Daily News - Abril (06/04 - 12/04) - 15 Semana de 2025

Information & Cyber Security, Privacy and Hacking News --- Daily Updates !! Weekly Resume...

08/04

10 things you should include in your AI policy

11 cyber defense tips to stay secure at work and home

Agentic AI in the SOC - Dawn of Autonomous Alert Triage

Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal

ANY.RUN’s Enhanced Threat Intelligence Feeds With Unique IOC for SOC/DFIR Teams

AWS rolls out ML-KEM to secure TLS from quantum threats

Boards Urged to Follow New Cyber Code of Practice

CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation

CISA Warns of CrushFTP Vulnerability Exploitation in the Wild

Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings

Cyberattacks on water and power utilities threaten public safety

DBS & Bank of China customers’ info extracted in ransomware attack, no log-in details compromised

Excessive agency in LLMs: The growing risk of unchecked autonomy

Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw

Google Patched Android 0-Day Vulnerability Exploited in the Wild

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections

Hackers lurked in Treasury OCC's systems since June 2023 breach

Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges

Kelloggs Data Breach – Hackers Breached the Servers and Stolen Data

Linux 6.15-rc1 Released With Major Driver Update & Perfomance Boost

Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws

Microsoft: Windows CLFS zero-day exploited by ransomware gang

New Mirai botnet behind surge in TVT DVR exploitation

Nissan Leaf Vulnerability Exploited to Gain Control Over the Car Remotely

Observability is security’s way back into the cloud conversation

Phishing, fraud, and the financial sector’s crisis of trust

PoC Exploit Released for Yelp Flaw that Exposes SSH Keys on Ubuntu Systems

UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine

WhatsApp flaw can let attackers run malicious code on Windows PCs

WhatsApp Vulnerability Let Attackers Execute Malicious Code Via Attachments

Why DEI is key for a cyber safe future

Windows 10 KB5055518 update fixes random text when printing

Windows 11 KB5055523 & KB5055528 cumulative updates released

07/04

4 ways to protect business-critical SAP applications

8 simple ways to teach your friends and family about cybersecurity - before it's too late

20-Year-Old Scattered Spider Hacker Pleads Guilty Of Sophisticated Ransomware Attacks

23andMe Data Breach: A Wake-Up Call for Consumer Privacy and Corporate Accountability

AI-powered deepfakes fuel extortion wave in Vietnam

AI Turned My Face Into a Cartoon—Hackers Turned It Into a Weapon

Alleged Data Breach Claims Surface Against Boulanger on Dark Web Forum

Alleged Data Breach Targets Yucatán Government Website

Apple appealing against UK 'back door' order

As many as 200k affected in Europcar data incident

Aussie Pension Savers Hit with Wave of Credential Stuffing Attacks

Australian Organisations Urged to Patch Ivanti Products Amid Exploited RCE Vulnerability

Bitdefender GravityZone Console PHP Vulnerability Let Attackers Execute Arbitrary Commands

Brothers Behind Rydox Dark Web Market Extradited to US

Cargills data breach: Bank warned of security lapses in 2024

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks

CISA Releases NICE Workforce Framework Version 2.0.0 Released – What’s New

CISOs battle security platform fatigue

Critical pgAdmin Vulnerability Let Attackers Execute Remote Code

Darknet's Xanthorox AI Offers Customizable Tools for Hackers

Data breach exposes Australian super fund accounts

DBS, Bank of China Singapore customers' data extracted after printing vendor hit by ransomware attack

DeepSeek Breach Yet Again Sheds Light on Dangers of AI

EDR-as-a-Service makes the headlines in the cybercrime landscape

Ethereum-inspired address poisoning attacks now occurring on bitcoin too

Europe preparing to ‘ease the burden’ of landmark data privacy law

Everest Ransomware Gang Leak Site Hacked and Defaced

Everest ransomware's dark web leak site defaced, now offline

Extremely dangerous malware spreading via YouTube: it comes with a password stealer

Fast Flux is the New Cyber Weapon—And It’s Hard to Stop, Warns CISA

Food giant WK Kellogg discloses data breach linked to Clop ransomware

Google and Facebook’s inaction fuels deepfake fraud

Google fixes Android zero-days exploited in attacks, 60 other flaws

Government Backs Britain’s First Cyber Seed Fund, Worth £50m

How Trump’s tariffs are shaking up the cybersecurity sector

Kellogg discloses data breach, but it's not super cereal

Kent healthcare provider which suffered cyber attack says most issues now resolved

Leak site of ransomware gang Everest has been hacked

Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign

Malicious VSCode extensions infect Windows with cryptominers

MGM Resorts reaches $45 million settlement with FTC over 2023 data breach

New Black-Hat Automated Hacking Tool Xanthorox AI Advertised in Hacker Forums

NIST marks all CVEs prior to Jan. 1, 2018, as ‘deferred’

Pennsylvania Teachers Union Members Sue After Cyberattack Exposes Personal Data

PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks

Port of Seattle notifies 90,000 people about data breach

Security Theater: Vanity Metrics Keep You Busy - and Exposed

Social Media Flooded with Ghibli AI Images—But What Are We Really Feeding the Algorithms?

SpyCloud Research Shows that Endpoint Detection and Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections

T-Mobile's data breach settlements are rolling out now - here's how to see if you qualify

The controversial case of the threat actor EncryptHub

The industry speaks: Identity Management Day 2025

The rise of compromised LLM attacks

The risks of entry-level developers over relying on AI

The shift to identity-first security and why it matters

Threat Actor Claims to Leak 600K Records from Spanish Robinson Database

Twilio denies claims of SendGrid breach amid hacker allegations and data leak

Vodafone Urges UK Cybersecurity Policy Reforms as SME Cyber-Attack Costs Reach £3.4bn

Xanthorox AI Surfaces on Dark Web as Full Spectrum Hacking Assistant

WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334)

YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection

06/04

10 Best Ransomware File Decryptor Tools – 2025

Australian cab service 13cabs reveals a significant customer data breach

Carding tool abusing WooCommerce API downloaded 34K times on PyPI

City of Chattanooga affected by Nationwide Recovery Services data breach

Cyber attack on Mercer County hospital impacted close to 90,000 patients

Cybersecurity company cyan joins forces with Claro in Chile

E-ZPass toll payment texts return in massive phishing wave

Hackers access personal information in Tasmanian Government data breach

Hackers stole payment card details from the City of Lubbock's utility payment portal

Microsoft Strengthens Outlook’s Email Ecosystem to Protect Inboxes

Oracle privately notifies Cloud data breach to customers

Over 200 Million X User Records Exposed in Massive Data Breach: Cybersecurity Alert Issued

Real estate firm Siegel Group confirms a major customer data breach

Record phishing attacks lead cybercrime surge in Türkiye, police detect 60K online fraud cases

Twilio Stock Tumbles On Report Of Data Breach, Company Says 'No Evidence' To Suggest It Happened: Retail Remains Bullish

Urgent need for resilient industrial cybersecurity professionals to defend ICS/OT systems from rising cyber attacks

Semana Anterior

Daily News - Março/Abril (30/03 - 05/04) - 14 Semana de 2025