Cybersecurity Week in Review: April 15

Major Data Breaches and Leaks

Oracle Cloud Credential Breach Claims (April 17): The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of a potentially massive compromise of Oracle’s cloud services after a hacker claimed to have stolen 6 million records affecting up to 140,000 customers (The Record). Cybersecurity firms CloudSEK and CybelAngel confirmed the data included encrypted passwords, key files, and sensitive credentials. The threat actor “rose87168” sought help online to decrypt the stolen data and attempted to extort Oracle clients. While Oracle has denied any breach of its OCI platform, three customer organizations confirmed their data appeared in the leak. In its April 17 advisory, CISA urged all Oracle Cloud users to reset credentials and monitor for suspicious activity.
Ahold Delhaize Data Theft Confirmed (April 17): Grocery conglomerate Ahold Delhaize confirmed that a November 2024 cyberattack on its U.S. operations resulted in data theft (Cybersecurity Dive). This followed an April 16 claim by ransomware group “Inc Ransom” that it exfiltrated up to 6 TB of data, threatening to release it unless demands are met. The attack had disrupted e-commerce services at the time. Ahold is working with forensic experts and will notify affected individuals.

Significant Cyberattacks and Incidents

4chan Forum Compromised (April 15): Hackers defaced 4chan and leaked backend data, exposing internal panels and previously anonymous moderators’ information (Reuters). The breach, considered legitimate by cybercrime researchers, caused intermittent downtime and raised concerns about access to source code or user records.
Japanese Brokerage Accounts Hacked (April 21): Japan’s FSA reported unauthorized trades totaling ¥47 billion (≈$350 million) across 12 brokerage firms, linked to phishing attacks that stole user credentials (The Record). Hackers sold portfolios and used proceeds to buy Chinese stocks. Firms were instructed to reimburse affected clients and enhance security.

Critical Vulnerabilities and Patches

Apple Zero‑Day Exploits and Emergency Updates (April 16): Apple patched two zero-day vulnerabilities (CVE-2025-31200 and CVE-2025-31201) affecting all major platforms via out-of-band updates (BleepingComputer). The flaws, affecting CoreAudio and RPAC, were actively exploited. Users are urged to update immediately.
SonicWall Firewall Vulnerability Exploited (April 17): A long-known bug (CVE-2021-20035) in SonicWall SMA 100 Series devices is now being actively exploited, prompting CISA to issue an urgent alert (The Hacker News). The vulnerability allows remote command execution. Many devices remain unpatched despite a 2021 fix.
Critical Erlang/OTP SSH RCE – Public Exploits Released (April 19): CVE-2025-32433, a critical remote code execution bug in Erlang/OTP’s SSH daemon, is now under active exploitation after proof-of-concept code went public (BleepingComputer). Widely used in telecom and database infrastructure, the flaw poses significant risks. Patches are available, but rollout may be slow.
Oracle’s April 2025 Critical Patch Update (April 18): Oracle issued 378 security fixes addressing ~180 CVEs across its portfolio, including critical, remotely exploitable flaws (SecurityWeek). The update comes amid scrutiny over recent breach claims. Organizations are urged to prioritize critical patches.

Government and Industry Cyber Responses

CISA Credential Security Alert: Following the Oracle Cloud breach claims, CISA issued guidance urging companies to secure credentials, reset affected passwords, and inspect systems for compromise (Cybersecurity Dive; The Record). The agency emphasized the danger of reused or hard-coded credentials.
China Accuses NSA of Cyberattacks: China accused the U.S. NSA of cyberattacks during the February Asian Winter Games, naming alleged agents and implicating U.S. universities as collaborators (Reuters). The U.S. denied the claims, highlighting growing international cyber tensions.
Global Cybersecurity Alerts and Collaboration: Japan’s FSA coordinated with financial firms to respond to the brokerage hacks. Globally, agencies emphasized information-sharing and vigilance, particularly regarding Chinese-backed cyber operations targeting infrastructure (The Record).

Miscellaneous

CVE Program Funding Crisis: MITRE’s CVE program narrowly avoided shutdown with a last-minute 11-month contract extension by CISA. Long-term funding concerns have sparked debate over transitioning to a neutral nonprofit model (More).
Kusto Detective Agency Challenge: Registration opened for “Call of the Cyber Duty,” a competitive cyber investigation challenge beginning June 8, 2025 (More).

Conclusion

This week has once again underscored the critical importance of proactive cybersecurity practices, especially as zero-day threats and cloud security lapses continue to challenge even the most well-resourced organizations. The growing scale and sophistication of attacks — from leaked credentials and ransomware to high-profile breaches and geopolitical cyber tensions — highlight the need for constant vigilance, robust infrastructure, and international cooperation. As we move forward, the emphasis must remain on patching known vulnerabilities, monitoring credential hygiene, and reinforcing security policies across all sectors.