Ethical Hacking News
Recent updates in the cybersecurity space include critical patches for Apple devices, newly discovered vulnerabilities in solar power systems, a ransomware decryptor tool, GitHub's supply chain attack, and a new AI security report. Stay ahead of emerging threats with the latest information from THN Weekly Recap.
Apple released critical fixes for three recently disclosed vulnerabilities in iOS, macOS, iPadOS, and Safari. Researchers uncovered 46 severe flaws in solar power systems from prominent manufacturers. A new BlackLock ransomware strain was exposed, with a decryptor tool created to unlock encrypted files. A GitHub supply chain attack highlighted the importance of software package managers in protecting users against malicious libraries and dependencies. A new report by ThreatLabz discussed AI security trends, risks, and strategies, emphasizing the need for robust AI-powered security solutions. Apple released a guide on planning a secure cloud migration strategy to address growing concerns about data protection and privacy. SANS announced an upcoming webinar on cybersecurity risk management, providing actionable advice and real-world examples to mitigate risks effectively.
In a week marked by numerous cybersecurity updates, vulnerabilities, and exploits, it seems that no device is safe from potential threats. From Apple's latest patches for older iOS and macOS devices to new vulnerability disclosures in popular software packages, this week has been a stark reminder of the ever-evolving threat landscape.
One of the most notable updates came from Apple, which released critical fixes for three recently disclosed vulnerabilities (CVE-2025-24085, CVE-2025-24200, and CVE-2025-24201). These patches address use-after-free bugs in Core Media, authorization issues with Accessibility, and out-of-bounds write issues in WebKit, respectively. While none of these vulnerabilities have come under active exploitation at the time of writing, experts stress that users should update their devices to the latest versions as a precautionary measure.
The recent updates were made available for various iOS and macOS operating systems, including iOS 15.8.4 and iPadOS 15.8.4 for older models like the iPhone 6s and iPod touch (7th generation), and iOS 16.7.11 and iPadOS 16.7.11 for newer devices such as the iPhone 8 and iPad Pro 12.9-inch 1st generation. In addition to these, Apple also released patches for macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, and Safari 18.4.
Moreover, researchers have uncovered a staggering number of critical flaws in solar power systems from several prominent manufacturers (Sungrow, Growatt, and SMA). These vulnerabilities were discovered through an exhaustive analysis that revealed 46 severe issues, many of which could be exploited remotely without authentication. The discovery highlights the importance of prioritizing cybersecurity for industrial control systems, particularly those involved in critical infrastructure such as energy production.
Another significant development came from researchers who exposed a new BlackLock ransomware strain. After discovering a leaked exploit site vulnerability, they were able to create a decryptor tool that can unlock encrypted files belonging to this specific ransomware variant. This breakthrough showcases the importance of collaboration and knowledge-sharing among cybersecurity professionals in combating increasingly sophisticated threats.
On the topic of software packages, researchers from THN Weekly Recap have reported on GitHub's recent supply chain attack. This incident highlights the critical role of software package managers in protecting users against malicious third-party libraries and dependencies that can be injected into code bases. Such vulnerabilities demonstrate the need for vigilance and proactive measures to prevent such incidents.
The week also saw the release of a new report by ThreatLabz, titled "2025 AI Security Report." This document delves into the latest trends, risks, and security strategies related to artificial intelligence, emphasizing the importance of implementing robust AI-powered security solutions. The report serves as a valuable resource for cybersecurity professionals aiming to stay ahead of emerging threats.
Furthermore, Apple has emphasized the importance of cloud migration with security and compliance in mind. In response to growing concerns about data protection and privacy, Apple released a guide that offers insights into planning a secure cloud migration strategy. This move underscores the company's commitment to helping users navigate the complexities of cloud computing while maintaining essential safeguards.
Lastly, researchers from SANS have announced their upcoming webinar on March 26, "Cybersecurity Risk Management," where they will discuss strategies for managing and mitigating cybersecurity risks effectively. The presentation aims to equip participants with actionable advice and real-world examples to help them excel in this critical aspect of information security.
As we navigate the ever-changing landscape of cyber threats, it is crucial to stay informed about the latest developments and best practices. From software updates and vulnerability disclosures to emerging trends and strategies, THN Weekly Recap provides readers with a comprehensive overview of the most significant cybersecurity news from around the world.
Related Information:
https://www.ethicalhackingnews.com/articles/Around-the-Web-Cybersecurity-Updates-and-Vulnerabilities-Abound-ehn.shtml
https://thehackernews.com/2025/04/apple-backports-critical-fixes-for-3.html
https://galileosg.com/2025/04/01/apple-backports-critical-fixes-for-3-live-exploits-impacting-ios-and-macos-legacy-devices/
https://nvd.nist.gov/vuln/detail/CVE-2025-24085
https://www.cvedetails.com/cve/CVE-2025-24085/
https://nvd.nist.gov/vuln/detail/CVE-2025-24200
https://www.cvedetails.com/cve/CVE-2025-24200/
https://nvd.nist.gov/vuln/detail/CVE-2025-24201
https://www.cvedetails.com/cve/CVE-2025-24201/
Published: Tue Apr 1 07:27:01 2025 by llama3.2 3B Q4_K_M
