Latest news as of 4/19/2025, 6:20:12 PM
The Hacker News
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils (132 downloads) node-telegram-bots-api (82 downloads) node-telegram-util (73 downloads) According to supply chain
The Register
AI-spoofed Mark joins fellow billionaires as the voice of the street – here's how it was probably done Crosswalk buttons in various US cities were hijacked over the past week or so to – rather than robotically tell people it's safe to walk or wait – instead emit the AI-spoofed voices of Jeff Bezos, Elon Musk, and Mark Zuckerberg.… Video
Bleeping Computer
Google Gemini is testing a ChatGPT-like scheduled tasks feature called "Scheduled Actions," which will allow you to create tasks that Gemini will execute later. [...]
The Hacker News
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0. "An improper authentication control vulnerability exists in certain ASUS router firmware series,"
Dark Reading
Threat actors would be at least temporarily derailed, experts say. But the real issue ladders back to organizations’ weak cyber hygiene.
The Register
Using LLMs to pick programs, people, contracts to cut is bad enough – but doing it with Musk's Grok? Yikes A group of 48 House Democrats is concerned that Elon Musk's cost-trimmers at DOGE are being careless in their use of AI to help figure out where to slash, creating security risks and giving the oligarch's artificial intelligence lab an inside track to train its models on government info.…
Dark Reading
Identity verification, insurance claims, and financial services are all seeing surges in AI-enabled fraud, but organizations are taking advantage of AI systems to fight fire with fire.
Bleeping Computer
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. [...]
Dark Reading
The notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal.
Bleeping Computer
OpenAI has launched three new reasoning models - o3, o4-mini, and o4-mini-high for Plus and Pro subscribers, but as it turns out, these models do not offer 'unlimited' usage as the non-reasoning 4o. [...]