ICYMI: 2025-04-08
Latest Headlines
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings
UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day
Network Access Vendor Portnox Secures $37.5 Million Investment
Vulnerability Management Firm Spektion Emerges From Stealth With $5 Million in Funding
DNS: The Secret Weapon CISOs May Be Overlooking in the Fight Against Cyberattacks
Aurascape Banks Hefty $50 Million to Mitigate ‘Shadow AI’ Risks
WhatsApp Vulnerability Could Facilitate Remote Code Execution
Windows CLFS Zero-Day Vulnerability Actively Exploited by Ransomware Group
Microsoft Patch Tuesday April 2025 – 121 Vulnerabilities Fixed Including Actively Exploited Zero-Day
Windows Common Log File System 0-Day Vulnerability Exploited in the Wild
New Red Team Technique “RemoteMonologue” Exploits DCOM To Gain NTLM Authentication Remotely
26,000+ Discussions on Dark Web Forums Towards Hacking Financial Organizations
Zoom Workplace Apps Vulnerability Let Attackers Inject Malicious Script
Vidar Stealer With New Deception Technique to Steal Browser Cookies & Stored Credentials
Fortinet Addresses Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products
Fortinet Warns of FortiSwitch Vulnerability Let Attackers Modify Admin Passwords
Fake Microsoft Office add-in tools push malware via SourceForge
Microsoft fixes auth issues on Windows Server, Windows 11 24H2
Microsoft: Windows CLFS zero-day exploited by ransomware gang
Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws
Windows 11 KB5055523 & KB5055528 cumulative updates released
Hackers lurked in Treasury OCC’s systems since June 2023 breach
WhatsApp flaw can let attackers run malicious code on Windows PCs
– MTZ