Microsoft Drops Another Massive Patch Update – Dark Reading
A threat actor has already exploited one of the flaws in a ransomware campaign with victims in the US and other countries. – Read More
April 2025
Industry Asks for Clarity on Proposed HIPAA Cybersecurity Rules – Dark Reading
Healthcare and IT security practitioners worry some of the proposed amendments are not practical for a sector that lacks resources and often uses legacy equipment. – Read More
Aurascape Brings Visibility, Security Controls to Manage AI Applications – Dark Reading
New cybersecurity startup Aurascape emerged from stealth today with an AI-native security platform to automate security policies for AI applications. – Read More
UK Orgs Pull Back Digital Projects With Looming Threat of Cyberwarfare – Dark Reading
Artificial intelligence poses a significant concern when it comes to nation-state cyberthreats and AI’s ability to supercharge attacks. – Read More
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw – The Hacker News
Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a…
Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal – The Hacker News
Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege…
2 Android Zero-Day Bugs Under Active Exploit – Dark Reading
Neither security issue requires user interaction; and one of the vulnerabilities was used to unlock a student activist’s device in an attempt to install spyware. – Read More
Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings – The Hacker News
Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate…
BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actors – NCSC News
The NCSC and partners publish new information and mitigation measures for those at high risk from two spyware variants. – Read More
BADBAZAAR and MOONSHINE: Technical analysis and mitigations – NCSC News
This advisory provides new and collated threat intelligence on two variants of spyware known as BADBAZAAR and MOONSHINE, and includes advice for app store operators, developers and social media companies…
NCSC and partners share guidance for communities at high risk of digital surveillance – NCSC News
Spyware variants MOONSHINE and BADBAZAAR are being used to target mobile devices of individuals around the world. – Read More
Commercial Real Estate sector set to miss major decarbonisation target by a decade – Legal Futures
Research by commercial real estate data and technology company, Search Acumen, suggests that it will take until at least 2040 for all rented commercial properties to meet the 2030 MEES…
Dangerous, Windows-Hijacking Neptune RAT Scurries Into Telegram, YouTube – Dark Reading
The malware’s creators insist a new open source version of Neptune is for educational use by pen testers, but a raft of sophisticated backdoor and evasion capabilities says otherwise. –…
How Democratized Development Creates a Security Nightmare – Dark Reading
No-code and low-code platforms offer undeniable benefits. But when security is an afterthought, organizations risk deploying vulnerable applications that expose sensitive data and critical systems. – Read More
Internal Data Leakage: An Overlooked Contract Risk in Enterprise AI – Contract Nerds
Key Takeaways: When rolling out an AI tool across your organization, consider how company data might be exposed across internal teams. Internal data access isn’t just a governance concern—contracts professionals…