Security Bulletin

Datadog reported $761.6 million in revenue for Q1 2025, a 25% year-over-year increase that beat analyst projections of $741.5 million.

Cybersecurity firm Guardz reported that between March 18 and April 7, 2025, attackers used the outdated BAV2ROPC protocol, which bypasses MFA and modern protections by enabling non-interactive logins through basic credentials.

Travis Howerton, former federal CTO and CEO of Redscale, explained that the update shifts more responsibility to cloud service providers by automating evidence sharing and control reporting, reducing manual oversight and paperwork.

The 2025 Global Threat Landscape Report shows cloud breaches now commonly begin with over-permissioned accounts, credential leaks in public code repositories, and unauthorized logins from unfamiliar geographies.

What was once a manageable trade-off for agility and innovation, such as vendor lock-in or outages, is now overshadowed by broader concerns, including data seizure and unpredictable pricing.

More than 40 security flaws have been patched by Apple as part of the macOS Sequoia 15.5 update, many of which could be exploited to obtain sensitive data access, GBHackers News reports.

Patches have been released by ASUS for a pair of security bugs impacting its DriverHub tool, which could be exploited to facilitate remote code execution, reports The Hacker News.

The Register reports that Microsoft has committed to remediating security issues impacting Microsoft 365 apps on Windows 10 until Oct. 10, 2028, or a little over three years after it ends Windows 10 support.

Six percent of organizations around the world were compromised with the FakeUpdates malware, also known as SocGholish, making it the most prevalent malicious payload in April, Hackread reports.

The threat group's goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more.

The “AI videos” generated from these sites are actually malicious executables that set off the attack chain.

Settlement is the largest individual penalty to date against Google in the state of Texas.