New infosec products of the week: April 25, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Bitdefender, PowerDMARC, Skyhawk Security, Stellar Cyber, Swimlane, and Veracode. Email…
Month: April 2025
North Korean hackers set up fake firms in US to target cryptocurrency developers
North Korean cyber spies created two businesses in the US, in violation of Treasury sanctions, to infect developers working in the cryptocurrency industry with malicious…
VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025
Attackers exploited nearly a third of vulnerabilities within a day of CVE disclosure in the first quarter of 2025, VulnCheck said in a report released…
CISA gets new No. 2: Madhu Gottumukkala
The Cybersecurity and Infrastructure Security Agency will soon have a new second-in-command. Madhu Gottumukkala has been named deputy director. He comes over to CISA from…
AI speeds up analysis work for humans, two federal cyber officials say
Two federal cybersecurity officials said Thursday that they’re using — or contemplating using — artificial intelligence to conduct tasks that speed up the work of…
Weaponized SVG Files Used by Threat Actors to Redirect Users to Malicious Sites
Cybercriminals are increasingly weaponizing Scalable Vector Graphics (SVG) files to orchestrate sophisticated phishing campaigns. According to research from Intezer, a cybersecurity firm that triages millions…
China-backed actors ‘stand out’ in threatening US energy infrastructure, panel hears
China-backed actors “stand out” in threatening America’s energy infrastructure and could disrupt the country’s power networks in the event of a geopolitical crisis, a cybersecurity…
Protecting Your Phone—and Your Privacy—at the US Border
Lauren Goode: I think Katie should go first. She’s the boss. Katie Drummond: So as you all know, because I can’t stop talking about it,…
Hackers Exploit Ivanti Connect Secure 0-Day to Deploy DslogdRAT and Web Shell
Threat actors exploited a zero-day vulnerability in Ivanti Connect Secure, identified as CVE-2025-0282, to deploy malicious tools including a web shell and a sophisticated remote…
Judge tosses citizenship provisions in Trump elections order
A federal court partially blocked a Trump administration executive order Thursday that seeks to impose requirements on states to use the White House’s definition of…
How fraudsters abuse Google Forms to spread scams
The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe. 23 Apr 2025 • , 5…
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights.…