Summary
Well what a month and for some businesses the first quarter has started. There have been a large number of vulnerabilities, threats and attacks that have been seen this month including a continuing Cyber Attack against Marks & Spencer’s (M&S) in the UK.
Cyber News
Oracle Cloud experienced multiple cyber incidents, affecting legacy environments on servers belonging to “Oracle Cloud Classic” and Oracle Health. Up to 6 million records were compromised, and a ransom was demanded.
MITRE’s Common Vulnerabilities and Exposures (CVE) program faced potential shutdown due to funding issues but received an 11-month contract extension from CISA.
Cyber attacks per organization globally increased by 47% compared to Q1 2024, with an average of 1,925 weekly incidents. Ransomware attacks saw a dramatic spike, reaching historic highs in victim counts and incident frequency.
The FBI reported record cybercrime losses of $16.6 billion, driven largely by fraud and investment scams. Russian military personnel were targeted via spyware, and the Netherlands exposed GRU-linked cyberattacks on critical infrastructure.
Known Exploited Vulnerabilities (KEV)
There have been a number of KEV’s added to the CISA.gov site this month and this is a list of the latest 10.
- Commvault | Web Server: CVE-2025-3928 Commvault Web Server Unspecified Vulnerability: Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells. Added: 2025-04-28
- Qualitia | Active! Mail: CVE-2025-42599 Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability: Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a denial-of-service via a specially crafted request. Added: 2025-04-28
- Broadcom | Brocade Fabric OS: CVE-2025-1976 Broadcom Brocade Fabric OS Code Injection Vulnerability: Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges. Added: 2025-04-28
- Apple | Multiple Products: CVE-2025-31200 Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file. Added: 2025-04-17
- Apple | Multiple Products: CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability: Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication. Added: 2025-04-17
- Apple | Multiple Products: CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability: Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication. Added: 2025-04-17
- Microsoft | Windows: CVE-2025-24054 Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability: Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network. Added: 2025-04-17
- SonicWall | SMA100 Appliances: CVE-2021-20035 SonicWall SMA100 Appliances OS Command Injection Vulnerability: SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a ‘nobody’ user, which could potentially lead to code execution. Added: 2025-04-16
- Linux | Kernel: CVE-2024-53197 Linux Kernel Out-of-Bounds Access Vulnerability: Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code. Added: 2025-04-09
- Linux | Kernel: CVE-2024-53150 Linux Kernel Out-of-Bounds Read Vulnerability: Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information. Added: 2025-04-09
Ransomware
There have been 415 organisations identified via ransomware.live this month and this is a list of the latest 10.
| Name | Group Responsible | Country |
| SJERP | Nova | N/A |
| Hpital Glengarry Memorial Hospital (clglen.local) | Incransom | Canada |
| David Mills CPA, LLC | Lynx | USA |
| w8textil | Nightspire | Brazil |
| csspv | Nightspire | Czechia |
| Melco Capital Pte. Ltd. | Nightspire | Singapore |
| Kramer Green Zuckerman Greene and Buchsbaum | Akira | USA |
| rawafid | Nova | Saudi Arabia |
| Tolerance Masters | Akira | USA |
| Élan Sportif Nantes | Nova | France |