This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in April 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
156 Comments
Tomi Engdahl says:
Wall Street Journal:
The European Commission fines Apple €500M and Meta €200M under the DMA and issues cease-and-desist orders to both companies; Apple and Meta say they will appeal
Apple, Meta Fined by EU, Ordered to Comply With Tech Competition Rules
Fines come as European officials pursue trade talks with the Trump administration
https://www.wsj.com/tech/apple-meta-fined-by-eu-ordered-to-comply-with-tech-competition-rules-9063b7e6?st=hbwZ53&reflink=desktopwebshare_permalink
Tomi Engdahl says:
The Electronic Frontier Foundation (EFF) published a handbook explaining the surveillance technology used at the Mexico border. You can download the PDF for free.
https://shop.eff.org/products/eff-zine-surveillance-technology-at-the-u-s-mexico-border
Tomi Engdahl says:
Data Breaches
Microsoft Purges Dormant Azure Tenants, Rotates Keys to Prevent Repeat Nation-State Hack
Microsoft security chief Charlie Bell says the SFI’s 28 objectives are “near completion” and that 11 others have made “significant progress.”
https://www.securityweek.com/microsoft-purges-dormant-azure-tenants-rotates-keys-to-prevent-repeat-nation-state-hack/
Tomi Engdahl says:
Artificial Intelligence
AI-Powered Polymorphic Phishing Is Changing the Threat Landscape
Combined with AI, polymorphic phishing emails have become highly sophisticated, creating more personalized and evasive messages that result in higher attack success rates.
https://www.securityweek.com/ai-powered-polymorphic-phishing-is-changing-the-threat-landscape/
Tomi Engdahl says:
Data Breaches
5.5 Million Patients Affected by Data Breach at Yale New Haven Health
Yale New Haven Health System recently discovered that the personal information of millions of patients was stolen from its systems.
https://www.securityweek.com/5-5-million-patients-affected-by-data-breach-at-yale-new-haven-health/
Yale New Haven Health System (YNHHS), which operates several hospitals in Connecticut, recently disclosed a data breach impacting the personal information of millions of patients.
The Yale University-affiliated healthcare organization revealed on April 11 that it detected unusual activity on its IT systems on March 8.
While patient care was not impacted by the incident, an investigation showed that hackers managed to copy data from Yale New Haven Health systems on the day the intrusion was discovered.
Compromised information varies by patient, but can include name, date of birth, address, phone number, email, race/ethnicity, SSN, and medical record number.
YNHHS noted that its “electronic medical record system was not involved nor accessed in this incident, and no financial accounts, payment information or employee HR information was included”.
The healthcare data breach tracker of the Department of Health and Human Services showed on Wednesday that the incident impacts more than 5.5 million individuals.
Tomi Engdahl says:
Employee monitoring app leaks 21 million screenshots in real time
https://cybernews.com/security/employee-monitoring-app-leaks-millions-screenshots/?fbclid=IwY2xjawJ4hGVleHRuA2FlbQIxMQABHlrmCmj3ubR7DS9RgydhrRYCzI-Lj-KgUK-c81s_yctH6tiRSZoNmwirvlqJ_aem_MWdO5fXEus92p9JpXyCJpg
A surveillance tool meant to keep tabs on employees is leaking millions of real-time screenshots onto the open web.
Your boss watching your screen isn’t the end of the story. Everyone else might be watching, too. Researchers at Cybernews have uncovered a major privacy breach involving WorkComposer, a workplace surveillance app used by over 200,000 people across countless companies.
The app, designed to track productivity by logging activity and snapping regular screenshots of employees’ screens, left over 21 million images exposed in an unsecured Amazon S3 bucket, broadcasting how workers go about their day frame by frame.
The leaked data is extremely sensitive, as millions of screenshots from employees’ devices could not only expose full-screen captures of emails, internal chats, and confidential business documents, but also contain login pages, credentials, API keys, and other sensitive information that could be exploited to attack businesses worldwide.
Cybernews contacted the company, and access has now been secured. An official comment has yet to be received.