{"id":4515,"date":"2025-04-14T09:24:19","date_gmt":"2025-04-14T08:24:19","guid":{"rendered":"https:\/\/www.d2na.com\/?p=4515"},"modified":"2025-04-14T10:06:00","modified_gmt":"2025-04-14T09:06:00","slug":"weekly-security-news-14th-april-2025","status":"publish","type":"post","link":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/","title":{"rendered":"Weekly Security News – 14th April 2025"},"content":{"rendered":"<\/span> 6<\/span> mins read<\/span><\/span>\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Microsoft and Fortinet release critical patches, Oracle faces mounting criticism and articles on the latest in AI...<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.\u00a0<\/p>\n

<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Vulnerabilities and Patches<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Microsoft Patches 125 Windows Vulnerabilities, including Exploited CLFS Zero-Day<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The CLFS zero-day, tagged as CVE-2025-29824, allows a local attacker to gain SYSTEM privileges by exploiting a use-after-free bug, Redmond\u2019s security response team warned.<\/p>

The issue carries a CVSS severity score of 7.8\/10 and requires only low-level privileges with no user interaction.\u00a0<\/p>

Microsoft credited its internal threat intelligence team with discovering the issue, suggesting it was being exploited by professional hacking teams.\u00a0The software maker said a patch for Windows 10 is not yet available and will be shipped at a later date.<\/p>

In\u00a0separate documentation, Microsoft blamed a ransomware group for the attacks and said targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia.\u00a0<\/p>

\u201cIn addition to discovering the vulnerability, Microsoft also found that the exploit has been deployed by PipeMagic malware. Microsoft is attributing the exploitation activity to Storm-2460, which also used PipeMagic to deploy ransomware,\u201d the company said.<\/p>

Over the last few years, there have been at least 26 documented vulnerabilities in the Windows CLFS subsystem used for data and event logging and Microsoft has responded with a major new security mitigation to block these attacks.<\/p>

The company\u2019s plans include the addition of\u00a0Hash-based Message Authentication Codes\u00a0(HMAC) to detect unauthorized modifications to CLFS log files and cover one of the most\u00a0attractive attack surfaces\u00a0for APTs and ransomware attacks.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

WhatsApp Vulnerability Could Facilitate Remote Code Execution<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

According to a brief\u00a0advisory\u00a0published by Meta, the vulnerability is tracked as CVE-2025-30401 and it has been patched with the release of WhatsApp for Windows version 2.2450.6. All prior versions are impacted.<\/p>

An attacker could exploit the vulnerability by sending the targeted user a specially crafted file whose MIME type is altered to make it appear as a harmless file.\u00a0<\/p>

The user would believe that they are opening an image or document file when in reality they would be running an executable or other type of file that triggers the execution of malicious code.\u00a0<\/p>

\u201cA maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,\u201d Meta explained.\u00a0<\/p>

Attacks involving\u00a0MIME type manipulation\u00a0have been known for years, but Meta has not mentioned anything about CVE-2025-30401 being exploited in the wild.<\/p>

However, WhatsApp is a valuable target for threat actors and vulnerabilities affecting the messaging application are known to be exploited in attacks.\u00a0<\/p>

For instance, a\u00a0WhatsApp zero-day was exploited\u00a0last year in attacks involving spyware developed by Israeli company Paragon Solutions.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Fortinet Patches Critical FortiSwitch Vulnerability<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Tracked as CVE-2024-48887 (CVSS score of 9.3), the FortiSwitch issue could allow an attacker to modify administrative passwords, the company warns.<\/p>

\u201cAn unverified password change vulnerability in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request,\u201d reads Fortinet\u2019s\u00a0advisory.<\/p>

Disabling HTTP\/HTTPS access from administrative interfaces and limiting the hosts that can connect to the system should mitigate the flaw, the company says.<\/p>

The bug impacts FortiSwitch versions 6.4 to 7.6 and was addressed with the release of FortiSwitch versions 6.4.15, 7.0.11, 7.2.9, 7.4.5, and 7.6.1.<\/p>

Patches were also released for CVE-2024-26013 and CVE-2024-50565, two high-severity vulnerabilities that could allow unauthenticated attackers to perform man-in-the-middle (MitM) attacks, intercept FGFM authentication requests between management and managed devices, and impersonate the management device (either the FortiCloud server or FortiManager).<\/p>

Described as \u2018improper restriction of communication channel to intended endpoints\u2019 bugs, the security defects impact FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice, and FortiWeb.<\/p>

On Tuesday, Fortinet also announced fixes for CVE-2024-54024, a high-severity OS command injection flaw in FortiIsolator that could allow an authenticated attacker with super-admin privileges and CLI access to execute arbitrary code via crafted HTTP requests.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Cyber Attacks<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Oracle Faces Mounting Criticism as It Notifies Customers of Hack<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

As we mentioned in our round-up last week, a hacker announced on a cybercrime forum on March 20 that they had hacked Oracle Cloud servers, offering to sell millions of records allegedly associated with over 140,000 tenants, including encrypted\/hashed credentials.\u00a0<\/p>

Oracle rushed to\u00a0categorically deny\u00a0that there had been a breach of Oracle Cloud systems, making it appear as if it was completely denying getting hacked.\u00a0<\/p>

However, the hacker started leaking stolen information, which security firms assessed as\u00a0likely being genuine, and some Oracle customers confirmed that their data was included in the leak.<\/p>

As more evidence of a data breach affecting Oracle systems came to light, Oracle started privately informing customers \u2014 reportedly through verbal notifications \u2014 that some systems were\u00a0indeed breached, but pointed out that they were not Oracle Cloud systems.<\/p>

On April 7, more than two weeks after the hack came to light, Oracle started sending out written notifications to customers, reiterating that Oracle Cloud Infrastructure (OCI) has \u201cNOT experienced a security breach\u201d.<\/p>

\u201cNo OCI customer environment has been penetrated. No OCI customer data has been viewed or stolen. No OCI service has been interrupted or compromised in any way,\u201d reads a\u00a0notification email\u00a0obtained by security expert Max Solonski.\u00a0<\/p>

However, the notification confirmed that \u201ca hacker did access and publish user names from two obsolete servers that were never part of OCI\u201d<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

\u2018AkiraBot\u2019 Spammed 80,000 Websites With AI-Generated Messages<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Dubbed AkiraBot due to its use of domains that have \u2018Akira\u2019 as the search engine optimization (SEO) service brand, the framework can evade CAPTCHA filters and network detections. The name \u2018ServiceWrap\u2019 also stands out in its SEO domain naming.<\/p>

The framework was designed to target websites with spam messages that can be indexed by search engines, and uses OpenAI services to generate tailored messages for each targeted website.<\/p>

The analysis of archives containing AkiraBot scripts revealed that the framework has been active since September 2024, initially targeting Shopify, and progressively expanding to websites built using GoDaddy, Wix, Squarespace, and generic website contact forms.<\/p>

\u201cThese technologies are primarily used by small- to medium-sized businesses for their ease in enabling website development with integrations for eCommerce, website content management, and business service offerings,\u201d SentinelOne\u2019s SentinelLabs says.<\/p>

The cybersecurity firm identified multiple versions of the framework, all using hardcoded OpenAI API keys, as well as the same proxy credentials and test sites.<\/p>

In AkiraBot\u2019s user interface, the operator can view attack metrics, select a list of websites to target, and choose how many sites to be targeted concurrently.<\/p>

Spam messages are generated based on a template containing a generic outline, which is served to the OpenAI chat API. The OpenAI client is instructed to act as an assistant that generates marketing messages.<\/p>

\u201cThe resulting message includes a brief description of the targeted website, making the message seem curated. The benefit of generating each message using an LLM is that the message content is unique and filtering against spam becomes more difficult compared to using a consistent message template which can trivially be filtered,\u201d SentinelLabs explains.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

In Other News...<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Google Pushing \u2018Sec-Gemini\u2019 AI Model for Threat-Intel Workflows<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The AI model, called Sec-Gemini v1, touts a combination of Google\u2019s Gemini large language model capabilities with near real-time security data and tooling, including integration with Google Threat Intelligence (GTI), the Open Source Vulnerability (OSV) database, and other internal resources.\u00a0<\/p>

\u201cThis combination allows it to achieve superior performance on key cybersecurity workflows, including incident root cause analysis, threat analysis, and vulnerability impact understanding,\u201d the company said.<\/p>

The company boasts that Sec-Gemini v1 outperforms other models on several cybersecurity benchmarks.<\/p>

According to Google, Sec-Gemini v1 leads by at least 11 percent on the CTI-MCQ threat intelligence benchmark and by 10.5% on the CTI-Root Cause Mapping benchmark that assesses an AI model\u2019s ability to understand vulnerability descriptions and classify them using the Common Weakness Enumeration (CWE) taxonomy.<\/p>

In practical examples\u00a0shared\u00a0by Google\u2019s security team, Sec-Gemini v1 was able to accurately identify Salt Typhoon as a threat actor and provide detailed contextual information, including associated vulnerabilities and risk profiles.\u00a0<\/p>

Google said these capabilities are powered by its integration with Mandiant\u2019s threat intelligence data.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

AI Now Outsmarts Humans in Spear Phishing, Analysis Shows<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Since 2023, Hoxhunt has run ongoing experiments pitting AI-generated spear phishing against expert red team generated spear phishing; and has found a 55% improvement in AI performance. In 2023, when the experiment started, AI was 31% less effective than humans. By March 2025, it was 24% more effective. (Effectiveness is measured by the number of times the spear phishes succeeded in getting the target to \u2018click\u2019.)<\/p>

The 2023 results were similar to those returned by a separate study conducted by IBM\u2019s X-Force Red, also in 2023. The IBM study found a human phish achieved a 14% click rate against an 11% click rate from the AI phish, confirming that humans were, at least then, the better phishers. Both experiments were conducted with phishes generated by prompt engineering ChatGPT, because at the time, that was the only generally available way to use AI.<\/p>

IBM\u2019s Chief People Hacker at X-Force Red,\u00a0Snow Carruthers, suggested a primary reason for AI\u2019s failure to move the needle in 2023 was its lack of emotional intelligence. \u201cHumans understand emotions in ways that AI can only dream of. We can weave narratives that tug at the heartstrings and sound more realistic, making recipients more likely to click on a malicious link.\u201d<\/p>

But she\u00a0added, \u201cI think my biggest takeaway is to question what the future is going to look like. If we continue to improve gen-AI and make it sound more human, these phishing emails are going to be possibly devastating.\u201d<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

<\/span> 6<\/span> mins read<\/span><\/span>Microsoft and Fortinet release critical patches, Oracle faces mounting criticism and articles on the latest in AI… Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please […]<\/p>\n","protected":false},"author":1,"featured_media":4520,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[355],"tags":[287,285,286,289,288,284],"class_list":["post-4515","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-news","tag-cyber-attacks","tag-cyber-security","tag-news","tag-patches","tag-vulnerabilities","tag-weekly-security-news"],"yoast_head":"\nWeekly Security News - 14th April 2025 - D2NA<\/title>\n<meta name=\"description\" content=\"Microsoft and Fortinet release critical patches, Oracle faces mounting criticism and articles on the latest in AI...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Weekly Security News - 14th April 2025\" \/>\n<meta property=\"og:description\" content=\"Microsoft and Fortinet release critical patches, Oracle faces mounting criticism and articles on the latest in AI...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/\" \/>\n<meta property=\"og:site_name\" content=\"D2NA\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-14T08:24:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-14T09:06:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/04\/2025-04-14.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Shaun Conway\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@D2NA\" \/>\n<meta name=\"twitter:site\" content=\"@D2NA\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Shaun Conway\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/04\\\/14\\\/weekly-security-news-14th-april-2025\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/04\\\/14\\\/weekly-security-news-14th-april-2025\\\/\"},\"author\":{\"name\":\"Shaun Conway\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/person\\\/624fbd3965489b22f6dcfc6d7eb4fb36\"},\"headline\":\"Weekly Security News – 14th April 2025\",\"datePublished\":\"2025-04-14T08:24:19+00:00\",\"dateModified\":\"2025-04-14T09:06:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/04\\\/14\\\/weekly-security-news-14th-april-2025\\\/\"},\"wordCount\":1673,\"publisher\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/04\\\/14\\\/weekly-security-news-14th-april-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/2025-04-14.jpeg\",\"keywords\":[\"cyber attacks\",\"cyber security\",\"news\",\"patches\",\"vulnerabilities\",\"weekly security news\"],\"articleSection\":[\"Security News\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/04\\\/14\\\/weekly-security-news-14th-april-2025\\\/\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/04\\\/14\\\/weekly-security-news-14th-april-2025\\\/\",\"name\":\"Weekly Security News - 14th April 2025 - D2NA\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/04\\\/14\\\/weekly-security-news-14th-april-2025\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/04\\\/14\\\/weekly-security-news-14th-april-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/2025-04-14.jpeg\",\"datePublished\":\"2025-04-14T08:24:19+00:00\",\"dateModified\":\"2025-04-14T09:06:00+00:00\",\"description\":\"Microsoft and Fortinet release critical patches, Oracle faces mounting criticism and articles on the latest in AI...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/04\\\/14\\\/weekly-security-news-14th-april-2025\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/04\\\/14\\\/weekly-security-news-14th-april-2025\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/04\\\/14\\\/weekly-security-news-14th-april-2025\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/2025-04-14.jpeg\",\"contentUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/04\\\/2025-04-14.jpeg\",\"width\":1200,\"height\":628,\"caption\":\"2025-04-14\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/04\\\/14\\\/weekly-security-news-14th-april-2025\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.d2na.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Weekly Security News – 14th April 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#website\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/\",\"name\":\"D2NA\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.d2na.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\",\"name\":\"D2 Network Associates Limited\",\"alternateName\":\"D2NA\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/Header-Logo.png\",\"contentUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/Header-Logo.png\",\"width\":180,\"height\":60,\"caption\":\"D2 Network Associates Limited\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/D2NA\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/d2-network-associates-ltd\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/person\\\/624fbd3965489b22f6dcfc6d7eb4fb36\",\"name\":\"Shaun Conway\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"caption\":\"Shaun Conway\"},\"sameAs\":[\"https:\\\/\\\/www.d2na.com\"],\"url\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/author\\\/shaun-conway\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Weekly Security News - 14th April 2025 - D2NA","description":"Microsoft and Fortinet release critical patches, Oracle faces mounting criticism and articles on the latest in AI...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/","og_locale":"en_GB","og_type":"article","og_title":"Weekly Security News - 14th April 2025","og_description":"Microsoft and Fortinet release critical patches, Oracle faces mounting criticism and articles on the latest in AI...","og_url":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/","og_site_name":"D2NA","article_published_time":"2025-04-14T08:24:19+00:00","article_modified_time":"2025-04-14T09:06:00+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/04\/2025-04-14.jpeg","type":"image\/jpeg"}],"author":"Shaun Conway","twitter_card":"summary_large_image","twitter_creator":"@D2NA","twitter_site":"@D2NA","twitter_misc":{"Written by":"Shaun Conway","Estimated reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/#article","isPartOf":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/"},"author":{"name":"Shaun Conway","@id":"https:\/\/www.d2na.com\/#\/schema\/person\/624fbd3965489b22f6dcfc6d7eb4fb36"},"headline":"Weekly Security News – 14th April 2025","datePublished":"2025-04-14T08:24:19+00:00","dateModified":"2025-04-14T09:06:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/"},"wordCount":1673,"publisher":{"@id":"https:\/\/www.d2na.com\/#organization"},"image":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/04\/2025-04-14.jpeg","keywords":["cyber attacks","cyber security","news","patches","vulnerabilities","weekly security news"],"articleSection":["Security News"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/","url":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/","name":"Weekly Security News - 14th April 2025 - D2NA","isPartOf":{"@id":"https:\/\/www.d2na.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/#primaryimage"},"image":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/04\/2025-04-14.jpeg","datePublished":"2025-04-14T08:24:19+00:00","dateModified":"2025-04-14T09:06:00+00:00","description":"Microsoft and Fortinet release critical patches, Oracle faces mounting criticism and articles on the latest in AI...","breadcrumb":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/#primaryimage","url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/04\/2025-04-14.jpeg","contentUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/04\/2025-04-14.jpeg","width":1200,"height":628,"caption":"2025-04-14"},{"@type":"BreadcrumbList","@id":"https:\/\/www.d2na.com\/index.php\/2025\/04\/14\/weekly-security-news-14th-april-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.d2na.com\/"},{"@type":"ListItem","position":2,"name":"Weekly Security News – 14th April 2025"}]},{"@type":"WebSite","@id":"https:\/\/www.d2na.com\/#website","url":"https:\/\/www.d2na.com\/","name":"D2NA","description":"","publisher":{"@id":"https:\/\/www.d2na.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.d2na.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.d2na.com\/#organization","name":"D2 Network Associates Limited","alternateName":"D2NA","url":"https:\/\/www.d2na.com\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.d2na.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/12\/Header-Logo.png","contentUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/12\/Header-Logo.png","width":180,"height":60,"caption":"D2 Network Associates Limited"},"image":{"@id":"https:\/\/www.d2na.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/D2NA","https:\/\/www.linkedin.com\/company\/d2-network-associates-ltd\/"]},{"@type":"Person","@id":"https:\/\/www.d2na.com\/#\/schema\/person\/624fbd3965489b22f6dcfc6d7eb4fb36","name":"Shaun Conway","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","caption":"Shaun Conway"},"sameAs":["https:\/\/www.d2na.com"],"url":"https:\/\/www.d2na.com\/index.php\/author\/shaun-conway\/"}]}},"_links":{"self":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/4515","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/comments?post=4515"}],"version-history":[{"count":7,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/4515\/revisions"}],"predecessor-version":[{"id":4525,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/4515\/revisions\/4525"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/media\/4520"}],"wp:attachment":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/media?parent=4515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/categories?post=4515"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/tags?post=4515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}