ICYMI: 2025-04-04
Latest Headlines
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers
CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware
Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code
Call Records of Millions Exposed by Verizon App Vulnerability
In Other News: Apple Improving Malware Detection, Cybersecurity Funding, Cyber Command Chief Fired
State Bar of Texas Says Personal Information Stolen in Ransomware Attack
US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations
Critical Apache Parquet Vulnerability Leads to Remote Code Execution
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack
CISA Adds Actively Exploits Ivanti Connect Secure Vulnerability in Known Exploited Catalog
Ivanti Connect Secure RCE Vulnerability Actively Exploited in the Wild – Apply Patch Now!
Beware of Weaponized Recruitment Emails that Deliver BeaverTail and Tropidoor Malware
EncryptHub Ransomware Unmasked Using ChatGPT & OPSEC Mistakes
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack
Port of Seattle says ransomware breach impacts 90,000 people
PoisonSeed phishing campaign behind emails with wallet seed phrases
Australian pension funds hit by wave of credential stuffing attacks
Europcar GitLab breach exposes data of up to 200,000 customers
OpenAI’s $20 ChatGPT Plus is now free for students until the end of May
– MTZ