๐จ Critical Erlang/OTP SSH Flaw Exploited for Remote Code Execution
Public exploits for CVE-2025-32433, a critical vulnerability in Erlang/OTP SSH, have surfaced, enabling unauthenticated attackers to execute code remotely on affected devices. BleepingComputer reports active exploitation, urging immediate patching. The flaw impacts devices using Erlang/OTP SSH, with no workaround available. Admins must update to the latest version to mitigate risks.โ
๐ Read the full story
๐ก SonicWall SMA Appliances Under Active Attack Since January
A remote code execution vulnerability in SonicWall Secure Mobile Access (SMA) appliances has been exploited since January 2025, according to Arctic Wolf. The flaw allows attackers to bypass authentication and gain full control. SonicWall has issued patches, but unpatched systems remain at high risk. Organizations using SMA appliances should prioritize updates.โ
๐ Read the full story
๐บ๐ณ Hertz Customer Data Stolen in Cyberattack
Hertz disclosed a cyberattack on April 14, 2025, compromising customer data, Reuters reports. The breach exposed personal information, though specifics on the attack vector or scope remain undisclosed. Hertz is notifying affected customers and investigating the incident. This follows a trend of rising data breaches targeting rental and service industries.โ
๐ Read the full story
๐งช DaVita Hit by Ransomware, Patient Care Unaffected
Dialysis provider DaVita confirmed a ransomware attack on April 14, 2025, Reuters reports. The breach involved data exfiltration, but the company claims patient care remains uninterrupted. Investigations are ongoing to determine the full scope, with DaVita notifying affected individuals and enhancing security measures.โ
๐ Read the full story
๐ Windows NTLM Flaw (CVE-2025-24054) Actively Exploited
A medium-severity Windows flaw, CVE-2025-24054, is under active exploitation since March 19, leaking NTLM hashes via phishing attacks, per The Hacker News. The U.S. CISA added it to its Known Exploited Vulnerabilities catalog, mandating federal agencies to patch by May 8, 2025. The bug, patched in March, targets government and private sectors in Poland and Romania.โ
๐ Read the full story
๐ Apple Patches Two Exploited iOS Flaws in iOS 18.4.1
Apple addressed two actively exploited iOS vulnerabilities, CVE-2025-31200 and CVE-2025-31201, in iOS 18.4.1, one reported by Googleโs Threat Analysis Group. The flaws allowed sophisticated targeted attacks, and Apple urges immediate updates. The patches include improved bounds checking and code removal to eliminate the vulnerabilities.โ
๐ Read the full story
๐จ๐ณ China Accuses U.S. of Advanced Cyberattacks
On April 15, 2025, China accused the U.S. of launching sophisticated cyberattacks, naming alleged NSA agents, per Reuters. The claims, lacking detailed evidence, appear tied to escalating U.S.-China tensions over trade and technology. This follows reports of Chinese APT groups targeting U.S. infrastructure, highlighting mutual accusations in cyberspace.โ
๐ Read the full story
๐จโ๐ป Bryson Bort Joins Badge as AI and Cybersecurity SVP
DARPA veteran and SCYTHE founder Bryson Bort has joined Badge as SVP of AI and Cybersecurity, SecurityWeek reports. Known for co-founding ICS Village, Bort aims to advance AI-driven security solutions. His move underscores the growing intersection of AI and cybersecurity in addressing modern threats.โ
๐ Read the full story
๐ฎ WordPress OttoKit Flaw Exploited Within Hours
A vulnerability in the WordPress OttoKit plugin was exploited within four hours of disclosure, per X posts. The flaw (CVE-2025-3102) allows attackers to create admin accounts on unconfigured sites. With over 100,000 installs, the pluginโs patch in version 1.0.79 is critical to prevent site takeovers.โX (formerly Twitter)
๐ Read the full story
๐ Oracle Patches 180 Unique CVEs in April 2025 Update
Oracleโs April 2025 Critical Patch Update addresses 378 patches for ~180 unique CVEs across its products, SecurityWeek reports. The update includes 16 Solaris and 48 Linux fixes, with 14 Solaris patches for remotely exploitable flaws. Enterprises using Oracle systems should apply patches promptly to avoid exploitation.โ
๐ Read the full story
๐ 47% Surge in Global Cyberattacks in Q1 2025
Check Pointโs Q1 2025 report notes a 47% rise in weekly cyberattacks per organization, averaging 1,925 attacks. Ransomware surged 126%, with North America hit hardest (62% of cases). The education sector faced 4,484 weekly attacks, up 73% from 2024, signaling a need for stronger defenses.โ
๐ Read the full story
โ ๏ธ AI-Powered Threats Escalate with Voice Cloning Fraud
The Hacker News reports a $25 million fraud case involving AI-powered voice cloning, alongside state-backed cyberattacks using ChatGPT. The Security Navigator 2025 highlights AI-driven prompt injections and LLM manipulation, urging defenders to leverage AI for detecting subtle network compromises.โ
๐ Read the full story