April 2025 brought even more – and bigger – cybersecurity news stories to note, potentially eclipsing the events seen in March, February and January. This month’s recap by SWK Technologies features an extended look at several top headlines and how they may impact your business, including breaches at Oracle and a financial services regulator, the effect of continuing budget and staff cuts at federal agencies, and attacks against public utilities. Continuing reading below to see the top cybersecurity stories for April and how they may affect you:
Oracle Cloud Breaches May Have Exposed Millions of Files
Oracle Cloud experienced multiple cyber incidents this year, although the company itself has denied that its greater cloud-based ecosystem is at risk. In an email to customers, Oracle stated “unequivocally” that the OCI (Oracle Cloud Infrastructure), the global network from which its various services are provided from, was itself not compromised and current users should be safe. The attacks ostensibly only affected legacy environments on servers belonging to “Oracle Cloud Classic” and Oracle Health, which are supposedly unconnected to the larger OCI ecosystem.
In both of these cases, the hackers breached the ostensibly legacy servers and gained access to significant volumes of data – up to 6 million records from OCC alone – and demanded a ransom from Oracle on the threat of releasing the files publicly, though the FBI is currently investigating at least the Oracle Health incident. Almost simultaneously with this news was the release of hundreds of security patches by Oracle to address several vulnerabilities found in different systems, including some cloud services.
Also concurrent with these incidents, several government institutions – including the U.S. Army, Department of Agriculture and The National Gallery of Art – announced contracts for cloud-based services from Oracle, even as such spending comes under scrutiny from the current Trump administration (more on that below). Oracle is a near-ubiquitous provider of technology solutions and services between databases and other software systems as well as their cloud environments, present in many popular digital architectures from coding scripts to ERP platforms.
CVE Program for Bug Reporting Avoids Shutdown
MITRE’s Common Vulnerabilities and Exposures (CVE) program, the industry standard for tracking and identifying security vulnerabilities, warned it may be at risk of having to cease operations due to a potential expiration of U.S. government funding on April 16, 2025. Professionals around the world working in cybersecurity, IT, software development and more have relied on these CVE warnings for years to quickly identify and address bugs throughout different systems and networks, preventing exploitation of critical applications by bad actors. As the greater infosec community and media panicked over the implications, CISA (Cybersecurity and Infrastructure Security Agency), the main federal agency in charge of cyberspace security, issued an 11-month contract extension for MITRE mere hours before the deadline.
Though the ostensible information security apocalypse was narrowly avoided at the almost literal 11th hour, there remains the real possibility that the CVE program will lose funding within the next few years. CISA continues to be a prime target of spending and job cuts by the Trump administration and DOGE, and the entire process around the budget reduction has been at best confusing (including rehires of fired or laid off personnel). With accusations against Musk and his team of a fundamental lack of understanding of the cybersecurity demands of government – including a recent whistleblower complaint alleging major negligence – and continuing chaos involving current and former agency staff, it does not seem likely that CISA will survive this current term completely intact, raising the question of who will be in charge of keeping the CVE reporting up and running.
MITRE, a nonprofit organization, is itself essentially a legacy holdover from when the Massachusetts Institute of Technology (MIT) spearheaded the program, and observers have already called for others to take over its responsibilities in a more collaborative methodology. However, this raises its own questions about the future of the program if ownership passes from an ostensibly neutral party funded by the U.S. government to other actors with different obligations, especially given the current global political climate.
Big Banks Stop Disclosing Info After Regulator Hacked
Multiple overlapping cybersecurity news stories wrapped up in one may have sweeping implications for regulation in the industry as several banks react to the fallout of a major breach discovered at the Office of the Comptroller of the Currency (OCC). Part of the U.S. Treasury Department and responsible for overseeing the national banking system (including both domestic and foreign institutions), the OCC reported in early April 2025 that it had uncovered “a major information security incident” after investigations revealed unauthorized access of over 100 email accounts in its network. Both internal and third-party reviews by cybersecurity experts identified sensitive information contained in the compromised messages, which had been accessed by the hackers within at least a year before being discovered by February 2025.
If this incident did not already bring its own wide-reaching implications already, the market reaction just further cemented the severity of the situation, with JPMorgan Chase, the Bank of New York Mellon and Bank of America reportedly “halting” sending information to the OCC. Other banks and credit unions are also reported to be potentially considering responsive action, although these rumors are unconfirmed and the only clear information so far is that Citigroup is continuing to share data under a stricter consent order resulting from a penal decision in 2024.
Though various media outlets indicate that the sharing pause is not total, the response itself creates an interesting precedent within the financial services industry and others. This news comes even as bipartisan efforts try to promote better reporting and data sharing between government and private institutions, highlighting the importance of collaboration and transparency in limiting the damage of cybercrime. However, this incident shows that regulators themselves are not immune to cyber attack, and brings up concerning questions about the responsibilities for protecting shared data.
Hertz Notifies Customers of Data Leaked in Cleo Breach
Car rental agency Hertz notified thousands of their customers in April 2025 that their personal data had been compromised in a 2024 breach against Cleo, a vendor of EDI and managed file transfer systems used by several corporate customers. A ransomware group reportedly leveraged two CVE’s to infiltrate Cleo’s database and access files from their clients, including Hertz and the Kellog cereal company, among many others that are still being confirmed by investigators. Hertz was able to confirm that sensitive information of their own customers was accessed in the breach, including Social Security numbers, government ID numbers, passport information, Medicare or Medicaid IDs, and injury-related information from accident claims.
The ransomware group that asserted responsibility for the attack, called Cl0p, has listed a growing number of different organizations on its website that they have claimed to hold data from, approaching hundreds by April 2025. While Hertz reports that its own internal systems remain secure, the volume of information leaked from Cleo reflects both how widespread personal information travels between various channels and parties, and how easy it is for one weak link in this chain of handlers to cause a compromise that could go unnoticed. This incident highlights why it is important to practice proactive cyber hygiene and regularly check for data that may have leaked onto the Dark Web to limit the damage of a potential future attack.
Crosswalk Hacked to Sound Like Elon Musk & Jeff Bezos
Multiple crosswalk systems in the Silicon Valley area of California and in Seattle, Washington were hacked over the beginning of April 2025, causing the pedestrian crossing signals to broadcast seemingly satirical messages that mimicked the voices of technology billionaires like Elon Musk, Mark Zuckerberg and Jeff Bezos. The Seattle incident specifically featured announcements imitating Bezos, with the hacked signals claiming to be “sponsored by Amazon Prime” and asking the city’s residents to not “tax the rich” or “all the other billionaires will move to Florida too.”
The Bay Area hacks featured similar episodes with Zuckerberg and Musk, though this time directly parodying the latter’s personal habits, saying “[y]ou know they say money can’t buy happiness…” and “[b]ut it can buy a Cybertruck, and that’s pretty sick, right?” The message for the former addressed Meta’s approach to AI implementation with more severity, opening with “[i]t’s normal to feel uncomfortable, or even violated…” and ending with “…there is absolutely nothing you can do to stop it.”
Seattle and California transit authorities are looking further into their respective incidents and inspecting audio systems at other crosswalks to determine the extent of the tampering, with at least five crosswalks affected in the city of Seattle alone. While this compromise seems relatively benign for now, it does reflect the level of vulnerability present in public infrastructure that has been digitized and can be potentially breached from an external network if not secured properly.
Discover More Cybersecurity News for 2025
The stories included with this Recap only scratch the surface of the many cybersecurity developments seen throughout the first leg of the year, with new threats and challenges emerging that could significantly impact your business. The expert team at SWK Technologies will continue to monitor these trends and stay ahead of major shifts – partner with SWK today to take advantage of our award-winning managed services for IT and network security, and ensure your business is prepared for whatever comes next.
Contact SWK here to learn more about the latest cybersecurity trends and what your business needs to do to remain secure against new cyber threats.