IT Security News Daily Summary 2025-04-07

198 posts were published in the last hour

• 21:32 : CISA Adds One Known Exploited Vulnerability to Catalog
• 21:31 : Malicious Python Packages Attacking Popular Cryptocurrency Library To Steal Sensitive Data
• 20:38 : Whatsapp-Trick: So checkt ihr, ob euch jemand wirklich in seinen Kontakten hat
• 20:38 : OpenAI testet Kennzeichnung für KI-Bilder – was das für Nutzer bedeuten könnte
• 20:38 : Android 16: So will Google die Installation von Apps deutlich beschleunigen
• 20:38 : Europcar: Kundendaten und Quellcodes gestohlen
• 20:35 : Everest Ransomware Gang’s Leak Site Hacked and Defaced
• 20:35 : Threat Actors Exploit Toll Payment Services in Widespread Hacking Campaign
• 20:35 : Google’s Sec-Gemini v1 Takes on Hackers & Outperforms Rivals by 11%
• 20:35 : U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog
• 20:35 : Threat Actors Weaponize Windows Screensavers Files to Deliver Malware
• 20:35 : That massive GitHub supply chain attack? It all started with a stolen SpotBugs token
• 20:7 : Auto-Color Linux Backdoor: TTPs and Internal Architecture Exposed
• 20:7 : Threat Actors Use VPS Hosting Providers to Deliver Malware and Evade Detection
• 20:7 : ToddyCat Attackers Exploited ESET Command Line Scanner Vulnerability to Conceal Their Tool
• 20:7 : BSidesLV24 – HireGround – Penetration Testing Experience And How To Get It
• 20:5 : IT Security News Hourly Summary 2025-04-07 21h : 6 posts
• 19:36 : PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry
• 19:7 : ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager
• 18:35 : Alleged Scattered Spider SIM-swapper must pay back $13.2M to 59 victims
• 18:10 : Microsoft Security Copilot Gets New Tooling
• 18:9 : Google Rolls Out Simplified End-to-End Encryption for Gmail Enterprise Users
• 18:9 : Oracle Cloud Confirms Second Hack in a Month, Client Log-in Data Stolen
• 18:9 : Fake CAPTCHAs Are the New Trap: Here’s How Hackers Are Using Them to Install Malware
• 18:9 : Massive Data Breach Hits Elon Musk’s X Platform
• 17:37 : Randall Munroe’s XKCD ‘Terror Bird’
• 17:10 : AI Outperformed Elite Red Teams in Creating an Effective Spear Phishing Attack
• 17:9 : News alert: SpyCloud study shows gaps in EDR, antivirus — 66% of malware infections missed
• 17:5 : IT Security News Hourly Summary 2025-04-07 18h : 12 posts
• 16:39 : Anzeige: Grundlagen und Praxiswissen für moderne Netzwerktechnik
• 16:36 : Tech Accelerator: Azure security and AI adoption
• 16:5 : Brothers Behind Rydox Dark Web Market Extradited to US
• 16:5 : Vidar Stealer: Revealing A New Deception Strategy
• 16:4 : Vulnerability Summary for the Week of March 31, 2025
• 15:32 : Google offers AI tool to revolutionize Cybersecurity
• 15:32 : RSA Conference 2025
• 15:32 : Threat Actors Leveraging Toll Payment Services in Massive Hacking Attack
• 15:32 : Threat Actors Leveraging VPS Hosting Providers to Deliver Malware & Evade Detection
• 15:32 : Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign
• 15:7 : UK’s demand for Apple backdoor should not be heard in secret, says court
• 15:7 : Is your phone listening to you? (Lock and Code S06E07)
• 15:7 : Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows
• 15:7 : The AI Alibi Defense: How General-Purpose AI Agents Obscure Criminal Liability
• 14:39 : Midjourney 7 ausprobiert: So schlägt sich die Bild-KI gegen die Konkurrenz von OpenAI und Co.
• 14:39 : Desinformation bei ChatGPT und Co.: “Der Propagandagenerator ist immer einen Schritt voraus”
• 14:39 : Wie groß sind Prominente wirklich? So wollen es Nutzer auf dieser Webseite herausfinden
• 14:39 : Google Gemini Live: So analysiert ihr mit der KI jetzt eure Umgebung
• 14:39 : Elon Musk eher rechts, Grok eher links – und das ist kein Zufall
• 14:39 : Signal-Gate: iPhone-Funktion steckt hinter Einladung von US-Journalist
• 14:36 : Windows Remote Desktop Protocol: Remote to Rogue
• 14:36 : Threat Actors Exploit Fake CAPTCHAs and Cloudflare Turnstile to Distribute LegionLoader
• 14:36 : World Health Day 2025: When Cyber Security Fails, So Does Public Health
• 14:36 : A member of the Scattered Spider cybercrime group pleads guilty
• 14:35 : SpyCloud Research Shows that EDR & Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections
• 14:35 : ToddyCat Hackers Exploit ESET’s Command Line Scanner Vulnerability to Evade Detection
• 14:35 : Everest Ransomware Gang Leak Site Hacked and Defaced
• 14:35 : New Black-Hat Automated Hacking Tool Xanthorox AI Advertised in Hacker Forums
• 14:35 : 20-Year-Old Scattered Spider Hacker Pleads Guilty Of Sophisticated Ransomware Attacks
• 14:35 : UK’s attempt to keep details of Apple ‘backdoor’ case secret… denied
• 14:35 : Chrome to patch decades-old flaw that let sites peek at your history
• 14:35 : ⚡ Weekly Recap: VPN Exploits, Oracle’s Silent Breach, ClickFix Surge and More
• 14:35 : CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks
• 14:35 : Smishing Triad Fuels Surge in Toll Payment Scams in US, UK
• 14:5 : IT Security News Hourly Summary 2025-04-07 15h : 10 posts
• 14:3 : Year in Review: In conversation with the report’s authors
• 14:3 : Threat Actors Use Windows Screensaver Files as Malware Delivery Method
• 14:3 : AI Surpasses Elite Red Teams in Crafting Effective Spear Phishing Attacks
• 14:3 : HellCat, Rey, and Grep Groups Dispute Claims in Orange and HighWire Press Cases
• 14:3 : Why AI-Powered Cyber Security is Essential in a Hyperconnected World
• 14:3 : Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage
• 14:3 : Immuta Data Marketplace enhancements accelerate data provisioning
• 14:3 : ⚡ Weekly Recap: VPN Exploits, Oracle’s Silent Breach, ClickFix Comeback and More
• 13:38 : EDR & Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections – SpyCloud Research
• 13:38 : The controversial case of the threat actor EncryptHub
• 13:38 : EPP vs. EDR [How to Choose the Best Endpoint Protection Platform]
• 13:38 : XDR vs. EDR – A Comparison
• 13:38 : Why Is MDR Better Than EDR: Enhancing Cybersecurity in the Modern World
• 13:38 : Best 8 Admin by Request Alternatives and Competitors
• 13:38 : RunSafe Risk Reduction Analysis offers insights into memory-based CVEs
• 13:38 : ⚡ Weekly Recap: VPN Exploits, Oracle’s Silent Breach, ClickFix Comeback and More
• 13:20 : Prozessoptimierung: Effizienz in der Lieferkette
• 13:20 : XZ-Utils: Schadcode-Lücke in Dekompressor
• 13:17 : DDoS Attack Trends in 2024 Signify That Sophistication Overshadows Size
• 13:17 : SpyCloud Research Shows that Endpoint Detection and Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections
• 13:17 : 20-Year-Old Scattered Spider Hacker Pleads Guilty in Major Ransomware Case
• 13:17 : Tribunal denies UK’s attempt to keep details of Apple ‘backdoor’ case secret
• 13:16 : Toll fee scams are back and heading your way
• 13:16 : The Fastest Way to Secure Your APIs? We’ve Got That Covered with CrowdStrike
• 13:16 : ⚡ Weekly Recap: VPN Exploits, Oracle’s Silent Breach, ClickFix Comeback and More
• 13:16 : Darknet’s Xanthorox AI Offers Customizable Tools for Hackers
• 12:41 : XZ-Utils: Schwachstelle ermöglicht vermutlich Codeschmuggel
• 12:36 : XORsearch: Searching With Regexes, (Mon, Apr 7th)
• 12:36 : Xanthorox AI Surfaces on Dark Web as Full Spectrum Hacking Assistant
• 12:10 : Russland: Zwei Jahre Haft für Cyberangriff auf kritische Infrastruktur
• 12:7 : NEPTUNE RAT Targets Windows Users, Steals Passwords from 270+ Applications
• 12:7 : Someone hacked ransomware gang Everest’s leak site
• 12:7 : Dell PowerProtect Systems Vulnerability Let Remote Attackers Execute Arbitrary Commands
• 12:7 : New Sakura RAT Emerges on GitHub, Successfully Evading AV & EDR Protections
• 12:7 : Lazarus Adds New Malicious npm Packages with Hexadecimal Encoding to Evade Detection
• 12:7 : CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign
• 11:43 : Golem Karrierewelt: Kostenloses Live-Webinar: Microsoft Copilot Administration
• 11:43 : [NEU] [mittel] Red Hat Enterprise Linux: Schwachstelle ermöglicht DoS und Codeausführung
• 11:43 : [UPDATE] [mittel] Python: Schwachstelle ermöglicht Denial of Service
• 11:39 : MediaTek Releases Security Patch to Fix Vulnerabilities in Mobile and IoT Devices
• 11:39 : PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets
• 11:39 : DIRNSA Fired
• 11:39 : NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog
• 11:39 : WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334)
• 11:39 : Security Theater: Vanity Metrics Keep You Busy – and Exposed
• 11:5 : [NEU] [UNGEPATCHT] [mittel] Flowise: Schwachstelle ermöglicht Manipulation von Dateien
• 11:5 : IT Security News Hourly Summary 2025-04-07 12h : 14 posts
• 11:2 : T-Mobile’s data breach settlements are rolling out now – here’s how to see if you qualify
• 10:33 : Hackers launch cyber attacks on British Army, Royal Navy and Office for Nuclear Security
• 10:33 : Cybersecurity Concerns Arising in Generating Ghibli-Style Content
• 10:33 : Germany Pays For Ukraine OneWeb Terminals
• 10:33 : White House Extends TikTok Sale Deadline To June
• 10:33 : Google AI Presents April Fool’s Joke As True
• 10:33 : Tesla’ Software Chief Lau Reportedly To Step Down
• 10:33 : How ToddyCat tried to hide behind AV software
• 10:33 : Suspected Scattered Spider Hacker Pleads Guilty
• 10:33 : Industry Moves for the week of April 7, 2025 – SecurityWeek
• 10:33 : Port of Seattle Says 90,000 People Impacted by Ransomware Attack
• 10:33 : Vodafone Urges UK Cybersecurity Policy Reforms as SME Cyber-Attack Costs Reach £3.4bn
• 10:15 : Packprogramm: Sicherheitslücke in Winrar begünstigt Ausführung von Malware
• 10:15 : [UPDATE] [hoch] Grub2: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
• 10:15 : [UPDATE] [mittel] logrotate: Schwachstelle ermöglicht Denial of Service
• 10:15 : [UPDATE] [hoch] BusyBox: Schwachstelle ermöglicht Codeausführung
• 10:15 : [UPDATE] [mittel] Perl: Mehrere Schwachstellen
• 10:15 : [UPDATE] [mittel] Perl: Schwachstelle ermöglicht Codeausführung
• 10:11 : DeepSeek Breach Yet Again Sheds Light on Dangers of AI
• 10:11 : Government Backs Britain’s First Cyber Seed Fund, Worth £50m
• 9:40 : Packprogramm: Winrar-Lücke erleichtert Ausführung von Schadcode
• 9:40 : [NEU] [niedrig] Red Hat OpenShift (Tempo): Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
• 9:37 : Malicious Python Packages Target Popular Cryptocurrency Library to Steal Sensitive Data
• 9:37 : CISA Releases NICE Workforce Framework Version 2.0.0 Released – What’s New
• 9:37 : Critical pgAdmin Vulnerability Let Attackers Execute Remote Code
• 9:37 : Corporate Layoffs Put Company IP at Risk
• 9:37 : Triada Malware Embedded in Counterfeit Android Devices Poses Global Security Risk
• 9:37 : Google sets new rules to improve internet safety through better website security
• 9:12 : 50,000+ WordPress Sites Vulnerable to Privilege Escalation Attacks
• 9:12 : Lazarus Adds New Malicious npm Using Hexadecimal String Encoding to Evade Detection Systems
• 9:12 : 8 simple ways to teach your friends and family about cybersecurity – before it’s too late
• 9:12 : What native cloud security tools won’t catch
• 9:12 : PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
• 9:12 : Aussie Pension Savers Hit with Wave of Credential Stuffing Attacks
• 8:36 : Google Chrome/Microsoft Edge: Mehrere Schwachstellen
• 8:36 : Vibe-Coding: Was hinter dem Trend steckt und welche Risiken er mit sich bringt
• 8:36 : 5 Dinge, die du diese Woche wissen musst: Die vielen Gesichter des Phishings
• 8:36 : OneUI 8: Wann das nächste Update für Samsung-Smartphones erscheinen könnte
• 8:36 : Versehentlich vernetzt: Wie der Chefredakteur des Atlantic in Trumps Militär-Chat gelandet sein soll
• 8:36 : Sicherheitsupdate: Angreifer können Winrar Schadcode unterschieben
• 8:36 : [UPDATE] [hoch] Zammad: Mehrere Schwachstellen
• 8:36 : [UPDATE] [hoch] Google Chrome/Microsoft Edge: Mehrere Schwachstellen
• 8:33 : Kenya Court Approves $2.4bn Meta Hate Speech Lawsuit
• 8:33 : Meta Terminates Contract With Barcelona-Based Moderators
• 8:32 : Python JSON Logger Vulnerability Enables Remote Code Execution – PoC Released
• 8:32 : Mastering Cybersecurity Incident Communication Part 1: A Proactive Approach
• 8:32 : Information Security Risk Management (ISRM) Boosts Compliance by Undermining Configuration Drift
• 8:32 : EDR-as-a-Service makes the headlines in the cybercrime landscape
• 8:5 : IT Security News Hourly Summary 2025-04-07 09h : 3 posts
• 7:35 : Datenleck: Kundendaten und Quellcode von Europcar abgeflossen
• 7:35 : Intel, TSMC Strike Preliminary Deal On Foundry Venture
• 7:35 : A week in security (March 31 – April 6)
• 7:34 : Symmetry Systems Appoints Dr. Anand Singh as Chief Security and Strategy Officer
• 7:34 : NSA Haugh fired, New WinRAR flaw, ChatGPT fake passport
• 7:12 : Forschungsprojekt für mehr Sicherheit
• 7:12 : Bitdefender GravityZone: Kritische Sicherheitslücke gefährdet Nutzer
• 7:12 : What are the risks of online gaming for kids
• 7:12 : Critical pgAdmin Flaw Allows Remote Code Execution
• 7:12 : Dell PowerProtect Flaw Allows Remote Attackers to Execute Arbitrary Commands
• 7:11 : Sakura RAT Released on GitHub Can Bypass Antivirus and EDR Tools
• 7:11 : Bitdefender GravityZone Console PHP Vulnerability Let Attackers Execute Arbitrary Commands
• 7:11 : N-able Vulnerability Management identifies vulnerabilities across all major operating systems
• 7:11 : Tax Time Accelerates Phishing Attacks and Cybersecurity Expert Falsifies Credentials: Cyber Security Today for April 7, 2025
• 6:9 : 10 Best Kubernetes Container Scanners In 2025
• 6:9 : Top 10 Programming Languages For Cyber Security – 2025
• 6:9 : CISOs battle security platform fatigue
• 5:36 : Bitdefender GravityZone Console PHP Vulnerability Lets Hackers Execute Arbitrary Commands
• 5:36 : The 23andMe Collapse, Signal Gate Fallout
• 5:36 : The shift to identity-first security and why it matters
• 5:13 : NICE Workforce Framework 2.0.0 Released: Everything New and Improved
• 5:13 : Fake Zoom Download Sites Spreading BlackSuit Ransomware, Experts Warn
• 5:5 : IT Security News Hourly Summary 2025-04-07 06h : 1 posts
• 4:36 : 10 Best XDR (Extended Detection & Response) Solutions 2025
• 4:36 : YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection
• 4:14 : Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches
• 4:14 : Achieving Independent Control Over NHIs
• 4:14 : NHI Solutions That Fit Your Budget
• 4:14 : Ensuring Your NHIs Remain Free From Threats
• 4:13 : The rise of compromised LLM attacks
• 3:31 : Asian tech players react to US tariffs with delays, doubts, deal-making
• 2:5 : IT Security News Hourly Summary 2025-04-07 03h : 2 posts
• 1:34 : ISC Stormcast For Monday, April 7th, 2025 https://isc.sans.edu/podcastdetail/9396, (Mon, Apr 7th)
• 1:4 : Clicked on a phishing link? 7 steps to take immediately to protect your accounts
• 0:38 : Signalgate solved? Report claims journalist’s phone number accidentally saved under name of Trump official
• 23:5 : IT Security News Hourly Summary 2025-04-07 00h : 3 posts
• 22:58 : IT Security News Weekly Summary 14
• 22:55 : IT Security News Daily Summary 2025-04-06