Oracle says “obsolete servers” hacked, denies cloud breach 

Oracle confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as “two obsolete servers.” 

Source: https://www.bleepingcomputer.com/news/security/oracle-says-obsolete-servers-hacked-denies-cloud-breach/
  

Food giant WK Kellogg discloses data breach linked to Clop ransomware 

US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. 

Source: https://www.bleepingcomputer.com/news/security/food-giant-wk-kellogg-discloses-data-breach-linked-to-clop-ransomware/
  

Port of Seattle says ransomware breach impacts 90,000 people 

Port of Seattle, the U.S. government agency overseeing Seattle’s seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. 

Source: https://www.bleepingcomputer.com/news/security/port-of-seattle-says-ransomware-breach-impacts-90-000-people/
  

Europcar GitLab breach exposes data of up to 200,000 customers 

A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 customers. 

Source: https://www.bleepingcomputer.com/news/security/europcar-gitlab-breach-exposes-data-of-up-to-200-000-customers/
  

US Comptroller Cyber ‘Incident’ Compromises Org’s Emails 

The Office of the Comptroller of the Currency (OCC) notified Congress it fell victim to a major information security incident yesterday. 

Source: https://www.darkreading.com/vulnerabilities-threats/occ-major-cyber-incident-executive-employee-emails
 

CentreStack RCE exploited as zero-day to breach file sharing servers 

Hackers exploited a vulnerability in Gladinet CentreStack’s secure file-sharing software as a zero-day since March to breach storage servers 

Source: https://www.bleepingcomputer.com/news/security/centrestack-rce-exploited-as-zero-day-to-breach-file-sharing-servers/
 

Minnesota Tribe Struggles After Ransomware Attack 

The Lower Sioux Indian Community in south central Minnesota alerted the public that an unauthorized actor accessed its systems and disrupted operations for the local healthcare facility, government center, hotel, and casino. 

Source: https://www.darkreading.com/cyberattacks-data-breaches/minnesota-tribe-operations-ransomware-attack
  

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks 

Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) channel. 

Source: https://thehackernews.com/2025/04/cisa-and-fbi-warn-fast-flux-is-powering.html
  

UK Orgs Pull Back Digital Projects With Looming Threat of Cyberwarfare 

Researchers at Armis conducted a study of more than 1,800 global IT decision-makers (ITDMs) — 501 of which are from the UK — and released the findings in the vendor’s 2025 “Cyberwarfare Report.” The researchers found that almost half of the UK organizations that participated in the study experienced some kind of disruption to their digital projects due to the threat of “cyber warfare” attacks. 

Source: https://www.darkreading.com/threat-intelligence/uk-orgs-pull-back-digital-projects-cyberwarfare
  

Critical FortiSwitch flaw lets hackers change admin passwords remotely 

Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. 

Source: https://www.bleepingcomputer.com/news/security/critical-fortiswitch-flaw-lets-hackers-change-admin-passwords-remotely/ 
 

  

Smarttech247