Cybersecurity News

How Attackers Bypass Synced Passkeys

TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure. Adversary-in-the-middle (AiTM) kits can force authentication fallbacks that circumvent strong

Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped

Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program. Of the 183 vulnerabilities, eight of them are non-Microsoft

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges. The shortcomings, tracked as CVE-2023-40151 and CVE-2023-42770, are both rated 10.0 on the CVSS scoring system. "The vulnerabilities affect Red Lion SixTRAK and VersaTRAK

Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access

Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to improper input validation that can result in unauthenticated remote code execution due to the fact that the call center

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization. "Due to a deserialization vulnerability in SAP NetWeaver, an

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According to the U.S. government, it's assessed to be a publicly-traded

Moving Beyond Awareness: How Threat Hunting Builds Readiness

Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone. Make no mistake, as a security professional, I love this month. Launched by CISA and the National

RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing

Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The attack, per ETH Zürich researchers Benedict Schlüter and Shweta Shinde, exploits AMD's incomplete protections that make it possible to perform a single memory

New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without the users' knowledge pixel-by-pixel. The attack has been codenamed Pixnapping by a group of academics from the University of California (Berkeley), University of

What AI Reveals About Web Applications— and Why It Matters

Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and enabling attackers to map your

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers to

Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain

Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveraging web injections and filtering checks as part of its attack chains. "TA585 is notable because it

⚡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More

Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done. This week’s edition looks at how attackers are changing the game — linking different flaws, working together across borders, and even turning trusted tools into weapons.

Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk

Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now. Get the complete Holiday Season Security Playbook here. Bottom Line Up Front The 2024 holiday season saw major

Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors

Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to an "exploit shotgun" approach, has singled out a wide range of internet-exposed infrastructure, including routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and

Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users' devices. "Threat actors were leveraging basic social engineering techniques alongside unpatched (0-day) exploits in Internet Explorer's JavaScript

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns. "Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware

New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs

Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts. "Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileged Active Directory account named, 'serviceaccount,'" eSentire said in a technical report published

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login

Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow unauthorized access to sensitive data. The vulnerability, tracked as CVE-2025-61884, carries a CVSS score of 7.5, indicating high severity. It affects versions from 12.2.3 through 12.2.14. "Easily exploitable vulnerability allows an unauthenticated attacker with

Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts

Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating into multiple accounts rapidly across compromised devices," it said. "The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing." A significant chunk of

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is known for deploying the Warlock and LockBit ransomware. The threat actor's use of the security utility was documented by Sophos last month. It's assessed that the attackers

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It's assessed that the malware is being propagated through

Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries

A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. "Storm-2657 is actively targeting a range of U.S.-based organizations, particularly employees in sectors like higher education, to gain access to third-party human resources (HR) software as a service (SaaS) platforms like Workday," the

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11 following a "potential vulnerability" reported by a customer, uncovering "potentially suspicious

The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?

The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how Security Operations Centers (SOCs) detect, respond, and adapt. But not all AI SOC platforms are created equal. From prompt-dependent copilots to autonomous, multi-agent systems, the current market offers

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign. The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread phishing campaign codenamed Beamglea targeting more than 135 industrial, technology, and energy

From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability

Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and

CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw

Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday. "We're still assessing the scope of this incident, but we believe it affected dozens of organizations," John Hultquist, chief analyst of

From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware

A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known as GOVERSHELL. "The initially observed campaigns were tailored to the targets, and the messages purported to be sent by senior researchers and analysts from legitimate-sounding, completely

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltrate SMS messages, call logs, notifications, and device information; taking photos with the front

Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks

SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks," the company said. It also noted that it's working to notify all

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More

Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every system that enhances convenience also expands the attack surface. This edition of ThreatsDay Bulletin explores these converging risks and the safeguards that help

SaaS Breaches Start with Tokens - What Security Teams Must Watch

Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies in 2025 rely on a whole range of software-as-a-service (SaaS) applications to run their operations. However, the security of these applications depends on small pieces of data called tokens. Tokens, like

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Russian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country's State Service for Special Communications and Information Protection (SSSCIP) said. "Hackers now employ it not only to generate phishing messages, but some of the malware samples we have analyzed show clear signs of being generated

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site visitors get injected content that was drive-by malware like fake Cloudflare verification," Sucuri researcher Puja Srivastava said in an analysis published last week. The website security company

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave

Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets. The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log injection) to plant a web shell on a web

Step Into the Password Graveyard… If You Dare (and Join the Live Session)

Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak. This Halloween, The Hacker News and Specops Software invite you to a live webinar: “

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem

Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an attempt on the part of the financially motivated threat actors to conduct more effective ransomware attacks, ReliaQuest said in a report shared with The Hacker News. "Announced shortly

Severe Framelink Figma MCP Vulnerability Lets Hackers Execute Code Remotely

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can

No Time to Waste: Embedding AI to Cut Noise and Reduce Risk

Artificial intelligence is reshaping cybersecurity on both sides of the battlefield. Cybercriminals are using AI-powered tools to accelerate and automate attacks at a scale defenders have never faced before. Security teams are overwhelmed by an explosion of vulnerability data, tool outputs, and alerts, all while operating with finite human resources. The irony is that while AI has become a

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator also used several ChatGPT accounts to

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers

A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. "The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents," Aryaka Threat Research Labs

Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them

Google's DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company's ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz. DeepMind said the AI agent is designed to be both reactive and

New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise

For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the single largest uncontrolled channel for corporate data

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design is built around a core client and an array of specialized components known as plugins," Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis published last week. "These plugins are

13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely

Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. "An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks

CrowdStrike on Monday said it's attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The malicious activity involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical vulnerability that

New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations

A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, which is known to share links with the

Patch Tuesday, October 2025 ‘End of 10’ Edition

Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you're running a Windows 10 PC and you're unable or unwilling to migrate to Windows 11, read on for other options.

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second.

ShinyHunters Wage Broad Corporate Extortion Spree

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K. retailers, the London transit system, and healthcare providers in the United States.

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

Bulletproof Host Stark Industries Evades EU Sanctions

In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new data shows those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers.

Microsoft Patch Tuesday, September 2025 Edition

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.

GOP Cries Censorship Over Spam Filters That Work

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder. But according to experts who track daily spam volumes worldwide, WinRed's messages are getting blocked more because its methods of blasting email are increasingly way more spammy than that of ActBlue, the fundraising platform for Democrats.

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.

Apple’s Bug Bounty Program

Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website:

Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards.

We’re doubling our top award to $2 million for exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks. This is an unprecedented amount in the industry and the largest payout offered by any bounty program we’re aware of and our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can more than double this reward, with a maximum payout in excess of $5 million. We’re also doubling or significantly increasing rewards in many other categories to encourage more intensive research. This includes $100,000 for a complete Gatekeeper bypass, and $1 million for broad unauthorized iCloud access, as no successful exploit has been demonstrated to date in either category. ...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak:

Nathan E. Sanders and I will be giving a book talk on Rewiring Democracy at the Harvard Kennedy School’s Ash Center in Cambridge, Massachusetts, USA, on October 22, 2025, at noon ET.
Nathan E. Sanders and I will be speaking and signing books at the Cambridge Public Library in Cambridge, Massachusetts, USA, on October 22, 2025, at 6:00 PM ET. The event is sponsored by Harvard Bookstore.
Nathan E. Sanders and I will give a virtual talk about our book Rewiring Democracy on October 23, 2025, at 1:00 PM ET. The event is hosted by Data & Society...

The Trump Administration’s Increased Use of Social Media Surveillance

This chilling paragraph is in a comprehensive Brookings report about the use of tech to deport people from the US:

The administration has also adapted its methods of social media surveillance. Though agencies like the State Department have gathered millions of handles and monitored political discussions online, the Trump administration has been more explicit in who it’s targeting. Secretary of State Marco Rubio announced a new, zero-tolerance “Catch and Revoke” strategy, which uses AI to monitor the public speech of foreign nationals and revoke visas...

Rewiring Democracy is Coming Soon

My latest book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship, will be published in just over a week. No reviews yet, but you can read chapters 12 and 34 (of 43 chapters total).

You can order the book pretty much everywhere, and a copy signed by me here.

Please help spread the word. I want this book to make a splash when it’s public. Leave a review on whatever site you buy it from. Or make a TikTok video. Or do whatever you kids do these days. Is anyone a Slashdot contributor? I’d like the book to be announced there...

AI and the Future of American Politics

Two years ago, Americans anxious about the forthcoming 2024 presidential election were considering the malevolent force of an election influencer: artificial intelligence. Over the past several years, we have seen plenty of warning signs from elections worldwide demonstrating how AI can be used to propagate misinformation and alter the political landscape, whether by trolls on social media, foreign influencers, or even a street magician . AI is poised to play a more volatile role than ever before in America’s next federal election in 2026. We can already see how different groups of political actors are approaching AI. Professional campaigners are using AI to accelerate the traditional tactics of electioneering; organizers are using it to reinvent how movements are built; and citizens are using it both to express themselves and amplify their side’s messaging. Because there are so few rules, and so little prospect of regulatory action, around AI’s role in politics, there is no oversight of these activities, and no safeguards against the dramatic potential impacts for our democracy...

Friday Squid Blogging: Sperm Whale Eating a Giant Squid

Video.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Autonomous AI Hacking and the Future of Cybersecurity

AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything.

Over the summer, hackers proved the concept, industry institutionalized it, and criminals operationalized it. In June, AI company XBOW took the top spot on HackerOne’s US leaderboard after submitting over 1,000 new vulnerabilities in just a few months. In August, the seven teams competing in DARPA’s AI Cyber Challenge ...

Flok License Plate Surveillance

The company Flok is surveilling us as we drive:

A retired veteran named Lee Schmidt wanted to know how often Norfolk, Virginia’s 176 Flock Safety automated license-plate-reader cameras were tracking him. The answer, according to a U.S. District Court lawsuit filed in September, was more than four times a day, or 526 times from mid-February to early July. No, there’s no warrant out for Schmidt’s arrest, nor is there a warrant for Schmidt’s co-plaintiff, Crystal Arrington, whom the system tagged 849 times in roughly the same period.

You might think this sounds like it violates the Fourth Amendment, which protects American citizens from unreasonable searches and seizures without probable cause. Well, so does the American Civil Liberties Union. Norfolk, Virginia Judge Jamilah LeCruise also agrees, and in 2024 she ruled that plate-reader data obtained without a search warrant couldn’t be used against a defendant in a robbery case...

AI-Enabled Influence Operation Against Iran

Citizen Lab has uncovered a coordinated AI-enabled influence operation against the Iranian government, probably conducted by Israel.

Key Findings

A coordinated network of more than 50 inauthentic X profiles is conducting an AI-enabled influence operation. The network, which we refer to as “PRISONBREAK,” is spreading narratives inciting Iranian audiences to revolt against the Islamic Republic of Iran.
While the network was created in 2023, almost all of its activity was conducted starting in January 2025, and continues to the present day.
The profiles’ activity appears to have been synchronized, at least in part, with the military campaign that the Israel Defense Forces conducted against Iranian targets in June 2025. ...

AI in the 2026 Midterm Elections

We are nearly one year out from the 2026 midterm elections, and it’s far too early to predict the outcomes. But it’s a safe bet that artificial intelligence technologies will once again be a major storyline.

The widespread fear that AI would be used to manipulate the 2024 US election seems rather quaint in a year where the president posts AI-generated images of himself as the pope on official White House accounts. But AI is a lot more than an information manipulator. It’s also emerging as a politicized issue. Political first-movers are adopting the technology, and that’s opening a ...

Your Roku devices are getting a big, free upgrade - including AI Voice

Enhancements are coming to Roku City screensaver, Roku Voice, Live TV Channels, the mobile app, and headphone mode. There's also a new smart projector.

How location-based voice notes on this Coros smartwatch transformed my trail runs

Incorporating long battery life and a useful voice note feature, the Coros Apex 4 is the brand's latest rugged sportswatch for the outdoor adventurist.

Apple's M5 MacBook Pro and iPad is coming soon - here's everything we know

Apparently, 'something powerful is coming'. Three new M5-powered Apple products could be launched as soon as today.

How to restart your iPhone without using the power button: 5 ways

If you're thinking, 'There must be an easier way to shut down my iPhone,' there are - several, in fact.

Windows 10's final update is a big one - with a record 173 bug fixes

The latest Patch Tuesday is a bug-fixing bonanza.

Why Windows 11 requires a TPM - and how you can get around it

Windows 11 officially requires a Trusted Platform Module. Here's why and what to do if your old PC doesn't have one.

I found the easiest way to transfer files to and from my Linux PC - and it's so fast

Once you start using QuickDAV, you'll find this simple app indispensable for easy file transfers from any OS to Linux.

Are high-end monitors worth it? I tested one for work and play and never looked back

The HP Omen 32X combines a sharp 4K, 144Hz display with Google TV, allowing it to double as a gaming monitor and smart TV.

Ready to ditch your Windows PC? I highly recommend this mini PC that's optimized for Linux

The Kubuntu Focus NX Gen 3 ships with one of my favorite Linux distributions preinstalled, and takes just minutes to set up.

I thought Bose had perfected noise canceling - then I tried these headphones

With the new QuietComfort Ultra 2, Bose isn't reinventing the wheel. Instead, it's made strides in almost every essential aspect.

There's one critical reason why I choose this Garmin smartwatch over competing models

The Garmin Instinct Crossover AMOLED features a dynamic display, a flashlight, and a gorgeous analog design. But its best feature truly sets it apart.

The $20 charging cable I always pack to avoid tangling nightmares when traveling

If there's one thing that pains me, it's pulling out a bird's nest of cables from my bag. This cable puts a stop to that.

Looking for a Windows 11 laptop? This Dell checks all the right boxes for me

The Dell 16 Premium extends the XPS legacy, combining high-end components with a striking 4K touchscreen in a sleek design.

I tested this Windows 11 tablet built for the medical industry, and it made my Android look boring

DT Research's 323MD rugged tablet has an anti-microbial keyboard and IP65 water and dust resistance.

Best tablets for note-taking 2025: My hand-picked options for writing notes

Our tried, tested, and reviewed tablets are the best around for note-taking in study sessions, meetings, or when you're feeling creative. These are our favorite devices.

Worried about your water? How to get started assessing it - and what to do next

As problems with household water become more detectable and prevalent, many are moving beyond just handheld filters for drinking water.

The best electric screwdrivers of 2025: Expert tested and reviewed

I tested some of the best electric screwdrivers on the market to help you find the perfect one to streamline your DIY tasks.

The best microSD cards of 2025: Expert tested

We went hands-on with the best microSD cards from brands like SanDisk, Lexar, and ProGrade to help you pick the right storage option.

The OnePlus 12 is still on sale for $300 off - but time is running out

With market-leading charging speeds, a big battery, and a premium build, the OnePlus 12 is a worthy rival to flagship smartphones.

A minority of businesses have won big with AI. What are they doing right?

Cisco's new study explores how to be an AI 'Pacesetter' and stand apart from the stagnant masses.

Customer Service Firm 5CA Denies Responsibility for Discord Data Breach

After being named by Discord as the third-party responsible for the breach, 5CA said none of its systems were involved.

The post Customer Service Firm 5CA Denies Responsibility for Discord Data Breach appeared first on SecurityWeek.

ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact

Over 20 advisories have been published by industrial giants this Patch Tuesday.

The post ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact appeared first on SecurityWeek.

High-Severity Vulnerabilities Patched by Fortinet and Ivanti

Fortinet and Ivanti have announced their October 2025 Patch Tuesday updates, which patch many vulnerabilities across their products.

The post High-Severity Vulnerabilities Patched by Fortinet and Ivanti appeared first on SecurityWeek.

Adobe Patches Critical Vulnerability in Connect Collaboration Suite

Adobe has published a dozen security advisories detailing over 35 vulnerabilities across its product portfolio.

The post Adobe Patches Critical Vulnerability in Connect Collaboration Suite appeared first on SecurityWeek.

Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws

The tech giant has rolled out fixes for 173 CVEs, including five critical-severity security defects.

The post Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws appeared first on SecurityWeek.

HyperBunker Raises Seed Funding to Launch Next-Generation Anti-Ransomware Device

Investors are placing bets on a hardware-based approach to data security in a market dominated by software solutions for ransomware resilience.

The post HyperBunker Raises Seed Funding to Launch Next-Generation Anti-Ransomware Device appeared first on SecurityWeek.

Cybereason to be Acquired by MSSP Giant LevelBlue

This is LevelBlue’s third acquisition this year, after Trustwave and Aon’s Cybersecurity & IP Litigation Consulting groups.

The post Cybereason to be Acquired by MSSP Giant LevelBlue appeared first on SecurityWeek.

SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM

SAP has rolled out additional protections for insecure deserialization bugs resolved in NetWeaver AS Java recently.

The post SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM appeared first on SecurityWeek.

Fraud Prevention Firm Resistant AI Raises $25 Million

Resistant AI will use the funding to expand its fraud detection and transaction monitoring offerings to new markets.

The post Fraud Prevention Firm Resistant AI Raises $25 Million appeared first on SecurityWeek.

Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack

Hackers have posted over 1 Tb of information allegedly stolen from Harvard on the Cl0p data leak website.

The post Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack appeared first on SecurityWeek.

Capita fined £14M after 58-hour delay exposed 6.6M records

ICO makes example of outsourcing giant over sluggish cyber response

The UK's Information Commissioner's Office (ICO) has issued a £14 million ($18.6 million) penalty to outsourcing giant Capita following a catastrophic 2023 cyberattack that exposed the personal data of 6.6 million people.…

Asahi breach leaves bitter taste as brewer fears personal data slurped

Japan's beer behemoth still mopping up after ransomware spill that disrupted deliveries and delayed results

Asahi's cyber hangover just got worse, with the brewer now admitting that personal information may have been tapped in last month's attack.…

Mozilla is recruiting beta testers for a free, baked-in Firefox VPN

Lucky few randomly selected to trial the feature, which won't fully roll out for several months

Mozilla is working on a built-in VPN for Firefox, with beta tests opening to select users shortly.…

Oracle rushes out another emergency E-Business Suite patch as Clop fallout widens

Latest in a long line of EBS flaws leta miscreants remotely compromise enterprise systems to pinch sensitive data

Oracle is rushing out another emergency patch for its embattled E-Business Suite as the fallout from the Clop-linked attacks continues to spread.…

British govt agents demand action after UK mega-cyberattacks surge 50%

Warn businesses to act now as high-severity incidents keep climbing

Cyberattacks that meet upper severity thresholds set by the UK government's cyber agents have risen 50 percent in the last year, despite almost zero change in the volume of cases handled.…

EU biometric border system launch hits inevitable teething problems

Malfunctioning equipment and manual processing cause 90-minute waits

The European Union's new biometric Exit/Entry System (EES) got off to a chaotic start at Prague's international airport, with travelers facing lengthy queues and malfunctioning equipment forcing border staff to process arrivals manually.…

Scattered Lapsus$ Hunters rage-quit the internet (again), promise to return next year

'We will never stop,' say crooks, despite retiring twice in the space of a month

The Scattered Lapsus$ Hunters (SLSH) cybercrime collective - compriseed primarily of teenagers and twenty-somethings - announced it will go dark until 2026 following the FBI's seizure of its clearweb site.…

Microsoft 'illegally' tracked students via 365 Education, says data watchdog

Redmond argued schools, education authorities are responsible for GDPR

An Austrian digital privacy group has claimed victory over Microsoft after the country's data protection regulator ruled the software giant "illegally" tracked students via its 365 Education platform and used their data.…

China probes Qualcomm's Autotalks deal amid rising US trade tensions

Beijing insists it's business as usual – Washington might see it differently

China's competition regulator has launched an investigation into Qualcomm's purchase of Israeli firm Autotalks, the latest salvo in the escalating tech trade war between Washington and Beijing.…

Ofcom fines 4chan £20K and counting for pretending UK's Online Safety Act doesn't exist

Regulator warns penalties will pile up until internet toilet does its paperwork

Ofcom, the UK's Online Safety Act regulator, has fined online message board 4chan £20,000 ($26,680) for failing to protect children from harmful content.…

Dutch government puts Nexperia on a short leash over chip security fears

Minister invokes powers to stop firm shifting knowledge to China, citing governance shortcomings

The Dutch government has placed Nexperia - a Chinese-owned semiconductor company that previously operated Britain's Newport Wafer Fab — under special administrative measures, citing serious governance failures that threaten European tech security.…

Pro-Russia hacktivist group dies of cringe after falling into researchers' trap

Forescout's phony water plant fooled TwoNet into claiming a fake cyber victory – then it quietly shut up shop

Security researchers say they duped pro-Russia cybercriminals into targeting a fake critical infrastructure organization, which the crew later claimed - via their Telegram group - to be a real-world attack.…

Microsoft warns of 'payroll pirate' crew looting US university salaries

Crooks phish campus staff, slip into HR systems, and quietly reroute paychecks

Microsoft's Threat Intelligence team has sounded the alarm over a new financially-motivated cybercrime spree that is raiding US university payroll systems.…

Cops nuke BreachForums (again) amid cybercrime supergroup extortion blitz

US and French fuzz pull the plug on Scattered Lapsus$ Hunters' latest leak shop targeting Salesforce

US authorities have seized the latest incarnation of BreachForums, the cybercriminal bazaar recently reborn under the stewardship of the so-called Scattered Lapsus$ Hunters, with help from French cyber cops and the Paris prosecutor's office.…

UK techies' union warns members after breach exposes sensitive personal details

Prospect apologizes for cyber gaffe affecting up to 160K members

UK trade union Prospect is notifying members of a breach that involved data such as sexual orientation and disabilities.…

It's trivially easy to poison LLMs into spitting out gibberish, says Anthropic

Just 250 malicious training documents can poison a 13B parameter model - that's 0.00016% of a whole dataset

Poisoning AI models might be way easier than previously thought if an Anthropic study is anything to go on. …

SonicWall breach hits every cloud backup customer after 5% claim goes up in smoke

Affects users regardless of when their backups were created

SonicWall has admitted that all customers who used its cloud backup service to store firewall configuration files were affected by a cybersecurity incident first disclosed in mid-September, walking back earlier assurances that only a small fraction of users were impacted.…

Take this rob and shove it! Salesforce issues stern retort to ransomware extort

CRM giant 'will not engage, negotiate with, or pay' the scumbags

Salesforce won't pay a ransom demand to criminals who claim to have stolen nearly 1 billion customer records and are threatening to leak the data if the CRM giant doesn't pony up some cash.…

Germany slams brakes on EU's Chat Control device-scanning snoopfest

Berlin's opposition likely kills off Brussels' bid to scan everyone's messages

Germany has committed to oppose the EU's controversial "Chat Control" regulations following huge pressure from multiple activists and major organizations.…

Employees regularly paste company secrets into ChatGPT

Microsoft Copilot, not so much

Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they're using the bot without permission.…

Nearly a year after attack, US medical scanning biz gets clear image of stolen patient data

No fraud monitoring and no apology after miscreants make off with medical, financial data

Florida-based Doctors Imaging Group has admitted that the sensitive medical and financial data of 171,862 patients was stolen during the course of a November 2024 cyberattack.…

Police and military radio maker BK Technologies cops to cyber break-in

Florida comms outfit serving cops, firefighters, and the military says hackers pinched some employee data but insists its systems stayed online

BK Technologies, the Florida-based maker of mission-critical radios for US police, fire, and defense customers, has confessed to a cyber intrusion that briefly rattled its IT systems last month.…

OpenAI bans suspected Chinese accounts using ChatGPT to plan surveillance

It also banned some suspected Russian accounts trying to create influence campaigns and malware

OpenAI has banned ChatGPT accounts believed to be linked to Chinese government entities attempting to use AI models to surveil individuals and social media accounts.…

Britain eyes satellite laser warning system and carrier-launched jet drones

Space sensors and UAVs at sea top MoD's list in new wave of cutting-edge projects

The UK is pressing ahead with cutting-edge defense projects, the latest including research to protect satellites from laser attack and a technology demonstrator for a jet-powered drone to operate from Royal Navy carriers.…

UK Home Office opens wallet for £60M automated number plate project

Department eyes new app to tap national ANPR data for live alerts, searches, and integrations

The UK's Home Office is inviting tech suppliers to take part in a £60 million "market engagement" for an application that uses data from automated number plate recognition (ANPR) systems.…

Credential stuffing: £2.31 million fine shows passwords are still the weakest link

How recycled passwords and poor security habits are fueling a cybercrime gold rush

Partner Content If you're still using "password123" for more than one account, there's a good chance you've already exposed yourself to credential stuffing attacks — one of the most prevalent and damaging forms of automated cybercrime today. Just ask the 6.9 million users of 23andMe who discovered their personal details were compromised when cybercriminals used recycled credentials from other breaches to infiltrate their accounts.…

Scattered Lapsus$ Hunters offering $10 in Bitcoin to 'endlessly harass' execs

Crime group claims to have already doled out $1K to those in it 'for money and for the love of the game'

Scattered Lapsus$ Hunters has launched an unusual crowdsourced extortion scheme, offering $10 in Bitcoin to anyone willing to help pressure their alleged victims into paying ransoms.…

Radiant Group won't touch kids' data now, but apparently hospitals are fair game

Ransomware crooks utterly fail to find moral compass

First they targeted a preschool network, now new kids on the ransomware block Radiant Group say they've hit a hospital in the US, continuing their deplorable early cybercrime careers.…

Thieves steal IDs and payment info after data leaks from Discord support vendor

Outsourcing your helpdesk always seems like a good idea – until someone else's breach becomes your problem

Discord has confirmed customers' data was stolen – but says the culprit wasn't its own servers, just a compromised support vendor.…

Jaguar Land Rover engines ready to roar again after weeks-long cyber stall

No confirmed date but workers expected to return in the coming days

Jaguar Land Rover is readying staff to resume manufacturing in the coming days, a company spokesperson confirmed to The Reg.…

Clop crew hits Oracle E-Business Suite users with fresh zero-day

Big Red rushes out patch for 9.8-rated flaw after crooks exploit it for data theft and extortion

Oracle rushed out an emergency fix over the weekend for a zero-day vulnerability in its E-Business Suite (EBS) that criminal crew Clop has already abused for data theft and extortion.…

Leak suggests US government is fibbing over FEMA security failings

Plus, PAN under attack, IT whistleblowers get a payout, and China kills online scammers

Infosec in brief On August 29, the US Federal Emergency Management Agency fired its CISO, CIO, and 22 other staff for incompetence but insisted it wasn't in response to an online attack. New material suggests FEMA's claim may be false.…

Apple ices ICE agent tracker app under government heat

Cupertino yanks ICEBlock citing safety risks for law enforcement

Apple has deep-sixed an app that tracks the movements of US Immigration and Customs Enforcement (ICE) agents – apparently bowing to government pressure.…

Munich Airport chaos after drone sightings spook air traffic control

Overnight shutdown leaves thousands stuck as Oktoberfest crowds stretch city security

Munich Airport was temporarily closed last night following reports of drones buzzing around the area.…

UK government says digital ID won't be compulsory – honest

Even spy-tech biz Palantir says 'steady on' as 2.76M Brits demand it be ditched

The British government has finally given more details about the proposed digital ID project, directly responding to the 2.76 million naysayers that signed an online petition calling for it to be ditched.…

Oracle tells Clop-targeted EBS users to apply July patch, problem solved

Researchers suggest internet-facing portals are exposing 'thousands' of orgs

Oracle has finally broken its silence on those Clop-linked extortion emails, but only to tell customers what they already should have known: patch your damn systems.…

Criminals take Renault UK customer data for a joyride

Names, numbers, and reg plates exposed in latest auto industry cyber-shunt

Renault UK customers are being warned their personal data may be in criminal hands after one of its supplier was hacked.…

Subpoena tracking platform blames outage on AWS social engineering attack

Software maker Kodex said its domain registrar fell for a fraudulent legal order

A software platform used by law enforcement agencies and major tech companies to manage subpoenas and data requests went dark this week after attackers socially engineered AWS into freezing its domain.…

Clop-linked crims shake down Oracle execs with data theft claims

Extortion emails name-drop Big Red's E-Business Suite, though Google and Mandiant yet to find proof of any breach

Criminals with potential links to the notorious Clop ransomware mob are bombarding Oracle execs with extortion emails, claiming to have stolen sensitive data from Big Red's E-Business Suite, according to researchers.…

EU funds are flowing into spyware companies, and politicians are demanding answers

Experts say Commission is ‘fanning the flames’ of the continent’s own Watergate

An arsenal of angry European Parliament members (MEPs) is demanding answers from senior commissioners about why EU subsidies are ending up in the pockets of spyware companies.…

Cybercrims claim raid on 28,000 Red Hat repos, say they have sensitive customer files

570GB of data claimed to be stolen by the Crimson Collective

A hacking crew claims to have broken into Red Hat's private GitLab repositories, exfiltrating some 570GB of compressed data, including sensitive documents belonging to customers. …

US gov shutdown leaves IT projects hanging, security defenders a skeleton crew

The longer the shutdown, the less likely critical IT overhauls happen, ex federal CISO tells The Register

The US government shut down at 1201 ET on October 1, halting non-essential IT modernization and leaving cybersecurity operations to run on skeleton crews.…

'Delightful' root-access bug in Red Hat OpenShift AI allows full cluster takeover

Who wouldn't want root access on cluster master nodes?

A 9.9 out of 10 severity bug in Red Hat's OpenShift AI service could allow a remote attacker with minimal authentication to steal data, disrupt services, and fully hijack the platform.…

Air Force admits SharePoint privacy issue as reports trickle out of possible breach

Uncle Sam can't quit Redmond

Exclusive The US Air Force confirmed it's investigating a "privacy-related issue" amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.…

3.7M breach notification letters set to flood North America's mailboxes

Allianz Life and WestJet lead the way, along with a niche software shop

A trio of companies disclosed data breaches this week affecting approximately 3.7 million customers and employees across North America.…

AI agent hypefest crashing up against cautious leaders, Gartner finds

Only 15% considering deployments and just 7% say it'll replace humans in next four years

Enterprises aren't keen on letting autonomous agents take the wheel amid fears over trust and security as research once again shows that AI hype is crashing against the rocks of reality.…

Imgur yanks Brit access to memes as parent company faces fine

ICO investigation into platform's lack of age assurance continues

The UK's data watchdog has described Imgur's move to block UK users as "a commercial decision" after signaling plans to fine parent company MediaLab.…

Explain digital ID or watch it fizzle out, UK PM Starmer told

Politico avoids the topic at Labour conference speech, homes in on AI instead

UK prime minister Keir Starmer avoided mentioning the mandatory digital ID scheme in his keynote speech to the Labour Party conference amid calls for him to put meat on the bones of the plans or risk it failing fast.…

Schools are swotting up on security yet still flunk recovery when cyberattacks strike

Coursework 'gone forever' as 10% report critical damage

Schools and colleges hit by cyberattacks are taking longer to restore their networks — and the consequences are severe, with students' coursework being permanently lost in some cases.…

Beijing-backed burglars master .NET to target government web servers

‘Phantom Taurus’ created custom malware to hunt secrets across Asia, Africa, and the Middle East

Threat-hunters at Palo Alto Networks’ Unit 42 have decided a gang they spotted two years ago is backed by China, after seeing it sling a new variety of malware.…

Last Windows 10 Patch Tuesday Features Six Zero-Days

Microsoft has fixed over 170 CVEs in October’s Patch Tuesday, including six zero-day vulnerabilities

Capita Fined £14m After 2023 Breach that Hit 6.6 Million People

Outsourcing giant Capita has been fined £14m by the ICO after a major data breach in 2023

UK, US Sanction Southeast Asia-Based Online Scam Network

Investigations found that the network operates scam centers in Cambodia, Myanmar and across Southeast Asia

Legacy Windows Protocols Still Expose Networks to Credential Theft

Legacy Windows protocols are still exposing organizations to credential theft, Resecurity found

Hacker Group TA585 Emerges With Advanced Attack Infrastructure

A newly identified cybercrime group TA585 is running an advanced cyber operation distributing MonsterV2 malware

Senior Execs Falling Short on Cyber-Attack Preparedness, NCSC Warns

In a joint warning letter, UK ministers urged FTSE 350 CEOs to bolster cyber defenses

Chinese Hackers Use Trusted ArcGIS App For Year-Long Persistence

ReliaQuest report reveals Flax Typhoon attackers maintained year-long access to an ArcGIS system

UK Firms Lose Average of £2.9m to AI Risk

A new EY report claims unmanaged AI risk is causing millions of pounds’ worth of losses for UK organizations

UK: NCSC Reports 130% Spike in "Nationally Significant" Cyber Incidents

The UK cybersecurity agency reported 204 cyber incidents of “national significance” between September 2024 and August 2025 – an all-time high

Hackers Target ScreenConnect Features For Network Intrusions

A rise in attacks exploiting RMM tools like ScreenConnect enables system control via phishing tactics

Spain Arrests Alleged Leader of GXC Team Cybercrime Network

Spanish authorities have arrested a 25-year-old Brazilian accused of leading the GXC Team and selling malware and AI tools to cybercriminals

New Stealit Malware Campaign Spreads via VPN and Game Installer Apps

A new campaign distributing the Stealit infostealer employs previously unknown malware delivery techniques and infrastructure

Harmonic Security targets AI data risks with Model Context Protocol Gateway

Harmonic Security announced Model Context Protocol (MCP) Gateway, a developer-friendly, locally installed gateway that gives security teams complete visibility and control over their organization’s agentic AI ecosystem. The solution intercepts all MCP traffic enabling security teams to discover what clients and servers are in use, enforce granular policies to block risky actions, and apply Harmonic’s sensitive data models to prevent the exfiltration of critical intellectual property and other sensitive information. Without visibility or controls, sensitive … More →

The post Harmonic Security targets AI data risks with Model Context Protocol Gateway appeared first on Help Net Security.

Blumira rolls out SOC Auto-Focus to streamline threat investigation

Blumira launched SOC Auto-Focus, an AI-powered security investigation tool, alongside enhancements to its Managed Service Provider (MSP) partner program. SOC Auto-Focus is designed to help IT teams and MSPs work smarter, reduce alert fatigue and accelerate incident response through contextual intelligence and expert guidance. SOC Auto-Focus is a fundamental shift for how under-resourced IT administrators and security teams approach threat investigation. Rather than replacing human decision-making, the solution enhances analyst capabilities by providing context, prioritization … More →

The post Blumira rolls out SOC Auto-Focus to streamline threat investigation appeared first on Help Net Security.

Microsoft patches three zero-days actively exploited by attackers

On October 2025 Patch Tuesday, Microsoft released fixes for 175+ vulnerabilities, including three zero-days under active attack: CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827. The actively exploited vulnerabilities are an unusual mix CVE-2025-24990 is in the third-party driver (ltmdm64.sys) for the software-based Agere Modem, which is used for dial-up internet access and sending/receiving faxes. The vulnerable driver was, until now, shipped natively with Windows and the vulnerability, which allows attackers to gain administrator privileges, has been exploited by … More →

The post Microsoft patches three zero-days actively exploited by attackers appeared first on Help Net Security.

Aura enhancements simplify opt-outs and strengthen online privacy

Aura new tools to help consumers reclaim control over their personal information online. The new capabilities automate some of the most time-consuming privacy tasks, including removing personal details from Google search results, opting out of data broker sites, and identifying forgotten or active accounts that may be leaking sensitive data. “America has a uniquely modern problem: personal information is everywhere online, scraped, sold and re-sold in an endless cycle,” said Hari Ravichandran, CEO of Aura. … More →

The post Aura enhancements simplify opt-outs and strengthen online privacy appeared first on Help Net Security.

BigID introduces MCP Server to unlock AI-native access to enterprise data

BigID announced the launch of its Model Context Protocol (MCP) server, designed to unlock AI-native access to enterprise data context across the broadest range of data sources — structured, unstructured, on-prem, cloud, business applications, and AI frameworks. Built on BigID’s discovery and classification foundation, the MCP Server gives AI agents secure, governed, and contextual visibility into enterprise metadata — enabling AI to understand, reason, and act on data safely. With this new capability, organizations can … More →

The post BigID introduces MCP Server to unlock AI-native access to enterprise data appeared first on Help Net Security.

BarracudaONE adds AI-powered tools to help MSPs simplify security

Barracuda Networks unveiled enhancements to its AI-powered BarracudaONE platform. New capabilities, including bulk remediation for email threats, PSA integrations for automated billing and invoicing, and streamlined account management, are purpose-built for managed service providers (MSPs), helping them accelerate security across multi-tenant environments, simplify operations, and drive scalable growth. “These new capabilities underscore Barracuda’s unwavering commitment to helping MSPs scale securely, respond to threats faster and operate with greater agility,” said Michelle Hodges, SVP of global … More →

The post BarracudaONE adds AI-powered tools to help MSPs simplify security appeared first on Help Net Security.

New Cranium AI features enhance compliance, security, and agentic AI scalability

Cranium AI released several new agentic AI capabilities and featured releases to its AI Governance and Security Platform. These new products and capabilities are designed to enable enterprises to scale faster with AI agents, streamline compliance and fortify AI systems against real-world vulnerabilities. The key new products and capabilities released today include: Cranium AgentSensor – a capability that provides organizations visibility into the agentic layer of their applications. It automatically detects AI agents, the tools … More →

The post New Cranium AI features enhance compliance, security, and agentic AI scalability appeared first on Help Net Security.

Netcraft launches Phone Scam Disruption to stop brand impersonation calls and texts

Netcraft unveiled a new solution to help protect organizations’ customers from scam texts and phone calls that impersonate their brand. Netcraft’s Phone Scam Disruption automates the detection and takedown of fraudulent phone numbers used in impersonation scam campaigns, shutting down threats before they spread. Netcraft’s approach has resulted in a 99.8% success rate across more than 50,000 takedowns with several pilot customers. A common tactic involves threat actors repeatedly posting fake customer service phone numbers … More →

The post Netcraft launches Phone Scam Disruption to stop brand impersonation calls and texts appeared first on Help Net Security.

Red Hat AI 3 helps enterprises scale AI workloads across hybrid environments

Red Hat released Red Hat AI 3, an evolution of its enterprise AI platform. Bringing together the latest innovations from Red Hat AI Inference Server, Red Hat Enterprise Linux AI (RHEL AI), and Red Hat OpenShift AI, the platform simplifies the complexities of high-performance AI inference at scale, enabling organizations to move workloads more easily from proof of concept to production and enhance collaboration on AI-enabled applications. As enterprises move beyond AI experimentation, they face … More →

The post Red Hat AI 3 helps enterprises scale AI workloads across hybrid environments appeared first on Help Net Security.

RGS IC Cloud Support enables Kubernetes management in restricted cloud environments

Rancher Government Solutions (RGS) announced the launch and general availability of IC Cloud Support, a new capability purpose-built for government and military teams operating in classified cloud environments. IC Cloud Support allows organizations working in airgapped or restricted regions of AWS to deploy and manage Kubernetes clusters without the need for access keys, custom API integrations, or manual provisioning workflows. “Our customers in classified environments deserve the same operational simplicity and resiliency they get in … More →

The post RGS IC Cloud Support enables Kubernetes management in restricted cloud environments appeared first on Help Net Security.

Gamaredon X Turla collab

Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine

Small businesses, big targets: Protecting your business against ransomware

Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises

HybridPetya: The Petya/NotPetya copycat comes with a twist

HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal

Are cybercriminals hacking your systems – or just logging in?

As bad actors often simply waltz through companies’ digital front doors with a key, here’s how to keep your own door locked tight

Preventing business disruption and building cyber-resilience with MDR

Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a prevention-first cybersecurity strategy

Under lock and key: Safeguarding business data with encryption

As the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purpose

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results

This month in security with Tony Anscombe – August 2025 edition

From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity news

Don’t let “back to school” become “back to (cyber)bullying”

Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back

First known AI-powered ransomware uncovered by ESET Research

The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats

"What happens online stays online" and other cyberbullying myths, debunked

Separating truth from fiction is the first step towards making better parenting decisions. Let’s puncture some of the most common misconceptions about online harassment.

The need for speed: Why organizations are turning to rapid, trustworthy MDR

How top-tier managed detection and response (MDR) can help organizations stay ahead of increasingly agile and determined adversaries

Investors beware: AI-powered financial scams swamp social media

Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think.

Supply-chain dependencies: Check your resilience blind spot

Does your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them?

How the always-on generation can level up its cybersecurity game

Digital natives are comfortable with technology, but may be more exposed to online scams and other threats than they think

WinRAR zero-day exploited in espionage attacks against high-value targets

The attacks used spearphishing campaigns to target financial, manufacturing, defense, and logistics companies in Europe and Canada, ESET research finds

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise their targets

Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s?

A sky-high premium may not always reflect your company’s security posture

Android adware: What is it, and how do I get it off my device?

Is your phone suddenly flooded with aggressive ads, slowing down performance or leading to unusual app behavior? Here’s what to do.

Black Hat USA 2025: Policy compliance and the myth of the silver bullet

Who’s to blame when the AI tool managing a company’s compliance status gets it wrong?

Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow?

Success in cybersecurity is when nothing happens, plus other standout themes from two of the event’s keynotes

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

Threat actors are embracing ClickFix, ransomware gangs are turning on each other – toppling even the leaders – and law enforcement is disrupting one infostealer after another

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too much

Why the tech industry needs to stand firm on preserving end-to-end encryption

Restricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activity

This month in security with Tony Anscombe – July 2025 edition

Here's a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025

The hidden risks of browser extensions – and how to stay safe

Not all browser add-ons are handy helpers – some may contain far more than you have bargained for

SharePoint under fire: ToolShell attacks hit organizations worldwide

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks

ToolShell: An all-you-can-eat buffet for threat actors

ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities

Rogue CAPTCHAs: Look out for phony verification pages spreading malware

Before rushing to prove that you're not a robot, be wary of deceptive human verification pages as an increasingly popular vector for delivering malware

Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)

Behind every free online service, there's a price being paid. Learn why your digital footprint is so valuable, and when you might actually be the product.

Unmasking AsyncRAT: Navigating the labyrinth of forks

ESET researchers map out the labyrinthine relationships among the vast hierarchy of AsyncRAT variants

How to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3)

Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.

Task scams: Why you should never pay to get paid

Some schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams.

How government cyber cuts will affect you and your business

Deep cuts in cybersecurity spending risk creating ripple effects that will put many organizations at a higher risk of falling victim to cyberattacks

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024

ESET Threat Report H1 2025: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for organizations in 2025

ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits

ESET experts discuss Sandworm’s new data wiper, relentless campaigns by UnsolicitedBooker, attribution challenges amid tool-sharing, and other key findings from the latest APT Activity Report

This month in security with Tony Anscombe – June 2025 edition

From Australia's new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news

ESET Threat Report H1 2025

A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

BladedFeline: Whispering in the dark

ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig

Don’t let dormant accounts become a doorway for cybercriminals

Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order.

This month in security with Tony Anscombe – May 2025 edition

From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news

Word to the wise: Beware of fake Docusign emails

Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data

Danabot under the microscope

ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure

Danabot: Analyzing a fallen empire

ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation

Lumma Stealer: Down for the count

The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies

ESET takes part in global operation to disrupt Lumma Stealer

Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation

The who, where, and how of APT attacks in Q4 2024–Q1 2025

ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report

ESET APT Activity Report Q4 2024–Q1 2025

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025

Sednit abuses XSS flaws to hit gov't entities, defense companies

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU

Operation RoundPress

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)

Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.

Catching a phish with many faces

Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly

Beware of phone scams demanding money for ‘missed jury duty’

When we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer.

Toll road scams are in overdrive: Here’s how to protect yourself

Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam.

RSAC 2025 wrap-up – Week in security with Tony Anscombe

From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks

This month in security with Tony Anscombe – April 2025 edition

From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity

How safe and secure is your iPhone really?

Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.

Deepfake 'doctors' take to TikTok to peddle bogus cures

Look out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements

How fraudsters abuse Google Forms to spread scams

The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe.

Will super-smart AI be attacking us anytime soon?

What practical AI attacks exist today? “More than zero” is the answer – and they’re getting better.

CapCut copycats are on the prowl

Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead

They’re coming for your data: What are infostealers and how do I stay safe?

Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data

Attacks on the education sector are surging: How can cyber-defenders respond?

Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?

Watch out for these traps lurking in search results

Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results

So your friend has been hacked: Could you be next?

When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.

1 billion reasons to protect your identity online

Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t.

The good, the bad and the unknown of AI: A Q&A with Mária Bieliková

The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us

This month in security with Tony Anscombe – March 2025 edition

From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news

Resilience in the face of ransomware: A key to business survival

Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage

Making it stick: How to get the most out of cybersecurity training

Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near

RansomHub affiliates linked to rival RaaS gangs

ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions

FamousSparrow resurfaces to spy on targets in the US, Latin America

Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time

Shifting the sands of RansomHub’s EDRKillShifter

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play

You will always remember this as the day you finally caught FamousSparrow

ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor

Operation FishMedley

ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON

MirrorFace updates toolset, expands targeting to Europe

The group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure

Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor

ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor

AI's biggest surprises of 2024 | Unlocked 403 cybersecurity podcast (S2E1)

Here's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams

When IT meets OT: Cybersecurity for the physical world

While relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure can’t afford to dismiss the OT threat

Don’t let cybercriminals steal your Spotify account

Listen up, this is sure to be music to your ears – a few minutes spent securing your account today can save you a ton of trouble tomorrow

AI-driven deception: A new face of corporate fraud

Malicious use of AI is reshaping the fraud landscape, creating major new risks for businesses

Kids behaving badly online? Here's what parents can do

By taking time to understand and communicate the impact of undesirable online behavior, you can teach your kids an invaluable set of life lessons for a new digital age

Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights

Take a moment to think beyond our current capabilities and consider what might come next in the grand story of evolution

Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani

Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media

Bernhard Schölkopf: Is AI intelligent? | Starmus highlights

With AI's pattern recognition capabilities well-established, Mr. Schölkopf's talk shifts the focus to a pressing question: what will be the next great leap for AI?

This month in security with Tony Anscombe – February 2025 edition

Ransomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news

Laurie Anderson: Building an ARK | Starmus highlights

The pioneering multi-media artist reveals the creative process behind her stage show called ARK, which challenges audiences to reflect on some of the most pressing issues of our times

Fake job offers target software developers with infostealers

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers

DeceptiveDevelopment targets freelance developers

ESET researchers analyzed a campaign delivering malware bundled with job interview challenges

No, you’re not fired – but beware of job termination scams

Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff

Katharine Hayhoe: The most important climate equation | Starmus highlights

The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action

Gaming or gambling? Lifting the lid on in-game loot boxes

The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down

What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)

Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.

How AI-driven identity fraud is causing havoc

Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back

Neil Lawrence: What makes us unique in the age of AI | Starmus highlights

As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?

Patch or perish: How organizations can master vulnerability management

Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching

Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights

Left unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?

MCPTotal Unfurls Hosting Service to Secure MCP Servers

MCPTotal today launched a hosting service to secure the Model Context Protocol (MCP) servers that are now starting to be more widely deployed to streamline data access for artificial intelligence (AI) applications and agents. Company CEO Gil Dabah said the Secure Model Context Protocol (MCP) Platform developed by MCPTotal provides a centralized approach to scanning..

The post MCPTotal Unfurls Hosting Service to Secure MCP Servers appeared first on Security Boulevard.

MCPTotal Launches to Power Secure Enterprise MCP Workflows

New York, USA, New York, 15th October 2025, CyberNewsWire

The post MCPTotal Launches to Power Secure Enterprise MCP Workflows appeared first on Security Boulevard.

Email Security and Compliance: What MSPs Need to Know in 2026

Earlier this year, we explored the widening gap between email security and compliance. It’s a gap that exists not because the threats are unclear or the risks misunderstood, but because the language of regulation still struggles to catch up with the speed and subtlety of modern phishing and business email compromise (BEC) attacks. For CISOs, IT Directors, and MSP leaders, that gap is no longer theoretical—it’s where legal exposure lives.

The post Email Security and Compliance: What MSPs Need to Know in 2026 appeared first on Security Boulevard.

Boost AI Risk Management With AI Risk Quantification | Kovrr

Articles related to cyber risk quantification, cyber risk management, and cyber resilience.

The post Boost AI Risk Management With AI Risk Quantification | Kovrr appeared first on Security Boulevard.

Roll your own bot detection: server-side detection (part 2)

This is the second part of our series on building a lightweight, vendor-free anti-bot system to protect your login endpoint.

In Part 1, we focused on the client side: we designed a fingerprinting script that collects various signals from the browser, obfuscates the code, encrypts the payload, and injects it

The post Roll your own bot detection: server-side detection (part 2) appeared first on Security Boulevard.

Inside the CISO Mind: How Security Leaders Choose Solutions

Understanding how CISOs navigate noise, trust peers, and make buying decisions

The post Inside the CISO Mind: How Security Leaders Choose Solutions appeared first on Security Boulevard.

A Comprehensive Guide to Secure Logins with Passkeys

Explore passkeys: the future of secure logins. This guide covers passkey implementation, benefits, and how they enhance security for developers and users alike.

The post A Comprehensive Guide to Secure Logins with Passkeys appeared first on Security Boulevard.

Boost data security with attestation of compliance: Essential for [yy]

Data is one of the most valuable assets organizations possess. As data volumes grow and cyberthreats evolve, ensuring data security is more critical than ever. One of the most effective measures in safeguarding sensitive information is through the attestation of compliance. Data security is no longer a luxury reserved for large corporations; it is a […]

The post Boost data security with attestation of compliance: Essential for [yy] first appeared on TrustCloud.

The post Boost data security with attestation of compliance: Essential for [yy] appeared first on Security Boulevard.

A Look at AI: Black Hat 2025 Revealed Concerns & Spotlighted Opportunities

At Black Hat 2025, AI dominated the spotlight—showcasing new cybersecurity innovations, NHI risks, and the urgent need for identity-aware AI security.

The post A Look at AI: Black Hat 2025 Revealed Concerns & Spotlighted Opportunities appeared first on Security Boulevard.

Using Digital Twins to Model Cyber Risk: BS or BFF?

Digital twins are redefining cybersecurity by modeling real-time risk, unifying siloed data, and helping teams predict and prevent attacks before they happen.

The post Using Digital Twins to Model Cyber Risk: BS or BFF? appeared first on Security Boulevard.

Malicious crypto-stealing VSCode extensions resurface on OpenVSX

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and plant backdoors. [...]

Final Windows 10 Patch Tuesday update rolls out as support ends

In what marks the end of an era, Microsoft has released the Windows 10 KB5066791 cumulative update, the final free update for the operating system as it reaches the end of its support lifecycle. [...]

New Android Pixnapping attack steals MFA codes pixel-by-pixel

A new side-channel attack called Pixnapping enables a malicious Android app with no permissions to extract sensitive data by stealing pixels displayed by applications or websites, and reconstructing them to derive the content. [...]

Microsoft: Exchange 2016 and 2019 have reached end of support

Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online. [...]

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws

Today is Microsoft's October 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day vulnerabilities. Get patching! [...]

Windows 11 KB5066835 and KB5066793 updates released

Microsoft has released Windows 11 KB5066835 and KB5066793 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities and issues. [...]

US seizes $15 billion in crypto from 'pig butchering' kingpin

The U.S. Department of Justice has seized $15 billion in bitcoin from the leader of Prince Group, a criminal organization that stole billions of dollars from victims in the United States through cryptocurrency investment scams, also known as romance baiting or pig butchering. [...]

Oracles silently fixes zero-day exploit leaked by ShinyHunters

Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. [...]

Microsoft warns that Windows 10 reaches end of support today

Microsoft has reminded customers today that Windows 10 has reached the end of support and will no longer receive patches for newly discovered security vulnerabilities. [...]

Security firms dispute credit for overlapping CVE reports

FuzzingLabs has accused the YCombinator-backed startup, Gecko Security, of replicating its vulnerability disclosures. Gecko allegedly filed for 2 CVEs based on FuzzingLabs' reports without crediting them. Gecko denies any wrongdoing, calling the allegations a misunderstanding over disclosure process. [...]

When AI Agents Join the Teams: The Hidden Security Shifts No One Expects

AI assistants are no longer just helping — they're acting. Autonomous agents now open tickets, fix incidents, and make decisions faster than humans can monitor. As "Shadow AI" spreads, learn from Token Security why orgs must govern these agents like powerful new identities before oversight disappears. [...]

Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops

Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections. [...]

Chinese hackers abuse geo-mapping tool for year-long persistence

Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. [...]

A breach every month raises doubts about South Korea’s digital defenses

Known for its blazing fast internet and home to some of the world’s biggest tech giants, South Korea has also faced a string of data breaches and cybersecurity lapses that has struggled to match the pace of its digital ambitions.

Proton releases a new app for two-factor authentication

Proton has a free authenticator app, which is available cross-platform with end-to-end encryption protection for data.

Knox lands $6.5M to compete with Palantir in the federal compliance market

Irina Denisenko, CEO of Knox, launched Knox, a federal managed cloud provider, last year with a mission to help software vendors speed through the FedRAMP security authorization process in just three months, and at a fraction of what it would cost to do it on their own.

Google is adding new device-level features for its Advanced Protection program

At the Android Show, taking place ahead of Google I/O 2025, Google announced that it is adding new device-specific features to its Advanced Protection program, which is designed to protect public figures such as politicians and journalists from different digital threats, with the Android 16 release. The new features include a new way of storing […]

Google announces new security features for Android for protection against scam and theft

At the Android Show on Tuesday, ahead of Google I/O, Google announced new security and privacy features for Android. These new features include new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a […]

A 25-year-old police drone founder just raised $75M led by Index

If you ever call 911 from an area that’s hard to get to, you might hear the buzz of a drone well before a police cruiser pulls up. And there’s a good chance that it will be one made by Brinc Drones, a Seattle-based startup founded by 25-year-old Blake Resnick, who dropped out of college […]

A new security fund opens up to help protect the fediverse

A new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.

How to tell if your online accounts have been hacked

This is a guide on how to check whether someone compromised your online accounts.

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Threat intelligence startup GreyNoise says it has observed a ‘notable resurgence’ in attack activity

US teachers’ union says hackers stole sensitive personal data on over 500,000 members

PSEA says it "took steps to ensure" its stolen data was deleted, suggesting a ransom demand was paid

CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’

Federal court rules U.S. cybersecurity agency must re-hire over 100 former employees

DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts

Affected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning

What PowerSchool won’t say about its data breach affecting millions of students

New details have emerged about PowerSchool's data breach — but here's what PowerSchool still isn't saying.

Hacker accessed PowerSchool’s network months before massive December breach

CrowdStrike says a hacker had access to PowerSchool's internal system as far back as August.

Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations

Unidentified hackers breached NTT Com’s network to steal personal information of employees at thousands of corporate customers

FBI says scammers are targeting US executives with fake BianLian ransom notes

The FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]

UK quietly scrubs encryption advice from government websites

The UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands

Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation

Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape

US said to halt offensive cyber operations against Russia

The reported policy shift comes as the U.S. government signals a change in its threat assessment of Russia

‘Uber for guns’ app Protector lets you hire armed bodyguards like you would an Uber — but does anyone need this?

In a TikTok video with over 3 million views, a woman in a fluffy, maximalist coat sits in the back seat of a luxury SUV, parked in the middle of a New York City street. Atop the 6-second video, a line of text reads, “our bodyguards got us matcha.” The camera zooms in on two […]

KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud

KoDDoS is proud to announce its partnership with MSP Global and CloudFest, two key players in the digital technology and cloud services industry. This collaboration marks an important step toward strengthening ties within the global tech ecosystem, bringing together experts, service providers, and decision-makers to address the cloud’s most strategic challenges. Through this partnership, we … Continue reading KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud

The post KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud appeared first on KoDDoS Blog.

Recap of Our Presence at VivaTech 2025

Our Core Expertise: Offshore Hosting & Advanced Cybersecurity At KoDDoS, we’ve built our reputation on two complementary pillars: 🛡️ Robust Cybersecurity Capabilities For over a decade, we’ve been protecting digital infrastructure with cutting-edge security technologies: 🌐 Resilient and Sovereign Offshore Hosting Our global infrastructure is distributed across strategic offshore data centers in: This setup offers … Continue reading Recap of Our Presence at VivaTech 2025

The post Recap of Our Presence at VivaTech 2025 appeared first on KoDDoS Blog.

KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.

Paris, June 2025 – From June 11 to 14, Paris will once again become the global epicenter of technological innovation with the return of VivaTechnology 2025, held at Paris Expo Porte de Versailles. Bringing together major tech companies, disruptive startups, global investors, and public institutions, the event stands out as a pivotal moment for the … Continue reading KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.

The post KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges. appeared first on KoDDoS Blog.

Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

Video games are more than entertainment; they’re a $200 billion global industry. But as gaming grows, so do cyberattacks. Hackers now see games as goldmines for stealing data, extorting companies, and exploiting players. According to Infosecurity Magazine, Akamai’s 2024 report shows that attacks on gaming platforms are rising alarmingly. In 2024 alone, the industry suffered … Continue reading Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

The post Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe appeared first on KoDDoS Blog.

How Social Media Use Can Create Hidden Cybersecurity Risks

Social media is all around us, helping us stay connected, updated, and entertained. But beneath the endless scroll, a darker reality exists. Hidden cybersecurity threats are growing- some obvious, others much harder to spot. The risks are especially alarming for young users. According to the National Institutes of Health, up to 95% of teens aged … Continue reading How Social Media Use Can Create Hidden Cybersecurity Risks

The post How Social Media Use Can Create Hidden Cybersecurity Risks appeared first on KoDDoS Blog.

KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

From April 1st to 3rd, 2025, KoDDoS, a provider of specialized services in DDoS protection and secure offshore hosting, marked its presence at the InCyber Europe Forum, held at the Lille Grand Palais. A true crossroads of cyber innovation and cooperation, the event is the largest cybersecurity event in Europe. A benchmark event on an … Continue reading KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

The post KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem appeared first on KoDDoS Blog.

Looking back at CloudFest 2025: An essential event for the future of the cloud!

CloudFest is one of the world’s largest cloud computing events. Every year, it brings together the industry’s leading players to discuss the latest technological advancements, emerging trends, and market challenges. In 2025, the event once again cemented its leadership status by providing a dynamic platform for professional exchange and cloud innovation. This edition featured captivating … Continue reading Looking back at CloudFest 2025: An essential event for the future of the cloud!

The post Looking back at CloudFest 2025: An essential event for the future of the cloud! appeared first on KoDDoS Blog.

KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

KoDDoS recently strengthened its commitment to the European tech scene by participating in several major events in France. Our team was honored to be invited to key gatherings in the tech industry, highlighting the importance of innovation and cybersecurity in the evolving digital ecosystem. This strategic tour in Paris allowed us to meet top-tier partners, … Continue reading KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

The post KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris. appeared first on KoDDoS Blog.

KoDDos Will be at CyberShow 2025 in Paris!

The post KoDDos Will be at CyberShow 2025 in Paris! appeared first on KoDDoS Blog.

Technological innovation in the heart of Los Angeles at the CES 2025 🚀

🚀 Cutting-Edge Services KoDDoS has established itself as a key player in the field of high-performance hosting. Specializing in anti-DDoS protection, we ensure unmatched service continuity for our clients in the face of growing threats targeting digital infrastructures. We also invest in groundbreaking technologies, including Web3, blockchain, and the Internet of Things (IoT), providing tailored … Continue reading Technological innovation in the heart of Los Angeles at the CES 2025 🚀

The post Technological innovation in the heart of Los Angeles at the CES 2025 🚀 appeared first on KoDDoS Blog.

Beyond VDI: Security Patterns for BYOD and Contractors in 2025

Remote work is no longer a contingency – it’s the operating norm. Yet the security posture for that work often leans on virtual desktops as a default, even when the workforce is dominated by bring‑your‑own‑device (BYOD) users and short‑term contractors. Virtual desktop infrastructure (VDI) can centralize risk, but it can also centralize failure, expand the admin plane, and add latency that users will work around. This piece examines when VDI stops being the safest choice and what to use instead. I’ll compare concrete control patterns, such as secure local enclaves, strong identity guardrails...

Vulnerability Management and Patch Management: How They Work Together

Vulnerability management and patch management are often spoken of in the same breath. Yet they are not the same. Each serves a distinct purpose, and knowing the difference is more than a matter of semantics; it’s a matter of security. Confuse them, and gaps appear. Leave those gaps, and attackers will find them. To build a strong defense, you need to see how these two processes fit together. One scans the horizon for weaknesses. The other arms you with fixes. Both are vital, but neither can do the other’s job. Let’s take a closer look at what they mean, how they differ, and how they work in...

Understanding the OWASP AI Maturity Assessment

Today, almost all organizations use AI in some way. But while it creates invaluable opportunities for innovation and efficiency, it also carries serious risks. Mitigating these risks and ensuring responsible AI adoption relies on mature AI models, guided by governance frameworks. The OWASP AI Maturity Assessment Model (AIMA) is one of the most practical. In this article, we’ll explore what it is, how it compares to other frameworks, and how organizations can use it to assess their AI maturity. What is the OWASP AI Maturity Assessment Model? The OWASP AI Maturity Assessment Model is a...

CISOs Concerned of AI Adoption in Business Environments

UK security leaders are making their voices heard. Four in five want DeepSeek under regulation. They see a tool that promises efficiency but risks chaos. Business is already under pressure. Trade disputes drag on. Interest rates remain high. Cyber threats grow. Every move to expand operations adds risk, and risk is harder to measure when AI enters the equation. AI spreads fast. It cuts costs, fills gaps, and automates mundane tasks. But it also opens hidden doors. In the UK, AI is now part of daily work. A KPMG survey showed that while 69% of employees use it, only 42% trust it. Slightly over...

When It Comes to Breaches, Boards Can’t Hide Behind CISOs Any Longer

A trend that has long been on the rise is finally having its day. A recent industry report revealed that 91% of security professionals believe that ultimate accountability for cybersecurity incidents lies with the board itself, not with CISOs or security managers. If the security discussion hadn’t fully made its way into C-suite conversations before, it has now. The Chartered Institute of Information Security (CIISEC)’s new State of the Security Profession survey checks the pulse of the industry where cybersecurity regulation is concerned. It emerges with one clear, overarching sentiment: “the...

Windows 10 Retirement: A Reminder for Managing Legacy Industrial Control Systems (ICS)

On October 14th, Windows 10 will be retired, and Microsoft will no longer push patches or updates to systems on that operating system. It is crucial for companies to make the jump to Windows 11 now—or risk being exposed to critical vulnerabilities. This is especially important for Industrial Control Systems (ICS), which often run on legacy systems. Failing to transition could mean putting components like PLCs (Programmable Logic Controllers), SCADA (Supervisory Control and Data Aquisition) systems, HMIs (Human-Machine Interfaces) and the critical infrastructure they support at risk. What...

ENISA Will Operate the EU Cybersecurity Reserve. What This Means for Managed Security Service Providers

The European Union is building a new line of defense. On 26 August 2025, the European Commission and the EU Agency for Cybersecurity (ENISA) signed a contribution agreement that hands ENISA the keys to the EU Cybersecurity Reserve. The deal comes with funding: €36 million over three years. ENISA's mission is straightforward, if not simple. It will administer, operate, and monitor the bloc’s emergency cyber response capabilities. Juhan Lepassaar, ENISA’s executive director, said: “Being entrusted with such prominent project, puts ENISA in the limelight as a dependable partner to the European...

Why File Integrity Monitoring (FIM) Is a Must for Compliance — And How to Pick the Right Solution

As Fortra’s new File Integrity Monitoring Buyer’s Guide states, “What was once a security control for simple file changes now ensures integrity across organizations’ entire systems.” The landscape has evolved significantly since Fortra’s Tripwire introduced file integrity monitoring (FIM) over twenty years ago. But that’s exactly why the industry is due for a new look at what makes a FIM solution unique in 2025 — and what you should expect your FIM provider to bring to the table. What Is File Integrity Monitoring? File integrity monitoring was originally developed as a way to make sure nobody...

Times are Changing. How to Future-Proof Your Cybersecurity Career.

Since the floodgates opened in November 2022 (at the arrival of ChatGPT), there has been one question on everyone’s mind: Is AI going to take my job? While the answers range from yes to no to maybe, there are ways to ride the AI wave without being subsumed by it. The way skilled professionals will do that, especially within cybersecurity, all depends on how well they know the industry—and how well they understand the value of their place in it. This blog will focus on the mixed opportunities of AI in the cybersecurity field and the undoable changes it has produced. Given this landscape, it...

Automotive Privacy in California: The UX Benchmark That Could Change Everything

Every modern car is a data machine. It records where you go, when you go, how you drive, and often, who is with you. This information flows quietly from vehicle to manufacturer. In California, the law is clear. The California Consumer Privacy Act ( CCPA) has been in effect since 2020, giving people the right to see, limit, and delete personal data. But a right is only as strong as the tools that allow you to use it. And in the automotive industry, those tools are often hard to find, hard to use, and harder still to understand. That is the starting point of Privacy4Cars’ 2025 Privacy UX...

BlackSuit Ransomware Breaches Corporate Network Using Single Compromised VPN Credential

A major manufacturing company fell victim to a swift and devastating ransomware attack after threat actors gained access using just one set of stolen VPN credentials. The attack, carried out by the cybercrime group Ignoble Scorpius, culminated in widespread encryption of virtual machines and brought critical operations to a halt. The Initial Compromise The breach […]

The post BlackSuit Ransomware Breaches Corporate Network Using Single Compromised VPN Credential appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA Alerts on Rapid7 Velociraptor Flaw Exploited in Ransomware Campaigns

The Cybersecurity and Infrastructure Security Agency has added a critical vulnerability in Rapid7 Velociraptor to its Known Exploited Vulnerabilities catalogue, warning that threat actors are actively exploiting the flaw in ransomware attacks. The vulnerability, tracked as CVE-2025-6264, was added to the catalogue on October 14, 2025, giving federal agencies until November 4 to implement necessary […]

The post CISA Alerts on Rapid7 Velociraptor Flaw Exploited in Ransomware Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Windows Agere Modem Driver 0-Day Exploited in Active Privilege Escalation Attacks

A newly discovered zero-day vulnerability in the Windows Agere Modem driver has been actively exploited by threat actors to elevate privileges on affected systems. Tracked as CVE-2025-24052 and CVE-2025-24990, these flaws allow a low-privileged user to gain full system control without any user interaction. Microsoft has released an October cumulative update that removes the vulnerable […]

The post Windows Agere Modem Driver 0-Day Exploited in Active Privilege Escalation Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft IIS Exploit Allows Unauthenticated Attackers to Run Arbitrary Code

A serious security flaw has been discovered in Microsoft’s Internet Information Services (IIS) that lets attackers run arbitrary code without logging in. The vulnerability affects the IIS Inbox COM Objects and stems from improper handling of shared memory and objects that have been freed. Attackers who can reach the server and exploit this flaw could […]

The post Microsoft IIS Exploit Allows Unauthenticated Attackers to Run Arbitrary Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code

Veeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12. These flaws could allow authenticated domain users to run malicious code on backup servers and infrastructure hosts. With attackers likely to reverse-engineer the patch, organizations must apply the update without delay to […]

The post Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Chrome Use-After-Free Flaw Lets Attackers Execute Arbitrary Code

Google has released a critical security update for Chrome browser users after discovering a dangerous use-after-free vulnerability that could allow cybercriminals to execute malicious code on victims’ computers. The flaw, tracked as CVE-2025-11756, affects Chrome’s Safe Browsing feature and has earned a High severity rating from Google’s security team. Critical Vulnerability in Chrome’s Safe Browsing […]

The post Chrome Use-After-Free Flaw Lets Attackers Execute Arbitrary Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

FortiPAM & FortiSwitch Manager Flaw Allows Attackers to Bypass Authentication

Fortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks. The vulnerability, tracked as CVE-2025-49201, was internally discovered by Gwendal Guégniaud of the Fortinet Product Security team and published on October 14, 2025. Weak Authentication Vulnerability Enables Brute-Force Attacks The security flaw […]

The post FortiPAM & FortiSwitch Manager Flaw Allows Attackers to Bypass Authentication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

TigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code Extensions

Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498, and 498-00), this sophisticated campaign deploys extensions that steal source code, mine cryptocurrency, and establish remote backdoors for complete system control. A newly identified threat actor known as TigerJack has […]

The post TigerJack Hackers Target Developer Marketplaces with 11 Malicious VS Code Extensions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

FortiOS CLI Bypass Flaw Lets Attackers Run Arbitrary System Commands

Fortinet has disclosed a security vulnerability affecting its FortiOS operating system that could allow attackers with administrative privileges to execute unauthorized system commands by bypassing command line interface restrictions. The flaw, tracked as CVE-2025-58325, was discovered internally by Fortinet’s PSIRT team and published on October 14, 2025. Vulnerability Details The security weakness stems from an […]

The post FortiOS CLI Bypass Flaw Lets Attackers Run Arbitrary System Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users

The GhostBat RAT campaign leverages diverse infection vectors—WhatsApp, SMS with shortened URLs, GitHub-hosted APKs, and compromised websites—to distribute malicious Android droppers. Once installed, these droppers employ multi-stage workflows, deliberate ZIP header manipulation, and heavy string obfuscation to evade antivirus detection and reverse‐engineering. The threat actors utilize native libraries (.so) to dynamically resolve API calls and […]

The post GhostBat RAT Android Malware Poses as Fake RTO Apps to Steal Banking Data from Indian Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Swalwell seeks answers from CISA on workforce cuts

Rep. Eric Swalwell, D-Calif., sent a letter Tuesday to acting CISA Director Madhu Gottumukkala raising concerns about staffing levels and the direction of the nation’s primary cybersecurity agency, writing that the “Trump Administration has undertaken multiple efforts to decimate CISA’s workforce, undermining our nation’s cybersecurity.” Swalwell, the ranking member on the House Homeland Security Subcommittee […]

The post Swalwell seeks answers from CISA on workforce cuts appeared first on CyberScoop.

Researchers find a startlingly cheap way to steal your secrets from space

Using commercially available equipment, researchers scanned 39 satellites and observed sensitive, encrypted communications from telecoms, businesses and the U.S. military.

The post Researchers find a startlingly cheap way to steal your secrets from space appeared first on CyberScoop.

Microsoft’s Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days

The tech giant addressed a record-high number of defects for the year in its latest update.

The post Microsoft’s Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days appeared first on CyberScoop.

Officials crack down on Southeast Asia cybercrime networks, seize $15B

The cryptocurrency seizure and sanctions targeting the Prince Group, associates and affiliated businesses mark the most extensive action taken against cybercrime operations in the region to date.

The post Officials crack down on Southeast Asia cybercrime networks, seize $15B appeared first on CyberScoop.

LevelBlue to acquire Cybereason in latest cybersecurity industry consolidation

For Cybereason, the acquisition bookends a turbulent seven-year period that saw the company swing from near-IPO status to dramatic valuation declines and multiple restructurings.

The post LevelBlue to acquire Cybereason in latest cybersecurity industry consolidation appeared first on CyberScoop.

Flax Typhoon can turn your own software against you

The Chinese hacking group gained persistent access to a popular mapping tool by turning one of its features into a webshell and hardcoding access, according to ReliaQuest.

The post Flax Typhoon can turn your own software against you appeared first on CyberScoop.

Red, blue, and now AI: Rethinking cybersecurity training for the 2026 threat landscape

Cybersecurity today is defined by complexity. Threats evolve in real time, driven by AI-generated malware, autonomous reconnaissance, and adversaries capable of pivoting faster than ever. In a recent survey by DarkTrace of more than 1,500 cybersecurity professionals worldwide, nearly 74% said AI-powered threats are a major challenge for their organization, and 90% expect these threats […]

The post Red, blue, and now AI: Rethinking cybersecurity training for the 2026 threat landscape appeared first on CyberScoop.

Fortra cops to exploitation of GoAnywhere file-transfer service defect

The vendor belatedly admitted the max-severity vulnerability was actively exploited weeks after researchers and officials confirmed as much independently.

The post Fortra cops to exploitation of GoAnywhere file-transfer service defect appeared first on CyberScoop.

Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium

The spyware poses as popular apps like TikTok, and may break free of Russian borders at some point, the researchers say.

The post Russian spyware ClayRat is spreading, evolving quickly, according to Zimperium appeared first on CyberScoop.

Dems introduce bill to halt mass voter roll purges

The bill likely won’t get far in a GOP-controlled Congress, but proponents described it as part of a broader effort to push back through constitutional institutions.

The post Dems introduce bill to halt mass voter roll purges appeared first on CyberScoop.

SAP fixed maximum-severity bug in NetWeaver

SAP addressed 13 new flaws, including a maximum severity vulnerability in SAP NetWeaver, which could lead to arbitrary command execution. SAP addressed 13 new vulnerabilities, including a maximum severity issue, tracked as CVE-2025-42944 (CVSS score of 10.0) in SAP NetWeaver. The vulnerability is an insecure deserialization that could lead to arbitrary command execution. “Due to a deserialization […]

Unencrypted satellites expose global communications

Researchers found nearly half of geostationary satellites leak unencrypted data, exposing consumer, corporate, and military communications. A group of researchers from UC San Diego and the University of Maryland found nearly half of geostationary satellites transmit unencrypted data, exposing sensitive consumer, corporate, and military communications to interception. The researchers used an $800 satellite receiver for […]

Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an ArcGIS system for over a year, using it as a backdoor. ArcGIS, a key GIS platform for mapping and analysis, supports vital services like […]

Researchers warn of widespread RDP attacks by 100K-node botnet

A botnet of 100K+ IPs from multiple countries is attacking U.S. RDP services in a campaign active since October 8. GreyNoise researchers uncovered a large-scale botnet that is targeting Remote Desktop Protocol (RDP) services in the United States starting on October 8. The company discovered the botnet after detecting an unusual spike in Brazilian IP […]

Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

Harvard University confirmed being targeted in the Oracle EBS campaign after the Cl0p ransomware group leaked 1.3 TB of data. Harvard University confirmed it was targeted in the Oracle E-Business Suite campaign after the Cl0p ransomware group listed it on its leak site. The cybercrime group claimed to have leaked 1.3 TB of data allegedly […]

UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling

The UK’s NCSC handled 429 cyberattacks from Sept 2024–Aug 2025, including 204 nationally significant cases, over double the previous year’s total. The UK’s National Cyber Security Centre (NCSC) reported a record surge in major cyberattacks, responding to 429 incidents from September 2024 to August 2025, including 204 deemed “nationally significant”, more than double the previous […]

Unverified COTS hardware enables persistent attacks in small satellites via SpyChain

SpyChain shows how unverified COTS hardware in small satellites can enable persistent, multi-component supply chain attacks using NASA’s NOS3 simulator. The rise of small satellites has transformed scientific, commercial, and defense operations. Using commercial off-the-shelf (COTS) parts makes them cheaper and faster to build but also introduces new, poorly understood security risks unique to space […]

Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884

Oracle issued an emergency security update to address a new E-Business Suite (EBS) vulnerability tracked as CVE-2025-61884. Oracle released an emergency patch to address an information disclosure flaw, tracked as CVE-2025-61884 (CVSS Score of 7.5), in E-Business Suite’s Runtime UI component (versions 12.2.3–12.2.14). “Oracle has just released Security Alert CVE-2025-61884. This vulnerability affects some deployments of Oracle E-Business […]

Customer payment data stolen in Unity Technologies’s SpeedTree website compromise

Malicious code on Unity Technologies’s SpeedTree site skimmed sensitive data from hundreds of customers, the company confirmed. Video game software development firm Unity Technologies revealed that malicious code on its SpeedTree website skimmed sensitive information from hundreds of customers, impacting users who accessed the compromised site. The company discovered on August 26, 2025, the presence […]

SimonMed Imaging discloses a data breach impacting over 1.2 million people

Medusa ransomware hit SimonMed Imaging, stealing 200 GB of data and impacting over 1.2 million people in a major healthcare data breach. SimonMed Imaging suffered a ransomware attack by the Medusa group, which claimed to have stolen 200 GB of data. SimonMed Imaging is one of the largest outpatient medical imaging providers in the U.S., […]

CyberSmart Become a National Ambassador of the NCRCG

With Cyber Security Awareness Month firmly underway, the National Cyber Resilience Centre Group (NCRCG) has proudly welcomed CyberSmart on board as a National Ambassador. Funded and supported by the Home Office, policing and Ambassador business partners, NCRCG is bringing together all those who have a vital responsibility for combating cybercrime to help strengthen the cyber defences of […]

The post CyberSmart Become a National Ambassador of the NCRCG appeared first on IT Security Guru.

Hidden Cost of MFT Vulnerabilities: Why CVE-2025-10035 Demands a New Security Playbook

When Fortra disclosed CVE-2025-10035 in GoAnywhere MFT last month, many security teams likely experienced a familiar sinking feeling. Another critical vulnerability. Another emergency patch cycle. Another race against ransomware operators. But this latest maximum-severity flaw reveals something more troubling than a single vendor’s coding error. It exposes the fundamental fragility of how organisations handle their […]

The post Hidden Cost of MFT Vulnerabilities: Why CVE-2025-10035 Demands a New Security Playbook appeared first on IT Security Guru.

Bridewell encourages elevating “untapped talent” this Cybersecurity Awareness Month

Bridewell, a cybersecurity provider to CNI organisations, is marking Cybersecurity Awareness Month by encouraging the industry to make cybersecurity careers more accessible to individuals from all backgrounds in order to address the UK’s chronic skills shortage. To lead by example the company has also announced the next intake for its Bridewell Academy on November 10th. […]

The post Bridewell encourages elevating “untapped talent” this Cybersecurity Awareness Month appeared first on IT Security Guru.

How Important are Accessible Website Designs in 2025?

In 2025, the importance of a top-quality and well-functioning website cannot be overstated. Forgetting this is a costly mistake, but an even greater one is failing to ensure that a website is fully functional for everyone. That’s where website accessibility comes in, which is the practice of designing digital experiences to be usable by people […]

The post How Important are Accessible Website Designs in 2025? appeared first on IT Security Guru.

Pro-Russian hacking group snared by Forescout Vedere Labs honeypot

Forescout Vedere Labs published a report exposing how a pro-Russian hacktivist group was duped into thinking they had hacked a European water facility, unaware their target was in fact a carefully crafted honeypot. This “hack” provided Forescout researchers the rare opportunity to see first-hand how these groups look for and exploit weaknesses in critical infrastructure. […]

The post Pro-Russian hacking group snared by Forescout Vedere Labs honeypot appeared first on IT Security Guru.

New research from VerifyLabs.AI highlights the nation’s fears when it comes to deepfakes

As concerns regarding AI-driven fraud, impersonation, and digital deception continue to grow, new research from VerifyLabs.AI has revealed that over a third (35%) of Brits said deepfake nudes (non-consensual intimate imagery) or videos of themselves or their child were what they feared most when it came to deepfakes. This fear was even more pronounced among […]

The post New research from VerifyLabs.AI highlights the nation’s fears when it comes to deepfakes appeared first on IT Security Guru.

Research Finds Budgets, Staffing and Skills Fail to Keep Pace with Rising Cyber Threats

New research by ISACA has found that over a third (39%) of European IT and cybersecurity professionals report that their organisation is experiencing more cybersecurity attacks than this time last year. Yet despite this rising wave of attacks, confidence in organisational readiness remains low, with only 38% of professionals stating they are completely confident in […]

The post Research Finds Budgets, Staffing and Skills Fail to Keep Pace with Rising Cyber Threats appeared first on IT Security Guru.

Research Finds That API Security Blind Spots Could Put AI Agent Deployments at Risk

New research by Salt Security has revealed an alarming disconnect between rapid API adoption and immature security practices, threatening the success of critical AI and automation initiatives. The H2 2025 State of API Security Report shows that, as enterprises race to capitalise on the emerging AI Agent Economy, API security has emerged as a systemic vulnerability […]

The post Research Finds That API Security Blind Spots Could Put AI Agent Deployments at Risk appeared first on IT Security Guru.

Huntress Partners with Sherweb in First Global Distribution Deal to Expand MSP Cybersecurity Reach

Huntress has entered into its first distribution partnership, teaming up with global cloud solutions provider Sherweb to broaden access to its cybersecurity products among managed service providers (MSPs) in North America, Ireland, and the UK. Under the new agreement, all Huntress solutions will be available through the Sherweb Marketplace, giving MSPs access to the company’s […]

The post Huntress Partners with Sherweb in First Global Distribution Deal to Expand MSP Cybersecurity Reach appeared first on IT Security Guru.

Hack The Box introduces Threat Range for cyber incident simulation

Hack The Box (HTB), has announced the launch of HTB’s Threat Range, a team-based cyber incident simulation software that offers operational insights for executives and board members. With AI at its core, the company says this new environment extends HTB’s industry-leading cyber ranges to equip enterprises, government organisations and MSSPs with the necessary skills, tools […]

The post Hack The Box introduces Threat Range for cyber incident simulation appeared first on IT Security Guru.

Software-Tracking Database Project Management Plan for Organizational IT Departments

Organizations need to monitor and administer their software throughout departments because today’s technology-based environment requires effective tracking for both security and compliance and operational excellence. The plan defines how to...

The post Software-Tracking Database Project Management Plan for Organizational IT Departments appeared first on Cyber Defense Magazine.

Sweatpants & Cyberthreats: Managing Remote Employee Risk

The remote work revolution did not just change where we work, it redefined how we secure our workplaces. The shift, which was accelerated by the pandemic, has forced organizations to...

The post Sweatpants & Cyberthreats: Managing Remote Employee Risk appeared first on Cyber Defense Magazine.

Keeping Up with Compliance: Navigating a Patchwork of Global Regulations in 2025

Note: Nothing herein shall constitute legal advice, compliance directives, or otherwise. Customers and prospective customers should consult an attorney and/or other compliance professional regarding their organizations’ compliance obligations, including, without limitation,...

The post Keeping Up with Compliance: Navigating a Patchwork of Global Regulations in 2025 appeared first on Cyber Defense Magazine.

AI vs AI: The Future of Cybersecurity Is Machine vs. Machine. Is the human factor still relevant?

How Artificial Intelligence is transforming both cyber defense and cybercrime by Venkatesh Apsingekar, Senior Engineering Manager – Illumio I recently watched Terminator 2 with my 9-year-old son. Since It was...

The post AI vs AI: The Future of Cybersecurity Is Machine vs. Machine. Is the human factor still relevant? appeared first on Cyber Defense Magazine.

Your Alerts Are Increasing Your Cybersecurity Risk

At their core, alerts exist to bring attention to something meaningful: an indicator of compromise (IOC), an indicator of attack (IOA), or a suspicious behavior worth investigating. But in any...

The post Your Alerts Are Increasing Your Cybersecurity Risk appeared first on Cyber Defense Magazine.

Is Hacking Back Ever a Good Strategy?

Hacking back aims to retaliate against cyberattackers by launching a counterattack to disrupt their systems, recover stolen data or send a message. As cyberthreats grow more frequent and sophisticated, it’s...

The post Is Hacking Back Ever a Good Strategy? appeared first on Cyber Defense Magazine.

Is CMMC 3.0 on the Horizon? How Defense Contractors Can Prepare Now

The Department of Defense recently sent defense contractors a clear signal: an update to the recently finalized CMMC 2.0 is likely coming and the time to prepare is now. In...

The post Is CMMC 3.0 on the Horizon? How Defense Contractors Can Prepare Now appeared first on Cyber Defense Magazine.

In Defense of Good Bots: Good Bots Exist, But Only When We Build Them That Way

The word “bot” doesn’t have the best reputation right now. You hear it and think of election manipulation, fake social media accounts, scammy customer service chatbots, or malware scanning networks....

The post In Defense of Good Bots: Good Bots Exist, But Only When We Build Them That Way appeared first on Cyber Defense Magazine.

Identity Risk Intelligence – The Missing Piece in Continuous Threat Exposure Management (CTEM)

In today’s cybersecurity landscape, identity is no longer just a credentialing concern; it is the battleground. Modern cyber defenses increasingly need to be identity-centric. With attackers increasingly bypassing traditional defenses...

The post Identity Risk Intelligence – The Missing Piece in Continuous Threat Exposure Management (CTEM) appeared first on Cyber Defense Magazine.

How Chief Technology Officers Can Stay Ahead of Complex Threat Actor Tactics

Cyberattacks are becoming increasingly complex because organizations are more interconnected than ever before while threat actors are better resourced and digital environments are harder to defend. The ability to prevent...

The post How Chief Technology Officers Can Stay Ahead of Complex Threat Actor Tactics appeared first on Cyber Defense Magazine.

Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882

Cybereason is continuing to investigate. Check the Cybereason blog for additional updates.

Last update: Oct 7, 11am EST

Overview and What Cybereason Knows So Far

July 2025, Oracle releases security updates including 309 patches, which included nine that addressed flaws/vulnerabilities in Oracle E-Business Suite (EBS).
July 2025 (end of) through September 2025 (beginning of), Cybereason has assessed based on emerging evidence and ongoing forensic investigations, that CL0P orchestrated an Intrusion Path that allowed for unauthorized access to on-premise, customer-managed Oracle E-Business Suite (EBS) solutions, enumerated accessible and stored data, and conducted data exfiltration.
September 2025 (end of) through October 2025 (beginning of), a widespread orchestrated email extortion campaigns emerged targeting users of on-premise, customer-managed Oracle E-Business Suite (EBS) and requesting contact with CL0P in order to not expose data allegedly exfiltrated.
October 2025 (beginning of), Cybereason is aware of ongoing investigations in which CL0P has provided proof of data. CL0P does not appear to have named new victims associated with this incident as of October 4, 2025.
October 5, 2025, Oracle confirms CVE-2025-61882 in Oracle E-Business Suite (EBS). This vulnerability was remotely exploitable without authentication (i.e., it can be exploited over a network without the need for a username and password). Successful exploitation can lead to remote code execution (RCE).
October 7, 2025, Cybereason confirms earliest evidence of threat actor activity occurred August 9, but is subject to change based on ongoing investigations.

7000+ IRs Later: The 11 Essential Cybersecurity Controls

Cybereason 11 Essential Cybersecurity Controls

Decades in incident response reveal battle-tested cybersecurity controls that minimize attack surface, improve detection and response, reduce incident impact and losses, and build cyber resilience (with compliance mappings for easy implementation).

Behind the Mask of Madgicx Plus: A Chrome Extension Campaign Targeting Meta Advertisers

Cybereason Security Services recently analyzed an investigation into a broader malicious Chrome extension campaign, part of which had been previously documented by DomainTools. While earlier iterations of this campaign involved the impersonation a variety of services, the latest version shifts focus to Meta (Facebook/Instagram) advertisers through a newly crafted lure: “Madgicx Plus,” a fake AI-driven ad optimization platform. Promoted as a tool to streamline campaign management and boost ROI using artificial intelligence, the extension instead delivers potentially malicious functionalities capable of hijacking business sessions, stealing credentials, and compromising Meta Business accounts. Notably, several domains associated with earlier parts of the campaign have been repurposed to promote this new theme, highlighting the operators’ tendency to recycle infrastructure while adapting their social engineering strategy to new targets.

CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities

Cybereason is actively investigating exploitation attempts of these vulnerabilities. Check the Cybereason blog for additional updates.

Key Takeaways

Two zero-day vulnerabilities discovered in on-premise Microsoft SharePoint servers, tracked as CVE‑2025‑53770 and CVE‑2025‑53771.
Affected versions include: Subscription Edition – KB5002768, SharePoint 2019 – KB5002754, SharePoint 2016 – KB5002760.
If exploited, these vulnerabilities could allow for remote code execution (RCE).
Cybereason has observed ongoing active exploitation attempts of these vulnerabilities through our Global SOC monitoring.
With this exploit, we recommend taking an “assume compromised” posture, immediately patching impacted versions, and conducting incident response historical look back.

BlackSuit: A Hybrid Approach with Data Exfiltration and Encryption

Cybereason Security Services issue Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

Deploying NetSupport RAT via WordPress & ClickFix

In May 2025, Cybereason Global Security Operations Center (GSOC) detected that threat actors have been hosting malicious WordPress websites to deliver malicious versions of the legitimate NetSupport Manager Remote Access Tool (RAT).

Introducing the Cybereason TTP Briefing: Frontline Threat Intelligence Insights

Gain insight into the latest attack trends, techniques, and procedures our Incident Response experts are actively facing with the brand new TTP Briefing, a report built on frontline threat intelligence from our global incident response (IR) investigations, enriched by noteworthy detections from our SOC.

Ransomware Gangs Collapse as Qilin Seizes Control

The ransomware landscape is undergoing a turbulent realignment, marked by collapses, takeovers, and unexpected internal betrayals.

Copyright Phishing Lures Leading to Rhadamanthys Stealer Now Targeting Europe

Cybereason issues Threat Alerts to inform customers of emerging impacting threats, critical vulnerabilities and attacker campaigns. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.

Genesis Market - Malicious Browser Extension

Cybereason GSOC has identified a malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023.

How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Soon�

Posted by Sean @ 12:52 GMT

Our "construction project" is progressing nicely.

A work in progress

And it should resolve this…

Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.

On 18/08/15 At 12:52 PM

Work In Progress

Posted by Sean @ 13:25 GMT

Regular readers will have noticed it's been slow here of late.

Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.

On 13/08/15 At 01:25 PM

"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT

Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:

iOS 9 Public Beta 2, Install

And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.

iOS 9 Public, Safari Block Alerts

We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.

On 23/07/15 At 09:53 AM

Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.

seaduke_crossplatform (39k image)
An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.

bastion_z (12k image)
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.

onedrive_z (7k image)
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".

decoy_ndi_small (63k image)
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.

decoy_fax (72k image)
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP

On 22/07/15 At 11:59 AM

'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT

VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.

The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.

On 20/07/15 At 12:40 PM

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:

iosclean.com

Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:

Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.

error1014.com

The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)

On 17/07/15 At 10:15 AM

Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.

overall_stats (11k image)

Here are the stats for each exploit kit:

ek_stats (27k image)

The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:

weekend_wave_stats (22k image)

Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:

angler_vs_hanjuan_urlpattern (9k image)

We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:

anglerek_ht0d_3 (26k image)

HanJuan Flash Exploit:

hanjuanek_ht0d_3 (23k image)

There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.

On 13/07/15 At 12:29 PM

The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT

When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):

hacking_team_client_list (86k image)

Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:

hacking_team_hack_1 (95k image)

hacking_team_hack_2 (72k image)

Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.

Post by – Su Gim

On 08/07/15 At 02:31 AM

Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT

The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.

Wassenaar Arrangement definitions
(Source)

So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.

On 09/06/15 At 01:25 PM

Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT

I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.

_WalkinWiFi

Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean

On 08/06/15 At 01:27 PM

SMS Exploit Messages

Posted by Sean @ 13:56 GMT

There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.

S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:

Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:

Effective Power Unicode iOS hack vs Twitter

On 28/05/15 At 01:56 PM

Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT

In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:

crypt_email (104k image)

When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:

crypt_email_redirect_italy (187k image)

So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:

crypt_email_mal_italy (302k image)

Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:

crypt_email_redirect_spain (74k image)

If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:

crypt_email_target_spain (57k image)

And then to the malware itself:

crypt_email_mal_spain (313k image)

This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor

On 19/05/15 At 03:17 AM

Mac Hack Demonstration

Posted by Sean @ 12:46 GMT

Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.

Don't worry, it's an authorized hack, she asked her mom for permission.

On 15/05/15 At 12:46 PM

Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries. As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

Where Ransomware Profits Go and How to Cut Them Off

Researched and written by Heimdal founder Morten Kjaersgaard, this article exposes how even limited cooperation between registry bodies and law enforcement could cripple ransomware networks and raise the cost for cybercriminals. This article serves as a wake-up call. Even limited cooperation between registry bodies and law enforcement could cripple ransomware networks and raise the cost […]

The post Where Ransomware Profits Go and How to Cut Them Off appeared first on Heimdal Security Blog.

ITDR vs EDR: What are the Key Differences?

Key takeaways: What are the main differences between ITDR, EDR, and other security solutions? How does ITDR provide effective protection against identity-based threats? How to effectively detect and respond to attacks. If there’s one thing the cybersecurity community loves, it’s an acronym. To some extent, this has been the case since the earliest days of cybersecurity. […]

The post ITDR vs EDR: What are the Key Differences? appeared first on Heimdal Security Blog.

What Is Identity Threat Detection and Response?

Key insights: What is identity threat detection and response (ITDR)? What are the differences and similarities between ITDR and EDR? What are the alternatives to ITDR? Identity Threat Detection and Response (ITDR) is a comparatively new term in the cybersecurity scene. It was first coined by Gartner in 2022 and has since become a cornerstone […]

The post What Is Identity Threat Detection and Response? appeared first on Heimdal Security Blog.

Small Business Cybersecurity Statistics in 2025

Small businesses are a big target for cyber criminals. Read our small business statistics rundown to get a true picture of how the sector is being affected in 2025. Until relatively recently, cybercrime wasn’t perceived as a major risk for small businesses. Hackers traditionally focused on larger companies or government bodies with more money and […]

The post Small Business Cybersecurity Statistics in 2025 appeared first on Heimdal Security Blog.

Follow the Money Blueprint For MSP Success (With Dave Sobel)

“If I was starting an MSP today, I am not sure I would start an MSP.” Now that’s a way to grab your attention when opening a podcast. Coming from Dave Sobel, someone who’s been an MSP owner, vendor executive, and now runs The Business of Tech podcast – that’s not a throwaway comment. Dave […]

The post Follow the Money Blueprint For MSP Success (With Dave Sobel) appeared first on Heimdal Security Blog.

Digital doppelgängers: How sophisticated impersonation scams target content creators and audiences

Content creation is no longer niche. Over 50 million Americans earn income by making videos, livestreams, podcasts, or other digital media. Many are full-time creators, while others pursue it as a side hustle. Either way, having an online presence is becoming increasingly risky. Scammers are catching on. In 2024 alone, the Federal Trade Commission’s logged […]

The post Digital doppelgängers: How sophisticated impersonation scams target content creators and audiences appeared first on Heimdal Security Blog.

Heimdal Joins the Tidal Cyber Registry with Its Extended Detection & Response (XDR) Solution

COPENHAGEN, Denmark, September 23, 2025 – We are proud to announce that our Extended Detection & Response (XDR) product has been officially listed on the Tidal Cyber Registry. This listing marks a significant milestone in Heimdal’s commitment to transparency, precision, and proactive threat defense. By integrating with the Tidal Cyber platform, Heimdal enables its customers […]

The post Heimdal Joins the Tidal Cyber Registry with Its Extended Detection & Response (XDR) Solution appeared first on Heimdal Security Blog.

The Ultimate MSP Podcast List

Podcasts are every smart MSP’s secret weapon. They spark ideas, fuel strategy, and keep you in the know, without adding another thing to your to-do list. To save you the scroll, we’ve handpicked the most binge-worthy MSP podcasts of 2025 – shows that bring real talk, fresh insights, and the kind of advice you’ll actually […]

The post The Ultimate MSP Podcast List appeared first on Heimdal Security Blog.

Cyber Essentials Explained – And How Heimdal Helps You Pass and Stay Compliant

Cyber Essentials (CE) is the UK government‑backed baseline for stopping common, internet‑originating attacks. It comes in two levels – Cyber Essentials (self‑assessment, board sign‑off) and Cyber Essentials Plus (the same controls, plus independent testing) – and certification renews annually. In a government‑commissioned study, 99% of internet‑originating vulnerabilities were mitigated when CE controls were in place, […]

The post Cyber Essentials Explained – And How Heimdal Helps You Pass and Stay Compliant appeared first on Heimdal Security Blog.

From Incident Response to Storytelling With Adam Pilton

It’s time to meet the man behind our weekly Threat Brief. Adam spends hours researching the latest threats to find and share solutions with you, and I had the pleasure of sitting down with him for this week’s episode. His 15 years investigating cybercrime as a police officer taught him lessons that directly apply to […]

The post From Incident Response to Storytelling With Adam Pilton appeared first on Heimdal Security Blog.

Top 10 Cybersecurity Companies in Europe

Over the last 10-15 years, the cybersecurity scene has gotten increasingly complex, as organizations adopt new technology and hackers evolve more innovative ways to target them. At the same time, data protection and compliance have become much more stringent across the world. Nowhere is this more true than in Europe. Today’s organizations have an ever-increasing […]

The post Top 10 Cybersecurity Companies in Europe appeared first on Heimdal Security Blog.

Password breach statistics in 2025

At Heimdal we’re constantly monitoring the latest industry alerts, media reports, academic research and government data to keep track of password breaches. It’s a crucial part of our work, and means we can advise our customers on emerging threats. To help you get up to speed, we’ve compiled this collection of some of the most […]

The post Password breach statistics in 2025 appeared first on Heimdal Security Blog.

UK Cybersecurity Statistics for 2025

As Dame Margeret Beckett, a member of the House of Lords recently put it: “The UK has the dubious distinction of being one of the world’s most cyber-attacked nations”. Calculating exactly how many cyber attacks there are per country is extremely difficult (not least because many attacks go unnoticed). But reliable cybersecurity sources estimate the […]

The post UK Cybersecurity Statistics for 2025 appeared first on Heimdal Security Blog.

Heimdal Investigation: European Organizations Hit by PDF Editor Malware Campaign

A Heimdal investigation has revealed that the TamperedChef malware, disguised as free productivity software, has infected endpoints across multiple European organizations. The campaign used advanced obfuscation techniques to evade traditional detection. Heimdal’s Discovery Heimdal Security’s Managed Extended Detection and Response (MXDR) team found TamperedChef infections in 0.03% of its European customer base. The number may […]

The post Heimdal Investigation: European Organizations Hit by PDF Editor Malware Campaign appeared first on Heimdal Security Blog.

Active Threats + The Business Model Shift For MSPs

I sat down with Luis Giraldo from ScalePad — an 18-year MSP veteran who’s now helping other MSPs scale — and he dropped some truth bombs that you should hear. He says that 32% of MSPs are losing money. The ones thriving aren’t just better at managing firewalls. They’ve fundamentally changed how they think about […]

The post Active Threats + The Business Model Shift For MSPs appeared first on Heimdal Security Blog.

Clipboard Pictures Exfiltration in Python Infostealer, (Wed, Oct 15th)

For a while, clipboard content has been monitored by many infostealers. Purposes can be multiple, like simply searching and exfiltrating juicy data or on-the-fly modification like crypto-wallet swapping&#;x26;#;x5b;1&#;x26;#;x5d;. Note that the clipboard is a major risk when you don&#;x26;#;39;t disable clipboard sharing between your virtual machines and hosts. A malware running in a sandbox will access your (host) clipboard without problem!

ISC Stormcast For Wednesday, October 15th, 2025 https://isc.sans.edu/podcastdetail/9656, (Tue, Oct 14th)

No summary available.

Microsoft Patch Tuesday October 2025, (Tue, Oct 14th)

I am experimenting today with a little bit of a cleaned-up patch overview. I removed vulnerabilities that affect Microsoft&#;x26;#;39;s cloud systems (but appreciate Microsoft listing them at all), as well as vulnerabilities in third-party software like open source libraries. This should leave us with Microsoft-specific on-premises vulnerabilities. This month, this leaves 157 different vulnerabilities. Eight of the vulnerabilities are rated critical.

ISC Stormcast For Tuesday, October 14th, 2025 https://isc.sans.edu/podcastdetail/9654, (Mon, Oct 13th)

No summary available.

Heads Up: Scans for ESAFENET CDG V5 , (Mon, Oct 13th)

In January, a possible XSS vulnerability was found in the electronic document security management system ESAFENET CDG. This was the latest (as far as I can tell) in a long list of vulnerabilities in the product. Prior vulnerabilities included SQL injection issues and weaknesses in the encryption used to safeguard documents. In other words: A typical "secure" document management system. The product appears to be targeting the Chinese market, and with a website all in Chinese, I doubt it is used much, if at all, outside China.

ISC Stormcast For Monday, October 13th, 2025 https://isc.sans.edu/podcastdetail/9652, (Sun, Oct 12th)

No summary available.

Wireshark 4.4.10 and 4.6.0 Released, (Sun, Oct 12th)

Wireshark release 4.4.10 fixes 6 bugs and 1 vulnerability (in the MONGO dissector).

ISC Stormcast For Friday, October 10th, 2025 https://isc.sans.edu/podcastdetail/9650, (Fri, Oct 10th)

No summary available.

[Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot, (Thu, Oct 9th)

&#;x26;#;x5b;This is a Guest Diary by Jin Quan Low, an ISC intern as part of the SANS.edu Bachelor&#;x26;#;39;s Degree in Applied Cybersecurity (BACS) program &#;x26;#;x5b;1].]

ISC Stormcast For Thursday, October 9th, 2025 https://isc.sans.edu/podcastdetail/9648, (Thu, Oct 9th)

No summary available.

CyberheistNews Vol 15 #41 [AI Misuse Alert] New Phishing Campaign Uses AI Tools to Evade Detection

A Surge in Text Message Scams Targets Younger Americans

A new report warns of a significant spike in SMS phishing (smishing) scams targeting younger Americans between 18 and 29 years old.

Warning: Job Scams Surge by More than 1000%

Job-related scams surged by more than one thousand percent between May and July 2025, according to new research from McAfee.

[Cybersecurity Awareness Month] The Rise of Dr. Deepfake: Combatting Social Engineering’s Newest Weapon

Deepfakes are easier to create than ever and are being used to attack organizations, families and individuals.

The Engine Room: Powering Your Human Risk Management Strategy with Intelligent Tech

We’ve come a long way. We’ve deconstructed the problem, explored the complexity of humans, and laid out a strategic framework and a practical map—all of which can be explored in more detail in our Human Risk Management (HRM) whitepaper.

Report: North Korea Expands Its Remote Employment Schemes

North Korea’s fraudulent IT worker schemes have expanded to target nearly every industry that hires remote employees, according to researchers at Okta.

The Hidden Cybersecurity Threat: Securing the Human-AI Relationship

The conversation about AI in cybersecurity is missing the point. While the industry has been focused on the emergence of AI-generated phishing emails, perhaps a far more profound shift has been somewhat ignored.

A TikTok for Deepfakes? OpenAI Could Be Making It a Reality

OpenAI, the people behind ChatGPT, have launched an updated AI video- and audio-generation system with fascinating, and terrifying, implications for the spread of deepfakes.

If You Have Not Realized It, Vishing Is Really Taking Off

Fighting voice-based phishing needs to be a big part of your human risk management (HRM) plan.

Multitasking Employees Are Particularly Vulnerable to Phishing Attacks

Employees who multitask are significantly more vulnerable to phishing attacks, according to a study from the University at Albany published in the European Journal of Information Systems.

News alert: Sweet Security named cloud, CADR leader for AI-driven runtime threat detection

TEL AVIV, Israel, Oct. 14, 2025, CyberNewswire: Sweet Security, a leader in Runtime Cloud and AI security solutions, today announced that it has been recognized as both a Cloud Security Leader and a Cloud Application Detection & Response (CADR) … (more…)

The post News alert: Sweet Security named cloud, CADR leader for AI-driven runtime threat detection first appeared on The Last Watchdog.

News Alert: Gcore neutralizes record DDoS attack — underscores need for adaptive mitigation

LUXEMBOURG, Oct. 14, 2025, CyberNewswire — Gcore, the global edge AI, cloud, network, and security solutions provider, has successfully mitigated one of the largest DDoS attacks recorded to date.

The large-scale, multi-regional DDoS attack reached a peak bandwidth of … (more…)

The post News Alert: Gcore neutralizes record DDoS attack — underscores need for adaptive mitigation first appeared on The Last Watchdog.

GUEST ESSAY: Observability is no longer passive — it’s now a real-time driver of security action

Modern enterprises generate a steady stream of telemetry from infrastructure and applications.

This data spans infrastructure layers, workloads, and communication patterns across hybrid and multi-cloud environments.

Traditionally, performance-focused engineering teams have relied on one set … (more…)

The post GUEST ESSAY: Observability is no longer passive — it’s now a real-time driver of security action first appeared on The Last Watchdog.

News alert: SquareX exposes how AI browsers fall prey to OAuth hijacks and malware traps

PALO ALTO, Calif., Oct. 9, 2025, CyberNewswire — As AI Browsers rapidly gain adoption across enterprises, SquareX has released critical security research exposing major vulnerabilities that could allow attackers to exploit AI Browsers to exfiltrate sensitive data, distribute malware and … (more…)

The post News alert: SquareX exposes how AI browsers fall prey to OAuth hijacks and malware traps first appeared on The Last Watchdog.

News alert: Lightship, OpenSSL submit OpenSSL 3.5.4 — with post-quantum crypto on board

NEWARK, N.J., October 9, 2025, CyberNewswire — Lightship Security, an Applus+ Laboratories company and accredited cryptographic security test laboratory, and the OpenSSL Corporation, the co-maintainer of the OpenSSL Library, announce the submission of OpenSSL version 3.5.4 to the … (more…)

The post News alert: Lightship, OpenSSL submit OpenSSL 3.5.4 — with post-quantum crypto on board first appeared on The Last Watchdog.

GUEST ESSAY: Why cyber defenses need a framework — and a clearer map of boundaries

In the early years of enterprise computing, isolation had a clear home in the networking domain.

Network isolation meant a strong perimeter that kept internal traffic separate from the external world. Firewalls, VLANs, and DMZs were the primary tools. The … (more…)

The post GUEST ESSAY: Why cyber defenses need a framework — and a clearer map of boundaries first appeared on The Last Watchdog.

News alert: Miggo Security lauded for preventing AI-borne attacks with behavior-aware security

TEL AVIV, Israel, Oct. 8, 2025, CyberNewswire — Miggo Security, pioneer and innovator in Application Detection & Response (ADR) and AI Runtime Defense, today announced it has been recognized as a Gartner Cool Vendor in AI Security.

To … (more…)

The post News alert: Miggo Security lauded for preventing AI-borne attacks with behavior-aware security first appeared on The Last Watchdog.

SHARED INTEL Q&A: Cyber insurance breaches expose resilience gap and need for orchestration

Cybercriminals have a new target in their sights: the insurance industry.

Groups like Scattered Spider are going after carriers directly, disrupting operations and exposing weak links in the very system meant to underwrite cyber … (more…)

The post SHARED INTEL Q&A: Cyber insurance breaches expose resilience gap and need for orchestration first appeared on The Last Watchdog.

News alert: INE Security report finds cyber-IT silos leave teams exposed — cross-training urged

RALEIGH, N.C., Oct. 7, 2025, CyberNewswire – INE Security, a leading provider of cybersecurity training and certifications, today announced the results of a global study examining the convergence of networking and cybersecurity disciplines.

“Wired Together: The Case for … (more…)

The post News alert: INE Security report finds cyber-IT silos leave teams exposed — cross-training urged first appeared on The Last Watchdog.

News Alert: ThreatBook launches ATI platform, targets gaps in Asia-Pacific threat detection

SINGAPORE, Sept. 29, 2025, CyberNewswire — ThreatBook, a global leader in cyber threat intelligence, detection and response, today announced the worldwide launch[1] of ThreatBook Advanced Threat Intelligence (“ThreatBook ATI”).

Spearheaded from its offices in Singapore and Hong Kong, the … (more…)

The post News Alert: ThreatBook launches ATI platform, targets gaps in Asia-Pacific threat detection first appeared on The Last Watchdog.

Satellites leak voice calls, text messages and more

Scientists have revealed a gaping hole in global telecom security, intercepting personal and business data from geostationary satellites.

AI-driven scams are preying on Gen Z’s digital lives

Gone are the days when extortion was only the plot line of crime dramas—today, these threatening tactics target anyone with a smartphone, especially Gen Z.

Pixel-stealing “Pixnapping” attack targets Android devices

Imagine if a rogue app could glimpse tiny bits of your screen—even the parts you thought were secure, like your 2FA codes.

Researchers break OpenAI guardrails

The maker of ChatGPT released a toolkit to help protect its AI from attack earlier this month. Almost immediately, someone broke it.

Phishing scams exploit New York’s inflation refund program

Scammers are texting residents, urging them to “verify payment details” to claim their refund.

A week in security (October 6 – October 12)

A list of topics we covered in the week of October 6 to October 12 of 2025

Apple voices concerns over age-check law that could put user privacy at risk

The more sensitive data that companies have to collect and store, the greater the consequences for users if it’s breached.

Your passwords don’t need so many fiddly characters, NIST says

It’s once again time to change your passwords, but if one government agency has its way, this might be the very last time you do it.

Millions of (very) private chats exposed by two AI companion apps

Two AI "girlfriend" apps have blabbed millions of intimate conversations from more than 400,000 users.

Fake VPN and streaming app drops malware that drains your bank account

Mobdro Pro IP TV + VPN hides Klopatra, a new Android Trojan that lets attackers steal banking credentials.

California just put people back in control of their data

California just passed 14 new privacy and AI laws. We’re highlighting a few that give users real control over their personal data.

One stolen iPhone uncovered a network smuggling thousands of devices to China

Turns out Apple’s ‘Find My’ feature isn’t just for when your phone slips down the side of the couch.

Modeling scams see mature models as attractive new prospects

Modeling scammers are reinventing old tricks for the social media age—targeting not just the young, but older adults too.

Is your computer mouse eavesdropping on you?

Researchers have found a method they called Mic-E-Mouse, which turns your computer mouse into a spy that can listen in on your conversations.

“Can you test my game?” Fake itch.io pages spread hidden malware to gamers

One click, total mess. A convincing itch-style page can drop a stealthy stager instead of a game. Here’s how to spot it and what to do if you clicked.

Don’t connect your wallet: Best Wallet cryptocurrency scam is making the rounds

A text message tried to lure us to a fake Best Wallet site posing as an airdrop event to steal our crypto.

Troops and veterans’ personal information leaked in CPAP Medical data breach

The leak exposed the names, Social Security numbers, and health details of more than 90,000 military patients, troops, veterans, and their families.

Discord warns users after data stolen in third-party breach

The stolen data includes names, emails, limited billing information, and some government-ID images.

Phishers target 1Password users with convincing fake breach alert

Attackers are using realistic-looking 1Password emails to trick users into handing over their vault logins.

What’s there to save about social media? (Lock and Code S06E20)

This week on the Lock and Code podcast, we speak with Twitter's first employee, Rabble, about saving the best parts of social media today.

ISO 27001 for Non-IT Roles: A Beginner’s Guide

Think ISO 27001 is just for IT? Think again. A growing number of non-technical roles are being pulled into operational projects – from department heads who oversee processes that involve sensitive data to employees tasked with protecting the laptops, removeable devices and other technology they use to perform their job. The need for robust and effective information security across the entire organisation is more important than ever. With increasing regulatory pressure, tighter client requirements and growing cyber risks, understanding ISO 27001 is no longer optional for IT teams alone. Why non-IT staff are involved Traditionally, information security was seen as the domain

The post ISO 27001 for Non-IT Roles: A Beginner’s Guide appeared first on IT Governance Blog.

CRISC Salary & Career in the UK: What to Expect in 2025

As cyber security risks become a core boardroom concern, organisations are increasingly seeking professionals who can identify, assess and manage these concerns. One recognised way to demonstrate this expertise and advance your career is through CRISC (Certified in Risk and Information Systems Control) certification. With more than 30,000 CRISC holders worldwide, this credential has become a trusted, employer-recognised signal of IT risk competence – particularly valued across audit, information security and risk leadership roles. CRISC-certified professionals bridge the gap between technical controls and business strategy, ensuring that IT risk is managed in line with organisational objectives and regulatory expectations. CRISC salaries in

The post CRISC Salary & Career in the UK: What to Expect in 2025 appeared first on IT Governance Blog.

5 Practical Skills You’ll Gain from a GDPR Practitioner Course

Most GDPR (General Data Protection Regulation) compliance failures occur not because people don’t know the law but because they don’t know how to apply its requirements to their everyday working practices. The GDPR Practitioner course bridges that gap by turning legal theory into practical competence, giving learners the confidence to handle real-world data protection challenges – from DPIAs (data protection impact assessments) to data breach response management. Here are five hands-on skills you’ll master on our Practitioner course, plus how each one applies to day-to-day working life. 1. Conducting a DPIA from start to finish Scenario:Your organisation is rolling out

The post 5 Practical Skills You’ll Gain from a GDPR Practitioner Course appeared first on IT Governance Blog.

ISO 27001 Internal vs Lead Auditor Training Compared

Not sure whether to train as an ISO 27001 Internal Auditor or Lead Auditor? You’re not alone – it’s one of the most common questions we hear. This blog post explains what each course covers, who they suit, the core differences between them and how to decide which one is right for you. What the ISO 27001 Internal Auditor course covers The ISO 27001 Internal Auditor course teaches you how to plan and deliver in-house ISMS (information security management system) audits. You learn to test controls against ISO/IEC 27001:2022, record nonconformities and report findings that drive corrective action. It focuses

The post ISO 27001 Internal vs Lead Auditor Training Compared appeared first on IT Governance Blog.

Global Data Breaches and Cyber Attacks in September 2025: Nearly 2 Million Records Exposed and Potentially 1.5 Billion More

Summary Welcome to another monthly round-up of monthly cyber attack and data breach news. September 2025 saw 49 publicly reported cyber attacks and data breaches around the globe. In total, at least 1.98 million records were confirmed to have breached, while attacker claims – particularly those linked to the ongoing Salesforce/Salesloft Drift breach – suggest the true figure may exceed 1.5 billion. The month’s five largest incidents Salesforce/Salesloft Drift campaign (multiple organisations) Stellantis FinWise Bank/American First Finance Harrods Kido International (UK) Trends in September 2025 Key vulnerabilities exploited List of data breaches and cyber attacks disclosed in September 2025 Disclosure Date

The post Global Data Breaches and Cyber Attacks in September 2025: Nearly 2 Million Records Exposed and Potentially 1.5 Billion More appeared first on IT Governance Blog.

Is CISM Worth It? Salary, Career Value & Employer Demand in 2025

The information security sector continues to evolve rapidly, with organisations and individuals forced to frequently re-evaluate their understanding of security threats and how to manage them. One trusted way to ensure professionals are equipped to manage these threats is to look for the CISM (Certified Information Security Manager) qualification. It’s one of the most widely recognised and respected credentials in the field and has often been cited as a proven pathway to senior roles in information security. But does this qualification still hold its value today? Let’s take a look at how CISM stacks up in terms of career progression,

The post Is CISM Worth It? Salary, Career Value & Employer Demand in 2025 appeared first on IT Governance Blog.

5 common GDPR mistakes – and how training can fix them

Most GDPR (General Data Protection Regulation) breaches arise from everyday slip-ups, such as missing DSAR (data subject access request) deadlines, picking the wrong lawful basis for processing, failing to enforce retention periods, keeping inadequate records or misreporting incidents. However, fall short of your compliance obligations – for whatever reason – and you face complaints, investigations, reputational harm, legal action and regulatory enforcement, including fines of up to £17.5 million under the UK GDPR or €20 million under the EU GDPR, or 4% of your annual global turnover – whichever is greater. This blog post sets out five common GDPR compliance

The post 5 common GDPR mistakes – and how training can fix them appeared first on IT Governance Blog.

5 Reasons ISO 27001 Implementations Fail (and How to Avoid Them)

Most ISMS (information security management system) implementation projects don’t fail because of ISO 27001 itself but because of poor planning and execution. Achieving certification to the Standard requires more than policies and procedures: it demands leadership, integration and discipline across the business. Without them, projects stall, resources are wasted and certification is delayed or, worse, unattainable at all. This blog post discusses five of the most common pitfalls organisations face when implementing ISO 27001 – and explains how to avoid them. Pitfall 1 – Poor scoping One of the most frequent mistakes is failing to define the scope of the

The post 5 Reasons ISO 27001 Implementations Fail (and How to Avoid Them) appeared first on IT Governance Blog.

Our Experts’ Views on the Jaguar Land Rover Cyber Attack

JLR (Jaguar Land Rover) was forced to halt production across its three UK plants on 1 September 2025 following a major cyber attack that struck the night before. The disruption affected sites in Solihull, Wolverhampton and Halewood, stopping work for around 30,000 employees and leaving many of the 100,000 people in its supply chain without orders or pay, with some companies warning they were on the brink of collapse. Smaller suppliers in particular have struggled with cash flow, layoffs and workers placed on zero-hour contracts. A survey by the Coventry and Warwickshire Chamber of Commerce suggested one in six businesses

The post Our Experts’ Views on the Jaguar Land Rover Cyber Attack appeared first on IT Governance Blog.

A Guide to the EU GDPR’s Requirements for an EU Representative

This country’s post-Brexit data protection regime, the UK GDPR (General Data Protection Regulation), requires non-UK organisations that process UK residents’ personal data to appoint a representative in the UK. In the same way, the EU GDPR requires non-EEA organisations that process EU residents’ personal data to appoint a representative in the EU. This blog post explains who this requirement applies to – and what they need to do. Who does the EU GDPR apply to? When it took effect in 2018, the EU GDPR significantly reshaped European data protection law. One of the most notable changes it introduced is its

The post A Guide to the EU GDPR’s Requirements for an EU Representative appeared first on IT Governance Blog.

Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution

A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It delivered a new Maverick banker, which features code overlaps with Coyote malware.

Mysterious Elephant: a growing threat

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

Signal in the noise: what hashtags reveal about hacktivism in 2025

Kaspersky researchers identified over 2000 unique hashtags across 11,000 hacktivist posts on the surface web and the dark web to find out how hacktivist campaigns function and whom they target.

The king is dead, long live the king! Windows 10 EOL and Windows 11 forensic artifacts

With the end of Windows 10 support approaching, we discuss which forensic artifacts in Windows 11 may be of interest.

How we trained an ML model to detect DLL hijacking

An expert at the Kaspersky AI expertise center explains how the team developed a machine-learning model to identify DLL hijacking attacks.

Detecting DLL hijacking with machine learning: real-world cases

We will tell you how we integrated a DLL Hijacking detection model into the Kaspersky SIEM platform and how it helped us uncover several incidents in their early stages.

Forensic journey: hunting evil within AmCache

Kaspersky experts share insights into how AmCache may prove useful during incident investigation, and provide a command line tool to extract data from this artifact.

Massive npm infection: the Shai-Hulud worm and patient zero

We dissect a recent incident where npm packages with millions of downloads were infected by the Shai-Hulud worm. Kaspersky experts describe the starting point for the source of the infection.

Threat landscape for industrial automation systems in Q2 2025

Kaspersky industrial threat report contains statistics on various malicious objects detected and blocked on ICS computers by Kaspersky solutions in Q2 2025.

RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT

Kaspersky GReAT expert takes a closer look at the RevengeHotels threat actor's new campaign, including AI-generated scripts, targeted phishing, and VenomRAT.

About This Website

Cybersecurity News

How Attackers Bypass Synced Passkeys

Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

Moving Beyond Awareness: How Threat Hunting Builds Readiness

RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing

New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

What AI Reveals About Web Applications— and Why It Matters

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain

⚡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More

Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk

Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors

Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login

Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

The AI SOC Stack of 2026: What Sets Top-Tier Platforms Apart?

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability

CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw

From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More

SaaS Breaches Start with Tokens - What Security Teams Must Watch

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave

Step Into the Password Graveyard… If You Dare (and Join the Live Session)

LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem

Severe Framelink Figma MCP Vulnerability Lets Hackers Execute Code Remotely

No Time to Waste: Embedding AI to Cut Noise and Reduce Risk

OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks

BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers

Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them

New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks

New Report Links Research Firms BIETA and CIII to China’s MSS Cyber Operations

Patch Tuesday, October 2025 ‘End of 10’ Edition

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

ShinyHunters Wage Broad Corporate Extortion Spree

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

Self-Replicating Worm Hits 180+ Software Packages

Bulletproof Host Stark Industries Evades EU Sanctions

Microsoft Patch Tuesday, September 2025 Edition

18 Popular Code Packages Hacked, Rigged to Steal Crypto

GOP Cries Censorship Over Spam Filters That Work

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

Apple’s Bug Bounty Program

Upcoming Speaking Engagements

The Trump Administration’s Increased Use of Social Media Surveillance

Rewiring Democracy is Coming Soon

AI and the Future of American Politics

Friday Squid Blogging: Sperm Whale Eating a Giant Squid

Autonomous AI Hacking and the Future of Cybersecurity

Flok License Plate Surveillance

AI-Enabled Influence Operation Against Iran

AI in the 2026 Midterm Elections

Your Roku devices are getting a big, free upgrade - including AI Voice

How location-based voice notes on this Coros smartwatch transformed my trail runs

Apple's M5 MacBook Pro and iPad is coming soon - here's everything we know

How to restart your iPhone without using the power button: 5 ways

Windows 10's final update is a big one - with a record 173 bug fixes

Why Windows 11 requires a TPM - and how you can get around it

I found the easiest way to transfer files to and from my Linux PC - and it's so fast

Are high-end monitors worth it? I tested one for work and play and never looked back