San Mateo, CA, April 21, 2025 — Stories, events, and developments that impacted the cybersecurity landscape last week, including emerging threats, policy changes, and industry responses.
Florida pushes law for encrypted chat backdoors
A Florida law that “would require social media companies to provide encryption backdoors for law enforcement officials to access user accounts” is moving forward in the state Senate. Called the Social Media Use by Minors bill, it would require platforms to provide a “mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena.” The bill also mandates that social media companies block children’s accounts from using disappearing messages and give parents access to those accounts. The Electronic Frontier Foundation (EFF) opposes the bill, saying “the idea that Florida can ‘protect’ minors by making them less safe is dangerous and dumb.” According to the EFF, encryption is the “best tool we have to protect our communications online.” Read more.
Apple patches two actively exploited flaws
Apple has released patches for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to fix two security flaws currently under active exploitation. CVE-2025-31200 (CVSS score: 7.5) is a memory corruption vulnerability in the Core Audio framework that could allow code execution via a malicious media file. CVE-2025-31201 (CVSS score: 6.8) is a flaw in the RPAC component that could let attackers bypass Pointer Authentication. Apple stated that these vulnerabilities are being “exploited in an extremely sophisticated attack against specific targeted individuals on iOS,” but did not release further details. These are the fourth and fifth zero-days Apple has patched this year. Read more.
47 Chrome extensions caught spying on users
Forty-seven Chrome extensions with 6 million users have been found to contain code that can monitor browsing, access cookies, and execute remote scripts. These extensions do not appear in the Chrome Web Store or via search engines and must be installed via direct URL. John Tucker, a Secure Annex researcher, discovered 35 of them while investigating an extension called “Fire Shield Extension Protection,” which includes “callbacks to an API for sending information collected from the browser.” A shared domain within the extension was also found in other similarly suspicious tools. Read more.
Android phones to auto-reboot after 3 days
Phones running Google’s Android OS will now reboot automatically if they remain locked for three consecutive days. This mirrors a security feature Apple introduced last year and aims to improve protection for lost or stolen devices. “The thinking behind adding an automatic reboot after a certain period of inactivity is to make life more difficult for someone who is trying to unlock or extract data from a phone; for example, law enforcement using a forensic analysis device like those made by Cellebrite or Magnet Forensics.” Google has not disclosed what prompted the change. Read more.
North Korean hackers bait crypto devs with fake jobs
Slow Pisces, a North Korean hacking group, is targeting cryptocurrency project developers with “malicious coding challenges.” Unit 42, Palo Alto Networks’ research arm, reports that attackers first pose as recruiters on LinkedIn, offering fake job opportunities. If a target replies, they receive coding tasks that include a “real project” linking to a GitHub repository. After vetting their victim, the attackers send info-stealing malware. The group’s strategic grooming techniques allow for more precise attacks than traditional phishing. Read more.
Infamous 4chan forum hacked, backend leaked
4chan, the anonymous message board infamous for hosting “some of the most vile content imaginable,” has been hacked. The site has been intermittently inaccessible, and the attacker has released alleged images of its back end, source code, and moderation tools. These materials would typically be restricted to site administrators. 4chan, often linked to far-right movements like QAnon, has not yet issued a public response. Read more.
Bot traffic now outpaces human activity online
Research from French defense contractor Thales shows that bots now account for 51% of all internet traffic. The surge is driven by malicious activity and AI models enabling threat actors to scale up bot creation. ByteSpider, a crawler from TikTok parent ByteDance, accounted for 54% of AI-enabled attacks last year, followed by AppleBot (26%), ClaudeBot (13%), and ChatGPT User Bot (6%). “Bad bots can be used in everything from DDoS attacks to custom rules exploitation and API violations.” Thales also reports that 44% of advanced bot activity last year targeted APIs. Read more.
Hertz breach exposes sensitive customer data
Car rental giant Hertz has confirmed a data breach that exposed customers’ personal information. The breach occurred between October and December 2024 and affected Hertz, Dollar, and Thrifty brands. Stolen data includes “customer names, dates of birth, contact information, driver’s licenses, payment card information, workers’ compensation claims” and Social Security numbers. While the company has not disclosed how many customers were affected, a spokesperson said it would be “inaccurate to say millions.” The breach was linked to Cleo, a software vendor previously compromised by the Clop ransomware group. Read more.
U.S. moves to block foreign data buys
The Department of Justice has announced a new initiative to prevent foreign adversaries from acquiring sensitive data on U.S. citizens. Part of a 2024 executive order, the Data Security Program creates “export controls” to stop the transfer of bulk biometric, genomic, geolocation, health, and financial data to adversarial governments. Deputy Attorney General Todd Blanche said: “If you’re a foreign adversary, why would you go through the trouble of complicated cyber intrusions and theft… when you can just buy it on the open market?” The DOJ named China, Cuba, Iran, North Korea, Russia, and Venezuela as “countries of concern.” Read more.
Crosswalks hacked to impersonate tech billionaires
Audio-enabled crosswalk buttons in Silicon Valley have been hacked to play AI-generated voice clips mimicking Elon Musk and Mark Zuckerberg. The clips are satirical and touch on personal and political themes. One Zuckerberg impersonation says Meta is embedding AI “into every facet of your conscious experience… because there’s absolutely nothing you can do about it.” The hacks are suspected to be the work of activists, exploiting crosswalks left vulnerable by unchanged default settings. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles sponsored by NetworkTigers
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.
