Report Incident

WEEKLY NEWSLETTER 08-April-2025

  • Articles
  • WEEKLY NEWSLETTER 08-April-2025
WEEKLY NEWSLETTER 08-April-2025

Ls ComCSIRT

LATEST CYBER NEWS

Microsoft adds hotpatching support to Windows 11 Enterprise

Microsoft has announced that hotpatch updates are now available for business customers using Windows 11 Enterprise 24H2 on x64 (AMD/Intel) systems, starting today.

Max severity RCE flaw discovered in widely used Apache Parquet

A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0.

WinRAR flaw bypasses Windows Mark of the Web security alerts

A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine.

VULNERABILITIES

Carding tool abusing WooCommerce API downloaded 34K times on PyPI

A newly discovered malicious PyPi package named ‘disgrasya’ that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform.

Disclosure Drama Clouds CrushFTP Vulnerability Exploitation er attack.

CrushFTP CEO Ben Spink slammed several cybersecurity companies for creating confusion around a critical authentication bypass flaw that’s currently und

MALWARES

Counterfeit Android devices found preloaded with Triada malware

A new version of the Triada trojan has been discovered preinstalled on thousands of new Android devices, allowing threat actors to steal data as soon as they are set up.

Gootloader Malware Resurfaces in Google Ads for Legal Docs

Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising.

GENERAL NEWS

Secure Communications Evolve Beyond End-to-End Encryption

Signal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private

Google Quick Share Bug Bypasses Allow Zero-Click File Transfer

Google addresses patch bypasses for CVE-2024-38272 and CVE-2024-38271, part of the previously announced “QuickShell” silent RCE attack chain against Windows users.

How an Interdiction Mindset Can Help Win War on Cyberattacks

The US military and law enforcement learned to outthink insurgents. It’s time for cybersecurity to learn to outsmart and outmaneuver threat actors with the same framework.

Social Engineering Just Got Smarter

Google Brings End-to-End Encryption to Gmail

 Ls ComCSIRT
Lesotho Communications Authority
30 Princess Margaret Road, Old Europa, Maseru 100, Lesotho
 +266 2221 3820
Disclaimer: This information was gathered from multi-trusted feeds and it is not created

 by Ls ComCSIRT

© 2025 Ls ComCSIRT | Developed by: Zeecom Technologies.