HopeNet Cyber Recap – 04.21.2025 – HopeNet CISO Services

This week’s cybersecurity landscape underscores the persistent threats targeting both individuals and organizations. From sophisticated phishing campaigns and critical infrastructure attacks to zero-day vulnerabilities, the need for vigilance and proactive defense measures has never been more apparent. Stay informed and prepared with the latest developments below.

Troy Hunt’s Mailchimp Account Compromised in Phishing Attack

Security expert Troy Hunt disclosed that his Mailchimp account was compromised through a phishing attack, leading to the unauthorized export of his mailing list. This incident highlights the ongoing risks associated with phishing and the importance of securing email marketing platforms.
Read more on Troy Hunt’s blog

Understanding the Distinction Between Data Privacy and Data Security

While often used interchangeably, data privacy and data security serve different purposes. Data privacy focuses on the proper handling of personal information, ensuring compliance with regulations like GDPR and CCPA. In contrast, data security involves protecting data from unauthorized access and breaches. Recognizing this distinction is crucial for comprehensive data protection strategies.
Read more on Dark Reading

DaVita Suffers Ransomware Attack Disrupting Operations

Kidney dialysis provider DaVita reported a ransomware attack that disrupted certain operations. The company has initiated containment measures and is working with cybersecurity experts to assess and remediate the incident. Law enforcement has been notified, and efforts are underway to restore affected systems.
Read more on SecurityWeek

Surge in Cyber Threats Targeting the Energy Sector

The energy sector is experiencing a significant increase in cyberattacks, with threats ranging from ransomware to sophisticated espionage. The sector’s critical role and the integration of digital technologies make it a prime target for malicious actors. Enhanced cybersecurity measures and industry collaboration are essential to mitigate these risks.
Read more on Help Net Security

AI-Induced ‘Package Hallucination’ Poses New Supply Chain Risks

Large Language Models (LLMs) may inadvertently suggest non-existent code packages, leading developers to install malicious software—a phenomenon termed “slopsquatting.” This emerging threat underscores the need for caution when integrating AI-generated code into development workflows.
Read more on Help Net Security

Malicious Chrome Extensions Found Tracking Millions of Users

A network of 58 Chrome extensions, installed by over 6 million users, was discovered to contain secret tracking code. These extensions, some of which were available on the Chrome Web Store, highlight the importance of scrutinizing browser add-ons for potential privacy violations.
Read more on CyberNews

Fake PDFCandy Websites Distribute Malware

Cybercriminals are creating counterfeit PDFCandy websites to distribute the ArechClient2 information stealer malware. Users seeking PDF conversion tools should exercise caution and verify the authenticity of websites to avoid such threats.
Read more on HackRead

Fortinet Zero-Day Vulnerability Allows Arbitrary Code Execution

A zero-day vulnerability in Fortinet’s FortiGate firewalls has been identified, allowing unauthenticated attackers to execute arbitrary code remotely. Organizations using affected products should apply available patches promptly to mitigate potential exploitation.
Read more on Dark Reading

OttoKit WordPress Plugin Exploited in Active Attacks

A vulnerability in the OttoKit WordPress plugin is being actively exploited, enabling attackers to execute arbitrary code on affected websites. Website administrators are advised to update the plugin to the latest version to secure their sites.
Read more on SecurityWeek

Apple Releases Patches for Two Exploited iPhone Zero-Days

Apple has issued emergency updates to address two zero-day vulnerabilities in CoreAudio and RPAC, which were exploited in targeted attacks against iPhones. Users are strongly encouraged to update their devices to the latest iOS version to protect against these threats.
Read more on BleepingComputer

HopeNet reviews a variety of security news sources so you do not have to! This list is curated specifically for churches, nonprofits, and other Organizations of Hope. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.

If this was shared with you and you would like to receive a copy directly to your email, please sign up for this FREE newsletter at HopeNetCISO.com. Also, check out the Services section of our site for ways we can help! Thanks for reading!