Daily cybersecurity news is your pulse on the latest threats and vulnerabilities shaking up the digital world. On April 2, 2025, we’ve sifted through tech blogs, threat intel, and social media feeds to bring you the top 10 trending cybersecurity stories. From zero-day exploits to ransomware twists, here’s what’s making waves today.
Apple Patches Three Zero-Days in Older Devices
Apple tackled three exploited vulnerabilities (CVE-2025-24085, -24200, -24201) in legacy iOS and macOS systems with emergency updates. These flaws, hitting Core Media and WebKit, affect older iPhones and Macs, risking sandbox escapes. Active exploitation makes this a critical fix for millions still on outdated devices.
Microsoft MSC EvilTwin Exploited by Russian Hackers
Russian group Water Gamayun exploited CVE-2025-26633 in Microsoft’s Management Console to deploy backdoors like SilentPrism. Windows enterprise users are vulnerable to this zero-day attack. Its stealthy persistence has experts worried about nation-state threats.
RESURGE Malware Targets Ivanti Systems
RESURGE malware hit Ivanti Connect Secure via CVE-2025-0282, deploying rootkits and web shells. Organizations using Ivanti VPNs face remote code execution risks. Linked to China’s Silk Typhoon, it’s a major concern for critical infrastructure.
BlackLock Ransomware Site Hacked
BlackLock’s leak site exposed 46 victims after a local file inclusion flaw was exploited by researchers. Affected companies now have a rare glimpse into ransomware ops. This twist has sparked buzz for flipping the script on attackers.
Firefox Fixes Sandbox Escape Flaw
Mozilla patched CVE-2025-2857 in Firefox, a sandbox escape bug tied to a Chrome zero-day. Windows Firefox users risk remote code execution without updates. CISA’s deadline of April 17 highlights its urgency.
Morphing Meerkat Phishing Kit Expands
Morphing Meerkat mimics 114 brands with DNS-based phishing pages, exploiting adtech redirects. Users of major services are prime targets. Its scale and adaptability are driving phishing-as-a-service trends.
RansomHub’s EDRKillShifter Goes Viral
RansomHub’s EDRKillShifter tool, disabling endpoint security, is now used by multiple ransomware gangs. Organizations with EDR solutions are at risk from this BYOVD tactic. Cross-gang sharing signals a new ransomware evolution.
SparrowDoor Variants Hit U.S. and Mexico
FamousSparrow’s updated SparrowDoor backdoors targeted a U.S. trade group and Mexican institute. Chinese-linked espionage affects sensitive orgs. Its active development raises red flags for targeted attacks.
Next.js Authorization Bypass Flaw
CVE-2025-29927 in Next.js lets attackers bypass middleware, exposing admin pages. Self-hosted apps (versions 12.3.5–15.2.3) are vulnerable, with a CVSS of 9.1. Web developers are scrambling to patch this critical bug.
CISA’s KEV Catalog Grows by 32
CISA added 32 exploited vulnerabilities, including CVE-2025-1316 in EdiMax, to its KEV catalog in March. Microsoft, Google, Apple, and more are affected, impacting enterprises and consumers. Active exploitation demands immediate patching.