Cybersecurity News

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data

Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal personal information from users' memories and chat histories without their knowledge. The seven vulnerabilities and attack techniques, according to Tenable, were found in OpenAI's GPT-4o and GPT-5 models. OpenAI has

Securing the Open Android Ecosystem with Samsung Knox

Raise your hand if you’ve heard the myth, “Android isn’t secure.” Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the security—after all, work data is critical. However, outdated concerns can hold your business back from unlocking its full potential. The truth is, with work happening everywhere, every device connected to your

Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions

A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. "UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the

U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud

The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud. "North Korean state-sponsored hackers steal and launder money to fund the regime's nuclear weapons program," said Under Secretary of

Why SOC Burnout Can Be Avoided: Practical Steps

Behind every alert is an analyst; tired eyes scanning dashboards, long nights spent on false positives, and the constant fear of missing something big. It’s no surprise that many SOCs face burnout before they face their next breach. But this doesn’t have to be the norm. The path out isn’t through working harder, but through working smarter, together. Here are three practical steps every SOC can

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to

A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces

The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. "Since its debut, the group's Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name – a recurring cycle reflecting platform moderation and the operators'

European Authorities Dismantle €600 Million Crypto Fraud Network in Global Sweep

Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million). According to a statement released by Eurojust today, the action took place between October 27 and 29 across Cyprus, Spain, and Germany, with the suspects arrested on charges of involvement in

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli's

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed

Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications," Check Point said in a report shared with The Hacker News. Following responsible disclosure in March

Ransomware Defense Using the Wazuh Open Source Platform

Ransomware is malicious software designed to block access to a computer system or encrypt data until a ransom is paid. This cyberattack is one of the most prevalent and damaging threats in the digital landscape, affecting individuals, businesses, and critical infrastructure worldwide. A ransomware attack typically begins when the malware infiltrates a system through various vectors such as

Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors

Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs obfs4 for

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser crash or memory corruption. The list of vulnerabilities is as follows - CVE-2025-43429 - A buffer overflow

U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks

Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka "Co-Conspirator 1") based in Florida, all U.S. nationals, are said to have used the ransomware strain against a medical

Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel

Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck. According to Secure Annex's John Tuckner, the extension in question, juan-bianco.solidity-vlang (version 0.0.7), was first published on October 31, 2025, as a completely benign library that was subsequently updated to version 0.0.8 on November 1 to

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according to Proofpoint, is said to be collaborating with organized crime groups to break into entities in the

⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More

Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted backups and secure areas were put to the test.

The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations

Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat intelligence needed to quickly verify which alerts are truly malicious. As a result, analysts spend excessive time manually triaging alerts, the

Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data

Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices. According to CYFIRMA, which analyzed three different samples of BankBot-YNRK, the malware incorporates features to sidestep analysis efforts by first checking its running within a virtualized or emulated environment

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a ZIP file ("250908_A_HK이노션

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create an

OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically

OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code. Called Aardvark, the artificial intelligence (AI) company said the autonomous agent is designed to help developers and security teams flag and fix security vulnerabilities at

Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack

A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it's tracking the cluster under the moniker CL-STA-1009, where "CL" stands for cluster and "STA" refers to state-backed motivation. "Airstalk misuses the AirWatch API for mobile device management (MDM), which is now

China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats

A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025. The activity targeted diplomatic organizations in Hungary, Belgium, Italy, and the Netherlands, as well as government agencies in Serbia, Arctic Wolf said in a

China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick. The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month, said that it

The MSP Cybersecurity Readiness Guide: Turning Security into Growth

MSPs are facing rising client expectations for strong cybersecurity and compliance outcomes, while threats grow more complex and regulatory demands evolve. Meanwhile, clients are increasingly seeking comprehensive protection without taking on the burden of managing security themselves. This shift represents a major growth opportunity. By delivering advanced cybersecurity and compliance

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. "By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security

Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery

Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both Microsoft's VS Code Marketplace and Open VSX

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain

A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do

A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway. On another Mac in the same office, file sharing is enabled through an old protocol called SMB version one. It’s fast and

Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month

Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services (RCS), an evolution of the SMS protocol, thereby preventing scams before they could even be sent. In

Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks

The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in C++ QT for

New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. "It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed," Pino said in a

The Death of the Security Checkbox: BAS Is the Power Behind Real Defense

Security doesn’t fail at the point of breach. It fails at the point of impact.  That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It's about proof. When a new exploit drops, scanners scour the internet in minutes. Once attackers gain a foothold,

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s making headlines.

PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first

Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. "These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks," the Qualys Threat Research Unit (TRU) said in a report

New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts

Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attacks. In the attack devised by AI security company SPLX, a bad actor can set up websites that serve different content to browsers and AI crawlers run by ChatGPT and Perplexity. The technique has been

Discover Practical AI Tactics for GRC — Join the Free Expert Webinar

Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC). It's no longer a future concept—it's here, and it's already reshaping how teams operate. AI's capabilities are profound: it's speeding up audits, flagging critical risks faster, and drastically cutting down on time-consuming manual work. This leads to greater efficiency, higher accuracy, and a more

Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc

BeyondTrust’s annual cybersecurity predictions point to a year where old defenses will fail quietly, and new attack vectors will surge. Introduction The next major breach won’t be a phished password. It will be the result of a massive, unmanaged identity debt. This debt takes many forms: it’s the “ghost” identity from a 2015 breach lurking in your IAM, the privilege sprawl from thousands of new

Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics

Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks. The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government entity in the country for a week. The attacks

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems. "The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that harvests

Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack

Threat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and VulnCheck. The vulnerabilities are listed below - CVE-2025-6204 (CVSS score: 8.0) - A code injection vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to

New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves

A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from the trusted execution environment (TEE) in a computer's main processor, including Intel's Software Guard eXtensions (SGX) and Trust Domain Extensions (TDX) and AMD's Secure Encrypted Virtualization with Secure

New Android Trojan 'Herodotus' Outsmarts Anti-Fraud Systems by Typing Like a Human

Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct device takeover (DTO) attacks. "Herodotus is designed to perform device takeover while making first attempts to mimic human behaviour and bypass behaviour biometrics detection," ThreatFabric said in a report shared with

Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains

Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called BlueNoroff, which is also known as APT38,

Why Early Threat Detection Is a Must for Long-Term Business Growth

In cybersecurity, speed isn’t just a win — it’s a multiplier. The faster you learn about emerging threats, the faster you adapt your defenses, the less damage you suffer, and the more confidently your business keeps scaling. Early threat detection isn’t about preventing a breach someday: it’s about protecting the revenue you’re supposed to earn every day. Companies that treat cybersecurity as a

Is Your Google Workspace as Secure as You Think it is?

The New Reality for Lean Security Teams If you’re the first security or IT hire at a fast-growing startup, you’ve likely inherited a mandate that’s both simple and maddeningly complex: secure the business without slowing it down. Most organizations using Google Workspace start with an environment built for collaboration, not resilience. Shared drives, permissive settings, and constant

Chrome Zero-Day Exploited to Deliver Italian Memento Labs' LeetAgent Spyware

The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky. The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as having come under

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody

A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of Donetsk, Ukraine, was previously referenced in U.S. federal charging documents only by his online handle "MrICQ." According to a 13-year-old indictment filed by prosecutors in Nebraska, MrICQ was a developer for a cybercrime group known as "Jabber Zeus."

Aisuru Botnet Shifts from DDoS to Residential Proxies

Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.

Canada Fines Cybercrime Friendly Cryptomus $176M

Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada's anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus's Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which were physically located there.

Email Bombs Exploit Lax Authentication in Zendesk

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.

Patch Tuesday, October 2025 ‘End of 10’ Edition

Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you're running a Windows 10 PC and you're unable or unwilling to migrate to Windows 11, read on for other options.

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second.

ShinyHunters Wage Broad Corporate Extortion Spree

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K. retailers, the London transit system, and healthcare providers in the United States.

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

Bulletproof Host Stark Industries Evades EU Sanctions

In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new data shows those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers.

Scientists Need a Positive Vision for AI

For many in the research community, it’s gotten harder to be optimistic about the impacts of artificial intelligence.

As authoritarianism is rising around the world, AI-generated “slop” is overwhelming legitimate media, while AI-generated deepfakes are spreading misinformation and parroting extremist messages. AI is making warfare more precise and deadly amidst intransigent conflicts. AI companies are exploiting people in the global South who work as data labelers, and profiting from content creators worldwide by using their work without license or compensation. The industry is also affecting an already-roiling climate with its ...

Cybercriminals Targeting Payroll Sites

Microsoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people’s credentials, and then divert direct deposits into accounts that they control. Sometimes they do other things to make it harder for the victim to realize what is happening.

I feel like this kind of thing is happening everywhere, with everything. As we move more of our personal and professional lives online, we enable criminals to subvert the very systems we rely on.

AI Summarization Optimization

These days, the most important meeting attendee isn’t a person: It’s the AI notetaker.

This system assigns action items and determines the importance of what is said. If it becomes necessary to revisit the facts of the meeting, its summary is treated as impartial evidence.

But clever meeting attendees can manipulate this system’s record by speaking more to what the underlying AI weights for summarization and importance than to their colleagues. As a result, you can expect some meeting attendees to use language more likely to be captured in summaries, timing their interventions strategically, repeating key points, and employing formulaic phrasing that AI models are more likely to pick up on. Welcome to the world of AI summarization optimization (AISO)...

Friday Squid Blogging: Giant Squid at the Smithsonian

I can’t believe that I haven’t yet posted this picture of a giant squid at the Smithsonian.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Will AI Strengthen or Undermine Democracy?

Listen to the Audio on NextBigIdeaClub.com

Below, co-authors Bruce Schneier and Nathan E. Sanders share five key insights from their new book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship.

What’s the big idea?

AI can be used both for and against the public interest within democracies. It is already being used in the governing of nations around the world, and there is no escaping its continued use in the future by leaders, policy makers, and legal enforcers. How we wire AI into democracy today will determine if it becomes a tool of oppression or empowerment...

The AI-Designed Bioweapon Arms Race

Interesting article about the arms race between AI systems that invent/design new biological pathogens, and AI systems that detect them before they’re created:

The team started with a basic test: use AI tools to design variants of the toxin ricin, then test them against the software that is used to screen DNA orders. The results of the test suggested there was a risk of dangerous protein variants slipping past existing screening software, so the situation was treated like the equivalent of a zero-day vulnerability.

[…]

Details of that original test are ...

Signal’s Post-Quantum Cryptographic Implementation

Signal has just rolled out its quantum-safe cryptographic implementation.

Ars Technica has a really good article with details:

Ultimately, the architects settled on a creative solution. Rather than bolt KEM onto the existing double ratchet, they allowed it to remain more or less the same as it had been. Then they used the new quantum-safe ratchet to implement a parallel secure messaging system.

Now, when the protocol encrypts a message, it sources encryption keys from both the classic Double Ratchet and the new ratchet. It then mixes the two keys together (using a cryptographic key derivation function) to get a new encryption key that has all of the security of the classical Double Ratchet but now has quantum security, too...

Social Engineering People’s Credit Card Details

Good Wall Street Journal article on criminal gangs that scam people out of their credit card information:

Your highway toll payment is now past due, one text warns. You have U.S. Postal Service fees to pay, another threatens. You owe the New York City Department of Finance for unpaid traffic violations.

The texts are ploys to get unsuspecting victims to fork over their credit-card details. The gangs behind the scams take advantage of this information to buy iPhones, gift cards, clothing and cosmetics.

Criminal organizations operating out of China, which investigators blame for the toll and postage messages, have used them to make more than $1 billion over the last three years, according to the Department of Homeland Security...

Louvre Jewel Heist

I assume I don’t have to explain last week’s Louvre jewel heist. I love a good caper, and have (like many others) eagerly followed the details. An electric ladder to a second-floor window, an angle grinder to get into the room and the display cases, security guards there more to protect patrons than valuables—seven minutes, in and out.

There were security lapses:

The Louvre, it turns out—at least certain nooks of the ancient former palace—is something like an anopticon: a place where no one is observed. The world now knows what the four thieves (two burglars and two accomplices) realized as recently as last week: The museum’s Apollo Gallery, which housed the stolen items, was monitored by a single outdoor camera angled away from its only exterior point of entry, a balcony. In other words, a free-roaming Roomba could have provided the world’s most famous museum with more information about the interior of this space. There is no surveillance footage of the break-in...

First Wap: A Surveillance Computer You’ve Never Heard Of

Mother Jones has a long article on surveillance arms manufacturers, their wares, and how they avoid export control laws:

Operating from their base in Jakarta, where permissive export laws have allowed their surveillance business to flourish, First Wap’s European founders and executives have quietly built a phone-tracking empire, with a footprint extending from the Vatican to the Middle East to Silicon Valley.

It calls its proprietary system Altamides, which it describes in promotional materials as “a unified platform to covertly locate the whereabouts of single or multiple suspects in real-time, to detect movement patterns, and to detect whether suspects are in close vicinity with each other.”...

You can buy retail gift cards on Google Play now - here's how

Google quietly added a hidden gift card shop inside the Play Store. Here's how to find it.

Best early Black Friday gadget deals 2025: Over a dozen sales out early

Black Friday is just weeks away, but I've been searching the web looking for the best gadgets that make great gifts, and I've found some cracking deals for you.

Did your logins just get leaked? How to check online for free (and what to do next)

This is a free service that shows whether your online accounts have likely been 'pwned,' or compromised in a data breach.

You can chat with Google Maps now, thanks to this big AI upgrade - how it works

Google Maps just got four big Gemini-powered upgrades. Here's what's new.

Best early Black Friday Apple deals 2025: 25+ sales out now

Apple deals are already appearing online in the lead-up to Black Friday. These are my favorite Apple sales so far.

These Bluetooth trackers with loops replaced my AirTags (and they get loud)

Apple AirTags are great, but they have their limitations. Chipolo's new Loop trackers can be attached to any item.

Turn your old tech into Amazon gift cards and discounts before Black Friday - here's how

Did you know you can trade in your unused devices for Amazon credit - and get up to 20% off new devices? It's easy.

7 Linux commands I can't live without after 20 years in the terminal

You don't need the Linux terminal - but once you try it, you'll never go back.

Best early Black Friday Samsung deals 2025: 32 sales out now

Black Friday is not far away, and Samsung devices are already on sale. These are my favorite Samsung deals so far, including discounts on smartphones and TVs.

These 15+ Google Docs hacks will supercharge your workflow (and they're free)

From editable PDFs to instant translations, Google Docs is packed with features most people never use.

Best early Black Friday monitor deals 2025: 23 sales out early

If you need a new monitor for your office, home, or gaming setup, these are the best deals in the run-up to Black Friday.

Best early Black Friday power station deals 2025: A dozen sales out early

Black Friday is just weeks away, but I've found some excellent power station deals from EcoFlow, Jackery, and Bluetti that you can shop now.

Best Black Friday VPN deals 2025: Early subscription sales for NordVPN, Surfshark and more

Early Black Friday sales are already available, including cheaper subscriptions to your favorite VPNs. These are the best deals around.

What to expect from Apple's 'cheap' MacBook in 2026 (and how it'll compete with Chromebooks)

Apple could be developing a new, lightweight MacBook with the iPhone's A18 Pro chipset, and at a price that's sure to turn heads.

The brightest flashlights of 2025: We shine a spotlight on our top picks

We tested the brightest flashlights of 2025 for camping, hiking, and blackouts.

This JBL soundbar I tested rivals Bose and Sonos models that cost more - here's how

The JBL Bar 1000MK2 is a true theater-in-a-box - and while its main feature might seem counterintuitive, it performs far better than you'd expect.

I switched my outdoor Bluetooth speakers with this wired system, and the difference was loud and clear

The Polk Audio Atrium 5 speakers pair a sleek, minimalist design with full weatherproofing, delivering crisp, dynamic sound.

This wilderness expert just discovered the survival phone accessory he didn't know he needed

Most modern smartphones are water-resistant, but there are times when I need additional protection. This one does the trick.

Not enough people are talking about the most capable Lenovo laptop right now

The Lenovo Legion 9i is a top-tier gaming laptop that shines in both gaming and creative tasks, but there's more to it.

Your Meta Ray-Bans are getting several video-recording upgrades for free - and Oakley models, too

Smoother and longer video recording is coming to older Meta smart glasses, but there's more to the November firmware update.

Webinar Today: Scattered Spider Exposed – Critical Takeaways for Cyber Defenders

Get practical strategies to help minimize your risk exposure, including the need for identity threat detection and mitigation.

The post Webinar Today: Scattered Spider Exposed – Critical Takeaways for Cyber Defenders appeared first on SecurityWeek.

Flare Raises $30 Million for Threat Exposure Management Platform

The company plans to advance its identity exposure management capabilities and pursue M&A opportunities.

The post Flare Raises $30 Million for Threat Exposure Management Platform appeared first on SecurityWeek.

Armis Raises $435 Million in Pre-IPO Funding Round at $6.1 Billion Valuation

Armis recently surpassed $300 million in annual recurring revenue as it prepares for an IPO.

The post Armis Raises $435 Million in Pre-IPO Funding Round at $6.1 Billion Valuation appeared first on SecurityWeek.

Malanta Emerges from Stealth With $10 Million Seed Funding

Malanta collects and analyzes digital breadcrumbs that attackers leave behind and then forecasts how and when they will be weaponized.

The post Malanta Emerges from Stealth With $10 Million Seed Funding appeared first on SecurityWeek.

ConductorOne Raises $79 Million in Series B Funding

Leveraging AI, ConductorOne’s platform secures and manages millions of human, non-human, and AI identities.

The post ConductorOne Raises $79 Million in Series B Funding appeared first on SecurityWeek.

Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover

The critical vulnerability allows attackers to read arbitrary emails, including password reset messages.

The post Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover  appeared first on SecurityWeek.

Daylight Raises $33 Million for AI-Powered MDR Platform

The funding will fuel the development of Daylight’s security operations platform and the launch of new protection modules.

The post Daylight Raises $33 Million for AI-Powered MDR Platform appeared first on SecurityWeek.

Nikkei Says 17,000 Impacted by Data Breach Stemming From Slack Account Hack

The Japanese media giant says compromised Slack credentials were used to steal employee and business partner information.

The post Nikkei Says 17,000 Impacted by Data Breach Stemming From Slack Account Hack appeared first on SecurityWeek.

Portal26 Raises $9 Million for Gen-AI Adoption Platform

The gen-AI adoption management platform will invest the funds in accelerating growth and product innovations.

The post Portal26 Raises $9 Million for Gen-AI Adoption Platform appeared first on SecurityWeek.

US Sanctions North Korean Bankers Accused of Laundering Stolen Cryptocurrency

The United States has imposed sanctions on a group of bankers, financial institutions and others accused of laundering money from cyber crime schemes.

The post US Sanctions North Korean Bankers Accused of Laundering Stolen Cryptocurrency appeared first on SecurityWeek.

Attackers abuse Gemini AI to develop ‘Thinking Robot’ malware and data processing agent for spying purposes

Meanwhile, others tried to social-engineer the chatbot itself

Nation-state goons and cybercrime rings are experimenting with Gemini to develop a "Thinking Robot" malware module that can rewrite its own code to avoid detection, and build an AI agent that tracks enemies' behavior, according to Google Threat Intelligence Group.…

M&S pegs cyberattack cleanup costs at £136M as profits slump

Retailer's tech systems aren’t down anymore, but the same can’t be said for its rocky financials

Marks & Spencer says its April cyberattack will cost around £136 million ($177.2 million) in total.…

Famed software engineer DJB tries Fil-C… and likes what he sees

A ‘three-letter person’ experiments with the new type-safe C, and is impressed

Famed mathematician, cryptographer and coder Daniel J. Bernstein has tried out the new type-safe C/C++ compiler, and he's given it a favorable report.…

UK agri dept spent hundreds of millions upgrading to Windows 10 – just in time for end of support

After a £312M upgrade to the retiring OS, Defra still has 24,000 devices to replace

The UK's Department for Environment, Food & Rural Affairs (Defra) has spent £312 million (c $407 million) modernizing its IT estate, including replacing tens of thousands of Windows 7 laptops with Windows 10 – which officially reached end of support last month.…

Uncle Sam wants to scan your iris and collect your DNA, citizen or not

DHS rule would expand biometric collection to immigrants and some citizens linked to them

If you're filing an immigration form - or helping someone who is - the Feds may soon want to look in your eyes, swab your cheek, and scan your face. The US Department of Homeland Security wants to greatly expand biometric data collection for immigration applications, covering immigrants and even some US citizens tied to those cases.…

Russian spies pack custom malware into hidden VMs on Windows machines

Curly COMrades strike again

Russia's Curly COMrades is abusing Microsoft's Hyper-V hypervisor in compromised Windows machines to create a hidden Alpine Linux-based virtual machine that bypasses endpoint security tools, giving the spies long-term network access to snoop and deploy malware.…

Consumer Financial Protection Bureau's security falls apart amid layoffs

Security program fails to meet federal standards as government cuts drain resources

The infosec program run by the US' Consumer Financial Protection Bureau (CFPB) "is not effective," according to a fresh audit published by the Office of the Inspector General (OIG).…

Invasion of the message body snatchers! Teams flaw allowed crims to impersonate the boss

Check Point lifts lid on a quartet of Teams vulns that made it possible to fake the boss, forge messages, and quietly rewrite history

Microsoft Teams, one of the world's most widely used collaboration tools, contained serious, now-patched vulnerabilities that could have let attackers impersonate executives, rewrite chat history, and fake notifications or calls – all without users suspecting a thing.…

Cybercrooks getting violent more often to secure big payouts in Europe

France-based victims hit especially hard, while UK named most-targeted country generally

Researchers are seeing a "dramatic" increase in cybercrime involving physical violence across Europe, with at least 18 cases reported since the start of the year.…

OpenAI API moonlights as malware HQ in Microsoft’s latest discovery

Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel

Hackers have found a new use for OpenAI's Assistants API – not to write poems or code, but to secretly control malware.…

China's president Xi Jinping jokes about backdoors in Xiaomi smartphones

South Korea's president laughed, so perhaps it was funny? Unlike China's censorship and snooping

Chinese president Xi Jinping has joked that smartphones from Xiaomi might include backdoors.…

AN0M, the backdoored ‘secure’ messaging app for criminals, is still producing arrests after four years

55 cuffed last week after court ruled sting operation was legal

Australian police last week made 55 arrests using evidence gathered with a backdoored messaging app that authorities distributed in the criminal community.…

MIT Sloan quietly shelves AI ransomware study after researcher calls BS

Even AI has doubts about the claim that '80% of ransomware attacks are AI-driven'

Do 80 percent of ransomware attacks really come from AI? MIT Sloan has now withdrawn a working paper that made that eyebrow-raising claim after criticism from security researcher Kevin Beaumont.…

Ransomware negotiator, pay thyself!

Rogues committed extortion while working for infosec firms

A ransomware negotiator and an incident response manager at two separate cybersecurity firms have been indicted for allegedly carrying out ransomware attacks of their own against multiple US companies.…

AWS, Nvidia, CrowdStrike seek security startups to enter the arena

Last year's winner scored a $65M funding round on a $300M valuation

Cloud and AI security startups have two weeks to apply for a program that fast-tracks access to investors and mentors from Amazon Web Services, CrowdStrike, and Nvidia.…

Cybercrooks team up with organized crime to steal pricey cargo

Old-school cargo heists reborn in the cyber age

Cybercriminals are increasingly orchestrating lucrative cargo thefts alongside organized crime groups (OCGs) in a modern-day resurgence of attacks on freight companies.…

Metropolitan Police hails facial recognition tech after record year for arrests

But question marks remain over the tech’s biases

London's Metropolitan Police Service (MPS) says the hundreds of live facial recognition (LFR) deployments across the Capital last year led to 962 arrests, according to a new report on the controversial tech's use.…

The race to shore up Europe’s power grids against cyberattacks and sabotage

Ukraine first to demo open source security platform to isolate incidents, stop lateral movement

Feature  It was a sunny morning in late April when a massive power outage suddenly rippled across Spain, Portugal, and parts of southwestern France, leaving tens of millions of people without electricity for hours.…

Attackers targeting unpatched Cisco kit notice malware implant removal, install it again

PLUS: Cyber-exec admits selling secrets to Russia; LastPass isn't checking to see if you're dead; Nation-state backed Windows malware; and more

Infosec in brief  Australia’s Signals Directorate (ASD) last Friday warned that attackers are installing an implant named “BADCANDY” on unpatched Cisco IOS XE devices and can detect deletion of their wares and reinstall their malware.…

Russia finally bites the cybercrooks it raised, arresting suspected Meduza infostealer devs

Rare case of the state turning on its own, but researchers say it may be doing so more often

Russia's Interior Ministry says police have arrested three suspects it believes helped build and spread the Meduza infostealer.…

Attackers dig up $11M in Garden Finance crypto exploit

Bitcoin bridge biz offers 10 percent reward to attackers if they play nice

Blockchain company Garden admits it was compromised and temporarily shut down its app after approximately $11 million worth of assets were stolen.…

Resilience, not sovereignty, defines OpenStack's next chapter

Price hikes, politics, and platform fatigue drive organizations back toward open alternatives

OpenInfra Summit  Sovereignty might be the word of the hour, but the OpenStack community has another – resilience.…

NHS left with sick PCs as suppliers resist Windows 11 treatment

Hospitals told to upgrade, but some medical device makers haven't prescribed compatibility yet

NHS hospitals are being blocked from fully upgrading to Windows 11 by a small number of suppliers that have yet to make their medical devices compatible with Microsoft's latest operating system.…

Europe preps Digital Euro to enter circulation in 2029

Because fewer people like banknotes, and payment sovereignty is a problem

The Governing Council of the European Central Bank (ECB) has decided the bloc needs a digital version of the Euro, and ordered work that could see it enter circulation in 2029.…

Suspected Chinese snoops weaponize unpatched Windows flaw to spy on European diplomats

Expired security cert, real Brussels agenda, plus PlugX malware finish the job

Cyber spies linked to the Chinese government exploited a Windows shortcut vulnerability disclosed in March – but that Microsoft hasn't fixed yet – to target European diplomats in an effort to steal defense and national security details.…

Proton trains new service to expose corporate infosec cover-ups

Service will tell on compromised organizations, even if they didn't plan on doing so themselves

Some orgs would rather you not know when they've suffered a cyberattack, but a new platform from privacy-focused tech firm Proton will shine a light on the big breaches that might otherwise stay buried.…

Docker Compose vulnerability opens door to host-level writes – patch pronto

Windows Desktop installer also fixed after DLL hijack flaw rated 8.8 severity

Docker Compose users are being strongly urged to upgrade their versions of the orchestration tool after a researcher uncovered a flaw that could allow attackers to stage path traversal attacks.…

Invisible npm malware pulls a disappearing act – then nicks your tokens

PhantomRaven slipped over a hundred credential-stealing packages into npm

A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, tokens, and secrets during installation. The packages appear safe when first downloaded, making them particularly difficult for security apps to identify.…

Cyberpunks mess with Canada's water, energy, and farm systems

Infosec agency warns hacktivists broke into critical infrastructure systems to tamper with controls

Hacktivists have breached Canadian critical infrastructure systems to meddle with controls that could have led to dangerous conditions, marking the latest in a string of real-world intrusions driven by online activists rather than spies.…

Postcode Lottery's lucky dip turns into data slip as players draw each other's info

Biz says 'technical error' caused short-lived leak affecting small number of users

A major UK lottery organization says it has resolved a technical error that exposed customer data to other users.…

France jacks into the Matrix for state messaging – and pays too

Governments eye comms alternatives as sovereignty worries mount

Comment  Decentralized communications network Matrix is hoping to be the beneficiary as European public and private sector organizations ponder alternatives to the messaging status quo.…

This security hole can crash billions of Chromium browsers, and Google hasn't patched it yet

Edge, Atlas, Brave among those affected

Exclusive  A critical, currently unpatched bug in Chromium's Blink rendering engine can be abused to crash many Chromium-based browsers within seconds, causing a denial-of-service condition – and, in some tests, freezing the host system.…

EY exposes 4TB+ SQL database to open internet for who knows how long

The Big Four biz’s big fat fail exposed a boatload of secrets online

A Dutch cybersecurity outfit says its lead researcher recently stumbled upon a 4TB+ SQL Server backup file belonging to EY exposed to the web, effectively leaking the accounting and consulting megacorp's secrets.…

Marketing giant Dentsu warns staff after Merkle data raid

Emails confirm payroll and bank details lifted in cyberattack on US subsidiary

Global marketing giant Dentsu is writing to current and former staff after a cyberattack on a subsidiary led to bank, payroll, and other sensitive data being stolen.…

Sole trader dispatched almost 1M spam texts to hard-up Brits, says watchdog

ICO fined Bharat Singh Chand £200,000 after receiving 19,138 complaints

Britain's data watchdog has fined a sole trader £200,000 for nearly a million spam texts targeting people in debt – almost 20 pence per message.…

UK government on the lookout for bargain-priced CTO

Dangles £100K for someone to fix £23B tech mess

The UK government is on the hunt for a new CTO after incumbent David Knott announced his departure, citing family reasons.…

9 in 10 Exchange servers in Germany still running out-of-support software

Cybersecurity agency urges organizations to upgrade or risk total network compromise

Germany's infosec office (BSI) is sounding the alarm after finding that 92 percent of the nation's Exchange boxes are still running out-of-support software, a fortnight after Microsoft axed versions 2016 and 2019.…

Australian police building AI to translate emoji used by ‘crimefluencers’

Five Eyes intel alliance has created a team to target these scum who prey on kids

Australia’s Federal Police (AFP) is working on an AI to interpret emojis and the slang used online by Generation Z and Generation Alpha, so it can understand them when they discuss crime online.…

Clearview AI faces criminal heat for ignoring EU data fines

Noyb says New York-based facial recognition biz flouted GDPR orders and kept scraping anyway

Privacy advocates at Noyb filed a criminal complaint against Clearview AI for scraping social media users' faces without consent to train its AI algorithms.…

AI browsers face a security flaw as inevitable as death and taxes

Agentic features open the door to data exfiltration or worse

Feature  With great power comes great vulnerability. Several new AI browsers, including OpenAI's Atlas, offer the ability to take actions on the user's behalf, such as opening web pages or even shopping. But these added capabilities create new attack vectors, particularly prompt injection.…

Beatings, killings, and lasting fear: The human toll of MoD's Afghan data breach

Research submitted to Parliament details deaths, raids, and mental trauma linked to 2022 relocation leak

Research submitted to the UK Parliament has revealed explicit threats to life and the deaths of family members and colleagues directly linked to the Ministry of Defence's 2022 Afghan relocation scheme data breach.…

Google says reports of a Gmail breach have been greatly exaggerated

Ad and cloud biz rubbishes claims that 183 million accounts broken into

Panic spread faster than a phishing email on Tuesday after claims of a massive Gmail breach hit the headlines – but Google says it's all nonsense.…

Chatbots parrot Putin's propaganda about the illegal invasion of Ukraine

Fake views from Moscow's pet media outlets appear in about one in five responses

Popular chatbots powered by large language models cited links to Russian state-attributed sources in up to a quarter of answers about the war in Ukraine, raising fresh questions over whether AI risks undermining efforts to enforce sanctions on Moscow-backed media.…

Marks & Spencer swaps out TCS for fresh helpdesk deal

Move follows months-long procurement process as retailer refreshes parts of its IT support setup

UK retailer Marks & Spencer has replaced Tata Consultancy Services as its IT service desk provider following a procurement process that began in January.…

WSUS attacks hit 'multiple' orgs as Google and other infosec sleuths ring Redmond’s alarm bell

If at first you don’t succeed, patch and patch again

More threat intel teams are sounding the alarm about a critical Windows Server Update Services (WSUS) remote code execution vulnerability, tracked as CVE-2025-59287 and now under active exploitation, just days after Microsoft pushed an emergency patch and the US Cybersecurity and Infrastructure Security Agency added the bug to its Known Exploited Vulnerabilities catalog.…

Iran's school for cyberspies could've used a few more lessons in preventing breaches

Ravin Academy confirms the intrusion on Telegram, says student data was stolen

Iran's school for state-sponsored cyberattackers admits it suffered a breach exposing the names and other personal information of its associates and students.…

You have one week to opt out or become fodder for LinkedIn AI training

Nations previously exempt from scraping now in the firing line

If you thought living in Europe, Canada, or Hong Kong meant you were protected from having LinkedIn scrape your posts to train its AI, think again. You have a week to opt out before the Microsoft subsidiary assumes you're fine with it.…

Researchers exploit OpenAI's Atlas by disguising prompts as URLs

NeuralTrust shows how agentic browser can interpret bogus links as trusted user commands

Researchers have found more attack vectors for OpenAI's new Atlas web browser – this time by disguising a potentially malicious prompt as an apparently harmless URL.…

X says passkey reset isn't about a security issue – it's to finally kill off twitter.com

Social media site dispatches crucial clarification days after curious announcement

X (formerly Twitter) sparked security concerns over the weekend when it announced users must re-enroll their security keys by November 10 or face account lockouts — without initially explaining why.…

Ex-CISA head thinks AI might fix code so fast we won't need security teams

Jen Easterly says most breaches stem from bad software, and smarter tech could finally clean it up

Ex-CISA head Jen Easterly claims AI could spell the end of the cybersecurity industry, as the sloppy software and vulnerabilities that criminals rely on will be tracked down faster than ever.…

Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection

Three of Anthropic’s Claude Desktop extensions were vulnerable to command injection – flaws that have now been fixed

SMS Fraud Losses Set to Decline 11% in 2026

Juniper Research predicts a $9bn drop in losses to SMS fraud next year

Hundreds of Malware-Laden Apps Downloaded 42 Million Times From Google Play

Zscaler estimates 239 malicious Android apps made it onto the official Play store over the past year

French Police Seize €1.6m Amid Crypto Scam Network Crackdown

Nine alleged crypto scammers arrested in Cyprus, Germany and Spain

OpenAI Assistants API Exploited in 'SesameOp' Backdoor

Instead of relying on more traditional methods, the backdoor exploits OpenAI’s Assistants API for command-and-control communications

Scattered Spider, ShinyHunters and LAPSUS$ Form Unified Collective

Scattered Spider, ShinyHunters and LAPSUS$ have formed an enhanced coordinated threat network for extortion efforts

DragonForce Cartel Emerges as Conti-Derived Ransomware Threat

DragonForce, a ransomware group using Conti’s code, has adopted a cartel model to expand and recruit

Identity Is Now the Top Source of Cloud Risk

ReliaQuest data reveals identity issues were responsible for 44% of cloud security alerts in Q3

DeFi Protocol Balancer Loses Over $120m in Cyber Heist

Digital thieves have got away with over $120m stolen from popular decentralized finance protocol Balancer

CISA and NSA Outline Best Practices to Secure Exchange Servers

CISA and NSA have released a blueprint to enhance Microsoft Exchange Server security against cyber-attacks

New GDI Flaws Could Enable Remote Code Execution in Windows

Flaws in Windows Graphics Device Interface (GDI) have been identified that allow remote code execution and information disclosure

Hackers Help Organized Crime Groups in Cargo Freight Heists, Researchers Find

Proofpoint researchers have observed recent hacking campaigns supporting cargo theft

Komodor’s self-healing capabilities remediate issues with or without a human in the loop

Komodor released autonomous self-healing and cost optimization capabilities that simplify operations for SRE, DevOps, and Platform teams managing large-scale Kubernetes environments. Powered by Klaudia, purpose-built agentic AI, the Komodor platform can automatically detect, investigate, and remediate issues, with or without a human in the loop, and optimize resource utilization. Managing Kubernetes and cloud-native infrastructure at scale has become increasingly complex. Industry research shows that 88% of technology leaders report rising stack complexity, and 81% say … More →

The post Komodor’s self-healing capabilities remediate issues with or without a human in the loop appeared first on Help Net Security.

Fortinet launches Secure AI Data Center to protect AI infrastructures end-to-end

Fortinet announced the Secure AI Data Center solution, an end-to-end framework purpose-built to protect AI infrastructures. Designed to secure the entire AI stack, from data center infrastructure to applications and LLMs, the solution delivers advanced AI threat defense with ultra-low latency and reduces power consumption on average by 69% compared to traditional approaches. As part of this announcement, Fortinet introduced the FortiGate 3800G, a high-performance data center firewall that delivers the power efficiency, throughput, and … More →

The post Fortinet launches Secure AI Data Center to protect AI infrastructures end-to-end appeared first on Help Net Security.

Barracuda Assistant accelerates security operations

Barracuda Networks launched Barracuda Assistant, powered by Barracuda AI. Integrated into the BarracudaONE cybersecurity platform, Barracuda Assistant accelerates security operations to help organizations strengthen cyber resilience and drive productivity and ROI. “Cyberattacks are growing more sophisticated and relentless, and security teams are under immense pressure to respond faster with fewer resources,” said Brian Downey, VP of product management at Barracuda. “Barracuda Assistant empowers users of all skill levels to investigate threats quickly and confidently, even … More →

The post Barracuda Assistant accelerates security operations appeared first on Help Net Security.

CleanStart SBOM Analyzer strengthens software supply chain security

CleanStart has released its SBOM Analyzer, an add-on tool that generates complete, CISA-compliant Software Bills of Materials (SBOMs) for container images. The tool deepens visibility into software components and dependencies, helping organizations secure their supply chains before deployment. Integrated directly into CleanStart’s platform, the add-on provides broader component coverage, deeper dependency mapping and automatically maintained data as part of the company’s regular image refresh cycle. “SBOMs are no longer optional now that they’re a federal … More →

The post CleanStart SBOM Analyzer strengthens software supply chain security appeared first on Help Net Security.

Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703)

On Tuesday, CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-11371, which affects Gladinet’s CentreStack and Triofox file-sharing and remote access platforms, and CVE-2025-48703, a vulnerability in Control Web Panel (CWP), a web hosting control panel designed for managing servers running CentOS or CentOS-based distributions. While active exploitation of CVE-2025-11371 has been reported on since early October 2025, exploitation attempts involving CVE-2025-48703, though detected by cybersecurity professionals, have so far been less widespread … More →

The post Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703) appeared first on Help Net Security.

18 arrested in €300 million global credit card fraud scheme

A coordinated international operation has led to 18 arrests in a massive credit card fraud case worth at least €300 million. The effort, led by Eurojust, targeted a network of suspects accused of running fake online subscription services for dating, pornography, and streaming sites. Among those detained were five executives from four German payment service providers. Authorities said the fraud affected several million credit card users across 193 countries and involved 19 million accounts. Investigators … More →

The post 18 arrested in €300 million global credit card fraud scheme appeared first on Help Net Security.

New ExtraHop capabilities target malicious PowerShell use across enterprise environments

ExtraHop has announced new capabilities to detect the malicious use of PowerShell. These enhancements provide the visibility needed to disrupt the attack kill chain and deliver insight to stop lateral movement in its tracks. Remote management tools like PowerShell have become a notable weapon for attackers, like the Qilin Ransomware-as-a-Service (RaaS) operation, which has hit many high-value organizations globally including several UK hospitals. Threat actors often use PowerShell for living-off-the-land to go under the radar … More →

The post New ExtraHop capabilities target malicious PowerShell use across enterprise environments appeared first on Help Net Security.

Deepwatch NEXA platform transforms MDR collaboration with agentic AI

Deepwatch has released Deepwatch NEXA, a collaborative agentic AI ecosystem that delivers outcome-focused agents to transform how MDR providers and customers work together. NEXA combines natural language interaction with agentic AI to provide real-time visibility, context, and actionable insights across the entire security lifecycle. This enables MDR providers and customers to detect, investigate, and respond to threats faster while shifting from reactive defense to proactive, business-aligned protection. Six intelligent agents, one unified ecosystem Deepwatch NEXA, … More →

The post Deepwatch NEXA platform transforms MDR collaboration with agentic AI appeared first on Help Net Security.

ZEDEDA introduces Edge Kubernetes App Flows to automate edge application lifecycle

ZEDEDA has released a full-stack edge Kubernetes-as-a-Service solution that extends a cloud-native deployment experience to distributed edge environments. ZEDEDA Edge Kubernetes App Flows automates the edge application lifecycle, from packaging and configuration to delivery and observability, eliminating the need to manage cluster and application orchestration infrastructure. Edge Kubernetes App Flows supports the bare-metal and GPU compute required for edge AI applications, such as automated detection of manufacturing flaws and predictive maintenance. Built on ZEDEDA’s edge … More →

The post ZEDEDA introduces Edge Kubernetes App Flows to automate edge application lifecycle appeared first on Help Net Security.

Veeam App for Microsoft Sentinel brings backup intelligence directly into the SOC

Veeam Software launched its new Veeam App for Microsoft Sentinel. The solution provides advanced integration with Veeam Data Platform and empowers organizations to detect, investigate, and respond to cyber threats and backup anomalies, delivering data resilience and operational efficiency across SOC. As cyberattacks increasingly target backup environments, many SOC teams face a critical visibility gap in their security posture ecosystem, leaving organizations vulnerable to attacks on their last line of defense – their backups. The … More →

The post Veeam App for Microsoft Sentinel brings backup intelligence directly into the SOC appeared first on Help Net Security.

Ground zero: 5 things to do after discovering a cyberattack

When every minute counts, preparation and precision can mean the difference between disruption and disaster

This month in security with Tony Anscombe – October 2025 edition

From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now

Fraud prevention: How to help older family members avoid scams

Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically

Cybersecurity Awareness Month 2025: When seeing isn't believing

Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams

Recruitment red flags: Can you spot a spy posing as a job seeker?

Here’s what to know about a recent spin on an insider threat – fake North Korean IT workers infiltrating western firms

How MDR can give MSPs the edge in a competitive market

With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs

Cybersecurity Awareness Month 2025: Cyber-risk thrives in the shadows

Shadow IT leaves organizations exposed to cyberattacks and raises the risk of data loss and compliance failures

Gotta fly: Lazarus targets the UAV sector

ESET research analyzes a recent instance of the Operation DreamJob cyberespionage campaign conducted by Lazarus, a North Korea-aligned APT group

SnakeStealer: How it preys on personal data – and how you can protect yourself

Here’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year's infostealer detection charts

Cybersecurity Awareness Month 2025: Building resilience against ransomware

Ransomware rages on and no organization is too small to be targeted by cyber-extortionists. How can your business protect itself against the threat?

Minecraft mods: Should you 'hack' your game?

Some Minecraft mods don’t help build worlds – they break them. Here’s how malware can masquerade as a Minecraft mod.

IT service desks: The security blind spot that may put your business at risk

Could a simple call to the helpdesk enable threat actors to bypass your security controls? Here’s how your team can close a growing security gap.

Cybersecurity Awareness Month 2025: Why software patching matters more than ever

As the number of software vulnerabilities continues to increase, delaying or skipping security updates could cost your business dearly.

AI-aided malvertising: Exploiting a chatbot to spread scams

Cybercriminals have tricked X’s AI chatbot into promoting phishing scams in a technique that has been nicknamed “Grokking”. Here’s what to know about it.

How Uber seems to know where you are – even with restricted location permissions

Is the ride-hailing app secretly tracking you? Not really, but this iOS feature may make it feel that way.

Cybersecurity Awareness Month 2025: Passwords alone are not enough

Never rely on just a password, however strong it may be. Multi-factor authentication is essential for anyone who wants to protect their online accounts from intruders.

The case for cybersecurity: Why successful businesses are built on protection

Company leaders need to recognize the gravity of cyber risk, turn awareness into action, and put security front and center

Beware of threats lurking in booby-trapped PDF files

Looks can be deceiving, so much so that the familiar icon could mask malware designed to steal your data and money.

Manufacturing under fire: Strengthening cyber-defenses amid surging threats

Manufacturers operate in one of the most unforgiving threat environments and face a unique set of pressures that make attacks particularly damaging

New spyware campaigns target privacy-conscious Android users in the UAE

ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates

Cybersecurity Awareness Month 2025: Knowledge is power

We're kicking off the month with a focus on the human element: the first line of defense, but also the path of least resistance for many cybercriminals

This month in security with Tony Anscombe – September 2025 edition

The past 30 days have seen no shortage of new threats and incidents that brought into sharp relief the need for well-thought-out cyber-resilience plans

Roblox executors: It’s all fun and games until someone gets hacked

You could be getting more than you bargained for when you download that cheat tool promising quick wins

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

Malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers

Watch out for SVG files booby-trapped with malware

What you see is not always what you get as cybercriminals increasingly weaponize SVG files as delivery vectors for stealthy malware

Gamaredon X Turla collab

Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine

Small businesses, big targets: Protecting your business against ransomware

Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises

HybridPetya: The Petya/NotPetya copycat comes with a twist

HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal

Are cybercriminals hacking your systems – or just logging in?

As bad actors often simply waltz through companies’ digital front doors with a key, here’s how to keep your own door locked tight

Preventing business disruption and building cyber-resilience with MDR

Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a prevention-first cybersecurity strategy

Under lock and key: Safeguarding business data with encryption

As the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purpose

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results

This month in security with Tony Anscombe – August 2025 edition

From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity news

Don’t let “back to school” become “back to (cyber)bullying”

Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back

First known AI-powered ransomware uncovered by ESET Research

The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats

"What happens online stays online" and other cyberbullying myths, debunked

Separating truth from fiction is the first step towards making better parenting decisions. Let’s puncture some of the most common misconceptions about online harassment.

The need for speed: Why organizations are turning to rapid, trustworthy MDR

How top-tier managed detection and response (MDR) can help organizations stay ahead of increasingly agile and determined adversaries

Investors beware: AI-powered financial scams swamp social media

Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think.

Supply-chain dependencies: Check your resilience blind spot

Does your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them?

How the always-on generation can level up its cybersecurity game

Digital natives are comfortable with technology, but may be more exposed to online scams and other threats than they think

WinRAR zero-day exploited in espionage attacks against high-value targets

The attacks used spearphishing campaigns to target financial, manufacturing, defense, and logistics companies in Europe and Canada, ESET research finds

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise their targets

Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s?

A sky-high premium may not always reflect your company’s security posture

Android adware: What is it, and how do I get it off my device?

Is your phone suddenly flooded with aggressive ads, slowing down performance or leading to unusual app behavior? Here’s what to do.

Black Hat USA 2025: Policy compliance and the myth of the silver bullet

Who’s to blame when the AI tool managing a company’s compliance status gets it wrong?

Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow?

Success in cybersecurity is when nothing happens, plus other standout themes from two of the event’s keynotes

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

Threat actors are embracing ClickFix, ransomware gangs are turning on each other – toppling even the leaders – and law enforcement is disrupting one infostealer after another

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too much

Why the tech industry needs to stand firm on preserving end-to-end encryption

Restricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activity

This month in security with Tony Anscombe – July 2025 edition

Here's a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025

The hidden risks of browser extensions – and how to stay safe

Not all browser add-ons are handy helpers – some may contain far more than you have bargained for

SharePoint under fire: ToolShell attacks hit organizations worldwide

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks

ToolShell: An all-you-can-eat buffet for threat actors

ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities

Rogue CAPTCHAs: Look out for phony verification pages spreading malware

Before rushing to prove that you're not a robot, be wary of deceptive human verification pages as an increasingly popular vector for delivering malware

Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)

Behind every free online service, there's a price being paid. Learn why your digital footprint is so valuable, and when you might actually be the product.

Unmasking AsyncRAT: Navigating the labyrinth of forks

ESET researchers map out the labyrinthine relationships among the vast hierarchy of AsyncRAT variants

How to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3)

Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.

Task scams: Why you should never pay to get paid

Some schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams.

How government cyber cuts will affect you and your business

Deep cuts in cybersecurity spending risk creating ripple effects that will put many organizations at a higher risk of falling victim to cyberattacks

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024

ESET Threat Report H1 2025: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for organizations in 2025

ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits

ESET experts discuss Sandworm’s new data wiper, relentless campaigns by UnsolicitedBooker, attribution challenges amid tool-sharing, and other key findings from the latest APT Activity Report

This month in security with Tony Anscombe – June 2025 edition

From Australia's new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news

ESET Threat Report H1 2025

A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

BladedFeline: Whispering in the dark

ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig

Don’t let dormant accounts become a doorway for cybercriminals

Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order.

This month in security with Tony Anscombe – May 2025 edition

From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news

Word to the wise: Beware of fake Docusign emails

Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data

Danabot under the microscope

ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure

Danabot: Analyzing a fallen empire

ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation

Lumma Stealer: Down for the count

The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies

ESET takes part in global operation to disrupt Lumma Stealer

Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation

The who, where, and how of APT attacks in Q4 2024–Q1 2025

ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report

ESET APT Activity Report Q4 2024–Q1 2025

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025

Sednit abuses XSS flaws to hit gov't entities, defense companies

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU

Operation RoundPress

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)

Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.

Catching a phish with many faces

Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly

Beware of phone scams demanding money for ‘missed jury duty’

When we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer.

Toll road scams are in overdrive: Here’s how to protect yourself

Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam.

RSAC 2025 wrap-up – Week in security with Tony Anscombe

From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks

This month in security with Tony Anscombe – April 2025 edition

From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity

How safe and secure is your iPhone really?

Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.

Deepfake 'doctors' take to TikTok to peddle bogus cures

Look out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements

How fraudsters abuse Google Forms to spread scams

The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe.

Will super-smart AI be attacking us anytime soon?

What practical AI attacks exist today? “More than zero” is the answer – and they’re getting better.

CapCut copycats are on the prowl

Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead

They’re coming for your data: What are infostealers and how do I stay safe?

Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data

Attacks on the education sector are surging: How can cyber-defenders respond?

Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?

Watch out for these traps lurking in search results

Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results

So your friend has been hacked: Could you be next?

When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.

1 billion reasons to protect your identity online

Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t.

The good, the bad and the unknown of AI: A Q&A with Mária Bieliková

The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us

This month in security with Tony Anscombe – March 2025 edition

From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news

Resilience in the face of ransomware: A key to business survival

Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage

Making it stick: How to get the most out of cybersecurity training

Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near

RansomHub affiliates linked to rival RaaS gangs

ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions

FamousSparrow resurfaces to spy on targets in the US, Latin America

Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time

The Hidden Authorization Tax: Why Your Permissions System Costs More Than You Think

Every application needs authorization. It’s the backbone that decides who can access what, when, and under which conditions. But the hard part isn’t granting permissions, it’s getting them right. If permissions are too coarse, users lose confidence that their data is secure. If they’re too complex, engineers drown in brittle logic, scattered checks, and hard-to-trace..

The post The Hidden Authorization Tax: Why Your Permissions System Costs More Than You Think appeared first on Security Boulevard.

How penetration testing services prove security and build client trust

In a world where data breaches continue to rise, organisations have become more discerning about who they trust with their information. It is no longer enough to claim that security is a priority — businesses must be able to prove it. Penetration testing, when conducted by qualified professionals, is one measure used as part of…

The post How penetration testing services prove security and build client trust appeared first on Sentrium Security.

The post How penetration testing services prove security and build client trust appeared first on Security Boulevard.

Security Experts Charged with Launching BlackCat Ransomware Attacks

Two former cybersecurity pros were indicted with conspiring with a third unnamed co-conspirator of using the high-profile BlackCat ransomware to launch attacks in 2023 against five U.S. companies to extort payment in cryptocurrency and then splitting the proceeds.

The post Security Experts Charged with Launching BlackCat Ransomware Attacks appeared first on Security Boulevard.

Scientists Need a Positive Vision for AI

For many in the research community, it’s gotten harder to be optimistic about the impacts of artificial intelligence.

As authoritarianism is rising around the world, AI-generated “slop” is overwhelming legitimate media, while AI-generated deepfakes are spreading misinformation and parroting extremist messages. AI is making warfare more precise and deadly amidst intransigent conflicts. AI companies are exploiting people in the global South who work as data labelers, and profiting from content creators worldwide by using their work without license or compensation. The industry is also affecting an already-roiling climate with its ...

The post Scientists Need a Positive Vision for AI appeared first on Security Boulevard.

How to Report a Suspicious Email in Australia

Originally published at How to Report a Suspicious Email in Australia by EasyDMARC.

Email scams are now one of the most ...

The post How to Report a Suspicious Email in Australia appeared first on EasyDMARC.

The post How to Report a Suspicious Email in Australia appeared first on Security Boulevard.

Hackers Targeting Freight Operators to Steal Cargo: Proofpoint

Threat actors are working with organized crime groups to target freight operators and transportation companies, infiltrate their systems through RMM software, and steal cargo, which they then sell online or ship to Europe, according to Proofpoint researchers, who saw similar campaigns last year.

The post Hackers Targeting Freight Operators to Steal Cargo: Proofpoint appeared first on Security Boulevard.

Traffic Distribution System (TDS) abuse – What’s hiding behind the veil?

Those who follow the DNS abuse landscape closely may have noticed a rise in activity and abuse reports related to TDS. The use of this infrastructure for malicious purposes is becoming increasingly common. In this blog, we look at how TDS are being exploited to facilitate abuse, why they present challenges for takedowns, and what we can do as a community to address the problem.

The post Traffic Distribution System (TDS) abuse – What’s hiding behind the veil? appeared first on Security Boulevard.

HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage

Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms.

Architecture

Prompt injections are a weakness in how large language models (LLMs) process input data. An attacker can manipulate the LLM by injecting instructions into any data it ingests, which can cause the LLM to ignore the original instructions and perform unintended or malicious actions instead. Specifically, indirect prompt injection occurs when an LLM finds unexpected instructions in an external source, such as a document or website, rather than a direct prompt from the user. Since prompt injection is a well-known issue with LLMs, many AI vendors create safeguards to help mitigate and protect against it. Nevertheless, we discovered several vulnerabilities and techniques that significantly increase the potential impact of indirect prompt injection attacks. To better understand the discoveries, we will first cover some technical details about how ChatGPT works. (To get right to the discoveries, click here.)

System prompt

Every ChatGPT model has a set of instructions created by OpenAI that outline the capabilities and context of the model before its conversation with the user. This is called a System Prompt. Researchers often use techniques for extracting the System Prompt from ChatGPT (as can be seen here), giving insight into how the LLM works. When looking at the System Prompt, we can see that ChatGPT has the capability to retain information across conversations using the bio tool, or, as ChatGPT users may know it, memories. The context from the user’s memories is appended to the System Prompt, giving the model access to any (potentially private) information deemed important in previous conversations. Additionally, we can see that ChatGPT has access to a web tool, allowing it to access up-to-date information from the internet based on two commands: search and open_url.

The bio tool, aka memories

The ChatGPT memory feature mentioned above is enabled by default. If the user asks it to remember something, or if there is some information that the engine deems important even without an explicit request, it can be remembered using memories. As is seen in the System Prompt, the memories are invoked internally using the bio tool and sent as a static context along with it. It is important to note that memories could contain private information about the user. Memories are shared between conversations and considered by the LLM before each response. It is also possible to have a memory about the type of response you want, which will be taken into account whenever ChatGPT responds.

In addition to its long-term memory feature, ChatGPT considers the current conversation and context when responding. It can refer to previous requests and messages or follow a line of thinking. To avoid confusion, we will refer to this type of memory as Conversational Context.

The web tool

While researching ChatGPT, we discovered some information about how the web tool works. If ChatGPT gets a URL directly from the user or decides it needs to visit a specific URL, it will do so with the web tool's open_url functionality, which we will refer to as Browsing Context. When doing so, it will usually use the ChatGPT-User user agent. It quickly became clear to us that there is some kind of cache mechanism for such browsing, since when we asked about a URL that was already opened, ChatGPT would respond without browsing again.

Based on our experimentation, ChatGPT is extremely susceptible to prompt injection while browsing, but we concluded that open_url actually hands the responsibility of browsing to an alternative LLM named SearchGPT, which has significantly fewer capabilities and understanding of the user context. Sometimes ChatGPT will respond with the output of SearchGPT’s browsing results as-is, and sometimes it will take the full output and modify its reply based on the question. As a method of isolation, SearchGPT has no access to the user’s memories or context. Therefore, despite being susceptible to prompt injection in the Browsing Context, the user should, theoretically, be safe, as SearchGPT is doing the browsing.

The other end of the web tool is the search command, used by ChatGPT to invoke an internet search whenever a user enters a prompt that requires it. ChatGPT uses a proprietary search engine to find and return results based on up-to-date information that may have been published after the model’s training cutoff date. A user can choose this feature with the dedicated “Web search” button; if the user doesn’t select this feature, a search is conducted at the LLM’s discretion. ChatGPT might send a few queries or change the wording of the search in an attempt to optimize the results, which are returned as a list of websites and snippets. If possible, it will respond solely based on the information in the result snippets, but if that information is insufficient, it might browse using the open_url command to some of the sites in order to investigate further. It seems that part of the indexing is done by Bing, and part is done by OpenAI using their crawler with OAI-Search as its user agent. We don’t know the distinction in the responsibilities of OpenAI and Bing. We will refer to this usage of the search command as Search Context.

The url_safe endpoint

Since prompt injection is such a prevalent issue, AI vendors are constantly trying to mitigate the potential impact of these attacks by developing safety features to protect user data. Much of the potential impact of prompt injection stems from having the AI respond with URLs, which could be used to direct the user to a malicious website or exfiltrate information with image markdown rendering. OpenAI has attempted to address this issue with an endpoint named url_safe, which checks most URLs before they are shown to the user and uses proprietary logic to decide whether the URL is safe or not. If it is deemed unsafe, the link is omitted from the output.

Based on our research, some of the parameters that are checked include:

• Domain trust (e.g., openai.com)
• Existence and trust of a subdomain
• Existence and trust of parameters
• Conversational Context

7 new vulnerabilities and techniques in ChatGPT

1. Indirect prompt injection vulnerability via trusted sites in Browsing Context

When diving into ChatGPT’s Browsing Context, we wondered how malicious actors could exploit ChatGPT’s susceptibility to indirect prompt injection in a way that would align with a legitimate use case. Since one of the primary use cases for the Browsing Context is summarizing blogs and articles, our idea was to inject instructions in the comment section. We created our own blogs with dummy content and then left a message for SearchGPT in the comments section. When asked to summarize the contents of the blog, SearchGPT follows the malicious instructions from the comment, compromising the user. (We elaborate on the specific impact to the user in the Full Attack Vector PoCs section below.) The potential reach of this vulnerability is tremendous, since attackers could spray malicious prompts in comment sections on popular blogs and news sites, compromising countless ChatGPT users.

2. 0-click indirect prompt injection vulnerability in Search Context

We’ve proven that we can inject a prompt when the user asks ChatGPT to browse to a specific website, but what about attacking a user just for asking a question? We know that ChatGPT’s web search results are based on Bing and OpenAI’s crawler, so we wondered: What would happen if a site with a prompt injection were to be indexed? In order to prove our theory, we created some websites about niche topics with specific names in order to narrow down our results, such as a site containing some humorous information about our team with the domain llmninjas.com. We then asked ChatGPT for information about the LLM Ninjas team and were pleased to see that our site was sourced in the response.

Having only a prompt injection on your site would make it much less likely to be indexed by Bing, so we created a fingerprint for SearchGPT based on the headers and user agent it uses to browse, and only served the prompt injection when SearchGPT was the one browsing. Voila! After the change we made was indexed by OpenAI’s crawler, we were able to achieve the final level of prompt injection and inject a prompt just by the victim asking a simple question!

Hundreds of millions of users ask LLMs questions that require searching the web, and it seems that LLMs will eventually replace classic search engines. This unprecedented 0-click vulnerability opens a whole new attack vector that could target anyone who relies on AI search for information. AI vendors are relying on metrics like SEO scores, which are not security boundaries, to choose which sources to trust. By hiding the prompt in tailor-made sites, attackers could directly target users based on specific topics or political and social trends.

3. Prompt injection vulnerability via 1-click

The final and simplest method of prompt injection is through a feature that OpenAI created, which allows users to prompt ChatGPT by browsing to https://chatgpt.com/?q={Prompt}. We found that ChatGPT will automatically submit the query in the q= parameter, leaving anyone who clicks that link vulnerable to a prompt injection attack.

4. Safety mechanism bypass vulnerability

During our research of the url_safe endpoint, we noticed that bing.com was a whitelisted domain, and always passed the url_safe check. It turns out that search results on Bing are served through a wrapped tracking link that redirects the user from a static bing.com/ck/a link to the requested website. That means that any website that is indexed on Bing has a bing.com URL that will redirect to it.

By indexing some test websites to Bing, we were able to extract their static tracking links and use them to bypass the url_safe check, allowing our links to be fully rendered. The Bing tracking links cannot be altered, so a single link cannot extract information that we did not know in advance. Our solution was to index a page for every letter in the alphabet and then use those links to exfiltrate information one letter at a time. For example, if we want to exfiltrate the word “Hello”, ChatGPT would render the Bing links for H, E, L, L, and O sequentially in its response.

5. Conversation Injection technique

Even with the url_safe bypass above, we cannot use prompt injection alone to exfiltrate anything of value, since SearchGPT has no access to user data.. We wondered: How could we get control over ChatGPT’s output when we only have direct access to SearchGPT’s output? Then we remembered Conversational Context. ChatGPT remembers the entire conversation when responding to user prompts. If it were to find a prompt on its “side” of the conversation, would it still listen? So we used our SearchGPT prompt injection to ensure the response ends with another prompt for ChatGPT in a novel technique we dubbed Conversation Injection. When responding to the following prompts, ChatGPT will go over the Conversational Context, see, and listen to the instructions we injected, not realizing that SearchGPT wrote them. Essentially, ChatGPT is prompt-injecting itself.

6. Malicious content hiding technique

One of the issues with the Conversation Injection technique is that the output from SearchGPT appears clearly to the user, which will raise a lot of suspicion. We discovered a bug with how the ChatGPT website renders markdown that can allow us to hide the malicious content. When rendering code blocks, any data that appears on the same line as the code block opening (past the first word) does not get rendered. This means that unless copied, the response will look completely innocent to the user, despite containing the malicious context, which will be read by ChatGPT.

7. Memory injection technique

Another issue with Conversation Injection is that it only persists for the current conversation. But what if we wanted persistence between conversations? We found that, similarly to Conversation Injection, SearchGPT can actually get ChatGPT to update its memories, allowing us to create an exfiltration that will happen for every single response. This injection creates a persistent threat that will continue to leak user data even between sessions, days, and data changes.

Full attack vector PoCs

By mixing and matching all of the vulnerabilities and techniques we discovered, we were able to create proofs of concept (PoCs) for multiple complete attack vectors, such as indirect prompt injection, bypassing safety features, exfiltrating private user information, and creating persistence. 

ChatGPT 4o PoC: Phishing

ChatGPT 5 PoC: Phishing success

1. Hacker includes a malicious prompt in a comment on a blog post
2. User asks ChatGPT to summarize the blog
3. SearchGPT browses to the post and gets a prompt injected via a malicious comment
4. SearchGPT adds a hyperlink to the end of its summary, leading to a malicious site using the url_safe bypass vulnerability
5. Users tend to trust ChatGPT, and therefore could be more susceptible to clicking the malicious link

ChatGPT 5 PoC: Comment success

1. Hacker includes a malicious prompt in a comment on a blog post
2. User asks ChatGPT to summarize a blog post
3. SearchGPT browses to the post and gets a prompt injected via a malicious comment
4. SearchGPT injects instructions to ChatGPT via Conversation Injection, while hiding them using the code block technique
5. The user sends a follow-up message
6. ChatGPT renders image markdowns based on the instructions injected by SearchGPT, using the url_safe bypass to exfiltrate private user information to the attacker’s server

ChatGPT 4o PoC: LLM Ninjas 

ChatGPT 5 PoC: Search GPT LLM Ninjas

1. Hacker creates and indexes a malicious website that serves a prompt injection to SearchGPT based on the appropriate headers
2. User asks ChatGPT an innocent question that relates to the information on the Hacker’s website
3. SearchGPT browses to the malicious websites and finds a prompt injection
4. SearchGPT responds based on the malicious prompt and compromises the user

ChatGPT 5 PoC: Memory injection

1. User gets attacked by prompt injection in one of the aforementioned ways
2. ChatGPT adds a memory that the user wants all responses to contain exfiltration of private information
3. Every time the user sends a prompt in any conversation, the url_safe bypass vulnerability is used to exfiltrate private information

Vendor response

Tenable Research has disclosed all of these issues to OpenAI and directly worked with them to fix some of the vulnerabilities. The associated TRAs are:

• https://www.tenable.com/security/research/tra-2025-22
• https://www.tenable.com/security/research/tra-2025-11
• https://www.tenable.com/security/research/tra-2025-06

The majority of the research was done on ChatGPT 4o, but OpenAI is constantly tuning and improving their platform, and has since launched ChatGPT 5. The researchers have been able to confirm that several of the PoCs and vulnerabilities are still valid in ChatGPT 5, and ChatGPT 4o is still available for use based on user preference. Prompt injection is a known issue with the way that LLMs work, and, unfortunately, it will probably not be fixed systematically in the near future. AI vendors should take care to ensure that all of their safety mechanisms (such as url_safe) are working properly to limit the potential damage caused by prompt injection.

Note: This blog includes research conducted by Yarden Curiel.

The post HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage appeared first on Security Boulevard.

In an AI World, Every Attack is a Social Engineering Attack

AI-driven social engineering is transforming cyberattacks from costly, targeted operations into scalable, automated threats. As generative models enable realistic voice, video, and text impersonation, organizations must abandon stored secrets and move toward cryptographic identity systems to defend against AI-powered deception.

The post In an AI World, Every Attack is a Social Engineering Attack     appeared first on Security Boulevard.

Salesloft Drift Breaches: Your Complete Response Guide

The Salesloft Drift OAuth token breach compromised Salesforce data across hundreds of enterprises, including Cloudflare, Zscaler, and Palo Alto Networks. Learn how attackers exploited OAuth tokens, the risks of connected app misuse, and key steps to strengthen Salesforce and multi-cloud security.

The post Salesloft Drift Breaches: Your Complete Response Guide  appeared first on Security Boulevard.

Google warns of new AI-powered malware families deployed in the wild

Google's Threat Intelligence Group (GTIG) has identified a major shift this year, with adversaries leveraging artificial intelligence to deploy new malware families that integrate large language models (LLMs) during execution. [...]

Police busts credit card fraud rings with 4.3 million victims

International authorities have dismantled three massive credit card fraud and money laundering networks, linked to losses exceeding €300 million ($344 million) and affecting over 4.3 million cardholders across 193 countries. [...]

US sanctions North Korean bankers linked to cybercrime, IT worker fraud

The U.S. Treasury Department imposed sanctions on two North Korean financial institutions and eight individuals involved in laundering cryptocurrency stolen in cybercrime and fraudulent IT worker schemes. [...]

Microsoft: October Windows updates trigger BitLocker recovery

Microsoft has warned that some systems may boot into BitLocker recovery after installing the October 2025 Windows security updates. [...]

Hackers exploit WordPress plugin Post SMTP to hijack admin accounts

Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. [...]

Apache OpenOffice disputes data breach claims by ransomware gang

The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. [...]

Malicious Android apps on Google Play downloaded 42 million times

Hundreds of malicious Android apps on Google Play were downloaded more than 40 million times between June 2024 and May 2025, notes a report from cloud security company Zscaler. [...]

Microsoft removing Defender Application Guard from Office

Microsoft plans to remove Defender Application Guard from Office by December 2027, starting with the February 2026 release of Office version 2602. [...]

Data breach at major Swedish software supplier impacts 1.5 million

The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. [...]

Media giant Nikkei reports data breach impacting 17,000 people

Japanese publishing giant Nikkei announced earlier today that its Slack messaging platform had been compromised, exposing the personal information of over 17,000 employees and business partners. [...]

Police arrests suspects linked to €600 million crypto fraud ring

European law enforcement authorities have arrested nine suspected money launderers who set up a cryptocurrency fraud network that stole over €600 million ($689 million) from victims across multiple countries. [...]

The Top 3 Browser Sandbox Threats That Slip Past Modern Security Tools

Attackers exploit web browsers' built-in behaviors to steal credentials, abuse extensions, and move laterall, slipping past traditional defenses. Learn from Keep Aware how browser-layer visibility and policy enforcement stop these hidden threats in real time. [...]

Russian hackers abuse Hyper-V to hide malware in Linux VMs

The Russian hacker group Curly COMrades is abusing Microsoft Hyper-V in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine to run malware. [...]

Google now lets you add friends as contacts for account recovery

Google now lets you recover your accounts using your phone number or trusted contacts.

Cyber giant F5 Networks says government hackers had ‘long-term’ access to its systems, stole code and customer data

The company, which provides cybersecurity defenses to most of the Fortune 500, said the DOJ allowed it to delay notifying the public on national security grounds.

A breach every month raises doubts about South Korea’s digital defenses

Known for its blazing fast internet and home to some of the world’s biggest tech giants, South Korea has also faced a string of data breaches and cybersecurity lapses that has struggled to match the pace of its digital ambitions.

Proton releases a new app for two-factor authentication

Proton has a free authenticator app, which is available cross-platform with end-to-end encryption protection for data.

Knox lands $6.5M to compete with Palantir in the federal compliance market

Irina Denisenko, CEO of Knox, launched Knox, a federal managed cloud provider, last year with a mission to help software vendors speed through the FedRAMP security authorization process in just three months, and at a fraction of what it would cost to do it on their own.

Google is adding new device-level features for its Advanced Protection program

At the Android Show, taking place ahead of Google I/O 2025, Google announced that it is adding new device-specific features to its Advanced Protection program, which is designed to protect public figures such as politicians and journalists from different digital threats, with the Android 16 release. The new features include a new way of storing […]

Google announces new security features for Android for protection against scam and theft

At the Android Show on Tuesday, ahead of Google I/O, Google announced new security and privacy features for Android. These new features include new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a […]

A 25-year-old police drone founder just raised $75M led by Index

If you ever call 911 from an area that’s hard to get to, you might hear the buzz of a drone well before a police cruiser pulls up. And there’s a good chance that it will be one made by Brinc Drones, a Seattle-based startup founded by 25-year-old Blake Resnick, who dropped out of college […]

A new security fund opens up to help protect the fediverse

A new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.

How to tell if your online accounts have been hacked

This is a guide on how to check whether someone compromised your online accounts.

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Threat intelligence startup GreyNoise says it has observed a ‘notable resurgence’ in attack activity

US teachers’ union says hackers stole sensitive personal data on over 500,000 members

PSEA says it "took steps to ensure" its stolen data was deleted, suggesting a ransom demand was paid

CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’

Federal court rules U.S. cybersecurity agency must re-hire over 100 former employees

DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts

Affected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning

What PowerSchool won’t say about its data breach affecting millions of students

New details have emerged about PowerSchool's data breach — but here's what PowerSchool still isn't saying.

Hacker accessed PowerSchool’s network months before massive December breach

CrowdStrike says a hacker had access to PowerSchool's internal system as far back as August.

Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations

Unidentified hackers breached NTT Com’s network to steal personal information of employees at thousands of corporate customers

FBI says scammers are targeting US executives with fake BianLian ransom notes

The FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]

UK quietly scrubs encryption advice from government websites

The UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands

Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation

Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape

KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud

KoDDoS is proud to announce its partnership with MSP Global and CloudFest, two key players in the digital technology and cloud services industry. This collaboration marks an important step toward strengthening ties within the global tech ecosystem, bringing together experts, service providers, and decision-makers to address the cloud’s most strategic challenges. Through this partnership, we … Continue reading KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud

The post KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud appeared first on KoDDoS Blog.

Recap of Our Presence at VivaTech 2025

Our Core Expertise: Offshore Hosting & Advanced Cybersecurity At KoDDoS, we’ve built our reputation on two complementary pillars: 🛡️ Robust Cybersecurity Capabilities For over a decade, we’ve been protecting digital infrastructure with cutting-edge security technologies: 🌐 Resilient and Sovereign Offshore Hosting Our global infrastructure is distributed across strategic offshore data centers in: This setup offers … Continue reading Recap of Our Presence at VivaTech 2025

The post Recap of Our Presence at VivaTech 2025 appeared first on KoDDoS Blog.

KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.

Paris, June 2025 – From June 11 to 14, Paris will once again become the global epicenter of technological innovation with the return of VivaTechnology 2025, held at Paris Expo Porte de Versailles. Bringing together major tech companies, disruptive startups, global investors, and public institutions, the event stands out as a pivotal moment for the … Continue reading KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.

The post KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges. appeared first on KoDDoS Blog.

Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

Video games are more than entertainment; they’re a $200 billion global industry. But as gaming grows, so do cyberattacks. Hackers now see games as goldmines for stealing data, extorting companies, and exploiting players.  According to Infosecurity Magazine, Akamai’s 2024 report shows that attacks on gaming platforms are rising alarmingly. In 2024 alone, the industry suffered … Continue reading Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

The post Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe appeared first on KoDDoS Blog.

How Social Media Use Can Create Hidden Cybersecurity Risks

Social media is all around us, helping us stay connected, updated, and entertained. But beneath the endless scroll, a darker reality exists. Hidden cybersecurity threats are growing- some obvious, others much harder to spot. The risks are especially alarming for young users. According to the National Institutes of Health, up to 95% of teens aged … Continue reading How Social Media Use Can Create Hidden Cybersecurity Risks

The post How Social Media Use Can Create Hidden Cybersecurity Risks appeared first on KoDDoS Blog.

KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

From April 1st to 3rd, 2025, KoDDoS, a provider of specialized services in DDoS protection and secure offshore hosting, marked its presence at the InCyber ​​Europe Forum, held at the Lille Grand Palais. A true crossroads of cyber innovation and cooperation, the event is the largest cybersecurity event in Europe. A benchmark event on an … Continue reading KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

The post KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem appeared first on KoDDoS Blog.

Looking back at CloudFest 2025: An essential event for the future of the cloud!

CloudFest is one of the world’s largest cloud computing events. Every year, it brings together the industry’s leading players to discuss the latest technological advancements, emerging trends, and market challenges. In 2025, the event once again cemented its leadership status by providing a dynamic platform for professional exchange and cloud innovation. This edition featured captivating … Continue reading Looking back at CloudFest 2025: An essential event for the future of the cloud!

The post Looking back at CloudFest 2025: An essential event for the future of the cloud! appeared first on KoDDoS Blog.

KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

KoDDoS recently strengthened its commitment to the European tech scene by participating in several major events in France. Our team was honored to be invited to key gatherings in the tech industry, highlighting the importance of innovation and cybersecurity in the evolving digital ecosystem. This strategic tour in Paris allowed us to meet top-tier partners, … Continue reading KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

The post KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris. appeared first on KoDDoS Blog.

KoDDos Will be at CyberShow 2025 in Paris!

The post KoDDos Will be at CyberShow 2025 in Paris! appeared first on KoDDoS Blog.

Technological innovation in the heart of Los Angeles at the CES 2025 🚀

🚀 Cutting-Edge Services KoDDoS has established itself as a key player in the field of high-performance hosting. Specializing in anti-DDoS protection, we ensure unmatched service continuity for our clients in the face of growing threats targeting digital infrastructures. We also invest in groundbreaking technologies, including Web3, blockchain, and the Internet of Things (IoT), providing tailored … Continue reading Technological innovation in the heart of Los Angeles at the CES 2025 🚀

The post Technological innovation in the heart of Los Angeles at the CES 2025 🚀 appeared first on KoDDoS Blog.

Continuous PCI DSS Compliance with File Integrity Monitoring

PCI DSS compliance is often seen as a one-off task, that is, you do the audit, implement controls, and then move on. But then there comes the problem - systems aren’t static, meaning that files, scripts, and configurations change constantly, and even small untracked changes can create gaps that lead to non-compliance or security issues. This is where File Integrity Monitoring (FIM) comes in. It tracks critical files, system binaries, scripts, and configs in real time, alerting when anything changes unexpectedly. For PCI DSS, this is exactly what’s required, from preventing unauthorized changes...

Are We Failing to Secure Files? Attackers Aren’t Failing to Check

According to a new Ponemon study, weak file protections now account for several cybersecurity incidents a year for many organizations. Unsafe file-sharing practices, malicious vendor files, weak access controls, and obscured file activity are largely to blame. File Integrity Monitoring (FIM) could be the solution. Are Files Safe in Transit? More Than Half Unsure You know something’s wrong when more people feel better about downloading files from unknown sources than they do about file uploads or transfers. Over 50% were unsure if files sent via email, transferred via third parties, or...

Beyond VDI: Security Patterns for BYOD and Contractors in 2025

Remote work is no longer a contingency – it’s the operating norm. Yet the security posture for that work often leans on virtual desktops as a default, even when the workforce is dominated by bring‑your‑own‑device (BYOD) users and short‑term contractors. Virtual desktop infrastructure (VDI) can centralize risk, but it can also centralize failure, expand the admin plane, and add latency that users will work around. This piece examines when VDI stops being the safest choice and what to use instead. I’ll compare concrete control patterns, such as secure local enclaves, strong identity guardrails...

Vulnerability Management and Patch Management: How They Work Together

Vulnerability management and patch management are often spoken of in the same breath. Yet they are not the same. Each serves a distinct purpose, and knowing the difference is more than a matter of semantics; it’s a matter of security. Confuse them, and gaps appear. Leave those gaps, and attackers will find them. To build a strong defense, you need to see how these two processes fit together. One scans the horizon for weaknesses. The other arms you with fixes. Both are vital, but neither can do the other’s job. Let’s take a closer look at what they mean, how they differ, and how they work in...

Understanding the OWASP AI Maturity Assessment

Today, almost all organizations use AI in some way. But while it creates invaluable opportunities for innovation and efficiency, it also carries serious risks. Mitigating these risks and ensuring responsible AI adoption relies on mature AI models, guided by governance frameworks. The OWASP AI Maturity Assessment Model (AIMA) is one of the most practical. In this article, we’ll explore what it is, how it compares to other frameworks, and how organizations can use it to assess their AI maturity. What is the OWASP AI Maturity Assessment Model? The OWASP AI Maturity Assessment Model is a...

CISOs Concerned of AI Adoption in Business Environments

UK security leaders are making their voices heard. Four in five want DeepSeek under regulation. They see a tool that promises efficiency but risks chaos. Business is already under pressure. Trade disputes drag on. Interest rates remain high. Cyber threats grow. Every move to expand operations adds risk, and risk is harder to measure when AI enters the equation. AI spreads fast. It cuts costs, fills gaps, and automates mundane tasks. But it also opens hidden doors. In the UK, AI is now part of daily work. A KPMG survey showed that while 69% of employees use it, only 42% trust it. Slightly over...

When It Comes to Breaches, Boards Can’t Hide Behind CISOs Any Longer

A trend that has long been on the rise is finally having its day. A recent industry report revealed that 91% of security professionals believe that ultimate accountability for cybersecurity incidents lies with the board itself, not with CISOs or security managers. If the security discussion hadn’t fully made its way into C-suite conversations before, it has now. The Chartered Institute of Information Security (CIISEC)’s new State of the Security Profession survey checks the pulse of the industry where cybersecurity regulation is concerned. It emerges with one clear, overarching sentiment: “the...

Windows 10 Retirement: A Reminder for Managing Legacy Industrial Control Systems (ICS)

On October 14th, Windows 10 will be retired, and Microsoft will no longer push patches or updates to systems on that operating system. It is crucial for companies to make the jump to Windows 11 now—or risk being exposed to critical vulnerabilities. This is especially important for Industrial Control Systems (ICS), which often run on legacy systems. Failing to transition could mean putting components like PLCs (Programmable Logic Controllers), SCADA (Supervisory Control and Data Aquisition) systems, HMIs (Human-Machine Interfaces) and the critical infrastructure they support at risk. What...

ENISA Will Operate the EU Cybersecurity Reserve. What This Means for Managed Security Service Providers

The European Union is building a new line of defense. On 26 August 2025, the European Commission and the EU Agency for Cybersecurity (ENISA) signed a contribution agreement that hands ENISA the keys to the EU Cybersecurity Reserve. The deal comes with funding: €36 million over three years. ENISA's mission is straightforward, if not simple. It will administer, operate, and monitor the bloc’s emergency cyber response capabilities. Juhan Lepassaar, ENISA’s executive director, said: “Being entrusted with such prominent project, puts ENISA in the limelight as a dependable partner to the European...

Why File Integrity Monitoring (FIM) Is a Must for Compliance — And How to Pick the Right Solution

As Fortra’s new File Integrity Monitoring Buyer’s Guide states, “What was once a security control for simple file changes now ensures integrity across organizations’ entire systems.” The landscape has evolved significantly since Fortra’s Tripwire introduced file integrity monitoring (FIM) over twenty years ago. But that’s exactly why the industry is due for a new look at what makes a FIM solution unique in 2025 — and what you should expect your FIM provider to bring to the table. What Is File Integrity Monitoring? File integrity monitoring was originally developed as a way to make sure nobody...

Clop Ransomware Group Exploits New 0-Day Vulnerabilities in Active Attacks

The Clop ransomware group continues to pose a significant threat to enterprise organizations worldwide, with recent analysis revealing their exploitation of a critical zero-day vulnerability in Oracle E-Business Suite. Operating since early 2019, Clop has established itself as one of the most prolific and sophisticated ransomware gangs, amassing a victim count exceeding 1,025 organizations and […]

The post Clop Ransomware Group Exploits New 0-Day Vulnerabilities in Active Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Issues Alert: BitLocker Recovery Risk After October 2025 Updates

Microsoft has issued an urgent advisory for Windows users, confirming that a recent set of security updates released after October 14, 2025 may cause certain systems to boot into the BitLocker recovery screen upon restart. The issue, currently under active investigation, has resulted in user reports of unexpected prompts for BitLocker recovery keys following device […]

The post Microsoft Issues Alert: BitLocker Recovery Risk After October 2025 Updates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs

Cybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research. The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat actors who have successfully infiltrated Google’s official app marketplace with hundreds of malicious applications. The company’s ThreatLabz 2025 Mobile, IoT, and OT Threat […]

The post Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Three Infamous Hacker Groups Join Forces as the ‘Scattered LAPSUS$ Hunters

The cybercriminal underground has witnessed a significant consolidation as three of the most notorious threat actors Scattered Spider, ShinyHunters, and LAPSUS$ have formally aligned to create the Scattered LAPSUS$ Hunters (SLH), a federated collective that emerged in early August 2025. This strategic merger represents a departure from traditional standalone operations, presenting a sophisticated threat model […]

The post Three Infamous Hacker Groups Join Forces as the ‘Scattered LAPSUS$ Hunters appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA Issues Alert on Gladinet CentreStack and Triofox Vulnerabilities Under Active Exploitation

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Gladinet CentreStack and Triofox to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild. The flaw, tracked as CVE-2025-11371, exposes sensitive system files to unauthorized external parties, posing a significant risk to organizations relying on these cloud file-sharing platforms. Overview […]

The post CISA Issues Alert on Gladinet CentreStack and Triofox Vulnerabilities Under Active Exploitation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google Warns: AI Makes Cyber Threats Faster and Smarter by 2026

Google has released its Cybersecurity Forecast 2026 report, providing a comprehensive analysis of emerging threats and security trends anticipated throughout the coming year. Rather than relying on speculation, the report is grounded in real-world data and insights gathered from Google Cloud security leaders, dozens of experts, analysts, researchers, and frontline security responders. The forecast reveals […]

The post Google Warns: AI Makes Cyber Threats Faster and Smarter by 2026 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

NGate Malware Enables Unauthorized Cash Withdrawals at ATMs Using Victims’ Payment Cards

NGate represents a sophisticated Android-based threat that exploits NFC technology to enable unauthorized ATM cash withdrawals without physically stealing payment cards. Rather than stealing cards outright, threat actors use an ingenious relay attack that intercepts the card’s NFC communications from a victim’s Android phone and transmits them to an attacker-controlled device positioned at an ATM, […]

The post NGate Malware Enables Unauthorized Cash Withdrawals at ATMs Using Victims’ Payment Cards appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

APT-C-60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants

JPCERT/CC has issued an urgent warning about ongoing attacks by the advanced persistent threat group APT-C-60, which continues to target recruitment professionals in Japan through sophisticated spear-phishing campaigns. The attack campaign specifically impersonates job seekers contacting recruitment staff, exploiting the natural workflow of human resources professionals who regularly review candidate submissions. Between June and August […]

The post APT-C-60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA Alerts of Control Web Panel Command Injection Flaw Actively Exploited

The Cybersecurity and Infrastructure Security Agency has issued an urgent alert about a critical command-injection vulnerability in Control Web Panel that is currently being actively exploited in the wild. Tracked as CVE-2025-48703, this flaw poses a significant threat to organizations running the popular server management platform and demands immediate attention from system administrators worldwide. Control […]

The post CISA Alerts of Control Web Panel Command Injection Flaw Actively Exploited appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers Exploit AI Tools to Intensify Ransomware Attacks on European Organizations

European organizations are facing an unprecedented surge in ransomware attacks as cybercriminals increasingly adopt artificial intelligence and sophisticated social engineering tactics to breach defenses and accelerate their operations. According to the latest CrowdStrike 2025 European Threat Landscape Report, big game hunting ransomware adversaries have named approximately 2,100 European-based victims on more than 100 dedicated leak […]

The post Hackers Exploit AI Tools to Intensify Ransomware Attacks on European Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

How the F5 breach, CISA job cuts, and a government shutdown are eroding U.S. cyber readiness

By furloughing employees, halting procurement, and delaying guidance, agencies are operating with skeleton crews and depleted morale. For nation-state operators, this expanding attack surface and declining oversight are creating a huge window of opportunity.

The post How the F5 breach, CISA job cuts, and a government shutdown are eroding U.S. cyber readiness appeared first on CyberScoop.

North Korean companies, people sanctioned for money laundering from cybercrime, IT worker schemes

The Treasury Department on Tuesday sanctioned eight people and two companies it accused of laundering money obtained from cybercrime and IT worker schemes to fund North Korean government objectives. According to the department, over the last three years North Korea-linked cybercriminals have stolen over $3 billion, mostly in cryptocurrency. In addition, it said, North Korean […]

The post North Korean companies, people sanctioned for money laundering from cybercrime, IT worker schemes appeared first on CyberScoop.

Apple addresses more than 100 vulnerabilities in security updates for iPhones, Macs and iPads

The tech giant didn’t report active exploitation of any of the patched defects, yet details about potential impacts remain limited.

The post Apple addresses more than 100 vulnerabilities in security updates for iPhones, Macs and iPads appeared first on CyberScoop.

Bugcrowd acquires Mayhem Security to advance AI-powered security testing

Mayhem, which won the 2016 DARPA Cyber Grand Challenge, will have all its employees join Bugcrowd.

The post Bugcrowd acquires Mayhem Security to advance AI-powered security testing appeared first on CyberScoop.

OPM plans to give CyberCorps members more time to find jobs after shutdown ends

The agency discussed the plans amid student concerns that they’ll be on the hook for six-figure tuition costs, with federal cyber job openings sparse.

The post OPM plans to give CyberCorps members more time to find jobs after shutdown ends appeared first on CyberScoop.

Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks

The alleged cybersecurity turncoats attacked at least five U.S. companies while working for their respective employers, officials said.

The post Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks appeared first on CyberScoop.

Zscaler adds more AI to its offerings with Splx acquisition

The Splx deal follows Zscaler’s recent acquisition of Red Canary, an AI-driven threat management company.

The post Zscaler adds more AI to its offerings with Splx acquisition appeared first on CyberScoop.

Don’t let Congress punt on cyber insurance reform

The cyber incidents in the headlines aren’t acts of cyber terror.

The post Don’t let Congress punt on cyber insurance reform appeared first on CyberScoop.

Alleged 764 leader arrested in Arizona, faces life in prison

Baron Cain Martin, a 21-year-old, allegedly joined the nihilistic violent extremist group in 2019. Officials described his alleged crimes as “atrocious” and “so depraved they defy comprehension.”

The post Alleged 764 leader arrested in Arizona, faces life in prison appeared first on CyberScoop.

Ukrainian allegedly involved in Conti ransomware attacks faces up to 25 years in jail

Oleksii Lytvynenko, 43, was arrested in Ireland in 2023 and extradited to the U.S. earlier this month. He pleaded not guilty in federal court Thursday.

The post Ukrainian allegedly involved in Conti ransomware attacks faces up to 25 years in jail appeared first on CyberScoop.

New Forescout report finds 65% of connected assets are outside traditional IT visibility

Forescout® Technologies, a global leader in cybersecurity, has announced the launch of eyeSentry, a new cloud-native exposure management solution designed to help enterprises continuously uncover and mitigate hidden risks across IT, Internet of Things (IoT), and Internet of Medical Things (IoMT) environments. As organisations continue to embrace hybrid and cloud infrastructures, traditional vulnerability management methods […]

The post New Forescout report finds 65% of connected assets are outside traditional IT visibility appeared first on IT Security Guru.

APIContext Rolls Out Browser Monitoring to Assess Real-World Website Performance and SEO Outcomes

APIContext, the leader in resilience monitoring, today unveiled its new Browser Monitoring tool, a headless browser capability that lets organisations see exactly how their websites perform in real-world conditions. According to a public presentation by Akamai Technologies, 58% of website traffic is now generated by machines, making it critical to understand how web pages interact […]

The post APIContext Rolls Out Browser Monitoring to Assess Real-World Website Performance and SEO Outcomes appeared first on IT Security Guru.

Zensar and Saviynt forge global alliance to elevate identity governance and privilege management

Zensar Technologies, a leading experience, engineering, and engagement technology solutions company, announced the expansion of its strategic partnership with Saviynt, a global leader in AI-based identity security and governance solutions. This collaboration is aimed at helping organizations manage growing identity and governance-related challenges without adding operational risk. Zensar’s global delivery capabilities are supported by a growing […]

The post Zensar and Saviynt forge global alliance to elevate identity governance and privilege management appeared first on IT Security Guru.

Proton Brings Privacy-Focused AI to the Workplace with Lumo for Business

Proton, the company best known for Proton Mail and Proton VPN, has launched Lumo for Business, a new version of its privacy-first AI assistant designed specifically for teams. The move marks the third major update to Lumo in just three months and signals Proton’s push to bring confidential, end-to-end encrypted AI to the enterprise market. […]

The post Proton Brings Privacy-Focused AI to the Workplace with Lumo for Business appeared first on IT Security Guru.

Why API Security Is Central to AI Governance

APIs are now the action layer of AI that make up your API fabric. Every LLM workflow, agent, and MCP tool call rides on an API. This makes API governance the working heart of AI governance, especially with the arrival of landmark frameworks like the EU AI Act and ISO/IEC 42001. These new regulations turn […]

The post Why API Security Is Central to AI Governance appeared first on IT Security Guru.

UK Organisations Trail Global Peers on Zero Trust Adoption, Research Finds

A new research report by Keeper Security has revealed global insights from security professionals on the state of cybersecurity. The report, entitled Identity, AI and Zero Trust: Cybersecurity Perspectives from Infosecurity Europe, Black Hat USA and it-sa, found that professionals across the UK, the United States and Germany agreed that Artificial Intelligence (AI) is reshaping […]

The post UK Organisations Trail Global Peers on Zero Trust Adoption, Research Finds appeared first on IT Security Guru.

AI Can Transform the Restaurant Industry But Only If It’s Built Securely

AI is transforming how restaurants operate. It’s automating calls, managing orders, handling reservations and even predicting customer demand. But, what lies beneath the surface? Beyond this exciting wave of innovation lies a growing security question that is, how safe is the data fuelling all this progress? In an industry that deals daily with personal details, […]

The post AI Can Transform the Restaurant Industry But Only If It’s Built Securely appeared first on IT Security Guru.

Cross-Border Crypto Payouts in iGaming Security and Compliance

As online gaming platforms expand across jurisdictions, the use of cryptocurrencies for payouts opens new vistas — and new risk corridors. Winnings flowing across borders via digital assets challenge the conventions of banking systems, yet also force operators and regulators to confront security, regulatory, and compliance gaps. The shift from fiat to crypto is more […]

The post Cross-Border Crypto Payouts in iGaming Security and Compliance appeared first on IT Security Guru.

Check Point and NVIDIA Join Forces to Lock Down Enterprise AI Workloads

Check Point has unveiled its new solution, AI Cloud Protect, built in partnership with the NVIDIA Corporation. The offering is designed to deliver end-to-end protection for enterprise AI infrastructure, from model development through to inference, leveraging NVIDIA’s BlueField data processing units and DOCA security framework. Security gaps are emerging, as organisations accelerate AI adoption. According […]

The post Check Point and NVIDIA Join Forces to Lock Down Enterprise AI Workloads appeared first on IT Security Guru.

KnowBe4 Honours 2025 EMEA Partner Programme Award Winners

KnowBe4, the HRM+ provider, has announced the winners of its 2025 Partner Programme Awards from Europe, the Middle East and Africa (EMEA) during their KB4-CON EMEA event. The annual awards programme recognises KnowBe4 partners demonstrating sales excellence, marketing innovation, thought leadership and top performance in key growth areas. The awards ceremony closed the first day […]

The post KnowBe4 Honours 2025 EMEA Partner Programme Award Winners appeared first on IT Security Guru.

Tycoon 2FA Phishing Kit Analysis

The Tycoon 2FA phishing kit is a sophisticated Phishing-as-a-Service (PhaaS) platform that emerged in August 2023, designed to bypass two-factor authentication (2FA) and multi-factor authentication (MFA) protections, primarily targeting Microsoft 365 and Gmail accounts. Utilizing an Adversary-in-the-Middle (AiTM) approach, it employs a reverse proxy server to host deceptive phishing pages that mimic legitimate login interfaces, capturing user credentials and session cookies in real-time. According to the Any.run malware trends tracker, Tycoon 2FA leads with over 64,000 reported incidents this year.

From Scripts to Systems: A Comprehensive Look at Tangerine Turkey Operations

Cybereason Security Services issue Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

In this Threat Analysis report, Cybereason Security Services investigates the flow of a Tangerine Turkey campaign observed in Cybereason EDR. Tangerine Turkey is a threat actor identified as a visual basic script (VBS) worm used to facilitate cryptomining activity.

Cybereason TTP Briefing Q3 2025: LOLBINs and CVE Exploits Dominate

Explore the latest trends, techniques, and procedures (TTPs) our incident response (IR) experts are actively facing with the TTP Briefing Q3 2025, a report built on frontline threat intelligence from our global incident response investigations, enriched by noteworthy detections from our SOC. 

Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882

Overview and What Cybereason Knows So Far

• July 2025, Oracle releases security updates including 309 patches, which included nine that addressed flaws/vulnerabilities in Oracle E-Business Suite (EBS).
• July 2025 (end of) through September 2025 (beginning of), Cybereason has assessed based on emerging evidence and ongoing forensic investigations, that CL0P orchestrated an Intrusion Path that allowed for unauthorized access to on-premise, customer-managed Oracle E-Business Suite (EBS) solutions, enumerated accessible and stored data, and conducted data exfiltration.
• September 2025 (end of) through October 2025 (beginning of), a widespread orchestrated email extortion campaigns emerged targeting users of on-premise, customer-managed Oracle E-Business Suite (EBS) and requesting contact with CL0P in order to not expose data allegedly exfiltrated.
• October 2025 (beginning of), Cybereason is aware of ongoing investigations in which CL0P has provided proof of data. CL0P does not appear to have named new victims associated with this incident as of October 4, 2025.
• October 5, 2025, Oracle confirms CVE-2025-61882 in Oracle E-Business Suite (EBS). This vulnerability was remotely exploitable without authentication (i.e., it can be exploited over a network without the need for a username and password). Successful exploitation can lead to remote code execution (RCE).
• October 7, 2025, Cybereason confirms earliest evidence of threat actor activity occurred August 9, but is subject to change based on ongoing investigations. 

7000+ IRs Later: The 11 Essential Cybersecurity Controls

Decades in incident response reveal battle-tested cybersecurity controls that minimize attack surface, improve detection and response, reduce incident impact and losses, and build cyber resilience (with compliance mappings for easy implementation).

Behind the Mask of Madgicx Plus: A Chrome Extension Campaign Targeting Meta Advertisers

Cybereason Security Services recently analyzed an investigation into a broader malicious Chrome extension campaign, part of which had been previously documented by DomainTools. While earlier iterations of this campaign involved the impersonation a variety of services, the latest version shifts focus to Meta (Facebook/Instagram) advertisers through a newly crafted lure: “Madgicx Plus,” a fake AI-driven ad optimization platform. Promoted as a tool to streamline campaign management and boost ROI using artificial intelligence, the extension instead delivers potentially malicious functionalities capable of hijacking business sessions, stealing credentials, and compromising Meta Business accounts. Notably, several domains associated with earlier parts of the campaign have been repurposed to promote this new theme, highlighting the operators’ tendency to recycle infrastructure while adapting their social engineering strategy to new targets.

CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities

Key Takeaways

• Two zero-day vulnerabilities discovered in on-premise Microsoft SharePoint servers, tracked as CVE‑2025‑53770 and CVE‑2025‑53771.
• Affected versions include: Subscription Edition – KB5002768, SharePoint 2019 – KB5002754, SharePoint 2016 – KB5002760. 
• If exploited, these vulnerabilities could allow for remote code execution (RCE). 
• Cybereason has observed ongoing active exploitation attempts of these vulnerabilities through our Global SOC monitoring. 
• With this exploit, we recommend taking an “assume compromised” posture, immediately patching impacted versions, and conducting incident response historical look back. 

BlackSuit: A Hybrid Approach with Data Exfiltration and Encryption

Cybereason Security Services issue Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

Deploying NetSupport RAT via WordPress & ClickFix

In May 2025, Cybereason Global Security Operations Center (GSOC) detected that threat actors have been hosting malicious WordPress websites to deliver malicious versions of the legitimate NetSupport Manager Remote Access Tool (RAT). 

Introducing the Cybereason TTP Briefing: Frontline Threat Intelligence Insights

Gain insight into the latest attack trends, techniques, and procedures our Incident Response experts are actively facing with the brand new TTP Briefing, a report built on frontline threat intelligence from our global incident response (IR) investigations, enriched by noteworthy detections from our SOC. 

How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Soon�

Posted by Sean @ 12:52 GMT

Our "construction project" is progressing nicely.



And it should resolve this…



Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.

On 18/08/15 At 12:52 PM

Work In Progress

Posted by Sean @ 13:25 GMT

Regular readers will have noticed it's been slow here of late.


Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.

On 13/08/15 At 01:25 PM

"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT

Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:



And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.



We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.

On 23/07/15 At 09:53 AM

Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.


An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.


A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.


A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".


Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.


The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP

On 22/07/15 At 11:59 AM

'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT

VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.



The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.

On 20/07/15 At 12:40 PM

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:



Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:



Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.



The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)

On 17/07/15 At 10:15 AM

Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.




Here are the stats for each exploit kit:




The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:




Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:




We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:




HanJuan Flash Exploit:




There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.

On 13/07/15 At 12:29 PM

The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT

When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):



Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:





Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.


Post by – Su Gim

On 08/07/15 At 02:31 AM

Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT

The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.


(Source)


So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.

On 09/06/15 At 01:25 PM

Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT

I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.



Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean

On 08/06/15 At 01:27 PM

SMS Exploit Messages

Posted by Sean @ 13:56 GMT

There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.


S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:


Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:


Effective Power Unicode iOS hack vs Twitter

On 28/05/15 At 01:56 PM

Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT

In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:



When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:



So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:



Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:



If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:



And then to the malware itself:



This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor

On 19/05/15 At 03:17 AM

Mac Hack Demonstration

Posted by Sean @ 12:46 GMT

Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.



Don't worry, it's an authorized hack, she asked her mom for permission.

On 15/05/15 At 12:46 PM

Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries.  As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

Digital Warfare and the New Geopolitical Frontline

This article follows our recent article on the source of cybercrime attacks – read it here – we’re now exploring the global, commercial, and political dimensions of digital warfare. Key takeaways $100 billion in global cyber damages annually – equivalent to the GDP of a mid-sized nation. $400 million in business impact from a single […]

The post Digital Warfare and the New Geopolitical Frontline appeared first on Heimdal Security Blog.

Nearly 40% of 2024 Ransomware Payouts May Have Gone to Russia, China & North Korea

Ransomware victims paid an estimated $813 million in 2024. Nearly 40 percent of that may have gone to actors in Russia, China and North Korea, according to new analysis from cybersecurity firm Heimdal. Heimdal used recent telemetry, infrastructure tracing and ownership mapping to assess how ransomware revenue is likely distributed. The $813 million figure comes […]

The post Nearly 40% of 2024 Ransomware Payouts May Have Gone to Russia, China & North Korea appeared first on Heimdal Security Blog.

What is Managed ITDR? Key Definitions, Features, and Benefits

Key takeaways: MITDR explained: Managed ITDR combines identity threat detection with expert-led response. Why it matters: Get better protection and lower costs without building a full in-house team. What to look for: Prioritize behavioral monitoring, real-time response, and expert oversight You’ve got the ITDR solution. That’s a good step towards effective account and identity-based threat […]

The post What is Managed ITDR? Key Definitions, Features, and Benefits appeared first on Heimdal Security Blog.

Retail cybersecurity statistics for 2025

Cyber attacks against retail businesses have made headlines in 2025. Read this retail cybersecurity statistics rundown to understand more.  For cyber criminals, the retail sector makes for a very attractive target. Retail businesses hold vast troves of valuable customer details, payment information and inventory data. What is more, any disruption caused by cyber crime is […]

The post Retail cybersecurity statistics for 2025 appeared first on Heimdal Security Blog.

Cyber Insurance Statistics for 2025

More and more businesses are taking out cyber insurance in 2025. Read our statistics rundown to understand why.  Investing in cyber insurance is a smart move. In case of a cyber attack, it can reduce the financial burden of a breach and give businesses (and individuals) peace of mind.  Advanced cybersecurity software should always be […]

The post Cyber Insurance Statistics for 2025 appeared first on Heimdal Security Blog.

Is Your Tech Stack Killing Profitability? The Silent Bug Crippling MSP Growth

Many MSPs want to grow, but internal complexity often holds them back. In this guest article, Portland, a Heimdal partner, breaks down how fragmented systems and unclear value messaging can quietly erode profits, compliance, and trust – and how to fix it.  The “system bug” holding MSPs back “Stop talking about technology. Start talking about […]

The post Is Your Tech Stack Killing Profitability? The Silent Bug Crippling MSP Growth appeared first on Heimdal Security Blog.

Cybersecurity Has a Motivation Problem

I’ve worked in cybersecurity long enough to see that our biggest challenge isn’t a technical one, it’s motivational. We can build the strongest firewalls, design the smartest detection systems, and run endless awareness campaigns, but none of it matters if people don’t want to care. That’s the uncomfortable truth; cyber security has a motivation problem. […]

The post Cybersecurity Has a Motivation Problem appeared first on Heimdal Security Blog.

Agent Fatigue Is Real and Your Security Stack Is to Blame

Your senior analyst stares at alert number 47. It’s not even lunch. Another “suspicious login detected.” They switch to the third dashboard of the morning, cross-reference the user activity, and confirm what they already knew. Bob from accounting is working late again. Meanwhile, three dashboards over, actual lateral movement is happening on a client’s network. […]

The post Agent Fatigue Is Real and Your Security Stack Is to Blame appeared first on Heimdal Security Blog.

Heimdal 5.0.0 RC: RDP Protection, Ransomware Detection, and OS Deployment

Version 5.0.0 adds three major features for MSPs. a module that controls RDP access an improved ransomware detection engine a simpler way to deploy Windows over the network. Remote Access Protection (RAP): Block Unauthorized RDP Attempts RDP brute-force attacks remain a top breach vector, so we built a new module that monitors and filters Remote […]

The post Heimdal 5.0.0 RC: RDP Protection, Ransomware Detection, and OS Deployment appeared first on Heimdal Security Blog.

Where Ransomware Profits Go and How to Cut Them Off

Researched and written by Heimdal founder Morten Kjaersgaard, this article exposes how even limited cooperation between registry bodies and law enforcement could cripple ransomware networks and raise the cost for cybercriminals. This article serves as a wake-up call. Even limited cooperation between registry bodies and law enforcement could cripple ransomware networks and raise the cost […]

The post Where Ransomware Profits Go and How to Cut Them Off appeared first on Heimdal Security Blog.

ITDR vs EDR: What are the Key Differences?

Key takeaways: What are the main differences between ITDR, EDR, and other security solutions? How does ITDR provide effective protection against identity-based threats? How to effectively detect and respond to attacks. If there’s one thing the cybersecurity community loves, it’s an acronym. To some extent, this has been the case since the earliest days of cybersecurity. […]

The post ITDR vs EDR: What are the Key Differences? appeared first on Heimdal Security Blog.

What Is Identity Threat Detection and Response?

Key insights: What is identity threat detection and response (ITDR)? What are the differences and similarities between ITDR and EDR? What are the alternatives to ITDR? Identity Threat Detection and Response (ITDR) is a comparatively new term in the cybersecurity scene. It was first coined by Gartner in 2022 and has since become a cornerstone […]

The post What Is Identity Threat Detection and Response? appeared first on Heimdal Security Blog.

Small Business Cybersecurity Statistics in 2025

Small businesses are a big target for cyber criminals. Read our small business statistics rundown to get a true picture of how the sector is being affected in 2025. Until relatively recently, cybercrime wasn’t perceived as a major risk for small businesses. Hackers traditionally focused on larger companies or government bodies with more money and […]

The post Small Business Cybersecurity Statistics in 2025 appeared first on Heimdal Security Blog.

Follow the Money Blueprint For MSP Success (With Dave Sobel)

“If I was starting an MSP today, I am not sure I would start an MSP.” Now that’s a way to grab your attention when opening a podcast. Coming from Dave Sobel, someone who’s been an MSP owner, vendor executive, and now runs The Business of Tech podcast – that’s not a throwaway comment. Dave […]

The post Follow the Money Blueprint For MSP Success (With Dave Sobel) appeared first on Heimdal Security Blog.

Digital doppelgängers: How sophisticated impersonation scams target content creators and audiences

Content creation is no longer niche. Over 50 million Americans earn income by making videos, livestreams, podcasts, or other digital media. Many are full-time creators, while others pursue it as a side hustle. Either way, having an online presence is becoming increasingly risky.  Scammers are catching on. In 2024 alone, the Federal Trade Commission’s logged […]

The post Digital doppelgängers: How sophisticated impersonation scams target content creators and audiences appeared first on Heimdal Security Blog.

ISC Stormcast For Wednesday, November 5th, 2025 https://isc.sans.edu/podcastdetail/9686, (Wed, Nov 5th)

No summary available.

Apple Patches Everything, Again, (Tue, Nov 4th)

Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating systems. None of the vulnerabilities is marked as already exploited. Apple only offers very sparse vulnerability descriptions. Here are some vulnerabilities that may be worth watching:

ISC Stormcast For Tuesday, November 4th, 2025 https://isc.sans.edu/podcastdetail/9684, (Tue, Nov 4th)

No summary available.

XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers, (Mon, Nov 3rd)

XWiki describes itself as "The Advanced Open-Source Enterprise Wiki" and considers itself an alternative to Confluence and MediaWiki. In February, XWiki released an advisory (and patch) for an arbitrary remote code execution vulnerability. Affected was the SolrSearch component, which any user, even with minimal "Guest" privileges, can use. The advisory included PoC code, so it is a bit odd that it took so long for the vulnerability to be widely exploited.

ISC Stormcast For Monday, November 3rd, 2025 https://isc.sans.edu/podcastdetail/9682, (Mon, Nov 3rd)

No summary available.

Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287, (Sun, Nov 2nd)

Sensors reporting firewall logs detected a significant increase in scans for port 8530/TCP and 8531/TCP over the course of last week. Some of these reports originate from Shadowserver, and likely other researchers, but there are also some that do not correspond to known research-related IP addresses.

ISC Stormcast For Friday, October 31st, 2025 https://isc.sans.edu/podcastdetail/9680, (Fri, Oct 31st)

No summary available.

X-Request-Purpose: Identifying "research" and bug bounty related scans?, (Thu, Oct 30th)

This week, I noticed some new HTTP request headers that I had not seen before:

ISC Stormcast For Thursday, October 30th, 2025 https://isc.sans.edu/podcastdetail/9678, (Thu, Oct 30th)

No summary available.

How to collect memory-only filesystems on Linux systems, (Wed, Oct 29th)

I&#;x26;#;39;ve been doing Unix/Linux IR and Forensics for a long time. I logged into a Unix system for the first time in 1983. That&#;x26;#;39;s one of the reasons I love teaching FOR577[1], because I have stories that go back to before some of my students were even born that are still relevant today.

The Rapid Advancement of Malicious AI Is Changing Cyberdefense Forevermore

AI maturation is leading to more malicious hacking attacks.

CyberheistNews Vol 15 #44 [Mystery] Tough One: Is It or Is It Not an HP Scam?

Report: AI Poisoning Attacks Are Easier Than Previously Thought

Attackers can more easily introduce malicious data into AI models than previously thought, according to a new study from Antropic.

Poisoned AI models can produce malicious outputs, leading to follow-on attacks. For example, attackers can train an AI model to provide links to phishing sites or plant backdoors in AI-generated code.

UN Convention Against Cybercrime Is a Huge Win!

One of the biggest reasons why cybercrime is so bad — and is increasing each year —is that so much of it is committed by foreign nationals who are not physically located in the country they are attacking.

When a “Contact Us” Form Becomes “Contact a Cybercriminal”

Lead Analysts: Lucy Gee and James Dyer

Cybercriminals want their payday. Unfortunately for the targets of phishing (and the organizations they work for) that means they’re constantly refining their tactics to create more sophisticated attacks that are harder to detect – by both email security products and people.

Report: Organizations Are Struggling to Keep Up With AI-Powered Attacks

76% of organizations are struggling to keep up with the sophistication of AI-powered attacks, according to CrowdStrike’s latest State of Ransomware Survey.

Insider Risk, Ethical Walls and the Future of Data Governance in Financial Services

In the complex ecosystem of financial services, some of the greatest threats come from within. While cybersecurity for financial institutions often focuses on external threat actors, the reality is that insider risks—whether intentional or accidental—pose an equally dangerous challenge to regulatory compliance and organizational integrity.

The Human-AI Partnership: Securing the New Dual-Front of Business Risk

The integration of artificial intelligence into the modern workplace represents a paradigm shift in productivity and innovation.

Is It Or Is It Not an HP Scam?

These days it can be hard to tell if something is or isn’t a scam.

CyberheistNews Vol 15 #43 [Heads Up] Block Attackers Who Abuse Grok to Spread Phishing Links

News alert: Insider risk report finds behavioral blind spots leave most orgs exposed, confidence low

BALTIMORE, Nov. 4, 2025, CyberNewswire — he new 2025 Insider Risk Report, produced by Cybersecurity Insiders in collaboration with Cogility, highlights that nearly all security leaders (93%) say insider threats are as difficult or harder to detect than … (more…)

The post News alert: Insider risk report finds behavioral blind spots leave most orgs exposed, confidence low first appeared on The Last Watchdog.

MY TAKE: From AOL-Time Warner to OpenAI-Amazon — is the next tech bubble already inflating?

Anyone remember the dot-com bubble burst? The early warning came in January 2000, when AOL and Time Warner joined forces in a $164 billion deal — the largest merger in U.S. history at the time.

Related: Reuters’ backstory on Amazon … (more…)

The post MY TAKE: From AOL-Time Warner to OpenAI-Amazon — is the next tech bubble already inflating? first appeared on The Last Watchdog.

MY TAKE: Microsoft pitches an AI ‘protopian’ future — while civic groups pedal to stay upright

SEATTLE — At a well-meaning civic forum hosted inside a south Seattle community space yesterday (Oct. 30,) Microsoft’s Lorraine Bardeen coined a new term: protopian.

Related: The workflow cadences of GenAI

She said it three times, as if underlining … (more…)

The post MY TAKE: Microsoft pitches an AI ‘protopian’ future — while civic groups pedal to stay upright first appeared on The Last Watchdog.

News alert: Aembit extends Workload IAM to close the access-control gap in enterprise AI deployments

SILVER SPRING, Md., Oct. 30, 2025, CyberNewswire — Aembit today announced the launch of Aembit Identity and Access Management (IAM) for Agentic AI, a set of capabilities that help organizations safely provide and enforce access policies for AI agents as … (more…)

The post News alert: Aembit extends Workload IAM to close the access-control gap in enterprise AI deployments first appeared on The Last Watchdog.

MY TAKE: What a cystoscopy taught me about the changing face of patient care — and trusting AI

The other day, I found myself flat on my back in a urologist’s exam room, eyes fixed on the ceiling tiles as a cystoscope made its slow, deliberate circuit.

Related: Click-baiters are having an AI  field day

Dr. Mitchell narrated … (more…)

The post MY TAKE: What a cystoscopy taught me about the changing face of patient care — and trusting AI first appeared on The Last Watchdog.

MY TAKE: Have you noticed how your phone’s AI assistant is starting to remap what you trust?

This morning, I tried to power down my Samsung S23 smartphone.

Related: Sam Altman seeks to replace the browser

I long-pressed the side key expecting the usual “Power off / Restart” menu. Instead, a small Gemini prompt window appeared towards … (more…)

The post MY TAKE: Have you noticed how your phone’s AI assistant is starting to remap what you trust? first appeared on The Last Watchdog.

News alert: Arsen rolls out ‘Smishing Simulation’ to strengthen defenses against mobile phishing threats

PARIS, Oct. 24, 2025, CyberNewswire — Arsen, the cybersecurity company dedicated to helping organizations defend against social engineering, today introduced its new Smishing Simulation module: a feature designed to let companies run realistic, large-scale SMS phishing simulations across their … (more…)

The post News alert: Arsen rolls out ‘Smishing Simulation’ to strengthen defenses against mobile phishing threats first appeared on The Last Watchdog.

News Alert: SquareX reveals new browser threat — AI sidebars cloned to exploit user trust

PALO ALTO, Calif., Oct.  23, 2025, CyberNewswire: SquareX released critical research exposing a new class of attack targeting AI browsers.

The AI Sidebar Spoofing attack leverages malicious browser extensions to impersonate trusted AI sidebar interfaces, which is used to trick … (more…)

The post News Alert: SquareX reveals new browser threat — AI sidebars cloned to exploit user trust first appeared on The Last Watchdog.

MY TAKE: Sam Altman is wielding OpenAI to usurp the browser, seize the user interface crown

Something quietly consequential just happened in Silicon Valley.

Related: The new workflow cadences of GenAI

At OpenAI’s first-ever developer conference, CEO Sam Altman showcased a new capability inside ChatGPT: the ability to interact directly with apps — no browser, no … (more…)

The post MY TAKE: Sam Altman is wielding OpenAI to usurp the browser, seize the user interface crown first appeared on The Last Watchdog.

News Alert: Sendmarc taps veteran email security leader Dan Levinson to expand U.S. footprint

WILMINGTON, Del., Oct. 21, 2025, CyberNewswire — Sendmarc has announced the appointment of Dan Levinson as Customer Success Director – North America, furthering the company’s regional expansion and commitment to providing expert, locally aligned support to organizations across the continent.… (more…)

The post News Alert: Sendmarc taps veteran email security leader Dan Levinson to expand U.S. footprint first appeared on The Last Watchdog.

Should you let Chrome store your driver’s license and passport?

Chrome’s enhanced autofill makes storing your passport and ID easy—but convenience like this can come at a high cost.

Apple patches 50 security flaws—update now

Apple has patched nearly 50 security flaws across iPhones, Macs, Safari and more. Some could expose your data or let hackers in, so don’t wait to update.

“Sneaky” new Android malware takes over your phone, hiding in fake news and ID apps

Think you’re just checking the news? A particularly sneaky Android Trojan has other plans—like stealing your banking details.

Sling TV turned privacy into a game you weren’t meant to win

California has fined Sling TV for misleading privacy controls that made opting out nearly impossible. Even children’s data ended up in ad targeting.

Attack of the clones: Fake ChatGPT apps are everywhere

App stores are overflowing with AI lookalikes—some harmless copies, others hiding adware or even spyware.

Would you sext ChatGPT? (Lock and Code S06E22)

This week on the Lock and Code podcast, we speak with Deb Donig about OpenAI's stated desire to release "erotica" on ChatGPT.

Malwarebytes aces PCMag Readers’ Choice Awards and AVLab Cybersecurity Foundation tests

Malwarebytes earned three PCMag wins and achieved 100% protection in AVLab Cybersecurity Foundation’s latest malware test.

A week in security (October 27 – November 2)

A list of topics we covered in the week of October 27 to November 2 of 2025

Update Chrome now: 20 security fixes just landed

Google’s latest Chrome release fixes seven serious flaws that could let attackers run malicious code just by luring you to a compromised page.

How scammers use your data to create personalized tricks that work

Attackers don’t need to hack you to find you. They just piece together what’s already public.

Ransomware gang claims Conduent breach: what you should watch for next [updated]

You could be one of more than 10 million people caught up in its recent data breach. Here's what to watch out for.

Fake PayPal invoice from Geek Squad is a tech support scam

Tina Pal wants a word about your PayPal account—but it's a scam. Here’s how to spot the red flags and what to do if you’ve already called.

Atlas browser’s Omnibox opens up new privacy and security risks

By blending search and chat in one field, OpenAI’s Atlas has made browsing more convenient—and more dangerous.

Gmail breach panic? It’s a misunderstanding, not a hack

No, Gmail wasn’t hacked. But a flood of old stolen credentials on the dark web sparked headlines suggesting otherwise. Here’s what really happened.

School’s AI system mistakes a bag of chips for a gun

“I don’t think a chip bag should be mistaken for a gun,” said the student, as eight police cars showed up to take down him and his Doritos.

Around 70 countries sign new UN Cybercrime Convention—but not everyone’s on board

A global deal to fight cybercrime sounds sensible—but critics warn it could expand surveillance and criminalize researchers.

NSFW ChatGPT? OpenAI plans “grown-up mode” for verified adults

ChatGPT is about to get a whole lot more human. OpenAI will roll out a version that can flirt, joke, and even get steamy—with age checks in place.

How to set up two factor authentication (2FA) on your Instagram account

Step-by-step instructions on how to enable 2FA on your Instagram account—for Android, iOS, and on the web.

Phishing scam uses fake death notices to trick LastPass users

LastPass is warning that phishers are exploiting the digital will feature to trick people into handing over their master passwords.

A week in security (October 20 – October 26)

A list of topics we covered in the week of October 20 to October 26 of 2025

How DORA fits with ISO 27001, NIS2 and the GDPR

Although DORA (the EU Digital Operational Resilience Act) has been in effect since January 2025, organisations that supply the EU’s financial services sector are under growing pressure to demonstrate compliance with its requirements. For most, this isn’t about starting from scratch but about mapping what’s already in place, identifying where DORA goes further and then expanding on current practices. After all, DORA builds on – not replaces – established frameworks, standards and other compliance regimes such as ISO 27001, NIS2 (the Network and Information Security Directive 2) and the GDPR (General Data Protection Regulation). It formalises ICT risk governance for

The post How DORA fits with ISO 27001, NIS2 and the GDPR appeared first on IT Governance Blog.

CISM Exam Tips from a Consultant: Five Insider Insights to Help You Pass

The CISM® (Certified Information Security Manager) exam is one of the toughest in the field – according to most providers, pass rates are around 60–65% (ISACA doesn’t publish official figures). Even experienced professionals find it demanding, something our consultants know first-hand. Soji Ogunjobi is a cyber security specialist and instructor, with nearly two decades of experience as a cyber security professional and IT auditor. He also has an MSc in Information Technology, Computer and Information Systems, as well as CISM, CISSP, CISA, CCSP and various other cyber security qualifications. Below are five practical CISM exam tips drawn directly from his

The post CISM Exam Tips from a Consultant: Five Insider Insights to Help You Pass appeared first on IT Governance Blog.

How To Comply with ISO 27001’s New Cloud Services Control

The 2022 update to ISO 27001 introduced a new control for the use of Cloud services. It outlines the policies and procedures that are required when acquiring, using, managing or exiting Cloud services. Adding this control was an obvious and necessary step given just how many organisations use Cloud services as part of their core business activities. An estimated 96% of all organisations use at least one Internet-based IT resource, such as Amazon Web Services or Microsoft Azure. Whenever an organisation implements a new resource on which sensitive data is stored or upon which key business activities rely, it must

The post How To Comply with ISO 27001’s New Cloud Services Control appeared first on IT Governance Blog.

What DORA Means for ICT Suppliers: MSPs, SaaS and Cloud in Scope

If you provide ICT (information and communication technology) services to financial institutions in the EU – whether managed services, SaaS (software as a service), Cloud facilities, payment infrastructure, or other tools and platforms – then DORA (the EU Digital Operational Resilience Act) affects you. What does DORA do? DORA creates a single, EU-wide framework for ICT risk management, incident reporting, resilience testing, third-party risk and information sharing for financial services companies. It also establishes a supervisory regime for their third-party ICT providers. For suppliers, two points are therefore important: What it means in practice You will likely see DORA in RFPs

The post What DORA Means for ICT Suppliers: MSPs, SaaS and Cloud in Scope appeared first on IT Governance Blog.

Cyber Security Must Be a Board Priority – And It Starts With Cyber Essentials

Senior ministers and national security officials have called on boards to take urgent action to strengthen their organisations’ cyber resilience. The Chancellor of the Exchequer, the Secretaries of State for Science, Innovation and Technology and for Business and Trade, the Minister for Security, the Chief Executive of the NCSC (National Cyber Security Centre) and the Director General of the NCA (National Crime Agency) have co-signed an open letter to FTSE 350 companies and other large UK organisations, warning that hostile cyber activity in the UK is “growing more intense, frequent and sophisticated”, posing “a direct and active threat to our

The post Cyber Security Must Be a Board Priority – And It Starts With Cyber Essentials appeared first on IT Governance Blog.

Top 5 Skills Every ISO 27001 Internal Auditor Needs

Internal audits are essential to ISO 27001 compliance, as mandated by Clause 9.2 – but what does it actually take to be an effective internal auditor? Many professionals know the Standard from a theoretical point of view but are less confident about audit practicalities such as interviewing staff, sampling evidence, writing findings and presenting results without friction. This blog post breaks down five practical skills every internal auditor needs and how training helps build them, turning theory into repeatable practice. Skill 1 – Evidence gathering The auditor’s role is to test whether the ISMS operates as described and achieves its

The post Top 5 Skills Every ISO 27001 Internal Auditor Needs appeared first on IT Governance Blog.

AWS Outage: A Supply-Chain Security Lesson

It sometimes seems that each new supply-chain security breach we see in the news affects more organisations than the last one. This isn’t particularly surprising when the same few tech companies support almost everything else. So, when it comes to AWS (Amazon Web Services) – the world’s largest Cloud provider, which is relied on by something like a third of the Internet – an outage like Monday’s really does demonstrate the problem of concentrating so much Internet infrastructure in one place. What happened and why it matters It might not have been a cyber attack but it still counts as

The post AWS Outage: A Supply-Chain Security Lesson appeared first on IT Governance Blog.

Global Encryption Day: Why Encryption Is a Core Requirement

Today, 21 October, is Global Encryption Day. Led by the Global Encryption Coalition, the campaign’s message is simple: “In uncertain times, encryption keeps us safe.” For organisations, it’s also a timely reminder that encryption isn’t optional, but a core control embedded in almost every major security and privacy framework and law – from the PCI DSS (Payment Card Industry Data Security Standard) and ISO 27001 to the GDPR (General Data Protection Regulation). This blog post explains why encryption is essential and how to strengthen your organisation’s approach. The risks of unencrypted data Data breaches remain one of the most damaging

The post Global Encryption Day: Why Encryption Is a Core Requirement appeared first on IT Governance Blog.

Why You Need Cyber Resilience and Defence in Depth

And how to become resilient with ISO 27001 and ISO 22301 Cyber resilience combines cyber security with the ability to detect, respond to and recover from cyber incidents. This goes hand in hand with defence in depth, a dynamic approach that has multiple security measures working together, so if one layer fails, another will still prevent an attacker from succeeding. Our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explains. In this interview Cyber incidents are a matter of ‘when, not if’ What mindset should organisations adopt when addressing information security risks? Key is to focus on when,

The post Why You Need Cyber Resilience and Defence in Depth appeared first on IT Governance Blog.

ISO 27001:2022 Clause 6 – What’s Changed and What You Need to Do About It

All ISO 27001:2013 certificates expire at the end of this month. For organisations that are yet to update their ISMS (information security management system) to align with the 2022 iteration of the Standard, there are inevitably certain areas that demand their attention more than others. One of these is the new Clause 6. What’s changed in Clause 6? ISO 27001:2013 emphasised: Related to this, Clause 8 dealt with planning, implementing and controlling processes to implement the actions and achieve the objectives determined by Clause 6. ISO 27001:2022 introduces updates in this area: These may look like relatively minor changes, but

The post ISO 27001:2022 Clause 6 – What’s Changed and What You Need to Do About It appeared first on IT Governance Blog.

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Kaspersky GReAT experts dive deep into the BlueNoroff APT's GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.

Mem3nt0 mori – The Hacking Team is back!

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

Deep analysis of the flaw in BetterBank reward logic

Kaspersky experts break down the recent BetterBank incident involving ESTEEM token bonus minting due to the lack of liquidity pool validation.

The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques

Common email phishing tactics in 2025 include PDF attachments with QR codes, password-protected PDF documents, calendar phishing, and advanced websites that validate email addresses.

PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations

Kaspersky GReAT experts break down a recent PassiveNeuron campaign that targets servers worldwide with custom Neursite and NeuralExecutor APT implants and Cobalt Strike.

Post-exploitation framework now also delivered via npm

The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims' devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS.

SEO spam and hidden links: how to protect your website and your reputation

Are you seeing your website traffic drop, and security systems blocking it for pornographic content that is not there? Hidden links, a type of SEO spam, could be the cause.

Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution

A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It delivered a new Maverick banker, which features code overlaps with Coyote malware.

Mysterious Elephant: a growing threat

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

Signal in the noise: what hashtags reveal about hacktivism in 2025

Kaspersky researchers identified over 2000 unique hashtags across 11,000 hacktivist posts on the surface web and the dark web to find out how hacktivist campaigns function and whom they target.