Cyber security news April 2025

This posting is here to collect cyber security news in April 2025.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

29 Comments

  1. Tomi Engdahl says:

    Telian palvelut romahtivat – Asiantuntija: Toimi näin, jos olet asiakas
    https://www.iltalehti.fi/digiuutiset/a/86b61e09-0a82-4c4e-929f-fa86694a8d30

    Reply
  2. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/17344-julkinen-wi-fi-altistaa-hakkereille-silti-miljoonat-ottavat-riskin

    Reply
  3. Tomi Engdahl says:

    https://www.securityweek.com/critical-vulnerability-found-in-canon-printer-drivers/

    Reply
  4. Tomi Engdahl says:

    https://www.securityweek.com/undocumented-remote-access-backdoor-found-in-unitree-go1-robot-dog/

    Reply
  5. Tomi Engdahl says:

    https://www.securityweek.com/hacker-leaks-samsung-customer-data/

    Reply
  6. Tomi Engdahl says:

    https://www.securityweek.com/hackers-attempting-to-exploit-crushftp-vulnerability/

    Reply
  7. Tomi Engdahl says:

    AI bots are devouring web content and taking down sites as they go.

    https://arstechnica.com/ai/2025/03/devs-say-ai-crawlers-dominate-traffic-forcing-blocks-on-entire-countries/?utm_source=twitter&utm_medium=social&utm_campaign=dhtwitter&utm_content=app.dashsocial.com%2Flinux-format%2Flibrary%2Fmedia%2F515843056

    Reply
  8. Tomi Engdahl says:

    “Nudify” deepfakes stored unprotected online
    https://www.malwarebytes.com/blog/news/2025/04/nudify-deepfakes-stored-unprotected-online?fbclid=IwY2xjawJa8wdleHRuA2FlbQIxMQABHQkum922w3Q6PaDflUP4EZUqVZ4nqh4jMYKGv8V627Ln_Ngi7lUbfeQ9qw_aem_gTPL5lSiWTG2Bml2zqJVlA

    Yesterday, we told you about how millions of pictures from specialized dating apps had been stored online without any kind of password protection.

    Now it’s the turn of an AI “nudify” service.

    A researcher, famous for finding unprotected cloud storage buckets, has uncovered an unprotected AWS bucket belonging to the nudify service.

    The rising popularity of these nudify services apparently has caused a selection of companies without any security awareness to hop on the money train. Millions of people use these services to turn normal pictures into nude images, and it only takes a few minutes.

    South Korean AI company GenNomis by AI-NOMIS or somebody acting at their behalf stored 93,485 images and json files with a total size of 47.8 GB in a non-password-protected nor encrypted, but publicly exposed database.

    The researcher saw numerous pornographic images, including what appeared to be disturbing AI-generated portrayals of very young people. Even though the GenNomis guidelines prohibit explicit images of children and any other illegal activities, the researcher found many of them.

    Reply
  9. Tomi Engdahl says:

    https://www.securityweek.com/ai-giving-rise-of-the-zero-knowledge-threat-actor/

    Reply
  10. Tomi Engdahl says:

    https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/

    Reply
  11. Tomi Engdahl says:

    https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html

    Reply
  12. Tomi Engdahl says:

    K18-materiaalia voinut vuotaa – Kauhea moka koskee jopa 900 000 ihmistä
    Satojentuhansien ihmisten käyttämien deittialustojen kuvia säilytettiin suojaamattomina. Joukossa oli myös alastonkuvia.
    https://www.iltalehti.fi/digiuutiset/a/48c848d4-f603-4f7a-8459-20d6cea2e03a

    Aras Nazarovas löysi deittisovellusten käyttäjien kuvia suojaamattomalta palvelimelta. Otoksia on yhteensä peräti 1,5 miljoonaa kappaletta, ja osa materiaalista on arkaluontoisia sisältäen muun muassa alastomuutta.

    Kuvakatastrofi koskee aiheesta uutisoineen BBC:n mukaan palveluita nimeltä Chica, BDSM People, Pink, Brish ja Translove. Niitä käyttää yhteensä jopa 900 000 ihmistä.

    Kuka tahansa olisi päässyt katsomaan käyttäjien kuvia pelkällä linkillä. Minkäänlaista salasanaa ei tarvittu.

    Eettiseksi hakkeriksi itseään kutsuva Nazarovas ilmoitti havainnostaan kaikkien viiden alustan takana olevalle MAD Mobilelle jo tammikuussa, joka ei kuitenkaan reagoinut mitenkään, ennen kuin BBC otti yritykseen yhteyttä viime viikolla. Yhteydenoton jälkeen se korjasi ongelman nopeasti, mutta ei muutoin kommentoinut tapausta BBC:lle.

    Kink and LGBT dating apps exposed 1.5m private user images online
    https://www.bbc.com/news/articles/c05m5m5v327o

    Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.

    Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, and LGBT apps Pink, Brish and Translove.

    These services are used by an estimated 800,000 to 900,000 people.

    Reply
  13. Tomi Engdahl says:

    Radio Free Europe/Radio Liberty head Stephen Capus says the US government turned off satellite services that transmit its Russian-language program into Russia — The head of Radio Free Europe/Radio Liberty said on Thursday that the US government had switched off a satellite that transmitted its Russian-language programme into Russia.

    https://www.barrons.com/news/radio-free-europe-says-us-cut-off-its-russian-broadcast-c089c9b2

    Reply
  14. Tomi Engdahl says:

    DOGE staffer’s YouTube nickname accidentally revealed his teen hacking activity
    Evidence of DOGE staffer’s proud history of hacking quickly deleted, report says.
    https://arstechnica.com/tech-policy/2025/04/i-no-longer-hack-paypals-doge-staffers-hacker-past-raises-red-flags/

    Reply
  15. Tomi Engdahl says:

    Five VPN apps in the App Store had links to Chinese military
    https://9to5mac.com/2025/04/01/five-vpn-apps-in-the-app-store-had-links-to-chinese-military/

    The five apps are:

    Turbo VPN
    VPN Proxy Master
    Thunder VPN
    Snap VPN
    Signal Secure VPN (not associated with the Signal messaging app)

    Reply
  16. Tomi Engdahl says:

    GitHub expands security tools after 39 million secrets leaked in 2024
    https://www.bleepingcomputer.com/news/security/github-expands-security-tools-after-39-million-secrets-leaked-in-2024/

    Reply
  17. Tomi Engdahl says:

    Microsoft takes first step toward passwordless future
    https://www.csoonline.com/article/3952036/microsoft-announces-revolution.html

    Reply
  18. Tomi Engdahl says:

    The Trump administration has fired Timothy Haugh, the head of the National Security Agency and Cyber Command, several news publications reported overnight into Friday.

    Haugh, a career military official, led the National Security Agency, the U.S.’ main wiretapping and intelligence-gathering agency, for little more than a year after his appointment in February 2024 following his predecessor’s retirement. Haugh also oversaw Cyber Command, a military unit that conducts offensive cyber operations against U.S. adversaries.

    Read more from Zack Whittaker on Trump firing the head of the NSA here: https://tcrn.ch/3Rznn3D

    #TechCrunch #technews #cybersecurity #NSA #government #Trump

    Reply
  19. Tomi Engdahl says:

    PwC China plans to spin off cyber security arm
    Partner-led buyout would improve liquidity and mark strategic pivot away from consulting
    https://www.ft.com/content/159f610a-ada5-4f69-b37a-a3d988dc613d?fbclid=IwZXh0bgNhZW0CMTEAAR6dw2hbf-3cV3dp-3tM-2yB1Yaoz-1tnx19Cnxwn9iuSkYIhwKJ0gxgYRja8A_aem_y3A-_HJMHsb4XCAR3-LuJg

    Reply
  20. Tomi Engdahl says:

    Elon Musk readies for ‘public battle’ as EU eyes $1B fine against X over DSA violations. https://link.ie.social/bcAcMY

    Reply
  21. Tomi Engdahl says:

    https://www.theregister.com/2025/04/03/unknown_scanners_probing_juniper_paloalto/

    Reply
  22. Tomi Engdahl says:

    https://www.forbes.com/sites/daveywinder/2025/03/31/fbi-warns-use-2fa-as-time-traveling-hackers-strike/

    Reply
  23. Tomi Engdahl says:

    https://www.theregister.com/2025/03/31/china_disguised_tech_companies_taiwan/

    Reply
  24. Tomi Engdahl says:

    https://www.cybersecuritydive.com/news/cybersecurity-providers-oracle-cloud-breach/743857/

    Reply
  25. Tomi Engdahl says:

    https://cybersecuritynews.com/critical-php-vulnerability-let-hackers-bypass-the-validation/

    Reply
  26. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/security/north-korean-it-worker-army-expands-operations-in-europe/

    Reply
  27. Tomi Engdahl says:

    https://www.telegraph.co.uk/us/news/2025/04/01/mike-waltz-gmail-government-business-signal-leak/

    Reply
  28. Tomi Engdahl says:

    https://www.axios.com/2025/04/01/mike-waltz-signal-gmail-security

    Reply
  29. Tomi Engdahl says:

    C/side protects websites from third-party script attacks, enhances browser security
    https://www.cio.com/video/3952855/c-side-protects-websites-from-third-party-script-attacks-enhances-browser-security.html

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*