🚨 This week in cybersecurity: breakfast got breached, NASCAR took a pit stop for ransomware, and a new AI hacking assistant named Xanthorox hit the dark web like it’s applying for a job at Anonymous HQ.

Meanwhile, “Lovable” AI turns out to be a little too lovable to cybercriminals, WhatsApp had a Windows-flavored vulnerability, and someone really should check on those 4 million Chrome users installing sketchy extensions with “Featured” badges.

Oh, and China casually admitted to attacking U.S. infrastructure—so just a normal week in the cyberverse. From stealthy RATs hiding in YouTube to healthcare pros pleading for HIPAA rule clarity, the Friday Wrap UP rounded up the stories you didn’t know you needed (but really should read).

👉 Dive into the full newsletter for the juicy details, face-palms, and patch-worthy updates.

🛡️ Cyberattacks and Data Breaches Continue to Rise

• 🍽️ WK Kellogg hit by Clop ransomware attack, compromising employee and vendor data. (Published on 4/7/2025, BleepingComputer). Read More

• 🏎️ Medusa ransomware strikes NASCAR, demanding $4M and leaking internal documents. (Published on 4/8/2025, HackRead). Read More

• 🏭 Sensata Technologies suffers ransomware attack disrupting operations. (Published on 4/10/2025, BleepingComputer). Read More

• 📧 Treasury’s OCC reports hackers accessed 150,000 emails across 100 accounts. (Published on 4/9/2025, SecurityWeek). Read More

• 🇨🇳 China admits to Volt Typhoon cyberattacks targeting US infrastructure. (Published on 4/11/2025, SecurityWeek). Read More

🧠 AI and Advanced Hacking Tools Emerge

• 🛠️ Xanthorox AI appears on dark web as a full-spectrum hacking assistant. (Published on 4/7/2025, Hackread). Read More

• 🎭 Lovable AI found highly vulnerable, enabling creation of live phishing pages. (Published on 4/9/2025, The Hacker News). Read More

🔓 New Malware, Exploits, and Vulnerabilities Identified

• 🐾 ToddyCat APT exploits ESET bug to deliver stealthy malware. (Published on 4/7/2025, Dark Reading). Read More

• 🐀 Neptune RAT resurfaces via Telegram and YouTube with advanced evasion. (Published on 4/8/2025, Dark Reading). Read More

• 💬 WhatsApp vulnerability lets attackers run malicious code on Windows. (Published on 4/8/2025, BleepingComputer). Read More

• 🧨 Threat actors use “spam bombing” to mask malicious campaigns. (Published on 4/10/2025, Dark Reading). Read More

• 🔐 Fortinet warns of symlink tricks keeping hackers in patched VPNs. (Published on 4/11/2025, BleepingComputer). Read More

🏥 Regulatory & Industry Concerns

• 🏛️ Industry demands clarity on proposed HIPAA cybersecurity rules amid resource concerns. (Published on 4/9/2025, Dark Reading). Read More

🌐 Tech Ecosystem Security Under Scrutiny

• 🧩 Juniper Networks patches dozens of Junos and third-party component vulnerabilities. (Published on 4/10/2025, SecurityWeek). Read More

• 🕵️‍♂️ Research reveals 4M installs of sketchy Chrome extensions—some marked as "Featured." (Published on 4/11/2025, Ars Technica). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!