Oracle Cloud Faces Second Data Breach in Weeks
Oracle disclosed a second breach involving stolen login credentials from legacy systems, following a prior cloud infrastructure compromise. This affects Oracle Cloud clients, including healthcare orgs via the old Cerner division. The FBI investigation and lawsuits highlight the severity of outdated system risks.
Google Patches Quick Share Vulnerability
A flaw (CVE-2024-10668) in Google’s Quick Share for Windows allowed silent file transfers or DoS attacks without user consent. Windows users of the file-sharing tool were exposed to unauthorized data delivery. Its exploitability underscores the need for rapid patching in everyday utilities.
Apple Backports Fixes for Three Zero-Days
Apple patched three exploited zero-days (CVE-2025-24085, -24200, -24201) in older iOS and macOS devices, targeting Core Media and WebKit. Legacy device users face privilege escalation risks from active attacks. The focus on older systems shows ongoing threats to unupdated tech.
Ivanti Flaw Fuels RESURGE Malware Surge
RESURGE malware exploited CVE-2025-0282 in Ivanti Connect Secure, deploying rootkits and web shells. Ivanti VPN and gateway users, especially in critical infrastructure, are hit hard. China-linked Silk Typhoon’s zero-day use amplifies its threat level.
BlackLock Ransomware Leak Site Hacked
BlackLock’s leak site was breached via a local file inclusion flaw, exposing 46 victims and internal ops. Affected organizations gain insight into the gang’s tactics from this rare leak. The “hackers hacked” angle is driving massive public interest.
Russian Hackers Target Microsoft with MSC EvilTwin
Water Gamayun exploited CVE-2025-26633 in Microsoft’s Management Console to drop SilentPrism and DarkWisp backdoors. Windows enterprise users face stealthy persistence from this zero-day. It’s a stark reminder of nation-state cyber risks.
Firefox Patches Critical Bug After Chrome Scare
Mozilla fixed CVE-2025-2857, a sandbox escape in Firefox, mirroring a Chrome zero-day, now on CISA’s KEV list. Windows Firefox users risk remote code execution without updates. The federal patching deadline of April 17 adds urgency.
Morphing Meerkat Phishing Kit Evolves
The Morphing Meerkat phishing kit now mimics 114 brands using DNS MX records for tailored fake logins. Users of major services are targeted via adtech redirects. Its growing sophistication is fueling phishing-as-a-service concerns.
RansomHub’s EDRKillShifter Spreads to Other Gangs
RansomHub’s EDRKillShifter tool, disabling endpoint security, is now used by Medusa, BianLian, and Play ransomware groups. Orgs with EDR solutions are vulnerable to this BYOVD tactic. Cross-gang adoption signals a dangerous ransomware trend.
Malaysian Airport Hit by $10M Ransomware Attack
A $10M ransomware attack disrupted a Malaysian airport, exposing transportation sector weaknesses. Airport systems and networks struggled to adapt to the agile assault. It’s a wake-up call for critical infrastructure cybersecurity globally.