open-Source GitHub Tools to Target Organizations
• 19:32 : Ransomware Attacks Surge 126%, Targeting Consumer Goods and Services Sector
• 19:32 : Microsoft Vulnerabilities Hit Record High With 1,300+ Reported in 2024
• 19:32 : Threat Actors Using Cascading Shadows Attack Chain to Avoid Detection & Complicate Analysis
• 19:32 : Ransomware Attacks Rose by 126% Attacking Consumer Goods & Services Companies
• 19:32 : Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes clearances
• 19:2 : LummaStealer Exploits Windows Utility to Run Remote Code Disguised as .mp4 File
• 19:2 : 43% of Top 100 Enterprise Mobile Apps Expose Sensitive Data to Hackers
• 19:2 : Microsoft Vulnerabilities Reach Record High with Over 1,300 Reported in 2024
• 19:2 : Threat Actors Leverage Cascading Shadows Attack Chain to Evade Detection and Hinder Analysis
• 19:2 : CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution
• 19:2 : Krebs throws himself on the grenade, resigns from SentinelOne after Trump revokes security clearances
• 19:2 : CSP FY: A Magecart Attack That Dodges Policy—and Makes a Joke While Doing It
• 18:32 : Researchers Find CVSS 10.0 Severity RCE Vulnerability in Erlang/OTP SSH
• 18:31 : How to help prevent hotlinking using referer checking, AWS WAF, and Amazon CloudFront
• 18:2 : Care what you share
• 18:2 : Serious Flaw Found in Popular File-Sharing Tool Used by IT Providers
• 17:33 : Qrator Labs Reports Mitigating Year’s Largest DDoS Attack to Date
• 17:33 : ‘No AI Agents are Allowed.’ EU Bans Use of AI Assistants in Virtual Meetings
• 17:33 : Schneider Electric Sage Series
• 17:32 : Schneider Electric Trio Q Licensed Data Radio
• 17:32 : CISA Releases Six Industrial Control Systems Advisories
• 17:32 : Yokogawa Recorder Products
• 17:32 : Schneider Electric ConneXium Network Manager
• 17:32 : Florida draft law mandating encryption backdoors for social media accounts billed ‘dangerous and dumb’
• 17:32 : Hackers Weaponize MMC Script to Deploy MysterySnail RAT Malware
• 17:32 : Top Security Frameworks Used by CISOs in 2025
• 17:32 : The Future of GRC – Integrating ESG, Cyber, and Regulatory Risk
• 17:32 : Why Threat Modeling Should Be Part of Every Security Program
• 17:32 : 43% Top 100 Enterprise-Used Mobile Apps Opens Door for Hackers to Access Sensitive Data
• 17:32 : Time to Migrate from On-Prem to Cloud? What You Need to Know
• 17:5 : IT Security News Hourly Summary 2025-04-17 18h : 17 posts
• 17:2 : US State Dept Closes Office Flagging Russia, China Disinformation
• 17:2 : Age Verification Using Facial Scans
• 16:32 : Apple patches security vulnerabilities in iOS and iPadOS. Update now!
• 16:32 : Your Network Is Showing – Time to Go Stealth
• 16:32 : Microsoft’s Secure by Design journey: One year of success
• 16:3 : Australia mandates reporting of ransomware payments
• 16:3 : Nvidia CEO Jensen Huang Makes Surprise Visit To China
• 16:3 : They’re coming for your data: What are infostealers and how do I stay safe?
• 16:3 : Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks
• 16:3 : Building mobile security awareness training for end users
• 16:3 : Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects
• 16:3 : NTLM Hash Exploit Targets Poland and Romania Days After Patch
• 15:32 : Temu, Shein To Increase US Prices After Trump’s Tariffs
• 15:32 : Former CISA Chief Chris Krebs Targetted By Trump Executive Order
• 15:32 : Mobile Security – Emerging Risks in the BYOD Era
• 15:32 : The Future of Cybersecurity Talent – Trends and Opportunities
• 15:32 : Managing Burnout in the SOC – What CISOs Can Do
• 15:32 : The Hidden Breach: Secrets Leaked Outside the Codebase Pose a Serious Threat
• 15:32 : New Jersey Sues Discord for Allegedly Failing to Protect Children
• 15:32 : LummaStealer Abuses Windows Utility to Execute Remote Code Mimic as .mp4 File
• 15:32 : China Plans to Strengthen Its Cybersecurity Cooperation With Russia
• 15:32 : Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
• 15:2 : BREAKING: CISA Steps In to Keep CVE Services Alive
• 15:2 : US Tariffs May Lead to Chinese Cyberattacks in Retaliation, Experts Warn
• 15:2 : Understanding ACR on Smart TVS and the Reasons to Disable It
• 15:2 : Ransomware Attacks Surge in Q1 2025 as Immutable Backup Emerges as Critical Defense
• 15:2 : Critical Infrastructure at Risk: Why OT-IT Integration is Key to Innovation and Cybersecurity
• 15:2 : Senators Urge Cyber-Threat Sharing Law Extension Before Deadline
• 14:32 : Akamai API Security Enhancements
• 14:32 : Mass Ransomware Campaign Hits S3 Buckets Using Stolen AWS Keys
• 14:5 : IT Security News Hourly Summary 2025-04-17 15h : 3 posts
• 14:2 : Wordfence Intelligence Weekly WordPress Vulnerability Report (April 7, 2025 to April 13, 2025)
• 14:2 : Apple Issues Emergency Security Updates For iPhones and iPads iOS 18.4.1
• 14:2 : The Hidden Downside of a Cloud-only SASE Architecture
• 13:33 : Google Fixed An Old Chrome Flaw That Exposed Browsing History
• 13:33 : Gamaredon’s PteroLNK VBScript Malware Infrastructure and TTPs Uncovered by Researchers
• 13:33 : Weaponized Amazon Gift Cards Used to Steal Microsoft Credentials
• 13:33 : Ghost Ransomware Targets Organizations Across 70+ Countries
• 13:33 : China Plans Expanded Cybersecurity Cooperation with Russia
• 13:32 : Model Context Protocol Flaw Allows Attackers to Compromise Victim Systems
• 13:32 : Network Security at the Edge for AI-ready Enterprise
• 13:32 : Node.js malvertising campaign targets crypto users
• 13:32 : Beware of Weaponized Amazon Gift Cards That Steals Microsoft Credentials
• 13:32 : Security Teams Shrink as Automation Rises—Is This the Future?
• 13:32 : Harvest Ransomware Attack – Details of the Data Breach Released
• 13:32 : How to Prepare for Your Next Cybersecurity Audit
• 13:32 : Ghost Ransomware Breaching Organizations in Over 70+ Countries
• 13:32 : Demystifying Security Posture Management
• 13:32 : How Critical Infrastructure Leaders Are Rethinking Cybersecurity
• 13:32 : The FTC Is Watching: GoDaddy’s Settlement Sends a Clear Message on API Security
• 13:32 : SafeLine Bot Management: Self-hosted alternative to Cloudflare
• 13:31 : Artificial Intelligence – What’s all the fuss?
• 13:31 : State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns
• 12:32 : 3 Security Decisions That Could Make or Break Your Career This Year
• 12:32 : Vulnerabilities Patched in Atlassian, Cisco Products
• 12:32 : Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
• 12:2 : Harvest Ransomware Attack: Stolen Data Now Publicly Disclosed
• 12:2 : Why ‘One Community’ Resonates in Cybersecurity
• 11:32 : Critical Erlang/OTP SSH Vulnerability Allow Hackers Execute Arbitrary Code Remotely
• 11:31 : Blockchain Offers Security Benefits – But Don’t Neglect Your Passwords
• 11:5 : IT Security News Hourly Summary 2025-04-17 12h : 11 posts
• 11:2 : Tesla Whistleblower Wins Legal Ruling Against Elon Musk
• 11:2 : This ‘College Protester’ Isn’t Real. It’s an AI-Powered Undercover Bot for Cops
• 11:2 : Brit soldiers tune radio waves to fry drone swarms for pennies
• 11:2 : CISA Issues Guidance After Oracle Cloud Hack
• 10:32 : Chinese Hacker Group Mustang Panda Bypass EDR Detection With New Hacking Tools
• 10:32 : CISA Warns of SonicWall Command Injection Vulnerability Exploited in Wild
• 10:32 : Google Blocks 5 Billion Malicious Ads & Suspend 700,000+ Offending Advertiser
• 10:32 : Researchers Uncovered Gamaredon’s PteroLNK VBScript Malware Infrastructure & TTP’s
• 10:32 : SonicWall Flags Old Vulnerability as Actively Exploited
• 10:32 : Trump’s Retaliation Against Chris Krebs — and the Cybersecurity Industry’s Deafening Silence
• 10:31 : Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers
• 10:31 : Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
• 10:3 : Unmasking the new XorDDoS controller and infrastructure
• 10:2 : Microsoft Defender For Endpoint Now Isolates Undiscovered Endpoints
• 10:2 : Data-stealing cyberattacks are surging – 7 ways to protect yourself and your business
• 10:2 : Cyber threats against energy sector surge as global tensions mount
• 10:2 : Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
• 10:2 : Identity Attacks Now Comprise a Third of Intrusions
• 9:32 : CISA Warns of Potential Credential Exploits Linked to Oracle Cloud Hack
• 9:32 : Update your iPhone now to patch a CarPlay glitch and two serious security flaws
• 9:32 : U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog
• 9:31 : Apple released emergency updates for actively exploited flaws
• 9:31 : Microsoft Thwarts $4bn in Fraud Attempts
• 9:3 : Critical Flaw in PHP’s extract() Function Enables Arbitrary Code Execution
• 9:3 : Intel Sells 51% Stake in Altera to Silver Lake in $8.75 Billion Deal
• 9:2 : Agent Tesla Malware Uses Multi-Stage Attacks with PowerShell Scripts
• 9:2 : US Senators Push for Stronger Cybercrime and Computer Fraud Legislation
• 9:2 : From PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities
• 9:2 : Mustang Panda Employs Using Weaponized RAR Archives to Install New ToneShell Malware
• 9:2 : Windows 11 24H2 Update Bug Triggers BSOD Error – Emergency Fix Released
• 9:2 : MITRE Hackers’ Backdoor Has Targeted Windows for Years
• 9:2 : CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension
• 8:32 : IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
• 8:32 : Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
• 8:32 : Network Edge Devices the Biggest Entry Point for Attacks on SMBs
• 8:5 : IT Security News Hourly Summary 2025-04-17 09h : 6 posts
• 8:2 : Gurucul introduces self-driving SIEM powered by AI enhancements
• 8:2 : ICO Issues Merseyside-Based Law Firm £60,000 Fine After Cyber-Attack
• 7:32 : MITRE bailout, Krebs exits SentinelOne, Apple fixes zero-days
• 7:3 : Hacker Leaks 33,000 Employee Records in Third-Party API Breach
• 7:2 : Cisco Webex Vulnerability Allows Code Execution via Weaponized Meeting Links
• 7:2 : Symbiotic Security v1 empowers developers to write secure code
• 6:32 : Zoom Video Conferencing App down by DDoS Attack
• 6:32 : Google Removes 5.5 Billion Malicious Ads, Suspends 700,000+ Offending Advertisers
• 6:32 : Ebryx LLMSec protects LLMs and autonomous AI agents in production environments
• 6:2 : CISA Issues Alert on SonicWall Flaw Being Actively Exploited
• 6:2 : CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
• 5:32 : Advanced Log Correlation Techniques For Real-Time Threat Detection
• 5:32 : NetFlow and PCAP Logs Reveal Multi-Stage Attacks In Corporate Networks
• 5:32 : Cisco Webex Vulnerability Lets Hackers Execute Code Through Malicious Meeting Links
• 5:31 : When AI agents go rogue, the fallout hits the enterprise
• 5:5 : IT Security News Hourly Summary 2025-04-17 06h : 1 posts
• 5:2 : Inside PlugValley: How this AI vishing-as-a-service group operates
• 5:2 : Microsoft vulnerabilities: What’s improved, what’s at risk
• 4:32 : Review: Hands-On Industrial Internet of Things
• 4:2 : Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
• 3:2 : Cybersecurity 2025: Training Students for a Quantum-Driven Threat Landscape
• 3:2 : Whistleblower describes DOGE IT dept rampage at America’s labor watchdog
• 3:2 : MITRE CVE Program Uncertainty: Mend.io’s commitment to uninterrupted vulnerability protection
• 3:2 : New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs
• 2:5 : IT Security News Hourly Summary 2025-04-17 03h : 2 posts
• 2:4 : ISC Stormcast For Thursday, April 17th, 2025 https://isc.sans.edu/podcastdetail/9412, (Thu, Apr 17th)
• 1:31 : RedTail, Remnux and Malware Management [Guest Diary], (Wed, Apr 16th)
• 0:31 : 2 Apple Iphone Zero-Day Vulnerabilities Actively Exploited in Extremely Sophisticated Attacks
• 0:31 : Server-Side Phishing Attacks Employees & Member Portals to Steal Login Credentials
• 23:5 : IT Security News Hourly Summary 2025-04-17 00h : 8 posts
• 22:55 : IT Security News Daily Summary 2025-04-16
• 22:31 : Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis
• 22:2 : 2 Apple Zero-Day Vulnerabilities Actively Exploited in “Extremely” Sophisticated iOS Attacks
• 22:2 : Former CISA director Chris Krebs vows to fight back against Trump-ordered federal investigation
• 22:2 : Hi, robot: Half of all internet traffic now automated
• 22:2 : Krebs Exits SentinelOne After Security Clearance Pulled
• 22:2 : Whistleblower: Musk’s DOGE Stole Data, Caused Breach at U.S. Agency