🚨 Malicious NPM Packages Target PayPal and Crypto Wallets
Hackers have infiltrated the NPM ecosystem with packages impersonating legitimate PayPal and crypto libraries, targeting developers and end-users alike. Fortinet and ReversingLabs report attackers used package names like oauth2-paypal and pdf-to-office to deliver credential-stealing and crypto-draining malware. Victims using Atomic Wallet and Exodus were especially at risk, as malicious packages silently rewrote wallet files to reroute funds to attacker-controlled addresses. Even if the packages are removed, compromised apps remain dangerous until fully reinstalled.
🛡 Rapid7 Unveils RCE Chain in Ivanti VPN Flaw Amid China Exploit Fears
Rapid7 has publicly disclosed a remote code execution path in Ivanti Connect Secure (CVE-2025-22457), adding pressure on companies to patch fast. The vulnerability, initially dismissed as low-risk by Ivanti, was later tied to active Chinese APT exploitation, as reported by Mandiant. Rapid7 says it took just four days to escalate the bug from crash to full RCE via crafted HTTP headers. Affected versions include Ivanti Connect Secure ≤ 22.7R2.5.
🇲🇦 Moroccan Social Security Breached, Telegram Leaks Follow
Morocco’s national social security agency confirmed a cyberattack this week, with sensitive citizen data leaked on Telegram. Allegedly tied to escalating Morocco-Algeria tensions, the breach exposed unverified financial records, including data linked to political elites and state entities. The agency downplayed the leak’s accuracy but said investigations are ongoing. Cyber retaliation over political disputes is emerging as a dangerous new norm in North Africa.
🔓 OttoKit WordPress Plugin Bug Puts 100,000+ Sites at Risk
A critical auth bypass flaw (CVE-2025-3102) in the OttoKit WordPress plugin is being actively exploited, Defiant warns. Attackers can create admin accounts on unconfigured installations, giving full site control. The bug stems from a missing empty-value check, and while only non-initialized sites are vulnerable, the scale is huge—OttoKit has over 100,000 active installs. A patch was issued in version 1.0.79.
🔐 SonicWall Fixes Privilege Escalation Flaws in NetExtender VPN
SonicWall has patched three vulnerabilities in its NetExtender VPN client for Windows, including CVE-2025-23008, a high-severity privilege escalation flaw. While no active exploitation has been detected, prior SonicWall bugs have been favored targets. The update affects both 32-bit and 64-bit versions and does not impact Linux clients.
🧪 1.6M Impacted in Lab Data Breach at Laboratory Services Cooperative
LSC has disclosed a breach affecting 1.6 million patients and employees. Sensitive info—ranging from SSNs and insurance data to medical records and billing details—was stolen in the October 2024 attack. Some impacted individuals include Planned Parenthood patients. Credit monitoring is being offered, but LSC has not disclosed the attack vector or threat actor.
🇨🇳 China Quietly Admits Volt Typhoon Attacks on US Infrastructure
In a closed-door meeting last December, Chinese officials reportedly admitted to the Volt Typhoon cyberattacks targeting US critical infrastructure, The Wall Street Journal reports. Though phrased ambiguously, US diplomats interpreted the comments as an acknowledgment of retaliatory action over Taiwan tensions. The campaign involved prolonged access to US power grid systems in 2023.
👨💻 Bryson Bort Talks ICS Security, Startups, and SCYTHE’s Mission
SCYTHE founder Bryson Bort reflects on his entrepreneurial journey, red teaming evolution, and the critical role of ICS security in national resilience. In this interview, Bort underscores how Colonial Pipeline and Oldsmar served as wake-up calls and why he co-founded ICS Village to drive public awareness. “Security is defined by the threat,” Bort notes.
👮 Europol Cracks Down on SmokeLoader Customers, 5 Arrested
Following the 2024 takedown of the SmokeLoader botnet in Operation Endgame, Europol has shifted focus to its customer base. Law enforcement across seven nations is tracking and questioning those who bought access to the botnet-as-a-service platform. Several suspects reportedly resold access to others. Europol warns: "Operation Endgame is far from over."
🔐 Trump Revokes Chris Krebs’ Security Clearance, Targets CISA Record
In an unprecedented move, former President Trump has revoked security clearances for ex-CISA Director Chris Krebs and ordered a sweeping review of Krebs’ tenure. The memo alleges policy misalignment and potential misconduct, including at Krebs’ current role at SentinelOne. Krebs responded by reposting his iconic 2020 tweet: “We did it right.”
🛠 Juniper Networks Patches Dozens of Junos Flaws
Juniper has released a wave of security patches for Junos OS, including 11 high-severity bugs and nearly 50 third-party dependency flaws in Junos Space. One kernel isolation issue (CVE-2025-21590) has reportedly seen malicious exploitation. Admins are urged to patch immediately as multiple SRX, MX, and EX Series devices are affected.
⚠️ Routers Top Forescout’s List of 2025’s Riskiest Devices
According to Forescout’s latest report, routers are now the most vulnerable connected devices in enterprise networks, surpassing even endpoint computers. The firm warns of rising threats across retail, healthcare, and government sectors, especially with IoMT and legacy Windows 10 devices. Attackers are actively targeting open SMB, RDP, and Telnet ports.
🔧 GitHub Launches Security Campaigns to Kill Security Debt
GitHub has made its Security Campaigns feature generally available, streamlining developer-security collaboration to fix vulnerabilities. The feature was shown to boost remediation rates from 10% to 55% in preview testing. Developers are assigned specific alerts and can apply Copilot Autofix suggestions directly in their workflows.
🚗 Nissan Leaf Hack: Remote Spying, Physical Takeover Possible
At Black Hat Asia, researchers showed how eight vulnerabilities in the Nissan Leaf’s infotainment system could enable remote access to car functions—and even track, listen in on, or hijack the vehicle in motion. Nissan acknowledged the issue and pledged improvements but provided few technical details.
💥 Ransomware Disrupts Operations at Sensor Giant Sensata
Sensor maker Sensata Technologies has confirmed a ransomware attack that disrupted shipping, manufacturing, and other business operations. The April 6 attack encrypted key systems and involved confirmed data exfiltration. Sensata is still investigating the breach’s full scope but doesn’t yet expect a material impact this quarter.
🤖 AkiraBot Spams 80,000+ Sites with AI-Generated SEO Messages
SentinelOne has uncovered AkiraBot, an AI-powered spamming framework that has flooded over 80,000 websites using OpenAI-generated content. It targets SMBs across Shopify, Squarespace, and Wix. The messages appear personalized, making them harder to filter. CAPTCHA evasion is handled via Selenium and paid solvers.
🤖 Google Unleashes AI Agents to Rescue Burnt-Out SOCs
Google announced automated AI agents to triage alerts and analyze malware, aiming to reduce analyst burnout in SOCs. The agents, previewing in Q2, are part of Google’s new Unified Security platform and use Gemini models to speed up detection and response. AI for incident response just got real.
🤖 AI Now Outsmarts Humans in Spear Phishing Tests
A multi-year study by Hoxhunt confirms what security professionals feared: AI-generated spear phishing now outperforms human-crafted attacks. In 2023, AI lagged behind red team phishers by 31%, but by March 2025, it was outperforming humans by 24%. The inflection point came as generative AI agents like Hoxhunt’s "JKR" closed the emotional intelligence gap that previously gave human hackers the edge.
The phishing messages use OpenAI APIs to generate emotionally resonant, hyper-personalized content at scale. Combined with automated delivery infrastructure, this makes phishing-as-a-service not just scalable, but devastatingly effective.
"AI agents can create superior spear phishing attacks at scale," warns Hoxhunt CTO Pyry Avist. "Soon, the baseline quality of phishing will rival today's targeted campaigns."