Apple Patches Multiple Zero Day Exploits

Apple has released urgent security updates to fix two serious bugs found in its products, including iPhones, iPads, Macs, Apple TVs, and the Vision Pro headset. These bugs were discovered during what Apple called an “extremely sophisticated attack” aimed at specific individuals. While Apple hasn’t shared who was targeted or how the attack worked in detail, the company stresses the importance of updating devices immediately to stay protected.

The two security flaws were located in systems called CoreAudio and RPAC. One flaw could allow hackers to take control of a device just by getting it to play a specially designed audio file. The other flaw could let attackers bypass built-in security measures designed to guard against memory-related attacks. These issues affect a wide range of devices, from the iPhone XS to newer iPads, Macs, Apple TVs, and the Vision Pro.

Even though these attacks were highly targeted, Apple recommends that all users update their devices right away. The fixes were rolled out in updates labeled iOS 18.4.1, macOS Sequoia 15.4.1, and similar versions for other systems. These are the fourth and fifth major security issues Apple has addressed so far this year, showing the company’s ongoing effort to stay ahead of threats.

Security Flaws Found in Windows Application

Cybersecurity experts have discovered four security flaws in a key Windows tool called "schtasks.exe," which helps manage scheduled tasks. These vulnerabilities could let attackers with local access trick the system into giving them administrator-level control, allowing them to run harmful programs, steal data, or tamper with the system. One of the flaws allows attackers to bypass security prompts and gain high-level access without user approval, but only if they already have access to a user's password.

Using these weaknesses, attackers could also erase logs that track system activity, making it easier to hide their tracks. By manipulating how scheduled tasks are set up—particularly using a method called Batch Logon—they can overwrite important event logs, including the main security log that keeps records of past actions. While these attacks require some initial access or stolen credentials, the vulnerabilities pose a serious risk and highlight how deeply attackers can exploit everyday Windows features.

NVIDIA Toolkit Contains Vulnerabilities for AI Users

Researchers are warning organizations that use NVIDIA GPUs for AI work to update their systems immediately due to serious security flaws in a toolkit called the NVIDIA Container Toolkit. These vulnerabilities could allow attackers to gain access to sensitive data, steal proprietary AI models, or cause major disruptions. Although NVIDIA initially released a patch in September 2024 for the most critical bug (CVE-2024-0132), later analysis revealed that the fix was incomplete. A second vulnerability (CVE-2025-23359) was discovered afterward, putting some systems still at risk despite being previously patched.

The newly identified vulnerability especially affects companies using Docker on Linux systems with NVIDIA's toolkit. Attackers could exploit the flaw to gain root-level control of a system by creating specially crafted containers and exploiting a race condition. This would let them access core system files and execute commands, leading to data theft or system shutdowns. Since many AI and cloud-based environments rely on this toolkit, the potential impact is widespread.

Both issues now have patches available, and security experts strongly recommend organizations apply them immediately. In addition, companies should limit access to the Docker API, avoid giving unnecessary permissions, and disable unused features in the NVIDIA toolkit. Adding further protections—like auditing system behavior, enforcing access controls, and monitoring for unusual container activity—can help prevent future attacks and reduce exposure in complex environments.

Defensible Strategies

Learn from those who have been attacked

Funding for CVE Program Secured as US Government Extends Contract

The U.S. government has extended MITRE’s funding for another 11 months to ensure there’s no interruption in the Common Vulnerabilities and Exposures (CVE) program, a key part of the global cybersecurity infrastructure. CVE helps standardize how security flaws are identified and shared, making it easier for experts and organizations to respond to threats. The extension came just in time, as MITRE had warned the program's funding was set to expire, which could have caused widespread issues for cybersecurity tools, databases, and incident response efforts.

In response to concerns about the program’s long-term stability, a group of CVE Board members launched the CVE Foundation, a new non-profit aimed at making the program more independent and globally sustainable. While CISA’s funding extension ensures short-term continuity, the foundation's goal is to reduce reliance on a single government sponsor and build a more resilient future for CVE. Meanwhile, Europe is also taking steps in this direction by launching its own vulnerability database, signaling a growing push for decentralized, community-driven security infrastructure.

Law Firm Unaware of Breach that Caused Legal Fine

The Pennsylvania State Education Association (PSEA) is informing over half a million people that their personal data was stolen in a security breach that occurred in July 2024. The breach affected a wide range of individuals, including teachers, support staff, and retired educators. The stolen data includes sensitive information such as Social Security numbers, payment card details, health records, and more.

The PSEA offered free credit monitoring and identity restoration services to those impacted, urging individuals to monitor their financial accounts for suspicious activity. The union completed an investigation into the breach in February 2025, and it was determined that the stolen data varied by person, with some individuals having their highly personal and financial information exposed.

The breach was claimed by the Rhysida ransomware gang, which demanded a ransom in exchange for not leaking the stolen data. Rhysida, known for its attacks on various high-profile organizations, has previously targeted entities like Sony and Lurie Children's Hospital. While it's unclear whether PSEA paid the ransom, the gang removed the threat of releasing the data after their demand was not met. Rhysida continues to be a significant threat, particularly in the healthcare and public sectors.

Oregon DEQ Denies Breach Despite Ransomware Group Claims

A ransomware group known as Rhysida claims to have stolen a large amount of sensitive data from the Oregon Department of Environmental Quality (DEQ), despite the agency stating it had found no evidence of a data breach. The DEQ, which monitors environmental quality in Oregon, has been investigating a cyberattack since April 9 that disrupted several services, including email and vehicle inspections. While the agency has said its main environmental data system was unaffected, it has not confirmed whether any data was actually stolen.

Rhysida claims to have taken 2.5 terabytes of data, including employee information, and is threatening to auction it off unless a ransom of 30 bitcoin (about $2.5 million) is paid. Although the group posted a blurry screenshot to support their claims, it's hard to verify the content. The DEQ’s latest update, as of April 15, neither confirmed nor denied the breach. Rhysida has a history of targeting public organizations, including government and healthcare agencies, raising concerns about the growing threat of ransomware attacks.