Cybercrimes pose major threats across industries globally as bad actors exploit new techniques and vulnerabilities to cause widespread damage. From scams and hacks affecting personal data to weaponizing software, digital security remains volatile.
TechFyle examines some of the latest incidents making headlines in today’s edition of the TF Cybercrime Round-up. Here’s a glimpse into the State of Cybersecurity on 17 April 2025
What’s Happening & Why This Matters
Text Scams Soar to $470 Million in 2024
Scammers are making billions by targeting individuals through text messages. According to the Federal Trade Commission (FTC), Americans lost over $470 million in 2024 due to text message scams. The most common scams include fake package deliveries and fraudulent job ads. The increase in losses, compared to the $86 million reported in 2020, highlights the growing scale of this type of fraud.
Despite reports of scams falling, the financial damage has continued to rise. The rise in these scams indicates criminals’ ability to adapt, exploiting text messaging as an easy entry point into personal data. Users must be more vigilant about phishing attempts and avoid clicking on suspicious links from unknown sources.
Apple’s iOS Security Flaws and Malicious Media Exploits.
In a recent update, Apple patched two severe zero-day vulnerabilities affecting iPhones. These flaws allowed hackers to exploit audio processing within the iOS ecosystem, targeting specific individuals. The first flaw, CVE-2025-31200, could trigger remote code execution when an iPhone processes a malicious media file. A second vulnerability, CVE-2025-31201, enabled attackers to bypass Apple’s security defenses and escalate their control. The vulnerabilities were discovered through collaboration with Google’s Threat Analysis Group. While Apple has patched these flaws in iOS 18.4.1, the incident emphasizes the ongoing risks associated with mobile security.
OpenAI’s API Misused in Spam Attacks
Cybersecurity firm SentinelOne has uncovered a massive scam using OpenAI’s GPT-4o-mini, a version of OpenAI’s advanced language model. AkiraBot bot flooded at least 80,000 websites with custom spam messages designed to advertise bogus SEO services. Targeting small and medium-sized businesses using platforms like Shopify, GoDaddy, Wix, and Squarespace, the bot produced tailored messages unique enough to bypass detection algorithms. This sophisticated scam overwhelmed business websites and leveraged live chat systems to engage users in fraudulent transactions.
This attack underscores the potential abuse of AI models by cybercriminals. OpenAI responded swiftly, disabling the API key used by AkiraBot and stating that it is improving its systems to detect such abuse. However, this highlights the vulnerabilities in using AI for business automation without adequate safeguards.
Google’s 23-Year-Old Chrome Flaw
Google has recently fixed a critical flaw in Chrome that has existed for over two decades. The flaw, discovered in the browser’s handling of visited link data, allowed websites to track users’ browsing history without consent. This was a serious privacy issue as sites could use a subtle visual cue, the purple color of visited links, to identify pages a user had previously visited.
The flaw’s impact extended beyond Google Chrome, affecting popular browsers like Safari and Internet Explorer. By finally addressing the issue, Google has bolstered its browser’s security, ensuring user activity cannot be exposed to unrelated websites without consent. The fix is included in Chrome’s upcoming version 136 update, available through the beta channel.
Chinese Researchers Access UK GP Records
A chilling revelation has surfaced regarding the unauthorized access of sensitive health data. Chinese researchers have accessed half a million UK GP records, potentially exposing personal and medical details. This breach represents a serious violation of data privacy and security, raising alarms about the integrity of international data-sharing agreements and the vulnerabilities of medical records stored online.
This breach is a stark reminder of how critical it is for organizations to adopt robust cybersecurity measures, especially when dealing with sensitive information like medical records. The growing trend of data breaches underscores the importance of encryption and strong authentication protocols to protect user data.
Android Phones Forced to Restart After Inactivity
An intriguing move by Google has prompted Android phones to restart automatically after being inactive for three days. This update, which is expected to roll out across the mobile ecosystem, will affect how users interact with their devices, particularly those who leave their phones unused for long periods.
This change is likely a response to concerns about device performance and security. By restarting phones, Google aims to clear any dormant processes that cybercriminals could exploit or contribute to malware vulnerabilities. This move also ensures that devices stay updated with the latest security patches without manual intervention.
Funding Saves Vulnerability Tracking Program
In a positive turn of events, a crucial program designed to track and mitigate software vulnerabilities has received emergency funding to keep running. The program, which plays a vital role in identifying and addressing vulnerabilities across multiple platforms, was facing closure due to financial constraints. This funding ensures that cybersecurity experts can continue to monitor and patch flaws before cybercriminals exploit them.
TF Summary: What’s Next
The state of cybersecurity in April 2025 reveals both advancements and ongoing challenges. While Apple and Google address the misuse of popular products and emergency measures are taken to protect vital programs from tracking vulnerabilities, the misuse of AI by cyber criminals is a stern reminder of how technology can be weaponized. OpenAI’s actions to curb the misuse of its services and the ongoing data privacy issues surrounding medical records demonstrate the need for stricter, more advanced protections and regulations.
As we progress, cybersecurity will continue to be a race between hackers and service providers. Governments, organizations, and individuals are vigilant and proactive in adopting security best practices. A shared primary goal is ensuring that sensitive data remains secure. TF predicts the execution of new strategies, tools, and collaborations to combat the growing threats in our increasingly digital world.
— Text-to-Speech (TTS) provided by gspeech