Post

Security Affairs Newsletter Round 519: Comprehensive Global Cybersecurity Updates

Posted
By Tom Grant
3 min read
Security Affairs Newsletter Round 519: Comprehensive Global Cybersecurity Updates

Security Affairs Newsletter – Round 519

13 April 2025 • Author: Tom

TL;DR

Round 519 recaps the week’s most important cyber‑security events: fresh WordPress‑plugin exploits, large‑scale data breaches, new malware campaigns, and the steady drumbeat of critical vulnerabilities added to CISA’s exploited‑in‑the‑wild list. Staying patched and watching threat‑intel feeds remains essential.

What’s inside this edition

Section Highlights
Top headlines Fortinet symbolic‑link bypass, OttoKit WordPress flaw exploited in the wild, 1.6 M‑record breach at Laboratory Services Co‑op, brute‑force surge on Palo Alto GlobalProtect, Gamaredon targets a Western mission in Ukraine, Linux‑kernel bugs land in CISA KEV catalogue
Cyber‑crime EncryptHub deanonymised after OPSEC slipups
PoisonSeed spam operation abuses stolen CRM creds
• Scattered Spider member pleads guilty
• Everest ransomware leak site defaced
• WK Kellogg breach linked to Cl0p
Malware Lazarus poisons NPM packages; BadBazaar surveillanceware hits Tibetans & Uyghurs; miners + ClipBanker spread via SourceForge; new AI‑powered spam bot AkiraBot defeats CAPTCHAs
Hacking / Vulns NSA–CISA joint advisory on “Fast Flux”; SureTriggers plugin 0‑day exploited in 4 h; CLFS driver 0‑day leads to ransomware; rapid rise in Palo Alto scanner traffic
Info‑war & intel UAC‑0226 espionage against government targets; NSO spyware victim locations revealed; Volt Typhoon attribution update
Policy & industry Turing Institute: UK unprepared for AI‑enabled crime; EU mulls tech retaliation against U.S. tariffs; U.S. Executive Order controversy over ex‑CISA chief; $23 M ransomware hit on IKEA operator

Weekly snapshot

5 most‑read Security Affairs stories

  1. FortiGate patch bypass via symbolic links – attackers chain a path‑traversal bug to undo recent fixes.
  2. OttoKit WordPress plugin under active exploitation – unauthenticated option‑update flaw gives attackers site control.
  3. 1.6 million records exposed at Laboratory Services Cooperative – sensitive patient data leaked.
  4. Palo Alto GlobalProtect brute‑force wave – precursor scanning may signal imminent exploitation of PAN‑OS gateways.
  5. Gamaredon targets Western military mission in Ukraine – phishing and document droppers seen in the wild.

(Full headline list appears at the end of this newsletter.)

Why it matters

  • Patching race – Five separate Fortinet and Palo Alto items in one week show how quickly perimeter gear becomes a target.
  • Supply‑chain surface – Ottokit, SureTriggers and NPM packages remind us that third‑party components remain attackers’ easiest door in.
  • Data‑breach fatigue – Healthcare, telecoms and cloud providers all suffered multi‑million‑record leaks, underlining the need for zero‑trust segmentation and fast incident response.

Stay ahead of the curve

  1. Audit your WordPress stack – remove unused plugins, enforce least‑privilege API keys, and enable Web Application Firewall (WAF) rules for XML‑RPC and REST requests.
  2. Harden edge appliances – restrict management interfaces to VPN/IP‑allow‑lists and watch vendor advisories for Fortinet, Palo Alto and Ivanti devices.
  3. Monitor attack surface – subscribe to KEV feeds and automate critical‑patch roll‑outs; test backups against CLFS‑style ransomware.
  4. Educate users – highlight phishing lures used by Gamaredon and PoisonSeed; use tabletop exercises that reflect current TTPs.

References

  1. The Register – “Alan Turing Institute: UK can’t handle a fight against AI‑enabled crims” (04 Apr 2025)
  2. Fortune – “EU answer to Trump may involve data use by Big Tech” (05 Apr 2025)
  3. BleepingComputer – “Google fixes Android zero‑days exploited in attacks” (2025)
  4. SecurityWeek – “WhatsApp Vulnerability Could Facilitate RCE” (2025)
  5. USA Today – “Trump orders probe of former cybersecurity chief” (09 Apr 2025)
  6. Reuters – “Cybersecurity industry falls silent as Trump targets SentinelOne” (10 Apr 2025)
  7. EFF – “Community must not remain silent on executive order attacking former CISA director” (Apr 2025)
  8. BleepingComputer – “Ransomware attack cost IKEA operator $23 million” (2025)
  9. The Register – “Ex‑Meta exec tells Senate Zuck dangled US data to enter China” (11 Apr 2025)

Keep reading

For full stories, analysis, and past issues, visit SecurityAffairs.co or follow Pierluigi Paganini on Twitter, Mastodon, and LinkedIn.

Stay safe, patch early, patch often.

Cybersecurity & Data Protection, Cybersecurity
cybersecurity threat intelligence newsletter
This post is licensed under CC BY 4.0 by the author.