Cybersecurity News Roundup: Top Threats of April 3, 2025
Today’s cybersecurity news roundup reveals a chaotic threat landscape shaking systems worldwide. The openSNP project’s shutdown by April 30, 2025, over privacy risks signals a turning point for open-source data security. Meanwhile, Verizon’s Call Filter flaw exposed call logs via an unsecured API, spotlighting telecom vulnerabilities. A GitHub supply chain attack, sparked by a stolen SpotBugs token, hit platforms like Coinbase, proving no one’s safe from cascading risks. Android users face a new Triada trojan variant, preinstalled on thousands of devices, ready to steal data from day one.
Cisco’s Smart Licensing Utility (CVE-2024-20439) is under fire with active exploits targeting a backdoor admin account—admins, patch now. Royal Mail’s probing a massive 144GB data leak, a ransomware case grabbing headlines. Apple rushed fixes for three exploited zero-days (CVE-2025-24085, -24200, -24201) in older iOS/macOS systems, already hit by attackers. Russian hackers, Water Gamayun, leveraged CVE-2025-26633 to deploy SilentPrism and DarkWisp backdoors on Windows, amplifying zero-day fears. RESURGE malware, exploiting Ivanti’s CVE-2025-0282, brings rootkits and web shells to the table, threatening enterprise networks.
Lastly, BlackLock ransomware’s leak site blunder let researchers uncover 46 victims—a rare win against cybercriminals. From mobile malware to supply chain chaos, these stories dominate tech blogs and threat intel feeds. Learn how this cybersecurity news roundup threatens systems and how to defend—stay ahead of the curve.
OpenSNP Shutdown Over Privacy Risks
The openSNP project, a genetic data-sharing platform, will shut down on April 30, 2025, deleting all user submissions. Privacy concerns and potential misuse by authoritarian regimes prompted the decision. This highlights growing fears over data security in open-source science.
Verizon Call Filter Vulnerability
A flaw in Verizon’s Call Filter allowed unauthorized access to call logs via an unsecured API. Verizon Wireless customers are affected, risking privacy breaches. It’s a stark reminder of telecom security gaps amid rising cyber threats.
GitHub Supply Chain Attack via SpotBugs
A cascading attack on GitHub, traced to a stolen SpotBugs token, compromised multiple projects, including Coinbase. Developers and organizations using GitHub face heightened risks. This underscores the fragility of software supply chains in 2025.
Triada Trojan Preinstalled on Android Devices
A new Triada trojan variant was found preinstalled on thousands of Android devices, enabling instant data theft. New Android users are the primary targets. Its stealthy spread signals a resurgence of mobile malware threats.
Cisco Smart Licensing Backdoor Exploits
Cisco warned of a critical vulnerability (CVE-2024-20439) in its Smart Licensing Utility, exposing a backdoor admin account. Cisco admins must patch urgently as attacks are active. This flaw’s exploitability threatens enterprise network security.
Royal Mail Data Breach
Royal Mail is probing a breach after a threat actor leaked 144GB of stolen data. The UK postal service and its customers are impacted. It’s a high-profile case driving public interest in ransomware trends.
Apple Patches Exploited Zero-Days
Apple fixed three zero-day flaws (CVE-2025-24085, -24200, -24201) in older iOS/macOS devices, already under attack. Users of legacy Apple systems are at risk of privilege escalation. The rapid exploitation makes this a critical update.
Russian Hackers Deploy SilentPrism and DarkWisp
Russian group Water Gamayun exploited CVE-2025-26633 in Microsoft’s MMC to deliver SilentPrism and DarkWisp backdoors. Windows users face stealthy malware risks. Its zero-day status amplifies the threat’s severity.
RESURGE Malware Hits Ivanti Systems
RESURGE malware exploited an Ivanti flaw (CVE-2025-0282), adding rootkits and web shells for persistence. Ivanti Connect Secure and ZTA users are vulnerable. Its sophistication marks it as a top concern for 2025.
BlackLock Ransomware Leak Site Flaw
A flaw in BlackLock’s leak site exposed internal data, revealing 46 victims to researchers. The ransomware group and its targets are affected. This rare counter-hack offers insight into cybercrime operations.