Third-party data breaches rise almost 50 percent | Prevalent

A new study from Prevalent shows a 49% increase in third-party data breaches year-over-year, with 61% of companies experiencing a breach in 2022. The report highlights the urgent need for improved third-party security, as companies rely on multiple tools and lack coordination, leaving supply chains vulnerable.

California Is About To Run Out of License Plate Numbers - Slashdot

California is projected to run out of its current license plate number format by the end of 2025. The new format will consist of three numbers, three letters, and one number.

WhatsApp launches privacy tool to stop users taking content off the platform | The Standard

WhatsApp is introducing a new privacy tool, Advanced Chat Privacy, which will prevent users from exporting chats, auto-downloading media, or using messages for AI features. The feature will be rolled out gradually and will provide greater confidence in the privacy of sensitive conversations.

Notice of Data Breach | Blue Shield of California | News Center

The article describes a data breach at Blue Shield of California, where member information was potentially shared with Google Ads. The breach involved Google Analytics being configured to share member data with Google Ads, which may have included protected health information. Blue Shield has taken steps to safeguard against similar future disclosures and has notified members who may have been affected.

Files Deleted From GitHub Repos Leak Valuable Secrets - SecurityWeek

A security researcher found hundreds of leaked secrets in deleted files from public GitHub repositories. The researcher built a tool to clone repositories, restore deleted files, and scan for secrets. The findings highlight the risks associated with Git’s file retention and the importance of proper secret management.

UK utility cyberattacks rose 586% from 2022 to 2023 | Security Magazine

Cyberattacks on UK utility companies surged by 586% from 2022 to 2023, driven by phishing and ransomware. The energy sector reported three times more operational technology incidents than any other industry.

Australian Businesses Gear Up for Ransom Reporting Deadline

Australian organizations with annual turnover of at least AU$3 million or designated as critical infrastructure operators must report ransomware payments to the Australian Signals Directorate within 72 hours starting May 30th. The new law aims to improve government understanding of the ransomware threat and disrupt the ransomware business model.

Senior CISA Advisers Announce Exits Amid Federal Downsizing

Several senior advisers at the Cybersecurity and Infrastructure Security Agency (CISA), including those involved in the “Secure by Design” initiative, are leaving due to mass layoffs and federal downsizing. The departures raise concerns about CISA’s ability to sustain critical initiatives and strengthen U.S. cyber defenses. Despite the departures, CISA remains committed to its mission and the “Secure by Design” principles.

Russian, Chinese Hackers Targeted Dutch Government

Dutch intelligence agency reported Russian and Chinese hackers targeted critical infrastructure in the Netherlands in 2024. Russian hackers aimed to sabotage and undermine Dutch support for Ukraine, while Chinese hackers engaged in espionage, particularly targeting the defense sector.

SK Telecom reports hacking incident involving partial leak of user USIM data - The Korea Times

SK Telecom reported a hacking incident involving the partial leakage of customer USIM data. The company detected unauthorized network access, deleted the malicious code, and notified authorities.

Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts | The Record from Recorded Future News

Japan’s Financial Services Agency reported a surge in unauthorized trades totaling hundreds of millions of dollars from hacked brokerage accounts. The agency attributed the trend to stolen customer information obtained through phishing websites, with brokerages covering customer losses.

Microsoft Entra ID Lockouts After MACE App Flags Legit Users

Microsoft Entra ID accounts were locked due to a bug in the MACE Credential Revocation app, which mistakenly flagged legitimate users as high-risk. The issue was caused by an internal logging problem with refresh tokens, leading to invalidated tokens and subsequent alerts. Microsoft has addressed the problem and provided a solution for affected users.

SSL.com Scrambles to Patch Certificate Issuance Vulnerability  - SecurityWeek

A domain control validation (DCV) vulnerability in SSL.com allowed a researcher to obtain a fraudulent certificate for aliyun.com. SSL.com revoked the certificate and ten others misissued for legitimate domains, including *.medinet.ca and help.gurusoft.com.sg. The issue, discovered in April 2025, did not impact Entrust systems.

Russian Host Proton66 Tied to SuperBlack and WeaXor Ransomware

Cybersecurity experts at Trustwave’s SpiderLabs have discovered an increase in malicious online activities originating from the Russian “bulletproof” hosting provider Proton66. These activities include ransomware campaigns, Android malware distribution, and targeted attacks using XWorm and Strela Stealer. There are also potential connections to Chang Way Technologies and the SuperBlack ransomware group.

Reborn: Cybercrime Marketplace Cracked Appears to Be Back

The notorious online cybercrime marketplace Cracked, which was disrupted by authorities in January, appears to have restarted operations using new infrastructure and domain names. The revived site claims to have restored a backup of the previous site and lists 4.7 million users. Meanwhile, the fate of the BreachForums marketplace remains uncertain, with a new site claiming to be a relaunch being met with skepticism and claims of being a fake.

What’s in Store for the CVE Program Post-Mitre Management?

The Common Vulnerabilities and Exposures (CVE) Program, run by Mitre, faced imminent disruption due to funding expiration. While funding has been extended for 11 months, a more permanent solution is needed. The industry is exploring options, including a non-profit entity, to ensure the program’s continued operation and maintain consistency in vulnerability identification and tracking.

Urgent warning to all 1.8b Gmail users over ‘sophisticated’ attack stealing personal information | Daily Mail Online

Google confirmed a sophisticated phishing attack targeting 1.8 billion Gmail users. The attack, which exploits a vulnerability in Google’s infrastructure, appears to be from a legitimate Google address and tricks users into sharing their login credentials. Google advises users to adopt two-factor authentication and passkeys for enhanced account security.

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems thehackernews.com/2025/04/r…

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils (132 downloads) node-telegram-bots-api (82 downloads) node-telegram-util (73 downloads) According to supply chain security firm Socket, the packages are designed to mimic node-telegram-bot-api, a popular Node.js Telegram Bot API with over 100,000 weekly downloads. The three libraries are still available for download. “While that number may sound modest, it only takes a single compromised environment to pave the way for wide-scale infiltration or unauthorized data access,” security researcher Kush Pandya said. “Supply chain security incidents repeatedly show that even a handful of installs can have catastrophic repercussions, especially when attackers gain direct access to developer systems or production servers.” The rogue packages not only replicate the description of the legitimate library, but also leverage a technique called starjacking in a bid to elevate the authenticity and trick unsuspecting developers into downloading them.

Whistleblower Complaint Exposes DOGE Cybersecurity Failures www.databreachtoday.com/whistlebl…

Staffers for the Department of Government Efficiency violated federal cybersecurity protocols and data protection laws by bypassing identity and access controls, gaining system-wide access above even the chief information officer of the National Labor Relations Board, according to a whistleblower complaint made public this week.

Could Ransomware Survive Without Cryptocurrency? www.darkreading.com/cyber-ris…

Ransomware has become synonymous with cryptocurrency, but factors such as poor cyber hygiene and organizations' willingness to pay ransoms are what fuel the threat. The number of recorded attacks and victims continues to climb following record-setting years for ransomware activity throughout 2023 and 2024. And the first few months of 2025 are on track to continue the upward trajectory. The pervasive threat has evolved significantly since the first recorded ransomware attack in 1989. Back then, attackers demanded ransom payments via traceable methods, such as standard mail and sending gift cards via SMS text messages. Nowadays, cryptocurrency — specifically Bitcoin — allows ransomware groups to request and receive ransoms in a far more anonymous and easier way. While experts agree that cryptocurrency has helped fuel the ransomware threat to the alarming levels seen today and enables widespread activity, they say ransomware groups would survive just fine without the virtual currency.

Chinese APT Mustang Panda Debuts 4 New Attack Tools www.darkreading.com/cloud-sec…

One of China’s major state-funded espionage groups has created or otherwise upgraded various malware programs, signaling a notable arsenal refresh that defenders need to be aware of. Mustang Panda (aka Bronze President, Stately Taurus, and TA416) is an advanced persistent threat (APT) believed to be sponsored by the People’s Republic of China (PRC). It has long been known for spying on targets of interest to the PRC, including: military and government organizations, nongovernmental organizations (NGOs), think tanks, minority groups, and corporations in major industries, primarily around East and Southeast Asia but also in the West. Recently, the group attacked an organization based in Myanmar. In the process, researchers from Zscaler uncovered four previously unknown attack tools the group is now using. They include two keyloggers, a tool for facilitating lateral movement, and a driver used to evade endpoint detection and response (EDR) software. Besides that, the group has also upgraded its signature backdoor, “Toneshell.”

Interlock ransomware gang pushes fake IT tools in ClickFix attacks www.bleepingcomputer.com/news/secu…

The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. ClickFix is a social engineering tactic where victims are tricked into executing dangerous PowerShell commands on their systems to supposedly fix an error or verify themselves, resulting in the installation of malware. Though this isn’t the first time ClickFix has been linked to ransomware infections, confirmation about Interlock shows an increasing trend in these types of threat actors utilizing the tactic.

Widespread Microsoft Entra lockouts tied to new security feature rollout www.bleepingcomputer.com/news/micr…

Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID’s “leaked credentials” detection app called MACE. These alerts and lockouts began last night, with some admins believing they were false positives as the accounts have unique passwords that are not used on any other sites or applications. Microsoft Entra ID, formerly Azure Active Directory, is a cloud-based identity and access management service that helps organizations manage user identities and secure access to resources. In a Reddit thread posted early this morning, Windows admins reported receiving multiple alerts from Entra indicating that some of their user accounts had been found with credentials leaked on the dark web or other locations. These accounts were automatically locked out of the tenant, with numerous users impacted per organization. “Us as well… about 1/3rd of our accounts got locked out about ~1 hour ago. We’re a MSP so I’m assuming this is happening to our clients as well,” posted an admin on Reddit. The locked-out accounts showed no signs of compromise, such as suspicious sign-ins, and were protected with MFA. Furthermore, breach notification services like Have I Been Pwned (HIBP) had no matches for these accounts.​

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader thehackernews.com/2025/04/m…

A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. “Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution,” Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign. unit42.paloaltonetworks.com/phishing-…

Baltimore City State’s Attorney’s Office hacked; Data leaked – DataBreaches.Net

The Baltimore City State’s Attorney’s Office was hacked, resulting in the leak of 325GB of data, including sensitive information on crime victims, perpetrators, and juvenile offenders. The hacking group, Kairos, claimed to have detected the breach while exfiltrating data and engaged in negotiations with the office, which ultimately failed. The leak includes personal data on police officers, victims, and witnesses, raising concerns about privacy and potential long-term impact on individuals involved.