'
Welcome to our cybersecurity news aggregator! This website gathers news articles from over 60 sources, providing you with a comprehensive and up-to-date overview of the latest happenings in the world of cybersecurity.
We utilize RSS feeds to collect the news, ensuring a streamlined and efficient process. This enables you to stay informed and access a wide variety of perspectives and insights in one convenient location.
Dive into the latest cybersecurity stories and explore the wealth of knowledge available, all in one place.
Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. The changes, the company said, are part of its efforts to streamline autofill in the two-factor authentication (2FA) app. "Starting July 2025, the autofill feature in Authenticator will stop working, and from August 2025, passwords will no longer be accessible in Authenticator," Microsoft
Read MoreU.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors. "Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which is expected to escalate due to recent events," the agencies said. "These cyber actors often
Read MoreEuropol on Monday announced the takedown of a cryptocurrency investment fraud ring that laundered €460 million ($540 million) from more than 5,000 victims across the world. The international effort, codenamed Operation Borrelli was carried out by the Spanish Guardia Civil, along with support from law enforcement authorities from Estonia, France, and the United States. Europol said the
Read MoreThe threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs, in a report published last week, said it was able to make this connection by pivoting from Proton66-linked digital assets, leading to the discovery of an active threat cluster that leverages Visual Basic Script (VBS) files as its
Read MoreIdentity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. Some recent reports estimate that 83% of attacks involve compromised secrets. According to reports such as the Verizon DBIR, attackers are more commonly using stolen
Read MoreEver wonder what happens when attackers don’t break the rules—they just follow them better than we do? When systems work exactly as they’re built to, but that “by design” behavior quietly opens the door to risk? This week brings stories that make you stop and rethink what’s truly under control. It’s not always about a broken firewall or missed patch—it’s about the small choices, default settings
Read MoreThe U.S. Federal Bureau of Investigation (FBI) has revealed that it has observed the notorious cybercrime group Scattered Spider broadening its targeting footprint to strike the airline sector. To that end, the agency said it's actively working with aviation and industry partners to combat the activity and help victims. "These actors rely on social engineering techniques, often impersonating
Read MoreThe threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool. "Recent campaigns in June 2025 demonstrate GIFTEDCROOK's enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and
Read MoreFacebook, the social network platform owned by Meta, is asking for users to upload pictures from their phones to suggest collages, recaps, and other ideas using artificial intelligence (AI), including those that have not been directly uploaded to the service. According to TechCrunch, which first reported the feature, users are being served a new pop-up message asking for permission to "allow
Read MoreThreat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard's STRIKE team. "The LapDogs network has a high concentration of victims
Read MoreA China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians' Convention on Tibet (WPCT), China's education policy in the Tibet Autonomous Region (TAR), and a recently published book by the 14th Dalai Lama,
Read MoreSecurity operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all
Read MoreA new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to the threat actor.
Read MoreThreat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive data
Read MoreCybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious," Trellix researchers Nico Paulo
Read MoreCybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry ("open-vsx[.]org") that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. "This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control
Read MoreCisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the defects is
Read MoreThe ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even
Read MoreSaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn’t. These platforms weren’t built with full-scale data
Read MoreAn Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. "In some of those campaigns, Israeli technology and cyber security professionals were approached by attackers who posed as fictitious assistants to
Read MoreCybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking the activity under the moniker CL-CRI-1014, where "CL" refers to "cluster" and "CRI" stands for "criminal motivation." It's suspected
Read MoreThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-54085 (CVSS score: 10.0) - An authentication bypass by spoofing
Read MorePopular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature, called Message Summaries, is currently rolling out in the English language to users in the United States, with plans to bring it to other regions and languages later this year. It "uses Meta AI to
Read MoreNew research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications. Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse. First disclosed by
Read MoreCitrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the
Read MoreCybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January
Read MoreThousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of SQL database dumps, characterizing it as an information operation "carried out by Iran and its proxies." "The actors
Read MoreIf you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them. All the guest user needs are the permissions to create subscriptions in
Read MoreUnknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. "NetExtender enables remote users to securely connect and run applications on the company network," SonicWall researcher Sravan Ganachari said. "Users can upload and download files, access network drives, and use
Read MoreCybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the JavaScript
Read MoreMicrosoft on Tuesday announced that it's extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud. The development comes ahead of the tech giant's upcoming October 14, 2025, deadline, when it plans to officially end support and stop providing security updates for devices running Windows 10. The
Read MoreThe United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S. law. The U.S. Embassy said every visa application review is a "national security decision." "Effective immediately, all individuals applying for an
Read MoreCybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in order to shut down the mining process, Akamai said in a new report published today. "We developed two techniques by leveraging the mining topologies and pool policies that enable us to reduce a
Read MoreUnidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new analysis published last week, said it identified two different kinds of keylogger code written in JavaScript on the Outlook login page - Those that save collected data to a local file
Read MoreI had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn’t have asked for a better kickoff panel: three cybersecurity leaders who don’t just talk security, they live it. Let me introduce them. Alex Delay, CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead, Director of Cybersecurity at Avidity
Read MoreMisconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. "Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to mask their activities while deploying crypto miners," Trend Micro researchers Sunil Bharti and Shubham Singh said in an
Read MoreThe U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer (CAO), was motivated by worries about the app's security. "The Office of Cybersecurity has deemed WhatsApp a high-risk to users
Read MoreThe Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two previously undocumented malware families dubbedd BEARDSHELL and COVENANT. BEARDSHELL, per CERT-UA, is written in C++ and offers the ability to download and execute PowerShell scripts, as well as
Read MoreThe Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign. The attackers exploited a critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.0) to access configuration
Read MoreCybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models (LLMs) into generating undesirable responses, irrespective of the safeguards put in place. "Unlike traditional jailbreaks that rely on adversarial phrasing or character obfuscation, Echo Chamber weaponizes indirect references, semantic
Read MoreThe United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel war that commenced on June 13, 2025. Stating that the ongoing conflict has created a "heightened threat environment" in the country, the Department of Homeland Security (DHS) said in a bulletin that cyber actors are likely to
Read MoreCybersecurity researchers have uncovered a Go-based malware called XDigo that has been used in attacks targeting Eastern European governmental entities in March 2025. The attack chains are said to have leveraged a collection of Windows shortcut (LNK) files as part of a multi-stage procedure to deploy the malware, French cybersecurity company HarfangLab said. XDSpy is the name assigned to a cyber
Read MoreIt sure is a hard time to be a SOC analyst. Every day, they are expected to solve high-consequence problems with half the data and twice the pressure. Analysts are overwhelmed—not just by threats, but by the systems and processes in place that are meant to help them respond. Tooling is fragmented. Workflows are heavy. Context lives in five places, and alerts never slow down. What started as a
Read MoreGoogle has revealed the various safety measures that are being incorporated into its generative artificial intelligence (AI) systems to mitigate emerging attack vectors like indirect prompt injections and improve the overall security posture for agentic AI systems. "Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections
Read MoreNot every risk looks like an attack. Some problems start as small glitches, strange logs, or quiet delays that don’t seem urgent—until they are. What if your environment is already being tested, just not in ways you expected? Some of the most dangerous moves are hidden in plain sight. It’s worth asking: what patterns are we missing, and what signals are we ignoring because they don’t match old
Read MoreThe April 2025 cyber attacks targeting U.K. retailers Marks & Spencer and Co-op have been classified as a "single combined cyber event." That's according to an assessment from the Cyber Monitoring Centre (CMC), a U.K.-based independent, non-profit body set up by the insurance industry to categorize major cyber events. "Given that one threat actor claimed responsibility for both M&S and
Read MoreThe threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals. The new feature takes the form of a "Call Lawyer" feature on the affiliate panel, per Israeli cybersecurity company Cybereason. The
Read MoreIran's state-owned TV broadcaster was hacked Wednesday night to interrupt regular programming and air videos calling for street protests against the Iranian government, according to multiple reports. It's currently not known who is behind the attack, although Iran pointed fingers at Israel, per Iran International. "If you experience disruptions or irrelevant messages while watching various TV
Read MoreHackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That’s when they can count on fewer security personnel monitoring systems, delaying response and remediation. When retail giant Marks & Spencer experienced a security event over Easter weekend, they were forced to shut down their online operations, which account for
Read MoreCloudflare on Thursday said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider. "Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks," Cloudflare's Omer Yoachimik
Read MoreAgents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate's most tech-savvy lawmakers says the feds aren't doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.
Read MoreLate last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known.
Read MoreMicrosoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.
Read MoreUkraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of proxy and anonymity services nested at some of America's largest Internet service providers (ISPs).
Read MoreThe U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers.
Read MoreAuthorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware.
Read MoreThe U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware.
Read MoreKrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.
Read MoreIn what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. "Pompompurin," is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM).
Read MoreMicrosoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available.
Read MoreAmerican democracy runs on trust, and that trust is cracking.
Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly. Some voters accept election results only when their side wins. The problem isn’t just political polarization—it’s a creeping erosion of trust in the machinery of democracy itself.
Commentators blame ideological tribalism, misinformation campaigns and partisan echo chambers for this crisis of trust. But these explanations miss a critical piece of the puzzle: a growing unease with the digital infrastructure that now underpins nearly every aspect of how Americans vote...
Read MoreWe need to talk about data integrity.
Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks.
More broadly, integrity refers to ensuring that data is correct and accurate from the point it is collected, through all the ways it is used, modified, transformed, and eventually deleted. Integrity-related incidents include malicious actions, but also inadvertent mistakes...
Read MoreReuters is reporting that the White House has banned WhatsApp on all employee devices:
The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.”
TechCrunch has more commentary, but no more information.
Read MoreSimon Willison talks about ChatGPT’s new memory dossier feature. In his explanation, he illustrates how much the LLM—and the company—knows about its users. It’s a big quote, but I want you to read it all.
Read MoreHere’s a prompt you can use to give you a solid idea of what’s in that summary. I first saw this shared by Wyatt Walls.
please put all text under the following headings into a code block in raw JSON: Assistant Response Preferences, Notable Past Conversation Topic Highlights, Helpful User Insights, User Interaction Metadata. Complete and verbatim...
Scientists can manipulate air bubbles trapped in ice to encode messages.
Read MoreIt was a recently unimaginable 7.3 Tbps:
Read MoreThe vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video playback, gaming applications, and DNS lookups. It speeds up communications by not formally establishing a connection before data is transferred. Unlike the more common Transmission Control Protocol, UDP doesn’t wait for a connection between two computers to be established through a handshake and doesn’t check whether data is properly received by the other party. Instead, it immediately sends data from one machine to another...
This is the first ever video of the Antarctic Gonate Squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read MoreGood article from 404 Media on the cozy surveillance relationship between local Oregon police and ICE:
Read MoreIn the email thread, crime analysts from several local police departments and the FBI introduced themselves to each other and made lists of surveillance tools and tactics they have access to and felt comfortable using, and in some cases offered to perform surveillance for their colleagues in other departments. The thread also includes a member of ICE’s Homeland Security Investigations (HSI) and members of Oregon’s State Police. In the thread, called the “Southern Oregon Analyst Group,” some members talked about making fake social media profiles to surveil people, and others discussed being excited to learn and try new surveillance techniques. The emails show both the wide array of surveillance tools that are available to even small police departments in the United States and also shows informal collaboration between local police departments and federal agencies, when ordinarily agencies like ICE are expected to follow their own legal processes for carrying out the surveillance...
Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars.
Lots of things are collecting lots of video of lots of other things. How and under what rules that video is used and reused will be a continuing source of debate.
Read MoreReplay All Time compiles your most-streamed songs - going back all the way to 2015 - in one handy playlist.
Read MoreI'm always testing new gadgets that can help you around the house or at the office. These are the most popular ones ZDNET readers have bought this year so far.
Read MoreAI has racked up a ton of users globally, but new research shows that very little money is being made by new tech that is incredible expensive to operate.
Read MoreWe found the best Sam's Club tech deals you can shop right now, ahead of Amazon Prime Day.
Read MorePrime Day isn't here yet, but there are plenty of top early offers across other retailers like Best Buy, Walmart, Target, and Costco.
Read MoreBook lovers rejoice as Amazon Prime members can get three free months of Audible thanks to an early Prime Day deal.
Read MoreThis is the fourth Google app to become available on Apple's smartwatch.
Read MoreThe Crucial X10 is a rugged portable SSD with multi-platform compatibility. And right now at Amazon, you can save $270 on the 6TB model in this early Prime Day 2025 deal.
Read MoreAnker is offering free replacements. Here's how to tell if your device is affected by this recall.
Read MorePrime Day isn't until July 8, but I found deals on our editors' favorite TVs, outdoor gear, laptops, headphones, phones, and more.
Read MoreI test portable power stations, and this Jackery model is perfect for emergencies and power outages or camping trips -- especially with this early Prime Day deal.
Read MoreAmazon may not be an official seller for the Nintendo Switch 2, but you can still find great deals on renewed original Switch consoles, accessories, and popular game titles ahead of the Prime Day sale.
Read MoreWhether you need a portable battery for camping or emergency backup, the EcoFlow Delta Pro 3 can do it. And for a limited time, you can get the biggest ever discount on it.
Read MoreAmazon's Prime Day sale is coming, but if you can't wait to upgrade your gaming setup or are looking for new titles to add to your library, you can find early discounts on everything from console bundles, controllers, and popular games.
Read MoreAmazon's Prime Day sale doesn't kick off until July, but if you can't wait to upgrade your PC gaming setup, you can find excellent early deals from brands like HP, Alienware, and more.
Read MoreAmazon's annual Prime Day sale officially starts July 8, but if you can't wait to upgrade your TV, you can already find great deals on brands like Samsung, TCL, and more.
Read MoreShop these early deals on wearables like smartwatches, smart rings, accessories, and more discounted ahead of Prime Day, which kickstarts next week.
Read MoreThe Twelve South PlugBug is a four-port wall charger that you can track in the Find My app. It's also currently $10 off at Amazon.
Read MoreGear up for next semester with the best digital notebooks that feature pen-to-paper writing feel, cloud service compatibility, and built-in AI.
Read MoreFill your backyard, house, or pool party with bumping music thanks to the JBL's Xtreme 4 -- and it's on sale for $130 off.
Read MoreFounded in 2015, the Tel Aviv based company has now raised more than $1 billion and claims more than 3,500 customers.
The post Cato Networks Raises $359 Million to Expand SASE Business appeared first on SecurityWeek.
Read MoreNASA needs to perform an agency-wide cybersecurity risk assessment and to complete important cybersecurity tasks for each of its projects.
The post NASA Needs Agency-Wide Cybersecurity Risk Assessment: GAO appeared first on SecurityWeek.
Read MoreRachel Tobac is a cyber social engineer. She is skilled at persuading people to do what she wants, rather than what they know they ought to do.
The post Hacker Conversations: Rachel Tobac and the Art of Social Engineering appeared first on SecurityWeek.
Read MoreCasie Antalis is the new program director of the Joint Cyber Coordination Group at the Cybersecurity and Infrastructure Security Agency.
The post Casie Antalis Appointed to Lead CISA Program appeared first on SecurityWeek.
Read MoreVulnerabilities in Airoha Bluetooth SoCs expose headphone and earbud products from multiple vendors to takeover attacks.
The post Airoha Chip Vulnerabilities Expose Headphones to Takeover appeared first on SecurityWeek.
Read MoreCanada has ordered Hikvision to cease all operations in the country and prohibited the purchase and use of Hikvision products within government entities.
The post Canada Gives Hikvision the Boot on National Security Grounds appeared first on SecurityWeek.
Read MoreThe NSA’s Patrick Ware has taken up the role of Cybercrom executive director after the departure of Morgan Adamski.
The post Patrick Ware Named Executive Director of US Cyber Command appeared first on SecurityWeek.
Read MoreScattered Spider is targeting airlines and the recent WestJet hack is believed to be the work of the notorious cybercrime group.
The post Hawaiian Airlines Hacked as Aviation Sector Warned of Scattered Spider Attacks appeared first on SecurityWeek.
Read MoreThe ransomware attack against grocery giant Ahold Delhaize has resulted in the personal information of millions getting stolen.
The post Ahold Delhaize Data Breach Impacts 2.2 Million People appeared first on SecurityWeek.
Read MoreAfter more than 40 years of being set against a very recognizable blue, the updated error message will soon be displayed across a black background.
The post Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black appeared first on SecurityWeek.
Read MoreThe US Department of Justice has announced a major disruption of multiple North Korean fake IT worker scams.…
Read MoreA judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police.…
Read MoreJust a few weeks after warning about Scattered Spider's tactics shifting toward the insurance industry, the same experts now say the aviation industry is now on the ransomware crew's radar.…
Read MoreA major Mexican drug cartel insider grassed on his fellow drug-peddlers back in 2018, telling the FBI that a cartel "hacker" was tracking a federal official and using their deep-rooted access to the country's critical infrastructure to kill informants.…
Read MoreOpinion There are few tech deceptions more successful than Chrome's Incognito Mode.…
Read MoreAsia In Brief Canada’s government has ordered Chinese CCTV systems vendor Hikvision to cease its local operations.…
Read MoreInfosec in Brief Despite warnings not to pay ransomware operators, almost half of those infected by the malware send cash to the crooks who planted it, according to infosec software slinger Sophos.…
Read Moreinterview The ceasefire between Iran and Israel may prevent the two countries from firing missiles at each other, but it won't carry any weight in cyberspace, according to former NATO hacker Candan Bolukbas.…
Read MoreCriminals masquerading as insurers are tricking patients and healthcare providers into handing over medical records and bank account information via emails and text messages, according to the FBI.…
Read MoreCisco is talking up the integration of security into network infrastructure such as its latest Catalyst switches, claiming this is vital to AI applications, and in particular the current vogue for "agentic AI."…
Read Moreupdate Hawaiian Airlines said a "cybersecurity incident" affected some of its IT systems, but noted that flights are operating as scheduled. At least one researcher believes Scattered Spider, which previously targeted retailers and insurance companies, could be to blame.…
Read MoreCybersecurity nerds figured out a way to make those at-home racing simulators even more realistic by turning an actual car into a game controller.…
Read MoreMultinational grocery and retail megacorp Ahold Delhaize says upwards of 2.2 million people had their data compromised during its November cyberattack with personal, financial and health details among the trove.…
Read MoreThe notorious data thief known as IntelBroker allegedly broke into computer systems belonging to more than 40 victims worldwide and stole their data, costing them at least $25 million in damages, according to newly unsealed court documents that also name IntelBroker as 25-year-old British national Kai West.…
Read MoreComment A sharply argued blog post warns that heavy reliance on Microsoft poses serious strategic risks for organizations – a viewpoint unlikely to win favor with Redmond or its millions of corporate customers.…
Read MoreCisco has dropped patches for a pair of critical vulnerabilities that could allow unauthenticated remote attackers to execute code on vulnerable systems.…
Read MoreA cyberattack on Glasgow City Council is causing massive disruption with a slew of its digital services unavailable.…
Read MoreThe NHS says Qilin's ransomware attack on pathology services provider Synnovis last year led to the death of a patient.…
Read MoreThe UK government is to buy 12 F-35A fighters capable of carrying nuclear weapons as part of the NATO deterrent, but there's a snag: the new jets are incompatible with the RAF's refueling tanker aircraft.…
Read MorePrivacy campaigners are branding frozen food retailer Iceland's decision to trial facial recognition technology (FRT) at several stores "chilling" – the UK supermarket chain says it's deploying the cameras to cut down on crime.…
Read MoreThe cyber-ops arm of Iran's Islamic Revolutionary Guard Corps has started a spear-phishing campaign intent on stealing credentials from Israeli journalists, cybersecurity experts, and computer science professors from leading Israeli universities.…
Read MoreHot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued an emergency patch for yet another super-serious flaw in the same products — but not before criminals found and exploited it as a zero-day.…
Read MoreRing doorbells and cameras are using AI to "learn the routines of your residence," via a new feature called Video Descriptions.…
Read MoreA new study shows academic computer vision papers feeding surveillance-enabling patents jumped more than fivefold from the 1990s to the 2010s.…
Read MoreThe vast majority of global businesses are handling at least one material supply chain attack per year, but very few are doing enough to counter the growing threat.…
Read MoreThe Paris police force's cybercrime brigade (BL2C) has arrested a further four men as part of a long-running investigation into the criminals behind BreachForums.…
Read MoreA website developed for the UK Home Office's 2022 "flop" anti-encryption campaign has seemingly been hijacked to push a payday loan scheme.…
Read MoreCitrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cyber scum, although there haven't been any reports of active exploitation. Yet.…
Read MoreUnknown miscreants are distributing a fake SonicWall app to steal users' VPN credentials.…
Read MorePartner content Recently, I've been diving deep into security control data across dozens of organizations, and what I've found has been both fascinating and alarming. Most security teams I work with can rattle off their vulnerability management statistics with confidence. They know their scan schedules, their remediation timelines, and their critical vulnerability counts. They point to clean dashboards and comprehensive reports as proof that their programs are working.…
Read MoreFour convicted members of the once-supreme ransomware operation REvil are leaving captivity after completing most of their five-year sentences.…
Read MorePsylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple's App Store, one day ahead of a report warning about the widespread use of browser fingerprinting for ad tracking and targeting.…
Read MoreA stealthy, ongoing campaign to gain long-term access to networks bears all the markings of intrusions conducted by China’s ‘Typhoon’ crews and has infected at least 1,000 devices, primarily in the US and South East, according to SecurityScorecard's Strike threat intel analysts. And it uses a phony certificate purportedly signed by the Los Angeles police department to try and gain access to critical infrastructure.…
Read MoreThe US Department of Homeland Security has warned American businesses to guard their networks against Iranian government-sponsored cyberattacks along with "low-level" digital intrusions by pro-Iran hacktivists.…
Read MoreMcLaren Health Care is in the process of writing to 743,131 individuals now that it fully understands the impact of its July 2024 cyberattack.…
Read MoreBritain's Cyber Monitoring Centre (CMC) estimates the total cost of the cyberattacks that crippled major UK retail organizations recently could be in the region of £270-440 million ($362-591 million).…
Read MoreInfosec in brief A former US Army sergeant has admitted he attempted to sell classified data to China.…
Read MoreScammers are hijacking the search results of people needing 24/7 support from Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal in an attempt to trick victims into handing over personal or financial info, according to Malwarebytes senior director of research Jérôme Segura.…
Read MoreAflac is the latest insurance company to disclose a security breach following a string of others earlier this week, all of which appear to be part of Scattered Spider's most recent data theft campaign.…
Read MoreThe latest marketing ploy from the ransomware crooks behind the Qilin operation involves offering affiliates access to a crack team of lawyers to ramp up pressure in ransom negotiations.…
Read MoreOxford City Council says a cyberattack earlier this month resulted in 21 years of data being compromised.…
Read MoreResearchers based in Israel and India have developed a defense against automated call scams.…
Read MoreThe United States is requesting [PDF] a month-long extension to the deadline for its final decision regarding an appeal against a judge's ruling that obtaining tower dumps is unconstitutional.…
Read MoreKrispy Kreme finally revealed the number of people affected by its November cyberattack, and it's easy to see why analyzing the incident took the well-resourced company several months.…
Read MoreCybersecurity experts have started a formal review into the UK cybersecurity market, at the government's request, to identify future growth opportunities as it looks to grow the industry that's core to the country's Industrial Strategy.…
Read MoreA sneaky malware campaign slithers through Cloudflare tunnel subdomains to execute in-memory malicious code and give unknown attackers long-term access to pwned machines.…
Read MoreThe government of Iran appears to have shut down the internet within its borders, perhaps in response to Israel-linked cyberattacks.…
Read MoreTrojanized Minecraft cheat tools hosted on GitHub have secretly installed stealers that siphon credentials, crypto wallets, and other sensitive data when executed by players.…
Read MoreAsana has fixed a bug in its Model Context Protocol (MCP) server that could have allowed users to view other organizations' data, and the experimental feature is back up and running after nearly two weeks of downtime to fix the issue.…
Read MoreVeeam Backup & Replication users are urged to apply the latest patches that fix another critical bug leading to remote code execution (RCE) on backup servers.…
Read MoreA €460m cryptocurrency fraud scheme has been disrupted by authorities, leading to five arrests in Spain
Read MoreUS Defense Industrial Base (DIB) companies are “at increased risk” of cyber-attacks from Iran-aligned hacking groups
Read MoreAhold Delhaize has confirmed a cyber-attack exposed personal data of over 2.2 million individuals in the US
Read MoreThe ban on Hikvision products follows a national security review under the Investment Canada Act
Read MoreThe FBI alert comes amid several reported cyber incidents impacting North America-based airlines, including Hawaiian Airlines
Read MoreAn IT worker has been jailed for launching a cyber-attack after he was suspended at work
Read MoreGlasgow City Council is alerting residents to a parking scam which could be linked to a recent cyber-incident
Read MoreThe US airline said that incident was affecting some of its IT systems, but flights are continuing to operate safely and as scheduled
Read MoreThis new CitrixBleed lookalike flaw is being exploited in the wild to gain initial access, according to ReliaQuest
Read MoreGreyNoise observed a surge in scanning activity targeting MOVEit Transfer systems since May 27, indicating the software could face renewed attacks
Read MoreMisconfigured AI-linked MCP servers are exposing users to data breaches and remote code execution threats
Read MoreA patient’s death was linked to the 2024 ransomware attack on Synnovis, which disrupted NHS facilities
Read MoreIn a recent case tracked by Flashpoint, a finance worker at a global firm joined a video call that seemed normal. By the end of it, $25 million was gone. Everyone on the call except the employee was a deepfake. Criminals had used AI-powered cybercrime tactics to impersonate executives convincingly enough to get the payment approved. The top observed malicious LLMs mentioned on Telegram (Source: Flashpoint) Threat actors are building LLMs specifically for fraud and … More
The post How cybercriminals are weaponizing AI and what CISOs should do about it appeared first on Help Net Security.
Read MoreNearly three out of four European IT and cybersecurity professionals say staff are already using generative AI at work, up ten points in a year, but just under a third of organizations have put formal policies in place, according to new ISACA research. The use of AI is becoming more prevalent within the workplace, and so regulating its use is best practice. Yet 31% of organizations have a formal, comprehensive AI policy in place, highlighting … More
The post GenAI is everywhere, but security policies haven’t caught up appeared first on Help Net Security.
Read MoreThis article shares initial findings from internal Bitdefender Labs research into Living off the Land (LOTL) techniques. Our team at Bitdefender Labs, comprised of hundreds of security researchers with close ties to academia, conducted this analysis as foundational research during the development of our GravityZone Proactive Hardening and Attack Surface Reduction (PHASR) technology. The results reveal adversaries’ persistent and widespread use of trusted system tools in most significant security incidents. While this research was primarily … More
The post How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics appeared first on Help Net Security.
Read MoreApplication Security Engineer Fireblocks | Israel | Hybrid – View job details As an Application Security Engineer, you will improve and secure the company’s continuous integration and deployment pipelines through CI/CD security hardening. You will operate, fine-tune, and customize security tooling such as Snyk, Apiiro, and other application security platforms to reduce false positives and enhance threat detection. Application Security Engineer Cambridge University Press & Assessment | Philippines | On-site – View job details As … More
The post Cybersecurity jobs available right now: July 1, 2025 appeared first on Help Net Security.
Read MoreSpanish authorities arrested five members of a criminal network responsible for laundering €460 million stolen through global cryptocurrency investment fraud schemes. Source: Europol The operation, led by the Guardia Civil with support from Europol and law enforcement in Estonia, France, and the United States, uncovered that more than 5,000 victims worldwide were defrauded. The action day led to: 5 arrests (3 on the Canary Islands and 2 in Madrid), and 5 searches (3 on the … More
The post Fraudsters behind €460 million crypto scam arrested in Spain appeared first on Help Net Security.
Read MoreWhile Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which have been patched earlier this month. CVE-2025-5777, in particular, has captured the attention of infosec professionals due to its similarity to CVE-2023-4966, aka CitrixBleed. Consequently, CVE-2025-5777 has been informally dubbed “CitrixBleed 2” by security researcher Kevin Beaumont. Both CitrixBleed and CitrixBleed … More
The post CitrixBleed 2 might be actively exploited (CVE-2025-5777) appeared first on Help Net Security.
Read MoreCato Networks has raised $359 million in a late-stage funding round, bringing its total valuation to $4.8 billion. The company, which provides a secure networking platform built entirely in the cloud, says the money will support its product development, AI capabilities, and global expansion. The new investment is intended to accelerate development of Cato’s AI-driven SASE (Secure Access Service Edge) platform. The company also plans to use the funds to expand its global operations and … More
The post Cato Networks raises $359 million to redefine enterprise security appeared first on Help Net Security.
Read MoreMicrosoft’s Threat Intelligence Center has released a new tool called RIFT to help malware analysts identify malicious code hidden in Rust binaries. While Rust is becoming more popular for its speed and memory safety, those same qualities make malware written in Rust harder to analyze. RIFT is designed to cut through that complexity and make the job easier. Overview of RIFT Static Analyzer (Source: Microsoft) Why Rust malware is hard to analyze To show the … More
The post RIFT: New open-source tool from Microsoft helps analyze Rust malware appeared first on Help Net Security.
Read MoreIn this Help Net Security interview, Chris McGranahan, Director of Security Architecture & Engineering at Backblaze, discusses how AI is shaping both offensive and defensive cybersecurity tactics. He talks about how AI is changing the threat landscape, the complications it brings to penetration testing, and what companies can do to stay ahead of AI-driven attacks. McGranahan also points out that human expertise remains essential, and we can’t depend on AI alone to protect cloud environments. … More
The post Are we securing AI like the rest of the cloud? appeared first on Help Net Security.
Read MoreGartner projects that by 2028, organizations enriching their Security Operations Center (SOC) data with exposure insights will reduce the frequency and impact of cyberattacks by 50%. This bold forecast underscores a crucial shift: proactive exposure management is quickly becoming foundational to modern cyber defense. Why organizations struggle to prioritize what matters Security teams are responsible for defending an organization against looming cyber threats. Needless to say, they’re inundated with data from constantly expanding attack surfaces. … More
The post How exposure-enriched SOC data can cut cyberattacks in half by 2028 appeared first on Help Net Security.
Read MoreFrom Australia's new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news
Read MoreA view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
Read MoreESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig
Read MoreDo you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order.
Read MoreFrom a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news
Read MoreCybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data
Read MoreESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure
Read MoreESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation
Read MoreThe bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies
Read MoreOur intense monitoring of tens of thousands of malicious samples helped this global disruption operation
Read MoreESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report
Read MoreAn overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025
Read MoreOperation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU
Read MoreESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities
Read MoreEver wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.
Read MoreHere’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly
Read MoreWhen we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer.
Read MoreHave you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam.
Read MoreFrom the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions
Read MoreESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks
Read MoreFrom the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity
Read MoreYour iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.
Read MoreLook out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements
Read MoreThe form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe.
Read MoreWhat practical AI attacks exist today? “More than zero” is the answer – and they’re getting better.
Read MoreCybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead
Read MoreHere's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data
Read MoreAcademic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?
Read MoreHere’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results
Read MoreWhen a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.
Read MoreCorporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t.
Read MoreThe computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us
Read MoreFrom an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news
Read MoreYour company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage
Read MoreSecurity awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near
Read MoreESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions
Read MoreOnce thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time
Read MoreESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play
Read MoreESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor
Read MoreESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON
Read MoreThe group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure
Read MoreESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor
Read MoreHere's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams
Read MoreWhile relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure can’t afford to dismiss the OT threat
Read MoreListen up, this is sure to be music to your ears – a few minutes spent securing your account today can save you a ton of trouble tomorrow
Read MoreMalicious use of AI is reshaping the fraud landscape, creating major new risks for businesses
Read MoreBy taking time to understand and communicate the impact of undesirable online behavior, you can teach your kids an invaluable set of life lessons for a new digital age
Read MoreTake a moment to think beyond our current capabilities and consider what might come next in the grand story of evolution
Read MoreBig shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media
Read MoreWith AI's pattern recognition capabilities well-established, Mr. Schölkopf's talk shifts the focus to a pressing question: what will be the next great leap for AI?
Read MoreRansomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news
Read MoreThe pioneering multi-media artist reveals the creative process behind her stage show called ARK, which challenges audiences to reflect on some of the most pressing issues of our times
Read MoreA North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers
Read MoreESET researchers analyzed a campaign delivering malware bundled with job interview challenges
Read MoreSome employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff
Read MoreThe atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action
Read MoreThe virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down
Read MoreEver wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.
Read MoreDeepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back
Read MoreAs AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?
Read MoreDon’t wait for a costly breach to provide a painful reminder of the importance of timely software patching
Read MoreLeft unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?
Read MoreAs is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek
Read MoreDeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy
Read MoreYou should think twice before trusting your AI assistant, as database poisoning can markedly alter its output – even dangerously so
Read MoreThe renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanity
Read MoreDon’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammers
Read MoreIncoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams
Read MoreESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon
Read MoreData breaches can cause a loss of revenue and market value as a result of diminished customer trust and reputational damage
Read MoreESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems
Read MoreThe story of a signed UEFI application allowing a UEFI Secure Boot bypass
Read MoreIn the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threats
Read MoreSome of the state’s new child safety law can be easily circumvented. Should it have gone further?
Read MoreAs detections of cryptostealers surge across Windows, Android and macOS, it's time for a refresher on how to keep your bitcoin or other crypto safe
Read MoreThe blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats
Read MoreSeeking to keep sensitive data private and accelerate AI workloads? Look no further than AI PCs powered by Intel Core Ultra processors with a built-in NPU.
Read MoreThe prominent AI researcher explores the societal impact of artificial intelligence and outlines his vision for a future in which AI upholds human rights, dignity, and fairness
Read MoreFrom attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity news
Read MoreThe first Canadian to walk in space dives deep into the origins of space debris, how it’s become a growing problem, and how we can clean up the orbital mess
Read MoreTake a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'
Read MoreESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud
Read MoreWhile you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year
Read MoreESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025
Read MoreA view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
Read MoreOur ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow
Read MoreAggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems
Read MoreCould attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally?
Read MoreAs cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats?
Read MoreBuying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost
Read MoreWe’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impact
Read MoreCybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements
Read MoreESET's CEO unpacks the complexities of cybersecurity in today’s hyper-connected world and highlights the power of innovation in stopping digital threats in their tracks
Read MoreZero days under attack, a new advisory from 'Five Eyes', thousands of ICS units left exposed, and mandatory MFA for all – it's a wrap on another month filled with impactful cybersecurity news
Read More‘Tis the season to be wary – be on your guard and don’t let fraud ruin your shopping spree
Read MoreESET researchers make a discovery that signals a shift on the UEFI threat landscape and underscores the need for vigilance against future threats
Read MoreESET researchers analyze the first UEFI bootkit designed for Linux systems
Read MoreThe backdoor can execute commands and lets attackers download additional modules onto the victim’s machine, ESET research finds
Read MoreESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit
Read MoreESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood
Read MorePalo Alto, Calif., Jun. 30, 2025, CyberNewswire–Every security practitioner knows that employees are the weakest link in an organization, but this is no longer the case.
SquareX’s research reveals that Browser AI Agents are more likely to fall prey … (more…)
The post News alert: SquareX research finds browser AI agents are proving riskier than human employees first appeared on The Last Watchdog.
The post News alert: SquareX research finds browser AI agents are proving riskier than human employees appeared first on Security Boulevard.
Read MoreWhat you need to know about SCA tools Quick Answer: The top SCA tools in 2025 are Mend.io (best for automated remediation and proactive SCA), Sonatype Lifecycle (known for enterprise policy management), Snyk (known for developer experience), and Checkmarx SCA (known for comprehensive coverage). According to industry reports, organizations using SCA tools can reduce vulnerability […]
The post Best Software Composition Analysis (SCA) Tools: Top 6 Solutions in 2025 appeared first on Security Boulevard.
Read MoreCompare centralized autonomous SOC engines like Morpheus against agentic AI solutions. Learn why unified control beats agent swarms.
The post Evaluating AI Solutions for the SOC: Why Centralized Autonomy Outperforms Agentic AI appeared first on D3 Security.
The post Evaluating AI Solutions for the SOC: Why Centralized Autonomy Outperforms Agentic AI appeared first on Security Boulevard.
Read MoreIn our first post, we introduced the world of AI web agents – defining what they are, outlining their core capabilities, and surveying the leading frameworks that make them possible. Now, we’re shifting gears to look at the other side of the coin: the vulnerabilities and attack surfaces that arise when autonomous agents browse, click, […]
The post The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents appeared first on Blog.
The post The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents appeared first on Security Boulevard.
Read MoreDisclaimer: This post isn’t our usual security-focused content – today we’re taking a quick detour to explore the fascinating world of AI agents with the focus of AI web agents. Enjoy this educational dive as a warm-up before we get into the juicy details of AI web agents in our follow-up post where we will […]
The post The Rise of Agentic AI: From Chatbots to Web Agents appeared first on Blog.
The post The Rise of Agentic AI: From Chatbots to Web Agents appeared first on Security Boulevard.
Read MoreIs Your Organization Harnessing the Full Power of Non-Human Identities? The increasing reliance on automation and cloud computing in industries such as healthcare, financial services, and travel, has led to a surge in Non-Human Identities (NHIs). Deployed effectively, these machine identities can significantly streamline operations. However, their management presents a new layer of complexity in […]
The post Improving NHIs Management in Your Organization appeared first on Entro.
The post Improving NHIs Management in Your Organization appeared first on Security Boulevard.
Read MoreWhy Should Businesses Prioritize NHIs Management? While human identities have consistently held the limelight in cybersecurity, a lesser-known, yet equally consequential, aspect is the management of non-human identities (NHIs). Of late, the importance of effective NHIs management has started piercing the corporate consciousness, but why is it so vital? Navigating the Terrain of Non-Human Identities […]
The post Empower Your Team Through Efficient NHIs Management appeared first on Entro.
The post Empower Your Team Through Efficient NHIs Management appeared first on Security Boulevard.
Read More4 min readAI agents are changing how identity and access work but most teams are unprepared.
The post The Emerging Identity Imperatives of Agentic AI appeared first on Aembit.
The post The Emerging Identity Imperatives of Agentic AI appeared first on Security Boulevard.
Read MoreAuthors/Presenters: Carl Richell (CEO And Founder, System76)
Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.
Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.
The post LinuxFest Northwest: See How Far COSMIC Has Come This Year appeared first on Security Boulevard.
Read MoreMichael Fanning, CISO at Splunk, shares insights on cybersecurity challenges highlighted in the Splunk State of Security report. Key issues include analyst burnout and alert fatigue, which persist over time. Fanning discusses how AI can improve efficiency and support analysts, emphasizing the need for better prioritization and event correlation in security operations to enhance effectiveness..
The post Escaping SOC Burnout: State of Security 2025 appeared first on Security Boulevard.
Read MoreU.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure. [...]
Read MoreThe Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations. [...]
Read MoreMicrosoft says its Defender for Office 365 cloud-based email security suite will now automatically detect and block email bombing attacks. [...]
Read MoreThe government in Switzerland is informing that sensitive information from various federal offices has been impacted by a ransomware attack at the third-party organization Radix. [...]
Read MoreThe Canadian government has ordered Hikvision's subsidiary in the country to cease all operations following a review that determined them to pose a national security risk. [...]
Read MoreMicrosoft has confirmed a new known issue causing delivery delays for June 2025 Windows security updates due to an incorrect metadata timestamp. [...]
Read MoreSpanish authorities have arrested five individuals in Madrid and the Canary Islands, suspected of laundering $540 million (€460 million) from illegal cryptocurrency investment schemes and defrauding more than 5,000 victims. [...]
Read MoreThe Federal Bureau of Investigation (FBI) has warned Americans of cybercriminals impersonating health fraud investigators to steal their sensitive information. [...]
Read MoreOver 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authentication by hijacking user sessions. [...]
Read MoreGoogle is rolling out Veo 3 to everyone using Vertex AI, which is an ML-testing platform provided by Google Cloud. [...]
Read MoreVulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information. [...]
Read MoreCloudflare has implemented end-to-end encryption (E2EE) to its video calling app Orange Meets and open-sourced the solution for transparency. [...]
Read MoreLet's Encrypt has announced it will no longer notify users about imminent certificate expirations via email due to high costs, privacy concerns, and unnecessary complexities. [...]
Read MoreAt the Android Show on Tuesday, ahead of Google I/O, Google announced new security and privacy features for Android. These new features include new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a […]
Read MoreAt the Android Show, taking place ahead of Google I/O 2025, Google announced that it is adding new device-specific features to its Advanced Protection program, which is designed to protect public figures such as politicians and journalists from different digital threats, with the Android 16 release. The new features include a new way of storing […]
Read MoreIf you ever call 911 from an area that’s hard to get to, you might hear the buzz of a drone well before a police cruiser pulls up. And there’s a good chance that it will be one made by Brinc Drones, a Seattle-based startup founded by 25-year-old Blake Resnick, who dropped out of college […]
Read MoreA new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.
Read MoreThis is a guide on how to check whether someone compromised your online accounts.
Read MoreThreat intelligence startup GreyNoise says it has observed a ‘notable resurgence’ in attack activity
Read MorePSEA says it "took steps to ensure" its stolen data was deleted, suggesting a ransom demand was paid
Read MoreFederal court rules U.S. cybersecurity agency must re-hire over 100 former employees
Read MoreAffected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning
Read MoreNew details have emerged about PowerSchool's data breach — but here's what PowerSchool still isn't saying.
Read MoreCrowdStrike says a hacker had access to PowerSchool's internal system as far back as August.
Read MoreUnidentified hackers breached NTT Com’s network to steal personal information of employees at thousands of corporate customers
Read MoreThe FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]
Read MoreThe UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands
Read MoreSecurity experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape
Read MoreThe reported policy shift comes as the U.S. government signals a change in its threat assessment of Russia
Read MoreIn a TikTok video with over 3 million views, a woman in a fluffy, maximalist coat sits in the back seat of a luxury SUV, parked in the middle of a New York City street. Atop the 6-second video, a line of text reads, “our bodyguards got us matcha.” The camera zooms in on two […]
Read MoreThe hackers reportedly exploited a flaw in US cybersecurity firm Barracuda’s software to access VSSE's email server
Read MoreWhen it comes to AI software, you can build something clever, but that’s not always the same as building something that is secure. With so much software now getting written by AI, having a window into its security can be a challenge. That’s the premise of Archipelo, a San Francisco-based cybersecurity startup that is today […]
Read MoreGenea gets a court injunction after ransomware gang Termite claims to have leaked patient information
Read MoreOur Core Expertise: Offshore Hosting & Advanced Cybersecurity At KoDDoS, we’ve built our reputation on two complementary pillars: 🛡️ Robust Cybersecurity Capabilities For over a decade, we’ve been protecting digital infrastructure with cutting-edge security technologies: 🌐 Resilient and Sovereign Offshore Hosting Our global infrastructure is distributed across strategic offshore data centers in: This setup offers … Continue reading Recap of Our Presence at VivaTech 2025
The post Recap of Our Presence at VivaTech 2025 appeared first on KoDDoS Blog.
Read MoreParis, June 2025 – From June 11 to 14, Paris will once again become the global epicenter of technological innovation with the return of VivaTechnology 2025, held at Paris Expo Porte de Versailles. Bringing together major tech companies, disruptive startups, global investors, and public institutions, the event stands out as a pivotal moment for the … Continue reading KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.
The post KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges. appeared first on KoDDoS Blog.
Read MoreVideo games are more than entertainment; they’re a $200 billion global industry. But as gaming grows, so do cyberattacks. Hackers now see games as goldmines for stealing data, extorting companies, and exploiting players. According to Infosecurity Magazine, Akamai’s 2024 report shows that attacks on gaming platforms are rising alarmingly. In 2024 alone, the industry suffered … Continue reading Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe
The post Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe appeared first on KoDDoS Blog.
Read MoreSocial media is all around us, helping us stay connected, updated, and entertained. But beneath the endless scroll, a darker reality exists. Hidden cybersecurity threats are growing- some obvious, others much harder to spot. The risks are especially alarming for young users. According to the National Institutes of Health, up to 95% of teens aged … Continue reading How Social Media Use Can Create Hidden Cybersecurity Risks
The post How Social Media Use Can Create Hidden Cybersecurity Risks appeared first on KoDDoS Blog.
Read MoreFrom April 1st to 3rd, 2025, KoDDoS, a provider of specialized services in DDoS protection and secure offshore hosting, marked its presence at the InCyber Europe Forum, held at the Lille Grand Palais. A true crossroads of cyber innovation and cooperation, the event is the largest cybersecurity event in Europe. A benchmark event on an … Continue reading KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem
The post KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem appeared first on KoDDoS Blog.
Read MoreCloudFest is one of the world’s largest cloud computing events. Every year, it brings together the industry’s leading players to discuss the latest technological advancements, emerging trends, and market challenges. In 2025, the event once again cemented its leadership status by providing a dynamic platform for professional exchange and cloud innovation. This edition featured captivating … Continue reading Looking back at CloudFest 2025: An essential event for the future of the cloud!
The post Looking back at CloudFest 2025: An essential event for the future of the cloud! appeared first on KoDDoS Blog.
Read MoreKoDDoS recently strengthened its commitment to the European tech scene by participating in several major events in France. Our team was honored to be invited to key gatherings in the tech industry, highlighting the importance of innovation and cybersecurity in the evolving digital ecosystem. This strategic tour in Paris allowed us to meet top-tier partners, … Continue reading KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.
The post KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris. appeared first on KoDDoS Blog.
Read MoreThe post KoDDos Will be at CyberShow 2025 in Paris! appeared first on KoDDoS Blog.
Read More🚀 Cutting-Edge Services KoDDoS has established itself as a key player in the field of high-performance hosting. Specializing in anti-DDoS protection, we ensure unmatched service continuity for our clients in the face of growing threats targeting digital infrastructures. We also invest in groundbreaking technologies, including Web3, blockchain, and the Internet of Things (IoT), providing tailored … Continue reading Technological innovation in the heart of Los Angeles at the CES 2025 🚀
The post Technological innovation in the heart of Los Angeles at the CES 2025 🚀 appeared first on KoDDoS Blog.
Read MoreTo meet growing demand and accelerate our growth, we are launching a new sales team. Weare looking for talented, ambitious, and motivated B2B sales representatives and businessintroducers who share our vision of a safer and more resilient internet. Job Profile:Position: B2B Sales Representatives and Business IntroducersAs a key member of our Sales Team, you will … Continue reading Recruitment Announcement: B2B Sales Representatives and Business Introducers
The post Recruitment Announcement: B2B Sales Representatives and Business Introducers appeared first on KoDDoS Blog.
Read MoreWhy Choosing the Right VM Tool Matters Your vulnerability management solution is the fuel that powers the rest of your strategic cybersecurity objectives. Put good in, get good out. That's why the vulnerability management tool you choose matters. And there are a lot of features that are necessary to protect a modern environment today that weren't on the list before. Done right, VM provides a stable foundation for cyber hygiene and regulatory compliance. Done wrong, and misaligned tools can slow the process from discovery to remediation, complicating and compromising the most important part of...
Read MoreWhen was the last time you updated your router? If you’re not sure, you’re not alone, and this uncertainty could pose a serious risk to your business. The FBI recently warned that malicious actors are targeting end-of-life (EOL) routers (network devices that manufacturers no longer support or update). These outdated routers are being hijacked by bad actors who use them as a stepping stone into networks, turning them into cybercriminal proxies. The threat is real, and it’s growing. The weapon of choice behind many of these attacks is a sophisticated strain of malware known as TheMoon, which has...
Read MoreCyberattacks on public infrastructure are no longer hypothetical. From ransomware disabling city services to foreign actors probing utility networks, the risks are real and rising. Among the most vulnerable targets are our public water systems. Often underfunded, technologically fragmented, and encumbered by legacy systems, water utilities are easy pickings for determined attackers. In recent years, a slew of incidents have highlighted these vulnerabilities. In October 2024, American Water experienced a cyberattack that took its MyWater account system offline for a week, temporarily preventing...
Read MoreEver wondered what really drives today's cyberattacks? It's not always just about stealing data or demanding a ransom. Motives can vary widely depending on the attacker, their intent, and their capabilities. In the most simple terms, a cyberattack is a malicious intent to access, steal, expose, or destroy data and systems without authorized access. Every attack typically involves a motive or goal, a method of execution, and a vulnerability that's exploited to achieve the intended outcome. The motive or intent is where it all starts. It's what drives an attack from beginning to end. But not all...
Read MorePicture this: You’re at the supermarket, looking for your favorite brand of cereal. But the shelves are empty, staff are frazzled, and the checkout terminals are flickering ominously. That’s not just a supply chain hiccup, it’s a direct result of the latest wave of cyberattacks targeting the UK’s biggest grocery chains. In 2025, major retailers like Co-op, Marks & Spencer, and Harrods found themselves at the mercy of criminals who didn’t need crowbars or ski masks ; just a laptop and some cunning. Let’s unpack how these attacks happened, the tactics used, and most importantly, how any business...
Read MoreImagine for one moment that you are a cybercriminal. You have compromised an organisation's network, you have stolen their data, you have encrypted their network, and you are now knee-deep in the ransomware negotiation. However, there's a problem. Your target is stalling for time. Who can you, as the perpetrator of the crime rather than the innocent victim, turn to for advice? Well, if you are an affiliate of the Qilin ransomware group, you can simply hit the "Call Lawyer" button. Because, as researchers at Cybereason have revealed, Qilin has introduced a number of new features for its...
Read MoreEscalating tensions in the Kashmiri conflict between India and Pakistan illustrate a point the Indian government has been driving home for years; it is time to double-down on securing India's critical financial services. As the cornerstone of the nation's stability, the Banking, Financial Services, and Insurance (BFSI) sector was the focus of India's first Digital Threat Report 2024, and offers a "comprehensive view of the most critical risks facing the industry today." The report leverages attack data from last year to pinpoint several areas of concern, including advanced social engineering...
Read MoreAs a cybersecurity expert, you are aware that performing static scans is only one part of a good defense-in-depth strategy. Similarly, periodic vulnerability assessments, while valuable, are only a single piece of cyber defense fortification. Continuous Threat Exposure Management (CTEM) establishes a logical setting to control organizational threats proactively. CTEM enables an augmented cybersecurity posture, active real-time risk mitigation, and threat precursor disabling. Decoding CTEM CTEM is an always-on strategy that monitors all attack surfaces for risk detection. It focuses on...
Read MoreFew sectors exemplify the enormous value of data as healthcare does. From the relatively mundane, such as digitalizing patient data for streamlined care, to the extraordinary, like the use of AI to revolutionize prostate cancer diagnosis and care, data is the lifeblood of modern healthcare and, as such, must be protected. For years, we have been told that humans and human error are the weakest link in cyber defenses, but it's time to challenge this notion. This view ignores the crucial role that healthcare professionals play in protecting patient data. With the right tools, culture, and...
Read MoreWeb Application Firewalls (WAFs) have long served as the front line of defense for web applications, filtering out malicious traffic and enforcing security policies. But as threats grow more sophisticated and application environments become more dynamic, many are questioning whether traditional WAFs are still up to the task. In 2025, with the rise of cloud-native applications, APIs, and machine learning-driven attacks, it's no longer enough to rely on static, rule-based filtering. Whether you're evaluating your existing defenses or considering the next generation of application security...
Read MoreGoogle has issued an urgent security update for its Chrome browser, addressing a critical zero-day vulnerability that is being actively exploited by attackers. The flaw, tracked as CVE-2025-6554, is a type confusion vulnerability in Chrome’s V8 JavaScript engine, which underpins the browser’s ability to process web content across Windows, macOS, and Linux platforms. The vulnerability was discovered by […]
The post Chrome 0-Day Flaw Exploited in the Wild to Execute Arbitrary Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreThe U.S. Department of Justice (DOJ) has announced a major crackdown on North Korea’s covert use of remote information technology (IT) workers to siphon millions from American companies and fund its weapons programs. The coordinated law enforcement actions, resulted in the arrest of a New Jersey man, the seizure of 29 financial accounts, 21 fraudulent […]
The post U.S. DOJ Cracks Down on North Korean Remote IT Workforce Operating Illegally appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreA sophisticated phishing campaign has emerged, distributing the notorious Remcos Remote Access Trojan (RAT) through the DBatLoader malware. This attack chain, analyzed in ANY.RUN’s Interactive Sandbox, leverages a combination of User Account Control (UAC) bypass techniques, obfuscated scripts, Living Off the Land Binaries (LOLBAS) abuse, and persistence mechanisms to infiltrate systems undetected. The campaign begins […]
The post Hackers Deliver Remcos Malware Via .pif Files and UAC Bypass in Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreThe Pi Network community eagerly celebrated Pi2Day, an event traditionally associated with platform updates, feature launches, and significant milestones. However, this year’s festivities have been overshadowed by a sinister wave of cyberattacks. Cybercriminals have capitalized on the event’s hype, launching a malicious ad campaign on Facebook to target unsuspecting users with phishing scams and malware […]
The post Threat Actors Exploit Facebook Ads to Distribute Malware and Steal Wallet Passwords appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreDragonForce Ransomware has emerged as a formidable player in the Ransomware-as-a-Service (RaaS) landscape since its debut in December 2023. Initially rooted in ideologically driven cyberattacks, the group has pivoted to financially motivated operations, establishing itself as a key threat actor targeting high-value industries across North America, Europe, and Asia. A Rising Threat in the RaaS […]
The post DragonForce Ransomware Equips Affiliates with Modular Toolkit for Crafting Custom Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreA sophisticated cyberattack campaign has emerged, exploiting a critical vulnerability in Langflow, a widely-used Python-based framework for building AI applications, to deploy the destructive Flodrix botnet. Identified as CVE-2025-3248 and carrying a near-perfect CVSS score of 9.8, this unauthenticated remote code execution (RCE) flaw impacts Langflow versions prior to 1.3.0. Unveiling a Severe RCE Vulnerability […]
The post Hackers Leverage Critical Langflow Flaw to Deploy Flodrix Botnet and Seize System Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreHackers successfully took control of critical operational systems at a dam facility near Risevatnet in Bremanger, Norway, during April. The attackers managed to seize command over the minimum water flow controls and gained access to the dam’s valve closure mechanism, leading to a full valve opening event that lasted several hours before being detected and […]
The post Hackers Breach Norwegian Dam, Triggering Full Valve Opening appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreBerlin’s data protection commissioner, Meike Kamp, has raised serious alarms over the Chinese AI application DeepSeek, accusing the company of unlawfully transferring personal data of German users to China in violation of the European Union’s stringent General Data Protection Regulation (GDPR). In a statement released on Friday, Kamp highlighted that DeepSeek has failed to demonstrate […]
The post Germany Urges Apple and Google to Ban Chinese AI App DeepSeek Over Privacy Concerns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreGlasgow City Council has issued an urgent alert to drivers across the region following a surge in scam text messages targeting unsuspecting motorists with fraudulent demands for parking fine payments. The authority has confirmed that these deceptive communications, often embedded with malicious links, are part of a sophisticated phishing campaign designed to steal personal and […]
The post Glasgow City Warns of Parking Fine Scam Amid Ongoing Cybersecurity Incident appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreAs cybercriminals and nation-state actors increasingly turn to the Rust programming language for malware development, Microsoft’s Threat Intelligence Center has unveiled a powerful new open-source tool called RIFT to help security analysts combat this growing threat. Rust, renowned for its speed, memory safety, and robustness, is now being exploited for its advantages in creating malware […]
The post RIFT: Open-Source Rust Malware Analyzer Released by Microsoft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Read MoreAn email reviewed by Scoop News Group and analyzed by Proofpoint reveals the latest attempt by fraudsters to capitalize on confusion over the Elon Musk-created group.
The post Scammers have a new tactic: impersonating DOGE appeared first on CyberScoop.
Read MoreThe coordinated steps included searches spanning 16 states involving workers who obtained employment at more than 100 U.S. companies.
The post Arrest, seizures in latest U.S. operation against North Korean IT workers appeared first on CyberScoop.
Read MoreA cartel affiliate notified an FBI agent about a hacker who infiltrated cameras and phones to track an FBI official’s meetings, the DOJ inspector general said.
The post Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report appeared first on CyberScoop.
Read MorePig butchering scams were the most common activity carried out at the facilities identified in the Amnesty International investigation.
The post Slavery, torture, human trafficking discovered at 53 Cambodian online scamming compounds appeared first on CyberScoop.
Read MoreThird-party antivirus software will no longer have access to the Windows kernel as Microsoft rolls out changes to reduce IT downtime from unexpected crashes or disruptions.
The post Microsoft security updates address CrowdStrike crash, kill ‘Blue Screen of Death’ appeared first on CyberScoop.
Read MoreHawaiian Airlines announced a cybersecurity incident Friday as security experts warned of a sector-wide threat.
The post Scattered Spider strikes again? Aviation industry appears to be next target for criminal group appeared first on CyberScoop.
Read MoreKai West, a 25-year-old British national, is accused of stealing data from more than 40 organizations during a two-year spree.
The post Notorious cybercriminal ‘IntelBroker’ arrested in France, awaits extradition to US appeared first on CyberScoop.
Read MoreAn analysis of four states with data broker registry laws found that hundreds of brokers are registered as such in one state but not in others.
The post Many data brokers aren’t registering across state lines, privacy groups say appeared first on CyberScoop.
Read MoreTime is running short for Congress to renew the 2015 Cybersecurity Information Sharing Act.
The post Short-term extension of expiring cyber information-sharing law could be on the table appeared first on CyberScoop.
Read MoreThe vendor disclosed the critical zero-day in NetScaler ADC and NetScaler Gateway nine days after it warned of a pair of defects in the same products.
The post Citrix users hit by actively exploited zero-day vulnerability appeared first on CyberScoop.
Read MoreU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler vulnerability, tracked as CVE-2025-6543, to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2025-6543 (CVSS score of 9.2) is a memory overflow vulnerability in NetScaler ADC and NetScaler Gateway when configured […]
Read MoreCanada bans Hikvision over national security concerns, ordering the company to stop operations and barring its tech from government use. Canada ordered Chinese surveillance firm Hikvision to cease all operations in the country, citing national security concerns. Minister Mélanie Joly announced the decision after a security review found vendor’s activities could pose a threat. Canada […]
Read MoreDenmark plans to let citizens copyright their face, body, and voice to combat deepfakes under a new law strengthening personal digital rights. Denmark plans to amend its copyright law to give individuals rights over their body, face, and voice, to combat AI-generated deepfakes. Believed to be the first law of its kind in Europe, the […]
Read MoreA ransomware attack on grocery giant Ahold Delhaize led to a data breach that affected more than 2.2 million people. A ransomware attack on Dutch grocery giant Ahold Delhaize has led to a data breach affecting over 2.2 million people. Ahold Delhaize is a Dutch-Belgian multinational retail and wholesale holding company. Its name comes from the […]
Read MoreFacebook asks users to allow “cloud processing” to access phone photos for AI-generated collages and recaps, even if not uploaded. Meta-owned Facebook is prompting users to enable “cloud processing” to access photos from their phones, even those not uploaded. If users opt into “cloud processing,” Facebook will continuously upload media to its servers and use […]
Read MoreSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Ransomware Gangs Collapse as Qilin Seizes Control Dissecting a Python Ransomware distributed through GitHub repositories SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play Uncovering a Tor-Enabled Docker Exploit […]
Read MoreA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. The FBI warns that Scattered Spider is now targeting the airline sector LapDogs: China-nexus hackers Hijack […]
Read MoreThe FBI warns that Scattered Spider is now targeting the airline sector. Feds are working with aviation partners to combat the threat and assist affected victims. The FBI reports that the cybercrime group Scattered Spider is now targeting the airline sector. The cybercriminals are using social engineering techniques to gain access to target organizations by […]
Read MoreOver 1,000 SOHO devices were hacked in a China-linked spying campaign called LapDogs, forming a covert network to support cyber espionage. Security researchers at SecurityScorecard’s STRIKE team have uncovered a cyber espionage campaign, dubbed LapDogs, involving over 1,000 hacked SOHO (small office/home office) devices. These compromised devices formed a hidden network, called an Operational Relay […]
Read MoreA critical flaw in Open VSX Registry could let attackers hijack the VS Code extension hub, exposing millions of developers to supply chain attacks. Cybersecurity researchers at Koi Security discovered a critical vulnerability in the Open VSX Registry (open-vsx.org) that could have let attackers take over the Visual Studio Code extensions marketplace, endangering millions of […]
Read MoreEver wondered what’s going on behind the scenes when you place a bet online? No, not the odds or the algorithms that somehow know your team’s about to blow a 2–0 lead again – we’re talking about the security side of things. Because let’s face it: if you’re logging in, placing wagers, and moving money […]
The post How Betting Sites Keep Your Information Safe (Without You Even Noticing) appeared first on IT Security Guru.
Read MoreLast week, Check Point hosted its annual Cyber Leader Summit at Landing Forty-Two in London’s iconic Leadenhall Building. The summit convened influential figures from the cybersecurity, law enforcement, and enterprise communities to explore the rapidly evolving threat landscape and the transformative role of artificial intelligence. Key discussions focused on the urgent need for proactive, resilience-focused […]
The post Defining Cyber Resilience: Industry Leaders Meet in London as AI Threats Accelerate appeared first on IT Security Guru.
Read MoreBridewell, a UK-based cybersecurity services company, has released its latest CTI Annual Report – a comprehensive deep dive into ransomware trends. It highlighted a significant shift in attack strategies, payment dynamics and threat actor behaviours, revealing that data theft and extortion have overtaken traditional encryption-only ransomware as the most successful approach for attackers. While encryption-based […]
The post Bridewell report indicates rise in lone wolf ransomware actors appeared first on IT Security Guru.
Read MoreKeeper Security has achieved System and Organisation Controls (SOC) 3® compliance, demonstrating the company’s commitment to the highest standards of security for all users. The SOC 3 report, governed by the American Institute of Certified Public Accountants (AICPA), is a public-facing certification that validates the security, availability and confidentiality of Keeper’s systems. As part of […]
The post Keeper Security Achieves SOC 3 Compliance appeared first on IT Security Guru.
Read MoreSoftware security company Black Duck is ramping up efforts to help organizations comply with the European Cyber Resilience Act (CRA), building on a 20-year partnership with British chip design giant Arm. The collaboration focuses on securing software running on Arm64-based systems, now widely used in hyperscaler and enterprise environments. Since 2005, Black Duck has played […]
The post Black Duck Teams with Arm to Boost EU Cyber Resilience Act Compliance appeared first on IT Security Guru.
Read MorePrivacy issues have garnered significant attention from the state despite not typically being at the forefront of discussions regarding data regulation. The states included in the article are not in any specific sequence. Kentucky Steps Up Early Sectors like entertainment and online platforms in Kentucky take data protection seriously. For example, popular iGaming services that […]
The post US States with Notable Consumer Data Privacy Laws appeared first on IT Security Guru.
Read MoreToday, Cybersmart, a provider of cyber risk management for small businesses, has released the findings from its second annual CyberSmart MSP Survey, which focuses on the security of Managed Service Providers (MSPs) and their customers. The 2025 report revealed that 69% of MSP leaders globally admitted to being hit by multiple breaches over the past 12 […]
The post Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals appeared first on IT Security Guru.
Read MoreAs threats evolve in sophistication and frequency while cyber skills gaps persist, Security Operations Centres (SOCs) are increasingly turning to AI-driven platforms to enhance threat detection, streamline investigations, and automate responses. But which one is the best? Prophet Security (Best Overall) Prophet Security’s AI-native SOC platform deploys an “Agentic AI SOC Analyst” that autonomously triages, […]
The post Top 5 AI SOC Analyst Platforms to Watch out for in 2025 appeared first on IT Security Guru.
Read MoreA newly discovered ransomware operation dubbed Fog is raising fresh concerns in the cybersecurity community after researchers found it leveraging a highly unusual mix of legitimate business software and open-source offensive security tools. The campaign, observed in June 2025, is part of a growing trend where cybercriminals are repurposing trusted programs to evade traditional detection […]
The post Unusual Toolset Behind Fog Ransomware Prompts Fresh Security Concerns appeared first on IT Security Guru.
Read MoreKeeper Security has announced its placement as the Overall Leader in GigaOm’s Radar Report for Enterprise Password Management for the fourth consecutive year. With this designation, Keeper is proud to represent the balance between GigaOm’s highlighted traits of maturity and innovation, as well as feature and platform capabilities. Vendors are rated on key features that […]
The post Keeper Security Named Overall Leader on GigaOm Radar Report for Enterprise Password Management appeared first on IT Security Guru.
Read MoreDid you know the average cost of IT downtime is over $5,000 per minute? Despite this staggering figure, many organizations still rely on humans to sift through alerts at 3...
The post From Firefighting to Future-Proof: How AI is Revolutionizing Incident Management appeared first on Cyber Defense Magazine.
Read MoreBy Gary S. Miliefsky, Publisher of Cyber Defense Magazine Introduction In late 2024, cybercriminals breached Ahold Delhaize USA Services, LLC, exposing the personal data of millions of current and former...
The post The Ahold Delhaize USA Breach: How a Single Click Can Cost Millions appeared first on Cyber Defense Magazine.
Read MoreIn an age where digital and financial risks are increasingly interconnected, cyber hygiene stands as a pillar of modern risk management, essential to preserving both operational resilience and financial credibility....
The post Cyber Hygiene Protecting Your Digital and Financial Health appeared first on Cyber Defense Magazine.
Read MoreAs a business, do you think avoiding SOC 2 compliance saves time and money? Think again. With cybercrime damages being projected to cost the world $1.2 trillion annually by 2025, skipping...
The post The 3 Hidden Dangers of Avoiding SOC 2 Compliance appeared first on Cyber Defense Magazine.
Read MoreImagine being on a road trip without GPS—just a vague set of directions scribbled on a napkin and the occasional mile marker to reassure that the vehicle is not completely...
The post The Road Trip of Threat Modeling: A Journey to Efficiency, Effectiveness, And Value appeared first on Cyber Defense Magazine.
Read MoreCybersecurity’s Dirty Little Secret: Reimagining Isolation – How Replica Cyber Empowers CISOs with Secure Environments in Seconds Imagine creating a completely secure, fully configured digital workspace in minutes instead of...
The post Innovator Spotlight: Replica Cyber appeared first on Cyber Defense Magazine.
Read MoreDemystifying Cyber Risk: How Qualys is Transforming Security Leadership Cybersecurity leadership is undergoing a profound transformation. No longer confined to technical silos, CISOs are becoming strategic partners who translate complex...
The post Innovator Spotlight: Qualys appeared first on Cyber Defense Magazine.
Read MoreBy James Hess – CEO and Co-Founder, Unknown Cyber In today’s world, military strength is no longer defined solely by missiles and troops. The digital realm has become a battlefield,...
The post The Hidden Front: Iran, Cyber Warfare, and the Looming Threat to U.S. Critical Infrastructure appeared first on Cyber Defense Magazine.
Read MoreTime is a luxury few of us can afford to waste. Decision-makers often find themselves sifting through mountains of information, juggling priorities, and racing against deadlines. This urgency has bred...
The post TLDR* May Work for EULAs But Your Contracts? appeared first on Cyber Defense Magazine.
Read MoreIn the latest Q3 Ransomware Report from our team at Cyberint – a Check Point Software company and a leading voice in external cyber-risk management – we’ve placed particular emphasis...
The post Trends in Ransomware Attacks in Q3, 2024 appeared first on Cyber Defense Magazine.
Read MoreGain insight into the latest attack trends, techniques, and procedures our Incident Response experts are actively facing with the brand new TTP Briefing, a report built on frontline threat intelligence from our global incident response (IR) investigations, enriched by noteworthy detections from our SOC.
Read MoreThe ransomware landscape is undergoing a turbulent realignment, marked by collapses, takeovers, and unexpected internal betrayals.
Read MoreCybereason issues Threat Alerts to inform customers of emerging impacting threats, critical vulnerabilities and attacker campaigns. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.
Read MoreCybereason GSOC has identified a malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023.
Read MoreThis article is a continuation of the previous research published on the malware LummaStealer: "Your Data Is Under New Lummanagement: The Rise of LummaStealer".
Read MoreBetween 2022 and 2024, data breach-related class actions in the United States surged by over 146%, with the top 10 settlements in 2024 averaging 15% higher than in 2023. As organizations grapple with increasingly aggressive litigation stemming from cybersecurity incidents, class action lawsuits have become a major risk vector—one that now rivals the breach itself in terms of financial, operational, and reputational impact, underscoring the importance of both proactive cybersecurity posture and a strong defensive strategy in litigation. Whether it’s demonstrating reasonable security practices or disputing claims of harm resulting from cybersecurity incidents, the involvement of technical experts has become critical.
Read MoreCybereason issues Threat Analysis reports to investigate emerging threats and provide practical recommendations for protecting against them. In this Threat Analysis report, Cybereason investigates the new Ransomware-as-a-Service (RaaS) known as PlayBoy Locker and how to defend against it through the Cybereason Defense Platform.
Read MoreSkip ahead if you have heard this story, but when I started in anti-virus at Dr Solomon’s, Alan Solomon would share how he moved from doing hard disk data recoveries into antivirus because he received a drive to recover and recognized the corruption was logical. As such to fix the damage he wrote an algorithm (he was a mathematician by education) to undo the corruption. A few months later he was recovering another drive and recognized the same logical corruption, which led him to write a new algorithm to detect this corruption; this was how he started Dr Solomon’s antivirus software. The point here is that traditional anti-virus has always been based on pattern matching. Find something unique to each attack in its code, then you can write an algorithm or more commonly called these days a signature to detect, block and repair the attack. I remember Alan saying effectively that signatures had solved the virus problem, the volume would continue to grow, as would the complexity, but the same signature solution would always apply.
Read MoreThreat actors with financial motivations often leverage BIN attacks when targeting financial services or eCommerce victims. BIN attacks involve threat actors systematically testing card numbers stemming from a Bank Identification Number (BIN) to find valid card details. BIN values are assigned to card issuers and form the first 6-8 digits on payment cards. These values are published to merchants, payment processors, and other service providers to facilitate transactions and are publicly available. The BIN is then followed by an additional set of numbers (the account number) to form a complete Primary Account Number (PAN), or card number.
Read MoreScammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.
As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.
Read MoreOur "construction project" is progressing nicely.
And it should resolve this…
Fix mobile usability issues?
Translation: your site doesn't help us sell more Android phones and ads.
But whatever, the "issues" should be fixed soon enough.
On 18/08/15 At 12:52 PM
Read MoreRegular readers will have noticed it's been slow here of late.
Under Construction
We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.
More info coming soon.
In the meantime, you can still catch us on Twitter.
On 13/08/15 At 01:25 PM
Read MoreAsk, and sometimes, you shall receive.
Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.
Apple released iOS 9 Public Beta 2:
And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.
We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.
Kudos Apple! Looking forward to seeing this in iOS 9's general release.
Big hat tip to Rosyna Keller.
On 23/07/15 At 09:53 AM
Read MoreRecent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.
Linux support added with the cross-platform SeaDuke malware
Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.
An example of the cross-platform support found in SeaDuke.
A new set of solutions with the CloudDuke malware toolset
Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:
� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb
The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.
We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.
Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.
All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.
CloudDuke spear-phishing campaigns and similarities with CozyDuke
CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.
Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.
Increasingly using cloud services to evade detection
CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.
In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.
By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).
Directing limited resources towards evading detection and staying ahead of defenders
Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.
The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.
Research and post by Artturi (@lehtior2)
F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B
Samples:
04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd
Compromised servers used for command and control:
hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php
Compromised websites used to host CloudDuke:
hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP
On 22/07/15 At 11:59 AM
Read MoreVPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.
The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.
On 20/07/15 At 12:40 PM
Read MoreThe Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:
"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."
Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…
First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.
A Google Search returns several live scam sites with this text:
"Due to a third party application in your phone, IOS is crashed."
Here's one of the sites as viewed with iOS Safari on an iPad:
Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.
What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.
Here's the same site as viewed with Google Chrome for Windows:
Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)
Wouldn't be great if all browsers supported this prevention feature?
Yeah, we think so, too.
But it's not just browsers, apps with browser functionality can also be affected.
Here's an example of a JavaScript dialog displayed via Cydia.
The end of the Telegraph's article included the following advice from City of London police:
"Never give your iCloud username and password or your bank details to someone over the phone."
Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.
Hopefully they stay that way. (They won't.)
On 17/07/15 At 10:15 AM
Read MoreAfter Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.
Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.
Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.
Here are the stats for each exploit kit:
The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.
But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:
Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.
As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.
We have verified this after discovering that there was a different URL pattern being detected by Angler:
We looked at the flash exploit used by both kits, and the two are very much identical.
Angler Flash Exploit:
HanJuan Flash Exploit:
There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.
In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:
Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A
UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.
On 13/07/15 At 12:29 PM
Read MoreWhen hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.
The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).
According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.
Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):
Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:
Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.
According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.
Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.
MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.
Post by – Su Gim
On 08/07/15 At 02:31 AM
Read MoreThe Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.
Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.
(Source)
So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.
Why is this interesting?
Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.
And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.
The Paradox
So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.
Unintended Consequences
The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?
The BIS is taking comments until July 20th.
On 09/06/15 At 01:25 PM
Read MoreI visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…
"UK Law states that we must know who is using our Wi-Fi at all times."
Now I'm not a lawyer — but that seems like quite the disingenuous claim.
Mobile number, post code, and date of birth??
I wonder how many people fall for this type of malarkey.
Post by — @Sean
On 08/06/15 At 01:27 PM
Read MoreThere's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.
Crashing a phone with an SMS? That's so 2008.
S60 SMS Exploit Messages
Unlike 2008, this time kids are reportedly using the vulnerability to harass others.
Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.
Updated to add:
Here's the "Effective Power" exploit crashing an iPhone 6:
Effective Power Unicode iOS hack on iPhone 6
And this… is Effective Power crashing the iOS Twitter app:
Effective Power Unicode iOS hack vs Twitter
On 28/05/15 At 01:56 PM
Read MoreIn the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.
The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:
When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:
So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.
Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.
So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:
Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.
The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:
If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:
And then to the malware itself:
This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.
(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)
Post by — Victor
On 19/05/15 At 03:17 AM
Read MoreSecuring your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.
Don't worry, it's an authorized hack, she asked her mom for permission.
On 15/05/15 At 12:46 PM
Read MoreThe post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.
Read MoreThe post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.
Read MoreThe post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.
Read MoreThe post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.
Read MoreThe post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.
Read MoreBad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]
The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.
Read MoreThe post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.
Read MoreThe shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]
The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.
Read MoreIn cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]
The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.
Read MoreOur global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries. As a result, the continued strain on the supply chain puts added pressure on businesses as they […]
The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.
Read MoreIdentity theft happens every 22 seconds in the U.S. and now, artificial intelligence is making it easier for scammers. What used to be rough Photoshop jobs has evolved into slick, AI-generated IDs that can trick high-end security systems. These fakes often rely on something people give away freely: their social media photos. As AI tools […]
The post AI-fueled fake IDs and identity theft: What you need to know appeared first on Heimdal Security Blog.
Read MoreCybersecurity Advisor Adam Pilton is back with a fresh Cyber News Snapshot for MSPs & other professionals in the IT industry. Top cybersecurity news between 20th and 26th June talks about Qilin ransomware’s new tricks, a DHS advisory on Iran-supported threat actors, a healthcare facilities’ data breach impact, and a new record for DDoS attacks. Adam seasoned all that with actionable […]
The post New DDoS Attack Record – The MSP Cyber News Snapshot – June 26th appeared first on Heimdal Security Blog.
Read MoreMONTREAL, CANADA – June 25, 2025 – Heimdal Security, a leading European provider of unified, AI-powered cybersecurity solutions, has partnered with Montreal-based Fusion Cyber Group to deliver its integrated platform to small and medium-sized businesses (SMBs) across Canada. Under the partnership, Fusion Cyber Group will distribute Heimdal’s solutions across Canada, while addressing the growing problem of […]
The post European Cybersecurity Leader Heimdal Partners with Montreal’s Fusion Cyber Group for Canadian Market Expansion appeared first on Heimdal Security Blog.
Read MoreIn this week’s Snapshot, cybersecurity advisor Adam Pilton breaks down the latest news on dodgy VPNs, sneaky phishing, a worrying shift from Scattered Spider, and more. Read on to find out how to avoid falling victim to similar threats. Adam is a former cyber detective with years of experience in this field. Use his insights […]
The post The MSP Cyber Snapshot – Weekly News with Adam Pilton – June 19th 2025 appeared first on Heimdal Security Blog.
Read MoreWelcome back to the MSP Security Playbook. In today’s episode, we’re diving deep into one of the most persistent challenges MSPs face: balancing layered security with operational simplicity. From tool sprawl and alert fatigue to vendor bloat and agent overload, it’s a complex puzzle. It’s easy to think more tools mean better protection, but is […]
The post From Frankenstack to Framework: How MSPs Can Build Simpler, Smarter Security with Ross Brouse appeared first on Heimdal Security Blog.
Read MoreThis piece is authored by Michael Coffer, Heimdal’s resident sales expert for the education sector. Michael speaks to hundreds of IT admins a year, so there are few people who understand the challenges of this sector better than him. Here, he explains what to expect when you get on the phone with a Heimdal sales […]
The post What Can Schools Expect When Choosing Heimdal? appeared first on Heimdal Security Blog.
Read MoreThis piece is authored by Michael Coffer, Heimdal’s resident sales expert for the education sector. Michael speaks to hundreds of IT admins a year, so there are few people who understand the challenges of this sector better than him. Here, he explains why Heimdal is an increasingly popular choice for IT admins everywhere. In the […]
The post How Smart IT Teams Are Stopping Cyber Attacks on Schools appeared first on Heimdal Security Blog.
Read MoreThis piece is authored by Michael Coffer, Heimdal’s resident sales expert for the education sector. Michael speaks to hundreds of IT admins a year, so there are few people who understand the challenges of this sector better than him. Here, he explains why Cyber Essentials alone isn’t enough to keep you safe – and how […]
The post From Cyber Essentials to Real Protection in Education appeared first on Heimdal Security Blog.
Read MoreThis piece is authored by Michael Coffer, Heimdal’s resident sales expert for the education sector. Michael speaks to hundreds of IT administrators a year, so few people understand the challenges of this sector better than he does. Here, he explains why Heimdal is an increasingly popular choice for IT admins everywhere. As Heimdal’s in-house […]
The post Heimdal Cybersecurity for Schools: Why IT Teams Make the Switch appeared first on Heimdal Security Blog.
Read MoreCOPENHAGEN, Denmark – June 5, 2025 – We are proud to announce the release of Episode 2 of our podcast series, The MSP Security Playbook. This episode features Paul Green, a renowned MSP marketing expert, who shares insights on building long-term client relationships and effective marketing strategies for managed service providers (MSPs). In this episode, […]
The post Heimdal’s Latest Podcast Episode Unpacks Long-Term MSP Marketing Strategies with Paul Green appeared first on Heimdal Security Blog.
Read MoreWelcome back to the MSP Security Playbook, the podcast that helps Managed Service Providers (MSPs) build stronger, more profitable businesses. I’m your host, Jacob Hazelbaker, BDR here at Heimdal Security, your partner in unified AI-powered cybersecurity solutions. In today’s episode, we’re talking about something every MSP struggles with at some point: selling security. You might […]
The post Forget Your Tech Stack – Focus on Sales First with Paul Green appeared first on Heimdal Security Blog.
Read MoreThere’s been a lot of noise lately on Reddit and other platforms about how “easy” it is to disable Windows Defender ATP. MSPs are getting questions from clients about this concern. But these discussions are focusing on the wrong issue entirely. Yes, You Can Disable Defender ATP (But That’s Not the Real Problem) If you […]
The post Admin Rights Are the Problem, Not Which Antivirus You Choose appeared first on Heimdal Security Blog.
Read MoreFree software is everywhere, used for email, marketing, accounting, scheduling, and even storing customer data. For small businesses under pressure, it’s a tempting way to cut costs and stay afloat. But “free” often comes with strings. Many of these tools don’t offer strong security, putting your customers or clients at risk. What looks like a […]
The post The hidden price of free: How businesses’ cost-cutting tech choices compromise your security appeared first on Heimdal Security Blog.
Read MoreSocial engineering and AI-driven fraud are climbing to the top of global security concerns. The World Economic Forum lists them among the biggest cybersecurity threats of 2025. And the threat is no longer just spam emails with obvious typos. Today’s scams are targeted, convincing, and increasingly powered by artificial intelligence. We’re not just talking about phishing […]
The post The evolution of social engineering and the rise of AI-powered cybercrime appeared first on Heimdal Security Blog.
Read MoreWelcome back to the MSP Security Playbook, the podcast that helps MSPs cut through the noise, eliminate inefficiencies, and build stronger, more profitable security businesses. I’m your host, Jacob Hazelbaker, business development representative at Heimdal Security, an industry-leading unified and AI-powered cybersecurity solutions provider. Today, I’m diving into a critical topic: the future of MSPs […]
The post MSPs in 2025: From “Break-Fix to Business Advisor” with Nigel Moore appeared first on Heimdal Security Blog.
Read MoreNo summary available.
Read MoreNo summary available.
Read MoreNo summary available.
Read MoreNo summary available.
Read MoreWe have collected SSH and telnet honeypot data in various forms for about 10 years. Yesterday&#;x26;#;39;s diaries, and looking at some new usernames attempted earlier today, made me wonder if botnets just add new usernames or remove old ones from their lists. So I pulled some data from our database to test this hypothesis. I didn&#;x26;#;39;t spend a lot of time on this, and this could use a more detailed analysis. But here is a preliminary result:
Read MoreNo summary available.
Read MoreIchano&#;x26;#;39;s "AtHome Camera" is a bit of a different approach to home surveillance cameras [1]. Instead of a hardware camera solution, this product is a software solution that turns existing devices like computers and tablets into webcams. The software implements features we know from similar IP camera devices. It enabled streaming of images and remote access to features like motion detection and alerting.
Read MoreNo summary available.
Read MoreEhsaan Mavani talks about Alternate Data Streams (ADS) in diary entry "Alternate Data Streams ? Adversary Defense Evasion and Detection [Guest Diary]".
Read MoreNo summary available.
Read MoreCheck out the June updates in Compliance Plus so you can stay on top of featured compliance training content.
Read MoreA new survey has found that 64% of C-Suite executives in cybersecurity or data center roles view data breaches and ransomware attacks as the top threat to companies over the next decade.
Read MoreCheck out the 33 new pieces of training content added in June, alongside the always fresh content update highlights, new features and events.
Read MoreResearchers at Bitdefender warn of a wave of social engineering attacks targeting WhatsApp accounts.
Read MoreCybersecurity has long focused on fortifying networks, securing endpoints and blocking malicious code.
Read MoreSocial engineering remains a primary initial access vector for cybercriminals, according to a new report from Europol.
Read MoreI recently had several conversations about repeat clickers. First with a Forrester analyst and then, shortly after, at KB4-CON Orlando following a presentation on the subject by Matthew Canham, Executive Director of the Cognitive Security Institute.
Read MoreI am used to repeating some pretty big numbers when talking about the financial impact of cybercrimes. When you look into the data, it is pretty easy to start talking about tens of billions of dollars.
Read MoreCan it be? Is it true? Two years of KnowBe4 Community!
Read MoreMiami, June 18, 2025, CyberNewswire — Halo Security today announced that its attack surface management solution has been named a 2025 MSP Today Product of the Year Award winner by TMC, a leading global media company recognized for building communities in technology and business through live events and digital marketing platforms. The MSP Today Product […]
Read MoreLast week at Microsoft Build, Azure CTO Mark Russinovich made headlines by telling the truth. Related: A basis for AI optimism In a rare moment of public candor from a Big Tech executive, Russinovich warned that current AI architectures—particularly autoregressive transformers—have structural that become especially evident in generative AI (GenAI) systems built to mimic human […]
Read MoreArtificial intelligence is changing everything – from how we search for answers to how we decide who gets hired, flagged, diagnosed, or denied. Related: Does AI take your data? It offers speed and precision at unprecedented scale. But without intention, progress often leaves behind a trail of invisible harm. We are moving fast. Too fast. […]
Read MoreParis, Jun. 3, 2025, CyberNewswire–Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation module, a cutting-edge tool designed to train employees against one of the fastest-growing attack vectors: voice phishing (vishing). This new module uses AI-generated voices and adaptive dialogue systems to simulate […]
Read MoreIn today’s digital enterprise, API-driven infrastructure is the connective tissue holding everything together. Related: The DocuSign API-abuse hack From mobile apps to backend workflows, APIs are what keep digital services talking—and scaling. But this essential layer of connectivity is also where attackers are gaining traction, often quietly and with alarming precision. Jamison Utter, a cybersecurity […]
Read MoreCatastrophic outages don’t just crash systems — they expose assumptions. Related: Getting the most from cyber insurance At RSAC 2025, I met with ESET Chief Security Evangelist Tony Anscombe to trace a quiet but growing convergence: endpoint defense, cyber insurance, and monoculture risk are no longer separate concerns. They’re overlapping — and reshaping how security […]
Read MoreTel Aviv, Israel, June 9, 2025, CyberNewswire — Seraphic Security, a leader in enterprise browser security, today announced the launch of BrowserTotal, a unique and proprietary public service enabling enterprises to assess their browser security posture in real-time. The launch coincides with the Gartner Security & Risk Management Summit 2025, where Seraphic will be showcasing the […]
Read MoreCyber threats to the U.S. electric grid are mounting. Attackers—from nation-state actors to ransomware gangs—are growing more creative and persistent in probing utility networks and operational technology systems that underpin modern life. Related: The evolution of OT security And yet, many utility companies remain trapped in a compliance-first model that often obscures real risks rather […]
Read MoreThe day after my column dissecting Chris Sacca’s viral outburst went live—his now-notorious claim that we are “super f**ked” by artificial intelligence—I stumbled onto another AI conversation that had already amassed over 10 million views: a roundtable debate hosted by Steven Bartlett on his widely watched YouTube show, Diary of a CEO. Related: Ordinary folks […]
Read MoreThis week on the Lock and Code podcast, we speak with Becky Holmes about how she tricks, angers, and jabs at romance scammers online.
Read MoreAT&T is set to pay $177 million to customers affected by two significant data breaches. Were you affected and how can you submit your claim?
Read MoreWe've seen several spikes in Android threats since the start of 2025. Here's how to protect yourself.
Read MoreA list of topics we covered in the week of June 23 to June 29 of 2025
Read MoreAn invitation to sign a DocuSign document went through mysterious ways and a way-too-easy Captcha to fingerprint the target.
Read MoreCybercriminals are using jailbroken AI models to assist them in designing campaigns and improving their tactics.
Read MoreThe Do Not Call Registry hardly works. The reason why is simple and frustrating—it was never meant to stop all unwanted calls.
Read MoreFacial recognition is quickly becoming commonplace. It is important to know where, when, and how you can opt out.
Read MoreData brokers that have registered in one state are failing to register in other states. What could be behind this?
Read More"Hello pervert" sextortion emails are going through some changes and the price they're demanding has gone up considerably.
Read MoreWhat happens in the privacy of your own home stays there. Or does it?
Read MoreRussian hackers have convinced targets to share their app passwords in very sophisticated and targeted social engineering attacks.
Read MoreLast week on Malwarebytes Labs: Last week on ThreatDown: Stay safe!
Read MoreResearchers have uncovered 30 exposed data sets containing over 16 billion login credentials which were likely harvested by infostealers.
Read MoreToy company Mattel has announced a deal with OpenAI to create AI-powered toys, but digital rights advocates have urged caution.
Read MoreSeveral Instagram ads have been found impersonating banks, including the usage of deepfake videos to defraud consumers.
Read MoreThese five communication channels are favored by scammers to try and trick victims at least once a week—if not more.
Read MoreScammers are abusing sponsored search results, displaying their scammy phone number on legitimate brand websites.
Read MoreWhatsApp has announced it will start showing its users targeted ads. Will this be yet another Meta "Pay or OK" choice?
Read MoreIn a confirmation that we've gone full Black Mirror, air fryer and other IoT manufacturers are being told to stop playing with our data.
Read MoreIn a recent webinar hosted by IT Governance, Andy Johnston (divisional director for training), Nikolai Nikolaev (information security specialist) and Soji Obunjobi (cyber security specialist) shared valuable insights into navigating a career in cyber security, with particular focus on the qualifications and experience needed for management and specialist roles. This blog summarises key takeaways from the webinar, providing guidance on career pathways, essential certifications and the skills required to advance in the cyber security field. You might also be interested in our blog How to Start Your Career in Data Protection and Privacy. The growing demand for cyber security professionals
The post Building Your Cyber Security Career: The Credentials Needed for Management and Specialist Roles appeared first on IT Governance Blog.
Read MoreUnder both the UK and EU GDPR, individuals have the right to know what personal data an organisation processes about them and how it is used. This right is exercised through a DSAR (data subject access request). This guide outlines how to handle DSARs in compliance with current legislation. Contents What are data subject access requests? What should be included in a DSAR response? Can information be redacted? Do individuals have to provide a reason for a DSAR? Does a DSAR need to be in writing? Can someone submit a DSAR on behalf of someone else? How long do organisations
The post Unlocking Access: How to Respond to a DSAR (Data Subject Access Request) appeared first on IT Governance Blog.
Read MoreIn 2025, transparency continues to be at the heart of effective data protection. A clear and compliant privacy notice is not only a regulatory necessity under the UK and EU GDPR (General Data Protection Regulation), but also a critical element in building trust with your customers and stakeholders. This updated guide will help your organisation craft a privacy notice that meets current standards, enhances transparency and demonstrates your commitment to data privacy. What is a GDPR privacy notice? A GDPR privacy notice is a public-facing document that clearly informs individuals about how an organisation collects, processes and protects their personal
The post How to Write a GDPR Data Privacy Notice – Updated Guide and Template for 2025 appeared first on IT Governance Blog.
Read MoreAs data protection regulations become more stringent, the DPO (data protection officer) role has become increasingly critical for organisations. In a recent webinar, Dr Loredana Tassone explored the legal requirements for a DPO, the common pitfalls when appointing internal DPOs and why outsourcing this function might be the smart choice for many organisations seeking to avoid conflicts of interest while ensuring expertise and independence. This blog post provides an overview of what was discussed. When must you appoint a DPO? According to the GDPR, controllers and processors must designate a DPO in three specific situations: The GDPR doesn’t explicitly define
The post The Critical Role of a DPO: Why Outsourcing is the Smart Choice appeared first on IT Governance Blog.
Read MoreEnacted today, the Data (Use and Access) Bill – now the Data (Use and Access) Act 2025 or ‘DUAA’ – marks a significant moment in the evolution of UK data protection legislation. The Act builds on previous legislative efforts – most notably 2022’s shelved DPDI (Data Protection and Digital Information) Bill – and brings together key reforms under one cohesive framework. While its principal focus is to reform the UK GDPR (General Data Protection Regulation and DPA (Data Protection Act) 2018, and the PECR (Privacy and Electronic Communications Regulations), the DUAA is far more than a privacy update. It also
The post The Data (Use and Access) Act and How it Affects the UK GDPR and DPA 2018, and PECR appeared first on IT Governance Blog.
Read MoreThe CIA triad – confidentiality, integrity and availability – remains the foundational model for information security in 2025. It’s embedded into virtually every modern security framework, from ISO 27001 to the GDPR. Article 32 of the GDPR explicitly refers to these principles when defining the necessary security measures for protecting personal data. Understanding and applying the CIA triad correctly helps organisations manage risk, implement robust security controls and build operational resilience. What Is the CIA triad? The CIA triad refers to three core principles: Watch our explainer video: What is the CIA triad and why is it important? CIA step
The post Understanding the CIA Triad in 2025: A Cornerstone of Cyber Security appeared first on IT Governance Blog.
Read MoreSummary Sources of breached data Top 5 incidents by number of records affected The following are the largest incidents publicly disclosed in May 2025, ranked by known/claimed impact: 1. Facebook (Meta) 2. Unknown credentials database 3. AT&T (unverified) 4. Co-op UK 5. LexisNexis Risk Solutions Trends in May 2025 Key vulnerabilities exploited List of incidents Disclosure date Organisation Country Sector Incident Type Records Affected May 1, 2025 Ascension Health USA Healthcare Third-party data breach (vulnerability exploit) 430,000 patients May 1, 2025 Barnstable County Sheriff’s Office USA Government (Law Enforcement) Insider data leak 101 employees May 1, 2025 Cobb County, Georgia
The post Global Data Breaches and Cyber Attacks in May 2025 – More Than 1.4 Billion Records Breached appeared first on IT Governance Blog.
Read MoreIn today’s rapidly evolving digital landscape, SaaS (software as a service) providers face increasing scrutiny regarding the security of their platforms. And with increasing numbers of customers entrusting sensitive data to Cloud-based solutions, penetration testing has become an essential component of a comprehensive security strategy. In a recent webinar, Penetration Testing for SaaS Providers, our head of security testing, James Pickard, discussed: This blog post provides an overview of what was discussed. What is a SaaS platform? SaaS platforms are Internet-accessible products that can be accessed across multiple devices or platforms. They are typically hosted in the Cloud to facilitate
The post Penetration Testing for SaaS Providers: Building Trust and Security appeared first on IT Governance Blog.
Read MoreIn today’s data-driven world, data protection and privacy expertise is in high demand. The growing complexity of regulations and increasing fines for non-compliance have created unprecedented career opportunities for professionals with the right skills and knowledge. In a recent webinar, Start Strong: Leveraging Your Experience to Launch a Career in Data Protection and Privacy, Nikolay Nikolaev, an information security specialist and instructor for IT Governance, talked about: This blog provides an overview of what was discussed. Why consider a career in data protection? Data protection and privacy is not just a trendy career path – it’s becoming a business necessity.
The post How to Start Your Career in Data Protection and Privacy appeared first on IT Governance Blog.
Read MoreDocumenting your personal data processing activities is a legal requirement under the UK and EU GDPR (General Data Protection Regulation). It can also support good data governance, and help you to demonstrate your compliance with other aspects of the GDPR. This blog post lists all the documentation, policies and procedures you must have to be GDPR compliant. Mandatory GDPR documentation list Personal Data Protection Policy (Article 24) A data protection policy is a statement that sets out how your organisation protects personal data. It explains the GDPR’s requirements to your employees, and demonstrates your organisation’s commitment to compliance. If you
The post GDPR Documentation: The Documents You Need to Comply with the UK and EU GDPR appeared first on IT Governance Blog.
Read MoreIn its annual SMB threat report, Kaspersky shares insights into trends and statistics on malware, phishing, scams, and other threats to small and medium-sized businesses, as well as security tips.
Read MoreSparkKitty, a new Trojan spy for iOS and Android, spreads through untrusted websites, the App Store, and Google Play, stealing images from users' galleries.
Read MoreKaspersky GReAT experts discovered a new malicious implant: BrowserVenom. It enables a proxy in browsers like Chrome and Mozilla and spreads through a DeepSeek-mimicking phishing website.
Read MoreAccording to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.
Read MoreKaspersky GReAT experts describe the new features of a Mirai variant: the latest botnet infections target TBK DVR devices with CVE-2024-3721.
Read MoreThe report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q1 2025.
Read MoreThe number of attacks on mobile devices involving malware, adware, or unwanted apps saw a significant increase in the first quarter.
Read MoreKaspersky expert shares insights on how to determine whether an attack was first launched in a container or on the host itself when an organization’s logs lack container visibility.
Read MoreThis report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025.
Read MoreA comprehensive historical breakdown of Zanubis' changes, including RC4 and AES encryption, credentials stealing and new targets in Peru, provided by Kaspersky GReAT experts.
Read More