This Month in Cybersecurity, the April 2025 edition is here with curated highlights of the month’s key cybersecurity and data privacy stories to help you stay safe when it comes to access and credential collaboration.
Let’s dive in!
1. A Sneaky Phish Just Grabbed His Mailchimp Mailing List
Troy Hunt, creator of Have I Been Pwned, fell victim to a well-executed phishing attack that stole his Mailchimp credentials, allowing attackers to export his blog’s 16,000-subscriber mailing list. The phishing site captured both his password and OTP, exploiting a moment of tiredness. Hunt criticizes Mailchimp’s security — including lack of phishing-resistant 2FA and unnecessary retention of unsubscribed users’ data — and stresses the urgent need for passkey adoption. He responded transparently by notifying impacted users, securing his account, and is actively pushing for better authentication standards while investigating Mailchimp’s handling of the incident.
| Date: | Mar 25, 2025 |
|---|---|
| Source: | TroyHunt.com |
| Author: | Troy Hunt |
2. European Commission takes aim at end-to-end encryption and proposes Europol become an EU FBI
The European Commission has unveiled ProtectEU, a new internal security strategy aiming to enhance the EU’s ability to tackle evolving threats. Key proposals include transforming Europol into a more operational, FBI-like agency for cross-border investigations and developing lawful access to encrypted data for law enforcement, while claiming to safeguard cybersecurity and fundamental rights. The Commission also plans to bolster intelligence-sharing and introduce a new Cybersecurity Act, although historical challenges such as member states’ reluctance to share sovereignty and differing national interests may hamper implementation.
| Date: | Apr 1, 2025 |
|---|---|
| Source: | The Record |
| Author: | Alexander Martin |
3. Google Spoofed Via DKIM Replay Attack: A Technical Breakdown
A sophisticated DKIM replay attack was discovered where attackers spoofed Google’s no-reply email address to send a fake subpoena phishing email that passed SPF, DKIM, and DMARC checks. The scam leveraged Google Sites to host a convincing fake support page under a legitimate Google subdomain, exploiting user trust. The attack worked by replaying a previously legitimate email’s DKIM signature, making the spoofed message look fully authentic. This case highlights serious risks with DKIM replay attacks, the abuse of trusted infrastructure like Google Sites, and the need for frequent DKIM key rotation and greater user vigilance against increasingly realistic phishing campaigns.
| Date: | Apr 11, 2025 |
|---|---|
| Source: | EASYDMARC |
| Author: | EASYDMARC |
4. U.S. Govt. Funding for MITRE’s CVE Ended April 16, Cybersecurity Community on Alert
The U.S. government’s funding for MITRE’s Common Vulnerabilities and Exposures (CVE) program was set to expire, raising fears of disruption across the cybersecurity ecosystem, including vulnerability databases, incident response, and critical infrastructure protection. However, CISA has extended the contract to prevent a service lapse. Meanwhile, a new CVE Foundation has been formed to ensure the program’s independence, and initiatives like the EU’s European Vulnerability Database (EUVD) and Luxembourg’s Global CVE (GCVE) system are emerging to bolster global vulnerability management efforts.
| Date: | Apr 16, 2025 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
5. EU Pledged to Improve GDPR Cooperation - and Made Iit Worse
The EU’s attempt to fix the GDPR’s slow and ineffective cross-border enforcement through a new GDPR Procedural Regulation appears to be failing. Instead of simplifying and streamlining processes as promised, the draft legislation emerging from trilogue negotiations is expected to make GDPR enforcement even more complex, slower, and prone to legal challenges. Max Schrems and noyb warn that the proposal, rushed without proper impact assessment, mirrors outdated, inquisitorial procedures, limits parties’ rights, and introduces timelines that could stretch decisions to up to 33 months. Far from strengthening GDPR rights, the regulation risks deepening enforcement failures and creating greater legal uncertainty across the EU.
| Date: | Apr 17, 2025 |
|---|---|
| Source: | NOYB |
| Author: | NOYB |
6. Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Cybersecurity researchers at ARMO have demonstrated a proof-of-concept rootkit named Curing that abuses Linux’s io_uring asynchronous I/O interface to bypass traditional system call monitoring, creating a major blind spot for Linux runtime security tools like Falco and Tetragon. The rootkit can communicate with a command-and-control server and execute actions without triggering system calls, making detection extremely difficult. Although io_uring offers performance benefits, its misuse poses serious security risks, which even tech giants like Google have acknowledged by restricting its use across Android, ChromeOS, and production environments.
| Date: | Apr 24, 2025 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
7. Windows “inetpub” Security Fix Can Be Abused to Block Future Updates
A recent Windows security update created a new ‘C:\inetpub’ folder to patch a privilege escalation vulnerability (CVE-2025-21204), but cybersecurity expert Kevin Beaumont discovered it can be abused by non-admin users to block future Windows updates. By creating a junction between ‘inetpub’ and a file like ‘notepad.exe’, update installations fail with error code 0x800F081F. Microsoft acknowledged the issue but classified it as moderate severity, deciding not to issue an immediate fix, suggesting users can resolve the problem by manually removing the junction.
| Date: | Apr 25, 2025 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Lawrence Abrams |
Conclusion
That’s all for this roundup. We’d love to hear your thoughts. Share additional stories we may have missed or drop any comments in the Passbolt community forum: https://hubs.li/Q02bCy160