Attackers are actively exploiting critical vulnerabilities in on-premises Microsoft Exchange and SharePoint servers, using advanced NTLM relay and credential theft techniques for persistent access. Researchers have detected a new JScript loader targeting jailbroken devices, enabling attackers to bypass traditional security controls and deploy additional malware payloads. Researchers have uncovered critical vulnerabilities in Windows TaskManager and Task Scheduler (schtasks.exe) that allow attackers to execute commands as SYSTEM, bypassing User Account Control (UAC) and erasing audit logs. A critical Windows vulnerability (CVE-2025-24054) is being actively exploited, allowing attackers to leak NTLM hashes and escalate privileges via spoofed SMB authentication requests. We will also evaluate recent regulatory changes, such as the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA), which are establishing new standards for data privacy and security to help ensure your compliance efforts stay current. Attackers use advanced social engineering and AI-generated content to bypass traditional security layers, making these scams harder to detect. The controversial imageboard 4chan suffered a major security breach, resulting in the leak of sensitive internal data. Attackers are increasingly exploiting Node.js, a popular JavaScript runtime, to deliver sophisticated malware and steal sensitive data. Instead of just encrypting files, attackers manipulate and corrupt critical data, making recovery and trust in backups much more difficult for victims. Hackers exploited zero-day vulnerabilities in a third-party file transfer platform, gaining unauthorized access to sensitive customer data. Attackers gained shell access to 4chan’s servers, extracting the complete PHP source code, moderator and administrator contact information, backend admin panels, and database content. A vulnerability (CVE-2025-24076) in Windows 11’s “Mobile devices” feature lets attackers escalate from a low-privileged user to system administrator in just 300 milliseconds via DLL hijacking. Threat actors are actively exploiting a vulnerability in Amazon EC2 instance metadata services to gain unauthorized access and escalate privileges in cloud environments. Key topics include sophisticated ransomware attacks and the growing impact of state-sponsored cyber operations on global security. Recent campaigns utilize malvertising, supply chain attacks via npm, and direct script execution to bypass traditional security controls. A severe vulnerability (CVE-2025-24859) in Apache Roller (versions 1.0.0–6.1.4) allows attackers to maintain unauthorized access even after password changes. One allows code execution via malicious media files; the other bypasses security protections. Additionally, we examine how cutting-edge technologies like artificial intelligence (AI), machine learning (ML), and quantum computing are reshaping cybersecurity, acting as both safeguard tools and potential weaknesses that attackers could take advantage of. Cybercriminals are exploiting Microsoft Teams to distribute malware and phishing links, targeting organizations’ internal communications. The malware, embedded during manufacturing, hijacks cryptocurrency wallet addresses and searches for sensitive data, resulting in significant financial theft. A medium-severity vulnerability (CVE-2025-30100) in Alienware Command Center (pre-6.7.37.0) allows local attackers to escalate privileges. Welcome to this week’s Cybersecurity Newsletter, where we provide the latest updates and critical insights from the swiftly changing realm of cybersecurity.This edition focuses on new threats and the evolving landscape of digital defenses. We also look into how various industries are tackling significant cybersecurity issues, such as securing remote work settings and addressing vulnerabilities in Internet of Things (IoT) devices. Attackers use compromised accounts or spoofed messages to trick employees into downloading malicious files or revealing credentials. Compromised information includes names, contact details, dates of birth, credit card numbers, driver’s license information, and, for some, even Social Security and passport numbers. Security experts warn of a new ransomware trend: data poisoning. The malware uses advanced obfuscation and persistence techniques to exfiltrate sensitive data and credentials. Recommendation: Apply the March 2025 security update.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 21 Apr 2025 01:00:13 +0000