Protect Yourself from Today’s Cyber Threats

Every day, hackers are trying to break into your computer, your computer network, and access your computer data to hold it hostage. How do you protect yourself?

I'm Bryan Longworth, host of A Faster PC Live Technical Support, and every week on our show, we go over the most critical threats that we are seeing in the wild. These are the biggest threats that are out there, so that you can be aware of these threats, so that you can take proactive action to protect yourself. If you don't, you will be a sitting duck for infection.

The Threat Landscape This Week

So here we go. We're gonna go over the biggest threats that are out there in the wild this week. We're gonna go over the biggest security threats that are out there so that you can know, so that you can be aware, so that you can protect yourself—your business, if you have a business, or maybe a medical practice, a dental practice—whatever the case may be.

Listen, this is no joke. Cybersecurity is critical. Don't think, "Hey, I'm too small to be attacked." We see attacks on individual computers. They're coming after people that they can get $200 from, or $50 from, or $10,000 from, or $20,000 from—a business, really, what they're going to do.

The average duration that a hacker is in a business network is about six months before they're discovered. By that time, they know what your annual revenue is, and their asking price will be 10 to 20% of your annual revenue. So just think about that. Is that $100,000? Is that a million? Is that $500,000? Is that $10 million? How much are they going to ask for? What ransom are they going to demand to get your data back or to not release your data on the dark web?

Apple AirPlay Vulnerability: "Airborne"

You want to actually protect yourself and take proactive steps, and part of that is to know the threats that are out there. So whether you are actually taking action on this for your personal computer, your home office computer, or to protect your business—your medical practice, dental practice, attorney’s office, accountant’s office, maybe even a nonprofit—consider this:

There's an Apple Airborne critical vulnerability. If you use Apple AirPlay, there's a critical vulnerability dubbed "Airborne." It has been discovered in Apple's AirPlay SDK. Exploitation of these flaws could lead to unauthorized access, data theft, and the spread of malware across local networks.

Apple has released patches to address these issues, including:

  • iOS 18.4 (for iPhone)
  • macOS Ventura 13.7.5
  • macOS Sonoma 14.7.5
  • macOS Sequoia 15.5
  • visionOS 2.4

Users are strongly advised to update their devices promptly to mitigate potential security risks.

We have seen an increase in the number of attacks on Mac users, Mac devices, and even iPhones and iPads. So update your devices ASAP. If you're using a Mac or iPhone that will no longer update, you're at risk. You’re really a sitting duck for infection. I encourage you to update that device so you can have the latest security protections.

JPMorgan's CISO Warns on SaaS Risk

JPMorgan's CISO—Chief Information Security Officer—has issued a warning to companies implementing SaaS (Software as a Service). He recently warned that the rapid growth of SaaS applications is creating serious security blind spots.

Many companies are adopting SaaS tools without fully understanding the risks, such as:

  • Poor data governance
  • Limited visibility into third-party access

He emphasizes the need for stronger vendor oversight and more consistent security policies to manage this expanding attack surface.

SAP NetWeaver Exploits

SAP NetWeaver servers are being exploited in the wild. There’s a critical vulnerability in the Visual Composer metadata uploader component that is being actively exploited. Hackers are currently taking advantage of this threat, allowing them to upload and execute malicious files without authentication.

Over 400 servers remain exposed. SAP released a patch on April 24, but many systems are still unprotected. This puts sensitive business data at risk. Organizations are urged to apply the patch immediately to prevent espionage, sabotage, or fraud.

SonicWall Vulnerabilities

SonicWall vulnerabilities are also being actively exploited. Two vulnerabilities in its Secure Mobile Access (SMA) 100 series products have been confirmed:

  1. An OS command injection flaw that requires administrator access.
  2. A critical path traversal vulnerability in Apache HTTP Server that can be exploited remotely without authentication.

These affect SMA 200, 2010, 44010, and 500V models. They were patched in December 2023 and December 2024, respectively. SonicWall advises users to update immediately. Note: You must have an active subscription with SonicWall to receive these updates.

Some companies say, “Hey, you know what? We don't need the update.” But if you're skipping updates, you're vulnerable. You're a sitting duck for infection.

Outdated Mobile Operating Systems

According to a recent report by Zimperium, 50% of mobile devices are running outdated operating systems, leaving them vulnerable to cyberattack. These outdated systems often lack critical security patches, making them easy targets.

The widespread use of personal devices for work—known as BYOD (Bring Your Own Device)—further increases the risk. Compromised personal devices can serve as entry points into corporate networks. Organizations are encouraged to:

  • Implement mobile device management (MDM) solutions
  • Ensure all devices accessing their networks are regularly updated

AI-Powered Phishing: The Darkula Suite

Cybercriminals are starting to use AI (Artificial Intelligence) to improve their phishing tools. They’ve upgraded their Darkula phishing platform, making it easier to create convincing scam websites.

Phishing is when they try to trick you into opening an attachment, clicking a link, or calling a number. The new version, Darkula Suite, allows users to:

  • Clone any website (e.g., your bank)
  • Generate phishing pages in multiple languages
  • Avoid detection with AI-driven formatting and translation

If you click a link in a phishing email, it may look exactly like your bank’s site. If you don’t check the URL and enter your credentials, you’ve just handed them the keys.

Experts warn this advancement lowers the barrier for launching sophisticated phishing attacks, increasing the threat globally.

Craft CMS Vulnerabilities

Craft CMS is also under attack. Hackers are actively exploiting two critical vulnerabilities to gain unauthorized server access. These flaws are found in:

  • The image transformation feature
  • The Yii PHP framework

As of mid-April 2025, approximately 13,000 Craft CMS instances are vulnerable, with nearly 300 confirmed breaches. Users are advised to update to the latest patched versions:

  • 3.9.15
  • 4.14.15
  • 5.6.17

Also, implement additional security measures to protect your systems.

Need Help? We’ve Got You Covered

This can be a little tricky. You hear about these threats, and it’s easy to feel overwhelmed.

Some people try to handle all of this themselves. I had a dentist call our office yesterday and say, “You know what? I’ve been trying to do some of this myself, but you’re the expert—I want you to come in and help me.”

And we can do that for you.

Whether you are:

  • A dental or medical practice
  • A business ownerBiggest Cyber Security Threats This Week
  • An accountant or attorney
  • A nonprofit or government office
  • A home office user or residential client

We have cybersecurity programs to help you strengthen your protection. We can help harden your systems so that they are not as vulnerable to attack.

Call Us Today

You do want to protect yourself. You want to actually give us a call:

📞 777-2878-5978

Again, that’s 777-2878-5978

🔒 Need help securing your devices? You need A Faster PC! If you want to take your cybersecurity to the next level, call A Faster PC at 772 878 5978 or book an appointment at your earliest convenience.