CVE Alert: CVE-2025-26888 - https://www.redpacketsecurity.com/cve_alert_cve-2025-26888/

CVE Alert: CVE-2025-21597 - https://www.redpacketsecurity.com/cve_alert_cve-2025-21597/

CVE Alert: CVE-2025-26902 - https://www.redpacketsecurity.com/cve_alert_cve-2025-26902/

CVE Alert: CVE-2025-30646 - https://www.redpacketsecurity.com/cve_alert_cve-2025-30646/

CVE Alert: CVE-2025-26901 - https://www.redpacketsecurity.com/cve_alert_cve-2025-26901/

CVE Alert: CVE-2025-21601 - https://www.redpacketsecurity.com/cve_alert_cve-2025-21601/

Leak exposes #BlackBasta’s influence tactics

https://arstechnica.com/security/2025/04/leaked-messages-expose-trade-secrets-of-prolific-black-basta-ransomware-group/

#Microsoft: #Windows #CLFS zero-day exploited by #ransomware gang

https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/

"Spilling data out of silos and consolidating it into a centralized database provides an irresistible honeypot for hackers, thieves, and enemy states. The federal government doesn’t have a great record of protecting sensitive information of late.

Trump’s order does state that consolidation must be “consistent with applicable law.” On its face, the order seems at odds with the 1974 Privacy Act, which specifically limits what it calls “computer matching.” But the order also says that it supersedes any “regulation subject to direct Presidential rulemaking authority.” This president considers that a very broad category. Also, as evidenced by multiple court rulings, Elon Musk’s so-called Department of Government Efficiency has been less than meticulous in respecting current law. In more than one example, current agency officials have cited legal barriers to block DOGE’s access to information. As a result, they were placed on leave, replaced by those who were willing to fling open the silos. In addition, on March 25, Trump issued another executive order that dictated that the Treasury Department should have access to other government databases. As legal justification, it cited an obscure passage in the 1974 law that allowed federal computer matching in limited circumstances. Perhaps this loophole will be broadened to justify the massive consolidation envisioned in the silo executive order next.

Oh, and the March 20 order also gives the federal government “unfettered access to comprehensive data from all State programs that receive Federal funding, including, as appropriate, data generated by those programs but maintained in third-party databases.” That seems to mean that not only will the silos between federal and state data be compromised, but the government could get access to some information in private hands too."

https://www.wired.com/story/plaintext-trump-executive-order-information-silos-privacy/

Spam activity for the December 2024 - February 2025 reporting period is now posted at the Cybercrime Information Center. This was a record-setting reporting period.

Retailers will envy the holiday season that spammers enjoyed.

Noteworthy findings

TLDs:

.BOND had less than 1M domains but over 700K spam domains. Compare to .COM which had 157M domains and just under 1M spam domains. hashtag

#ouch

Domain Registrars:

Dynadot and Key Systems had more spam domains under management than GoDaddy.

Hosting Networks (ASNs)

Amazon had a 900% increase in spam content or spambots reported.

https://www.cybercrimeinfocenter.org/spam-activity-numbers-december-february-2025

#Microsoft April 2025 #PatchTuesday fixes exploited zero-day, 134 flaws

https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2025-patch-tuesday-fixes-exploited-zero-day-134-flaws/

SMEs boost cyber resilience while larger firms struggle https://www.telecomstechnews.com/news/smes-boost-cyber-resilience-larger-firms-struggle/ #security #enterprise #cybersecurity #hacking #infosec #tech #news #technology

Hackers lurked in #Treasury #OCC’s systems since June 2023 breach

https://www.bleepingcomputer.com/news/security/hackers-lurked-in-treasury-occs-systems-since-june-2023-breach/

Travelers should prepare for the possibility of extra scrutiny of their phones while crossing borders, especially when entering the United States. @AssociatedPress has tips on protecting your device's privacy while travelling. #iPhone #Android #DataPrivacy #ICE #CyberSecurity https://flip.it/ixLFJC

#WhatsApp flaw can let attackers run malicious code on #Windows PCs

https://www.bleepingcomputer.com/news/security/whatsapp-flaw-can-let-attackers-run-malicious-code-on-windows-pcs/

New #Mirai #botnet behind surge in #TVT #DVR exploitation

https://www.bleepingcomputer.com/news/security/new-mirai-botnet-behind-surge-in-tvt-dvr-exploitation/

SentinelLabs: AkiraBot spammers abused an OpenAI GPT-4o-mini-based API to generate unique messages, bypassing spam filters and targeting 80K+ sites in just 4 months. AI is now powering smarter spam. #CyberSecurity #AI #GPT4o #Spam #OpenAI #InfoSec #AkiraBot

Treasury Department bank regulator discloses major hack

Attackers gained unauthorized, prolonged access to the banking regulator’s email system and may have seen numerous messages containing highly sensitive data.

https://www.cybersecuritydive.com/news/treasury-department-office-overseeing-bank-regulations-hacked/744871/

Another minor career milestone today - 15 students undertook a small lab exercise I put together. Barring a couple of instances that didn't work as expected, it was reasonably successful. Some constructive feedback from students and colleague. I'm very much enjoying this teaching malarkey. #CareerChange #teaching #CyberSecurity #InfoSec #apprentices #GlosCol