Key Updates on Attacks, Vulnerabilities, & Data Breaches
Welcome to this week’s Cybersecurity Newsletter, where we provide the latest updates and critical insights from the swiftly changing realm of cybersecurity.This edition focuses on new threats and the evolving landscape of digital defenses.
Key topics include sophisticated ransomware attacks and the growing impact of state-sponsored cyber operations on global security.
We offer an in-depth analysis of these emerging dangers, alongside practical strategies to bolster your organization’s security protocols.
Additionally, we examine how cutting-edge technologies like artificial intelligence (AI), machine learning (ML), and quantum computing are reshaping cybersecurity, acting as both safeguard tools and potential weaknesses that attackers could take advantage of.
The examples discussed include AI-driven phishing tactics, ML-augmented malware, and the capability of quantum computing to dismantle encryption.
.png
)
We also look into how various industries are tackling significant cybersecurity issues, such as securing remote work settings and addressing vulnerabilities in Internet of Things (IoT) devices.
These matters emphasize the necessity of proactive strategies to safeguard digital infrastructure. We will also evaluate recent regulatory changes, such as the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA), which are establishing new standards for data privacy and security to help ensure your compliance efforts stay current.
Stay engaged each week as we explore these intricate subjects and more, equipping you with the essential knowledge needed to stay ahead in the constantly evolving cybersecurity environment.
Cyber Attack
1. Hackers Abuse Node.js to Deliver Stealthy Malware
Attackers are increasingly exploiting Node.js, a popular JavaScript runtime, to deliver sophisticated malware and steal sensitive data. Recent campaigns utilize malvertising, supply chain attacks via npm, and direct script execution to bypass traditional security controls. Threat actors embed malicious code in Node.js executables or npm packages, often blending seamlessly with legitimate applications. Notably, the NodeLoader malware family leverages privilege escalation and obfuscation tactics, making detection difficult.
Read more: cybersecuritynews.com/hackers-abuse-node-js
2. Phishing Campaign Targets Job Seekers with Fake Meta & WhatsApp Offers
A new phishing attack is targeting job seekers using convincing Meta and WhatsApp job portals. The campaign leverages WhatsApp messages and SMS (smishing) to lure victims to fraudulent sites, harvesting credentials and sometimes demanding payments for fake equipment. Attackers use advanced social engineering and AI-generated content to bypass traditional security layers, making these scams harder to detect.
Read more: cybersecuritynews.com/phishing-attack-targeting-job-seekers
3. Hacktivists Turn Sophisticated, Targeting Critical Infrastructure with Ransomware
Hacktivist groups are escalating their tactics, moving beyond DDoS and defacement to target critical infrastructure with ransomware. Pro-Russian collectives and other actors are focusing on energy and water utilities, using advanced techniques like SQL injection, custom PowerShell scripts, and polymorphic ransomware payloads. This marks a significant shift, as hacktivists now wield capabilities once limited to nation-state actors.
Read more: cybersecuritynews.com/hacktivist-turns-more-sophisticated-targeting-critical-infrastructure
4. Hackers Exploiting Windows NTLM Spoofing Vulnerability (CVE-2025-24054)
A critical Windows vulnerability (CVE-2025-24054) is being actively exploited, allowing attackers to leak NTLM hashes and escalate privileges via spoofed SMB authentication requests. The flaw can be triggered by extracting a malicious ZIP archive, requiring minimal user interaction. Despite a patch released in March, targeted attacks against government and private entities are ongoing, emphasizing the need for immediate patching and user awareness.
Read more: cybersecuritynews.com/hackers-exploiting-ntlm-spoofing-vulnerability
5. New Windows TaskManager Vulnerabilities Enable SYSTEM-Level Command Execution
Researchers have uncovered critical vulnerabilities in Windows TaskManager and Task Scheduler (schtasks.exe) that allow attackers to execute commands as SYSTEM, bypassing User Account Control (UAC) and erasing audit logs. By exploiting flaws in task creation and log handling, even low-privileged users can gain full control of affected systems and cover their tracks. These vulnerabilities pose serious risks for privilege escalation and persistent compromise in Windows environments.
Read more: cybersecuritynews.com/windows-taskmanager-vulnerabilities
Cyber Threats
1. Chinese State Hackers Targeting Critical Infrastructure
Chinese state-sponsored groups, including Volt Typhoon and Salt Typhoon, have escalated attacks on critical infrastructure across the US, Europe, and Asia-Pacific. Their tactics involve stealthy “logic bombs” and “Living Off the Land” techniques to preposition for potential wartime disruption, targeting sectors like power grids and telecommunications. Security experts warn of the long-term risks and urge robust monitoring and segmentation defenses.
Read more: Chinese Hackers Attacking Critical Infrastructure to Sabotage Networks
2. $5 SMS Phishing Attack Hits Toll Road Users
A widespread SMS phishing (“smishing”) campaign is impersonating toll payment services in at least eight US states. Victims receive messages about small unpaid tolls, with threats of hefty late fees. Clicking the link leads to a sophisticated phishing flow that harvests personal and credit card details. The campaign remains active, using constantly refreshed domains to evade detection.
Read more: Beware of $5 SMS Phishing Attack Targeting Toll Road Users
3. Hackers Leveraging Microsoft Teams Messages
Cybercriminals are exploiting Microsoft Teams to distribute malware and phishing links, targeting organizations’ internal communications. Attackers use compromised accounts or spoofed messages to trick employees into downloading malicious files or revealing credentials.
Read more: Hackers Leveraging Teams Messages
4. Android Phones Shipped with Pre-installed Malware
A major supply chain attack has been uncovered: new Android devices, especially low-cost models, are shipping with malware disguised as WhatsApp. The malware, embedded during manufacturing, hijacks cryptocurrency wallet addresses and searches for sensitive data, resulting in significant financial theft.
Read more: Android Phones With Pre-installed Malware Mimic as WhatsApp
5. Hackers Exploiting AWS EC2 Metadata Vulnerability
Threat actors are actively exploiting a vulnerability in Amazon EC2 instance metadata services to gain unauthorized access and escalate privileges in cloud environments. Organizations are urged to review their cloud security configurations and apply available mitigations.
Read more: Hackers Exploiting EC2 Instance Metadata Vulnerability
6. Malicious JScript Loader Spotted in Jailbreaked Devices
Researchers have detected a new JScript loader targeting jailbroken devices, enabling attackers to bypass traditional security controls and deploy additional malware payloads.
Read more: Malicious JScript Loader Jailbreaked
7. New PasivRobber Malware Steals Data from macOS
A Chinese spyware suite named “PasivRobber” is targeting macOS systems, especially communication apps like WeChat and QQ. The malware uses advanced obfuscation and persistence techniques to exfiltrate sensitive data and credentials.
Read more: New PasivRobber Malware Steals Data
8. Data Poisoning: The Next Evolution of Ransomware
Security experts warn of a new ransomware trend: data poisoning. Instead of just encrypting files, attackers manipulate and corrupt critical data, making recovery and trust in backups much more difficult for victims.
Read more: Data Poisoning: The Next Evolution of Ransomware
9. Medusa Ransomware Group’s Infrastructure Exposed
Researchers have deanonymized the Medusa ransomware group’s Tor infrastructure by exploiting a vulnerability in their blog platform. This rare breakthrough exposes the group’s real server IP and sheds light on their operations, which have targeted healthcare, education, and manufacturing sectors globally.
Read more: Researchers Deanonymized Medusa Ransomware
Vulnerabilities
1. Apache Roller: Critical Session Management Flaw
A severe vulnerability (CVE-2025-24859) in Apache Roller (versions 1.0.0–6.1.4) allows attackers to maintain unauthorized access even after password changes. The flaw stems from improper session invalidation, leaving all active sessions intact post-credential updates.
Recommendation: Update to version 6.1.5 immediately.
Read more
2. WordPress SureTriggers Plugin: Rapid Exploitation of Critical Flaw
A critical authentication bypass in the SureTriggers plugin (≤1.0.78) was exploited within four hours of public disclosure. Attackers can create admin accounts on vulnerable WordPress sites, risking full site compromise.
Recommendation: Update or disable the plugin until patched.
Read more
3. Windows 11: Privilege Escalation in Mobile Devices Feature
A vulnerability (CVE-2025-24076) in Windows 11’s “Mobile devices” feature lets attackers escalate from a low-privileged user to system administrator in just 300 milliseconds via DLL hijacking.
Recommendation: Apply the March 2025 security update.
Read more
4. Oracle: 378 Vulnerabilities Patched in April 2025 Update
Oracle’s quarterly Critical Patch Update addresses 378 vulnerabilities across its product suite, including 255 remotely exploitable flaws and 40 rated critical (CVSS ≥ 9.0).
Recommendation: Patch all affected Oracle products immediately, prioritizing internet-facing and business-critical systems.
Read more
5. Dell Alienware Command Center: Privilege Escalation Risk
A medium-severity vulnerability (CVE-2025-30100) in Alienware Command Center (pre-6.7.37.0) allows local attackers to escalate privileges.
Recommendation: Update to version 6.7.37.0 or later.
Read more
6. Apple iPhone/iPad: Two Zero-Day Vulnerabilities Exploited
Apple patched two zero-days (CVE-2025-31200 & CVE-2025-31201) in iOS/iPadOS 18.4.1, exploited in highly targeted attacks. One allows code execution via malicious media files; the other bypasses security protections.
Recommendation: Update all eligible devices to iOS/iPadOS 18.4.1.
Read more
7. Cisco Webex: Remote Code Execution via Malicious Meeting Links
A high-severity flaw (CVE-2025-20236) in Cisco Webex App (versions 44.6/44.7) enables code execution if users click weaponized meeting links.
Recommendation: Upgrade to the latest patched version immediately.
Read more
8. SonicWall SMA100: Command Injection Exploited in the Wild
CISA warns of active exploitation of a command injection vulnerability (CVE-2021-20035) in SonicWall SMA100 appliances, enabling remote code execution.
Recommendation: Apply SonicWall’s security patches without delay.
Read more
9. Microsoft: Record High Vulnerabilities
Microsoft vulnerabilities have reached a record high, underlining the need for organizations to maintain robust patch management and monitoring.
Read more
10. Exchange & SharePoint: Critical Flaws Under Active Attack
Attackers are actively exploiting critical vulnerabilities in on-premises Microsoft Exchange and SharePoint servers, using advanced NTLM relay and credential theft techniques for persistent access.
Recommendation: Apply the latest patches, enable AMSI integration, and audit authentication configurations.
Read more
Data breach
1. Hertz Data Breach Exposes Customer Information
Hertz Corporation has confirmed a significant data breach impacting customers of its Hertz, Dollar, and Thrifty brands. Hackers exploited zero-day vulnerabilities in a third-party file transfer platform, gaining unauthorized access to sensitive customer data. Compromised information includes names, contact details, dates of birth, credit card numbers, driver’s license information, and, for some, even Social Security and passport numbers. The breach originated from vulnerabilities in the Cleo Communications platform, with incidents traced back to October and December 2024. In response, Hertz is offering affected customers two years of complimentary identity and dark web monitoring services and has notified law enforcement and regulatory authorities.
Read more: Hertz Data Breach – Customer Personal Information Stolen by Hackers
2. Notorious 4chan Forum Hacked—Internal Data Leaked
The controversial imageboard 4chan suffered a major security breach, resulting in the leak of sensitive internal data. Attackers gained shell access to 4chan’s servers, extracting the complete PHP source code, moderator and administrator contact information, backend admin panels, and database content. The breach has exposed the email addresses of 218 moderators, some tied to .edu and .gov domains, raising concerns over the platform’s anonymity promises. The attack was attributed to outdated technical infrastructure, particularly an obsolete PHP version. A rival forum, Soyjak Party, claimed responsibility, citing long-standing tensions between the communities. 4chan remains intermittently available as administrators work to contain the breach.
Read more: Notorious 4chan Forum Hacked and the Internal Data Leaked
3. Hackers Reveal Exploit Method Behind 4chan Attack
Following the 4chan breach, hackers publicly disclosed the exploit method used to compromise the site. Contrary to initial speculation, the attack did not rely on SQL injection but exploited a flaw in 4chan’s file upload validation. Attackers uploaded malicious PostScript files disguised as PDFs, which were processed by an outdated version of Ghostscript (from 2012) used for thumbnail generation. This allowed them to escalate privileges and gain full server control. The attackers claim to have maintained access for over a year before executing the breach, exposing both technical and personal data. The incident highlights the risks of outdated software and poor file validation practices.
Read more: Hackers Revealed the Exploit Method Used to Hack 4chan Messageboard
Other News
Microsoft Teams Faces File Sharing Outage
On April 15, 2025, Microsoft Teams users experienced a significant outage affecting file-sharing capabilities. The disruption, confirmed by Microsoft, prevented users from sharing files within Teams, with reports of errors accessing files stored in SharePoint. Microsoft is investigating the issue, but no resolution timeline has been announced. As a workaround, users are advised to use OneDrive for file sharing until normal service resumes.
Read more
CISA Steps In to Save CVE Program from Shutdown
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has extended its contract with MITRE Corporation, averting a shutdown of the global Common Vulnerabilities and Exposures (CVE) program that was hours away from losing federal funding. The CVE program is essential for tracking and managing cybersecurity vulnerabilities worldwide. This last-minute intervention ensures continuity, though questions remain about long-term funding and the need for greater independence from single government sponsors.
Read more
Windows 11 24H2 Update Bug Causes BSOD, Emergency Fix Released
Microsoft has confirmed a major bug in the recent Windows 11 24H2 updates, leading to widespread Blue Screen of Death (BSOD) crashes with the “SECURE_KERNEL_ERROR” code. The issue affects updates KB5053598, KB5053656, and KB5055523, causing some systems to crash repeatedly or become unbootable. Microsoft has deployed a Known Issue Rollback (KIR) to mitigate the problem, but users are advised to keep devices connected to the internet and restart PCs for the fix to apply. Enterprise admins must manually update Group Policy settings. A permanent fix is expected in future updates.
Read more
link
