IT Security Weekend Catch Up – April 6, 2025

Comments
close searching

06.04.2025 | 01:40

IT Security Weekend Catch Up – April 6, 2025
avatar

badcyber

comments

IT Security Weekend Catch Up – April 6, 2025

Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Waltz’s team set up at least 20 Signal group chats for crises across the world
  2. Hacking democracy: Russia’s digital war on German and European elections
  3. Global crackdown on Kidflix, a major child sexual exploitation platform with almost two million users

For the more technical

  1. Annual report from the actions of CERT Polska 2024
  2. About the security content of iOS 18.4 and iPadOS 18.4
  3. Blasting Past Webp: An analysis of the NSO BLASTPASS iMessage exploit
  4. IngressNightmare: CVE-2025-1974 - 9.8 critical unauthenticated remote code execution vulnerabilities in Ingress NGINX
  5. Bypassing authentication like it’s the ‘90s - Pre-auth RCE chain(s) in Kentico Xperience CMS
  6. An update on QuickShell: Sharing is caring about an RCE attack chain on Quick Share
  7. SpotBugs access token theft identified as root cause of GitHub supply chain attack
  8. Trapping misbehaving bots in an AI Labyrinth
  9. Multiple crypto packages hijacked, turned into info-stealers
  10. Hidden malware strikes again: Mu-Plugins under attack
  11. Analyzing new HijackLoader evasion tactics
  12. A phishing tale of DoH and DNS MX abuse
  13. Lucid PhaaS hits 169 targets in 88 countries using iMessage and RCS smishing
  14. New phishing campaign uses Browser-in-the-Browser attacks to target video gamers/Counter-Strike 2 players
  15. Exposing Crocodilus: New device takeover malware targeting Android devices
  16. Fast Flux: A national security threat
  17. Shifting the sands of RansomHub’s EDRKillShifter
  18. Fake Zoom ends in BlackSuit ransomware
  19. An old vector for new attacks: How obfuscated SVG files redirect victims
  20. Suspected China-nexus threat actor actively exploiting critical Ivanti Connect Secure vulnerability (CVE-2025-22457)
  21. The espionage toolkit of Earth Alux: A closer look at its advanced techniques
  22. From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic
  23. BeaverTail and Tropidoor malware distributed via recruitment emails
  24. Gamaredon campaign abuses LNK files to distribute Remcos backdoor
  25. Russian intelligence service-backed campaigns impersonate the CIA to target Ukraine sympathizers, Russian citizens and informants
  26. Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.


Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy! For the less technical Waltz’s team set up at least 20 Signal group chats for crises across the world Hacking democracy: 2025-04-06T01:40:45+02:00

Comments