Vulnerabilities
- ASUS Releases Fix For AMI Bug That Lets Hackers Brick Servers
"ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. The flaw impacts American Megatrends International's MegaRAC Baseboard Management Controller (BMC) software, used by over a dozen server hardware vendors, including HPE, ASUS, and ASRock. The CVE-2024-54085 flaw is remotely exploitable, potentially leading to malware infections, firmware modifications, and irreversible physical damage through over-volting."
https://www.bleepingcomputer.com/news/security/asus-releases-fix-for-ami-bug-that-lets-hackers-brick-servers/ - IngressNightmare: Understanding CVE‑2025‑1974 In Kubernetes Ingress-NGINX
"On March 24, 2025, researchers from Wiz, Inc. disclosed a critical group of vulnerabilities in the Kubernetes Ingress-NGINX controller, dubbed IngressNightmare. Among the most severe issues is CVE‑2025‑1974, which allows an attacker with only network access to the admission webhook to potentially achieve remote code execution (RCE) in the ingress controller pod. This vulnerability was privately disclosed earlier in March and publicly announced after patches became available. It has a CVSS rating of 9.8, underscoring the severity and urgency of applying the fixes."
https://www.fortinet.com/blog/threat-research/ingressnightmare-understanding-cve-2025-1974-in-kubernetes-ingress-nginx - How I Made $64k From Deleted Files — a Bug Bounty Story
"I built an automation that cloned and scanned tens of thousands of public GitHub repos for leaked secrets. For each repository I restored deleted files, found dangling blobs and unpacked .pack files to search in them for exposed API keys, tokens, and credentials. Ended up reporting a bunch of leaks and pulled in around $64k from bug bounties."
https://medium.com/@sharon.brizinov/how-i-made-64k-from-deleted-files-a-bug-bounty-story-c5bd3a6f5f9b
https://www.securityweek.com/files-deleted-from-github-repos-leak-valuable-secrets/
Malware
- Toll Of Deception: Where Evasion Drives Phishing Forward
"Discover the latest phishing campaign targeting a major toll road service provider, where cybercriminals use sophisticated evasion techniques to bypass security detections. This in-depth blog reveals how threat actors exploit legitimate platforms and deploy cloaking methods to disguise malicious links, allowing them to evade detection by security solutions. Discover how these sophisticated tactics create highly convincing phishing pages designed to steal victims’ card information, and how to safeguard yourself against these evolving cyber threats."
https://www.group-ib.com/blog/toll-of-deception/ - XRP Supply Chain Attack: Official NPM Package Infected With Crypto Stealing Backdoor
"At 21 Apr, 20:53 GMT+0, our system, Aikido Intel started to alert us to five new package version of the xrpl package. It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads. We quickly confirmed the official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets. This package is used by hundreds of thousands of applications and websites making it a potentially catastrophic supply chain attack on the cryptocurrency ecosystem. This is technical breakdown of how we discovered the attack."
https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor
https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html
https://securityaffairs.com/176844/hacking/the-xrpl-js-ripple-cryptocurrency-library-was-compromised-in-a-supply-chain-attack.html
https://www.theregister.com/2025/04/23/ripple_npm_supply_chain/ - NFC Fraud Wave: Evolution Of Ghost Tap On The Dark Web
"NFC-related fraud is on the rise, as evidenced by cyber threat intelligence analysts at Resecurity. Numerous banks, FinTechs, and credit unions have reported increased NFC-related fraud and highlighted significant challenges in early detection. Chinese cybercriminals demonstrate high adaptability in exploiting NFC technologies for fraudulent purposes and create new tools to facilitate illegal operations at scale. They target financial institutions to defraud consumers and cause substantial economic losses for the global economy."
https://www.resecurity.com/blog/article/nfc-fraud-wave-evolution-of-ghost-tap-on-the-dark-web
https://securityaffairs.com/176829/cyber-crime/chinese-cybercriminals-released-z-nfc-tool-for-payment-fraud.html - Malicious LNK Disguised As Notices
"AhnLab SEcurity intelligence Center (ASEC) recently discovered a malicious LNK file being distributed to Korean users for the purpose of stealing user information. This type of malware collects various valuable data for threat actors, such as data related to virtual assets, browsers, public certificates, and email files, and it also performs keylogging."
https://asec.ahnlab.com/en/87620/ - Distribution Of PebbleDash Malware In March 2025
"PebbleDash is a backdoor malware that was previously identified by the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. as a backdoor malware of Lazarus (Hidden Corba) in 2020. At the time, it was known as the malware of the Lazarus group, but recently, there have been more cases of the PebbleDash malware being distributed by the Kimsuky group, who have been targeting individuals, rather than the Lazarus group. This report will cover the latest distribution process of the PebbleDash malware by the Kimsuky group, other malware and additional modules that have been identified alongside PebbleDash."
https://asec.ahnlab.com/en/87621/ - Introducing ToyMaker, An Initial Access Broker Working In Cahoots With Double Extortion Gangs
"In 2023, Cisco Talos discovered an extensive compromise in a critical infrastructure enterprise consisting of a combination of threat actors. From initial access to double extortion, these actors slowly and steadily compromised a multitude of hosts in the network using a combination of various dual-use remote administration, SSH and file transfer tools. The initial access broker (IAB), whom Talos calls “ToyMaker” and assesses with medium confidence is a financially motivated threat actor, exploits vulnerable systems exposed to the internet. They deploy their custom-made backdoor we call “LAGTOY” and extract credentials from the victim enterprise. LAGTOY can be used to create reverse shells and execute commands on infected endpoints."
https://blog.talosintelligence.com/introducing-toymaker-an-initial-access-broker/ - Custom-Crafted, Qantas-Spoofing Emails Target Australian Victims
"A Qantas-spoofing email campaign claiming to have various rewards bypassed multiple secure email gateways (SEGs) to deliver credential phishing pages that targeted credit cards. This campaign primarily targeted Australian employees and used convincing emails templated from Qantas’ legitimate marketing emails. The credential phishing pages were fully developed and featured convincing components, such as terms of service acceptance and multi-factor authentication."
https://cofense.com/blog/custom-crafted,-qantas-spoofing-emails-target-australian-victims - Ransomware Groups Evolve Affiliate Models
"Although international law enforcement operations have successfully disrupted prominent ransomware schemes, cybercriminals continue to demonstrate their resilience and adaptability. In 2025, SecureworksCounter Threat Unit
(CTU) researchers observed the DragonForce and Anubis ransomware operators introducing novel models to attract affiliates and increase profits."
https://www.secureworks.com/blog/ransomware-groups-evolve-affiliate-models
https://therecord.media/ransomware-groups-test-new-business-models-dragonforce-anubis
https://www.darkreading.com/data-privacy/ransomware-gangs-innovate-new-affiliate-models - Emerging Phishing Techniques: New Threats And Attack Vectors
"Phishing remains one of the most prevalent and successful attack vectors used by cybercriminals today. It exploits human psychology, leveraging deception to trick users into revealing sensitive information or executing malicious actions. Attackers continuously evolve tactics to bypass modern email and endpoint security solutions, making detecting and mitigating phishing attempts increasingly difficult. And despite advancements in cybersecurity tools, many phishing campaigns still successfully reach users’ inboxes."
https://intezer.com/blog/emerging-phishing-techniques-new-threats-and-attack-vectors/
Breaches/Hacks/Leaks
- Data Breach At Onsite Mammography Impacts 350,000
"Massachusetts medical services provider Onsite Mammography is notifying over 350,000 people that their personal and health information was compromised in a data breach. The incident was discovered in October 2024 and involved unauthorized access to an employee’s email account, the firm reveals in a notification letter mailed to the impacted individuals. Some of the emails in the compromised account’s inbox, Onsite says, exposed both personally identifiable information (PII) and protected health information (PHI)."
https://www.securityweek.com/data-breach-at-onsite-mammography-impacts-350000/ - Blue Shield Of California Leaked Health Data Of 4.7 Million Members To Google
"Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms. The nonprofit health plan, which serves nearly 6 million members across California, published a data breach notification on its website stating that member data was exposed between April 2021 and January 2024. Today, the United States Department of Health and Human Services breach portal was updated to state that the leak exposed 4.7 million members' protected health data."
https://www.bleepingcomputer.com/news/security/blue-shield-of-california-leaked-health-data-of-47-million-members-to-google/
https://therecord.media/healthcare-data-breaches-blue-shield-california
https://www.theregister.com/2025/04/23/blue_shield_leaked_info_google/ - Kelly Benefits Notifying Nearly 264,000 Of Data Theft Hack
"A Maryland-based outsourced benefits and payroll manager is notifying nine large clients and nearly 264,000 individuals that their sensitive personal information was potentially compromised in a December hack. The tally of affected people has shot up eight-fold since Kelly & Associates Insurance Group, which operates as Kelly Benefits, earlier this month published an estimate of the hack's scope."
https://www.bankinfosecurity.com/kelly-benefits-notifying-nearly-264000-data-theft-hack-a-28073
https://www.securityweek.com/kelly-benefits-data-breach-impacts-260000-people/
General News
- Verizon Discovers Spike In Ransomware And Exploited Vulnerabilities
"Cybercriminals and state-sponsored threat groups exploited vulnerabilities and initiated ransomware attacks with vigor last year, escalating the scope of their impact by hitting more victims and outmaneuvering defenses with speed. The rate of ransomware detected in data breaches jumped 37%, occurring in 44% of the 12,195 data breaches reviewed in Verizon’s 2025 Data Breach Investigations Report released Wednesday. Researchers observed the presence of ransomware in 32% of data breaches in last year’s report."
https://cyberscoop.com/verizon-data-breach-investigations-report-2025/
https://www.verizon.com/business/en-gb/resources/reports/dbir/#2025DBIREMEANR
https://www.verizon.com/business/resources/reports/2025-dbir-data-breach-investigations-report.pdf
https://www.verizon.com/business/resources/infographics/2025-dbir-infographic.pdf
https://www.darkreading.com/cybersecurity-analytics/verizon-edge-bugs-ransoms-smbs-bedeviled
https://www.infosecurity-magazine.com/news/verizon-dbir-jump-vulnerability/
https://www.helpnetsecurity.com/2025/04/23/verizon-2025-data-breach-investigations-report-dbir/ - When Confusion Becomes a Weapon: How Cybercriminals Exploit Economic Turmoil
"It begins with a simple notification: “Markets in Free Fall.” Within moments, the headlines multiply: new tariffs, emergency actions, plummeting consumer confidence. Across boardrooms and break rooms, anxiety ripples at every level. People begin refreshing inboxes and apps for guidance from leadership teams, advisors, and experts. Right there, buried among legitimate memos and updates, the attacker slips in. A fake social media message. A bogus government alert. An urgent vendor notification that looks just convincing enough to spark a click, or a hasty regrettable action. It’s not just opportunistic. It’s calculated. In times of economic turbulence, adversaries thrive on confusion, and they’re getting disturbingly good at turning chaos into compromise."
https://www.helpnetsecurity.com/2025/04/23/economic-uncertainty-cybersecurity/ - The Dark Side Of YouTube: Malicious Links, Phishing, And Deepfakes
"With billions of users, YouTube has become a tempting target for cybercriminals. They post malicious links in video descriptions and comments. Some send phishing emails to creators, posing as sponsors but attaching malware. Others hijack popular channels to promote fake cryptocurrency giveaways. Deepfake videos have entered the mix, using AI to impersonate well-known public figures."
https://www.helpnetsecurity.com/2025/04/23/most-common-youtube-scams/ - UK Romance Scams Spike 20% As Online Dating Grows
"Romance scam reports have risen 20% year-over-year during the first quarter of 2025, according to new data from UK banking giant Barclays. The report found that romance scams are continuing to rise in line with the growing popularity of online dating and dating apps. The majority of romance scam reports in Q1 2025 originated from these platforms. Barclays added that 12% of UK adults have been targeted, or know someone who has been targeted, by a romance scam. The report also found that victims lost £8000 ($10,704) on average in 2024, a significant increase from £5800 ($7760) in 2023."
https://www.infosecurity-magazine.com/news/uk-romance-scams-online-dating/ - AI Can Help Defenders Stop Nation-State Threat Actors At Machine Speed
"Last year, the escalating concerns about Chinese threat actors breaching U.S. organizations reached a crescendo as federal authorities issued increasingly urgent advisories about China’s “Typhoon” groups infiltrating U.S. networks, pressing organizations to take immediate action. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned that these groups were engaged in a host of massive intrusions, ranging from infiltrating telecommunications networks and sensitive law enforcement communication platforms in order to preposition themselves on critical infrastructure networks to destroy or disrupt services."
https://cyberscoop.com/cybersecurity-ai-chinese-threat-actors/ - US Data Breach Victim Count Surges 26% Annually
"The number of individuals impacted by data breaches increased by 26% year-on-year (YoY) in the first three months of 2025, despite overall incident volumes remaining flat, according to the Identity Theft Resource Center (ITRC). The non-profit records all publicly available information on corporate “data compromises” in the US – that is, data breaches, exposures and leaks. It posted a total of 824 such events in Q1 2025, versus a slightly higher 841 a year ago. However, while there were 72.5 million victims in the first three months of 2024, the number had increased to over 91.3 million by the first quarter of 2025."
https://www.infosecurity-magazine.com/news/us-data-breach-victim-count-surges/ - FBI: US Lost Record $16.6 Billion To Cybercrime In 2024
"The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year. According to the bureau's annual Internet Crime Complaint Center (IC3) report, IC3 recorded 859,532 complaints last year (256,256 with actual loss), amounting to an average loss of $19,372. The most impacted group is older Americans, especially people over 60, who filed 147,127 complaints linked to approximately $4.8 billion in losses."
https://www.bleepingcomputer.com/news/security/fbi-us-lost-record-166-billion-to-cybercrime-in-2024/
https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf
https://therecord.media/over-16-billion-in-losses-fbi-cybercrime
https://www.bankinfosecurity.com/fbi-pushes-global-crackdowns-as-cybercrime-losses-soar-a-28067
https://cyberscoop.com/fbi-ic3-cybercrime-report-2024-key-statistics-trends/
https://www.infosecurity-magazine.com/news/fbi-staggering-lost-cybercrime-2024/
https://www.theregister.com/2025/04/24/ransomware_scum_and_other_crims/ - M-Trends 2025: Data, Insights, And Recommendations From The Frontlines
"One of the ways threat actors keep up with the constantly evolving cyber defense landscape is by raising the level of sophistication of their attacks. This trend can be seen across many of our engagements, particularly when responding to China-nexus groups. These actors have demonstrated the ability to create custom malware ecosystems, identify and use zero-day vulnerabilities in security and other appliances, leverage proxy networks akin to botnets, target edge devices and platforms that traditionally lack endpoint detection and response, and employ custom obfuscators in their malware. They take these extra steps to evade detection, stifle analysis, and ultimately stay on systems for longer periods of time."
https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025
https://services.google.com/fh/files/misc/m-trends-2025-en.pdf
https://thehackernews.com/2025/04/dprk-hackers-steal-137m-from-tron-users.html
https://thehackernews.com/2025/04/iran-linked-hackers-target-israel-with.html
https://cyberscoop.com/mandiant-m-trends-2025/
https://www.infosecurity-magazine.com/news/vulnerability-credential-initial/
https://www.theregister.com/2025/04/23/stolen_credentials_mandiant/ - The Foundations Of a Resilient Cyber Workforce
"In an era defined by digital interconnectivity and geopolitical uncertainty, trust and integrity have never been more critical to cybersecurity. Recent political transitions, economic instability, and the proliferation of artificial intelligence (AI) underscore the fragility of trust within both organizations and nations. Companies must recognize that cybersecurity is not just about technology — it is about people, ethics, and accountability. Without trust, organizations expose themselves to existential risks, from insider threats to nation-state attacks and the erosion of public confidence in security itself."
https://www.darkreading.com/vulnerabilities-threats/foundations-resilient-cyber-workforce - How Emerging AI Frameworks Drive Business Value And Mitigate Risk
"A new wave of technology is reshaping the way businesses operate: systems driven by artificial intelligence (AI) that continually "evolve" through self-learning and collaboration. Instead of a single program solving one isolated problem, companies are adopting agentic AI — a model where multiple automated "agents" share information and work together to solve a wide range of tasks."
https://www.darkreading.com/cyber-risk/how-emerging-ai-frameworks-drive-business-value-and-mitigate-risk - Cloudflare: Government-Backed Internet Shutdowns Plummet To Zero In First Quarter
"Governments around the world have appeared to ease off from using internet shutdowns to silence protesters and control access to information, according to new data from internet infrastructure company Cloudflare. Cloudflare and other internet monitoring organizations like NetBlocks have tracked dozens of internet shutdowns or specific website bans globally for years, with multiple throughout 2024 related to contentious elections or military conflict. Some have persisted since they began, including years-long internet throttling in dictatorships like Myanmar."
https://therecord.media/government-internet-shutdowns-slow-in-2025 - Extortion And Ransomware Trends January-March 2025
"Unit 42 regularly monitors the cyberthreat landscape, including trends in extortion and ransomware. Ransomware actors continue to evolve to increase the effectiveness of their attacks and the likelihood that organizations will pay what is demanded. In our 2025 Unit 42 Global Incident Response Report, we found that 86% of incidents involved business disruption, spanning operational downtime, reputational damage or both. In this survey of recent trends, we share qualitative observations based on incident response cases and the broader threat landscape."
https://unit42.paloaltonetworks.com/2025-ransomware-extortion-trends/
อ้างอิง
Electronic Transactions Development Agency(ETDA)