Cyber security news April 2025

This posting is here to collect cyber security news in April 2025.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

64 Comments

  1. Tomi Engdahl says:

    CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days

    CISA has added fresh CentreStack and Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog.

    https://www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/

    Reply
  2. Tomi Engdahl says:

    Vulnerabilities Patched by Ivanti, VMware, Zoom

    Ivanti, VMware, and Zoom released fixes for dozens of vulnerabilities in their products on April 2025 Patch Tuesday.

    https://www.securityweek.com/vulnerabilities-patched-by-ivanti-vmware-zoom/

    Reply
  3. Tomi Engdahl says:

    Oracle Faces Mounting Criticism as It Notifies Customers of Hack

    Oracle is sending out written notifications to customers over the recent hack after it initially appeared to completely deny a data breach.

    https://www.securityweek.com/oracle-faces-mounting-criticism-as-it-notifies-customers-of-hack/

    Reply
  4. Tomi Engdahl says:

    CS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider

    Industrial giants Siemens, Rockwell, Schneider and ABB have released their March 2025 Patch Tuesday ICS security advisories.

    https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-addressed-by-rockwell-abb-siemens-schneider/

    Reply
  5. Tomi Engdahl says:

    Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day

    Patch Tuesday: Microsoft ships urgent cover for another WIndows CLFS vulnerability already exploited in the wild.

    https://www.securityweek.com/microsoft-patches-125-windows-vulns-including-exploited-clfs-zero-day/

    Reply
  6. Tomi Engdahl says:

    Application Security
    GitHub Announces General Availability of Security Campaigns

    GitHub security campaigns make it easier for developers and security teams to collaborate on fixing vulnerabilities in their applications.

    https://www.securityweek.com/github-announces-general-availability-of-security-campaigns/

    Reply
  7. Tomi Engdahl says:

    IoT Security
    Nissan Leaf Hacked for Remote Spying, Physical Takeover

    Researchers find vulnerabilities that can be exploited to remotely take control of a Nissan Leaf’s functions, including physical controls.

    https://www.securityweek.com/nissan-leaf-hacked-for-remote-spying-physical-takeover/

    Reply
  8. Tomi Engdahl says:

    Data Breaches
    Operations of Sensor Giant Sensata Disrupted by Ransomware Attack

    Sensata has informed the SEC that shipping, manufacturing and other operations have been impacted by a ransomware attack.

    https://www.securityweek.com/operations-of-sensor-giant-sensata-disrupted-by-ransomware-attack/

    Reply
  9. Tomi Engdahl says:

    David DiMolfetta / Nextgov/FCW:
    President Trump directs the DOJ to investigate former CISA Director Chris Krebs, who was fired after he contradicted Trump’s baseless 2020 election fraud claims — President Donald Trump signed an executive order Wednesday night directing the Justice Department to investigate former top …

    Trump signs order targeting former CISA head Chris Krebs
    https://www.nextgov.com/people/2025/04/trump-signs-order-targeting-former-cisa-head-chris-krebs/404445/

    Krebs previously led the Cybersecurity and Infrastructure Security Agency and contradicted baseless claims President Donald Trump made in 2020 that the election that year was rigged against him.

    President Donald Trump signed an executive order Wednesday night directing the Justice Department to investigate former top cybersecurity official Chris Krebs and mandating the head of every relevant federal agency revoke his security clearance.

    Krebs, who served as the Cybersecurity and Infrastructure Security Agency’s director in Trump’s first term, made headlines at the end of his tenure for contradicting baseless claims from the president that the 2020 election was stolen from him.

    Krebs said the 2020 election was “the most secure in American history” and that there was “no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.” Trump later called that statement from Krebs “highly inaccurate” without providing evidence, and fired him in a tweet.

    Krebs is currently the chief intelligence and public policy officer at SentinelOne, a cybersecurity firm. The Wednesday order also “suspends any active security clearance held by individuals at entities associated with Krebs, including SentinelOne, pending a review of whether such clearances are consistent with the national interest.”

    The order expands to “all of CISA’s activities over the last [six] years and will identify any instances where Krebs’ or CISA’s conduct appears to be contrary to the administration’s commitment to free speech and ending federal censorship, including whether Krebs’ conduct was contrary to suitability standards for federal employees or involved the unauthorized dissemination of classified information.”

    Reply
  10. Tomi Engdahl says:

    Barbara Ortutay / Associated Press:
    Senate testimony: Sarah Wynn-Williams alleged Meta briefed China on US AI efforts, ignored warnings on China potentially accessing US user data, and more — Former Facebook executive Sarah Wynn-Williams testified before the Senate Judiciary Committee Wednesday, accusing the social media company …

    Former Facebook executive tells Senate committee company undermined US national security with China
    https://apnews.com/article/meta-china-senate-security-00391fd267b8c70c23b22906dc39b503

    Former Facebook executive Sarah Wynn-Williams testified before the Senate Judiciary Committee Wednesday, accusing the social media company of undermining national security and briefing China on U.S. artificial intelligence efforts in order to grow its business there.

    “We are engaged in a high-stakes AI arms race against China. And during my time at Meta, company executives lied about what they were doing with the Chinese Communist Party to employees, shareholders, Congress, and the American public,” Wynn-Williams said in her prepared testimony.

    Her book “Careless People,” an explosive insider account of her time at the social media giant, sold 60,000 copies in its first week and reached the top 10 on Amazon’s best-seller list amid efforts by Meta to discredit the work and stop her from talking about her experiences at the company. Meta used a “campaign of threats and intimidation” to silence the former executive, said Sen. Richard Blumenthal, a Democrat from Connecticut, during the hearing.

    Reply
  11. Tomi Engdahl says:

    Lorenzo Franceschi-Bicchierai / TechCrunch:
    US court document: NSO Group’s Pegasus was used to target 1,223 WhatsApp users in 51 countries in a 2019 attack; Mexico led with 456 victims and India had 100 — NSO Group’s notorious spyware Pegasus was used to target 1,223 WhatsApp users in 51 different countries during a 2019 hacking campaign, according to a new court document.

    Court document reveals locations of WhatsApp victims targeted by NSO spyware
    https://techcrunch.com/2025/04/09/court-document-reveals-locations-of-whatsapp-victims-targeted-by-nso-spyware/

    Reply
  12. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    SentinelLabs: AkiraBot spammers exploited OpenAI’s gpt-4o-mini-based API to create unique messages, bypassing spam filters to target 80K+ sites in four months — Spammers used OpenAI to generate messages that were unique to each recipient, allowing them to bypass spam-detection filters …

    OpenAI helps spammers plaster 80,000 sites with messages that bypassed filters
    Company didn’t notice its chatbot was being abused for (at least) 4 months.
    https://arstechnica.com/security/2025/04/openais-gpt-helps-spammers-send-blast-of-80000-messages-that-bypassed-filters/

    Reply
  13. Tomi Engdahl says:

    Zack Whittaker / TechCrunch:
    Sen. Ron Wyden plans to block the nomination of Sean Plankey to head CISA until the agency releases a 2022 report about security flaws at US telecom companies — Democratic Sen. Ron Wyden has put a hold on the Trump administration’s nomination of Sean Plankey to head the federal government’s …

    Senator puts hold on Trump’s nominee for CISA director, citing telco security ‘cover up’
    https://techcrunch.com/2025/04/09/senator-puts-hold-on-trumps-nominee-for-cisa-director-citing-telco-security-cover-up/

    Reply
  14. Tomi Engdahl says:

    Reuters:
    Analysis: Intel CEO Lip-Bu Tan and his VC firms invested in 600+ Chinese tech companies including 8+ with military ties; a source says he divested the positions — Lip-Bu Tan, the man chosen to lead Intel, the U.S.’s largest chip maker, has invested in hundreds of Chinese tech firms …

    Intel CEO invested in hundreds of Chinese companies, some with military ties
    https://www.reuters.com/technology/intel-ceo-invested-hundreds-chinese-companies-some-with-military-ties-2025-04-10/

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*