News – April 2025

April 28, 2025

M&S has shut remote-working employees out of some of its IT systems as it struggles to recover from the fallout of a cyberattack last week. The high street giant closed some of the programmes that staff use to log into the internal IT systems when working outside of the office, The Times reported. Cybersecurity experts said ...

April 28, 2025

A major power outage hit Spain and Portugal on Monday, including their capitals, knocking out subway networks, phone lines, traffic lights and ATM machines. It is rare to have such a widespread outage there. Spanish generator Red Eléctrica said it affected the Iberian peninsula and the incident is being assessed. The countries have a combined population ...

April 24, 2025

Commvault has released a security advisory to address a critical vulnerability in its Command Center Platform. Command Center is Commvault’s all-in-one solution for managing Commvault services within a corporate environment. CVE-2025-34028 is a path traversal vulnerability with a CVSSv3 base score of 10.0, and if exploited could allow an unauthenticated attacker to upload ZIP files. The ...

April 24, 2025

Got an Android phone? Got a tap-to-pay card? Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. A newly discovered malicious program effectively turns Android phones into malicious tap machines that ...

April 24, 2025

Health insurance firm Blue Shield has revealed a data breach has exposed protected health data of over 4.7 million members. The information was leaked to Google’s analytics and advertisement platforms following a misconfiguration of Google analytics on Blue Shield sites. “On February 11, 2025, Blue Shield discovered that, between April 2021 and January 2024, Google Analytics ...

April 23, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and the Idaho National Laboratory (INL) hosted Louisiana State University (LSU) and several energy industry and critical infrastructure partners to train against simulated, high-impact cyberattacks on operational technology (OT) and traditional information technology (IT) at CISA’s Control Environment ...

April 23, 2025

The European Commission issued the first fines under its Digital Markets Act on Wednesday, slapping tech giants Apple and Meta with penalties for breaching the EU’s new digital rulebook. Apple faces a €500 million fine for breaching the regulation’s rules for app stores, while Meta drew a penalty of €200 million for its “pay or consent” ...

April 22, 2025

M&S has revealed it has been battling what it has described as a “cyber incident” over the past few days. The FTSE 100 giant said that it’s made some “minor, temporary changes to our store operations to protect customers and the business” and “we are sorry for any inconvenience experienced.” M&S confirmed that it is working ...

April 22, 2025

Erlang has released updates to its OTP package to address a critical vulnerability in its Secure Shell (SSH) server. Erlang is an open-source programming language. OTP (Open Telecom Platform) is a set of Erlang libraries and middle-ware that can be used to develop applications. CVE-2025-32433 is a critical vulnerability with a CVSSv3 score of 10.0. If ...

April 21, 2025

During trend Micro researchers monitoring of the ransomware threat landscape, they discovered samples with infection chain characteristics and payloads that can be attributed to FOG ransomware. A total of nine samples were uploaded to VirusTotal between March 27 and April 2, which the researchers recently discovered were multiple ransomware binaries with .flocked extension and readme.txt notes. ...