<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/28/2025

SHARE

Top News

Critical vulnerability in SAP NetWeaver under threat of active exploitation

Security researchers warn that hackers are actively exploiting a critical unrestricted-file-upload vulnerability in SAP NetWeaver Visual Composer. The vulnerability, tracked as CVE-2025-31324, could allow an unauthenticated user to upload malicious executable binaries. The vulnerability has a severity score of 10. Researchers from Reliaquest disclosed the vulnerability to SAP after an investigation uncovered attackers uploading JSP webshells into publicly accessible directories. READ MORE...


4 Million Affected by VeriSource Data Breach

Employee benefit administrative services provider VeriSource Services is notifying four million individuals that their personal information was stolen in a year-old hack. The incident, the company says, was discovered on February 28, 2024, one day after a threat actor exfiltrated data from its systems. A review of the compromised data was concluded on August 12, 2024, and the company started notifying the potentially impacted individuals a week later. READ MORE...

Breaches

Employee monitoring app exposes users, leaks 21+ million screenshots

Unfortunately, spyware apps with poor reputations and even weaker security practices are all too common. I've lost count of how many blogs I've written about stalkerware-type apps that not only exposed the people they spied on but also ended up exposing the spies themselves. Cybernews recently uncovered that employee monitoring app WorkComposer left over 21 million images exposed in an unsecured Amazon AWS S3 bucket. READ MORE...

Trends

Digital Twins Bring Simulated Security to the Real World

The next time your company faces a cyberattack, it may be limited to a virtual world, if digital twins - a technology pairing simulation and real-world data - takes off. Researchers and analysts at security-operations platform provider Trellix, for example, use information culled from Microsoft Active Directory, an e-policy orchestration platform, and the network connections linking the systems to create a digital model of a customer's enterprise environment. READ MORE...

Software Updates

Coinbase fixes 2FA log error making people think they were hacked

Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. As BleepingComputer first reported earlier this month, Coinbase had mistakenly labeled failed login attempts with incorrect passwords as two-factor authentication failures in the Account Activity logs. When a threat actor attempted to access someone's account and used the wrong password, error messages [stating that a login was blocked] would be shown instead. READ MORE...

Malware

WooCommerce admins targeted by fake security patches that hijack sites

A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a "critical patch" that adds a Wordpress backdoor to the site. Recipients that take the bait and download the update are actually installing a malicious plugin that creates a hidden admin account on their website, downloads web shell payloads, and maintains persistent access. READ MORE...

Exploits/Vulnerabilities

More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans

Ivanti VPN users should stay alert as IP scanning for the vendor's Connect Secure and Pulse Secure systems surged by 800 percent last week, according to threat intel biz GreyNoise. The team at the internet monitoring company said this is the kind of pattern that usually precedes exploitation and public disclosure of new vulnerabilities. The typical daily number of unique IP addresses scanning for Ivanti VPNs is under 30, but on April 18 this number surged to 234 probing Ivanti endpoints. READ MORE...


Samsung admits Galaxy devices can leak passwords through clipboard wormhole

Samsung has warned that some of its Galaxy devices store passwords in plaintext. The Korean giant's security SNAFU was reported by a user using the handle "OicitrapDraz" in a post to Samsung's community forum. "I copy passwords from my password manager all the time," OicitrapDraz wrote on April 14. "How is it that Samsung's clipboard saves everything in plain text with no expiration? That's a huge security issue." READ MORE...


Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites

Hundreds of websites have been compromised through the exploitation of a zero-day vulnerability in the Craft content management system (CMS), security services provider Orange Cyberdefense warns. Tracked as CVE-2025-32432 (CVSS score of 10/10), the issue was discovered in built-in image transformation functionality that helps administrators keep images in a specific format, and allows unauthenticated attackers to send crafted requests leading to remote code execution (RCE). READ MORE...

Science & Culture

New study shows why simulated reasoning AI models don't yet live up to their billing

There's a curious contradiction at the heart of today's most capable AI models that purport to "reason": They can solve routine math problems with accuracy, yet when faced with formulating deeper mathematical proofs found in competition-level challenges, they often fail. That's the finding of eye-opening preprint research into simulated reasoning (SR) models, initially listed in March and updated in April, that mostly fell under the news radar. READ MORE...

On This Date

  • ...in 1948, fantasy author Terry Pratchett, best known for his "Discworld" series of novels, is born in Buckinghamshire, England.
  • ...in 1973, Pink Floyd's "The Dark Side of the Moon" goes to #1 on the US Billboard chart. It stays on the album charts for the next 741 weeks.
  • ...in 1986, the US Navy vessel USS Enterprise becomes the first nuclear-powered aircraft carrier to travel the Suez Canal.
  • ...in 2001, millionaire Dennis Tito becomes the world's first space tourist, paying $20M to join the Russian Soyuz TM-32 mission.