This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
70 Comments
Tomi Engdahl says:
Telian palvelut romahtivat – Asiantuntija: Toimi näin, jos olet asiakas
https://www.iltalehti.fi/digiuutiset/a/86b61e09-0a82-4c4e-929f-fa86694a8d30
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17344-julkinen-wi-fi-altistaa-hakkereille-silti-miljoonat-ottavat-riskin
Tomi Engdahl says:
https://www.securityweek.com/critical-vulnerability-found-in-canon-printer-drivers/
Tomi Engdahl says:
https://www.securityweek.com/undocumented-remote-access-backdoor-found-in-unitree-go1-robot-dog/
Tomi Engdahl says:
https://www.securityweek.com/hacker-leaks-samsung-customer-data/
Tomi Engdahl says:
https://www.securityweek.com/hackers-attempting-to-exploit-crushftp-vulnerability/
Tomi Engdahl says:
AI bots are devouring web content and taking down sites as they go.
https://arstechnica.com/ai/2025/03/devs-say-ai-crawlers-dominate-traffic-forcing-blocks-on-entire-countries/?utm_source=twitter&utm_medium=social&utm_campaign=dhtwitter&utm_content=app.dashsocial.com%2Flinux-format%2Flibrary%2Fmedia%2F515843056
Tomi Engdahl says:
“Nudify” deepfakes stored unprotected online
https://www.malwarebytes.com/blog/news/2025/04/nudify-deepfakes-stored-unprotected-online?fbclid=IwY2xjawJa8wdleHRuA2FlbQIxMQABHQkum922w3Q6PaDflUP4EZUqVZ4nqh4jMYKGv8V627Ln_Ngi7lUbfeQ9qw_aem_gTPL5lSiWTG2Bml2zqJVlA
Yesterday, we told you about how millions of pictures from specialized dating apps had been stored online without any kind of password protection.
Now it’s the turn of an AI “nudify” service.
A researcher, famous for finding unprotected cloud storage buckets, has uncovered an unprotected AWS bucket belonging to the nudify service.
The rising popularity of these nudify services apparently has caused a selection of companies without any security awareness to hop on the money train. Millions of people use these services to turn normal pictures into nude images, and it only takes a few minutes.
South Korean AI company GenNomis by AI-NOMIS or somebody acting at their behalf stored 93,485 images and json files with a total size of 47.8 GB in a non-password-protected nor encrypted, but publicly exposed database.
The researcher saw numerous pornographic images, including what appeared to be disturbing AI-generated portrayals of very young people. Even though the GenNomis guidelines prohibit explicit images of children and any other illegal activities, the researcher found many of them.
Tomi Engdahl says:
https://www.securityweek.com/ai-giving-rise-of-the-zero-knowledge-threat-actor/
Tomi Engdahl says:
https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/
Tomi Engdahl says:
https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html
Tomi Engdahl says:
K18-materiaalia voinut vuotaa – Kauhea moka koskee jopa 900 000 ihmistä
Satojentuhansien ihmisten käyttämien deittialustojen kuvia säilytettiin suojaamattomina. Joukossa oli myös alastonkuvia.
https://www.iltalehti.fi/digiuutiset/a/48c848d4-f603-4f7a-8459-20d6cea2e03a
Aras Nazarovas löysi deittisovellusten käyttäjien kuvia suojaamattomalta palvelimelta. Otoksia on yhteensä peräti 1,5 miljoonaa kappaletta, ja osa materiaalista on arkaluontoisia sisältäen muun muassa alastomuutta.
Kuvakatastrofi koskee aiheesta uutisoineen BBC:n mukaan palveluita nimeltä Chica, BDSM People, Pink, Brish ja Translove. Niitä käyttää yhteensä jopa 900 000 ihmistä.
Kuka tahansa olisi päässyt katsomaan käyttäjien kuvia pelkällä linkillä. Minkäänlaista salasanaa ei tarvittu.
Eettiseksi hakkeriksi itseään kutsuva Nazarovas ilmoitti havainnostaan kaikkien viiden alustan takana olevalle MAD Mobilelle jo tammikuussa, joka ei kuitenkaan reagoinut mitenkään, ennen kuin BBC otti yritykseen yhteyttä viime viikolla. Yhteydenoton jälkeen se korjasi ongelman nopeasti, mutta ei muutoin kommentoinut tapausta BBC:lle.
Kink and LGBT dating apps exposed 1.5m private user images online
https://www.bbc.com/news/articles/c05m5m5v327o
Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.
Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, and LGBT apps Pink, Brish and Translove.
These services are used by an estimated 800,000 to 900,000 people.
Tomi Engdahl says:
Radio Free Europe/Radio Liberty head Stephen Capus says the US government turned off satellite services that transmit its Russian-language program into Russia — The head of Radio Free Europe/Radio Liberty said on Thursday that the US government had switched off a satellite that transmitted its Russian-language programme into Russia.
https://www.barrons.com/news/radio-free-europe-says-us-cut-off-its-russian-broadcast-c089c9b2
Tomi Engdahl says:
DOGE staffer’s YouTube nickname accidentally revealed his teen hacking activity
Evidence of DOGE staffer’s proud history of hacking quickly deleted, report says.
https://arstechnica.com/tech-policy/2025/04/i-no-longer-hack-paypals-doge-staffers-hacker-past-raises-red-flags/
Tomi Engdahl says:
Five VPN apps in the App Store had links to Chinese military
https://9to5mac.com/2025/04/01/five-vpn-apps-in-the-app-store-had-links-to-chinese-military/
The five apps are:
Turbo VPN
VPN Proxy Master
Thunder VPN
Snap VPN
Signal Secure VPN (not associated with the Signal messaging app)
Tomi Engdahl says:
GitHub expands security tools after 39 million secrets leaked in 2024
https://www.bleepingcomputer.com/news/security/github-expands-security-tools-after-39-million-secrets-leaked-in-2024/
Tomi Engdahl says:
Microsoft takes first step toward passwordless future
https://www.csoonline.com/article/3952036/microsoft-announces-revolution.html
Tomi Engdahl says:
The Trump administration has fired Timothy Haugh, the head of the National Security Agency and Cyber Command, several news publications reported overnight into Friday.
Haugh, a career military official, led the National Security Agency, the U.S.’ main wiretapping and intelligence-gathering agency, for little more than a year after his appointment in February 2024 following his predecessor’s retirement. Haugh also oversaw Cyber Command, a military unit that conducts offensive cyber operations against U.S. adversaries.
Read more from Zack Whittaker on Trump firing the head of the NSA here: https://tcrn.ch/3Rznn3D
#TechCrunch #technews #cybersecurity #NSA #government #Trump
Tomi Engdahl says:
PwC China plans to spin off cyber security arm
Partner-led buyout would improve liquidity and mark strategic pivot away from consulting
https://www.ft.com/content/159f610a-ada5-4f69-b37a-a3d988dc613d?fbclid=IwZXh0bgNhZW0CMTEAAR6dw2hbf-3cV3dp-3tM-2yB1Yaoz-1tnx19Cnxwn9iuSkYIhwKJ0gxgYRja8A_aem_y3A-_HJMHsb4XCAR3-LuJg
Tomi Engdahl says:
Elon Musk readies for ‘public battle’ as EU eyes $1B fine against X over DSA violations. https://link.ie.social/bcAcMY
Tomi Engdahl says:
https://www.theregister.com/2025/04/03/unknown_scanners_probing_juniper_paloalto/
Tomi Engdahl says:
https://www.forbes.com/sites/daveywinder/2025/03/31/fbi-warns-use-2fa-as-time-traveling-hackers-strike/
Tomi Engdahl says:
https://www.theregister.com/2025/03/31/china_disguised_tech_companies_taiwan/
Tomi Engdahl says:
https://www.cybersecuritydive.com/news/cybersecurity-providers-oracle-cloud-breach/743857/
Tomi Engdahl says:
https://cybersecuritynews.com/critical-php-vulnerability-let-hackers-bypass-the-validation/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/north-korean-it-worker-army-expands-operations-in-europe/
Tomi Engdahl says:
https://www.telegraph.co.uk/us/news/2025/04/01/mike-waltz-gmail-government-business-signal-leak/
Tomi Engdahl says:
https://www.axios.com/2025/04/01/mike-waltz-signal-gmail-security
Tomi Engdahl says:
C/side protects websites from third-party script attacks, enhances browser security
https://www.cio.com/video/3952855/c-side-protects-websites-from-third-party-script-attacks-enhances-browser-security.html
Tomi Engdahl says:
https://www.uniladtech.com/science/news/dna-data-23andme-sale-auction-bankrupt-079915-20250401?fbclid=IwY2xjawJgM1ZleHRuA2FlbQIxMQABHhCXoj6T4pHe5YeXAKtV2IihNyvVxVYmIbYbJ4fGIv3PjzU4qRwwH7yuVW6l_aem_3nMB3ExiZSjLjgIM4T6aKw
DNA data from 15,000,000 people goes on sale after popular testing site goes bankrupt
Tomi Engdahl says:
https://www.securityweek.com/oracle-confirms-cloud-hack/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17368-pdf-stae-tuli-suosittu-tapa-hyoekaetae-saehkoepostiin
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17366-uusi-salaus-suojaa-jo-taemaen-paeivaen-kuituyhteyksiae-kvanttikoneilta
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17365-tekoaely-alkaa-valvoa-pohjoismaihin-tulevaa-dataa
Tomi Engdahl says:
Jättiselvitys: Venäjän vakoilulaitteet paljastuivat Britanniassa – ”Sota raivoaa Atlantilla”
Venäjän epäillään viime vuosien aikana vakoilleen Britannian ydinsukellusveneitä kauko-ohjattavien laitteiden avulla.
https://www.iltalehti.fi/ulkomaat/a/a6a11dd8-ba39-43a8-808d-ea7ea6055571
Britannian asevoimat on viime vuosien aikana löytänyt useita Venäjän vakoilulaitteita, joiden tarkoitus on todennäköisesti ollut maan ydinsukellusveneiden vakoileminen, kertoo brittilehti The Sunday Times laajassa selvityksessään.
Rantaan huuhtoutuneiden laitteiden uskotaan hankkineen tietoa Britannian neljästä Vanguard-luokan ydinsukellusveneestä. Yksi sukellusveneistä on aina merellä osana Britannian jatkuvaa meripelotetta.
Britannian asevoimat tulkitsi tiedon laitteiden löytymisestä uhkaksi maan kansalliselle turvallisuudelle eikä siksi julkaissut tietoja löydöksistä aiemmin. The Sunday Times ei samaan syyhyn vedoten paljastanut artikkelissaan esimerkiksi vakoilulaitteiden tarkkoja sijainteja.
Revealed: Russia’s secret war in UK waters
Russian sensors trying to track nuclear submarines have been found in a campaign of ‘greyzone’ warfare that also targets our energy and internet. Even oligarchs’ superyachts are in on it
https://www.thetimes.com/uk/defence/article/russia-secret-war-uk-waters-submarines-dpbzphfx5
Tomi Engdahl says:
Kyberhyökkäys Venäjältä Suomeen
Venäläisen hakkeriryhmän kohteena on muun muassa Osuuspankki.
https://www.iltalehti.fi/digiuutiset/a/481fdb45-7ad4-4acf-91db-3bea97f84047
Venäläismielinen hakkeriryhmä NoName057(16) kertoo hyökkäävänsä parhaillaan useita suomalaisorganisaatioita vastaan.
Ryhmä kertoo viestipalvelu X:ssä hyökkäysten syyksi ”presidentti Alexander Stubbin kehotuksen presidentti Donald Trumpille vaatia Venäjältä ehdotonta tulitaukoa 20. huhtikuuta.”
Tomi Engdahl says:
2,5 miljoonaa ihmistä sai saman epäilyttävän viestin – Näin moni klikkasi linkkiä
Operaatio Kaktus valjasti e-urheilijan ja poliisin valistuskampanjaan.
https://www.iltalehti.fi/digiuutiset/a/735713e0-55d3-481a-90af-a1f390416fb2
Ranskan opetusministeriö on käynnistänyt lapsille ja nuorille suunnatun valistuskampanjan kyberrikollisuuden vaaroista. Ministeriö lähetti oppilaille ja opiskelijoille tekaistun kalasteluviestin sähköpostilla, Cyber News kertoo.
Kampanjaan osallistui 4 700 yläkoulua ja lukiota. Kalasteluviestin sai 2,5 miljoonaa 11–18-vuotiasta oppilasta.
Viestin saaneista yli 210 000 klikkasi koulunsa osoitteeseen saamansa sähköpostin sisältämää haittalinkkiä. Luvattujen piratoitujen ohjelmien sijaan operaatio Kaktuksen verkkosivulla oli valistusvideo kyberturvariskeistä. Videolla lain ja rikosten rajoista kertoivat tunnettu e-urheilija, poliisi ja syyttäjä.
Kampanja alkoi viime vuonna Orleans-Toursissa ja Versaillesissa. Tänä vuonna se laajennettiin valtakunnalliseksi.
French Department of Education sends phishing mail to 2.5 million students
https://cybernews.com/security/french-department-of-education-sends-phishing-mail-to-millions/
Tomi Engdahl says:
Fake CAPTCHAs Are Taking Over the Internet. Here’s How to Spot Them.
https://www.youtube.com/watch?v=PPJQgzF772E
In this video, I break down how scammers are using fake CAPTCHA tests to steal passwords, install malware, and hijack accounts—without you even realizing it. CAPTCHAs were designed to protect us from bots, but now they’re being used against us. Here’s how the scam works, why it’s spreading fast, and how you can avoid falling for it.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17380-androidin-avustin-voi-muuttua-vaaralliseksi-takaoveksi
Tomi Engdahl says:
https://www.securityweek.com/microsoft-patches-125-windows-vulns-including-exploited-clfs-zero-day/
Tomi Engdahl says:
DNS: The Secret Weapon CISOs May Be Overlooking in the Fight Against Cyberattacks
While often relegated to a purely functional role, DNS offers unparalleled opportunities for preemptive defense against cyberattacks.
https://www.securityweek.com/dns-the-secret-weapon-cisos-may-be-overlooking-in-the-fight-against-cyberattacks/
Tomi Engdahl says:
Reuters:
Sources: US officials say DOGE is using AI to surveil at least one federal agency’s communications for anti-Trump talk; a source says DOGE is also using Signal — Trump administration officials have told some U.S. government employees that Elon Musk’s DOGE team of technologists …
Exclusive: Musk’s DOGE using AI to snoop on U.S. federal workers, sources say
https://www.reuters.com/technology/artificial-intelligence/musks-doge-using-ai-snoop-us-federal-workers-sources-say-2025-04-08/
Tomi Engdahl says:
Työntekijä rakensi “kuolleen miehen kytkimen” – Vankeus uhkaa
Ohjelmistokehittäjä pelkäsi työpaikkansa puolesta ja viritteli työnantajansa järjestelmiin virtuaalisen keskisormen valmiiksi ponnahtamaan pystyyn, jos työsuhde päättyisi.
https://www.iltalehti.fi/digiuutiset/a/5b8a09b9-7728-4f8c-b864-215a7168780f
Katkeroituminen työnantajaa kohtaan voi olla herkässä, jos kohtelu tuntuu epäreilulta ja työsuhteen päättyminenkin näyttää todennäköiseltä. Liekö ollut katkeruus vai mikä syynä, mutta yksi amerikkalaismies on nyt tuomittu vahingonteosta entistä työnantajaansa kohtaan, uutisoivat Cleveland.com ja Gizmodo.
Former Eaton Corp. employee found guilty of sabotaging company’s computer systems
https://www.cleveland.com/court-justice/2025/03/former-eaton-corp-employee-found-guilty-of-sabotaging-companys-computer-systems.html
CLEVELAND, Ohio— A jury on Friday found a former Eaton Corp. employee guilty of sabotaging the company’s internal computer systems after his work responsibilities were reduced.
Federal prosecutors said software developer Davis Lu, 55, of Houston, added a “kill switch” that would lock out thousands of users of the company’s software if he was fired.
That happened on Sept. 9, 2019 and caused “hundreds of thousands of dollars in losses” to the company, prosecutors said. Defense attorneys argued that it cost the company less than $5,000.
Lu was found guilty of one count of causing intentional damage to protected computers following a six-day trial in front of U.S. District Court Pamela Barker.
The charge carries a maximum of 10 years in prison. Barker has not yet set a sentencing date.
“Sadly, Davis Lu used his education, experience, and skill to purposely harm and hinder not only his employer and their ability to safely conduct business, but also stifle thousands of users worldwide,” FBI Special Agent in Charge Greg Nelsen said in a statement.
Lu’s attorney, Ian Friedman, said the case will be appealed.
“Although disappointed, we respect the jury’s verdict,”
Eaton hired Lu in 2007. In 2018, the company reduced Lu’s responsibilities and limited his access to their computer systems as part of a company-wide realignment, according to prosecutors.
Lu then installed malicious code on the system that caused crashes and prevented users from being able to log in, prosecutors said.
He also deleted coworker profile files and added other malicious software that he named “hakai,” a Japanese word meaning “destruction,” prosecutors said. He code-named the kill switch “IsDLEnabledinAD,” which prosecutors said was an abbreviation from “Is Davis Lu enabled in Active Directory.”
After he was fired, Lu deleted encrypted data and tried to figure out how to block his co-workers from fixing the issues stemming from the malicious software, prosecutors said.
Tomi Engdahl says:
ChatGPT oppi taidon, jota sen ei olisi tarvinnut oppia
ChatGPT osaa nyt luoda pelottavan aidon näköisiä kuitteja.
https://www.iltalehti.fi/digiuutiset/a/ea022de0-4121-4b38-83cb-0da9627ce80a
Tekoäly-yhtiö OpenAI päivitti hiljattain ChatGPT:n taustalla toimivaa 4o-tekoälymalliaan.
Päivityksen ansiosta ChatGPT on varsin taitava loihtimaan kuvia käyttäjien antaman kehotteen pohjalta. Käyttäjät ovat jo ehtineet innostua muun muassa siitä, että ChatGPT luo pyynnistä Studio Ghibli -animaatiostudion tyylisiä versioita valokuvista.
Kuvanluonnin paraneminen ei ole kuitenkaan yksiselitteisen hyvä asia.
ChatGPT:n haaviin jäävät useimmat laittomuuksia tai muita törkeyksiä pyytävät syötteet.
Techcrunchin mukaan ChatGPT kuitenkin luo kiltisti kuitteja erilaisista ostoista, joita käyttäjä ei ole välttämättä koskaan todellisuudessa tehnyt. Tämä avaa pahantahtoiselle käyttäjälle ovet monenlaisiin huijauksiin.
ChatGPT’s new image generator is really good at faking receipts
https://techcrunch.com/2025/03/31/chatgpts-new-image-generator-is-really-good-at-faking-receipts/
Tomi Engdahl says:
Bloomberg:
Sources: hackers accessed 150K+ emails from ~103 bank regulators from May 2023 to early 2025 at the US Treasury’s OCC, which on February 26 disclosed a breach — – Attackers lurked within OCC email accounts since 2023 — Chinese state hackers previously targeted Treasury files
https://www.bloomberg.com/news/articles/2025-04-08/hackers-spied-on-100-bank-regulators-emails-for-over-a-year
Tomi Engdahl says:
Signalgate solved? Report claims journalist’s phone number accidentally saved under name of Trump official
PLUS: Google re-patches Quick Share flaws; Critical Cisco flaw exploited; WordPress plugin trouble; and more
https://www.theregister.com/2025/04/07/infosec_news_roundup_in_brief/
How did journalist Jeffrey Goldberg’s phone number end up in a Signal group chat? According to The Guardian, US national security adviser Mike Waltz accidentally saved it into the contact file of a campaign staffer who later took a job at the US National Security Council official.
A Sunday report, citing sources familiar with a White House investigation into the matter, claims that during the 2024 US election campaign Goldberg emailed the Trump campaign with questions for a story.
That email reached campaign staffer Brian Hughes, who apparently wanted Waltz – then a surrogate spokesperson for the Trump campaign – to be aware of Goldberg’s inquiries so he could offer informed comment if a story appeared.
Hughes therefore sent Goldberg’s inquiry, which included the journalist’s phone number, to Waltz.
Waltz then reportedly saved Goldberg’s phone number into his contact file for Hughes.
Several months after that exchange, Hughes was working at the National Security Council and Waltz decided to include him in the now-infamous “Houthi PC small group” Signal group he used to discuss a planned attack on Houthi rebels in Yemen.
As a phone number he’d saved for Hughes was actually Goldberg’s phone number, the journalist was invited to the group.
The rest is history: Goldberg reported that Trump administration officials used Signal instead of the US government’s own secure comms channels, putting sensitive info at risk and perhaps violating government records-keeping requirements.
Tomi Engdahl says:
BBC:
Ofcom opens an investigation into a pro-suicide forum, its first using the Online Safety Act; the BBC linked the unnamed forum to 50+ deaths in the UK
First Ofcom probe launched into suicide site exposed by BBC
https://www.bbc.com/news/articles/c24q1n6905mo
A pro-suicide forum is under investigation by the UK’s online regulator – its first using new powers under the Online Safety Act.
The forum, which Ofcom has not named, is understood to be a site BBC News has been investigating for the last three years, linking it to at least 50 deaths in the UK.
The site has tens of thousands of members, including children, and users discuss methods of suicide, sharing instructions about how to buy and use a potentially deadly toxic chemical.
Last month, Ofcom gained powers to take action against sites hosting illegal material.
This first investigation could lead to fines or court orders against those running the forum.
‘Failure to act’ on suicide website linked to 50 UK deaths
https://www.bbc.com/news/uk-67082224
British authorities failed to act on multiple official warnings about a website promoting suicide that has been connected to at least 50 UK deaths, the BBC has found.
The online forum, which we are not naming, is easily accessible to anyone on the open web, including children.
Our investigation has identified multiple warnings to government by coroners and a number of police investigations, but the forum still remains active.
Families of the dead, the youngest just 17, say the failure to act led to more avoidable deaths. They are demanding an inquiry.
They’re speaking out, despite the risks others may find the forum, because they want action now to shut it down and prevent deaths in the future.
Tomi Engdahl says:
Lorenzo Franceschi-Bicchierai / TechCrunch:
The UK, the US, and other governments publish advisories on China-linked spyware families BadBazaar and Moonshine and highlight legitimate-looking Android apps
https://techcrunch.com/2025/04/09/governments-identify-dozens-of-android-apps-bundled-with-spyware/
Tomi Engdahl says:
Liikenne- ja viestintävirasto Traficomin alaisuudessa toimiva Kyberturvallisuuskeskus varoittaa mobiilivarmenteen nimeä härskisti hyödyntävästä tekstiviestihuijauksesta, jonka tarkoituksena on saada uhri luovuttamaan mobiilivarmenteessa käyttämänsä vahvistuskoodi.
https://www.iltalehti.fi/digiuutiset/a/d6889a67-1d7e-439b-9d53-414116c14d61
Tomi Engdahl says:
Treasury’s OCC Says Hackers Had Access to 150,000 Emails
The Office of the Comptroller of the Currency (OCC) has disclosed an email security incident in which 100 accounts were compromised for over a year.
https://www.securityweek.com/treasurys-occ-says-hackers-had-access-to-150000-emails/