AI-Powered Presentation Tool Leveraged in Phishing Attacks darkreadingAlexander Culafi, Senior News Writer, Dark Reading
April 15, 2025

Researchers at Abnormal Security said threat actors are using a legitimate presentation and graphic design tool named "Gamma" in phishing attacks. Researchers at Abnormal Security said threat actors are using a …


Hertz Falls Victim to Cleo Zero-Day Attacks darkreadingKristina Beek, Associate Editor, Dark Reading
April 15, 2025

Customer data such as birth dates, credit card numbers and driver's license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file transfer products. Customer data such as birth …


Wave of Wine-Inspired Phishing Attacks Targets EU Diplomats darkreadingElizabeth Montalbano, Contributing Writer
April 15, 2025

Russia-backed APT29's latest campaign once again uses malicious invites to wine-tasting events as its lure, but this time targets a different set of vintages — errr, victims — and delivers …


Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool The Hacker [email protected] (The Hacker News)
April 15, 2025

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called …


Are We Prioritizing the Wrong Security Metrics? darkreadingSwati Babbar
April 15, 2025

True security isn't about meeting deadlines — it's about mitigating risk in a way that aligns with business objectives while protecting against real-world threats. True security isn't about meeting deadlines — …


China-Backed Threat Actor ‘UNC5174’ Using Open Source Tools in Stealthy Attacks darkreadingAlexander Culafi, Senior News Writer, Dark Reading
April 15, 2025

Sysdig researchers detailed an ongoing campaign from China-backed threat actor UNC5174, which is using open source hacking tools to stay under the radar. Sysdig researchers detailed an ongoing campaign from China-backed …


Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence The Hacker [email protected] (The Hacker News)
April 15, 2025

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The …


Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders The Hacker [email protected] (The Hacker News)
April 15, 2025

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious …


CISA Releases Nine Industrial Control Systems Advisories AlertsCISA
April 15, 2025

CISA released nine Industrial Control Systems (ICS) advisories on April 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-105-01 Siemens Mendix Runtime ICSA-25-105-02 Siemens …


Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds The Hacker [email protected] (The Hacker News)
April 15, 2025

Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ …