This Month in Security: April 2025

This Month in Security: April 2025

Cyber Security at the Ministry of Defence” by Defence Imagery is licensed under CC BY-NC 2.0

Keeping up with cybersecurity can sometimes feel like a full-time job, but we have broken down the latest updates and emerging threats for April into bite-sized pieces; full details can be found in the linked publicly available news articles. This month, we have already seen critical zero-day patches, significant ransomware incidents, and heightened concerns around global cyber tensions.

Global Tensions Fuel Cyber Activity

Geopolitical tensions continue to rise about potential cyberattacks that could target critical infrastructure, as seen in previous incidents that involved Russian-linked hackers targeting US water plants. Experts warn of a growing digital arms race, stressing the need for defenses against espionage, disruption, and deterrent attacks from nation-state actors (AP News).

Patch Tuesday and Zero-Day Exploits

  • Microsoft’s April Patch Tuesday addressed 134 vulnerabilities, including a critical zero-day (CVE-2025-29824) in the Windows Common Log File System Driver that was exploited by ransomware gangs (Acronis).
  • Apple patched two actively exploitable zero-day vulnerabilities (CVE-2025-31200 & CVE-2025-31201) affecting iOS, macOS, and other systems (HackerNews, NetworkTiger).
  • A WordPress plugin, OttoKit, was patched after a critical CVE (CVE-2025-3102) was discovered that allowed an unauthenticated user to create an administrative account, potentially leading to full server takeover (HackerNews).
  • Adobe released a number of patches, including 15 CVEs affecting ColdFusion that were rated as a “Priority 1” per Adobe. These vulnerabilities included arbitrary file system reading, arbitrary code execution, and security feature bypasses (Adobe, Ivanti).

Notable Threats and Incidents

  • Ransomware: The HellCat group targeted groups across the US and Europe by exploiting stolen Jira credentials (HackRead). NASCAR was also targeted by the Medusa ransomware gang, which demanded $4 million with the threat of releasing internal data (Adaptive, HackRead).
  • Data Breaches: Hertz confirmed it was affected by a data breach late last year that included the leak of Social Security numbers, government ID numbers, and more (SecurityWeekly, GlobalNewsWire). A Planned Parenthood lab provider, Laboratory Service Cooperative, had 1.6 million individuals’ data and PHI exposed in a recent breach (HIPAAJournal, BleepingComputer).
  • Spyware and Phishing: 57-58 Google Chrome extensions were found to be spying on 6 million users (BleepingComputer, CyberNews). Tycoon2FA, a malicious phishing-as-a-service platform, has evolved to stealthily bypass Microsoft 365 and Gmail multifactor authentication (MFA) (BleepingComputer).

Policy and Framework Updates

  • CVE Program Funding Secured: To prevent a disruption in critical vulnerability tracing, CISA executed an 11-month funding extension for MITRE. While a longer-term solution is still needed, this ensures the continued operation of the CVE program (BleepingComputer).
  • NIST Privacy Framework Update: NIST released a draft update (version 1.1) to its Privacy Framework and is soliciting feedback on the draft until June 13, 2025. This update aims for a better alignment with the recently revised Cybersecurity Framework (CSF 2.0) and includes new considerations for AI privacy risks (NIST News).
  • Data Purchase Restrictions: The US Department of Justice moved to block foreign adversaries from purchasing Americans’ sensitive data on the open market. This is aimed at closing a loophole that bypasses traditional espionage efforts (InfoSecurity, NetworkTiger).

Key Takeaways

  • Patch Promptly: Apply security updates for operating systems and applications as soon as possible. Ensuring that critical CVEs and actively exploitable vulnerabilities are prioritized.
  • Be Vigilant and Aware: Be on the lookout for phishing attempts, like fake job offers and any login that bypasses MFA. Always verify communication (Slack, MS Teams, Email, etc.) sender identities and be wary of suspicious links or attachments. Never click on a link or attachment you are unsure of. Report any suspicions to your IT department or service provider.
  • Review Access: Ensure proper access controls and credential management procedures are in place. Remove extra or unused access promptly. Apply proper and automated key rotation where applicable.
  • Monitor Supply Chains: Stay aware of risks associated with third-party software and dependencies. Ensure automatic patching or updates are enabled.
  • Reach Out: When needed, reach out to a trusted provider to review your security posture, like Cloud Security Partners.