Monthly Archives: April 2025

Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense

As the field of artificial intelligence (AI) continues to evolve at a rapid pace, new...

30
Apr
[Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats

How Many Gaps Are Hiding in Your Identity System? It’s not just about logins anymore....

30
Apr
Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool

A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral...

30
Apr
Customer Account Takeovers: The Multi-Billion Dollar Problem You Don’t Know About

Everyone has cybersecurity stories involving family members. Here’s a relatively common one. The conversation usually...

30
Apr
Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks

Cybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that...

30
Apr
RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control

Cybersecurity researchers have revealed that RansomHub’s online infrastructure has “inexplicably” gone offline as of April...

30
Apr
Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code

Meta on Tuesday announced LlamaFirewall, an open-source framework designed to secure artificial intelligence (AI) systems...

30
Apr
Indian Court Orders Action to Block Proton Mail Over AI Deepfake Abuse Allegations

A high court in the Indian state of Karnataka has ordered the blocking of end-to-end...

30
Apr
WhatsApp Launches Private Processing to Enable AI Features While Protecting Message Privacy

Popular messaging app WhatsApp on Tuesday unveiled a new technology called Private Processing to enable...

29
Apr
New Reports Uncover Jailbreaks, Unsafe Code, and Data Theft Risks in Leading AI Systems

Various generative artificial intelligence (GenAI) services have been found vulnerable to two types of jailbreak...

29
Apr
SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients

Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts...

29
Apr
Product Walkthrough: Securing Microsoft Copilot with Reco

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data,...

29
Apr
Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products

Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024,...

29
Apr
Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool

In a new campaign detected in March 2025, senior members of the World Uyghur Congress...

29
Apr
CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws...

29
Apr
âš¡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More

What happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers...

28
Apr
How Breaches Start: Breaking Down 5 Real Vulns

Not every security vulnerability is high risk on its own – but in the hands...

28
Apr
Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

Government and telecommunications sectors in Southeast Asia have become the target of a “sophisticated” campaign...

28
Apr
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors

Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake...

28
Apr
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS...

28
Apr
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying...

27
Apr
ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that...

26
Apr
North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

North Korea-linked threat actors behind the Contagious Interview have set up front companies as a...

25
Apr
Advanced Cryptography: new approaches to data privacy
April 25, 2025

A new NCSC paper discusses the suitability of emerging Advanced Cryptography techniques....

SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web...

25
Apr
Why NHIs Are Security’s Most Dangerous Blind Spot

When we talk about identity in cybersecurity, most people think of usernames, passwords, and the...

25
Apr
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that,...

25
Apr
DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

Cybersecurity researchers are warning about a new malware called DslogdRAT that’s installed following the exploitation...

25
Apr
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Zero-Day and ThreatNeedle Malware

At least six organizations in South Korea have been targeted by the prolific North Korea-linked...

24
Apr
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous...

24
Apr