InfoSec News 20250416
Top News
-
Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps
"Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024."
TLP1 : Green
-
MITRE warns that funding for critical CVE program expires today
"MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry."
TLP1 : Green
-
Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins
"Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Cyber Threats Against Energy Sector Surge as Global Tensions Mount
"Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims."
TLP1 : Green
-
China-Backed Threat Actor 'UNC5174' Using Open Source Tools in Stealthy Attacks
"Sysdig researchers detailed an ongoing campaign from China-backed threat actor UNC5174, which is using open source hacking tools to stay under the radar."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Landmark Admin data breach impact now reaches 1.6 million people
"Landmark Admin has issued an update to its investigation of a cyberattack it suffered in May 2024, increasing the number of impacted individuals to 1.6 million."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
"A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change."
TLP1 : Green
-
Oracle Patches 180 Vulnerabilities With April 2025 CPU
"Oracle’s April 2025 Critical Patch Update contains 378 security patches that resolve approximately 180 unique CVEs."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Prepare for 8 different CompTIA certifications with this course bundle deal
"The tech industry is extremely competitive, so how do you stand out? If you don't have a ton of job experience or a four-year degree, there's still one way to distinguish yourself: professional certifications."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Renewed APT29 Phishing Campaign Against European Diplomats
"Check Point Research has been tracking an advanced phishing campaign conducted by APT29, a Russia linked threat group, which is targeting diplomatic entities across Europe."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.