April 29, 2025

A massive power outage affected the entire Iberian Peninsula, including Spain and Portugal, and parts of southern France. The outage, which lasted around 8 hours, disrupted daily life, shutting down subways, ATMs, and traffic lights, and affecting flights and mobile communications. By Tuesday morning, power had been restored to almost all of Spain and Portugal, with over 99% of energy demand in Spain and all power substations in Portugal back online. The cause of the blackout remains unknown, with Spanish Prime Minister Pedro Sanchez stating that all potential causes are being analyzed without discarding any hypothesis. Authorities have ruled out a cyberattack, but an investigation is ongoing to determine the cause of the outage.

April 29, 2025 • By Laura Pippig, Joel Lee

Cybersecurity researchers have discovered a loophole in smartphones' USB protection feature, allowing attackers to bypass security using a method called "choice jacking." This involves manipulating charging stations to appear as USB keyboards, establishing a Bluetooth connection, and approving file transfer consent without user awareness. The vulnerability affects devices from various manufacturers, including Samsung, and can lead to unauthorized access to files and personal data. To protect against such attacks, users are advised to avoid using public charging stations, keep their devices up-to-date with security updates, and use their own power banks when traveling. Apple and Google have implemented a solution, requiring users to enter their PIN or password before adding a device as a trusted source, but other manufacturers have not yet implemented sufficient protection.

April 29, 2025 • By news@appleinsider.com (Andrew Orr)

The article discusses various Apple-related news. Apple's iPhone prices continue to rise despite more buyers skipping Pro models. TSMC, Apple's iPhone processor manufacturer, has broken ground on a third chip fabrication facility in Arizona. Additionally, new iPhone factories have been opened in India, and a new Foxconn operation is set to begin soon. Other topics include a new low-priced iPhone game controller, the GameSir X5 Lite, and tips on setting up parental controls on Mac devices.

April 29, 2025 • By Jess Thomson

A rare international blackout affected Spain, Portugal, and parts of southwest France, leaving millions without electricity. The cause is unclear, but initial reports suggested "induced atmospheric vibration" due to extreme temperature variations. However, Portugal's electricity network provider later refuted this explanation, citing a significant voltage fluctuation in the Spanish grid. Experts say the true cause is still unknown, with some speculating a cyber attack, but no evidence supports this. The interconnected European power grids made the blackout spread quickly. Investigations are ongoing to determine the cause and prevent similar incidents. Power has been restored to most areas, with 99% of Spain and all of Portugal having electricity again.

April 29, 2025 • By Iain Thomson

Retired Rear Admiral Mark Montgomery spoke at the RSA Conference, stating that China has become America's biggest online adversary, surpassing Russia. He cited the Volt Typhoon attacks against the US as an example, where Chinese officials openly claimed responsibility. Montgomery emphasized that the US has focused on defense, allowing other nations to improve their cyber skills, with China becoming a major player. He noted that China's cyber threat is the greatest daily threat to American citizens and the US way of life. Montgomery suggested that the US needs to recruit more offensive online operators and proposed calling in the National Guard to bolster cyber forces. He also recommended extending the 2002 Sarbanes-Oxley Act to require companies to prioritize cybersecurity. Montgomery warned that China could use its cyber capabilities to amplify a crisis, such as a potential invasion of Taiwan, by targeting US critical infrastructure.

April 29, 2025 • By David DiMolfetta

The Defense Advanced Research Projects Agency (DARPA) is hosting a cybersecurity competition, the AI Cyber Challenge, with its final round taking place in August. The competition will task seven teams with creating an AI-powered system to secure open-source software used in critical infrastructure sectors, such as water systems and financial institutions. The challenge is inspired by a Chinese hacking campaign, known as Salt Typhoon, which was discovered last year and had infiltrated major US telecommunications systems and wiretapping platforms. The competition aims to help critical infrastructure owners and operators quickly find and fix vulnerabilities in their platforms using autonomous AI.

April 29, 2025 • By Alessandro Mascellino

A new ransomware campaign using LockBit ransomware and the Phorpiex botnet has been discovered. This campaign marks a shift in how threat actors use botnets to bypass traditional human-operated ransomware attacks. The attackers use phishing emails with ZIP attachments to initiate infections, which then deploy LockBit directly to infected machines, skipping lateral movement. The Phorpiex botnet has maintained its structure since its source code was sold in 2021 and follows a consistent pattern across its variants. This campaign shows how ransomware groups like LockBit are adapting their strategies after global law enforcement efforts to dismantle them. By using automated, botnet-driven distribution tactics, LockBit affiliates reduce the time and risk associated with manual intrusions, complicating detection efforts. Security researchers recommend heightened email security measures and vigilant monitoring to defend against such attacks.

April 29, 2025 • By Cointelegraph by Felix Xu

The article discusses the trust problem in AI and how decentralized, privacy-preserving technologies can resolve it. Despite AI's growing popularity, users and companies still hesitate to trust it due to concerns about reliability, integrity, and data protection. Decentralized technologies like zero-knowledge succinct non-interactive arguments of knowledge (ZK-SNARKs) can provide verifiability, transparency, and stronger data protection without compromising AI's growth. These technologies enable AI models to be verified for correctness without disclosing their training data or proprietary logic, protecting user privacy and institutional risk. The article concludes that building trustworthy AI requires decentralization and verifiable cryptography, which will be crucial for widespread adoption.

April 29, 2025 • By Huntress Labs

Huntress has announced the general availability of its modern Managed Security Information and Event Management (SIEM) solution. The fully managed solution, operated by Huntress' 24/7 Security Operations Center (SOC), aims to simplify traditional SIEM products by removing complexity and noise. It enables customers to detect and neutralize threats earlier and provides fast time to value after deployment. The solution includes enhanced integrations for log sources and expanded compliance capabilities. Huntress' mission is to make enterprise-grade cybersecurity accessible to all businesses, and its Managed SIEM is designed to provide effective threat detection and incident response without the need for big budgets and teams.

April 29, 2025 • By Maria Thomson

The 2025 Microsoft Security Excellence Awards recognized individuals and organizations for their contributions to cybersecurity. The awards, presented in San Francisco, honored partners who have demonstrated technical excellence and a commitment to strengthening security. Categories included security trailblazer, data security and compliance, identity trailblazer, endpoint management, and security customer champion. Winners were chosen by votes from Microsoft and Microsoft Intelligent Security Association (MISA) members. The awards celebrate the power of collaboration in the fight against cyberthreats and recognize the critical role partners play in cybersecurity. Microsoft executives presented the awards, congratulating winners on their innovative solutions and commitment to security. The event was part of the RSAC Conference, where MISA members showcased their solutions and Microsoft shared its security expertise.

April 29, 2025 • By Wearable Devices Ltd.

Wearable Devices Ltd. announced a warrant inducement agreement with an existing institutional investor. The investor will immediately exercise warrants to purchase up to 830,500 ordinary shares at a reduced price of $1.45 per share, resulting in approximately $1.2 million in gross proceeds. In return, the investor will receive new warrants to purchase up to 1,661,000 ordinary shares with an exercise price of $1.45 per share. The company plans to use the net proceeds for working capital and general corporate purposes. The transaction is expected to close on or about April 30, 2025, subject to customary closing conditions. Wearable Devices Ltd. is a pioneer in AI-based wearable gesture control technology, revolutionizing human-computer interaction with its innovative products and solutions.

April 29, 2025 • By Sead Fadilpašić

British retailer Marks & Spencer has been affected by a major cyber incident, believed to be a ransomware attack by the threat actor Scattered Spider. The incident, which started in late April, has caused disruptions to store operations, including Click and Collect services and contactless payments. Although the company has not confirmed the nature of the incident, multiple sources cited by BleepingComputer suggest that Scattered Spider used the DragonForce encryptor to attack M&S's VMware ESXi hosts, encrypting virtual machines. Cybersecurity teams, including CrowdStrike, Microsoft, and Fenix24, have been brought in to investigate and mitigate the damage. Scattered Spider is a financially motivated collective that typically targets companies in the west using social engineering tactics and SIM-swapping.

April 29, 2025 • By Nick Wakeman

Robert Metzger, known as the "Godfather of CMMC," has passed away after a battle with prostate cancer. Metzger was a lawyer who played a significant role in the development of the Cybersecurity Maturity Model Certification (CMMC) standard. He was one of the authors of the 2018 MITRE report "Deliver Uncompromised," which described the cybersecurity challenges of the defense supply chain and is widely credited with the start of CMMC. Metzger was a respected figure in the cybersecurity community, known for his ability to absorb complex technical information and provide thoughtful analysis. He will be remembered for his contributions to the development of CMMC and his dedication to public service.

April 29, 2025 • By Paolo Antonetti, Professeur, EDHEC Business School

A recent survey by insurance group Hiscox found that two-thirds of companies reported being victims of cyberattacks between mid-August 2023 and September 2024, a 15% increase from the previous period. Cyberattacks cost France up to €122 billion in 2024, a 37% rise from 2023. While companies often accept responsibility for cyberattacks, research suggests that positioning oneself as a victim can be more effective in limiting damage to one's image, provided claims of victimhood are deployed intelligently. Companies like T-Mobile and Equifax have paid compensation to consumers while refusing to accept responsibility, presenting themselves as victims. However, clumsily declaring oneself as the sole entity to blame or the sole victim of a cyberattack can be risky and backfire on a company. To effectively claim victim status, companies should adopt a consistent stance, emphasize that they have been a victim, and show empathy and commitment to affected stakeholders. The swiftness of response, level of transparency, and relative stance taken are all part of a good strategy. Companies perceived as virtuous, such as those with a positive track record in corporate social responsibility, can more easily claim victimhood persuasively. Public acceptance of victim status is more effective when the cyberattack is perceived to be the work of highly competent malicious actors. Companies should persuade the public that the attack harmed the company while keeping the main focus on the public. A factual and constructive approach, focusing on measures taken to overcome the crisis, is essential to distinguish between legitimate claims of victim status and communication that could be perceived as an attempt to exonerate oneself.

April 29, 2025 • By Anupama Ghosh

Bajaj Finance reported a 19% increase in consolidated profit after tax to ₹4,546 crore for Q4 FY25. The company's consolidated profit rose 16% to ₹16,779 crore for the full fiscal year 2025. Consolidated assets under management grew 26% to ₹416,661 crore as of March 31, 2025. Subsidiaries Bajaj Housing Finance and Bajaj Financial Securities also saw significant profit increases. Bajaj Finance shares ended at ₹9,105, up 0.13% on the NSE.

April 29, 2025 • By Anupama Ghosh

Bajaj Finance reported a 19% increase in consolidated profit after tax to ₹4,546 crore for Q4 FY25. The company's consolidated profit rose 16% to ₹16,779 crore for the full fiscal year 2025. Consolidated assets under management grew 26% to ₹416,661 crore as of March 31, 2025. Subsidiaries Bajaj Housing Finance and Bajaj Financial Securities also saw significant profit increases. Bajaj Finance shares ended at ₹9,105, up 0.13% on the NSE.