News, Straightforward GRC

Security News Roundup From Last Week That We Found Interesting – 14.04.2025

  1. By Jaana Metsamaa

14 Apr

Security News Roundup

Here are a few news stories from last week we found interesting and think are worth your attention.

Serious Security Issues Found in Perplexity AI’s Chatbot Android App (11.04.2025)

Security researchers have uncovered serious vulnerabilities in Perplexity AI’s Android app. Notably, API keys were easily accessible, potentially allowing attackers to impersonate users and access their conversations. Oh, 2 months ago same issues were discovered in Deepseeks Android app. 

This is really bad, you should not use it on Android. 

Read more: https://www.darkreading.com/application-security/11-bugs-found-perplexity-chatbots-android-app

Attackers Are Now Into ‘Spam bombing’ as Part of Their Social Engineering Campaign (10.04.2025)

Essentially, the target gets an insane amount of harmless looking e-mails (like hundreds within 5 minutes) sent from a reputable marketing source like Mailchimp. Imagine real looking newsletters, signups, promotions etc. everything that the automatic checks would let through. And then “a helpful IT person” steps in to help the target resolve the issue and steal some credentials and breach along the way.

Something to include as an example in your next security training. 

Read more: https://www.darktrace.com/blog/email-bombing-exposed-darktraces-email-defense-in-action or here.

Ransomware attack cost IKEA operator in Eastern Europe $23 million and they didn’t even pay (11.04.2025)

Initial incident happened in December 2024, it has taken months to recover, repell new attacks and coordinating with external cyber security service firm. 

$23 million is bad but can you imagine coordinating with data protection authorities in 4 countries. 

Read more: https://www.bleepingcomputer.com/news/security/ransomware-attack-cost-ikea-operator-in-eastern-europe-23-million

Google announces Sec-Gemini v1, a new experimental cybersecurity model (04.04.2025)

Sec-Gemini v1 is an AI model that uses real-time threat intel to boost cybersecurity workflows and shift the balance towards defenders. It’s supposedly much better than the other models but you can’t use it yet, only available for research partners for now.

Read more: https://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html

Platform

Overview

Product Updates

Book a demo

Resources

Straightforward GRC Blog

Privacy Notice

Company

Contact Us

Follow Us

Linkedin
en_US English
en_US English et Estonian