EmbedEdit
Government CVE funding set to end today
MITRE confirmed to Reuters that its contract to fund the Common Vulnerabilities and Exposures, the familiar CVE database, expires on April 16, today. CISA confirmed the status of the contract, saying “we are urgently working to mitigate impact and to maintain CVE services on which global stakeholders rely.” Reuters did not receive comment from CISA or MITRE as to why the contract lapsed.
Update: Funding is back
This morning, Bleeping Computer published that it was informed by CISA that “Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.”
4chan, the internet’s most infamous forum, is down following an alleged hack
4chan was down Tuesday after an apparent hack, with attackers gaining server access, leaking the site’s source code, and doxing moderators and registered users. Many of the leaked emails included .edu and .gov addresses, raising concerns about user privacy. The breach has exposed what some say are long-standing security flaws.
(Engadget)
China accuses US of launching ‘advanced’ cyberattacks, names alleged NSA agents
China has accused three alleged U.S. NSA operatives of launching cyberattacks on infrastructure during the Asian Games in Harbin this February. The alleged targets included Games-related systems, critical services in Heilongjiang province, and tech giant Huawei. China claims the attacks caused serious harm and continues to demand the U.S. stop such operations.
(Reuters)
Midnight Blizzard deploys new GrapeLoader malware in embassy phishing
Russian state-backed hacking group Midnight Blizzard (APT29/Cozy Bear) is behind a new phishing campaign targeting European embassies using a stealthy malware loader named GrapeLoader. Disguised as an invite to a wine-tasting event, the attack uses malicious ZIP files that execute the malware via DLL sideloading. GrapeLoader performs reconnaissance and installs WineLoader, a modular backdoor that collects system info and helps with further espionage. The malware is heavily obfuscated and runs entirely in memory, making it hard to detect and analyze.
Huge thanks to our sponsor, Vanta
We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta.
Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI.
Now that’s…a new way to GRC. Get started at Vanta.com/headlines.
Hertz confirms customer info, drivers’ licenses stolen in data breach
Hertz has confirmed a data breach affecting customers of its Hertz, Thrifty, and Dollar brands, stemming from zero-day vulnerabilities in Cleo’s file transfer platform exploited by the Clop ransomware gang. Stolen data may include names, contact details, driver’s license and credit card information, and, in some cases, Social Security and government IDs. Though no misuse has been reported yet, leaked data has appeared on Clop’s extortion site, and Hertz is offering affected individuals two years of free identity monitoring.
Major banks limit information sharing following breach of Treasury Department’s OCC
Following a major cyber breach of the Treasury Department’s Office of the Comptroller of the Currency (OCC) email system, several major U.S. banks are limiting information sharing with the agency. JPMorgan Chase and Bank of New York Mellon have halted electronic information exchanges with the OCC, due to concerns about potential security risks to their own networks.
Chinese espionage group leans on open-source tools to mask intrusions
In a new campaign observed by researchers at Sysdig, Chinese espionage group UNC5174 has been using open-source tools like VShell and WebSockets to mask its presence in recent campaigns. Researchers note the group’s use of these tools to communicate with command-and-control infrastructure and perform post-exploitation tasks, which point to a shift away from custom-built malware. This marks a new approach for UNC5174, which has historically relied on bespoke malware for attacks targeting Western governments, technology companies, and research institutions.
Bot traffic overtakes human activity as threat Actors turn to AI
Automated bot traffic now makes up 51% of web activity, surpassing human traffic for the first time in a decade. This is according to Thales’ 2025 Imperva Bad Bot Report which includes a surge in malicious bot traffic, driven by AI and large language models (LLMs), with ByteSpider Bot leading AI-powered attacks. Sectors like travel and retail saw high levels of bad bot activity, with API attacks being the most common, targeting industries like financial services and healthcare.
23andMe bankruptcy draws investigation from House panel over data concerns
The US House Oversight Committee is investigating the privacy risks surrounding 23andMe’s bankruptcy, particularly concerns about the potential transfer of customers’ sensitive genetic data to various entities, including the Chinese government. The investigation follows a 2023 data breach affecting 6 million customers and raises alarms about the potential misuse of genetic data for purposes like higher insurance premiums, and targeted advertising. Former CEO Anne Wojcicki has been asked to testify at a hearing in May.