This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
112 Comments
Tomi Engdahl says:
CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days
CISA has added fresh CentreStack and Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog.
https://www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/
Tomi Engdahl says:
Vulnerabilities Patched by Ivanti, VMware, Zoom
Ivanti, VMware, and Zoom released fixes for dozens of vulnerabilities in their products on April 2025 Patch Tuesday.
https://www.securityweek.com/vulnerabilities-patched-by-ivanti-vmware-zoom/
Tomi Engdahl says:
Oracle Faces Mounting Criticism as It Notifies Customers of Hack
Oracle is sending out written notifications to customers over the recent hack after it initially appeared to completely deny a data breach.
https://www.securityweek.com/oracle-faces-mounting-criticism-as-it-notifies-customers-of-hack/
Tomi Engdahl says:
CS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider
Industrial giants Siemens, Rockwell, Schneider and ABB have released their March 2025 Patch Tuesday ICS security advisories.
https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-addressed-by-rockwell-abb-siemens-schneider/
Tomi Engdahl says:
Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day
Patch Tuesday: Microsoft ships urgent cover for another WIndows CLFS vulnerability already exploited in the wild.
https://www.securityweek.com/microsoft-patches-125-windows-vulns-including-exploited-clfs-zero-day/
Tomi Engdahl says:
Application Security
GitHub Announces General Availability of Security Campaigns
GitHub security campaigns make it easier for developers and security teams to collaborate on fixing vulnerabilities in their applications.
https://www.securityweek.com/github-announces-general-availability-of-security-campaigns/
Tomi Engdahl says:
IoT Security
Nissan Leaf Hacked for Remote Spying, Physical Takeover
Researchers find vulnerabilities that can be exploited to remotely take control of a Nissan Leaf’s functions, including physical controls.
https://www.securityweek.com/nissan-leaf-hacked-for-remote-spying-physical-takeover/
Tomi Engdahl says:
Data Breaches
Operations of Sensor Giant Sensata Disrupted by Ransomware Attack
Sensata has informed the SEC that shipping, manufacturing and other operations have been impacted by a ransomware attack.
https://www.securityweek.com/operations-of-sensor-giant-sensata-disrupted-by-ransomware-attack/
Tomi Engdahl says:
David DiMolfetta / Nextgov/FCW:
President Trump directs the DOJ to investigate former CISA Director Chris Krebs, who was fired after he contradicted Trump’s baseless 2020 election fraud claims — President Donald Trump signed an executive order Wednesday night directing the Justice Department to investigate former top …
Trump signs order targeting former CISA head Chris Krebs
https://www.nextgov.com/people/2025/04/trump-signs-order-targeting-former-cisa-head-chris-krebs/404445/
Krebs previously led the Cybersecurity and Infrastructure Security Agency and contradicted baseless claims President Donald Trump made in 2020 that the election that year was rigged against him.
President Donald Trump signed an executive order Wednesday night directing the Justice Department to investigate former top cybersecurity official Chris Krebs and mandating the head of every relevant federal agency revoke his security clearance.
Krebs, who served as the Cybersecurity and Infrastructure Security Agency’s director in Trump’s first term, made headlines at the end of his tenure for contradicting baseless claims from the president that the 2020 election was stolen from him.
Krebs said the 2020 election was “the most secure in American history” and that there was “no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.” Trump later called that statement from Krebs “highly inaccurate” without providing evidence, and fired him in a tweet.
Krebs is currently the chief intelligence and public policy officer at SentinelOne, a cybersecurity firm. The Wednesday order also “suspends any active security clearance held by individuals at entities associated with Krebs, including SentinelOne, pending a review of whether such clearances are consistent with the national interest.”
The order expands to “all of CISA’s activities over the last [six] years and will identify any instances where Krebs’ or CISA’s conduct appears to be contrary to the administration’s commitment to free speech and ending federal censorship, including whether Krebs’ conduct was contrary to suitability standards for federal employees or involved the unauthorized dissemination of classified information.”
Tomi Engdahl says:
Barbara Ortutay / Associated Press:
Senate testimony: Sarah Wynn-Williams alleged Meta briefed China on US AI efforts, ignored warnings on China potentially accessing US user data, and more — Former Facebook executive Sarah Wynn-Williams testified before the Senate Judiciary Committee Wednesday, accusing the social media company …
Former Facebook executive tells Senate committee company undermined US national security with China
https://apnews.com/article/meta-china-senate-security-00391fd267b8c70c23b22906dc39b503
Former Facebook executive Sarah Wynn-Williams testified before the Senate Judiciary Committee Wednesday, accusing the social media company of undermining national security and briefing China on U.S. artificial intelligence efforts in order to grow its business there.
“We are engaged in a high-stakes AI arms race against China. And during my time at Meta, company executives lied about what they were doing with the Chinese Communist Party to employees, shareholders, Congress, and the American public,” Wynn-Williams said in her prepared testimony.
Her book “Careless People,” an explosive insider account of her time at the social media giant, sold 60,000 copies in its first week and reached the top 10 on Amazon’s best-seller list amid efforts by Meta to discredit the work and stop her from talking about her experiences at the company. Meta used a “campaign of threats and intimidation” to silence the former executive, said Sen. Richard Blumenthal, a Democrat from Connecticut, during the hearing.
Tomi Engdahl says:
Lorenzo Franceschi-Bicchierai / TechCrunch:
US court document: NSO Group’s Pegasus was used to target 1,223 WhatsApp users in 51 countries in a 2019 attack; Mexico led with 456 victims and India had 100 — NSO Group’s notorious spyware Pegasus was used to target 1,223 WhatsApp users in 51 different countries during a 2019 hacking campaign, according to a new court document.
Court document reveals locations of WhatsApp victims targeted by NSO spyware
https://techcrunch.com/2025/04/09/court-document-reveals-locations-of-whatsapp-victims-targeted-by-nso-spyware/
Tomi Engdahl says:
Dan Goodin / Ars Technica:
SentinelLabs: AkiraBot spammers exploited OpenAI’s gpt-4o-mini-based API to create unique messages, bypassing spam filters to target 80K+ sites in four months — Spammers used OpenAI to generate messages that were unique to each recipient, allowing them to bypass spam-detection filters …
OpenAI helps spammers plaster 80,000 sites with messages that bypassed filters
Company didn’t notice its chatbot was being abused for (at least) 4 months.
https://arstechnica.com/security/2025/04/openais-gpt-helps-spammers-send-blast-of-80000-messages-that-bypassed-filters/
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
Sen. Ron Wyden plans to block the nomination of Sean Plankey to head CISA until the agency releases a 2022 report about security flaws at US telecom companies — Democratic Sen. Ron Wyden has put a hold on the Trump administration’s nomination of Sean Plankey to head the federal government’s …
Senator puts hold on Trump’s nominee for CISA director, citing telco security ‘cover up’
https://techcrunch.com/2025/04/09/senator-puts-hold-on-trumps-nominee-for-cisa-director-citing-telco-security-cover-up/
Tomi Engdahl says:
Reuters:
Analysis: Intel CEO Lip-Bu Tan and his VC firms invested in 600+ Chinese tech companies including 8+ with military ties; a source says he divested the positions — Lip-Bu Tan, the man chosen to lead Intel, the U.S.’s largest chip maker, has invested in hundreds of Chinese tech firms …
Intel CEO invested in hundreds of Chinese companies, some with military ties
https://www.reuters.com/technology/intel-ceo-invested-hundreds-chinese-companies-some-with-military-ties-2025-04-10/
Tomi Engdahl says:
Sulje selain välittömästi, jos kohtaat tällaisen sivuston
Verkkotunnuksesta kannattaa tarkistaa muutakin kuin sen pääte, muistuttaa viranomainen.
https://www.iltalehti.fi/digiuutiset/a/963d788a-daa7-493f-b6b7-5d6d77453cec
Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus varoittaa viikkokatsauksessaan petollisista sivustoista.
Vaikka suomalaiset .fi-päätteiset verkkosivustot koetaan usein turvallisiksi, ei pelkkä pääte takaa sitä, ettei kyseessä ole huijaussivusto. Petollisista .fi-verkkotunnuksista on tehty Kyberturvallisuuskeskuselle viime aikoina useita ilmoituksia.
Tyypillisesti .fi-verkkotunnuksen varjolla kalastellaan esimerkiksi pankkitunnuksia. Viranomaisen mukaan tällaisia huijaussivustoja on havaittu viime aikoina muun muassa Patentti- ja rekisterihallituksen, Verohallinnon tulorekisterin sekä pankkien nimissä.
– Kyse ei ole näiden organisaatioiden omista verkkosivuista, vaan niitä muistuttavista huijaussivustoista, jotka käyttävät .fi-päätettä luottamuksen herättämiseksi, Kyberturvallisuuskeskuksesta kerrotaan.
”Kannattaa sulkea selain välittömästi”
Viranomainen kehottaa tarkistamaan verkkosivuston koko osoitteen huolellisesti, sillä pelkkä .fi-pääte ei takaa sen turvallisuutta.
– Samaa verkko-osoitetta ei voi rekisteröidä kuin yhdelle toimijalle, joten rikolliset rekisteröivät usein osoitteita, jotka muistuttavat alkuperäisiä, mutta sisältävät pieniä muutoksia, kuten väärin kirjoitettuja sanoja, lisättyjä merkkejä tai väliviivoja.
Huomiota on hyvä kiinnittää myös sivuston ulkoasuun. Kielioppi- tai kirjoitusvirheet ja sekava tai karsittu ulkoasu ovat selkeitä varoitusmerkkejä.
Tomi Engdahl says:
Reuters:
The cybersecurity industry is quiet after Trump canceled SentinelOne’s security clearances on April 9 for hiring Chris Krebs; SentinelOne says it will cooperate — The cybersecurity industry has gone mostly quiet after President Donald Trump took action against one of its prominent members.
Cybersecurity industry falls silent as Trump turns ire on SentinelOne
https://www.reuters.com/world/us/cybersecurity-industry-falls-silent-trump-turns-ire-sentinelone-2025-04-10/
WASHINGTON, April 10 (Reuters) – The cybersecurity industry has gone mostly quiet after President Donald Trump took action against one of its prominent members.
Trump on Wednesday ordered the cancellation of security clearances of SentinelOne (S.N)
, opens new tab executives and employees, part of a campaign to use the might of the U.S. government to crush his political opponents.
SentinelOne’s offense was hiring former Trump appointee Chris Krebs as chief intelligence and public policy officer. Krebs served as the first director of the Cybersecurity and Infrastructure Security Agency, the U.S. civilian cyber defense agency, but he enraged Trump in November 2020 by refusing to endorse the bogus claim that Democrat Joe Biden stole the presidential election. The move led to Trump firing him over Twitter.
Tomi Engdahl says:
Vikki Blake / GamesIndustry.biz:
The UK’s home secretary criticizes Steam for hosting No Mercy, a game with sexual violence, rape, and incest; Steam removed it in the UK, Australia, and Canada — UPDATE: The game has been removed from Steam in the UK, Australia, and Canada — CW: This story contains references …
UK minister slams Steam for explicit game promoting “non-consensual sexual contact” and sexual violence
UPDATE: Developer Zerat Games announces it will remove title from Steam
https://www.gamesindustry.biz/uk-minister-slams-valve-for-explicit-game-promoting-non-consensual-sexual-contact-and-sexual-violence
Tomi Engdahl says:
Dustin Volz / Wall Street Journal:
Sources: Chinese officials acknowledged in a secret December 2024 meeting that China was behind the Volt Typhoon hacks, tying them to the US’ support for Taiwan — A senior Chinese official linked intrusions to escalating U.S. support for Taiwan — WASHINGTON—Chinese officials acknowledged …
In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks
A senior Chinese official linked intrusions to escalating U.S. support for Taiwan
https://www.wsj.com/politics/national-security/in-secret-meeting-china-acknowledged-role-in-u-s-infrastructure-hacks-c5ab37cb?st=SYDJd9&reflink=article_copyURL_share
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17398-haluatko-murtautua-yrityksen-verkkoon-se-maksaa-vain-500-dollaria
Tomi Engdahl says:
Käytätkö mobiilivarmennetta? Harkitse vakavasti tätä turvakeinoa – ei maksa mitään
Huijarit ovat jo alkaneet iskeä pelottavalla tavalla.
https://www.is.fi/digitoday/tietoturva/art-2000011159236.html
Oletko kuullut häirinnänestokoodista? Se on tapa suojata vahvassa tunnistautumisessa käytettyä mobiilivarmennetta. Häirinnänestokoodilla varmistat, ettei puhelimeesi tule tunnistuspyyntöjä esimerkiksi, jos joku näppäilee vahingossa kirjautumisen yhteydessä numeronsa väärin.
Häirinnänestokoodilla varmistat, ettei puhelimeesi tule tunnistuspyyntöjä esimerkiksi, jos joku näppäilee vahingossa kirjautumisen yhteydessä numeronsa väärin. Käytännössä se on valitsemasi salasana, joka voi koostua kirjaimista ja numeroista. Koodi syötetään puhelinnumeron lisäksi tunnistuksen yhteydessä.
Digi- ja väestötietoviraston johtava erityisasiantuntija Kimmo Rousku kannustaa ihmisiä ottamaan koodin käyttöönsä.
– Se on helppo, ilmainen ja tehokas lisäsuoja, Rousku kirjoittaa LinkedInissä.
Viranomaisen näkemissä huijarien tekstiviesteissä muun muassa väitetään, että mobiilivarmenne pitää vahvistaa uudelleen teknisen vian vuoksi. Telian nimissä tulevan viestin mukaan puhelimeen tulee pian pyyntö, joka pitää vahvistaa varmenteen toimimisen jatkumiseksi.
Häirinnänestokoodi hidastaa hieman asiointia, mutta Rouskun mielestä se on pieni hinta lisäturvasta.
– Itse otin koodin nyt käyttöön – suosittelen lämpimästi samaa myös sinulle. Tämä kasvattaa jokaista tunnistautumista ehkä kymmenillä sekunneilla, mutta parantaa turvallisuuttasi uusia ja tulevia uhkia vastaan.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17406-fakeupdates-jatkaa-riesojen-kaerjessae
Tomi Engdahl says:
”The measures replicate those used on trips to Ukraine and China, where standard IT kit cannot be brought into the countries for fear of Russian or Chinese surveillance. They are worried about the US getting into the [European] commission systems.”
https://www.ft.com/content/20d0678a-41b2-468d-ac10-14ce1eae357b?shareType=nongift&fbclid=IwY2xjawJqUO1leHRuA2FlbQIxMQABHq1nFHj5K8ODlmm4XGUathT2DqjFzFlrJVScCM_ff13fES9Va2Lu7TG4qhDA_aem_e0Kv5SYJBIz8Y707EB6jBg
Tomi Engdahl says:
Federal employee alleges DOGE activity resulted in data breach at labor board
In a sworn declaration sent to Congress, the employee said he witnessed several anomalies in DOGE’s handling of security.
https://www.nbcnews.com/tech/security/federal-employee-alleges-doge-activity-resulted-data-breach-labor-boar-rcna201425?fbclid=IwY2xjawJsHkZleHRuA2FlbQIxMQABHi_BMpEYkT2hGSGOV7w5V0iTH42kc4QVn1i_1sdZDYx-wc1ZFc2KuLGag6AE_aem_BB_2AahRn7Krw1TuOXauKQ
Tomi Engdahl says:
Google Cloud’s so-called uninterruptible power supplies caused a six-hour interruption
When the power went out, they didn’t switch on
https://www.theregister.com/2025/04/15/google_cloud_useast5c_outage_report/
Tomi Engdahl says:
MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty
MITRE warns of a deterioration of national vulnerability databases and advisories, slowed vendor reaction and limited response operations.
https://www.securityweek.com/mitre-signals-potential-cve-program-deterioration-as-us-gov-funding-expires/
Tomi Engdahl says:
Artificial Intelligence
Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks
San Francisco startup banks $30 million in Seed and Series A funding led by Lightspeed Venture Partners and Walden Catalyst Ventures.
https://www.securityweek.com/virtue-ai-attracts-30m-investment-to-address-critical-ai-deployment-risks/
Tomi Engdahl says:
Application Security
Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers
Lemonade says the incident is not material and that its operations were not compromised, nor was its customer data targeted.
https://www.securityweek.com/insurance-firm-lemonade-says-api-glitch-exposed-some-drivers-license-numbers/
Tomi Engdahl says:
Supply Chain Security
AI Hallucinations Create a New Software Supply Chain Threat
Researchers uncover new software supply chain threat from LLM-generated package hallucinations.
https://www.securityweek.com/ai-hallucinations-create-a-new-software-supply-chain-threat/
Tomi Engdahl says:
https://www.securityweek.com/2-6-million-impacted-by-landmark-admin-young-consulting-data-breaches/
Tomi Engdahl says:
https://www.securityweek.com/china-pursuing-3-alleged-us-operatives-over-cyberattacks-during-asian-games/
Tomi Engdahl says:
David DiMolfetta / Nextgov/FCW:
Mitre, the nonprofit research organization behind the CVE program, says the US government funding needed to develop and operate CVE will expire on April 16 — The U.S. government funding needed for non-profit research giant MITRE to develop, operate and maintain its flagship Common Vulnerabilities …
https://www.nextgov.com/cybersecurity/2025/04/mitre-backed-cyber-vulnerability-program-lose-funding-wednesday/404585/
Tomi Engdahl says:
Abner Li / 9to5Google:
Google plans to redirect all Search users to google.com over the coming months, saying “country-level domains are no longer necessary” — Historically, Google users around the world have visited country-specific sites like google.com.br (Brazil), google.fr (France), or google.co.uk (UK).
Google Search switching to google․com around the world
https://9to5google.com/2025/04/15/google-com-search/
Tomi Engdahl says:
Mohar Chatterjee / Politico:
Sources: the US DOD’s Defense Digital Service is effectively shutting down as nearly all staff are resigning, saying they were sidelined by DOGE’s efforts — Employees of a defense tech unit say they were sidelined by DOGE. “Either we die quickly or we die slowly,” says the director.
Pentagon’s ‘SWAT team of nerds’ resigns en masse
Employees of a defense tech unit say they were sidelined by DOGE. “Either we die quickly or we die slowly,” says the director.
https://www.politico.com/news/2025/04/15/pentagons-digital-resignations-00290930
Tomi Engdahl says:
Jenna McLaughlin / NPR:
Whistleblower: at NLRB, DOGE staff disabled monitoring tools, deleted logs, one worked on “NxGenBdoorExtract”; one DOGE account tried to log in via a Russian IP
A whistleblower’s disclosure details how DOGE may have taken sensitive labor data
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
In the first days of March, a team of advisers from President Trump’s new Department of Government Efficiency initiative arrived at the Southeast Washington, D.C., headquarters of the National Labor Relations Board.
The small, independent federal agency investigates and adjudicates complaints about unfair labor practices. It stores reams of potentially sensitive data, from confidential information about employees who want to form unions to proprietary business information.
But according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews with the whistleblower and records of internal communications, technical staff members were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency. It’s possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets — data that four labor law experts tell NPR should almost never leave the NLRB and that has nothing to do with making the government more efficient or cutting spending.
The employees grew concerned that the NLRB’s confidential data could be exposed, particularly after they started detecting suspicious log-in attempts from an IP address in Russia, according to the disclosure. Eventually, the disclosure continued, the IT department launched a formal review of what it deemed a serious, ongoing security breach or potentially illegal removal of personally identifiable information. The whistleblower believes that the suspicious activity warrants further investigation by agencies with more resources, like the Cybersecurity and Infrastructure Security Agency or the FBI.
Tomi Engdahl says:
Igor Bonifacic / Engadget:
4chan is down after an apparent hack late on April 14; an Imgur post seems to show a hacker gained shell access to 4chan’s hosting server and doxxed some users — More like 404chan, amirite? — 4chan, the controversial forum known for birthing early meme culture and Gamergate, is down, following an apparent hack.
4chan, the internet’s most infamous forum, is down following an alleged hack
More like 404chan, amirite?
https://www.engadget.com/cybersecurity/4chan-the-internets-most-infamous-forum-is-down-following-an-alleged-hack-142516392.html?_fsig=QJu5_hH1vtAoQi1r9U3bsA–~A
4chan, the controversial forum known for birthing early meme culture and Gamergate, is down, following an apparent hack. Per Downdetector, reports of an outage began circulating late Monday evening, with users sharing updates on connection issues through the early hours of Tuesday morning. As of the writing of this article, it’s possible to access the website following a long delay, but clicking on any of the board links leads to a timeout.
According to screenshots shared on Imgur (NSFW warning), it appears a hacker gained shell access to 4chan’s hosting server. They then went on to post images of the site’s phpmyadmin page, and appear to have doxed the entire moderation team alongside many of the site’s registered users. While it seems some users took steps to protect their identities, many appear to have used their primary email address to register for the forum, with .edu and even .gov addresses reportedly appearing in the list leaked emails.
Tomi Engdahl says:
Jon Brodkin / Ars Technica:
A look at the FCC’s “Delete, Delete, Delete” initiative, meant to identify burdensome rules, as ISPs, broadcasters, and others send in deregulation wishlists
ISPs and robocallers love the FCC plan to “delete” as many rules as possible
FCC’s “Delete, Delete, Delete” docket is filled with requests to eliminate rules.
https://arstechnica.com/tech-policy/2025/04/isps-and-robocallers-love-the-fcc-plan-to-delete-as-many-rules-as-possible/
Industry groups have submitted deregulatory wishlists for the Federal Communications Commission’s “Delete, Delete, Delete” initiative that aims to eliminate as many regulations as possible.
Broadband providers that want fewer telecom regulations and debt collectors opposed to robocall rules were among those submitting comments to the FCC in response to Chairman Brendan Carr’s request for public input. The Carr-led FCC last month issued a public notice asking for help with “identifying FCC rules for the purpose of alleviating unnecessary regulatory burdens.”
The FCC said it opened the official proceeding—which is titled “Delete, Delete, Delete”—because “President Trump has called on administrative agencies to unleash prosperity through deregulation and ensure that they are efficiently delivering great results for the American people.” Initial comments were due on Friday, and there is an April 28 deadline for reply comments.
FCC to get Republican majority and plans to “delete” as many rules as possible
Geoffrey Starks to leave FCC as new chair pushes “Delete, Delete, Delete” plan.
https://arstechnica.com/tech-policy/2025/03/fcc-democrat-to-resign-cementing-republican-majority-for-chairman-carr/
Tomi Engdahl says:
Reuters:
Chinese state media: police in Harbin accuse the NSA of launching “advanced” cyberattacks during the Asian Winter Games in February 2025 and name three agents
China accuses US of launching ‘advanced’ cyberattacks, names alleged NSA agents
https://www.reuters.com/technology/cybersecurity/chinas-harbin-says-us-launched-advanced-cyber-attacks-winter-games-2025-04-15/
Summary
Chinese police accuse NSA of ‘advanced’ cyberattacks
Says has raised concerns with United States
State media names three alleged NSA agents involved in attack
Says attacks targeted critical infrastructure including Huawei
BEIJING, April 15 (Reuters) – China accused the United States National Security Agency (NSA) on Tuesday of launching “advanced” cyberattacks during the Asian Winter Games in February, targeting essential industries.
Police in the northeastern city of Harbin said three alleged NSA agents to a wanted list and also accused the University of California and Virginia Tech of being involved in the attacks after carrying out investigations, according to a report by state news agency Xinhua on Tuesday.
Tomi Engdahl says:
Anu Adegbola / Search Engine Land:
Temu shut off Google Shopping ads in the US on April 9; its App Store app ranking then plummeted from around third or fourth place to 58th in three days
Temu pulls its U.S. Google Shopping ads
The crash of its App Store rank reveals how heavily Temu was reliant on Google advertising for paid acquisiton.
https://searchengineland.com/temu-pulls-us-google-shopping-ads-454260
Tomi Engdahl says:
Arkaluontoinen yllätys kirpputorilla
Löysimme kirpputorilla kaupatuilta kiintolevyiltä runsaasti tietoja suomalaisista. Tällaista arkaluontoista tietoa päätyy helposti vääriin käsiin, vaikka olisit kuvitellut tyhjentäneesi tietokoneen oikein.
https://www.iltalehti.fi/digiuutiset/a/cc9394d9-8133-486e-84b0-96c6aa8fc205
Tomi Engdahl says:
Gmail-käyttäjien on pian tehtävä valinta
Gmailin käyttäjien on pian valittava yksityisyyden ja kehittyneempien ominaisuuksien väliltä.
https://www.iltalehti.fi/digiuutiset/a/92c53069-ddc4-41ed-9f4b-3cd9cf865dc5
Gmailiin on tulossa uusia ominaisuuksia, joiden käyttöönotto voi vaatia kompromisseja yksityisyyden suhteen.
Google tarjoaa käyttäjille mahdollisuuden valita, haluavatko he ottaa käyttöön uudet tekoälypohjaiset ominaisuudet vai pitäytyä perinteisemmässä sähköpostikokemuksessa.
Uudet toiminnot voivat parantaa käyttökokemusta, mutta niiden vaikutuksesta käyttäjän yksityisyyteen on hyvä olla tietoinen.
Gmailin uusista ominaisuuksista uutisoineen Newsweekin mukaan uudet tekoälytyökalut tarjoavat muun muassa parempia hakutuloksia, älykkäitä vastausehdotuksia sekä sähköpostien yhteenvetoja.
Työkalujen käyttöönotto päästää Googlen kuitenkin syvemmälle sähköpostilaatikkoosi analysoimaan viestien sisältöä ja metadataa. Googlen mukaan se ei käytä keräämiään tietoja mainosten näyttämiseen suoraan Gmailissa, mutta niillä voi silti olla vaikutusta käyttäjän mainosprofiiliin muilla yhtiön alustoilla.
Mikäli uusia työkaluja ei halua käyttöönsä, jatkuu Gmailin käyttökokemus perinteisempänä, eikä käyttäjä pääse enää hyödyntämään esimerkiksi tekoälyllä tehostettua hakua.
Positiivisena puolena on kuitenkin se, että Google kerää käyttäjästä jatkossa vähemmän tietoa parantaen sähköpostien yksityisyyttä.
Gmail Just Changed—Here’s What To Pick When Google Asks You
https://www.newsweek.com/gmail-changes-2025-2058086
If you’re a Gmail user, you may soon see a new prompt in your inbox—and it’s not just another pop-up to click away. Google is now rolling out a privacy-related update that gives users a clear choice: opt into AI-enhanced features that use your personal data, or stick with a more limited version of Gmail. While the decision may feel routine, it marks a significant shift in how the world’s most popular email service handles your data—and your inbox.
What the New Gmail Prompt Means
The update is tied to Google’s ongoing rollout of AI-powered search features in Gmail, which aim to make it easier to find relevant emails quickly. The new system ranks search results based on things like how recent an email was, frequency of interaction, and how often you click on certain messages. But to do that, Gmail needs access to more of your behavioral and content data.
To comply with privacy standards and give users more control, Google is now asking you to make a decision:
Allow Gmail to use AI-driven tools by enabling “smart features” and data sharing.
Decline the use of AI tools, which limits certain features but offers stronger data privacy.
What Happens If You Say ‘Yes’
If you choose to enable these features, Gmail will continue to offer its latest AI-powered updates, including:
Smarter search results based on your usage habits.
Access to “smart compose” and “smart reply” tools.
Better filtering of spam, phishing, and promotional emails.
However, agreeing to this also means Google’s AI will analyze more of your inbox activity, including message content and metadata, to personalize your experience. While Google states that this data is not used to serve ads directly in Gmail, it may still feed into your broader ad profile across the company’s platforms.
What Happens If You Say ‘No’
Declining the update means you’ll still have access to basic Gmail functionality, but you’ll lose access to features like AI-enhanced search and auto-suggestions. Your inbox may also feel slower or less intuitive when searching for older messages or organizing conversations.
On the upside, your data footprint with Google remains smaller. Gmail won’t process as much of your message content or behavior to power features, giving you more control over your email privacy.
Why This Matters Now
This update lands as concerns about data privacy and AI transparency continue to grow. While Google says it blocks more than 99 percent of spam and phishing attempts, cybersecurity experts warn that AI-generated attacks are getting more sophisticated. At the same time, privacy advocates have raised flags over just how much data is being processed behind the scenes.
If you’ve ever wondered how much of your inbox activity is really private, now’s the time to take a closer look—and make an informed choice when Google asks.
Tomi Engdahl says:
Liikuteltavat nopeuskamerat räjäytettiin – vahingot arviolta 150 000 euroa
Poliisin mukaan kamerat asennusalustoineen tuhottiin räjähtein.
https://www.is.fi/autot/art-2000011171882.html
Useita liikuteltavia nopeusvalvontakameroita on räjäytetty Saksan liittotasavallan itäisillä alueilla teillä B6, B98 ja B115, uutisoi Bild.
Tekovälineenä on käytetty ilmeisesti Puolassa laillisia, mutta Saksassa laittomia räjähteitä, jotka oli onnistuttu ujuttamaan tien sivussa tehtäväänsä toteuttaneisiin kameravaunuihin.
https://www.bild.de/themen/specials/radarfalle/auto-nachrichten-news-fotos-videos-19406746.bild.html
Tomi Engdahl says:
Varo Bluetoothin piilotettuja vaaroja!
https://etn.fi/index.php/13-news/17417-varo-bluetoothin-piilotettuja-vaaroja
Bluetooth on monelle tuttu ja kätevä tapa yhdistää laitteita langattomasti, olipa kyse sitten kuulokkeista, kaiuttimista tai älykodin laitteista. Mutta harva tietää, että tämä arkipäiväinen teknologia voi myös altistaa käyttäjänsä vakaville tietoturvauhkille.
Tietoturvayhtiö NordVPN:n teknologiajohtaja Marijus Briedis varoittaa, että Bluetoothin helppokäyttöisyys on myös sen heikkous. – Yksi väärä napinpainallus voi avata oven hakkereille, jotka pääsevät käsiksi henkilökohtaisiin tietoihisi tai jopa ottavat laitteen haltuunsa.
Bluetoothin kautta tehtävät hyökkäykset voivat olla yllättävän tehokkaita. Vakavin niistä on Bluebugging, jossa hyökkääjä saa täyden pääsyn laitteeseen – voi soittaa, lähettää viestejä, käyttää nettiä ja salakuunnella ilman omistajan tietoa.
Toinen yleinen uhka on Bluesnarfing, jossa varastetaan laitteelta tietoja, kuten sähköposteja, valokuvia ja kalenterimerkintöjä. Bluejacking puolestaan tarkoittaa ei-toivottujen mainosviestien lähettämistä laitteelle – sinänsä harmiton, mutta ärsyttävä.
Bluetoothin toimintamatka on tyypillisesti noin 10 metriä, mutta hyökkäyksiä voidaan toteuttaa jopa 100 metrin päästä. Mitä lähempänä uhri on, sitä vaarallisempia hyökkäykset voivat olla.
Tomi Engdahl says:
Spotify on nurin
Vikailmoitusten määrä on kasvanut rajusti.
https://www.iltalehti.fi/digiuutiset/a/2298e2a3-6dfa-4c4f-b334-e8478a871817
Musiikin suoratoistopalvelu Spotifyssä on havaittu laajoja käyttöhäiriöitä.
Downdetector-sivustolle tehtyjen vikailmoitusten määrä kasvoi räjähdysmäisesti keskiviikkona kello 15 maissa. Downdetectorin vikailmoitusten määrä oli hieman ennen kello 16 jo yli 2 400.
Spotifyn kaikki sivut eivät avaudu tavalliseen tapaan, vaan sivut jäävät lataamaan tai saattavat ilmoittaa, ettei internet-yhteyttä ole.
Tomi Engdahl says:
Pentagon leaders are calling for thousands of drones to prepare for war in the Pacific. But as Trump’s tariffs escalate tensions with China, they face an uncomfortable reality: Silicon Valley’s drone companies are addicted to Chinese components. (Illustration: Fernando Capeto and Cecilia Runxi Zhang for Forbes; Images: Google Gemini Ai; Eyeem Mobile Gmbh via Getty Images)
Full story: https://trib.al/1zRoWBd
Tomi Engdahl says:
For security, Android phones will now auto-reboot after three days
https://techcrunch.com/2025/04/15/for-security-android-phones-will-now-auto-reboot-after-three-days/
Google’s mobile operating system Android will now automatically reboot if the phone is locked for three days in a row.
On Monday, the tech giant pushed updates to Google Play services, a core part of Android that provides functionalities for apps and the operating system itself. Listed under “Security & Privacy” is a new security feature that “will automatically restart your device if locked for 3 consecutive days.”
Last year, Apple rolled out the same feature for iOS. The thinking behind adding an automatic reboot after a certain period of inactivity is to make life more difficult for someone who is trying to unlock or extract data from a phone; for example, law enforcement using a forensic analysis device like those made by Cellebrite or Magnet Forensics.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17421-suomalaisyrityksiin-hyoekaettiin-alkuvuonna-yli-tuhat-kertaa-viikossa
Tomi Engdahl says:
Management & Strategy
Krebs Exits SentinelOne After Security Clearance Pulled
Chris Krebs has resigned from SentinelOne after security clearance withdrawn and an order to review CISA’s conduct under his leadership
https://www.securityweek.com/krebs-exits-sentinelone-after-security-clearance-pulled/
Tomi Engdahl says:
Apple Quashes Two Zero-Days With iOS, MacOS Patches
The vulnerabilities are described as code execution and mitigation bypass issues that affect Apple’s iOS, iPadOS and macOS platforms.
https://www.securityweek.com/apple-pushes-ios-macos-patches-to-quash-two-zero-days/
Tomi Engdahl says:
MITRE CVE Program Gets Last-Hour Funding Reprieve
The US government’s cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational.
https://www.securityweek.com/mitre-cve-program-gets-last-hour-funding-reprieve/
Tomi Engdahl says:
Many Mobile Apps Fail Basic Security—Posing Serious Risks to Enterprises
Top-ranked mobile apps found using hardcoded keys and exposed cloud buckets.
https://www.securityweek.com/many-mobile-apps-fail-basic-security-posing-serious-risks-to-enterprises/
Estimates show the number of people who had personal data compromised increased by 312% from 2023 to 2024.
Zimperium’s zLabs researchers examined 17,333 Android and iOS mobile apps obtained from the official app stores and being used by the firm’s own enterprise customers’ employees. This follows an estimated increase of 312% in the number of individuals who had personal data compromised in 2024: from 419 million in 2023 to 1.7 billion in 2024 (figures from the Identity Theft Resource Center (ITRC).
With personal mobile phones increasingly being used within business environments, these numbers are likely to grow, and the consequent threat to business systems will increase.
The two most common app weaknesses discovered by the researchers include misconfigured use of cloud storage, and use of poor cryptography.
From the mobile apps examined, 83 Android apps (4 from within Google Play Store’s top 100 popularity list) were found to use unprotected or misconfigured cloud storage. In some of the stores the file indexes are world viewable, and in others the content can be accessed without credentials. Since criminals are continuously scanning the internet for such unprotected repositories, this is a serious threat to the data they contain.
Ten Android apps expose credentials to AWS cloud services – allowing attackers to read data and possibly write false data into the store.
“Misconfiguration in cloud storage and exposed credentials is the same as leaving the front door open and saying the house is safe,” comments Boris Cipot, senior security engineer at Black Duck. “This is an open invitation for attackers to steal data simply by exploiting sloppy security configurations or application security.”