Cybersecurity News

Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts

Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating into multiple accounts rapidly across compromised devices," it said. "The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing." A significant chunk of

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is known for deploying the Warlock and LockBit ransomware. The threat actor's use of the security utility was documented by Sophos last month. It's assessed that the attackers

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It's assessed that the malware is being propagated through

Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries

A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. "Storm-2657 is actively targeting a range of U.S.-based organizations, particularly employees in sectors like higher education, to gain access to third-party human resources (HR) software as a service (SaaS) platforms like Workday," the

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11 following a "potential vulnerability" reported by a customer, uncovering "potentially suspicious

The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?

The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how Security Operations Centers (SOCs) detect, respond, and adapt. But not all AI SOC platforms are created equal. From prompt-dependent copilots to autonomous, multi-agent systems, the current market offers

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread phishing campaign codenamed Beamglea targeting more than 135 industrial, technology, and energy

From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability

Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and

CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw

Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday. "We're still assessing the scope of this incident, but we believe it affected dozens of organizations," John Hultquist, chief analyst of

From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware

A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known as GOVERSHELL. "The initially observed campaigns were tailored to the targets, and the messages purported to be sent by senior researchers and analysts from legitimate-sounding, completely

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltrate SMS messages, call logs, notifications, and device information; taking photos with the front

Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks

SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks," the company said. It also noted that it's working to notify all

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More

Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every system that enhances convenience also expands the attack surface. This edition of ThreatsDay Bulletin explores these converging risks and the safeguards that help

SaaS Breaches Start with Tokens - What Security Teams Must Watch

Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies in 2025 rely on a whole range of software-as-a-service (SaaS) applications to run their operations. However, the security of these applications depends on small pieces of data called tokens. Tokens, like

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Russian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country's State Service for Special Communications and Information Protection (SSSCIP) said. "Hackers now employ it not only to generate phishing messages, but some of the malware samples we have analyzed show clear signs of being generated

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site visitors get injected content that was drive-by malware like fake Cloudflare verification," Sucuri researcher Puja Srivastava said in an analysis published last week. The website security company

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave

Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets. The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log injection) to plant a web shell on a web

Step Into the Password Graveyard… If You Dare (and Join the Live Session)

Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak. This Halloween, The Hacker News and Specops Software invite you to a live webinar: “

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem

Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an attempt on the part of the financially motivated threat actors to conduct more effective ransomware attacks, ReliaQuest said in a report shared with The Hacker News. "Announced shortly

Severe Framelink Figma MCP Vulnerability Lets Hackers Execute Code Remotely

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can

No Time to Waste: Embedding AI to Cut Noise and Reduce Risk

Artificial intelligence is reshaping cybersecurity on both sides of the battlefield. Cybercriminals are using AI-powered tools to accelerate and automate attacks at a scale defenders have never faced before. Security teams are overwhelmed by an explosion of vulnerability data, tool outputs, and alerts, all while operating with finite human resources. The irony is that while AI has become a

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator also used several ChatGPT accounts to

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. "The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents," Aryaka Threat Research Labs

Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them

Google's DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company's ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz. DeepMind said the AI agent is designed to be both reactive and

New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise

For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the single largest uncontrolled channel for corporate data

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design is built around a core client and an array of specialized components known as plugins," Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis published last week. "These plugins are

13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely

Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. "An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks

CrowdStrike on Monday said it's attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The malicious activity involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical vulnerability that

New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations

A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, which is known to share links with the

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters—key trends, warning signs, and stories shaping today’s security landscape. Whether you’re defending systems or just keeping up, these highlights help you spot what’s coming

5 Critical Questions For Adopting an AI Security Solution

In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly implementing security measures to protect sensitive data and ensure regulatory compliance. Among these measures, AI-SPM (AI Security Posture Management) solutions have gained traction to secure AI pipelines, sensitive data assets, and the overall AI ecosystem. These solutions help

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

Oracle has released an emergency update to address a critical security flaw in its E-Business Suite software that it said has been exploited in the recent wave of Cl0p data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to compromise and take control of the Oracle

Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand

Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files

A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in ICS calendar files,

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked, triggers the

Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day

Threat intelligence firm GreyNoise disclosed on Friday that it has observed a massive spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% increase in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, the highest level recorded in the last three months. It described the traffic as targeted and structured, and

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That's according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called StarFish. The DNS threat intelligence firm said it has been tracking Detour Dog since August 2023, when

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads

The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been updated to support the ability to collect device and web browser fingerprints, among others. "Rhadamanthys was initially promoted through posts on cybercrime forums, but soon it became clear that the author had a

Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL

Brazilian users have emerged as the target of a new self-propagating malware dubbed SORVEPOTEL that spreads via the popular messaging app WhatsApp. The campaign, codenamed Water Saci by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding the attack is "engineered for speed and propagation" rather than data theft or ransomware. "SORVEPOTEL has

Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security

Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics. Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting

New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT

A threat actor that's known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and StallionRAT. Cybersecurity vendor BI.ZONE is tracking the activity under the moniker Cavalry Werewolf. It's also assessed to have commonalities with clusters tracked as SturgeonPhisher, Silent Lynx, Comrade Saiga,

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution. "

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware

The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. "Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries -- especially in Pakistan – using spear-phishing and malicious documents as initial

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. It was first

Automating Pentest Delivery: 7 Key Workflows for Maximum Impact

Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn’t kept up with today’s fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed off manually to

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More

From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real

Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware

Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. "This activity began on or

How to Close Threat Detection Gaps: Your SOC's Action Plan

Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is to find the real threats fast enough to keep cases from piling up, prevent analyst burnout, and maintain client or leadership confidence. The toughest challenges, however, aren’t the alerts that can be dismissed quickly, but the ones that hide

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second.

ShinyHunters Wage Broad Corporate Extortion Spree

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K. retailers, the London transit system, and healthcare providers in the United States.

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

Bulletproof Host Stark Industries Evades EU Sanctions

In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new data shows those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers.

Microsoft Patch Tuesday, September 2025 Edition

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.

GOP Cries Censorship Over Spam Filters That Work

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder. But according to experts who track daily spam volumes worldwide, WinRed's messages are getting blocked more because its methods of blasting email are increasingly way more spammy than that of ActBlue, the fundraising platform for Democrats.

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We've since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called "Gambler Panel" that bills itself as a "soulless project that is made for profit."

Friday Squid Blogging: Sperm Whale Eating a Giant Squid

Video.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Autonomous AI Hacking and the Future of Cybersecurity

AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything.

Over the summer, hackers proved the concept, industry institutionalized it, and criminals operationalized it. In June, AI company XBOW took the top spot on HackerOne’s US leaderboard after submitting over 1,000 new vulnerabilities in just a few months. In August, the seven teams competing in DARPA’s AI Cyber Challenge ...

Flok License Plate Surveillance

The company Flok is surveilling us as we drive:

A retired veteran named Lee Schmidt wanted to know how often Norfolk, Virginia’s 176 Flock Safety automated license-plate-reader cameras were tracking him. The answer, according to a U.S. District Court lawsuit filed in September, was more than four times a day, or 526 times from mid-February to early July. No, there’s no warrant out for Schmidt’s arrest, nor is there a warrant for Schmidt’s co-plaintiff, Crystal Arrington, whom the system tagged 849 times in roughly the same period.

You might think this sounds like it violates the Fourth Amendment, which protects American citizens from unreasonable searches and seizures without probable cause. Well, so does the American Civil Liberties Union. Norfolk, Virginia Judge Jamilah LeCruise also agrees, and in 2024 she ruled that plate-reader data obtained without a search warrant couldn’t be used against a defendant in a robbery case...

AI-Enabled Influence Operation Against Iran

Citizen Lab has uncovered a coordinated AI-enabled influence operation against the Iranian government, probably conducted by Israel.

Key Findings

A coordinated network of more than 50 inauthentic X profiles is conducting an AI-enabled influence operation. The network, which we refer to as “PRISONBREAK,” is spreading narratives inciting Iranian audiences to revolt against the Islamic Republic of Iran.
While the network was created in 2023, almost all of its activity was conducted starting in January 2025, and continues to the present day.
The profiles’ activity appears to have been synchronized, at least in part, with the military campaign that the Israel Defense Forces conducted against Iranian targets in June 2025. ...

AI in the 2026 Midterm Elections

We are nearly one year out from the 2026 midterm elections, and it’s far too early to predict the outcomes. But it’s a safe bet that artificial intelligence technologies will once again be a major storyline.

The widespread fear that AI would be used to manipulate the 2024 U.S. election seems rather quaint in a year where the president posts AI-generated images of himself as the pope on official White House accounts. But AI is a lot more than an information manipulator. It’s also emerging as a politicized issue. Political first-movers are adopting the technology, and that’s opening a ...

Friday Squid Blogging: Squid Overfishing in the Southwest Atlantic

Article. Report.

Daniel Miessler on the AI Attack/Defense Balance

His conclusion:

Context wins

Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest.

And if you’re on the inside you know what the applications do. You know what’s important and what isn’t. And you can use all that internal knowledge to fix things—hopefully before the baddies take advantage.

Summary and prediction

Attackers will have the advantage for 3-5 years. For less-advanced defender teams, this will take much longer. ...

Use of Generative AI in Scams

New report: “Scam GPT: GenAI and the Automation of Fraud.”

This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and more likely to either perpetuate scams or fall victim to them.

AI-enhanced scams are not merely financial or technological crimes; they also exploit social vulnerabilities whether short-term, like travel, or structural, like precarious employment. This means they require social solutions in addition to technical ones. By examining how scammers are changing and accelerating their methods, we hope to show that defending against them will require a constellation of cultural shifts, corporate interventions, and effective legislation...

Details of a Scam

Longtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Here’s an almost:

Then he added, “Here at Chase, we’ll never ask for your personal information or passwords.” On the contrary, he gave me more information—two “cancellation codes” and a long case number with four letters and 10 digits.

That’s when he offered to transfer me to his supervisor. That simple phrase, familiar from countless customer-service calls, draped a cloak of corporate competence over this unfolding drama. His supervisor. I mean, would a scammer have a supervisor?...

Abusing Notion’s AI Agent for Data Theft

Notion just released version 3.0, complete with AI agents. Because the system contains Simon Willson’s lethal trifecta, it’s vulnerable to data theft though prompt injection.

First, the trifecta:

The lethal trifecta of capabilities is:

Access to your private data—one of the most common purposes of tools in the first place!
Exposure to untrusted content—any mechanism by which text (or images) controlled by a malicious attacker could become available to your LLM
The ability to externally communicate in a way that could be used to steal your data (I often call this “exfiltration” but I’m not confident that term is widely understood.)...

I compared 5G network signals of Verizon, T-Mobile, and AT&T at a baseball stadium - here's the winner

With three Google Pixel 10 Pro phones in hand, here's how each carrier fared as I made my way throughout the stadium.

Prime Day was supposed to kick off holiday shopping, but was more about stocking up on essentials

Christmas is coming, but amid economic uncertainty, only 23% of Amazon Prime Day shoppers bought any gifts. Did you?

Samsung Galaxy Z Fold 7 vs. Google Pixel 10 Pro Fold: We compared the two, and here's the verdict

Samsung's and Google's new foldables cater to different users - here's how to figure out which one best suits you.

Spotty Wi-Fi at home? 5 products I recommend to fix it once and for all

Reliable Wi-Fi is a must in 2025. If you're dealing with an unreliable connection, you've got options. Here are five products we can vouch for.

Ready to ditch your Windows PC? I found a powerful mini PC that's optimized for Linux

The Kubuntu Focus NX Gen 3 ships with one of my favorite Linux distributions preinstalled, and took me two minutes to setup after unboxing.

Get a phone line with unlimited 5G for $25/month from Metro by T-Mobile - here's how

Bring your own number or get a new one from Metro by T-Mobile, and pay just $25 a month when you sign up for AutoPay. Here's what to know.

Yes, your iPhone can track every place you visit - here's how to turn it off

In iOS 26, Maps will prompt you to enable Visited Places so it can record where you've traveled. Here's how to try it - and turn it off later if you change your mind.

Get T-Mobile 5G home internet for $30/month when you bundle with a phone line - here's how

Score T-Mobile's 5G home internet for $20 less per month when you add autopay and a phone line. Read on for more details on how to cash in.

Is this the best smart monitor for home entertainment? My verdict after a week of testing

The HP Omen 32X combines a sharp 4K, 144Hz display with Google TV, allowing it to double as a gaming monitor and smart TV.

The most important Intel Panther Lake updates are the least talked about - I'll explain

I got the first glimpses of Intel's new Core Ultra Series 3 processors, and some of the most impressive features are also the most subtle.

The underdog AI startups on a16z's top 50 list

The VC firm's first-ever AI Application Spending Report reveals illuminating trends about which kinds of AI tools are winning the AI race.

How to get Perplexity Pro free for a year - you have 3 options

You can get free access to this top AI chatbot if you fall into one of three categories.

6 reasons TV captions are a must-have for people under 45 now

If you watch TV with captions on, you're not alone.

iFixit tears down 'the most repairable smartwatch' - and it's not from Apple

Google's Pixel Watch 4 now uses screws instead of adhesive - without compromising the device's waterproofing.

Best Walmart deals to compete with Prime Day: My favorite deals still live from Apple, Samsung, and HP

Amazon Prime Day is over, but Walmart's still got tons of Apple products, headphones, laptops, and more on sale now.

Best Costco deals to compete with Amazon Prime Day 2025: Sales from Apple, LG, and more

Amazon Prime Day has come and gone, but don't miss these deals that are still running on Costco right now.

This weird tech gadget works wonders for cleaning my AirPods Pro 2 - and it's super cheap

Yes, you should be cleaning your earbuds regularly. This cheap little tool makes it easy - and it costs about the same as a coffee.

Can't upgrade your Windows 10 PC? You have 5 days left - and 5 options

Microsoft will end support for its most popular OS in less than a week. Here's what to do with your Windows 10 PCs that fail Microsoft's Windows 11 compatibility tests.

The Roku Streaming Stick Plus was one of my Prime Day favorites - and it's still on sale

The Roku Streaming Stick Plus, still 40% off after October Prime Day, is one of the most affordable ways to refresh your existing TV with smart features.

The Apple AirTag 4-Pack was one of our reader's favorite Prime Day buys, and it's still $35 off

The Apple AirTag 4-pack is still at an all-time low price after Amazon Prime Day - just in time to track your keys, wallets, and luggage during holiday travel.

In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware

Other noteworthy stories that might have slipped under the radar: US universities targeted by payroll pirates, Zimbra vulnerability exploited, Mic-E-Mouse attack.

The post In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware appeared first on SecurityWeek.

Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign

GreyNoise has discovered that attacks exploiting Cisco, Fortinet, and Palo Alto Networks vulnerabilities are launched from the same infrastructure.

The post Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign appeared first on SecurityWeek.

RondoDox Botnet Takes ‘Exploit Shotgun’ Approach

The botnet packs over 50 exploits targeting unpatched routers, DVRs, NVRs, CCTV systems, servers, and other network devices.

The post RondoDox Botnet Takes ‘Exploit Shotgun’ Approach appeared first on SecurityWeek.

Juniper Networks Patches Critical Junos Space Vulnerabilities

Patches were rolled out for more than 200 vulnerabilities in Junos Space and Junos Space Security Director, including nine critical-severity flaws.

The post Juniper Networks Patches Critical Junos Space Vulnerabilities appeared first on SecurityWeek.

ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities

The unpatched vulnerabilities allow attackers to execute arbitrary code remotely and escalate their privileges.

The post ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities appeared first on SecurityWeek.

Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date

Apple has announced significant updates to its bug bounty program, including new categories and target flags.

The post Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date appeared first on SecurityWeek.

Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks

Google researchers believe exploitation may have started as early as July 10 and the campaign hit dozens of organizations.

The post Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks appeared first on SecurityWeek.

Realm.Security Raises $15 Million in Series A Funding

The cybersecurity startup will use the investment to accelerate its product development and market expansion efforts.

The post Realm.Security Raises $15 Million in Series A Funding appeared first on SecurityWeek.

GitHub Copilot Chat Flaw Leaked Data From Private Repositories

Hidden comments allowed full control over Copilot responses and leaked sensitive information and source code.

The post GitHub Copilot Chat Flaw Leaked Data From Private Repositories appeared first on SecurityWeek.

Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day

The company said there is no evidence that confidential client data was stolen from its systems.

The post Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day appeared first on SecurityWeek.

Pro-Russia hacktivist group dies of cringe after falling into researchers' trap

Forescout's phony water plant fooled TwoNet into claiming a fake cyber victory – then it quietly shut up shop

Security researchers say they duped pro-Russia cybercriminals into targeting a fake critical infrastructure organization, which the crew later claimed - via their Telegram group - to be a real-world attack.…

Microsoft warns of 'payroll pirate' crew looting US university salaries

Crooks phish campus staff, slip into HR systems, and quietly reroute paychecks

Microsoft's Threat Intelligence team has sounded the alarm over a new financially-motivated cybercrime spree that is raiding US university payroll systems.…

Cops nuke BreachForums (again) amid cybercrime supergroup extortion blitz

US and French fuzz pull the plug on Scattered Lapsus$ Hunters' latest leak shop targeting Salesforce

US authorities have seized the latest incarnation of BreachForums, the cybercriminal bazaar recently reborn under the stewardship of the so-called Scattered Lapsus$ Hunters, with help from French cyber cops and the Paris prosecutor's office.…

UK techies' union warns members after breach exposes sensitive personal details

Prospect apologizes for cyber gaffe affecting up to 160K members

UK trade union Prospect is notifying members of a breach that involved data such as sexual orientation and disabilities.…

It's trivially easy to poison LLMs into spitting out gibberish, says Anthropic

Just 250 malicious training documents can poison a 13B parameter model - that's 0.00016% of a whole dataset

Poisoning AI models might be way easier than previously thought if an Anthropic study is anything to go on. …

SonicWall breach hits every cloud backup customer after 5% claim goes up in smoke

Affects users regardless of when their backups were created

SonicWall has admitted that all customers who used its cloud backup service to store firewall configuration files were affected by a cybersecurity incident first disclosed in mid-September, walking back earlier assurances that only a small fraction of users were impacted.…

Take this rob and shove it! Salesforce issues stern retort to ransomware extort

CRM giant 'will not engage, negotiate with, or pay' the scumbags

Salesforce won't pay a ransom demand to criminals who claim to have stolen nearly 1 billion customer records and are threatening to leak the data if the CRM giant doesn't pony up some cash.…

Germany slams brakes on EU's Chat Control device-scanning snoopfest

Berlin's opposition likely kills off Brussels' bid to scan everyone's messages

Germany has committed to oppose the EU's controversial "Chat Control" regulations following huge pressure from multiple activists and major organizations.…

Employees regularly paste company secrets into ChatGPT

Microsoft Copilot, not so much

Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they're using the bot without permission.…

Nearly a year after attack, US medical scanning biz gets clear image of stolen patient data

No fraud monitoring and no apology after miscreants make off with medical, financial data

Florida-based Doctors Imaging Group has admitted that the sensitive medical and financial data of 171,862 patients was stolen during the course of a November 2024 cyberattack.…

Police and military radio maker BK Technologies cops to cyber break-in

Florida comms outfit serving cops, firefighters, and the military says hackers pinched some employee data but insists its systems stayed online

BK Technologies, the Florida-based maker of mission-critical radios for US police, fire, and defense customers, has confessed to a cyber intrusion that briefly rattled its IT systems last month.…

OpenAI bans suspected Chinese accounts using ChatGPT to plan surveillance

It also banned some suspected Russian accounts trying to create influence campaigns and malware

OpenAI has banned ChatGPT accounts believed to be linked to Chinese government entities attempting to use AI models to surveil individuals and social media accounts.…

Britain eyes satellite laser warning system and carrier-launched jet drones

Space sensors and UAVs at sea top MoD's list in new wave of cutting-edge projects

The UK is pressing ahead with cutting-edge defense projects, the latest including research to protect satellites from laser attack and a technology demonstrator for a jet-powered drone to operate from Royal Navy carriers.…

UK Home Office opens wallet for £60M automated number plate project

Department eyes new app to tap national ANPR data for live alerts, searches, and integrations

The UK's Home Office is inviting tech suppliers to take part in a £60 million "market engagement" for an application that uses data from automated number plate recognition (ANPR) systems.…

Credential stuffing: £2.31 million fine shows passwords are still the weakest link

How recycled passwords and poor security habits are fueling a cybercrime gold rush

Partner Content If you're still using "password123" for more than one account, there's a good chance you've already exposed yourself to credential stuffing attacks — one of the most prevalent and damaging forms of automated cybercrime today. Just ask the 6.9 million users of 23andMe who discovered their personal details were compromised when cybercriminals used recycled credentials from other breaches to infiltrate their accounts.…

Scattered Lapsus$ Hunters offering $10 in Bitcoin to 'endlessly harass' execs

Crime group claims to have already doled out $1K to those in it 'for money and for the love of the game'

Scattered Lapsus$ Hunters has launched an unusual crowdsourced extortion scheme, offering $10 in Bitcoin to anyone willing to help pressure their alleged victims into paying ransoms.…

Radiant Group won't touch kids' data now, but apparently hospitals are fair game

Ransomware crooks utterly fail to find moral compass

First they targeted a preschool network, now new kids on the ransomware block Radiant Group say they've hit a hospital in the US, continuing their deplorable early cybercrime careers.…

Thieves steal IDs and payment info after data leaks from Discord support vendor

Outsourcing your helpdesk always seems like a good idea – until someone else's breach becomes your problem

Discord has confirmed customers' data was stolen – but says the culprit wasn't its own servers, just a compromised support vendor.…

Jaguar Land Rover engines ready to roar again after weeks-long cyber stall

No confirmed date but workers expected to return in the coming days

Jaguar Land Rover is readying staff to resume manufacturing in the coming days, a company spokesperson confirmed to The Reg.…

Clop crew hits Oracle E-Business Suite users with fresh zero-day

Big Red rushes out patch for 9.8-rated flaw after crooks exploit it for data theft and extortion

Oracle rushed out an emergency fix over the weekend for a zero-day vulnerability in its E-Business Suite (EBS) that criminal crew Clop has already abused for data theft and extortion.…

Leak suggests US government is fibbing over FEMA security failings

Plus, PAN under attack, IT whistleblowers get a payout, and China kills online scammers

Infosec in brief On August 29, the US Federal Emergency Management Agency fired its CISO, CIO, and 22 other staff for incompetence but insisted it wasn't in response to an online attack. New material suggests FEMA's claim may be false.…

Apple ices ICE agent tracker app under government heat

Cupertino yanks ICEBlock citing safety risks for law enforcement

Apple has deep-sixed an app that tracks the movements of US Immigration and Customs Enforcement (ICE) agents – apparently bowing to government pressure.…

Munich Airport chaos after drone sightings spook air traffic control

Overnight shutdown leaves thousands stuck as Oktoberfest crowds stretch city security

Munich Airport was temporarily closed last night following reports of drones buzzing around the area.…

UK government says digital ID won't be compulsory – honest

Even spy-tech biz Palantir says 'steady on' as 2.76M Brits demand it be ditched

The British government has finally given more details about the proposed digital ID project, directly responding to the 2.76 million naysayers that signed an online petition calling for it to be ditched.…

Oracle tells Clop-targeted EBS users to apply July patch, problem solved

Researchers suggest internet-facing portals are exposing 'thousands' of orgs

Oracle has finally broken its silence on those Clop-linked extortion emails, but only to tell customers what they already should have known: patch your damn systems.…

Criminals take Renault UK customer data for a joyride

Names, numbers, and reg plates exposed in latest auto industry cyber-shunt

Renault UK customers are being warned their personal data may be in criminal hands after one of its supplier was hacked.…

Subpoena tracking platform blames outage on AWS social engineering attack

Software maker Kodex said its domain registrar fell for a fraudulent legal order

A software platform used by law enforcement agencies and major tech companies to manage subpoenas and data requests went dark this week after attackers socially engineered AWS into freezing its domain.…

Clop-linked crims shake down Oracle execs with data theft claims

Extortion emails name-drop Big Red's E-Business Suite, though Google and Mandiant yet to find proof of any breach

Criminals with potential links to the notorious Clop ransomware mob are bombarding Oracle execs with extortion emails, claiming to have stolen sensitive data from Big Red's E-Business Suite, according to researchers.…

EU funds are flowing into spyware companies, and politicians are demanding answers

Experts say Commission is ‘fanning the flames’ of the continent’s own Watergate

An arsenal of angry European Parliament members (MEPs) is demanding answers from senior commissioners about why EU subsidies are ending up in the pockets of spyware companies.…

Cybercrims claim raid on 28,000 Red Hat repos, say they have sensitive customer files

570GB of data claimed to be stolen by the Crimson Collective

A hacking crew claims to have broken into Red Hat's private GitLab repositories, exfiltrating some 570GB of compressed data, including sensitive documents belonging to customers. …

US gov shutdown leaves IT projects hanging, security defenders a skeleton crew

The longer the shutdown, the less likely critical IT overhauls happen, ex federal CISO tells The Register

The US government shut down at 1201 ET on October 1, halting non-essential IT modernization and leaving cybersecurity operations to run on skeleton crews.…

'Delightful' root-access bug in Red Hat OpenShift AI allows full cluster takeover

Who wouldn't want root access on cluster master nodes?

A 9.9 out of 10 severity bug in Red Hat's OpenShift AI service could allow a remote attacker with minimal authentication to steal data, disrupt services, and fully hijack the platform.…

Air Force admits SharePoint privacy issue as reports trickle out of possible breach

Uncle Sam can't quit Redmond

Exclusive The US Air Force confirmed it's investigating a "privacy-related issue" amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.…

3.7M breach notification letters set to flood North America's mailboxes

Allianz Life and WestJet lead the way, along with a niche software shop

A trio of companies disclosed data breaches this week affecting approximately 3.7 million customers and employees across North America.…

AI agent hypefest crashing up against cautious leaders, Gartner finds

Only 15% considering deployments and just 7% say it'll replace humans in next four years

Enterprises aren't keen on letting autonomous agents take the wheel amid fears over trust and security as research once again shows that AI hype is crashing against the rocks of reality.…

Imgur yanks Brit access to memes as parent company faces fine

ICO investigation into platform's lack of age assurance continues

The UK's data watchdog has described Imgur's move to block UK users as "a commercial decision" after signaling plans to fine parent company MediaLab.…

Explain digital ID or watch it fizzle out, UK PM Starmer told

Politico avoids the topic at Labour conference speech, homes in on AI instead

UK prime minister Keir Starmer avoided mentioning the mandatory digital ID scheme in his keynote speech to the Labour Party conference amid calls for him to put meat on the bones of the plans or risk it failing fast.…

Schools are swotting up on security yet still flunk recovery when cyberattacks strike

Coursework 'gone forever' as 10% report critical damage

Schools and colleges hit by cyberattacks are taking longer to restore their networks — and the consequences are severe, with students' coursework being permanently lost in some cases.…

Beijing-backed burglars master .NET to target government web servers

‘Phantom Taurus’ created custom malware to hunt secrets across Asia, Africa, and the Middle East

Threat-hunters at Palo Alto Networks’ Unit 42 have decided a gang they spotted two years ago is backed by China, after seeing it sling a new variety of malware.…

Fake North Korean IT workers sneaking into healthcare, finance, and AI

It's not just big tech anymore

The North Korean IT worker threat extends well beyond tech companies, with fraudsters interviewing at a "surprising" number of healthcare orgs, according to Okta Threat Intelligence.…

Tile trackers are a stalker's dream, say Georgia Tech researchers

Plaintext transmissions, fixed MAC addresses, rotating 'unique' IDs, and more, make abuse easy

Tile Bluetooth trackers leak identifying data in plain text, giving stalkers an easy way to track victims despite Life360's security promises, a group of Georgia Tech researchers warns.…

Google bolts AI into Drive to catch ransomware, but crooks not shaking yet

Stopping the spread isn't the same as stopping attacks, period

Google on Tuesday rolled out a new AI tool in Drive for desktop that it says will pause syncing to limit ransomware damage, but it won't stop attacks outright.…

Warnings about Cisco vulns under active exploit are falling on deaf ears

50,000 firewall devices still exposed

Nearly 50,000 Cisco ASA/FTD instances vulnerable to two bugs that are actively being exploited by "advanced" attackers remain exposed to the internet, according to Shadowserver data.…

TMI: How cloud collaboration suites drive oversharing and unmanaged access

Sharing links take seconds to create, but can last for years

Partner Content Seamless collaboration through cloud platforms like Microsoft 365 has radically reshaped the modern workplace. In the span of an hour, you could go from uploading budget proposals to a project channel to live editing a joint presentation with a business partner, all while making lunch plans over Teams. From remote work to video calls, it’s never been easier to connect people, ideas, and information.…

Britain's policing minister punts facial recog nationwide

Met's Croydon cameras hailed as a triumph, guidance to be published later this year

The government is to encourage police forces across England and Wales to adopt live facial recognition (LFR) technology, with a minister praising its use by the London's Metropolitan Police in a suburb in the south of the city.…

£5.5B Bitcoin fraudster pleads guilty after years on the run

Zhimin Qian recruited takeaway worker to launder funds through property overseas

London's Metropolitan Police has secured a "landmark conviction" following a record-busting Bitcoin seizure and seven-year investigation.…

Greg Kroah-Hartman explains the Cyber Resilience Act for open source developers

Impact? Nope, don't worry, be happy, says Linux veteran

Opinion There has been considerable worry about the impact of the European Union's Cyber Resilience Act on open source programmers. Linux stable kernel maintainer Greg Kroah-Hartman says, however, that there won't be much of an impact at all.…

Feds cut funding to program that shared cyber threat info with local governments

The federal government's not the only thing shutting down on Oct. 1

The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday will cut its ties to - and funding for - the Center for Internet Security, a nonprofit that provides free and low-cost cybersecurity services to state and local governments.…

One line of malicious npm code led to massive Postmark email heist

MCP plus open source plus typosquatting equals trouble

A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages to an attacker-controlled address.…

Asahi runs dry as online attackers take down Japanese brewer

No personal info gulped as yet, but don't call for help

Japan's largest brewery biz, Asahi, has shut down distribution systems following an online attack, and local drinkers will just have to make do with stocks as they stand.…

Google Launches AI Bug Bounty with $30,000 Top Reward

Google has introduced a new AI Vulnerability Reward Program offering up to $30,000 for bug discoveries in its AI products

Google: Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit

GTIG highlighted indicators that Clop is behind the extortion campaign targeting Oracle EBS instances, with its activity likely beginning as early as August 9

Pro-Russia Hacktivists “Claim” Attack on Water Utility Honeypot

Forescout said that the TwoNet actor was lured into attacking a honeypot disguised as a water treatment utility, providing insights into the group’s tactics

Researchers Warn of Security Gaps in AI Browsers

A new report from SquareX Labs highlights security weaknesses in AI browsers like Comet, revealing new cyber-risks

ClayRat Spyware Campaign Targets Android Users in Russia

A new ClayRat spyware campaign has been observed targeting Russian users via fake apps on Telegram and exfiltrating data

All SonicWall Cloud Backup Users Have Firewall Configuration Files Stolen

SonicWall said that a threat actor has accessed files containing encrypted credentials and configuration data for all customers who have used its cloud backup service

ICO’s £7.5m Clearview AI Fine a Step Closer After Legal Victory

The ICO has won an Upper Tribunal appeal against Clearview AI over its ability to fine the company

NCSC: Observability and Threat Hunting Must Improve

The UK’s National Cyber Security Centre has released new guidance to help firms improve observability and threat hunting

High Number of Windows 10 Users Remain as End-of-Life Looms

A new report from TeamViewer found that 40% of global endpoints still run Windows 10, just days before security updates and support ends for the operating system

Nezha Tool Used in New Cyber Campaign Targeting Web Applications

A cyber campaign using Nezha has been identified, targeting vulnerable web apps with PHP web shells and Ghost RAT

Digital Fraud Costs Companies Worldwide 7.7% of Annual Revenue

According to TransUnion, digital fraud has cost companies $534bn in losses globally with US business hit hardest

Cyber-Attack Contributes to Huge Sales Drop at JLR

Jaguar Land Rover has reported a 25% drop in volume sales in the three months up to September 30, largely due to the impact of the ongoing cyber incident

OpenVPN redefines secure connectivity with Access Server 3.0

OpenVPN released Access Server 3.0, a major update to its self-hosted business VPN solution that delivers foundational improvements to performance, flexibility, and system integration. While the most visible change is a modernized Admin Web UI, Access Server 3.0 represents far more than just a refreshed interface. This release incorporates customer-requested enhancements that streamline workflows, bring formerly command line-only features into the web console, and expand support for developers through integrated REST API documentation and testing … More →

The post OpenVPN redefines secure connectivity with Access Server 3.0 appeared first on Help Net Security.

Accenture helps organizations advance agentic AI with Gemini Enterprise

Accenture and Google Cloud announced that their strategic alliance is driving client reinvention with Gemini Enterprise agentic AI solutions, building on the successful adoption of Google Cloud technologies for organizations across industries. Accenture is advancing agentic AI with support for Gemini Enterprise, a new agentic platform designed to bring the full power of Google’s AI to every employee and every workflow. With Accenture’s deep experience in cloud and AI technologies, engineering capabilities, and technical expertise … More →

The post Accenture helps organizations advance agentic AI with Gemini Enterprise appeared first on Help Net Security.

Proof launches Certify, the cryptographic answer to AI-generated fraud

Generative AI is enabling the proliferation of fake documents, images, videos, and data at an unprecedented scale, to the point where it’s indistinguishable from reality. While fake media and misinformation have garnered the most attention, the real danger in AI lies in its ability to forge signatures, falsify records, impersonate one’s voice on the phone or fake a person’s likeness on video. Proof’s Certify product enables instantly authorized digital signing of any type of content … More →

The post Proof launches Certify, the cryptographic answer to AI-generated fraud appeared first on Help Net Security.

comforte AG debuts TAMUNIO, its all-in-one shield for data security

comforte AG launched TAMUNIO, a unified data security platform designed to reduce risk, accelerate innovation with cloud and AI, and optimize operational costs for the most demanding enterprises. Built on decades of experience securing mission-critical environments, TAMUNIO integrates the best of comforte’s existing product portfolio with new capabilities designed to help customers manage the digital challenges of today and tomorrow. As they double down on digital transformation to accelerate growth, organizations are seeing their cyber-attack … More →

The post comforte AG debuts TAMUNIO, its all-in-one shield for data security appeared first on Help Net Security.

Apple offers $2 million for zero-click exploit chains

Apple bug bounty program’s categories are expanding and rewards are rising, and zero-click exploit chains may now earn researchers up to $2 million. “Our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can more than double this reward, with a maximum payout in excess of $5 million,” Apple noted. The top rewards in all categories will apply only for issues affecting the company’s latest publicly available software and … More →

The post Apple offers $2 million for zero-click exploit chains appeared first on Help Net Security.

Mobilicom rolls out a secured autonomy system powering next-gen AI drones

Mobilicom launched the Secured Autonomy (SA) Compute PRO-AT, which combines Mobilicom’s OS3 (Operational Security, Safety, and Standards compliance) cybersecurity software with Aitech’s rugged, NVIDIA-based AI Supercomputers, including the A230 Vortex AI GPGPU (general-purpose computing on graphics processing units) supercomputer. By integrating these solutions, Mobilicom expands its offerings for larger and faster drones, including platforms covered in the U.S. Department of Defense Group 2 and 3 UAS category. The SA Compute PRO-AT establishes a new category … More →

The post Mobilicom rolls out a secured autonomy system powering next-gen AI drones appeared first on Help Net Security.

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371)

CVE-2025-11371, an unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by attackers in the wild. While Gladinet is aware of the vulnerability and of its exploitation, a patch is still in the works. In the meantime, users can and should mitigate the flaw by disabling a handler within their installation’s Web.config file. “We have observed in-the-wild exploitation of this vulnerability impacting three customers so far,” … More →

The post Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371) appeared first on Help Net Security.

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft

A lot of classic software is reaching end-of-life (EOL) this month. Windows 10, Office 2016 and Exchange Server 2016 have survived after nearly a decade of service. Not far behind, after six years in existence, comes the end of Office 2019 and Exchange Server 2019. While this Patch Tuesday may be cause for celebration at Microsoft with the final updates for these products, I hope you’ve been following this closely and have already migrated to … More →

The post October 2025 Patch Tuesday forecast: The end of a decade with Microsoft appeared first on Help Net Security.

From theory to training: Lessons in making NICE usable

SMBs may not have big budgets, but they are on the receiving end of many cyberattacks. A new study from Cleveland State University looked at how these companies could train staff without getting lost in the thousands of skills and tasks in the NICE Cybersecurity Workforce Framework. The result is a stripped-down, scenario-based curriculum that may hold lessons for security leaders in much larger enterprises. Shrinking a giant framework The research team asked a simple … More →

The post From theory to training: Lessons in making NICE usable appeared first on Help Net Security.

Securing agentic AI with intent-based permissions

When seatbelts were first introduced, cars were relatively slow and a seatbelt was enough to keep drivers safe in most accidents. But as vehicles became more powerful, automakers had to add airbags, crumple zones, and (eventually) adaptive driver assistance systems that anticipate hazards and avoid collisions. Identity and access management (IAM) is now at a similar inflection point. For decades, action-based permissions have performed the role of the seatbelts of enterprise security, essential guardrails that … More →

The post Securing agentic AI with intent-based permissions appeared first on Help Net Security.

Gamaredon X Turla collab

Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine

Small businesses, big targets: Protecting your business against ransomware

Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises

HybridPetya: The Petya/NotPetya copycat comes with a twist

HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal

Are cybercriminals hacking your systems – or just logging in?

As bad actors often simply waltz through companies’ digital front doors with a key, here’s how to keep your own door locked tight

Preventing business disruption and building cyber-resilience with MDR

Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a prevention-first cybersecurity strategy

Under lock and key: Safeguarding business data with encryption

As the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purpose

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results

This month in security with Tony Anscombe – August 2025 edition

From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity news

Don’t let “back to school” become “back to (cyber)bullying”

Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back

First known AI-powered ransomware uncovered by ESET Research

The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats

"What happens online stays online" and other cyberbullying myths, debunked

Separating truth from fiction is the first step towards making better parenting decisions. Let’s puncture some of the most common misconceptions about online harassment.

The need for speed: Why organizations are turning to rapid, trustworthy MDR

How top-tier managed detection and response (MDR) can help organizations stay ahead of increasingly agile and determined adversaries

Investors beware: AI-powered financial scams swamp social media

Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think.

Supply-chain dependencies: Check your resilience blind spot

Does your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them?

How the always-on generation can level up its cybersecurity game

Digital natives are comfortable with technology, but may be more exposed to online scams and other threats than they think

WinRAR zero-day exploited in espionage attacks against high-value targets

The attacks used spearphishing campaigns to target financial, manufacturing, defense, and logistics companies in Europe and Canada, ESET research finds

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise their targets

Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s?

A sky-high premium may not always reflect your company’s security posture

Android adware: What is it, and how do I get it off my device?

Is your phone suddenly flooded with aggressive ads, slowing down performance or leading to unusual app behavior? Here’s what to do.

Black Hat USA 2025: Policy compliance and the myth of the silver bullet

Who’s to blame when the AI tool managing a company’s compliance status gets it wrong?

Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow?

Success in cybersecurity is when nothing happens, plus other standout themes from two of the event’s keynotes

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

Threat actors are embracing ClickFix, ransomware gangs are turning on each other – toppling even the leaders – and law enforcement is disrupting one infostealer after another

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too much

Why the tech industry needs to stand firm on preserving end-to-end encryption

Restricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activity

This month in security with Tony Anscombe – July 2025 edition

Here's a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025

The hidden risks of browser extensions – and how to stay safe

Not all browser add-ons are handy helpers – some may contain far more than you have bargained for

SharePoint under fire: ToolShell attacks hit organizations worldwide

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks

ToolShell: An all-you-can-eat buffet for threat actors

ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities

Rogue CAPTCHAs: Look out for phony verification pages spreading malware

Before rushing to prove that you're not a robot, be wary of deceptive human verification pages as an increasingly popular vector for delivering malware

Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)

Behind every free online service, there's a price being paid. Learn why your digital footprint is so valuable, and when you might actually be the product.

Unmasking AsyncRAT: Navigating the labyrinth of forks

ESET researchers map out the labyrinthine relationships among the vast hierarchy of AsyncRAT variants

How to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3)

Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.

Task scams: Why you should never pay to get paid

Some schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams.

How government cyber cuts will affect you and your business

Deep cuts in cybersecurity spending risk creating ripple effects that will put many organizations at a higher risk of falling victim to cyberattacks

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024

ESET Threat Report H1 2025: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for organizations in 2025

ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits

ESET experts discuss Sandworm’s new data wiper, relentless campaigns by UnsolicitedBooker, attribution challenges amid tool-sharing, and other key findings from the latest APT Activity Report

This month in security with Tony Anscombe – June 2025 edition

From Australia's new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news

ESET Threat Report H1 2025

A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

BladedFeline: Whispering in the dark

ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig

Don’t let dormant accounts become a doorway for cybercriminals

Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order.

This month in security with Tony Anscombe – May 2025 edition

From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news

Word to the wise: Beware of fake Docusign emails

Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data

Danabot under the microscope

ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure

Danabot: Analyzing a fallen empire

ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation

Lumma Stealer: Down for the count

The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies

ESET takes part in global operation to disrupt Lumma Stealer

Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation

The who, where, and how of APT attacks in Q4 2024–Q1 2025

ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report

ESET APT Activity Report Q4 2024–Q1 2025

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025

Sednit abuses XSS flaws to hit gov't entities, defense companies

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU

Operation RoundPress

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)

Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.

Catching a phish with many faces

Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly

Beware of phone scams demanding money for ‘missed jury duty’

When we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer.

Toll road scams are in overdrive: Here’s how to protect yourself

Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam.

RSAC 2025 wrap-up – Week in security with Tony Anscombe

From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks

This month in security with Tony Anscombe – April 2025 edition

From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity

How safe and secure is your iPhone really?

Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.

Deepfake 'doctors' take to TikTok to peddle bogus cures

Look out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements

How fraudsters abuse Google Forms to spread scams

The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe.

Will super-smart AI be attacking us anytime soon?

What practical AI attacks exist today? “More than zero” is the answer – and they’re getting better.

CapCut copycats are on the prowl

Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead

They’re coming for your data: What are infostealers and how do I stay safe?

Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data

Attacks on the education sector are surging: How can cyber-defenders respond?

Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?

Watch out for these traps lurking in search results

Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results

So your friend has been hacked: Could you be next?

When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.

1 billion reasons to protect your identity online

Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t.

The good, the bad and the unknown of AI: A Q&A with Mária Bieliková

The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us

This month in security with Tony Anscombe – March 2025 edition

From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news

Resilience in the face of ransomware: A key to business survival

Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage

Making it stick: How to get the most out of cybersecurity training

Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near

RansomHub affiliates linked to rival RaaS gangs

ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions

FamousSparrow resurfaces to spy on targets in the US, Latin America

Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time

Shifting the sands of RansomHub’s EDRKillShifter

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play

You will always remember this as the day you finally caught FamousSparrow

ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor

Operation FishMedley

ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON

MirrorFace updates toolset, expands targeting to Europe

The group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure

Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor

ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor

AI's biggest surprises of 2024 | Unlocked 403 cybersecurity podcast (S2E1)

Here's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams

When IT meets OT: Cybersecurity for the physical world

While relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure can’t afford to dismiss the OT threat

Don’t let cybercriminals steal your Spotify account

Listen up, this is sure to be music to your ears – a few minutes spent securing your account today can save you a ton of trouble tomorrow

AI-driven deception: A new face of corporate fraud

Malicious use of AI is reshaping the fraud landscape, creating major new risks for businesses

Kids behaving badly online? Here's what parents can do

By taking time to understand and communicate the impact of undesirable online behavior, you can teach your kids an invaluable set of life lessons for a new digital age

Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights

Take a moment to think beyond our current capabilities and consider what might come next in the grand story of evolution

Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani

Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media

Bernhard Schölkopf: Is AI intelligent? | Starmus highlights

With AI's pattern recognition capabilities well-established, Mr. Schölkopf's talk shifts the focus to a pressing question: what will be the next great leap for AI?

This month in security with Tony Anscombe – February 2025 edition

Ransomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news

Laurie Anderson: Building an ARK | Starmus highlights

The pioneering multi-media artist reveals the creative process behind her stage show called ARK, which challenges audiences to reflect on some of the most pressing issues of our times

Fake job offers target software developers with infostealers

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers

DeceptiveDevelopment targets freelance developers

ESET researchers analyzed a campaign delivering malware bundled with job interview challenges

No, you’re not fired – but beware of job termination scams

Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff

Katharine Hayhoe: The most important climate equation | Starmus highlights

The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action

Gaming or gambling? Lifting the lid on in-game loot boxes

The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down

What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)

Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.

How AI-driven identity fraud is causing havoc

Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back

Neil Lawrence: What makes us unique in the age of AI | Starmus highlights

As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?

Patch or perish: How organizations can master vulnerability management

Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching

Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights

Left unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?

NDSS 2025 – Keynote 1: Quantum Security Unleashed: A New Era for Secure Communications and Systems

Author, Creator & Presenter: Dr. Johanna Sepúlveda PhD, Senior Expert and Technical Domain Manager for Quantum and Quantum-Secure Technologies, Airbus Defence and Space

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.

Permalink

The post NDSS 2025 – Keynote 1: Quantum Security Unleashed: A New Era for Secure Communications and Systems appeared first on Security Boulevard.

Exploring the Concept of Enterprise Security Management

Understand Enterprise Security Management (ESM) and its importance in safeguarding organizations. Explore key components, integration with SSO, and best practices for robust security.

The post Exploring the Concept of Enterprise Security Management appeared first on Security Boulevard.

Is a CIAM Certification Beneficial?

Explore the pros & cons of CIAM certification for authentication & software development. Learn about career benefits, core skills validated, and how it compares to other certifications.

The post Is a CIAM Certification Beneficial? appeared first on Security Boulevard.

News alert: SquareX exposes how AI browsers fall prey to OAuth hijacks and malware traps

PALO ALTO, Calif., Oct. 9, 2025, CyberNewswire — As AI Browsers rapidly gain adoption across enterprises, SquareX has released critical security research exposing major vulnerabilities that could allow attackers to exploit AI Browsers to exfiltrate sensitive data, distribute malware and … (more…)

The post News alert: SquareX exposes how AI browsers fall prey to OAuth hijacks and malware traps first appeared on The Last Watchdog.

The post News alert: SquareX exposes how AI browsers fall prey to OAuth hijacks and malware traps appeared first on Security Boulevard.

Independent Verification of NHI Security: Necessary?

Why Is Independent Verification of Non-Human Identities Crucial for Cybersecurity? When it comes to cybersecurity, how often do organizations think about their machine identities, often overlooked yet vital for robust security protocols? The management of Non-Human Identities (NHIs) is increasingly essential, emphasizing the importance of independent verification. This process ensures that these machine identities remain […]

The post Independent Verification of NHI Security: Necessary? appeared first on Entro.

The post Independent Verification of NHI Security: Necessary? appeared first on Security Boulevard.

How Safe Are Your Non-Human Identities Really?

Are You Harnessing the Full Potential of Non-Human Identities in Your Cloud Security Strategy? Non-human identities (NHIs) are revolutionizing the approach to cybersecurity strategy, particularly for organizations navigating the complexities of cloud environments. But what exactly are NHIs, and how do they fit into broaders of cloud security? Understanding Non-Human Identities: A Critical Component of […]

The post How Safe Are Your Non-Human Identities Really? appeared first on Entro.

The post How Safe Are Your Non-Human Identities Really? appeared first on Security Boulevard.

News alert: Lightship, OpenSSL submit OpenSSL 3.5.4 — with post-quantum crypto on board

NEWARK, N.J., October 9, 2025, CyberNewswire — Lightship Security, an Applus+ Laboratories company and accredited cryptographic security test laboratory, and the OpenSSL Corporation, the co-maintainer of the OpenSSL Library, announce the submission of OpenSSL version 3.5.4 to the … (more…)

The post News alert: Lightship, OpenSSL submit OpenSSL 3.5.4 — with post-quantum crypto on board first appeared on The Last Watchdog.

The post News alert: Lightship, OpenSSL submit OpenSSL 3.5.4 — with post-quantum crypto on board appeared first on Security Boulevard.

Secrets Sprawl is Killing DevOps Speed – Here’s How to Fix It

5 min readHard-coded secrets and credential sprawl slow DevOps teams by hours daily. Learn how identity-based access management eliminates secrets and boosts speed.

The post Secrets Sprawl is Killing DevOps Speed – Here’s How to Fix It appeared first on Aembit.

The post Secrets Sprawl is Killing DevOps Speed – Here’s How to Fix It appeared first on Security Boulevard.

USENIX 2025: From Existential To Existing Risks Of Generative AI: A Taxonomy Of Who Is At Risk, What Risks Are Prevalent, And How They Arise

Creators, Authors and Presenters: Megan Li and Wendy Bickersteth, Carnegie Mellon University And In Collaboration With Ningjing Tang, Jason Hong, Hong Shen, Hoda Heidari, and Lorrie Cranor

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.

Permalink

The post USENIX 2025: From Existential To Existing Risks Of Generative AI: A Taxonomy Of Who Is At Risk, What Risks Are Prevalent, And How They Arise appeared first on Security Boulevard.

Simplifying IAM Migrations: Lessons for Hybrid Enterprises

6 min readStreamline IAM migration from Active Directory to Azure with policy-driven access, workload identity federation, and zero-trust security for hybrid enterprises.

The post Simplifying IAM Migrations: Lessons for Hybrid Enterprises appeared first on Aembit.

The post Simplifying IAM Migrations: Lessons for Hybrid Enterprises appeared first on Security Boulevard.

Windows 11 23H2 Home and Pro reach end of support in 30 days

Microsoft has reminded customers again today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving security updates next month. [...]

Hackers exploiting zero-day in Gladinet file sharing software

Threat actors are exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox products, which allows a local attacker to access system files without authentication. [...]

Cybersecurity For Dummies, 3rd Edition eBook FREE for a Limited Time

In today's hyper-connected world, cyber threats are more sophisticated and frequent than ever - ransomware, data breaches, and social engineering scams, targeting everyone from individuals to Fortune 500 companies. Right now, you can grab "Cybersecurity For Dummies, 3rd Edition" - a $29.99 value - completely FREE for a limited time. [...]

Google Chrome to revoke notification access for inactive sites

Google is updating the Chrome web browser to automatically revoke notification permissions for websites that haven't been visited recently, to reduce alert overload. [...]

Apple now offers $2 million for zero-click RCE vulnerabilities

Apple is announcing a major expansion and redesign of its bug bounty program, doubling maximum payouts, adding new research categories, and introducing a more transparent reward structure. [...]

Copilot on Windows can now connect to email, create Office docs

Microsoft has upgraded its AI-powered Copilot digital assistant to connect to email accounts and generate Office documents from prompt outputs. [...]

From Lab to Leadership: How VMware Certification Transformed My Career

From lab work to leadership — VMware certification can transform your IT career. Learn from VMware User Group (VMUG) how the VMUG Advantage can help you build real skills, gain confidence, and join a global IT community. [...]

FBI takes down BreachForums portal used for Salesforce extortion

The FBI has seized last night all domains for the BreachForums hacking forum operated by the ShinyHunters group mostly as a portal for leaking corporate data stolen in attacks from ransomware and extortion gangs. [...]

New Android spyware ClayRat imitates WhatsApp, TikTok, YouTube

A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. [...]

Microsoft: Hackers target universities in “payroll pirate” attacks

A cybercrime gang tracked as Storm-2657 has been targeting university employees in the United States to hijack salary payments in "pirate payroll" attacks since March 2025. [...]

Hackers now use Velociraptor DFIR tool in ransomware attacks

Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. [...]

Microsoft Defender mistakenly flags SQL Server as end-of-life

Microsoft is working to resolve a known issue that causes its Defender for Endpoint enterprise endpoint security platform to incorrectly tag SQL Server software as end-of-life. [...]

RondoDox botnet targets 56 n-day flaws in worldwide attacks

A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. [...]

A breach every month raises doubts about South Korea’s digital defenses

Known for its blazing fast internet and home to some of the world’s biggest tech giants, South Korea has also faced a string of data breaches and cybersecurity lapses that has struggled to match the pace of its digital ambitions.

Proton releases a new app for two-factor authentication

Proton has a free authenticator app, which is available cross-platform with end-to-end encryption protection for data.

Knox lands $6.5M to compete with Palantir in the federal compliance market

Irina Denisenko, CEO of Knox, launched Knox, a federal managed cloud provider, last year with a mission to help software vendors speed through the FedRAMP security authorization process in just three months, and at a fraction of what it would cost to do it on their own.

Google is adding new device-level features for its Advanced Protection program

At the Android Show, taking place ahead of Google I/O 2025, Google announced that it is adding new device-specific features to its Advanced Protection program, which is designed to protect public figures such as politicians and journalists from different digital threats, with the Android 16 release. The new features include a new way of storing […]

Google announces new security features for Android for protection against scam and theft

At the Android Show on Tuesday, ahead of Google I/O, Google announced new security and privacy features for Android. These new features include new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a […]

A 25-year-old police drone founder just raised $75M led by Index

If you ever call 911 from an area that’s hard to get to, you might hear the buzz of a drone well before a police cruiser pulls up. And there’s a good chance that it will be one made by Brinc Drones, a Seattle-based startup founded by 25-year-old Blake Resnick, who dropped out of college […]

A new security fund opens up to help protect the fediverse

A new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.

How to tell if your online accounts have been hacked

This is a guide on how to check whether someone compromised your online accounts.

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Threat intelligence startup GreyNoise says it has observed a ‘notable resurgence’ in attack activity

US teachers’ union says hackers stole sensitive personal data on over 500,000 members

PSEA says it "took steps to ensure" its stolen data was deleted, suggesting a ransom demand was paid

CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’

Federal court rules U.S. cybersecurity agency must re-hire over 100 former employees

DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts

Affected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning

What PowerSchool won’t say about its data breach affecting millions of students

New details have emerged about PowerSchool's data breach — but here's what PowerSchool still isn't saying.

Hacker accessed PowerSchool’s network months before massive December breach

CrowdStrike says a hacker had access to PowerSchool's internal system as far back as August.

Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations

Unidentified hackers breached NTT Com’s network to steal personal information of employees at thousands of corporate customers

FBI says scammers are targeting US executives with fake BianLian ransom notes

The FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]

UK quietly scrubs encryption advice from government websites

The UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands

Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation

Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape

US said to halt offensive cyber operations against Russia

The reported policy shift comes as the U.S. government signals a change in its threat assessment of Russia

‘Uber for guns’ app Protector lets you hire armed bodyguards like you would an Uber — but does anyone need this?

In a TikTok video with over 3 million views, a woman in a fluffy, maximalist coat sits in the back seat of a luxury SUV, parked in the middle of a New York City street. Atop the 6-second video, a line of text reads, “our bodyguards got us matcha.” The camera zooms in on two […]

KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud

KoDDoS is proud to announce its partnership with MSP Global and CloudFest, two key players in the digital technology and cloud services industry. This collaboration marks an important step toward strengthening ties within the global tech ecosystem, bringing together experts, service providers, and decision-makers to address the cloud’s most strategic challenges. Through this partnership, we … Continue reading KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud

The post KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud appeared first on KoDDoS Blog.

Recap of Our Presence at VivaTech 2025

Our Core Expertise: Offshore Hosting & Advanced Cybersecurity At KoDDoS, we’ve built our reputation on two complementary pillars: 🛡️ Robust Cybersecurity Capabilities For over a decade, we’ve been protecting digital infrastructure with cutting-edge security technologies: 🌐 Resilient and Sovereign Offshore Hosting Our global infrastructure is distributed across strategic offshore data centers in: This setup offers … Continue reading Recap of Our Presence at VivaTech 2025

The post Recap of Our Presence at VivaTech 2025 appeared first on KoDDoS Blog.

KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.

Paris, June 2025 – From June 11 to 14, Paris will once again become the global epicenter of technological innovation with the return of VivaTechnology 2025, held at Paris Expo Porte de Versailles. Bringing together major tech companies, disruptive startups, global investors, and public institutions, the event stands out as a pivotal moment for the … Continue reading KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.

The post KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges. appeared first on KoDDoS Blog.

Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

Video games are more than entertainment; they’re a $200 billion global industry. But as gaming grows, so do cyberattacks. Hackers now see games as goldmines for stealing data, extorting companies, and exploiting players. According to Infosecurity Magazine, Akamai’s 2024 report shows that attacks on gaming platforms are rising alarmingly. In 2024 alone, the industry suffered … Continue reading Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

The post Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe appeared first on KoDDoS Blog.

How Social Media Use Can Create Hidden Cybersecurity Risks

Social media is all around us, helping us stay connected, updated, and entertained. But beneath the endless scroll, a darker reality exists. Hidden cybersecurity threats are growing- some obvious, others much harder to spot. The risks are especially alarming for young users. According to the National Institutes of Health, up to 95% of teens aged … Continue reading How Social Media Use Can Create Hidden Cybersecurity Risks

The post How Social Media Use Can Create Hidden Cybersecurity Risks appeared first on KoDDoS Blog.

KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

From April 1st to 3rd, 2025, KoDDoS, a provider of specialized services in DDoS protection and secure offshore hosting, marked its presence at the InCyber Europe Forum, held at the Lille Grand Palais. A true crossroads of cyber innovation and cooperation, the event is the largest cybersecurity event in Europe. A benchmark event on an … Continue reading KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

The post KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem appeared first on KoDDoS Blog.

Looking back at CloudFest 2025: An essential event for the future of the cloud!

CloudFest is one of the world’s largest cloud computing events. Every year, it brings together the industry’s leading players to discuss the latest technological advancements, emerging trends, and market challenges. In 2025, the event once again cemented its leadership status by providing a dynamic platform for professional exchange and cloud innovation. This edition featured captivating … Continue reading Looking back at CloudFest 2025: An essential event for the future of the cloud!

The post Looking back at CloudFest 2025: An essential event for the future of the cloud! appeared first on KoDDoS Blog.

KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

KoDDoS recently strengthened its commitment to the European tech scene by participating in several major events in France. Our team was honored to be invited to key gatherings in the tech industry, highlighting the importance of innovation and cybersecurity in the evolving digital ecosystem. This strategic tour in Paris allowed us to meet top-tier partners, … Continue reading KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

The post KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris. appeared first on KoDDoS Blog.

KoDDos Will be at CyberShow 2025 in Paris!

The post KoDDos Will be at CyberShow 2025 in Paris! appeared first on KoDDoS Blog.

Technological innovation in the heart of Los Angeles at the CES 2025 🚀

🚀 Cutting-Edge Services KoDDoS has established itself as a key player in the field of high-performance hosting. Specializing in anti-DDoS protection, we ensure unmatched service continuity for our clients in the face of growing threats targeting digital infrastructures. We also invest in groundbreaking technologies, including Web3, blockchain, and the Internet of Things (IoT), providing tailored … Continue reading Technological innovation in the heart of Los Angeles at the CES 2025 🚀

The post Technological innovation in the heart of Los Angeles at the CES 2025 🚀 appeared first on KoDDoS Blog.

Vulnerability Management and Patch Management: How They Work Together

Vulnerability management and patch management are often spoken of in the same breath. Yet they are not the same. Each serves a distinct purpose, and knowing the difference is more than a matter of semantics; it’s a matter of security. Confuse them, and gaps appear. Leave those gaps, and attackers will find them. To build a strong defense, you need to see how these two processes fit together. One scans the horizon for weaknesses. The other arms you with fixes. Both are vital, but neither can do the other’s job. Let’s take a closer look at what they mean, how they differ, and how they work in...

Understanding the OWASP AI Maturity Assessment

Today, almost all organizations use AI in some way. But while it creates invaluable opportunities for innovation and efficiency, it also carries serious risks. Mitigating these risks and ensuring responsible AI adoption relies on mature AI models, guided by governance frameworks. The OWASP AI Maturity Assessment Model (AIMA) is one of the most practical. In this article, we’ll explore what it is, how it compares to other frameworks, and how organizations can use it to assess their AI maturity. What is the OWASP AI Maturity Assessment Model? The OWASP AI Maturity Assessment Model is a...

CISOs Concerned of AI Adoption in Business Environments

UK security leaders are making their voices heard. Four in five want DeepSeek under regulation. They see a tool that promises efficiency but risks chaos. Business is already under pressure. Trade disputes drag on. Interest rates remain high. Cyber threats grow. Every move to expand operations adds risk, and risk is harder to measure when AI enters the equation. AI spreads fast. It cuts costs, fills gaps, and automates mundane tasks. But it also opens hidden doors. In the UK, AI is now part of daily work. A KPMG survey showed that while 69% of employees use it, only 42% trust it. Slightly over...

When It Comes to Breaches, Boards Can’t Hide Behind CISOs Any Longer

A trend that has long been on the rise is finally having its day. A recent industry report revealed that 91% of security professionals believe that ultimate accountability for cybersecurity incidents lies with the board itself, not with CISOs or security managers. If the security discussion hadn’t fully made its way into C-suite conversations before, it has now. The Chartered Institute of Information Security (CIISEC)’s new State of the Security Profession survey checks the pulse of the industry where cybersecurity regulation is concerned. It emerges with one clear, overarching sentiment: “the...

Windows 10 Retirement: A Reminder for Managing Legacy Industrial Control Systems (ICS)

On October 14th, Windows 10 will be retired, and Microsoft will no longer push patches or updates to systems on that operating system. It is crucial for companies to make the jump to Windows 11 now—or risk being exposed to critical vulnerabilities. This is especially important for Industrial Control Systems (ICS), which often run on legacy systems. Failing to transition could mean putting components like PLCs (Programmable Logic Controllers), SCADA (Supervisory Control and Data Aquisition) systems, HMIs (Human-Machine Interfaces) and the critical infrastructure they support at risk. What...

ENISA Will Operate the EU Cybersecurity Reserve. What This Means for Managed Security Service Providers

The European Union is building a new line of defense. On 26 August 2025, the European Commission and the EU Agency for Cybersecurity (ENISA) signed a contribution agreement that hands ENISA the keys to the EU Cybersecurity Reserve. The deal comes with funding: €36 million over three years. ENISA's mission is straightforward, if not simple. It will administer, operate, and monitor the bloc’s emergency cyber response capabilities. Juhan Lepassaar, ENISA’s executive director, said: “Being entrusted with such prominent project, puts ENISA in the limelight as a dependable partner to the European...

Why File Integrity Monitoring (FIM) Is a Must for Compliance — And How to Pick the Right Solution

As Fortra’s new File Integrity Monitoring Buyer’s Guide states, “What was once a security control for simple file changes now ensures integrity across organizations’ entire systems.” The landscape has evolved significantly since Fortra’s Tripwire introduced file integrity monitoring (FIM) over twenty years ago. But that’s exactly why the industry is due for a new look at what makes a FIM solution unique in 2025 — and what you should expect your FIM provider to bring to the table. What Is File Integrity Monitoring? File integrity monitoring was originally developed as a way to make sure nobody...

Times are Changing. How to Future-Proof Your Cybersecurity Career.

Since the floodgates opened in November 2022 (at the arrival of ChatGPT), there has been one question on everyone’s mind: Is AI going to take my job? While the answers range from yes to no to maybe, there are ways to ride the AI wave without being subsumed by it. The way skilled professionals will do that, especially within cybersecurity, all depends on how well they know the industry—and how well they understand the value of their place in it. This blog will focus on the mixed opportunities of AI in the cybersecurity field and the undoable changes it has produced. Given this landscape, it...

Automotive Privacy in California: The UX Benchmark That Could Change Everything

Every modern car is a data machine. It records where you go, when you go, how you drive, and often, who is with you. This information flows quietly from vehicle to manufacturer. In California, the law is clear. The California Consumer Privacy Act ( CCPA) has been in effect since 2020, giving people the right to see, limit, and delete personal data. But a right is only as strong as the tools that allow you to use it. And in the automotive industry, those tools are often hard to find, hard to use, and harder still to understand. That is the starting point of Privacy4Cars’ 2025 Privacy UX...

The CSA AI Controls Matrix: A Framework for Trustworthy AI

The Cloud Security Alliance, a respected non-profit founded in 2008 to pursue cloud security assurance, has now unveiled its Artificial Intelligence Controls Matrix (AICM), a quiet revolution for trustworthy AI. It has come at a time when generative AI and large language models are moving quickly into every sector. These systems can transform business, but they can also fail, or be made to fail. Because of this, trust becomes the measure of success. The AICM is a vendor-agnostic control framework built to help organizations manage AI-specific risks, secure systems, and build AI that can be...

New Stealit Malware Exploits Node.js Extensions to Target Windows Systems

Security researchers have identified a new, active campaign of the Stealit malware that uses an experimental Node.js feature to infect Windows systems. According to a report from FortiGuard Labs, threat actors are leveraging Node.js’s Single Executable Application (SEA) functionality to package and distribute their malicious payloads. This updated tactic marks a shift from previous Stealit […]

The post New Stealit Malware Exploits Node.js Extensions to Target Windows Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Nanoprecise partners with AccuKnox to strengthen its Zero Trust Cloud Security and Compliance Posture

Menlo Park, USA, October 10th, 2025, CyberNewsWire AccuKnox, a leader in Zero Trust Cloud Native Application Protection Platforms (CNAPP), is proud to announce that Nanoprecise has selected AccuKnox to enhance its cloud security, governance, and compliance framework. Nanoprecise is a pioneer predictive maintenance and condition monitoring, and leverages Artificial Intelligence and IoT technologies to deliver […]

The post Nanoprecise partners with AccuKnox to strengthen its Zero Trust Cloud Security and Compliance Posture appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Chaosbot Using CiscoVPN and Active Directory Passwords for Network Commands

Adversaries have once again demonstrated that operational hours are irrelevant when mounting sophisticated cyberattacks. eSentire’s TRU team first observed suspicious activity within a financial services customer’s environment when legitimate CiscoVPN logins coincided with anomalous WMI calls to multiple endpoints. Investigation revealed that an Active Directory account named “serviceaccount” had been abused alongside the VPN access, […]

The post Chaosbot Using CiscoVPN and Active Directory Passwords for Network Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware

A significant uptick in Akira ransomware attacks has been observed exploiting unpatched SonicWall SSL VPN devices between July and August 2025. Despite a patch release the same day, many organizations remained vulnerable, allowing threat actors to gain initial access and deploy Akira’s double-extortion scheme. On August 20, 2025, Darktrace detected anomalous network scanning and reconnaissance […]

The post SonicWall SSL VPN Devices Targeted by Threat Actors to Distribute Akira Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

175 Malicious npm Packages Targeting Tech and Energy Firms, 26,000 Downloads

Socket’s Threat Research Team has uncovered a sprawling phishing campaign—dubbed “Beamglea”—leveraging 175 malicious npm packages that have amassed over 26,000 downloads. These packages serve solely as hosting infrastructure, redirecting victims to credential-harvesting pages. Though randomly named packages make accidental developer installation unlikely, the download counts reflect security researchers, automated scanners, and CDN providers probing the […]

The post 175 Malicious npm Packages Targeting Tech and Energy Firms, 26,000 Downloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

LLM-Powered MalTerminal Malware Uses OpenAI GPT-4 to Create Ransomware Code

LLM-enabled malware poses new challenges for detection and threat hunting as malicious logic can be generated at runtime rather than embedded in code. Our research discovered hitherto unknown samples, and what may be the earliest example known to date of an LLM-enabled malware we dubbed “MalTerminal.” Our methodology also uncovered other offensive LLM applications, including […]

The post LLM-Powered MalTerminal Malware Uses OpenAI GPT-4 to Create Ransomware Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GitHub Copilot Flaw Allows Attackers to Steal Source Code from Private Repositories

A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden prompts in pull requests, attackers could exfiltrate private repository data and control Copilot’s responses, including injecting malicious […]

The post GitHub Copilot Flaw Allows Attackers to Steal Source Code from Private Repositories appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

RondoDox Botnet Targets Over 50 Vulnerabilities to Compromise Routers, CCTV Systems, and Web Servers

The RondoDox campaign’s “exploit shotgun” method leverages over 50 vulnerabilities across more than 30 vendors to infiltrate network devices, highlighting the urgent need for rapid patching and continuous monitoring. The first detected RondoDox intrusion on June 15, 2025, reused a command‐injection vulnerability disclosed at Pwn2Own Toronto 2022: CVE-2023-1389, which targets the WAN interface of TP-Link […]

The post RondoDox Botnet Targets Over 50 Vulnerabilities to Compromise Routers, CCTV Systems, and Web Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ClayRat Android Malware Masquerades as WhatsApp & Google Photos

ClayRat, a rapidly evolving Android spyware campaign, has surged in activity over the past three months, with zLabs researchers observing more than 600 unique samples and 50 distinct droppers. Primarily targeting Russian users, the malware masquerades as popular applications such as WhatsApp, Google Photos, TikTok, and YouTube, luring victims into installing malicious APKs via deceptive […]

The post ClayRat Android Malware Masquerades as WhatsApp & Google Photos appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Gladinet CentreStack and Triofox 0-Day Flaw Under Active Attack

Gladinet CentreStack and Triofox have come under active attack as threat actors exploit an unauthenticated local file inclusion flaw (CVE-2025-11371). The flaw lets attackers read sensitive files without logging in. Once they grab the machine key, they can trigger a view state deserialization bug to run code on the server. There is no official patch […]

The post Gladinet CentreStack and Triofox 0-Day Flaw Under Active Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium

The spyware poses as popular apps like TikTok, and may break free of Russian borders at some point, the researchers say.

The post Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium appeared first on CyberScoop.

Dems introduce bill to halt mass voter roll purges

The bill likely won’t get far in a GOP-controlled Congress, but proponents described it as part of a broader effort to push back through constitutional institutions.

The post Dems introduce bill to halt mass voter roll purges appeared first on CyberScoop.

SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal

The security vendor’s customers have confronted a barrage of actively exploited defects since 2021. The brute-force attack on a company-controlled system underscores broader security pitfalls are afoot.

The post SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal appeared first on CyberScoop.

Sen. Peters tries another approach to extend expired cyber threat information-sharing law

A new bill renames the Cybersecurity Information Sharing Act of 2015 and would make its legal protections retroactive after its lapse.

The post Sen. Peters tries another approach to extend expired cyber threat information-sharing law appeared first on CyberScoop.

Dozens of Oracle customers impacted by Clop data theft for extortion campaign

Researchers said malicious activity dates back to early July and active exploitation was observed two months ago.

The post Dozens of Oracle customers impacted by Clop data theft for extortion campaign appeared first on CyberScoop.

Voting groups ask court for immediate halt to Trump admin’s SAVE database overhaul

In a court filing, the groups argued court action was needed to prevent permanent privacy harm from the government’s “illegal and secretive consolidation of millions of Americans’ sensitive personal data.”

The post Voting groups ask court for immediate halt to Trump admin’s SAVE database overhaul appeared first on CyberScoop.

German government says it will oppose EU mass-scanning proposal

Despite fears from privacy advocates, officials from the ruling party said mass-scanning proposals like Chat Control should be “taboo in a constitutional state.”

The post German government says it will oppose EU mass-scanning proposal appeared first on CyberScoop.

Microsoft pins GoAnywhere zero-day attacks to ransomware affiliate Storm-1175

Multiple researchers and CISA have confirmed active exploitation of the maximum-severity defect. Fortra, the company behind the file-transfer service, remains silent.

The post Microsoft pins GoAnywhere zero-day attacks to ransomware affiliate Storm-1175 appeared first on CyberScoop.

OpenAI: Threat actors use us to be efficient, not make new tools

A new report from the leader in the generative AI boom says AI is being used in existing workflows, instead of to create new ones dedicated to malicious hacking.

The post OpenAI: Threat actors use us to be efficient, not make new tools appeared first on CyberScoop.

Oracle zero-day defect amplifies panic over Clop’s data theft attack spree

The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.

The post Oracle zero-day defect amplifies panic over Clop’s data theft attack spree appeared first on CyberScoop.

CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack

Threat actors are exploiting a zero-day, tracked as CVE-2025-11371 in Gladinet CentreStack and Triofox products. Threat actors are exploiting the local File Inclusion (LFI) flaw CVE-2025-11371, a zero-day in Gladinet CentreStack and Triofox. A local user can exploit the issue to access system files without authentication. Gladinet CentreStack and Triofox are enterprise file-sharing and cloud […]

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

Spain’s Guardia Civil dismantled the cybercrime group “GXC Team” and arrested its 25-year-old Brazilian leader. Spanish Guardia Civil dismantled the “GXC Team” cybercrime group, arresting its 25-year-old Brazilian leader “GoogleXcoder.” The gang sold AI-powered phishing kits, Android malware, and voice-scam tools via Telegram and Russian forums, becoming a major supplier of credential theft tools in […]

Attackers exploit valid logins in SonicWall SSL VPN compromise

Huntress warns of widespread SonicWall SSL VPN breaches, with attackers using valid credentials to access multiple accounts rapidly. Cybersecurity firm Huntress warned of a widespread compromise of SonicWall SSL VPNs, with threat actors using valid credentials to access multiple customer accounts rapidly. “As of October 10, Huntress has observed widespread compromise of SonicWall SSLVPN devices […]

Apple doubles maximum bug bounty to $2M for zero-click RCEs

Apple raised bug bounties to $2M for zero-click RCEs, doubling payouts. Since 2020, it’s paid $35M to 800 researchers. Apple doubled its bug bounty rewards, now offering up to $2 million for zero-click remote code execution flaws. Since 2020, the tech giant has paid $35M to 800 researchers. Apple aims to pay exploit chains comparable […]

Juniper patched nine critical flaws in Junos Space

Juniper fixed nearly 220 flaws in Junos OS, Junos Space, and Security Director, including nine critical bugs in Junos Space. Juniper Networks released patches to address nearly 220 vulnerabilities in Junos OS, Junos Space, and Security Director, including nine critical flaws in Junos Space. One of these flaws, tracked as CVE-2025-59978 (CVSS score of 9.0), […]

Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

Russia-linked actors use AI to craft phishing and malware attacks against entities in Ukraine, says SSSCIP. Russian hackers increasingly use AI in cyberattacks against Ukraine, the country’s State Service for Special Communications and Information Protection (SSSCIP) reported. Beyond AI-generated phishing, some malware samples now show AI-generated code. In H1 2025, Ukraine recorded 3,018 cyber incidents, […]

U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Grafana flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Grafana flaw, tracked as CVE-2021-43798 (CVSS score 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. Grafana is an open-source platform for monitoring and observability. This flaw is a directory traversal vulnerability affecting versions […]

RondoDox Botnet targets 56 flaws across 30+ device types worldwide

RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, CCTV systems, and servers, active globally since June. Trend Micro researchers reported that the RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, NVRs, CCTV systems, and web servers, active globally since June. Experts noted that the latest […]

ClayRat campaign uses Telegram and phishing sites to distribute Android spyware

ClayRat Android spyware targets Russian users via fake Telegram channels and phishing sites posing as popular apps like WhatsApp and YouTube. The ClayRat Android spyware campaign targets Russian users via fake Telegram channels and phishing sites posing as popular apps like Google Photos, WhatsApp, TikTok, YouTube. Zimperium named the spyware ClayRat after its C2 server, […]

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

Threat actors are exploiting a critical flaw, tracked as CVE-2025-5947, in the Service Finder WordPress theme’s Bookings plugin. Threat actors are exploiting a critical vulnerability, tracked as CVE-2025-5947 (CVSS score 9.8), in the Service Finder WordPress theme’s Bookings plugin. The plugin (versions ≤6.0) has an authentication bypass issue allowing attackers to log in as any […]

Bridewell encourages elevating “untapped talent” this Cybersecurity Awareness Month

Bridewell, a cybersecurity provider to CNI organisations, is marking Cybersecurity Awareness Month by encouraging the industry to make cybersecurity careers more accessible to individuals from all backgrounds in order to address the UK’s chronic skills shortage. To lead by example the company has also announced the next intake for its Bridewell Academy on November 10th. […]

The post Bridewell encourages elevating “untapped talent” this Cybersecurity Awareness Month appeared first on IT Security Guru.

How Important are Accessible Website Designs in 2025?

In 2025, the importance of a top-quality and well-functioning website cannot be overstated. Forgetting this is a costly mistake, but an even greater one is failing to ensure that a website is fully functional for everyone. That’s where website accessibility comes in, which is the practice of designing digital experiences to be usable by people […]

The post How Important are Accessible Website Designs in 2025? appeared first on IT Security Guru.

Pro-Russian hacking group snared by Forescout Vedere Labs honeypot

Forescout Vedere Labs published a report exposing how a pro-Russian hacktivist group was duped into thinking they had hacked a European water facility, unaware their target was in fact a carefully crafted honeypot. This “hack” provided Forescout researchers the rare opportunity to see first-hand how these groups look for and exploit weaknesses in critical infrastructure. […]

The post Pro-Russian hacking group snared by Forescout Vedere Labs honeypot appeared first on IT Security Guru.

New research from VerifyLabs.AI highlights the nation’s fears when it comes to deepfakes

As concerns regarding AI-driven fraud, impersonation, and digital deception continue to grow, new research from VerifyLabs.AI has revealed that over a third (35%) of Brits said deepfake nudes (non-consensual intimate imagery) or videos of themselves or their child were what they feared most when it came to deepfakes. This fear was even more pronounced among […]

The post New research from VerifyLabs.AI highlights the nation’s fears when it comes to deepfakes appeared first on IT Security Guru.

Research Finds Budgets, Staffing and Skills Fail to Keep Pace with Rising Cyber Threats

New research by ISACA has found that over a third (39%) of European IT and cybersecurity professionals report that their organisation is experiencing more cybersecurity attacks than this time last year. Yet despite this rising wave of attacks, confidence in organisational readiness remains low, with only 38% of professionals stating they are completely confident in […]

The post Research Finds Budgets, Staffing and Skills Fail to Keep Pace with Rising Cyber Threats appeared first on IT Security Guru.

Research Finds That API Security Blind Spots Could Put AI Agent Deployments at Risk

New research by Salt Security has revealed an alarming disconnect between rapid API adoption and immature security practices, threatening the success of critical AI and automation initiatives. The H2 2025 State of API Security Report shows that, as enterprises race to capitalise on the emerging AI Agent Economy, API security has emerged as a systemic vulnerability […]

The post Research Finds That API Security Blind Spots Could Put AI Agent Deployments at Risk appeared first on IT Security Guru.

Huntress Partners with Sherweb in First Global Distribution Deal to Expand MSP Cybersecurity Reach

Huntress has entered into its first distribution partnership, teaming up with global cloud solutions provider Sherweb to broaden access to its cybersecurity products among managed service providers (MSPs) in North America, Ireland, and the UK. Under the new agreement, all Huntress solutions will be available through the Sherweb Marketplace, giving MSPs access to the company’s […]

The post Huntress Partners with Sherweb in First Global Distribution Deal to Expand MSP Cybersecurity Reach appeared first on IT Security Guru.

Hack The Box introduces Threat Range for cyber incident simulation

Hack The Box (HTB), has announced the launch of HTB’s Threat Range, a team-based cyber incident simulation software that offers operational insights for executives and board members. With AI at its core, the company says this new environment extends HTB’s industry-leading cyber ranges to equip enterprises, government organisations and MSSPs with the necessary skills, tools […]

The post Hack The Box introduces Threat Range for cyber incident simulation appeared first on IT Security Guru.

Over 40% of schools have already experienced AI-related cyber incidents

Keeper Security, the provider of zero-trust and zero-knowledge Privileged Access Management (PAM) software protecting passwords and passkeys, privileged accounts, secrets and remote connections, today released a new research report named AI in Schools: Balancing Adoption with Risk. The study reveals how Artificial Intelligence (AI) is reshaping education – and the growing cybersecurity risks to students, […]

The post Over 40% of schools have already experienced AI-related cyber incidents appeared first on IT Security Guru.

Forescout Vedere Labs research exposes DNS abuse

The Domain Name System [DNS] is like the internet’s address book. It translates everyday web addresses into numeric IPs, allowing people to connect to applications and content. Unfortunately, DNS is also a cybercriminal’s most reliable tool. Fraudsters rely on malicious domains to distribute malware, run command and control (C2) operations and trick victims with convincing […]

The post Forescout Vedere Labs research exposes DNS abuse appeared first on IT Security Guru.

Identity Risk Intelligence – The Missing Piece in Continuous Threat Exposure Management (CTEM)

In today’s cybersecurity landscape, identity is no longer just a credentialing concern; it is the battleground. Modern cyber defenses increasingly need to be identity-centric. With attackers increasingly bypassing traditional defenses...

The post Identity Risk Intelligence – The Missing Piece in Continuous Threat Exposure Management (CTEM) appeared first on Cyber Defense Magazine.

How Chief Technology Officers Can Stay Ahead of Complex Threat Actor Tactics

Cyberattacks are becoming increasingly complex because organizations are more interconnected than ever before while threat actors are better resourced and digital environments are harder to defend. The ability to prevent...

The post How Chief Technology Officers Can Stay Ahead of Complex Threat Actor Tactics appeared first on Cyber Defense Magazine.

Cybersecurity Is Now a Regulatory Minefield: What CISOs Must Know in 2025

There has been an increase in the advent of cyberattacks like never before. The companies are adopting cloud computing, AI-driven tech solutions and IoT technologies, intensifying the chances of data...

The post Cybersecurity Is Now a Regulatory Minefield: What CISOs Must Know in 2025 appeared first on Cyber Defense Magazine.

Data Loss, Monetary Damage, and Reputational Harm: How Unsanctioned AI Hurts Companies and 6 Mitigation Strategies

The emergence of AI represents a workplace revolution, transforming virtually every industry and reshaping the daily experiences and responsibilities of employees. However, like all new technologies, it carries risks. One...

The post Data Loss, Monetary Damage, and Reputational Harm: How Unsanctioned AI Hurts Companies and 6 Mitigation Strategies appeared first on Cyber Defense Magazine.

Security in AI Era: Protecting AI Workloads with Google Cloud

Network Infrastructure & Security are the foundation any day even in the AI era. The evolution of artificial intelligence, along with large language models and generative AI, has made it...

The post Security in AI Era: Protecting AI Workloads with Google Cloud appeared first on Cyber Defense Magazine.

What Security Teams Are Looking for in Identity Management Today

Identity management gives organizations better visibility and control over their identity infrastructure – if they use the right approach. Well regarded cybersecurity thought-leader, Francis Odum recently noted that a company’s identity posture...

The post What Security Teams Are Looking for in Identity Management Today appeared first on Cyber Defense Magazine.

How Can IT Security Professionals Best Navigate the CMMC Maze?

For companies still treating the Cybersecurity Maturity Model Certification (CMMC) as an IT-only concern, the risks are growing. Developed by the U.S. Department of Defense (DoD), CMMC is a comprehensive...

The post How Can IT Security Professionals Best Navigate the CMMC Maze? appeared first on Cyber Defense Magazine.

Breaking Point: Storage & Backup Systems

Surging Cyber Threats: Actively Exploited Vulnerabilities in Storage and Backup Systems Enterprise storage and backup systems have become a high-priority target for cybercriminals. In the last two months alone, there...

The post Breaking Point: Storage & Backup Systems appeared first on Cyber Defense Magazine.

Innovator Spotlight: Singulr AI

The AI Governance Tightrope: Enabling Innovation Without Compromising Security Cybersecurity leaders are facing a critical inflection point. The rapid emergence of artificial intelligence technologies presents both unprecedented opportunities and significant...

The post Innovator Spotlight: Singulr AI appeared first on Cyber Defense Magazine.

AI on the Frontlines: How Agentic AI is Revolutionizing Cyber Defense

Quick Summary: AI agents enable security teams to surge ahead of the most advanced threats using automated decision-making, real time response, and intelligent prioritization of threats on SOC and infrastructure. The cyber...

The post AI on the Frontlines: How Agentic AI is Revolutionizing Cyber Defense appeared first on Cyber Defense Magazine.

Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882

Cybereason is continuing to investigate. Check the Cybereason blog for additional updates.

Last update: Oct 7, 11am EST

Overview and What Cybereason Knows So Far

July 2025, Oracle releases security updates including 309 patches, which included nine that addressed flaws/vulnerabilities in Oracle E-Business Suite (EBS).
July 2025 (end of) through September 2025 (beginning of), Cybereason has assessed based on emerging evidence and ongoing forensic investigations, that CL0P orchestrated an Intrusion Path that allowed for unauthorized access to on-premise, customer-managed Oracle E-Business Suite (EBS) solutions, enumerated accessible and stored data, and conducted data exfiltration.
September 2025 (end of) through October 2025 (beginning of), a widespread orchestrated email extortion campaigns emerged targeting users of on-premise, customer-managed Oracle E-Business Suite (EBS) and requesting contact with CL0P in order to not expose data allegedly exfiltrated.
October 2025 (beginning of), Cybereason is aware of ongoing investigations in which CL0P has provided proof of data. CL0P does not appear to have named new victims associated with this incident as of October 4, 2025.
October 5, 2025, Oracle confirms CVE-2025-61882 in Oracle E-Business Suite (EBS). This vulnerability was remotely exploitable without authentication (i.e., it can be exploited over a network without the need for a username and password). Successful exploitation can lead to remote code execution (RCE).
October 7, 2025, Cybereason confirms earliest evidence of threat actor activity occurred August 9, but is subject to change based on ongoing investigations.

7000+ IRs Later: The 11 Essential Cybersecurity Controls

Cybereason 11 Essential Cybersecurity Controls

Decades in incident response reveal battle-tested cybersecurity controls that minimize attack surface, improve detection and response, reduce incident impact and losses, and build cyber resilience (with compliance mappings for easy implementation).

Behind the Mask of Madgicx Plus: A Chrome Extension Campaign Targeting Meta Advertisers

Cybereason Security Services recently analyzed an investigation into a broader malicious Chrome extension campaign, part of which had been previously documented by DomainTools. While earlier iterations of this campaign involved the impersonation a variety of services, the latest version shifts focus to Meta (Facebook/Instagram) advertisers through a newly crafted lure: “Madgicx Plus,” a fake AI-driven ad optimization platform. Promoted as a tool to streamline campaign management and boost ROI using artificial intelligence, the extension instead delivers potentially malicious functionalities capable of hijacking business sessions, stealing credentials, and compromising Meta Business accounts. Notably, several domains associated with earlier parts of the campaign have been repurposed to promote this new theme, highlighting the operators’ tendency to recycle infrastructure while adapting their social engineering strategy to new targets.

CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities

Cybereason is actively investigating exploitation attempts of these vulnerabilities. Check the Cybereason blog for additional updates.

Key Takeaways

Two zero-day vulnerabilities discovered in on-premise Microsoft SharePoint servers, tracked as CVE‑2025‑53770 and CVE‑2025‑53771.
Affected versions include: Subscription Edition – KB5002768, SharePoint 2019 – KB5002754, SharePoint 2016 – KB5002760.
If exploited, these vulnerabilities could allow for remote code execution (RCE).
Cybereason has observed ongoing active exploitation attempts of these vulnerabilities through our Global SOC monitoring.
With this exploit, we recommend taking an “assume compromised” posture, immediately patching impacted versions, and conducting incident response historical look back.

BlackSuit: A Hybrid Approach with Data Exfiltration and Encryption

Cybereason Security Services issue Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

Deploying NetSupport RAT via WordPress & ClickFix

In May 2025, Cybereason Global Security Operations Center (GSOC) detected that threat actors have been hosting malicious WordPress websites to deliver malicious versions of the legitimate NetSupport Manager Remote Access Tool (RAT).

Introducing the Cybereason TTP Briefing: Frontline Threat Intelligence Insights

Gain insight into the latest attack trends, techniques, and procedures our Incident Response experts are actively facing with the brand new TTP Briefing, a report built on frontline threat intelligence from our global incident response (IR) investigations, enriched by noteworthy detections from our SOC.

Ransomware Gangs Collapse as Qilin Seizes Control

The ransomware landscape is undergoing a turbulent realignment, marked by collapses, takeovers, and unexpected internal betrayals.

Copyright Phishing Lures Leading to Rhadamanthys Stealer Now Targeting Europe

Cybereason issues Threat Alerts to inform customers of emerging impacting threats, critical vulnerabilities and attacker campaigns. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.

Genesis Market - Malicious Browser Extension

Cybereason GSOC has identified a malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023.

How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Soon�

Posted by Sean @ 12:52 GMT

Our "construction project" is progressing nicely.

A work in progress

And it should resolve this…

Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.

On 18/08/15 At 12:52 PM

Work In Progress

Posted by Sean @ 13:25 GMT

Regular readers will have noticed it's been slow here of late.

Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.

On 13/08/15 At 01:25 PM

"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT

Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:

iOS 9 Public Beta 2, Install

And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.

iOS 9 Public, Safari Block Alerts

We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.

On 23/07/15 At 09:53 AM

Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.

seaduke_crossplatform (39k image)
An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.

bastion_z (12k image)
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.

onedrive_z (7k image)
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".

decoy_ndi_small (63k image)
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.

decoy_fax (72k image)
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP

On 22/07/15 At 11:59 AM

'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT

VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.

The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.

On 20/07/15 At 12:40 PM

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:

iosclean.com

Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:

Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.

error1014.com

The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)

On 17/07/15 At 10:15 AM

Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.

overall_stats (11k image)

Here are the stats for each exploit kit:

ek_stats (27k image)

The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:

weekend_wave_stats (22k image)

Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:

angler_vs_hanjuan_urlpattern (9k image)

We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:

anglerek_ht0d_3 (26k image)

HanJuan Flash Exploit:

hanjuanek_ht0d_3 (23k image)

There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.

On 13/07/15 At 12:29 PM

The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT

When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):

hacking_team_client_list (86k image)

Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:

hacking_team_hack_1 (95k image)

hacking_team_hack_2 (72k image)

Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.

Post by – Su Gim

On 08/07/15 At 02:31 AM

Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT

The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.

Wassenaar Arrangement definitions
(Source)

So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.

On 09/06/15 At 01:25 PM

Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT

I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.

_WalkinWiFi

Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean

On 08/06/15 At 01:27 PM

SMS Exploit Messages

Posted by Sean @ 13:56 GMT

There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.

S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:

Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:

Effective Power Unicode iOS hack vs Twitter

On 28/05/15 At 01:56 PM

Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT

In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:

crypt_email (104k image)

When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:

crypt_email_redirect_italy (187k image)

So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:

crypt_email_mal_italy (302k image)

Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:

crypt_email_redirect_spain (74k image)

If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:

crypt_email_target_spain (57k image)

And then to the malware itself:

crypt_email_mal_spain (313k image)

This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor

On 19/05/15 At 03:17 AM

Mac Hack Demonstration

Posted by Sean @ 12:46 GMT

Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.

Don't worry, it's an authorized hack, she asked her mom for permission.

On 15/05/15 At 12:46 PM

Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries. As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

ITDR vs EDR: What are the Key Differences?

Key takeaways: What are the main differences between ITDR, EDR, and other security solutions? How does ITDR provide effective protection against identity-based threats? How to effectively detect and respond to attacks. If there’s one thing the cybersecurity community loves, it’s an acronym. To some extent, this has been the case since the earliest days of cybersecurity. […]

The post ITDR vs EDR: What are the Key Differences? appeared first on Heimdal Security Blog.

What Is Identity Threat Detection and Response?

Key insights: What is identity threat detection and response (ITDR)? What are the differences and similarities between ITDR and EDR? What are the alternatives to ITDR? Identity Threat Detection and Response (ITDR) is a comparatively new term in the cybersecurity scene. It was first coined by Gartner in 2022 and has since become a cornerstone […]

The post What Is Identity Threat Detection and Response? appeared first on Heimdal Security Blog.

Small Business Cybersecurity Statistics in 2025

Small businesses are a big target for cyber criminals. Read our small business statistics rundown to get a true picture of how the sector is being affected in 2025. Until relatively recently, cybercrime wasn’t perceived as a major risk for small businesses. Hackers traditionally focused on larger companies or government bodies with more money and […]

The post Small Business Cybersecurity Statistics in 2025 appeared first on Heimdal Security Blog.

Follow the Money Blueprint For MSP Success (With Dave Sobel)

“If I was starting an MSP today, I am not sure I would start an MSP.” Now that’s a way to grab your attention when opening a podcast. Coming from Dave Sobel, someone who’s been an MSP owner, vendor executive, and now runs The Business of Tech podcast – that’s not a throwaway comment. Dave […]

The post Follow the Money Blueprint For MSP Success (With Dave Sobel) appeared first on Heimdal Security Blog.

Digital doppelgängers: How sophisticated impersonation scams target content creators and audiences

Content creation is no longer niche. Over 50 million Americans earn income by making videos, livestreams, podcasts, or other digital media. Many are full-time creators, while others pursue it as a side hustle. Either way, having an online presence is becoming increasingly risky. Scammers are catching on. In 2024 alone, the Federal Trade Commission’s logged […]

The post Digital doppelgängers: How sophisticated impersonation scams target content creators and audiences appeared first on Heimdal Security Blog.

Heimdal Joins the Tidal Cyber Registry with Its Extended Detection & Response (XDR) Solution

COPENHAGEN, Denmark, September 23, 2025 – We are proud to announce that our Extended Detection & Response (XDR) product has been officially listed on the Tidal Cyber Registry. This listing marks a significant milestone in Heimdal’s commitment to transparency, precision, and proactive threat defense. By integrating with the Tidal Cyber platform, Heimdal enables its customers […]

The post Heimdal Joins the Tidal Cyber Registry with Its Extended Detection & Response (XDR) Solution appeared first on Heimdal Security Blog.

The Ultimate MSP Podcast List

Podcasts are every smart MSP’s secret weapon. They spark ideas, fuel strategy, and keep you in the know, without adding another thing to your to-do list. To save you the scroll, we’ve handpicked the most binge-worthy MSP podcasts of 2025 – shows that bring real talk, fresh insights, and the kind of advice you’ll actually […]

The post The Ultimate MSP Podcast List appeared first on Heimdal Security Blog.

Cyber Essentials Explained – And How Heimdal Helps You Pass and Stay Compliant

Cyber Essentials (CE) is the UK government‑backed baseline for stopping common, internet‑originating attacks. It comes in two levels – Cyber Essentials (self‑assessment, board sign‑off) and Cyber Essentials Plus (the same controls, plus independent testing) – and certification renews annually. In a government‑commissioned study, 99% of internet‑originating vulnerabilities were mitigated when CE controls were in place, […]

The post Cyber Essentials Explained – And How Heimdal Helps You Pass and Stay Compliant appeared first on Heimdal Security Blog.

From Incident Response to Storytelling With Adam Pilton

It’s time to meet the man behind our weekly Threat Brief. Adam spends hours researching the latest threats to find and share solutions with you, and I had the pleasure of sitting down with him for this week’s episode. His 15 years investigating cybercrime as a police officer taught him lessons that directly apply to […]

The post From Incident Response to Storytelling With Adam Pilton appeared first on Heimdal Security Blog.

Top 10 Cybersecurity Companies in Europe

Over the last 10-15 years, the cybersecurity scene has gotten increasingly complex, as organizations adopt new technology and hackers evolve more innovative ways to target them. At the same time, data protection and compliance have become much more stringent across the world. Nowhere is this more true than in Europe. Today’s organizations have an ever-increasing […]

The post Top 10 Cybersecurity Companies in Europe appeared first on Heimdal Security Blog.

Password breach statistics in 2025

At Heimdal we’re constantly monitoring the latest industry alerts, media reports, academic research and government data to keep track of password breaches. It’s a crucial part of our work, and means we can advise our customers on emerging threats. To help you get up to speed, we’ve compiled this collection of some of the most […]

The post Password breach statistics in 2025 appeared first on Heimdal Security Blog.

UK Cybersecurity Statistics for 2025

As Dame Margeret Beckett, a member of the House of Lords recently put it: “The UK has the dubious distinction of being one of the world’s most cyber-attacked nations”. Calculating exactly how many cyber attacks there are per country is extremely difficult (not least because many attacks go unnoticed). But reliable cybersecurity sources estimate the […]

The post UK Cybersecurity Statistics for 2025 appeared first on Heimdal Security Blog.

Heimdal Investigation: European Organizations Hit by PDF Editor Malware Campaign

A Heimdal investigation has revealed that the TamperedChef malware, disguised as free productivity software, has infected endpoints across multiple European organizations. The campaign used advanced obfuscation techniques to evade traditional detection. Heimdal’s Discovery Heimdal Security’s Managed Extended Detection and Response (MXDR) team found TamperedChef infections in 0.03% of its European customer base. The number may […]

The post Heimdal Investigation: European Organizations Hit by PDF Editor Malware Campaign appeared first on Heimdal Security Blog.

Active Threats + The Business Model Shift For MSPs

I sat down with Luis Giraldo from ScalePad — an 18-year MSP veteran who’s now helping other MSPs scale — and he dropped some truth bombs that you should hear. He says that 32% of MSPs are losing money. The ones thriving aren’t just better at managing firewalls. They’ve fundamentally changed how they think about […]

The post Active Threats + The Business Model Shift For MSPs appeared first on Heimdal Security Blog.

Colt Technology Services Breached – Warlock Gang Claims Attack

This week in cyber we’ve got a SaaS breach impacting Workday, a malicious ChatGPT app making the rounds, double trouble for telecom providers, and the takedown of a botnet-for-hire service. Cybersecurity Advisor Adam Pilton is here with useful insights on the attacks and safety advice. Workday SaaS Breach Sparks Third-Party Risk Concerns Workday has confirmed […]

The post Colt Technology Services Breached – Warlock Gang Claims Attack appeared first on Heimdal Security Blog.

ISC Stormcast For Friday, October 10th, 2025 https://isc.sans.edu/podcastdetail/9650, (Fri, Oct 10th)

No summary available.

[Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot, (Thu, Oct 9th)

&#;x26;#;x5b;This is a Guest Diary by Jin Quan Low, an ISC intern as part of the SANS.edu Bachelor&#;x26;#;39;s Degree in Applied Cybersecurity (BACS) program &#;x26;#;x5b;1].]

ISC Stormcast For Thursday, October 9th, 2025 https://isc.sans.edu/podcastdetail/9648, (Thu, Oct 9th)

No summary available.

Polymorphic Python Malware, (Wed, Oct 8th)

Today, I spoted on VirusTotal an interesting Python RAT. They are tons of them but this one attracted my attention based on some function names present in the code: self_modifying_wrapper(), decrypt_and_execute() and polymorph_code(). A polymorphic malware is a type of malware that has been developed to repeatedly mutate its appearance or signature files at every execution time. The file got a very low score of 2/64 on VT! (SHA256:7173e20e7ec217f6a1591f1fc9be6d0a4496d78615cc5ccdf7b9a3a37e3ecc3c).

ISC Stormcast For Wednesday, October 8th, 2025 https://isc.sans.edu/podcastdetail/9646, (Wed, Oct 8th)

No summary available.

Exploit Against FreePBX (CVE-2025-57819) with code execution., (Tue, Oct 7th)

FreePBX is a popular PBX system built around the open source VoIP system Asterisk. To manage Asterisk more easily, it provides a capable web-based admin interface. Sadly, like so many web applications, it has had its share of vulnerabilities in the past. Most recently, a SQL injection vulnerability was found that allows attackers to modify the database.

ISC Stormcast For Tuesday, October 7th, 2025 https://isc.sans.edu/podcastdetail/9644, (Tue, Oct 7th)

No summary available.

Quick and Dirty Analysis of Possible Oracle E-Business Suite Exploit Script (CVE-2025-61882) [UPDATED[, (Mon, Oct 6th)

[Update: I added the server part delivering the payload]

ISC Stormcast For Monday, October 6th, 2025 https://isc.sans.edu/podcastdetail/9642, (Mon, Oct 6th)

No summary available.

ISC Stormcast For Friday, October 3rd, 2025 https://isc.sans.edu/podcastdetail/9640, (Fri, Oct 3rd)

No summary available.

Report: North Korea Expands Its Remote Employment Schemes

North Korea’s fraudulent IT worker schemes have expanded to target nearly every industry that hires remote employees, according to researchers at Okta.

The Hidden Cybersecurity Threat: Securing the Human-AI Relationship

The conversation about AI in cybersecurity is missing the point. While the industry has been focused on the emergence of AI-generated phishing emails, perhaps a far more profound shift has been somewhat ignored.

A TikTok for Deepfakes? OpenAI Could Be Making It a Reality

OpenAI, the people behind ChatGPT, have launched an updated AI video- and audio-generation system with fascinating, and terrifying, implications for the spread of deepfakes.

If You Have Not Realized It, Vishing Is Really Taking Off

Fighting voice-based phishing needs to be a big part of your human risk management (HRM) plan.

Multitasking Employees Are Particularly Vulnerable to Phishing Attacks

Employees who multitask are significantly more vulnerable to phishing attacks, according to a study from the University at Albany published in the European Journal of Information Systems.

Securing the Human-AI Boundary: Why the Future of Cybersecurity Must Train People and AI Agents

The cybersecurity landscape is undergoing its most dramatic transformation since the dawn of the internet.

Cyber Risk Still #1: Why AI Is Raising the Stakes - and the Opportunities

If you’re wondering what keeps business leaders up at night, the latest Aon Global Risk Management Survey has a clear answer: cyber attacks and data breaches. Once again, they top the list as the #1 risk to organizations worldwide — and the problem isn’t getting any smaller. In fact, Aon’s Cyber Risk Report shows incidents jumped 22% in 2025 alone.

New Phishing Campaign Uses AI Tools to Evade Detection

Microsoft warns that a recent phishing campaign used AI technology to obfuscate its payload and evade security filters.

CyberheistNews Vol 15 #40 The Behavioral Science When Your Best People Are Click Magnets

Security Leaders Cite AI-Driven Phishing Attacks as a Top Concern

A new report has found that nearly 40% of security leaders believe their organizations are least prepared for phishing and other social engineering attacks, Help Net Security reports.

News alert: SquareX exposes how AI browsers fall prey to OAuth hijacks and malware traps

The post News alert: SquareX exposes how AI browsers fall prey to OAuth hijacks and malware traps first appeared on The Last Watchdog.

News alert: Lightship, OpenSSL submit OpenSSL 3.5.4 — with post-quantum crypto on board

The post News alert: Lightship, OpenSSL submit OpenSSL 3.5.4 — with post-quantum crypto on board first appeared on The Last Watchdog.

GUEST ESSAY: Why cyber defenses need a framework — and a clearer map of boundaries

In the early years of enterprise computing, isolation had a clear home in the networking domain.

Network isolation meant a strong perimeter that kept internal traffic separate from the external world. Firewalls, VLANs, and DMZs were the primary tools. The … (more…)

The post GUEST ESSAY: Why cyber defenses need a framework — and a clearer map of boundaries first appeared on The Last Watchdog.

News alert: Miggo Security lauded for preventing AI-borne attacks with behavior-aware security

TEL AVIV, Israel, Oct. 8, 2025, CyberNewswire — Miggo Security, pioneer and innovator in Application Detection & Response (ADR) and AI Runtime Defense, today announced it has been recognized as a Gartner Cool Vendor in AI Security.

To … (more…)

The post News alert: Miggo Security lauded for preventing AI-borne attacks with behavior-aware security first appeared on The Last Watchdog.

SHARED INTEL Q&A: Cyber insurance breaches expose resilience gap and need for orchestration

Cybercriminals have a new target in their sights: the insurance industry.

Groups like Scattered Spider are going after carriers directly, disrupting operations and exposing weak links in the very system meant to underwrite cyber … (more…)

The post SHARED INTEL Q&A: Cyber insurance breaches expose resilience gap and need for orchestration first appeared on The Last Watchdog.

News alert: INE Security report finds cyber-IT silos leave teams exposed — cross-training urged

RALEIGH, N.C., Oct. 7, 2025, CyberNewswire – INE Security, a leading provider of cybersecurity training and certifications, today announced the results of a global study examining the convergence of networking and cybersecurity disciplines.

“Wired Together: The Case for … (more…)

The post News alert: INE Security report finds cyber-IT silos leave teams exposed — cross-training urged first appeared on The Last Watchdog.

News Alert: ThreatBook launches ATI platform, targets gaps in Asia-Pacific threat detection

SINGAPORE, Sept. 29, 2025, CyberNewswire — ThreatBook, a global leader in cyber threat intelligence, detection and response, today announced the worldwide launch[1] of ThreatBook Advanced Threat Intelligence (“ThreatBook ATI”).

Spearheaded from its offices in Singapore and Hong Kong, the … (more…)

The post News Alert: ThreatBook launches ATI platform, targets gaps in Asia-Pacific threat detection first appeared on The Last Watchdog.

News alert: Living Security unveils HRMCon 2025 lineup amid 81% human cyber risk visibility gap

Austin, Texas, Sept. 25, 2025, CyberNewswire — Living Security, a global leader in Human Risk Management (HRM), today announced the full speaker lineup for the Human Risk Management Conference (HRMCon 2025), taking place October 20, 2025, at Austin’s Q2 … (more…)

The post News alert: Living Security unveils HRMCon 2025 lineup amid 81% human cyber risk visibility gap first appeared on The Last Watchdog.

News alert: Gcore Radar flags record-breaking DDoS surge — 41% spike in first half of 2025

Luxembourg, Luxembourg, Sept. 25, 2025, CyberNewswire — Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q1-Q2 2025 Radar report into DDoS attack trends.

DDoS attacks have reached unprecedented scale and … (more…)

The post News alert: Gcore Radar flags record-breaking DDoS surge — 41% spike in first half of 2025 first appeared on The Last Watchdog.

News alert: SpyCloud report finds security teams overconfident as identity exposures fuel ransomware

Austin, Texas, September 23rd, 2025, CyberNewsWire — SpyCloud, the leader in identity threat protection, today released the 2025 SpyCloud Identity Threat Report, revealing that while 86% of security leaders report confidence in their ability to prevent identity-based attacks, … (more…)

The post News alert: SpyCloud report finds security teams overconfident as identity exposures fuel ransomware first appeared on The Last Watchdog.

Apple voices concerns over age-check law that could put user privacy at risk

The more sensitive data that companies have to collect and store, the greater the consequences for users if it’s breached.

Your passwords don’t need so many fiddly characters, NIST says

It’s once again time to change your passwords, but if one government agency has its way, this might be the very last time you do it.

Millions of (very) private chats exposed by two AI companion apps

Two AI "girlfriend" apps have blabbed millions of intimate conversations from more than 400,000 users.

Fake VPN and streaming app drops malware that drains your bank account

Mobdro Pro IP TV + VPN hides Klopatra, a new Android Trojan that lets attackers steal banking credentials.

California just put people back in control of their data

California just passed 14 new privacy and AI laws. We’re highlighting a few that give users real control over their personal data.

One stolen iPhone uncovered a network smuggling thousands of devices to China

Turns out Apple’s ‘Find My’ feature isn’t just for when your phone slips down the side of the couch.

Modeling scams see mature models as attractive new prospects

Modeling scammers are reinventing old tricks for the social media age—targeting not just the young, but older adults too.

Is your computer mouse eavesdropping on you?

Researchers have found a method they called Mic-E-Mouse, which turns your computer mouse into a spy that can listen in on your conversations.

“Can you test my game?” Fake itch.io pages spread hidden malware to gamers

One click, total mess. A convincing itch-style page can drop a stealthy stager instead of a game. Here’s how to spot it and what to do if you clicked.

Don’t connect your wallet: Best Wallet cryptocurrency scam is making the rounds

A text message tried to lure us to a fake Best Wallet site posing as an airdrop event to steal our crypto.

Troops and veterans’ personal information leaked in CPAP Medical data breach

The leak exposed the names, Social Security numbers, and health details of more than 90,000 military patients, troops, veterans, and their families.

Discord warns users after data stolen in third-party breach

The stolen data includes names, emails, limited billing information, and some government-ID images.

Phishers target 1Password users with convincing fake breach alert

Attackers are using realistic-looking 1Password emails to trick users into handing over their vault logins.

What’s there to save about social media? (Lock and Code S06E20)

This week on the Lock and Code podcast, we speak with Twitter's first employee, Rabble, about saving the best parts of social media today.

How to set up two-factor authentication (2FA) on your Facebook account

Step-by-step instructions on how to enable 2FA on your Facebook account—for Android, iOS, and via the website.

A week in security (September 29 – October 5)

A list of topics we covered in the week of September 29 to October 5 of 2025

From threats to apology, hackers pull child data offline after public backlash

After posting children’s photos online and issuing ransom demands, cybercriminals targeting Kido nurseries say they’ve erased the stolen data.

Your Meta AI conversations may come back as ads in your feed

Meta has announced it will start using your interactions with its generative AI to serve targeted ads.

Scam Facebook groups send malicious Android malware to seniors

Cybercriminals are targeting older Facebook users with fake community and travel groups that push malicious Android apps.

Sendit tricked kids, harvested their data, and faked messages, FTC claims

Sendit and its CEO are accused of preying on young users—signing them up illegally, misusing their data, and tricking them with bogus messages and hidden fees.

5 Practical Skills You’ll Gain from a GDPR Practitioner Course

Most GDPR (General Data Protection Regulation) compliance failures occur not because people don’t know the law but because they don’t know how to apply its requirements to their everyday working practices. The GDPR Practitioner course bridges that gap by turning legal theory into practical competence, giving learners the confidence to handle real-world data protection challenges – from DPIAs (data protection impact assessments) to data breach response management. Here are five hands-on skills you’ll master on our Practitioner course, plus how each one applies to day-to-day working life. 1. Conducting a DPIA from start to finish Scenario:Your organisation is rolling out

The post 5 Practical Skills You’ll Gain from a GDPR Practitioner Course appeared first on IT Governance Blog.

ISO 27001 Internal vs Lead Auditor Training Compared

Not sure whether to train as an ISO 27001 Internal Auditor or Lead Auditor? You’re not alone – it’s one of the most common questions we hear. This blog post explains what each course covers, who they suit, the core differences between them and how to decide which one is right for you. What the ISO 27001 Internal Auditor course covers The ISO 27001 Internal Auditor course teaches you how to plan and deliver in-house ISMS (information security management system) audits. You learn to test controls against ISO/IEC 27001:2022, record nonconformities and report findings that drive corrective action. It focuses

The post ISO 27001 Internal vs Lead Auditor Training Compared appeared first on IT Governance Blog.

Global Data Breaches and Cyber Attacks in September 2025: Nearly 2 Million Records Exposed and Potentially 1.5 Billion More

Summary Welcome to another monthly round-up of monthly cyber attack and data breach news. September 2025 saw 49 publicly reported cyber attacks and data breaches around the globe. In total, at least 1.98 million records were confirmed to have breached, while attacker claims – particularly those linked to the ongoing Salesforce/Salesloft Drift breach – suggest the true figure may exceed 1.5 billion. The month’s five largest incidents Salesforce/Salesloft Drift campaign (multiple organisations) Stellantis FinWise Bank/American First Finance Harrods Kido International (UK) Trends in September 2025 Key vulnerabilities exploited List of data breaches and cyber attacks disclosed in September 2025 Disclosure Date

The post Global Data Breaches and Cyber Attacks in September 2025: Nearly 2 Million Records Exposed and Potentially 1.5 Billion More appeared first on IT Governance Blog.

Is CISM Worth It? Salary, Career Value & Employer Demand in 2025

The information security sector continues to evolve rapidly, with organisations and individuals forced to frequently re-evaluate their understanding of security threats and how to manage them. One trusted way to ensure professionals are equipped to manage these threats is to look for the CISM (Certified Information Security Manager) qualification. It’s one of the most widely recognised and respected credentials in the field and has often been cited as a proven pathway to senior roles in information security. But does this qualification still hold its value today? Let’s take a look at how CISM stacks up in terms of career progression,

The post Is CISM Worth It? Salary, Career Value & Employer Demand in 2025 appeared first on IT Governance Blog.

5 common GDPR mistakes – and how training can fix them

Most GDPR (General Data Protection Regulation) breaches arise from everyday slip-ups, such as missing DSAR (data subject access request) deadlines, picking the wrong lawful basis for processing, failing to enforce retention periods, keeping inadequate records or misreporting incidents. However, fall short of your compliance obligations – for whatever reason – and you face complaints, investigations, reputational harm, legal action and regulatory enforcement, including fines of up to £17.5 million under the UK GDPR or €20 million under the EU GDPR, or 4% of your annual global turnover – whichever is greater. This blog post sets out five common GDPR compliance

The post 5 common GDPR mistakes – and how training can fix them appeared first on IT Governance Blog.

5 Reasons ISO 27001 Implementations Fail (and How to Avoid Them)

Most ISMS (information security management system) implementation projects don’t fail because of ISO 27001 itself but because of poor planning and execution. Achieving certification to the Standard requires more than policies and procedures: it demands leadership, integration and discipline across the business. Without them, projects stall, resources are wasted and certification is delayed or, worse, unattainable at all. This blog post discusses five of the most common pitfalls organisations face when implementing ISO 27001 – and explains how to avoid them. Pitfall 1 – Poor scoping One of the most frequent mistakes is failing to define the scope of the

The post 5 Reasons ISO 27001 Implementations Fail (and How to Avoid Them) appeared first on IT Governance Blog.

Our Experts’ Views on the Jaguar Land Rover Cyber Attack

JLR (Jaguar Land Rover) was forced to halt production across its three UK plants on 1 September 2025 following a major cyber attack that struck the night before. The disruption affected sites in Solihull, Wolverhampton and Halewood, stopping work for around 30,000 employees and leaving many of the 100,000 people in its supply chain without orders or pay, with some companies warning they were on the brink of collapse. Smaller suppliers in particular have struggled with cash flow, layoffs and workers placed on zero-hour contracts. A survey by the Coventry and Warwickshire Chamber of Commerce suggested one in six businesses

The post Our Experts’ Views on the Jaguar Land Rover Cyber Attack appeared first on IT Governance Blog.

A Guide to the EU GDPR’s Requirements for an EU Representative

This country’s post-Brexit data protection regime, the UK GDPR (General Data Protection Regulation), requires non-UK organisations that process UK residents’ personal data to appoint a representative in the UK. In the same way, the EU GDPR requires non-EEA organisations that process EU residents’ personal data to appoint a representative in the EU. This blog post explains who this requirement applies to – and what they need to do. Who does the EU GDPR apply to? When it took effect in 2018, the EU GDPR significantly reshaped European data protection law. One of the most notable changes it introduced is its

The post A Guide to the EU GDPR’s Requirements for an EU Representative appeared first on IT Governance Blog.

Who Needs ISO 27001 Foundation Training?

ISO 27001 training isn’t just for auditors or security consultants. Indeed, many roles need baseline knowledge of the Standard. If you help to protect information, support audits or manage suppliers, you will benefit. Foundation training teaches you the structure of an ISMS (information security management system), the core requirements in ISO/IEC 27001:2022 and what the Annex A controls cover in practice. It’s short, accessible and accredited, you can study in person or online, and there’s an exam and a recognised certificate on completion. What the Foundation course covers Outcomes Who needs ISO 27001 Foundation training? 1. IT administrators moving into

The post Who Needs ISO 27001 Foundation Training? appeared first on IT Governance Blog.

Human Error and Accidental Data Breaches: Lessons from Recent Cases

According to Verizon’s 2025 DBIR (Data Breach Investigations Report), some 60% of data breaches now involve “the human element” – in other words, errors and non-malicious activity. Failing to use the bcc function when emailing groups of people, accidentally emailing spreadsheets full of unencrypted personal data to entire mailing lists without checking, mistakenly misconfiguring an AWS bucket… each of these simple errors can expose personal information and damage reputations. Recent years have seen several large–scale incidents where accidental disclosure has had significant consequences. These examples show how even organisations with extensive resources and responsibilities can fall victim to basic human

The post Human Error and Accidental Data Breaches: Lessons from Recent Cases appeared first on IT Governance Blog.

How we trained an ML model to detect DLL hijacking

An expert at the Kaspersky AI expertise center explains how the team developed a machine-learning model to identify DLL hijacking attacks.

Detecting DLL hijacking with machine learning: real-world cases

We will tell you how we integrated a DLL Hijacking detection model into the Kaspersky SIEM platform and how it helped us uncover several incidents in their early stages.

Forensic journey: hunting evil within AmCache

Kaspersky experts share insights into how AmCache may prove useful during incident investigation, and provide a command line tool to extract data from this artifact.

Massive npm infection: the Shai-Hulud worm and patient zero

We dissect a recent incident where npm packages with millions of downloads were infected by the Shai-Hulud worm. Kaspersky experts describe the starting point for the source of the infection.

Threat landscape for industrial automation systems in Q2 2025

Kaspersky industrial threat report contains statistics on various malicious objects detected and blocked on ICS computers by Kaspersky solutions in Q2 2025.

RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT

Kaspersky GReAT expert takes a closer look at the RevengeHotels threat actor's new campaign, including AI-generated scripts, targeted phishing, and VenomRAT.

Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers

Kaspersky experts discuss the Model Context Protocol used for AI integration. We describe the MCP's architecture, attack vectors and follow a proof of concept to see how it can be abused.

Notes of cyber inspector: three clusters of threat in cyberspace

This report on cybercrime, hacktivist and APT groups targeting primarily Russian organizations provides an analysis and comparison of their TTPs and divides them into three clusters.

IT threat evolution in Q2 2025. Mobile statistics

The report contains statistics on mobile threats (malware, adware, and unwanted software for Android) for Q2 2025, as well as a description of the most notable malware types identified during the reporting period.

IT threat evolution in Q2 2025. Non-mobile statistics

The report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q2 2025.

About This Website

Cybersecurity News

Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability

CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw

From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More

SaaS Breaches Start with Tokens - What Security Teams Must Watch

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave

Step Into the Password Graveyard… If You Dare (and Join the Live Session)

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem

Severe Framelink Figma MCP Vulnerability Lets Hackers Execute Code Remotely

No Time to Waste: Embedding AI to Cut Noise and Reduce Risk

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers

Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them

New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks

New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

5 Critical Questions For Adopting an AI Security Solution

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

Chinese Cybercrime Group Runs Global SEO Fraud Ring Using Compromised IIS Servers

Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads

Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL

Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security

New "Cavalry Werewolf" Attack Hits Russian Agencies with FoalShell and StallionRAT

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Automating Pentest Delivery: 7 Key Workflows for Maximum Impact

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More

Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware

How to Close Threat Detection Gaps: Your SOC's Action Plan

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

ShinyHunters Wage Broad Corporate Extortion Spree

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

Self-Replicating Worm Hits 180+ Software Packages

Bulletproof Host Stark Industries Evades EU Sanctions

Microsoft Patch Tuesday, September 2025 Edition

18 Popular Code Packages Hacked, Rigged to Steal Crypto

GOP Cries Censorship Over Spam Filters That Work

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

Friday Squid Blogging: Sperm Whale Eating a Giant Squid

Autonomous AI Hacking and the Future of Cybersecurity

Flok License Plate Surveillance

AI-Enabled Influence Operation Against Iran

AI in the 2026 Midterm Elections

Friday Squid Blogging: Squid Overfishing in the Southwest Atlantic

Daniel Miessler on the AI Attack/Defense Balance

Use of Generative AI in Scams

Details of a Scam

Abusing Notion’s AI Agent for Data Theft

I compared 5G network signals of Verizon, T-Mobile, and AT&T at a baseball stadium - here's the winner

Prime Day was supposed to kick off holiday shopping, but was more about stocking up on essentials

Samsung Galaxy Z Fold 7 vs. Google Pixel 10 Pro Fold: We compared the two, and here's the verdict

Spotty Wi-Fi at home? 5 products I recommend to fix it once and for all

Ready to ditch your Windows PC? I found a powerful mini PC that's optimized for Linux

Get a phone line with unlimited 5G for $25/month from Metro by T-Mobile - here's how

Yes, your iPhone can track every place you visit - here's how to turn it off

Get T-Mobile 5G home internet for $30/month when you bundle with a phone line - here's how