ICYMI: 2025-04-09
Latest Headlines
Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner
Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots
PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
CISA Warns of CentreStack’s Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
Spyware Maker NSO Group Is Paving a Path Back Into Trump’s America
Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools
Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy
Qevlar AI Raises $10 Million for Autonomous Investigation Platform
CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days
Oracle Faces Mounting Criticism as It Notifies Customers of Hack
ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider
Linux USB Audio Driver Vulnerability Let Attackers Execute Arbitrary Code Via Malicious USB Device
VMware Patches Multiple 47 Vulnerabilities VMware Tanzu Greenplum Backup & Components
Windows Active Directory Domain Vulnerability Let Attackers Escalate Privileges
Hellcat Ransomware Updated It’s Arsenal to Attack Government, Education, and Energy Sectors
Adobe Security Update – Patch for Multiple Vulnerabilities Across Products
Hackers Hiding NFC Carders Behind Apple Pay and Google Wallet
Shopware Security Plugin Exposes Systems to SQL Injection Attacks
Attackers Exploits SourceForge Software Hosting Platform to Deliver Malware
Windows Kerberos Vulnerability Let Attackers Bypass Security Features & Access Credentials
Windows 11 tests sharing apps screen and files with Copilot AI
Google takes on Cursor with Firebase Studio, its AI builder for vibe coding
Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials
Windows 11 April update unexpectedly creates new ‘inetpub’ folder
Critical FortiSwitch flaw lets hackers change admin passwords remotely
CentreStack RCE exploited as zero-day to breach file sharing servers
Microsoft: April 2025 updates break Windows Hello on some PCs
Phishing kits now vet victims in real-time before stealing credentials
Police detains Smokeloader malware customers, seizes servers
– MTZ