SecurityWeek Briefing.

"The Shadow AI Surge:  Study find 50% of workers use unapproved AI tools."

 Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 19 April 2025, 2347 UTC.

Content and Source:  Email subscription via https://feedly.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

SecurityWeek

86K followers46 articles per week

#security#tech

86

Most popular

The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools

by Kevin Townsend / 1d

With unapproved AI tools entrenched in daily workflows, experts say it’s time to shift from monitoring to managing Shadow AI use across the enterprise. The post appeared first on SecurityWeek .

Krebs Exits SentinelOne After Security Clearance Pulled

Trump revokes Chris Krebs security clearance

•

by Ryan Naraine / 3d

Chris Krebs has resigned from SentinelOne after security clearance withdrawn and an order to review CISA’s conduct under his leadership. The post appeared first on SecurityWeek .

Man Helped Individuals in China Get Jobs Involving Sensitive US Government Projects

by Ionut Arghire / 2d

Minh Phuong Ngoc Vong pleaded guilty to defrauding US companies of roughly $1 million in a fake IT worker scheme. The post appeared first on SecurityWeek .

Yesterday

In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged

by SecurityWeek News / 1d

Noteworthy stories that might have slipped under the radar: 4chan hacked, auto-reboot security feature coming to Android, Iranian administrator of Nemesis charged in US. The post appeared first on SecurityWeek .

Cy4Data Labs Raises $10 Million to Secure Data in Use

Cy4Data Labs raises 10M$ funding

•

by Ionut Arghire / 1d

Data protection firm Cy4Data Labs has raised $10 million in a Series A funding round led by Pelion Venture Partners. The post appeared first on SecurityWeek .

Events Giant Legends International Hacked

Legends International suffers data breach

•

by Eduard Kovacs / 1d

Legends International says the personal information of employees and customers was compromised as a result of a cyberattack. The post appeared first on SecurityWeek .

Ahold Delhaize Confirms Data Stolen in Ransomware Attack

3 TTPs

•

by Ionut Arghire / 1d

•

Ahold Delhaize suffers ransomware attack

Ahold Delhaize has confirmed that data was stolen from its systems in November 2024 after a ransomware group claimed the attack. The post appeared first on SecurityWeek .

Apr 17, 2025

Fresh Windows NTLM Vulnerability Exploited in Attacks

7 TTPs

•

by Ionut Arghire / 1d

•

CVE-2025-24054

A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions. The post appeared first on SecurityWeek .

Demystifying Security Posture Management

by Torsten George / 2d

While the Security Posture Management buzz is real, its long-term viability depends on whether it can deliver measurable outcomes without adding more complexity. The post appeared first on SecurityWeek .

Vulnerabilities Patched in Atlassian, Cisco Products

4 TTPs

•

by Ionut Arghire / 2d

Atlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs. The post appeared first on SecurityWeek .

Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking

6 TTPs

•

by Eduard Kovacs / 2d

•

CVE-2025-32433

Servers exposed to complete takeover due to CVE-2025-32433, an unauthenticated remote code execution flaw in Erlang/OTP SSH. The post appeared first on SecurityWeek .

Why ‘One Community’ Resonates in Cybersecurity

by Marc Solomon / 2d

Our collective voices and one community will provide the intelligence we need to safeguard our businesses in today’s modern digital environment. The post appeared first on SecurityWeek .

CISA Issues Guidance After Oracle Cloud Hack

5 TTPs

•

by Eduard Kovacs / 2d

•

Oracle breach denial raises concerns

CISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack. The post appeared first on SecurityWeek .

Chinese APT Mustang Panda Updates, Expands Arsenal

17 TTPs

•

by Ionut Arghire / 2d

•

Mustang Panda updates malware tools

The Chinese state-sponsored group Mustang Panda has used new and updated malicious tools in a recent attack. The post appeared first on SecurityWeek .

SonicWall Flags Old Vulnerability as Actively Exploited

2 TTPs

•

by Eduard Kovacs / 2d

A SonicWall SMA 100 series vulnerability patched in 2021, which went unnoticed at the time of patching, is being exploited in the wild. The post appeared first on SecurityWeek .

Apr 16, 2025

MITRE Hackers’ Backdoor Has Targeted Windows for Years

15 TTPs

•

by Ionut Arghire / 2d

•

BRICKSTORM malware targets European industries

Windows versions of the BrickStorm backdoor that the Chinese APT used in the MITRE hack last year have been active for years. The post appeared first on SecurityWeek .

Apple Quashes Two Zero-Days With iOS, MacOS Patches

by Ryan Naraine / 3d

The vulnerabilities are described as code execution and mitigation bypass issues that affect Apple’s iOS, iPadOS and macOS platforms. The post appeared first on SecurityWeek .

MITRE CVE Program Gets Last-Hour Funding Reprieve

MITRE CVE support contract expires

•

by Ryan Naraine / 3d

The US government's cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational. The post appeared first on SecurityWeek .

Many Mobile Apps Fail Basic Security—Posing Serious Risks to Enterprises

Mobile apps expose sensitive data

•

by Kevin Townsend / 3d

Top-ranked mobile apps found using hardcoded keys and exposed cloud buckets. The post appeared first on SecurityWeek .

Pillar Security Banks $9M for AI Security Guardrails

Aurascape secures 50M for AI security

•

by Ryan Naraine / 3d

Shield Capital leads a $9 million seed-stage funding round for Israeli startup building technologies for AI security and privacy guardrails. The post appeared first on SecurityWeek .

Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial

3 TTPs

•

by Eduard Kovacs / 3d

•

Oregon DEQ investigates cyberattack

The Rhysida ransomware gang claims to have stolen 2.5 Tb of files from the Oregon Department of Environmental Quality. The post appeared first on SecurityWeek .

Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild

5 TTPs

•

by Ionut Arghire / 3d

•

BPFDoor malware targets global networks

In recent attacks, the state-sponsored backdoor BPFDoor is using a controller to open a reverse shell and move laterally. The post appeared first on SecurityWeek .

Critical Vulnerability Found in Apache Roller Blog Server

4 TTPs

•

by Ionut Arghire / 3d

A critical vulnerability in Apache Roller could be used to maintain persistent access by reusing older sessions even after password changes. The post appeared first on SecurityWeek .

Microsoft Warns of Node.js Abuse for Malware Delivery

15 TTPs

•

by Eduard Kovacs / 3d

•

Node.js exploited for malware delivery

In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads. The post appeared first on SecurityWeek .

Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities

Execution (Enterprise TA0002)

•

by Ionut Arghire / 3d

Chrome 135 and Firefox 137 updates have been rolled out with patches for critical- and high-severity vulnerabilities. The post appeared first on SecurityWeek .

Oracle Patches 180 Vulnerabilities With April 2025 CPU

by Ionut Arghire / 3d

Oracle’s April 2025 Critical Patch Update contains 378 security patches that resolve approximately 180 unique CVEs. The post appeared first on SecurityWeek .