Infosec-bits-for-2025-week-17

Zoya Vilakazi | April 25, 2025, 12:27 p.m.

Cyber Security News:

New Gorilla Android Malware Intercept SMS Messages to Steal OTPs [Tushar Subhra Dutta, Cyber Security News]

Financial gain still drives majority of cyber threat activity [David Jones, Cybersecurity Dive]

Most CEOs Agree: Business Growth Hinges on Cybersecurity [Aminu Abdullahi, eSecurity Planet]

Vulnerabilities & Patches:

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now [Lawrence Abrams, Bleeping Computer]

Apple patches security vulnerabilities in iOS and iPadOS. Update now! [Pieter Arntz, Malwarebytes Labs]

ASUS releases fix for AMI bug that lets hackers brick servers [Bill Toulas, Bleeping Computer]

SonicWall SSLVPN Vulnerability Let Remote Attackers Crash Firewall Appliances [Kaaviya, Cyber Security News]

Hackers Can Now Exploit AI Models via PyTorch – Critical Bug Found [Ashish Khaitan, The Cyber Express]

TP-Link Router Vulnerabilities Allow Attackers to Execute Malicious SQL Commands [Divya, GB Hackers]

Breaches & Leaks:

Marks & Spencer confirms a cyberattack as customers face delayed orders [Lawrence Abrams, Bleeping Computer]

Dutch payment processor Adyen hit by cyber attack [The Brussels Times with Belga, The Brussels Times]

SK Telecom investigates data breach after cyberattack [DW Team, digwatch]

MTN Group confirms cybersecurity breach affecting customer data [IOL Reporter, IOL]

Other:

159 CVEs Exploited in The Wild in Q1 2025, 8.3% of Vulnerabilities Exploited Within 1-Day [Tushar Subhra Dutta, Cyber Security News]