Cybersecurity News

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware. According to a new report from Bitdefender, the adversary is said to have enabled the Hyper-V role on selected victim systems to deploy a minimalistic, Alpine Linux-based virtual machine. "This hidden environment, with its lightweight

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach

SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. "The malicious activity – carried out by a state-sponsored threat actor - was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call," the company said in a

Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly

Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved obfuscation and evasion. "PROMPTFLUX is written in VB Script and interacts with Gemini's API to request specific VBScript obfuscation and

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data

Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal personal information from users' memories and chat histories without their knowledge. The seven vulnerabilities and attack techniques, according to Tenable, were found in OpenAI's GPT-4o and GPT-5 models. OpenAI has

Securing the Open Android Ecosystem with Samsung Knox

Raise your hand if you’ve heard the myth, “Android isn’t secure.” Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the security—after all, work data is critical. However, outdated concerns can hold your business back from unlocking its full potential. The truth is, with work happening everywhere, every device connected to your

Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions

A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. "UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the

U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud

The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud. "North Korean state-sponsored hackers steal and launder money to fund the regime's nuclear weapons program," said Under Secretary of

Why SOC Burnout Can Be Avoided: Practical Steps

Behind every alert is an analyst; tired eyes scanning dashboards, long nights spent on false positives, and the constant fear of missing something big. It’s no surprise that many SOCs face burnout before they face their next breach. But this doesn’t have to be the norm. The path out isn’t through working harder, but through working smarter, together. Here are three practical steps every SOC can

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to

A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces

The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. "Since its debut, the group's Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name – a recurring cycle reflecting platform moderation and the operators'

European Authorities Dismantle €600 Million Crypto Fraud Network in Global Sweep

Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million). According to a statement released by Eurojust today, the action took place between October 27 and 29 across Cyprus, Spain, and Germany, with the suspects arrested on charges of involvement in

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli's

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed

Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications," Check Point said in a report shared with The Hacker News. Following responsible disclosure in March

Ransomware Defense Using the Wazuh Open Source Platform

Ransomware is malicious software designed to block access to a computer system or encrypt data until a ransom is paid. This cyberattack is one of the most prevalent and damaging threats in the digital landscape, affecting individuals, businesses, and critical infrastructure worldwide. A ransomware attack typically begins when the malware infiltrates a system through various vectors such as

Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors

Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs obfs4 for

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser crash or memory corruption. The list of vulnerabilities is as follows - CVE-2025-43429 - A buffer overflow

U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks

Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka "Co-Conspirator 1") based in Florida, all U.S. nationals, are said to have used the ransomware strain against a medical

Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel

Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck. According to Secure Annex's John Tuckner, the extension in question, juan-bianco.solidity-vlang (version 0.0.7), was first published on October 31, 2025, as a completely benign library that was subsequently updated to version 0.0.8 on November 1 to

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according to Proofpoint, is said to be collaborating with organized crime groups to break into entities in the

⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More

Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted backups and secure areas were put to the test.

The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations

Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat intelligence needed to quickly verify which alerts are truly malicious. As a result, analysts spend excessive time manually triaging alerts, the

Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data

Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices. According to CYFIRMA, which analyzed three different samples of BankBot-YNRK, the malware incorporates features to sidestep analysis efforts by first checking its running within a virtualized or emulated environment

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a ZIP file ("250908_A_HK이노션

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create an

OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically

OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code. Called Aardvark, the artificial intelligence (AI) company said the autonomous agent is designed to help developers and security teams flag and fix security vulnerabilities at

Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack

A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack. Palo Alto Networks Unit 42 said it's tracking the cluster under the moniker CL-STA-1009, where "CL" stands for cluster and "STA" refers to state-backed motivation. "Airstalk misuses the AirWatch API for mobile device management (MDM), which is now

China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats

A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025. The activity targeted diplomatic organizations in Hungary, Belgium, Italy, and the Netherlands, as well as government agencies in Serbia, Arctic Wolf said in a

China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick. The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month, said that it

The MSP Cybersecurity Readiness Guide: Turning Security into Growth

MSPs are facing rising client expectations for strong cybersecurity and compliance outcomes, while threats grow more complex and regulatory demands evolve. Meanwhile, clients are increasingly seeking comprehensive protection without taking on the burden of managing security themselves. This shift represents a major growth opportunity. By delivering advanced cybersecurity and compliance

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. "By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security

Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery

Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both Microsoft's VS Code Marketplace and Open VSX

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain

A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do

A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway. On another Mac in the same office, file sharing is enabled through an old protocol called SMB version one. It’s fast and

Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month

Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services (RCS), an evolution of the SMS protocol, thereby preventing scams before they could even be sent. In

Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks

The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in C++ QT for

New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. "It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed," Pino said in a

The Death of the Security Checkbox: BAS Is the Power Behind Real Defense

Security doesn’t fail at the point of breach. It fails at the point of impact. That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It's about proof. When a new exploit drops, scanners scour the internet in minutes. Once attackers gain a foothold,

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s making headlines.

PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first

Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. "These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks," the Qualys Threat Research Unit (TRU) said in a report

New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts

Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attacks. In the attack devised by AI security company SPLX, a bad actor can set up websites that serve different content to browsers and AI crawlers run by ChatGPT and Perplexity. The technique has been

Discover Practical AI Tactics for GRC — Join the Free Expert Webinar

Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC). It's no longer a future concept—it's here, and it's already reshaping how teams operate. AI's capabilities are profound: it's speeding up audits, flagging critical risks faster, and drastically cutting down on time-consuming manual work. This leads to greater efficiency, higher accuracy, and a more

Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc

BeyondTrust’s annual cybersecurity predictions point to a year where old defenses will fail quietly, and new attack vectors will surge. Introduction The next major breach won’t be a phished password. It will be the result of a massive, unmanaged identity debt. This debt takes many forms: it’s the “ghost” identity from a 2015 breach lurking in your IAM, the privilege sprawl from thousands of new

Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics

Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks. The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government entity in the country for a week. The attacks

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems. "The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that harvests

Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack

Threat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and VulnCheck. The vulnerabilities are listed below - CVE-2025-6204 (CVSS score: 8.0) - A code injection vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to

New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves

A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from the trusted execution environment (TEE) in a computer's main processor, including Intel's Software Guard eXtensions (SGX) and Trust Domain Extensions (TDX) and AMD's Secure Encrypted Virtualization with Secure

New Android Trojan 'Herodotus' Outsmarts Anti-Fraud Systems by Typing Like a Human

Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct device takeover (DTO) attacks. "Herodotus is designed to perform device takeover while making first attempts to mimic human behaviour and bypass behaviour biometrics detection," ThreatFabric said in a report shared with

Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains

Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called BlueNoroff, which is also known as APT38,

Cloudflare Scrubs Aisuru Botnet from Top Domains List

For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare's public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says Aisuru's overlords are using the botnet to boost their malicious domain rankings, while simultaneously attacking the company's domain name system (DNS) service.

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody

A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned. Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of Donetsk, Ukraine, was previously referenced in U.S. federal charging documents only by his online handle "MrICQ." According to a 13-year-old indictment filed by prosecutors in Nebraska, MrICQ was a developer for a cybercrime group known as "Jabber Zeus."

Aisuru Botnet Shifts from DDoS to Residential Proxies

Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.

Canada Fines Cybercrime Friendly Cryptomus $176M

Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada's anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus's Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which were physically located there.

Email Bombs Exploit Lax Authentication in Zendesk

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.

Patch Tuesday, October 2025 ‘End of 10’ Edition

Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you're running a Windows 10 PC and you're unable or unwilling to migrate to Windows 11, read on for other options.

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second.

ShinyHunters Wage Broad Corporate Extortion Spree

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K. retailers, the London transit system, and healthcare providers in the United States.

Self-Replicating Worm Hits 180+ Software Packages

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

Scientists Need a Positive Vision for AI

For many in the research community, it’s gotten harder to be optimistic about the impacts of artificial intelligence.

As authoritarianism is rising around the world, AI-generated “slop” is overwhelming legitimate media, while AI-generated deepfakes are spreading misinformation and parroting extremist messages. AI is making warfare more precise and deadly amidst intransigent conflicts. AI companies are exploiting people in the global South who work as data labelers, and profiting from content creators worldwide by using their work without license or compensation. The industry is also affecting an already-roiling climate with its ...

Cybercriminals Targeting Payroll Sites

Microsoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people’s credentials, and then divert direct deposits into accounts that they control. Sometimes they do other things to make it harder for the victim to realize what is happening.

I feel like this kind of thing is happening everywhere, with everything. As we move more of our personal and professional lives online, we enable criminals to subvert the very systems we rely on.

AI Summarization Optimization

These days, the most important meeting attendee isn’t a person: It’s the AI notetaker.

This system assigns action items and determines the importance of what is said. If it becomes necessary to revisit the facts of the meeting, its summary is treated as impartial evidence.

But clever meeting attendees can manipulate this system’s record by speaking more to what the underlying AI weights for summarization and importance than to their colleagues. As a result, you can expect some meeting attendees to use language more likely to be captured in summaries, timing their interventions strategically, repeating key points, and employing formulaic phrasing that AI models are more likely to pick up on. Welcome to the world of AI summarization optimization (AISO)...

Friday Squid Blogging: Giant Squid at the Smithsonian

I can’t believe that I haven’t yet posted this picture of a giant squid at the Smithsonian.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

Will AI Strengthen or Undermine Democracy?

Listen to the Audio on NextBigIdeaClub.com

Below, co-authors Bruce Schneier and Nathan E. Sanders share five key insights from their new book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship.

What’s the big idea?

AI can be used both for and against the public interest within democracies. It is already being used in the governing of nations around the world, and there is no escaping its continued use in the future by leaders, policy makers, and legal enforcers. How we wire AI into democracy today will determine if it becomes a tool of oppression or empowerment...

The AI-Designed Bioweapon Arms Race

Interesting article about the arms race between AI systems that invent/design new biological pathogens, and AI systems that detect them before they’re created:

The team started with a basic test: use AI tools to design variants of the toxin ricin, then test them against the software that is used to screen DNA orders. The results of the test suggested there was a risk of dangerous protein variants slipping past existing screening software, so the situation was treated like the equivalent of a zero-day vulnerability.

[…]

Details of that original test are ...

Signal’s Post-Quantum Cryptographic Implementation

Signal has just rolled out its quantum-safe cryptographic implementation.

Ars Technica has a really good article with details:

Ultimately, the architects settled on a creative solution. Rather than bolt KEM onto the existing double ratchet, they allowed it to remain more or less the same as it had been. Then they used the new quantum-safe ratchet to implement a parallel secure messaging system.

Now, when the protocol encrypts a message, it sources encryption keys from both the classic Double Ratchet and the new ratchet. It then mixes the two keys together (using a cryptographic key derivation function) to get a new encryption key that has all of the security of the classical Double Ratchet but now has quantum security, too...

Social Engineering People’s Credit Card Details

Good Wall Street Journal article on criminal gangs that scam people out of their credit card information:

Your highway toll payment is now past due, one text warns. You have U.S. Postal Service fees to pay, another threatens. You owe the New York City Department of Finance for unpaid traffic violations.

The texts are ploys to get unsuspecting victims to fork over their credit-card details. The gangs behind the scams take advantage of this information to buy iPhones, gift cards, clothing and cosmetics.

Criminal organizations operating out of China, which investigators blame for the toll and postage messages, have used them to make more than $1 billion over the last three years, according to the Department of Homeland Security...

Louvre Jewel Heist

I assume I don’t have to explain last week’s Louvre jewel heist. I love a good caper, and have (like many others) eagerly followed the details. An electric ladder to a second-floor window, an angle grinder to get into the room and the display cases, security guards there more to protect patrons than valuables—seven minutes, in and out.

There were security lapses:

The Louvre, it turns out—at least certain nooks of the ancient former palace—is something like an anopticon: a place where no one is observed. The world now knows what the four thieves (two burglars and two accomplices) realized as recently as last week: The museum’s Apollo Gallery, which housed the stolen items, was monitored by a single outdoor camera angled away from its only exterior point of entry, a balcony. In other words, a free-roaming Roomba could have provided the world’s most famous museum with more information about the interior of this space. There is no surveillance footage of the break-in...

First Wap: A Surveillance Computer You’ve Never Heard Of

Mother Jones has a long article on surveillance arms manufacturers, their wares, and how they avoid export control laws:

Operating from their base in Jakarta, where permissive export laws have allowed their surveillance business to flourish, First Wap’s European founders and executives have quietly built a phone-tracking empire, with a footprint extending from the Vatican to the Middle East to Silicon Valley.

It calls its proprietary system Altamides, which it describes in promotional materials as “a unified platform to covertly locate the whereabouts of single or multiple suspects in real-time, to detect movement patterns, and to detect whether suspects are in close vicinity with each other.”...

This Windows PC could easily replace my Mac Mini when it comes to local AI performance

If you're looking to replace your aging Windows 10 PC, this tiny brute from Minix will give you all the power you need with room to spare.

Anxious about AI job cuts? How white-collar workers can protect themselves - starting now

Want to avoid being a victim in the great AI job transformation? Be a pathfinder instead. Here's how.

Own a Samsung phone? I changed these 7 settings to extend the battery life by hours

Your Samsung phone already has great battery life - but a few smart tweaks can make it last even longer.

My 4-step routine to make any Android phone operate like new again (and reliably)

A few quick taps and swipes is all it takes to make your old handset feel brand new.

My search for the ultimate Apple Watch band is over: This one nails form and function

The Nomad Stratos Band might just be my favorite Apple Watch band of all time. Here's why.

5 Samsung bloatware apps you should delete right now (and never miss)

Samsung phones come packed with apps - but some hurt performance. Here are five worth removing.

One critical feature makes these wireless earbuds worthy of your attention

If you need a pair of earbuds with fantastic microphones, the OpenRock Link 20 open-air earbuds are some of the best I've tested.

I did not expect this JBL soundbar to rival my premium Sonos system the way that it did

The JBL Bar 1000MK2 is a true theater-in-a-box - and while its main feature might seem counterintuitive, it performs far better than you'd expect.

Best early Black Friday Verizon deals 2025: 10+ deals for new and existing users

If you're a Big Red customer, these early Black Friday deals will net you new phones, tablets, and more for less than retail.

Waze vs. Google Maps: I compared two of the top navigation apps, and this one easily wins

The Waze vs. Google Maps debate has raged for years. Here's my verdict after testing both.

Why Amazon really doesn't want Perplexity's AI browser shopping for you

Perplexity called Amazon's actions 'a threat to all internet users.'

Microsoft confirms a bug is hitting paid Windows 10 ESU users - here's what's happening

This problem has affected both consumer and business versions of Windows 10.

This free T-Mobile service could save your life, no matter what carrier you use - here's how

T-Mobile's 'Text to 911' satellite service is available free of charge to anyone with a compatible smartphone. Here's how to sign up.

AT&T customers can still claim up to $7,500 from $177M data breach settlement - here's how

A judge recently extended the deadline for AT&T's $177 million settlement. Here's how to claim your data breach payout before it's too late.

The $30 accessory that has saved my iPhone from water damage (again and again)

Most modern smartphones are water-resistant, but there are times when I need additional protection. This one does the trick.

This Sony soundbar turned my living room into the ultimate theater experience - here's how

Sony's Bravia Theater System 6 may skip some of the premium extras of its pricier sibling, but it still delivers outstanding sound where it matters most.

This AI ring takes notes for you and even talks back - in your own voice

Here's what Sandbar's Stream Ring can do (and how to get your hands on one).

I can't work without a standing desk - this portable stand is the next best thing

Moft's Sit-Stand Laptop Desk can elevate your laptop up to 10 inches, while folding down to half an inch thick.

I used the M5 iPad Pro exclusively for weeks, and it's so close to replacing my laptop

The latest iPad Pro features improvements in both performance and connectivity, making it a worthy upgrade for users of older iPads who want more.

The first 8 Linux commands every new user should learn

I learned Linux in the 90s when the command line was mandatory - and it's still the best place to start.

Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns

Google has released a report describing the novel ways in which malware has been using AI to adapt and evade detection.

The post Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns appeared first on SecurityWeek.

Webinar Today: Scattered Spider Exposed – Critical Takeaways for Cyber Defenders

Get practical strategies to help minimize your risk exposure, including the need for identity threat detection and mitigation.

The post Webinar Today: Scattered Spider Exposed – Critical Takeaways for Cyber Defenders appeared first on SecurityWeek.

Flare Raises $30 Million for Threat Exposure Management Platform

The company plans to advance its identity exposure management capabilities and pursue M&A opportunities.

The post Flare Raises $30 Million for Threat Exposure Management Platform appeared first on SecurityWeek.

Armis Raises $435 Million in Pre-IPO Funding Round at $6.1 Billion Valuation

Armis recently surpassed $300 million in annual recurring revenue as it prepares for an IPO.

The post Armis Raises $435 Million in Pre-IPO Funding Round at $6.1 Billion Valuation appeared first on SecurityWeek.

Malanta Emerges from Stealth With $10 Million Seed Funding

Malanta collects and analyzes digital breadcrumbs that attackers leave behind and then forecasts how and when they will be weaponized.

The post Malanta Emerges from Stealth With $10 Million Seed Funding appeared first on SecurityWeek.

ConductorOne Raises $79 Million in Series B Funding

Leveraging AI, ConductorOne’s platform secures and manages millions of human, non-human, and AI identities.

The post ConductorOne Raises $79 Million in Series B Funding appeared first on SecurityWeek.

Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover

The critical vulnerability allows attackers to read arbitrary emails, including password reset messages.

The post Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover appeared first on SecurityWeek.

Daylight Raises $33 Million for AI-Powered MDR Platform

The funding will fuel the development of Daylight’s security operations platform and the launch of new protection modules.

The post Daylight Raises $33 Million for AI-Powered MDR Platform appeared first on SecurityWeek.

Nikkei Says 17,000 Impacted by Data Breach Stemming From Slack Account Hack

The Japanese media giant says compromised Slack credentials were used to steal employee and business partner information.

The post Nikkei Says 17,000 Impacted by Data Breach Stemming From Slack Account Hack appeared first on SecurityWeek.

Portal26 Raises $9 Million for Gen-AI Adoption Platform

The gen-AI adoption management platform will invest the funds in accelerating growth and product innovations.

The post Portal26 Raises $9 Million for Gen-AI Adoption Platform appeared first on SecurityWeek.

Uncle Sam lets Google take Wiz for $32B

Second time's the charm for after Wiz rejected Google's $23B offer last year

Google's second attempt to acquire cloud security firm Wiz is going a lot better than the first, with the Department of Justice clearing the $32 billion deal, which ranks as Google's largest-ever acquisition.…

AMD red-faced over random-number bug that kills cryptographic security

Local privileges required to exploit flaw in Ryzen and Epyc CPUs. Some patches available, more on the way

AMD will issue a microcode patch for a high-severity vulnerability that could weaken cryptographic keys across Epyc and Ryzen CPUs.…

Attackers abuse Gemini AI to develop ‘Thinking Robot’ malware and data processing agent for spying purposes

Meanwhile, others tried to social-engineer the chatbot itself

Nation-state goons and cybercrime rings are experimenting with Gemini to develop a "Thinking Robot" malware module that can rewrite its own code to avoid detection, and build an AI agent that tracks enemies' behavior, according to Google Threat Intelligence Group.…

M&S pegs cyberattack cleanup costs at £136M as profits slump

Retailer's tech systems aren’t down anymore, but the same can’t be said for its rocky financials

Marks & Spencer says its April cyberattack will cost around £136 million ($177.2 million) in total.…

Famed software engineer DJB tries Fil-C… and likes what he sees

A ‘three-letter person’ experiments with the new type-safe C, and is impressed

Famed mathematician, cryptographer and coder Daniel J. Bernstein has tried out the new type-safe C/C++ compiler, and he's given it a favorable report.…

UK agri dept spent hundreds of millions upgrading to Windows 10 – just in time for end of support

After a £312M upgrade to the retiring OS, Defra still has 24,000 devices to replace

The UK's Department for Environment, Food & Rural Affairs (Defra) has spent £312 million (c $407 million) modernizing its IT estate, including replacing tens of thousands of Windows 7 laptops with Windows 10 – which officially reached end of support last month.…

Uncle Sam wants to scan your iris and collect your DNA, citizen or not

DHS rule would expand biometric collection to immigrants and some citizens linked to them

If you're filing an immigration form - or helping someone who is - the Feds may soon want to look in your eyes, swab your cheek, and scan your face. The US Department of Homeland Security wants to greatly expand biometric data collection for immigration applications, covering immigrants and even some US citizens tied to those cases.…

Russian spies pack custom malware into hidden VMs on Windows machines

Curly COMrades strike again

Russia's Curly COMrades is abusing Microsoft's Hyper-V hypervisor in compromised Windows machines to create a hidden Alpine Linux-based virtual machine that bypasses endpoint security tools, giving the spies long-term network access to snoop and deploy malware.…

Consumer Financial Protection Bureau's security falls apart amid layoffs

Security program fails to meet federal standards as government cuts drain resources

The infosec program run by the US' Consumer Financial Protection Bureau (CFPB) "is not effective," according to a fresh audit published by the Office of the Inspector General (OIG).…

Invasion of the message body snatchers! Teams flaw allowed crims to impersonate the boss

Check Point lifts lid on a quartet of Teams vulns that made it possible to fake the boss, forge messages, and quietly rewrite history

Microsoft Teams, one of the world's most widely used collaboration tools, contained serious, now-patched vulnerabilities that could have let attackers impersonate executives, rewrite chat history, and fake notifications or calls – all without users suspecting a thing.…

Cybercrooks getting violent more often to secure big payouts in Europe

France-based victims hit especially hard, while UK named most-targeted country generally

Researchers are seeing a "dramatic" increase in cybercrime involving physical violence across Europe, with at least 18 cases reported since the start of the year.…

OpenAI API moonlights as malware HQ in Microsoft’s latest discovery

Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel

Hackers have found a new use for OpenAI's Assistants API – not to write poems or code, but to secretly control malware.…

China's president Xi Jinping jokes about backdoors in Xiaomi smartphones

South Korea's president laughed, so perhaps it was funny? Unlike China's censorship and snooping

Chinese president Xi Jinping has joked that smartphones from Xiaomi might include backdoors.…

AN0M, the backdoored ‘secure’ messaging app for criminals, is still producing arrests after four years

55 cuffed last week after court ruled sting operation was legal

Australian police last week made 55 arrests using evidence gathered with a backdoored messaging app that authorities distributed in the criminal community.…

MIT Sloan quietly shelves AI ransomware study after researcher calls BS

Even AI has doubts about the claim that '80% of ransomware attacks are AI-driven'

Do 80 percent of ransomware attacks really come from AI? MIT Sloan has now withdrawn a working paper that made that eyebrow-raising claim after criticism from security researcher Kevin Beaumont.…

Ransomware negotiator, pay thyself!

Rogues committed extortion while working for infosec firms

A ransomware negotiator and an incident response manager at two separate cybersecurity firms have been indicted for allegedly carrying out ransomware attacks of their own against multiple US companies.…

AWS, Nvidia, CrowdStrike seek security startups to enter the arena

Last year's winner scored a $65M funding round on a $300M valuation

Cloud and AI security startups have two weeks to apply for a program that fast-tracks access to investors and mentors from Amazon Web Services, CrowdStrike, and Nvidia.…

Cybercrooks team up with organized crime to steal pricey cargo

Old-school cargo heists reborn in the cyber age

Cybercriminals are increasingly orchestrating lucrative cargo thefts alongside organized crime groups (OCGs) in a modern-day resurgence of attacks on freight companies.…

Metropolitan Police hails facial recognition tech after record year for arrests

But question marks remain over the tech’s biases

London's Metropolitan Police Service (MPS) says the hundreds of live facial recognition (LFR) deployments across the Capital last year led to 962 arrests, according to a new report on the controversial tech's use.…

The race to shore up Europe’s power grids against cyberattacks and sabotage

Ukraine first to demo open source security platform to isolate incidents, stop lateral movement

Feature It was a sunny morning in late April when a massive power outage suddenly rippled across Spain, Portugal, and parts of southwestern France, leaving tens of millions of people without electricity for hours.…

Attackers targeting unpatched Cisco kit notice malware implant removal, install it again

PLUS: Cyber-exec admits selling secrets to Russia; LastPass isn't checking to see if you're dead; Nation-state backed Windows malware; and more

Infosec in brief Australia’s Signals Directorate (ASD) last Friday warned that attackers are installing an implant named “BADCANDY” on unpatched Cisco IOS XE devices and can detect deletion of their wares and reinstall their malware.…

Russia finally bites the cybercrooks it raised, arresting suspected Meduza infostealer devs

Rare case of the state turning on its own, but researchers say it may be doing so more often

Russia's Interior Ministry says police have arrested three suspects it believes helped build and spread the Meduza infostealer.…

Attackers dig up $11M in Garden Finance crypto exploit

Bitcoin bridge biz offers 10 percent reward to attackers if they play nice

Blockchain company Garden admits it was compromised and temporarily shut down its app after approximately $11 million worth of assets were stolen.…

Resilience, not sovereignty, defines OpenStack's next chapter

Price hikes, politics, and platform fatigue drive organizations back toward open alternatives

OpenInfra Summit Sovereignty might be the word of the hour, but the OpenStack community has another – resilience.…

NHS left with sick PCs as suppliers resist Windows 11 treatment

Hospitals told to upgrade, but some medical device makers haven't prescribed compatibility yet

NHS hospitals are being blocked from fully upgrading to Windows 11 by a small number of suppliers that have yet to make their medical devices compatible with Microsoft's latest operating system.…

Europe preps Digital Euro to enter circulation in 2029

Because fewer people like banknotes, and payment sovereignty is a problem

The Governing Council of the European Central Bank (ECB) has decided the bloc needs a digital version of the Euro, and ordered work that could see it enter circulation in 2029.…

Suspected Chinese snoops weaponize unpatched Windows flaw to spy on European diplomats

Expired security cert, real Brussels agenda, plus PlugX malware finish the job

Cyber spies linked to the Chinese government exploited a Windows shortcut vulnerability disclosed in March – but that Microsoft hasn't fixed yet – to target European diplomats in an effort to steal defense and national security details.…

Proton trains new service to expose corporate infosec cover-ups

Service will tell on compromised organizations, even if they didn't plan on doing so themselves

Some orgs would rather you not know when they've suffered a cyberattack, but a new platform from privacy-focused tech firm Proton will shine a light on the big breaches that might otherwise stay buried.…

Docker Compose vulnerability opens door to host-level writes – patch pronto

Windows Desktop installer also fixed after DLL hijack flaw rated 8.8 severity

Docker Compose users are being strongly urged to upgrade their versions of the orchestration tool after a researcher uncovered a flaw that could allow attackers to stage path traversal attacks.…

Invisible npm malware pulls a disappearing act – then nicks your tokens

PhantomRaven slipped over a hundred credential-stealing packages into npm

A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, tokens, and secrets during installation. The packages appear safe when first downloaded, making them particularly difficult for security apps to identify.…

Cyberpunks mess with Canada's water, energy, and farm systems

Infosec agency warns hacktivists broke into critical infrastructure systems to tamper with controls

Hacktivists have breached Canadian critical infrastructure systems to meddle with controls that could have led to dangerous conditions, marking the latest in a string of real-world intrusions driven by online activists rather than spies.…

Postcode Lottery's lucky dip turns into data slip as players draw each other's info

Biz says 'technical error' caused short-lived leak affecting small number of users

A major UK lottery organization says it has resolved a technical error that exposed customer data to other users.…

France jacks into the Matrix for state messaging – and pays too

Governments eye comms alternatives as sovereignty worries mount

Comment Decentralized communications network Matrix is hoping to be the beneficiary as European public and private sector organizations ponder alternatives to the messaging status quo.…

This security hole can crash billions of Chromium browsers, and Google hasn't patched it yet

Edge, Atlas, Brave among those affected

Exclusive A critical, currently unpatched bug in Chromium's Blink rendering engine can be abused to crash many Chromium-based browsers within seconds, causing a denial-of-service condition – and, in some tests, freezing the host system.…

EY exposes 4TB+ SQL database to open internet for who knows how long

The Big Four biz’s big fat fail exposed a boatload of secrets online

A Dutch cybersecurity outfit says its lead researcher recently stumbled upon a 4TB+ SQL Server backup file belonging to EY exposed to the web, effectively leaking the accounting and consulting megacorp's secrets.…

Marketing giant Dentsu warns staff after Merkle data raid

Emails confirm payroll and bank details lifted in cyberattack on US subsidiary

Global marketing giant Dentsu is writing to current and former staff after a cyberattack on a subsidiary led to bank, payroll, and other sensitive data being stolen.…

Sole trader dispatched almost 1M spam texts to hard-up Brits, says watchdog

ICO fined Bharat Singh Chand £200,000 after receiving 19,138 complaints

Britain's data watchdog has fined a sole trader £200,000 for nearly a million spam texts targeting people in debt – almost 20 pence per message.…

UK government on the lookout for bargain-priced CTO

Dangles £100K for someone to fix £23B tech mess

The UK government is on the hunt for a new CTO after incumbent David Knott announced his departure, citing family reasons.…

9 in 10 Exchange servers in Germany still running out-of-support software

Cybersecurity agency urges organizations to upgrade or risk total network compromise

Germany's infosec office (BSI) is sounding the alarm after finding that 92 percent of the nation's Exchange boxes are still running out-of-support software, a fortnight after Microsoft axed versions 2016 and 2019.…

Australian police building AI to translate emoji used by ‘crimefluencers’

Five Eyes intel alliance has created a team to target these scum who prey on kids

Australia’s Federal Police (AFP) is working on an AI to interpret emojis and the slang used online by Generation Z and Generation Alpha, so it can understand them when they discuss crime online.…

Clearview AI faces criminal heat for ignoring EU data fines

Noyb says New York-based facial recognition biz flouted GDPR orders and kept scraping anyway

Privacy advocates at Noyb filed a criminal complaint against Clearview AI for scraping social media users' faces without consent to train its AI algorithms.…

AI browsers face a security flaw as inevitable as death and taxes

Agentic features open the door to data exfiltration or worse

Feature With great power comes great vulnerability. Several new AI browsers, including OpenAI's Atlas, offer the ability to take actions on the user's behalf, such as opening web pages or even shopping. But these added capabilities create new attack vectors, particularly prompt injection.…

Beatings, killings, and lasting fear: The human toll of MoD's Afghan data breach

Research submitted to Parliament details deaths, raids, and mental trauma linked to 2022 relocation leak

Research submitted to the UK Parliament has revealed explicit threats to life and the deaths of family members and colleagues directly linked to the Ministry of Defence's 2022 Afghan relocation scheme data breach.…

Google says reports of a Gmail breach have been greatly exaggerated

Ad and cloud biz rubbishes claims that 183 million accounts broken into

Panic spread faster than a phishing email on Tuesday after claims of a massive Gmail breach hit the headlines – but Google says it's all nonsense.…

Chatbots parrot Putin's propaganda about the illegal invasion of Ukraine

Fake views from Moscow's pet media outlets appear in about one in five responses

Popular chatbots powered by large language models cited links to Russian state-attributed sources in up to a quarter of answers about the war in Ukraine, raising fresh questions over whether AI risks undermining efforts to enforce sanctions on Moscow-backed media.…

Marks & Spencer swaps out TCS for fresh helpdesk deal

Move follows months-long procurement process as retailer refreshes parts of its IT support setup

UK retailer Marks & Spencer has replaced Tata Consultancy Services as its IT service desk provider following a procurement process that began in January.…

WSUS attacks hit 'multiple' orgs as Google and other infosec sleuths ring Redmond’s alarm bell

If at first you don’t succeed, patch and patch again

More threat intel teams are sounding the alarm about a critical Windows Server Update Services (WSUS) remote code execution vulnerability, tracked as CVE-2025-59287 and now under active exploitation, just days after Microsoft pushed an emergency patch and the US Cybersecurity and Infrastructure Security Agency added the bug to its Known Exploited Vulnerabilities catalog.…

Iran's school for cyberspies could've used a few more lessons in preventing breaches

Ravin Academy confirms the intrusion on Telegram, says student data was stolen

Iran's school for state-sponsored cyberattackers admits it suffered a breach exposing the names and other personal information of its associates and students.…

You have one week to opt out or become fodder for LinkedIn AI training

Nations previously exempt from scraping now in the firing line

If you thought living in Europe, Canada, or Hong Kong meant you were protected from having LinkedIn scrape your posts to train its AI, think again. You have a week to opt out before the Microsoft subsidiary assumes you're fine with it.…

Researchers exploit OpenAI's Atlas by disguising prompts as URLs

NeuralTrust shows how agentic browser can interpret bogus links as trusted user commands

Researchers have found more attack vectors for OpenAI's new Atlas web browser – this time by disguising a potentially malicious prompt as an apparently harmless URL.…

Operation Chargeback Uncovers €300m Fraud Scheme in 193 Countries

Operation “Chargeback” has dismantled global fraud networks misusing stolen card data from more than 4.3 million victims

UNK_SmudgedSerpent Targets Academics With Political Lures

A previously unknown cyber actor UNK_SmudgedSerpent has been observed targeting academics with phishing and malware, merging techniques from Iranian groups

Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection

Three of Anthropic’s Claude Desktop extensions were vulnerable to command injection – flaws that have now been fixed

SMS Fraud Losses Set to Decline 11% in 2026

Juniper Research predicts a $9bn drop in losses to SMS fraud next year

Hundreds of Malware-Laden Apps Downloaded 42 Million Times From Google Play

Zscaler estimates 239 malicious Android apps made it onto the official Play store over the past year

French Police Seize €1.6m Amid Crypto Scam Network Crackdown

Nine alleged crypto scammers arrested in Cyprus, Germany and Spain

OpenAI Assistants API Exploited in 'SesameOp' Backdoor

Instead of relying on more traditional methods, the backdoor exploits OpenAI’s Assistants API for command-and-control communications

Scattered Spider, ShinyHunters and LAPSUS$ Form Unified Collective

Scattered Spider, ShinyHunters and LAPSUS$ have formed an enhanced coordinated threat network for extortion efforts

DragonForce Cartel Emerges as Conti-Derived Ransomware Threat

DragonForce, a ransomware group using Conti’s code, has adopted a cartel model to expand and recruit

Identity Is Now the Top Source of Cloud Risk

ReliaQuest data reveals identity issues were responsible for 44% of cloud security alerts in Q3

DeFi Protocol Balancer Loses Over $120m in Cyber Heist

Digital thieves have got away with over $120m stolen from popular decentralized finance protocol Balancer

CISA and NSA Outline Best Practices to Secure Exchange Servers

CISA and NSA have released a blueprint to enhance Microsoft Exchange Server security against cyber-attacks

OpenGuardrails: A new open-source model aims to make AI safer for real-world use

When you ask a large language model to summarize a policy or write code, you probably assume it will behave safely. But what happens when someone tries to trick it into leaking data or generating harmful content? That question is driving a wave of research into AI guardrails, and a new open-source project called OpenGuardrails is taking a bold step in that direction. Created by Thomas Wang of OpenGuardrails.com and Haowen Li of The Hong … More →

The post OpenGuardrails: A new open-source model aims to make AI safer for real-world use appeared first on Help Net Security.

Bitdefender GravityZone Security Data Lake unifies telemetry from multiple tools

Bitdefender announced Bitdefender GravityZone Security Data Lake and Data Lake for Managed Detection and Response (MDR), solutions that help organizations cut through alert overload and complexity by unifying security telemetry from multiple tools into a single, intelligent platform. The new offering simplifies security operations with advanced analytics and expert-driven response, delivering the visibility of a modern Security Information and Event Management (SIEM) while reducing investigation time and total cost of ownership. Organizations face challenges with … More →

The post Bitdefender GravityZone Security Data Lake unifies telemetry from multiple tools appeared first on Help Net Security.

Prismatic gives AI agents the guardrails and structure they need to operate reliably in production

Prismatic announced its MCP flow server for production-ready AI integrations. The new offering enables companies to transform fragile AI toolchains into reliable, deterministic workflows that can securely power mission-critical applications. AI agents are now embedded in every workflow — from customer support to writing code to data analysis — but connecting them to real-world systems remains unreliable. Product teams expose individual API endpoints as MCP tools, leaving large language models (LLMs) to make dozens of … More →

The post Prismatic gives AI agents the guardrails and structure they need to operate reliably in production appeared first on Help Net Security.

Enterprises are losing track of the devices inside their networks

Security teams are often surprised when they discover the range and number of devices connected to their networks. The total goes far beyond what appears in agent-based telemetry or old manual asset inventories. Enterprise networks face broader exposure from xIoT expansion Forescout analyzed 10 million devices across more than 700 organizations active in October 2025. About two-thirds of those devices weren’t traditional IT like workstations, laptops, servers, or hypervisors. Instead, they included network gear such … More →

The post Enterprises are losing track of the devices inside their networks appeared first on Help Net Security.

Humans built the problem, AI just scaled it

Information moves across cloud platforms, personal devices, and AI tools, often faster than security teams can track it. Proofpoint’s 2025 Data Security Landscape report shows that most organizations faced data loss last year, usually caused by their own people. With AI agents part of daily operations, security leaders are confronting risks that come from users and from the systems acting on their behalf. A familiar problem that keeps getting worse 85% of the companies experienced … More →

The post Humans built the problem, AI just scaled it appeared first on Help Net Security.

What shadow AI means for your company’s security

In this Help Net Security video, Peled Eldan‏, Head of Research at XM Cyber, explains the hidden risks of shadow AI. He describes how employees often use unapproved AI tools at work to save time or solve problems, even when approved tools are available. This behavior, though common, can lead to serious issues such as data leaks, compliance violations, and security blind spots. Eldan outlines how sensitive company or client data can leave the organization’s … More →

The post What shadow AI means for your company’s security appeared first on Help Net Security.

Retailers are learning to say no to ransom demands

Ransomware remains one of the biggest operational risks for retailers, but the latest data shows a shift in how these attacks unfold. Fewer incidents now lead to data encryption, recovery costs have dropped, and businesses are bouncing back faster. Yet attackers are demanding more money, and security teams are feeling the strain. These findings come from the State of Ransomware in Retail 2025 report by Sophos, based on a global survey of 361 retail IT … More →

The post Retailers are learning to say no to ransom demands appeared first on Help Net Security.

Google uncovers malware using LLMs to operate and evade detection

PromptLock, the AI-powered proof-of-concept ransomware developed by researchers at NYU Tandon and initially mistaken for an active threat by ESET, is no longer an isolated example: Google’s latest report shows attackers are now creating and deploying other malware that leverages LLMs to operate and evade security systems. A step toward more autonomous and adaptive malware Google’s threat intelligence analysts have observed several instances of AI-powered malware being used in the wild: QuietVault is a credential … More →

The post Google uncovers malware using LLMs to operate and evade detection appeared first on Help Net Security.

Komodor’s self-healing capabilities remediate issues with or without a human in the loop

Komodor released autonomous self-healing and cost optimization capabilities that simplify operations for SRE, DevOps, and Platform teams managing large-scale Kubernetes environments. Powered by Klaudia, purpose-built agentic AI, the Komodor platform can automatically detect, investigate, and remediate issues, with or without a human in the loop, and optimize resource utilization. Managing Kubernetes and cloud-native infrastructure at scale has become increasingly complex. Industry research shows that 88% of technology leaders report rising stack complexity, and 81% say … More →

The post Komodor’s self-healing capabilities remediate issues with or without a human in the loop appeared first on Help Net Security.

Fortinet launches Secure AI Data Center to protect AI infrastructures end-to-end

Fortinet announced the Secure AI Data Center solution, an end-to-end framework purpose-built to protect AI infrastructures. Designed to secure the entire AI stack, from data center infrastructure to applications and LLMs, the solution delivers advanced AI threat defense with ultra-low latency and reduces power consumption on average by 69% compared to traditional approaches. As part of this announcement, Fortinet introduced the FortiGate 3800G, a high-performance data center firewall that delivers the power efficiency, throughput, and … More →

The post Fortinet launches Secure AI Data Center to protect AI infrastructures end-to-end appeared first on Help Net Security.

How social engineering works | Unlocked 403 cybersecurity podcast (S2E6)

Think you could never fall for an online scam? Think again. Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead

Ground zero: 5 things to do after discovering a cyberattack

When every minute counts, preparation and precision can mean the difference between disruption and disaster

This month in security with Tony Anscombe – October 2025 edition

From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now

Fraud prevention: How to help older family members avoid scams

Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically

Cybersecurity Awareness Month 2025: When seeing isn't believing

Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams

Recruitment red flags: Can you spot a spy posing as a job seeker?

Here’s what to know about a recent spin on an insider threat – fake North Korean IT workers infiltrating western firms

How MDR can give MSPs the edge in a competitive market

With cybersecurity talent in short supply and threats evolving fast, managed detection and response is emerging as a strategic necessity for MSPs

Cybersecurity Awareness Month 2025: Cyber-risk thrives in the shadows

Shadow IT leaves organizations exposed to cyberattacks and raises the risk of data loss and compliance failures

Gotta fly: Lazarus targets the UAV sector

ESET research analyzes a recent instance of the Operation DreamJob cyberespionage campaign conducted by Lazarus, a North Korea-aligned APT group

SnakeStealer: How it preys on personal data – and how you can protect yourself

Here’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year's infostealer detection charts

Cybersecurity Awareness Month 2025: Building resilience against ransomware

Ransomware rages on and no organization is too small to be targeted by cyber-extortionists. How can your business protect itself against the threat?

Minecraft mods: Should you 'hack' your game?

Some Minecraft mods don’t help build worlds – they break them. Here’s how malware can masquerade as a Minecraft mod.

IT service desks: The security blind spot that may put your business at risk

Could a simple call to the helpdesk enable threat actors to bypass your security controls? Here’s how your team can close a growing security gap.

Cybersecurity Awareness Month 2025: Why software patching matters more than ever

As the number of software vulnerabilities continues to increase, delaying or skipping security updates could cost your business dearly.

AI-aided malvertising: Exploiting a chatbot to spread scams

Cybercriminals have tricked X’s AI chatbot into promoting phishing scams in a technique that has been nicknamed “Grokking”. Here’s what to know about it.

How Uber seems to know where you are – even with restricted location permissions

Is the ride-hailing app secretly tracking you? Not really, but this iOS feature may make it feel that way.

Cybersecurity Awareness Month 2025: Passwords alone are not enough

Never rely on just a password, however strong it may be. Multi-factor authentication is essential for anyone who wants to protect their online accounts from intruders.

The case for cybersecurity: Why successful businesses are built on protection

Company leaders need to recognize the gravity of cyber risk, turn awareness into action, and put security front and center

Beware of threats lurking in booby-trapped PDF files

Looks can be deceiving, so much so that the familiar icon could mask malware designed to steal your data and money.

Manufacturing under fire: Strengthening cyber-defenses amid surging threats

Manufacturers operate in one of the most unforgiving threat environments and face a unique set of pressures that make attacks particularly damaging

New spyware campaigns target privacy-conscious Android users in the UAE

ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates

Cybersecurity Awareness Month 2025: Knowledge is power

We're kicking off the month with a focus on the human element: the first line of defense, but also the path of least resistance for many cybercriminals

This month in security with Tony Anscombe – September 2025 edition

The past 30 days have seen no shortage of new threats and incidents that brought into sharp relief the need for well-thought-out cyber-resilience plans

Roblox executors: It’s all fun and games until someone gets hacked

You could be getting more than you bargained for when you download that cheat tool promising quick wins

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

Malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers

Watch out for SVG files booby-trapped with malware

What you see is not always what you get as cybercriminals increasingly weaponize SVG files as delivery vectors for stealthy malware

Gamaredon X Turla collab

Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine

Small businesses, big targets: Protecting your business against ransomware

Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises

HybridPetya: The Petya/NotPetya copycat comes with a twist

HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal

Are cybercriminals hacking your systems – or just logging in?

As bad actors often simply waltz through companies’ digital front doors with a key, here’s how to keep your own door locked tight

Preventing business disruption and building cyber-resilience with MDR

Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a prevention-first cybersecurity strategy

Under lock and key: Safeguarding business data with encryption

As the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purpose

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results

This month in security with Tony Anscombe – August 2025 edition

From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity news

Don’t let “back to school” become “back to (cyber)bullying”

Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back

First known AI-powered ransomware uncovered by ESET Research

The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats

"What happens online stays online" and other cyberbullying myths, debunked

Separating truth from fiction is the first step towards making better parenting decisions. Let’s puncture some of the most common misconceptions about online harassment.

The need for speed: Why organizations are turning to rapid, trustworthy MDR

How top-tier managed detection and response (MDR) can help organizations stay ahead of increasingly agile and determined adversaries

Investors beware: AI-powered financial scams swamp social media

Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think.

Supply-chain dependencies: Check your resilience blind spot

Does your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them?

How the always-on generation can level up its cybersecurity game

Digital natives are comfortable with technology, but may be more exposed to online scams and other threats than they think

WinRAR zero-day exploited in espionage attacks against high-value targets

The attacks used spearphishing campaigns to target financial, manufacturing, defense, and logistics companies in Europe and Canada, ESET research finds

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise their targets

Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s?

A sky-high premium may not always reflect your company’s security posture

Android adware: What is it, and how do I get it off my device?

Is your phone suddenly flooded with aggressive ads, slowing down performance or leading to unusual app behavior? Here’s what to do.

Black Hat USA 2025: Policy compliance and the myth of the silver bullet

Who’s to blame when the AI tool managing a company’s compliance status gets it wrong?

Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow?

Success in cybersecurity is when nothing happens, plus other standout themes from two of the event’s keynotes

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

Threat actors are embracing ClickFix, ransomware gangs are turning on each other – toppling even the leaders – and law enforcement is disrupting one infostealer after another

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too much

Why the tech industry needs to stand firm on preserving end-to-end encryption

Restricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activity

This month in security with Tony Anscombe – July 2025 edition

Here's a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025

The hidden risks of browser extensions – and how to stay safe

Not all browser add-ons are handy helpers – some may contain far more than you have bargained for

SharePoint under fire: ToolShell attacks hit organizations worldwide

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks

ToolShell: An all-you-can-eat buffet for threat actors

ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities

Rogue CAPTCHAs: Look out for phony verification pages spreading malware

Before rushing to prove that you're not a robot, be wary of deceptive human verification pages as an increasingly popular vector for delivering malware

Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)

Behind every free online service, there's a price being paid. Learn why your digital footprint is so valuable, and when you might actually be the product.

Unmasking AsyncRAT: Navigating the labyrinth of forks

ESET researchers map out the labyrinthine relationships among the vast hierarchy of AsyncRAT variants

How to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3)

Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.

Task scams: Why you should never pay to get paid

Some schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams.

How government cyber cuts will affect you and your business

Deep cuts in cybersecurity spending risk creating ripple effects that will put many organizations at a higher risk of falling victim to cyberattacks

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024

ESET Threat Report H1 2025: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for organizations in 2025

ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits

ESET experts discuss Sandworm’s new data wiper, relentless campaigns by UnsolicitedBooker, attribution challenges amid tool-sharing, and other key findings from the latest APT Activity Report

This month in security with Tony Anscombe – June 2025 edition

From Australia's new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news

ESET Threat Report H1 2025

A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

BladedFeline: Whispering in the dark

ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig

Don’t let dormant accounts become a doorway for cybercriminals

Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order.

This month in security with Tony Anscombe – May 2025 edition

From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news

Word to the wise: Beware of fake Docusign emails

Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data

Danabot under the microscope

ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure

Danabot: Analyzing a fallen empire

ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation

Lumma Stealer: Down for the count

The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies

ESET takes part in global operation to disrupt Lumma Stealer

Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation

The who, where, and how of APT attacks in Q4 2024–Q1 2025

ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report

ESET APT Activity Report Q4 2024–Q1 2025

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025

Sednit abuses XSS flaws to hit gov't entities, defense companies

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU

Operation RoundPress

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)

Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.

Catching a phish with many faces

Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly

Beware of phone scams demanding money for ‘missed jury duty’

When we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer.

Toll road scams are in overdrive: Here’s how to protect yourself

Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam.

RSAC 2025 wrap-up – Week in security with Tony Anscombe

From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks

This month in security with Tony Anscombe – April 2025 edition

From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity

How safe and secure is your iPhone really?

Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.

Deepfake 'doctors' take to TikTok to peddle bogus cures

Look out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements

How fraudsters abuse Google Forms to spread scams

The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe.

Will super-smart AI be attacking us anytime soon?

What practical AI attacks exist today? “More than zero” is the answer – and they’re getting better.

CapCut copycats are on the prowl

Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead

They’re coming for your data: What are infostealers and how do I stay safe?

Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data

Attacks on the education sector are surging: How can cyber-defenders respond?

Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?

Watch out for these traps lurking in search results

Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results

So your friend has been hacked: Could you be next?

When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.

1 billion reasons to protect your identity online

Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t.

The good, the bad and the unknown of AI: A Q&A with Mária Bieliková

The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us

This month in security with Tony Anscombe – March 2025 edition

From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news

Resilience in the face of ransomware: A key to business survival

Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage

Making it stick: How to get the most out of cybersecurity training

Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near

RansomHub affiliates linked to rival RaaS gangs

ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions

Why API Security Will Drive AppSec in 2026 and Beyond

api, api sprawl, api security, pen testing, Salt Security, API, APIs, attacks, testing, PTaaS, API security, API, cloud, audits, testing, API security vulnerabilities testing BRc4 Akamai security pentesting ThreatX red team pentesting API APIs Penetration Testing

As LLMs, agents and Model Context Protocols (MCPs) reshape software architecture, API sprawl is creating major security blind spots. The 2025 GenAI Application Security Report reveals why continuous API discovery, testing and governance are now critical to protecting AI-driven applications from emerging semantic and prompt-based attacks.

The post Why API Security Will Drive AppSec in 2026 and Beyond appeared first on Security Boulevard.

Using FinOps to Detect AI-Created Security Risks

As AI investments surge toward $1 trillion by 2027, many organizations still see zero ROI due to hidden security and cost risks. Discover how aligning FinOps with security practices helps identify AI-related vulnerabilities, control cloud costs, and build sustainable, secure AI operations.

The post Using FinOps to Detect AI-Created Security Risks appeared first on Security Boulevard.

Survey: Organizations Are Too Confident in Their Cyber Resiliency

alerts, teams, AI, threats, agents, data, leaders, F5, survey, AI, gap, small, small business, cybersecurity,

A global survey of 1,773 C-level executives, security professionals and security and technical directors finds nearly all (95%) are confident in their ability to recover from a ransomware attack. Conducted by OpenText, the survey also notes that 40% of respondents said their organization experienced a ransomware attack in the past year, with nearly half hit..

The post Survey: Organizations Are Too Confident in Their Cyber Resiliency appeared first on Security Boulevard.

250 Episodes of Cloud Security Podcast by Google: From Confidential Computing to AI-Ready SOC

So this may suck, but I am hoping to at least earn some points for honesty here. I wanted to write something pithy and smart once I realized our Cloud Security Podcast by Google just aired our 250th episode (“EP250 The End of “Collect Everything”? Moving from Centralization to Data Access?”). Yet nothing sufficiently pithy came to my mind …

… so I went around and asked a whole bunch of AIs and agents and such. Then massaged and aggregated the outputs, then ran more AI on the result. And then lightly curated it. Then deleted the bottom 2 stupidest points they made.

So, here it comes … in all its sloppy glory!

The Foundational Roots and Unchanging Mission: Our show started with foundational cloud security topics — like Zero Trust, Data Security, and Cloud Migration Security which drew the initial large audiences. The core commitment since Episode 1 has been to question conventional wisdom, avoid “security theater” (EP248) and explore whether security measures truly benefit the user and the organization.
The AI Transformation: We had a sizable shift with the last 50 episodes, where AI became a central theme, or at least one of the themes we always come back to (and, yes, this covers our 3 pillars of securing AI, AI for security and countering the AI-armed attacker). The focus has moved past general hype to practical applications, securing AI systems, and asking challenging questions like “Data readiness for AI SOC” (EP249).
The Enduring Popularity of Detection & Response (D&R): We highlight that D&R and modernizing the SOC continue to be extremely popular with the audience (EP236 is epic). Trace the evolution of this topic from foundational engineering (like the very popular EP75 on scaling D&R at Google) to the architectural questions in EP250.
“How Google Does Security” Sells the Tickets: We love the episodes offering a candid look behind Google’s security curtain on topics like internal red teaming, detection scaling, and Cloud IR tabletops. They consistently remain perennial audience favorites (the latest in this series is EP238 on how we use AI agents for security).
The Centrality of People and Process: We emphasize the recurring lessons that the most challenging aspects of large-scale cloud (and now AI) security transformations are often the “people” and “process” elements, not the technical “tech” itself. EP237 is an epic example of this.
The Call for Intentionality: We reinforce the importance of having a clear purpose for every security activity and following an engineering-led approach (EP117). The “magical” advice from EP236 is: to ask of every security element, “what is it in service of?”
The Persistence of Old Problems: We often lament with a touch of humor on the industry’s tendency to repeat fundamental security mistakes (the SIEM Paradox in EP234 for instance or EP223 in general), underscoring the ongoing need to cover “boring” basics. We will absolutely continue this (a new episode on vulnerability management “stale” problems is coming soon)
Community and Format Growth: We continue to “sorta-kinda” (human wrote this, eh?) the development of the podcast beyond a purely audio medium, including the launch of live video sessions and a Community site to foster more dialogue and feedback.
The Unique Culture and Authenticity of the Show Stays: We remain obsessed about selecting high-energy, vocal, and knowledgeable guests and fun topics. We will keep on with our “inside jokes” like not allowing guests to recommend Anton’s blog as an episode resource and pokes about firewall appliances in the cloud (they are there).
A Glimpse at 300: We want to tease future topics that will define the next 50+ episodes, such as deeper dives into Agentic AI, challenges of cross-cloud incident response and forensics, or the geopolitical aspects of cloud security. Give us ideas, will ya? Otherwise, you will get to hear about AI and D&R much of the time…

Top 5 popular episodes (excluding the oldest 3)

Enjoy the show!

250 Episodes of Cloud Security Podcast by Google: From Confidential Computing to AI-Ready SOC was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post 250 Episodes of Cloud Security Podcast by Google: From Confidential Computing to AI-Ready SOC appeared first on Security Boulevard.

Securing AI-Generated Code: What Does It Look Like in Practice?

Get details on our recent survey on the security of AI-generated code.

The post Securing AI-Generated Code: What Does It Look Like in Practice? appeared first on Security Boulevard.

Smarter Connectivity

Product Update: Version 5.2 This release focuses on giving you more control over your infrastructure connections and ensuring your monitoring tools run smoother than ever. From enhanced circuit management and expanded search capabilities to optimized data collectors and advanced Modbus support, this update delivers practical improvements that make your day-to-day operations more ...

The post Smarter Connectivity appeared first on Hyperview.

The post Smarter Connectivity appeared first on Security Boulevard.

NDSS 2025 – Understanding And Detecting Harmful Memes With Multimodal Large Language Models

SESSION
Session 2A: LLM Security

Authors, Creators & Presenters: Yong Zhuang (Wuhan University), Keyan Guo (University at Buffalo), Juan Wang (Wuhan University), Yiheng Jing (Wuhan University), Xiaoyang Xu (Wuhan University), Wenzhe Yi (Wuhan University), Mengda Yang (Wuhan University), Bo Zhao (Wuhan University), Hongxin Hu (University at Buffalo)

PAPER
I know what you MEME! Understanding and Detecting Harmful Memes with Multimodal Large Language Models
Memes have become a double-edged sword on social media platforms. On one hand, they facilitate the rapid dissemination of information and enhance communication. On the other hand, memes pose a risk of spreading harmful content under the guise of humor and virality. This duality highlights the need to develop effective moderation tools capable of identifying harmful memes. Current detection methods, however, face significant challenges in identifying harmful memes due to their inherent complexity. This complexity arises from the diverse forms of expression, intricate compositions, sophisticated propaganda techniques, and varied cultural contexts in which memes are created and circulated. These factors make it difficult for existing algorithms to distinguish between harmless and harmful content accurately. To understand and address these challenges, we first conduct a comprehensive study on harmful memes from two novel perspectives: visual arts and propaganda techniques. It aims to assess existing tools for detecting harmful memes and understand the complexities inherent in them. Our findings demonstrate that meme compositions and propaganda techniques can significantly diminish the effectiveness of current harmful meme detection methods. Inspired by our observations and understanding of harmful memes, we propose a novel framework called HMGUARD for effective detection of harmful memes. HMGUARD utilizes adaptive prompting and chain-of-thought (CoT) reasoning in multimodal large language models (MLLMs). HMGUARD has demonstrated remarkable performance on the public harmful meme dataset, achieving an accuracy of 0.92. Compared to the baseline, HMGUARD represents a substantial improvement, with accuracy exceeding the baselines by 15% to 79.17%. Additionally, HMGUARD outperforms existing detection tools, achieving an impressive accuracy of 0.88 in real-world scenarios.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.

Permalink

The post NDSS 2025 – Understanding And Detecting Harmful Memes With Multimodal Large Language Models appeared first on Security Boulevard.

Survey: Cybersecurity Leaders Much More Concerned About AI Generated Code

A survey of 400 cybersecurity leaders in the U.S. and United Kingdom published today finds all respondents reporting that AI tools are now generating code in their organization’s code base, with just under a third now seeing those tools being used to generate most of the code being created. Commissioned by Cycode, a provider of..

The post Survey: Cybersecurity Leaders Much More Concerned About AI Generated Code appeared first on Security Boulevard.

Randall Munroe’s XKCD ‘’Physics Paths”

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘’Physics Paths” appeared first on Security Boulevard.

Why Agentic AI Needs Guardrails to Thrive

5 min readAgentic AI systems need comprehensive guardrails to deploy safely at scale. Learn how access controls, policy frameworks, and visibility enable automation.

The post Why Agentic AI Needs Guardrails to Thrive appeared first on Aembit.

The post Why Agentic AI Needs Guardrails to Thrive appeared first on Security Boulevard.

Gootloader malware is back with new tricks after 7-month break

The Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to promote fake websites that distribute the malware. [...]

Hyundai AutoEver America data breach exposes SSNs, drivers licenses

Hyundai AutoEver America is notifying individuals that hackers breached the company's IT environment and gained access to personal information. [...]

CISA warns of critical CentOS Web Panel bug exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning that threat actors are exploiting a critical remote command execution flaw in CentOS Web Panel (CWP). [...]

Windows 11 Store gets Ninite-style multi-app installer feature

The Microsoft Store on the web now lets you create a multi-app install package on Windows 11 that installs multiple applications from a single installer. [...]

SonicWall says state-sponsored hackers behind September security breach

SonicWall's investigation into the September security breach that exposed customers' firewall configuration backup files concludes that state-sponsored hackers were behind the attack. [...]

UK carriers to block spoofed phone numbers in fraud crackdown

Under a new partnership with the government aimed at combating fraud, Britain's largest mobile carriers have committed to upgrading their networks to eliminate scammers' ability to spoof phone numbers within a year. [...]

University of Pennsylvania confirms data stolen in cyberattack

The University of Pennsylvania has confirmed that a hacker breached numerous internal systems related to the university's development and alumni activities and stole data in a cyberattack. [...]

Cyber theory vs practice: Are you navigating with faulty instruments?

Security teams rely on dashboards and data feeds, but outdated or fragmented tools leave dangerous blind spots across assets, vulnerabilities, and credentials. Learn how Outpost24's CompassDRP unifies EASM and DRP to reveal what attackers see and what's already exposed. [...]

Google warns of new AI-powered malware families deployed in the wild

Google's Threat Intelligence Group (GTIG) has identified a major shift this year, with adversaries leveraging artificial intelligence to deploy new malware families that integrate large language models (LLMs) during execution. [...]

Police busts credit card fraud rings with 4.3 million victims

International authorities have dismantled three massive credit card fraud and money laundering networks, linked to losses exceeding €300 million ($344 million) and affecting over 4.3 million cardholders across 193 countries. [...]

US sanctions North Korean bankers linked to cybercrime, IT worker fraud

The U.S. Treasury Department imposed sanctions on two North Korean financial institutions and eight individuals involved in laundering cryptocurrency stolen in cybercrime and fraudulent IT worker schemes. [...]

Microsoft: October Windows updates trigger BitLocker recovery

Microsoft has warned that some systems may boot into BitLocker recovery after installing the October 2025 Windows security updates. [...]

Hackers exploit WordPress plugin Post SMTP to hijack admin accounts

Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. [...]

Google now lets you add friends as contacts for account recovery

Google now lets you recover your accounts using your phone number or trusted contacts.

Cyber giant F5 Networks says government hackers had ‘long-term’ access to its systems, stole code and customer data

The company, which provides cybersecurity defenses to most of the Fortune 500, said the DOJ allowed it to delay notifying the public on national security grounds.

A breach every month raises doubts about South Korea’s digital defenses

Known for its blazing fast internet and home to some of the world’s biggest tech giants, South Korea has also faced a string of data breaches and cybersecurity lapses that has struggled to match the pace of its digital ambitions.

Proton releases a new app for two-factor authentication

Proton has a free authenticator app, which is available cross-platform with end-to-end encryption protection for data.

Knox lands $6.5M to compete with Palantir in the federal compliance market

Irina Denisenko, CEO of Knox, launched Knox, a federal managed cloud provider, last year with a mission to help software vendors speed through the FedRAMP security authorization process in just three months, and at a fraction of what it would cost to do it on their own.

Google is adding new device-level features for its Advanced Protection program

At the Android Show, taking place ahead of Google I/O 2025, Google announced that it is adding new device-specific features to its Advanced Protection program, which is designed to protect public figures such as politicians and journalists from different digital threats, with the Android 16 release. The new features include a new way of storing […]

Google announces new security features for Android for protection against scam and theft

At the Android Show on Tuesday, ahead of Google I/O, Google announced new security and privacy features for Android. These new features include new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a […]

A 25-year-old police drone founder just raised $75M led by Index

If you ever call 911 from an area that’s hard to get to, you might hear the buzz of a drone well before a police cruiser pulls up. And there’s a good chance that it will be one made by Brinc Drones, a Seattle-based startup founded by 25-year-old Blake Resnick, who dropped out of college […]

A new security fund opens up to help protect the fediverse

A new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.

How to tell if your online accounts have been hacked

This is a guide on how to check whether someone compromised your online accounts.

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Threat intelligence startup GreyNoise says it has observed a ‘notable resurgence’ in attack activity

US teachers’ union says hackers stole sensitive personal data on over 500,000 members

PSEA says it "took steps to ensure" its stolen data was deleted, suggesting a ransom demand was paid

CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’

Federal court rules U.S. cybersecurity agency must re-hire over 100 former employees

DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts

Affected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning

What PowerSchool won’t say about its data breach affecting millions of students

New details have emerged about PowerSchool's data breach — but here's what PowerSchool still isn't saying.

Hacker accessed PowerSchool’s network months before massive December breach

CrowdStrike says a hacker had access to PowerSchool's internal system as far back as August.

Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations

Unidentified hackers breached NTT Com’s network to steal personal information of employees at thousands of corporate customers

FBI says scammers are targeting US executives with fake BianLian ransom notes

The FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]

UK quietly scrubs encryption advice from government websites

The UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands

Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation

Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape

KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud

KoDDoS is proud to announce its partnership with MSP Global and CloudFest, two key players in the digital technology and cloud services industry. This collaboration marks an important step toward strengthening ties within the global tech ecosystem, bringing together experts, service providers, and decision-makers to address the cloud’s most strategic challenges. Through this partnership, we … Continue reading KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud

The post KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud appeared first on KoDDoS Blog.

Recap of Our Presence at VivaTech 2025

Our Core Expertise: Offshore Hosting & Advanced Cybersecurity At KoDDoS, we’ve built our reputation on two complementary pillars: 🛡️ Robust Cybersecurity Capabilities For over a decade, we’ve been protecting digital infrastructure with cutting-edge security technologies: 🌐 Resilient and Sovereign Offshore Hosting Our global infrastructure is distributed across strategic offshore data centers in: This setup offers … Continue reading Recap of Our Presence at VivaTech 2025

The post Recap of Our Presence at VivaTech 2025 appeared first on KoDDoS Blog.

KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.

Paris, June 2025 – From June 11 to 14, Paris will once again become the global epicenter of technological innovation with the return of VivaTechnology 2025, held at Paris Expo Porte de Versailles. Bringing together major tech companies, disruptive startups, global investors, and public institutions, the event stands out as a pivotal moment for the … Continue reading KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.

The post KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges. appeared first on KoDDoS Blog.

Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

Video games are more than entertainment; they’re a $200 billion global industry. But as gaming grows, so do cyberattacks. Hackers now see games as goldmines for stealing data, extorting companies, and exploiting players. According to Infosecurity Magazine, Akamai’s 2024 report shows that attacks on gaming platforms are rising alarmingly. In 2024 alone, the industry suffered … Continue reading Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

The post Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe appeared first on KoDDoS Blog.

How Social Media Use Can Create Hidden Cybersecurity Risks

Social media is all around us, helping us stay connected, updated, and entertained. But beneath the endless scroll, a darker reality exists. Hidden cybersecurity threats are growing- some obvious, others much harder to spot. The risks are especially alarming for young users. According to the National Institutes of Health, up to 95% of teens aged … Continue reading How Social Media Use Can Create Hidden Cybersecurity Risks

The post How Social Media Use Can Create Hidden Cybersecurity Risks appeared first on KoDDoS Blog.

KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

From April 1st to 3rd, 2025, KoDDoS, a provider of specialized services in DDoS protection and secure offshore hosting, marked its presence at the InCyber Europe Forum, held at the Lille Grand Palais. A true crossroads of cyber innovation and cooperation, the event is the largest cybersecurity event in Europe. A benchmark event on an … Continue reading KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

The post KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem appeared first on KoDDoS Blog.

Looking back at CloudFest 2025: An essential event for the future of the cloud!

CloudFest is one of the world’s largest cloud computing events. Every year, it brings together the industry’s leading players to discuss the latest technological advancements, emerging trends, and market challenges. In 2025, the event once again cemented its leadership status by providing a dynamic platform for professional exchange and cloud innovation. This edition featured captivating … Continue reading Looking back at CloudFest 2025: An essential event for the future of the cloud!

The post Looking back at CloudFest 2025: An essential event for the future of the cloud! appeared first on KoDDoS Blog.

KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

KoDDoS recently strengthened its commitment to the European tech scene by participating in several major events in France. Our team was honored to be invited to key gatherings in the tech industry, highlighting the importance of innovation and cybersecurity in the evolving digital ecosystem. This strategic tour in Paris allowed us to meet top-tier partners, … Continue reading KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

The post KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris. appeared first on KoDDoS Blog.

KoDDos Will be at CyberShow 2025 in Paris!

The post KoDDos Will be at CyberShow 2025 in Paris! appeared first on KoDDoS Blog.

Technological innovation in the heart of Los Angeles at the CES 2025 🚀

🚀 Cutting-Edge Services KoDDoS has established itself as a key player in the field of high-performance hosting. Specializing in anti-DDoS protection, we ensure unmatched service continuity for our clients in the face of growing threats targeting digital infrastructures. We also invest in groundbreaking technologies, including Web3, blockchain, and the Internet of Things (IoT), providing tailored … Continue reading Technological innovation in the heart of Los Angeles at the CES 2025 🚀

The post Technological innovation in the heart of Los Angeles at the CES 2025 🚀 appeared first on KoDDoS Blog.

Continuous PCI DSS Compliance with File Integrity Monitoring

PCI DSS compliance is often seen as a one-off task, that is, you do the audit, implement controls, and then move on. But then there comes the problem - systems aren’t static, meaning that files, scripts, and configurations change constantly, and even small untracked changes can create gaps that lead to non-compliance or security issues. This is where File Integrity Monitoring (FIM) comes in. It tracks critical files, system binaries, scripts, and configs in real time, alerting when anything changes unexpectedly. For PCI DSS, this is exactly what’s required, from preventing unauthorized changes...

Are We Failing to Secure Files? Attackers Aren’t Failing to Check

According to a new Ponemon study, weak file protections now account for several cybersecurity incidents a year for many organizations. Unsafe file-sharing practices, malicious vendor files, weak access controls, and obscured file activity are largely to blame. File Integrity Monitoring (FIM) could be the solution. Are Files Safe in Transit? More Than Half Unsure You know something’s wrong when more people feel better about downloading files from unknown sources than they do about file uploads or transfers. Over 50% were unsure if files sent via email, transferred via third parties, or...

Beyond VDI: Security Patterns for BYOD and Contractors in 2025

Remote work is no longer a contingency – it’s the operating norm. Yet the security posture for that work often leans on virtual desktops as a default, even when the workforce is dominated by bring‑your‑own‑device (BYOD) users and short‑term contractors. Virtual desktop infrastructure (VDI) can centralize risk, but it can also centralize failure, expand the admin plane, and add latency that users will work around. This piece examines when VDI stops being the safest choice and what to use instead. I’ll compare concrete control patterns, such as secure local enclaves, strong identity guardrails...

Vulnerability Management and Patch Management: How They Work Together

Vulnerability management and patch management are often spoken of in the same breath. Yet they are not the same. Each serves a distinct purpose, and knowing the difference is more than a matter of semantics; it’s a matter of security. Confuse them, and gaps appear. Leave those gaps, and attackers will find them. To build a strong defense, you need to see how these two processes fit together. One scans the horizon for weaknesses. The other arms you with fixes. Both are vital, but neither can do the other’s job. Let’s take a closer look at what they mean, how they differ, and how they work in...

Understanding the OWASP AI Maturity Assessment

Today, almost all organizations use AI in some way. But while it creates invaluable opportunities for innovation and efficiency, it also carries serious risks. Mitigating these risks and ensuring responsible AI adoption relies on mature AI models, guided by governance frameworks. The OWASP AI Maturity Assessment Model (AIMA) is one of the most practical. In this article, we’ll explore what it is, how it compares to other frameworks, and how organizations can use it to assess their AI maturity. What is the OWASP AI Maturity Assessment Model? The OWASP AI Maturity Assessment Model is a...

CISOs Concerned of AI Adoption in Business Environments

UK security leaders are making their voices heard. Four in five want DeepSeek under regulation. They see a tool that promises efficiency but risks chaos. Business is already under pressure. Trade disputes drag on. Interest rates remain high. Cyber threats grow. Every move to expand operations adds risk, and risk is harder to measure when AI enters the equation. AI spreads fast. It cuts costs, fills gaps, and automates mundane tasks. But it also opens hidden doors. In the UK, AI is now part of daily work. A KPMG survey showed that while 69% of employees use it, only 42% trust it. Slightly over...

When It Comes to Breaches, Boards Can’t Hide Behind CISOs Any Longer

A trend that has long been on the rise is finally having its day. A recent industry report revealed that 91% of security professionals believe that ultimate accountability for cybersecurity incidents lies with the board itself, not with CISOs or security managers. If the security discussion hadn’t fully made its way into C-suite conversations before, it has now. The Chartered Institute of Information Security (CIISEC)’s new State of the Security Profession survey checks the pulse of the industry where cybersecurity regulation is concerned. It emerges with one clear, overarching sentiment: “the...

Windows 10 Retirement: A Reminder for Managing Legacy Industrial Control Systems (ICS)

On October 14th, Windows 10 will be retired, and Microsoft will no longer push patches or updates to systems on that operating system. It is crucial for companies to make the jump to Windows 11 now—or risk being exposed to critical vulnerabilities. This is especially important for Industrial Control Systems (ICS), which often run on legacy systems. Failing to transition could mean putting components like PLCs (Programmable Logic Controllers), SCADA (Supervisory Control and Data Aquisition) systems, HMIs (Human-Machine Interfaces) and the critical infrastructure they support at risk. What...

ENISA Will Operate the EU Cybersecurity Reserve. What This Means for Managed Security Service Providers

The European Union is building a new line of defense. On 26 August 2025, the European Commission and the EU Agency for Cybersecurity (ENISA) signed a contribution agreement that hands ENISA the keys to the EU Cybersecurity Reserve. The deal comes with funding: €36 million over three years. ENISA's mission is straightforward, if not simple. It will administer, operate, and monitor the bloc’s emergency cyber response capabilities. Juhan Lepassaar, ENISA’s executive director, said: “Being entrusted with such prominent project, puts ENISA in the limelight as a dependable partner to the European...

Why File Integrity Monitoring (FIM) Is a Must for Compliance — And How to Pick the Right Solution

As Fortra’s new File Integrity Monitoring Buyer’s Guide states, “What was once a security control for simple file changes now ensures integrity across organizations’ entire systems.” The landscape has evolved significantly since Fortra’s Tripwire introduced file integrity monitoring (FIM) over twenty years ago. But that’s exactly why the industry is due for a new look at what makes a FIM solution unique in 2025 — and what you should expect your FIM provider to bring to the table. What Is File Integrity Monitoring? File integrity monitoring was originally developed as a way to make sure nobody...

Google Warns of PROMPTFLUX Malware That Uses Gemini API for Self-Rewriting Attacks

Cybersecurity researchers at Google Threat Intelligence Group (GTIG) have identified a significant shift in how threat actors are leveraging artificial intelligence in their operations. The discovery of experimental malware called PROMPTFLUX marks a watershed moment in cyber threats, demonstrating that attackers are no longer using AI merely to boost productivity they are now deploying AI-enabled […]

The post Google Warns of PROMPTFLUX Malware That Uses Gemini API for Self-Rewriting Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hyundai AutoEver Confirms Data Breach Exposing Personal Data, Including SSNs and License Info

Hyundai AutoEver America, LLC has formally confirmed a significant data breach that compromised sensitive customer information. The automotive software provider disclosed the incident through official breach notification letters sent to affected individuals, revealing that attackers gained unauthorized access to names, Social Security numbers, and driver’s license information during a coordinated cyber attack. The unauthorized activity […]

The post Hyundai AutoEver Confirms Data Breach Exposing Personal Data, Including SSNs and License Info appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google Issues Emergency Chrome Update to Fix Critical RCE Flaw

Google has released an emergency security update for Chrome across all platforms, rolling out version 142.0.7444.134 and 142.0.7444.135 to address five critical and medium-severity vulnerabilities. The update addresses urgent security concerns identified in the browser’s WebGPU implementation and other core components that could expose users to remote code execution attacks. The emergency release came on […]

The post Google Issues Emergency Chrome Update to Fix Critical RCE Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Gootloader Returns with a New ZIP File Tactic to Conceal Malicious Payloads

Cybersecurity researchers have discovered a resurgent Gootloader malware campaign employing sophisticated new evasion techniques that exploit ZIP archive manipulation to evade detection and analysis. Credit for uncovering this latest threat goes to security researcher RussianPanda and the team at Huntress, identified the campaign actively targeting victims through compromised websites. Despite previous disruption efforts earlier this […]

The post Gootloader Returns with a New ZIP File Tactic to Conceal Malicious Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

HackedGPT: New Vulnerabilities in GPT Models Allow Attackers to Launch 0-Click Attacks

Cybersecurity researchers at Tenable have uncovered a series of critical vulnerabilities in OpenAI’s ChatGPT that could allow malicious actors to steal private user data and launch attacks without any user interaction. The security flaws affect hundreds of millions of users who interact with large language models daily, raising significant concerns about the safety of AI. […]

The post HackedGPT: New Vulnerabilities in GPT Models Allow Attackers to Launch 0-Click Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Clop Ransomware Group Exploits New 0-Day Vulnerabilities in Active Attacks

The Clop ransomware group continues to pose a significant threat to enterprise organizations worldwide, with recent analysis revealing their exploitation of a critical zero-day vulnerability in Oracle E-Business Suite. Operating since early 2019, Clop has established itself as one of the most prolific and sophisticated ransomware gangs, amassing a victim count exceeding 1,025 organizations and […]

The post Clop Ransomware Group Exploits New 0-Day Vulnerabilities in Active Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Issues Alert: BitLocker Recovery Risk After October 2025 Updates

Microsoft has issued an urgent advisory for Windows users, confirming that a recent set of security updates released after October 14, 2025 may cause certain systems to boot into the BitLocker recovery screen upon restart. The issue, currently under active investigation, has resulted in user reports of unexpected prompts for BitLocker recovery keys following device […]

The post Microsoft Issues Alert: BitLocker Recovery Risk After October 2025 Updates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs

Cybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research. The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat actors who have successfully infiltrated Google’s official app marketplace with hundreds of malicious applications. The company’s ThreatLabz 2025 Mobile, IoT, and OT Threat […]

The post Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Three Infamous Hacker Groups Join Forces as the ‘Scattered LAPSUS$ Hunters

The cybercriminal underground has witnessed a significant consolidation as three of the most notorious threat actors Scattered Spider, ShinyHunters, and LAPSUS$ have formally aligned to create the Scattered LAPSUS$ Hunters (SLH), a federated collective that emerged in early August 2025. This strategic merger represents a departure from traditional standalone operations, presenting a sophisticated threat model […]

The post Three Infamous Hacker Groups Join Forces as the ‘Scattered LAPSUS$ Hunters appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA Issues Alert on Gladinet CentreStack and Triofox Vulnerabilities Under Active Exploitation

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Gladinet CentreStack and Triofox to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild. The flaw, tracked as CVE-2025-11371, exposes sensitive system files to unauthorized external parties, posing a significant risk to organizations relying on these cloud file-sharing platforms. Overview […]

The post CISA Issues Alert on Gladinet CentreStack and Triofox Vulnerabilities Under Active Exploitation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Court reimposes original sentence for Capital One hacker

A federal judge has reimposed a sentence on Paige Thompson, the former Amazon Web Services engineer convicted in the 2019 Capital One data breach that compromised the personal information of more than 100 million people. U.S. District Judge Robert Lasnik sentenced Thompson to time served, plus five years of supervised release with three years of […]

The post Court reimposes original sentence for Capital One hacker appeared first on CyberScoop.

With each cloud outage, calls for government action grow louder

Public interest groups want the feds to investigate the systemic risk from market consolidation, while tech and security experts worry about single points of failure.

The post With each cloud outage, calls for government action grow louder appeared first on CyberScoop.

Congressional leaders want an executive branch strategy on China 6G, tech supply chain

In an exclusive, Rep. Raja Krishnamoorthi, D-Ill., told CyberScoop that policymakers must learn from past mistakes around 5G.

The post Congressional leaders want an executive branch strategy on China 6G, tech supply chain appeared first on CyberScoop.

House GOP leaders seek government probe, restrictions on Chinese-made tech

They cited past cyberattacks from Beijing as evidence of the threats posed by Chinese tech in areas like AI or energy generation.

The post House GOP leaders seek government probe, restrictions on Chinese-made tech appeared first on CyberScoop.

How the F5 breach, CISA job cuts, and a government shutdown are eroding U.S. cyber readiness

By furloughing employees, halting procurement, and delaying guidance, agencies are operating with skeleton crews and depleted morale. For nation-state operators, this expanding attack surface and declining oversight are creating a huge window of opportunity.

The post How the F5 breach, CISA job cuts, and a government shutdown are eroding U.S. cyber readiness appeared first on CyberScoop.

North Korean companies, people sanctioned for money laundering from cybercrime, IT worker schemes

The Treasury Department on Tuesday sanctioned eight people and two companies it accused of laundering money obtained from cybercrime and IT worker schemes to fund North Korean government objectives. According to the department, over the last three years North Korea-linked cybercriminals have stolen over $3 billion, mostly in cryptocurrency. In addition, it said, North Korean […]

The post North Korean companies, people sanctioned for money laundering from cybercrime, IT worker schemes appeared first on CyberScoop.

Apple addresses more than 100 vulnerabilities in security updates for iPhones, Macs and iPads

The tech giant didn’t report active exploitation of any of the patched defects, yet details about potential impacts remain limited.

The post Apple addresses more than 100 vulnerabilities in security updates for iPhones, Macs and iPads appeared first on CyberScoop.

Bugcrowd acquires Mayhem Security to advance AI-powered security testing

Mayhem, which won the 2016 DARPA Cyber Grand Challenge, will have all its employees join Bugcrowd.

The post Bugcrowd acquires Mayhem Security to advance AI-powered security testing appeared first on CyberScoop.

OPM plans to give CyberCorps members more time to find jobs after shutdown ends

The agency discussed the plans amid student concerns that they’ll be on the hook for six-figure tuition costs, with federal cyber job openings sparse.

The post OPM plans to give CyberCorps members more time to find jobs after shutdown ends appeared first on CyberScoop.

Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks

The alleged cybersecurity turncoats attacked at least five U.S. companies while working for their respective employers, officials said.

The post Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks appeared first on CyberScoop.

SonicWall blames state-sponsored hackers for September security breach

Cybersecurity firm SonicWall attributed the September security breach exposing firewall configuration files to state-sponsored hackers. In September, SonicWall urged customers to reset credentials after firewall backup files tied to MySonicWall accounts were exposed. The company announced it had blocked attackers’ access and was working with cybersecurity experts and law enforcement agencies to determine the scope […]

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

U.S. sanctions North Korea bankers and firms accused of laundering cybercrime funds used to finance the country’s nuclear weapons program. The U.S. Government has imposed sanctions on several North Korea bankers, financial institutions, and individuals accused of laundering funds obtained from cybercrime operations. According to the U.S. Treasury Department, these illicit financial activities directly support […]

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

U.S. prosecutors charged three Florida men for using BlackCat ransomware to hack and extort five U.S. companies in 2023. U.S. prosecutors charged Ryan Clifford Goldberg, Kevin Tyler Martin, and another Florida-based accomplice (aka “Co-Conspirator 1”) for using BlackCat ransomware to hack and extort five U.S. companies in 2023. According to Federal prosecutors, the attacks occurred […]

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added XWiki Platform, and Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the […]

Nine arrested in €600M crypto laundering bust across Europe

A coordinated Eurojust-led operation led to nine arrests in Cyprus, Spain, and Germany for laundering €600M in crypto fraud. Authorities in France, Belgium, and Cyprus arrested nine people in a coordinated Eurojust-led operation against a crypto money laundering ring that stole over €600 million. The group ran dozens of fake crypto investment sites that promised […]

Google fixed a critical remote code execution in Android

Google’s November 2025 Android update fixes two flaws in the System component, including a critical remote code execution issue. Google’s November 2025 Android security updates addressed two vulnerabilities impacting the System component. The fixes are included in the 2025-11-01 security patch level, the only patch level released this month by the IT giant. “The most […]

SesameOp: New backdoor exploits OpenAI API for covert C2

Microsoft found a new backdoor, SesameOp, using the OpenAI Assistants API for stealthy command-and-control in hacked systems. Microsoft uncovered a new backdoor, named SesameOp, that abuses the OpenAI Assistants API for command-and-control, allowing covert communication within compromised systems. Microsoft Incident Response – Detection and Response Team (DART) researchers discovered the backdoor in July 2025 while […]

Google Big Sleep found five vulnerabilities in Safari

Google’s AI agent, Big Sleep, helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption. Google’s AI agent Big Sleep helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption if exploited. Big Sleep is an AI agent developed by Google […]

Crooks exploit RMM software to hijack trucking firms and steal cargo

Hackers target trucking firms with RMM tools to steal freight, teaming with organized crime to loot goods, mainly food and beverages. Cybercriminals are targeting trucking and logistics firms with RMM tools (remote monitoring and management software) to steal freight. Active since June 2025, the group works with organized crime to loot goods, mainly food and […]

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

Ukrainian Yuriy Rybtsov, aka MrICQ, a suspected Jabber Zeus developer, was extradited from Italy to the US to face cybercrime charges. Ukrainian national Yuriy Igorevich Rybtsov (41), aka MrICQ, an alleged Jabber Zeus developer, was arrested in Italy, lost his extradition appeal, and has been sent to the US to face cybercrime charges. After a […]

Nearly Three-Quarters of US CISOs Faced Significant Cyber Incident in the Past Six Months, Research Finds

A new research report from Nagomi Security has revealed that, over the past six months, nearly three quarters (73%) of US CISOs have reported a significant cyber incident. The 2025 CISO Pressure Index emphasises how continuous widespread breaches and rising internal strain are reshaping the Chief Information Security Officer (CISO) role. Nagomi’s 2025 CISO Pressure Index […]

The post Nearly Three-Quarters of US CISOs Faced Significant Cyber Incident in the Past Six Months, Research Finds appeared first on IT Security Guru.

New Forescout report finds 65% of connected assets are outside traditional IT visibility

Forescout® Technologies, a global leader in cybersecurity, has announced the launch of eyeSentry, a new cloud-native exposure management solution designed to help enterprises continuously uncover and mitigate hidden risks across IT, Internet of Things (IoT), and Internet of Medical Things (IoMT) environments. As organisations continue to embrace hybrid and cloud infrastructures, traditional vulnerability management methods […]

The post New Forescout report finds 65% of connected assets are outside traditional IT visibility appeared first on IT Security Guru.

APIContext Rolls Out Browser Monitoring to Assess Real-World Website Performance and SEO Outcomes

APIContext, the leader in resilience monitoring, today unveiled its new Browser Monitoring tool, a headless browser capability that lets organisations see exactly how their websites perform in real-world conditions. According to a public presentation by Akamai Technologies, 58% of website traffic is now generated by machines, making it critical to understand how web pages interact […]

The post APIContext Rolls Out Browser Monitoring to Assess Real-World Website Performance and SEO Outcomes appeared first on IT Security Guru.

Zensar and Saviynt forge global alliance to elevate identity governance and privilege management

Zensar Technologies, a leading experience, engineering, and engagement technology solutions company, announced the expansion of its strategic partnership with Saviynt, a global leader in AI-based identity security and governance solutions. This collaboration is aimed at helping organizations manage growing identity and governance-related challenges without adding operational risk. Zensar’s global delivery capabilities are supported by a growing […]

The post Zensar and Saviynt forge global alliance to elevate identity governance and privilege management appeared first on IT Security Guru.

Proton Brings Privacy-Focused AI to the Workplace with Lumo for Business

Proton, the company best known for Proton Mail and Proton VPN, has launched Lumo for Business, a new version of its privacy-first AI assistant designed specifically for teams. The move marks the third major update to Lumo in just three months and signals Proton’s push to bring confidential, end-to-end encrypted AI to the enterprise market. […]

The post Proton Brings Privacy-Focused AI to the Workplace with Lumo for Business appeared first on IT Security Guru.

Why API Security Is Central to AI Governance

APIs are now the action layer of AI that make up your API fabric. Every LLM workflow, agent, and MCP tool call rides on an API. This makes API governance the working heart of AI governance, especially with the arrival of landmark frameworks like the EU AI Act and ISO/IEC 42001. These new regulations turn […]

The post Why API Security Is Central to AI Governance appeared first on IT Security Guru.

UK Organisations Trail Global Peers on Zero Trust Adoption, Research Finds

A new research report by Keeper Security has revealed global insights from security professionals on the state of cybersecurity. The report, entitled Identity, AI and Zero Trust: Cybersecurity Perspectives from Infosecurity Europe, Black Hat USA and it-sa, found that professionals across the UK, the United States and Germany agreed that Artificial Intelligence (AI) is reshaping […]

The post UK Organisations Trail Global Peers on Zero Trust Adoption, Research Finds appeared first on IT Security Guru.

AI Can Transform the Restaurant Industry But Only If It’s Built Securely

AI is transforming how restaurants operate. It’s automating calls, managing orders, handling reservations and even predicting customer demand. But, what lies beneath the surface? Beyond this exciting wave of innovation lies a growing security question that is, how safe is the data fuelling all this progress? In an industry that deals daily with personal details, […]

The post AI Can Transform the Restaurant Industry But Only If It’s Built Securely appeared first on IT Security Guru.

Cross-Border Crypto Payouts in iGaming Security and Compliance

As online gaming platforms expand across jurisdictions, the use of cryptocurrencies for payouts opens new vistas — and new risk corridors. Winnings flowing across borders via digital assets challenge the conventions of banking systems, yet also force operators and regulators to confront security, regulatory, and compliance gaps. The shift from fiat to crypto is more […]

The post Cross-Border Crypto Payouts in iGaming Security and Compliance appeared first on IT Security Guru.

Check Point and NVIDIA Join Forces to Lock Down Enterprise AI Workloads

Check Point has unveiled its new solution, AI Cloud Protect, built in partnership with the NVIDIA Corporation. The offering is designed to deliver end-to-end protection for enterprise AI infrastructure, from model development through to inference, leveraging NVIDIA’s BlueField data processing units and DOCA security framework. Security gaps are emerging, as organisations accelerate AI adoption. According […]

The post Check Point and NVIDIA Join Forces to Lock Down Enterprise AI Workloads appeared first on IT Security Guru.

Tycoon 2FA Phishing Kit Analysis

The Tycoon 2FA phishing kit is a sophisticated Phishing-as-a-Service (PhaaS) platform that emerged in August 2023, designed to bypass two-factor authentication (2FA) and multi-factor authentication (MFA) protections, primarily targeting Microsoft 365 and Gmail accounts. Utilizing an Adversary-in-the-Middle (AiTM) approach, it employs a reverse proxy server to host deceptive phishing pages that mimic legitimate login interfaces, capturing user credentials and session cookies in real-time. According to the Any.run malware trends tracker, Tycoon 2FA leads with over 64,000 reported incidents this year.

From Scripts to Systems: A Comprehensive Look at Tangerine Turkey Operations

Cybereason Security Services issue Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.

In this Threat Analysis report, Cybereason Security Services investigates the flow of a Tangerine Turkey campaign observed in Cybereason EDR. Tangerine Turkey is a threat actor identified as a visual basic script (VBS) worm used to facilitate cryptomining activity.

Cybereason TTP Briefing Q3 2025: LOLBINs and CVE Exploits Dominate

Explore the latest trends, techniques, and procedures (TTPs) our incident response (IR) experts are actively facing with the TTP Briefing Q3 2025, a report built on frontline threat intelligence from our global incident response investigations, enriched by noteworthy detections from our SOC.

Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882

Cybereason is continuing to investigate. Check the Cybereason blog for additional updates.

Last update: Oct 7, 11am EST

Overview and What Cybereason Knows So Far

July 2025, Oracle releases security updates including 309 patches, which included nine that addressed flaws/vulnerabilities in Oracle E-Business Suite (EBS).
July 2025 (end of) through September 2025 (beginning of), Cybereason has assessed based on emerging evidence and ongoing forensic investigations, that CL0P orchestrated an Intrusion Path that allowed for unauthorized access to on-premise, customer-managed Oracle E-Business Suite (EBS) solutions, enumerated accessible and stored data, and conducted data exfiltration.
September 2025 (end of) through October 2025 (beginning of), a widespread orchestrated email extortion campaigns emerged targeting users of on-premise, customer-managed Oracle E-Business Suite (EBS) and requesting contact with CL0P in order to not expose data allegedly exfiltrated.
October 2025 (beginning of), Cybereason is aware of ongoing investigations in which CL0P has provided proof of data. CL0P does not appear to have named new victims associated with this incident as of October 4, 2025.
October 5, 2025, Oracle confirms CVE-2025-61882 in Oracle E-Business Suite (EBS). This vulnerability was remotely exploitable without authentication (i.e., it can be exploited over a network without the need for a username and password). Successful exploitation can lead to remote code execution (RCE).
October 7, 2025, Cybereason confirms earliest evidence of threat actor activity occurred August 9, but is subject to change based on ongoing investigations.

7000+ IRs Later: The 11 Essential Cybersecurity Controls

Cybereason 11 Essential Cybersecurity Controls

Decades in incident response reveal battle-tested cybersecurity controls that minimize attack surface, improve detection and response, reduce incident impact and losses, and build cyber resilience (with compliance mappings for easy implementation).

Behind the Mask of Madgicx Plus: A Chrome Extension Campaign Targeting Meta Advertisers

Cybereason Security Services recently analyzed an investigation into a broader malicious Chrome extension campaign, part of which had been previously documented by DomainTools. While earlier iterations of this campaign involved the impersonation a variety of services, the latest version shifts focus to Meta (Facebook/Instagram) advertisers through a newly crafted lure: “Madgicx Plus,” a fake AI-driven ad optimization platform. Promoted as a tool to streamline campaign management and boost ROI using artificial intelligence, the extension instead delivers potentially malicious functionalities capable of hijacking business sessions, stealing credentials, and compromising Meta Business accounts. Notably, several domains associated with earlier parts of the campaign have been repurposed to promote this new theme, highlighting the operators’ tendency to recycle infrastructure while adapting their social engineering strategy to new targets.

CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities

Cybereason is actively investigating exploitation attempts of these vulnerabilities. Check the Cybereason blog for additional updates.

Key Takeaways

Two zero-day vulnerabilities discovered in on-premise Microsoft SharePoint servers, tracked as CVE‑2025‑53770 and CVE‑2025‑53771.
Affected versions include: Subscription Edition – KB5002768, SharePoint 2019 – KB5002754, SharePoint 2016 – KB5002760.
If exploited, these vulnerabilities could allow for remote code execution (RCE).
Cybereason has observed ongoing active exploitation attempts of these vulnerabilities through our Global SOC monitoring.
With this exploit, we recommend taking an “assume compromised” posture, immediately patching impacted versions, and conducting incident response historical look back.

BlackSuit: A Hybrid Approach with Data Exfiltration and Encryption

Deploying NetSupport RAT via WordPress & ClickFix

In May 2025, Cybereason Global Security Operations Center (GSOC) detected that threat actors have been hosting malicious WordPress websites to deliver malicious versions of the legitimate NetSupport Manager Remote Access Tool (RAT).

Introducing the Cybereason TTP Briefing: Frontline Threat Intelligence Insights

Gain insight into the latest attack trends, techniques, and procedures our Incident Response experts are actively facing with the brand new TTP Briefing, a report built on frontline threat intelligence from our global incident response (IR) investigations, enriched by noteworthy detections from our SOC.

How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Soon�

Posted by Sean @ 12:52 GMT

Our "construction project" is progressing nicely.

A work in progress

And it should resolve this…

Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.

On 18/08/15 At 12:52 PM

Work In Progress

Posted by Sean @ 13:25 GMT

Regular readers will have noticed it's been slow here of late.

Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.

On 13/08/15 At 01:25 PM

"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT

Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:

iOS 9 Public Beta 2, Install

And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.

iOS 9 Public, Safari Block Alerts

We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.

On 23/07/15 At 09:53 AM

Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.

seaduke_crossplatform (39k image)
An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.

bastion_z (12k image)
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.

onedrive_z (7k image)
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".

decoy_ndi_small (63k image)
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.

decoy_fax (72k image)
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP

On 22/07/15 At 11:59 AM

'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT

VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.

The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.

On 20/07/15 At 12:40 PM

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:

iosclean.com

Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:

Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.

error1014.com

The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)

On 17/07/15 At 10:15 AM

Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.

overall_stats (11k image)

Here are the stats for each exploit kit:

ek_stats (27k image)

The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:

weekend_wave_stats (22k image)

Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:

angler_vs_hanjuan_urlpattern (9k image)

We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:

anglerek_ht0d_3 (26k image)

HanJuan Flash Exploit:

hanjuanek_ht0d_3 (23k image)

There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.

On 13/07/15 At 12:29 PM

The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT

When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):

hacking_team_client_list (86k image)

Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:

hacking_team_hack_1 (95k image)

hacking_team_hack_2 (72k image)

Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.

Post by – Su Gim

On 08/07/15 At 02:31 AM

Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT

The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.

Wassenaar Arrangement definitions
(Source)

So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.

On 09/06/15 At 01:25 PM

Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT

I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.

_WalkinWiFi

Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean

On 08/06/15 At 01:27 PM

SMS Exploit Messages

Posted by Sean @ 13:56 GMT

There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.

S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:

Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:

Effective Power Unicode iOS hack vs Twitter

On 28/05/15 At 01:56 PM

Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT

In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:

crypt_email (104k image)

When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:

crypt_email_redirect_italy (187k image)

So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:

crypt_email_mal_italy (302k image)

Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:

crypt_email_redirect_spain (74k image)

If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:

crypt_email_target_spain (57k image)

And then to the malware itself:

crypt_email_mal_spain (313k image)

This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor

On 19/05/15 At 03:17 AM

Mac Hack Demonstration

Posted by Sean @ 12:46 GMT

Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.

Don't worry, it's an authorized hack, she asked her mom for permission.

On 15/05/15 At 12:46 PM

Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries. As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

Digital Warfare and the New Geopolitical Frontline

This article follows our recent article on the source of cybercrime attacks – read it here – we’re now exploring the global, commercial, and political dimensions of digital warfare. Key takeaways $100 billion in global cyber damages annually – equivalent to the GDP of a mid-sized nation. $400 million in business impact from a single […]

The post Digital Warfare and the New Geopolitical Frontline appeared first on Heimdal Security Blog.

Nearly 40% of 2024 Ransomware Payouts May Have Gone to Russia, China & North Korea

Ransomware victims paid an estimated $813 million in 2024. Nearly 40 percent of that may have gone to actors in Russia, China and North Korea, according to new analysis from cybersecurity firm Heimdal. Heimdal used recent telemetry, infrastructure tracing and ownership mapping to assess how ransomware revenue is likely distributed. The $813 million figure comes […]

The post Nearly 40% of 2024 Ransomware Payouts May Have Gone to Russia, China & North Korea appeared first on Heimdal Security Blog.

What is Managed ITDR? Key Definitions, Features, and Benefits

Key takeaways: MITDR explained: Managed ITDR combines identity threat detection with expert-led response. Why it matters: Get better protection and lower costs without building a full in-house team. What to look for: Prioritize behavioral monitoring, real-time response, and expert oversight You’ve got the ITDR solution. That’s a good step towards effective account and identity-based threat […]

The post What is Managed ITDR? Key Definitions, Features, and Benefits appeared first on Heimdal Security Blog.

Retail cybersecurity statistics for 2025

Cyber attacks against retail businesses have made headlines in 2025. Read this retail cybersecurity statistics rundown to understand more. For cyber criminals, the retail sector makes for a very attractive target. Retail businesses hold vast troves of valuable customer details, payment information and inventory data. What is more, any disruption caused by cyber crime is […]

The post Retail cybersecurity statistics for 2025 appeared first on Heimdal Security Blog.

Cyber Insurance Statistics for 2025

More and more businesses are taking out cyber insurance in 2025. Read our statistics rundown to understand why. Investing in cyber insurance is a smart move. In case of a cyber attack, it can reduce the financial burden of a breach and give businesses (and individuals) peace of mind. Advanced cybersecurity software should always be […]

The post Cyber Insurance Statistics for 2025 appeared first on Heimdal Security Blog.

Is Your Tech Stack Killing Profitability? The Silent Bug Crippling MSP Growth

Many MSPs want to grow, but internal complexity often holds them back. In this guest article, Portland, a Heimdal partner, breaks down how fragmented systems and unclear value messaging can quietly erode profits, compliance, and trust – and how to fix it. The “system bug” holding MSPs back “Stop talking about technology. Start talking about […]

The post Is Your Tech Stack Killing Profitability? The Silent Bug Crippling MSP Growth appeared first on Heimdal Security Blog.

Cybersecurity Has a Motivation Problem

I’ve worked in cybersecurity long enough to see that our biggest challenge isn’t a technical one, it’s motivational. We can build the strongest firewalls, design the smartest detection systems, and run endless awareness campaigns, but none of it matters if people don’t want to care. That’s the uncomfortable truth; cyber security has a motivation problem. […]

The post Cybersecurity Has a Motivation Problem appeared first on Heimdal Security Blog.

Agent Fatigue Is Real and Your Security Stack Is to Blame

Your senior analyst stares at alert number 47. It’s not even lunch. Another “suspicious login detected.” They switch to the third dashboard of the morning, cross-reference the user activity, and confirm what they already knew. Bob from accounting is working late again. Meanwhile, three dashboards over, actual lateral movement is happening on a client’s network. […]

The post Agent Fatigue Is Real and Your Security Stack Is to Blame appeared first on Heimdal Security Blog.

Heimdal 5.0.0 RC: RDP Protection, Ransomware Detection, and OS Deployment

Version 5.0.0 adds three major features for MSPs. a module that controls RDP access an improved ransomware detection engine a simpler way to deploy Windows over the network. Remote Access Protection (RAP): Block Unauthorized RDP Attempts RDP brute-force attacks remain a top breach vector, so we built a new module that monitors and filters Remote […]

The post Heimdal 5.0.0 RC: RDP Protection, Ransomware Detection, and OS Deployment appeared first on Heimdal Security Blog.

Where Ransomware Profits Go and How to Cut Them Off

Researched and written by Heimdal founder Morten Kjaersgaard, this article exposes how even limited cooperation between registry bodies and law enforcement could cripple ransomware networks and raise the cost for cybercriminals. This article serves as a wake-up call. Even limited cooperation between registry bodies and law enforcement could cripple ransomware networks and raise the cost […]

The post Where Ransomware Profits Go and How to Cut Them Off appeared first on Heimdal Security Blog.

ITDR vs EDR: What are the Key Differences?

Key takeaways: What are the main differences between ITDR, EDR, and other security solutions? How does ITDR provide effective protection against identity-based threats? How to effectively detect and respond to attacks. If there’s one thing the cybersecurity community loves, it’s an acronym. To some extent, this has been the case since the earliest days of cybersecurity. […]

The post ITDR vs EDR: What are the Key Differences? appeared first on Heimdal Security Blog.

What Is Identity Threat Detection and Response?

Key insights: What is identity threat detection and response (ITDR)? What are the differences and similarities between ITDR and EDR? What are the alternatives to ITDR? Identity Threat Detection and Response (ITDR) is a comparatively new term in the cybersecurity scene. It was first coined by Gartner in 2022 and has since become a cornerstone […]

The post What Is Identity Threat Detection and Response? appeared first on Heimdal Security Blog.

Small Business Cybersecurity Statistics in 2025

Small businesses are a big target for cyber criminals. Read our small business statistics rundown to get a true picture of how the sector is being affected in 2025. Until relatively recently, cybercrime wasn’t perceived as a major risk for small businesses. Hackers traditionally focused on larger companies or government bodies with more money and […]

The post Small Business Cybersecurity Statistics in 2025 appeared first on Heimdal Security Blog.

Follow the Money Blueprint For MSP Success (With Dave Sobel)

“If I was starting an MSP today, I am not sure I would start an MSP.” Now that’s a way to grab your attention when opening a podcast. Coming from Dave Sobel, someone who’s been an MSP owner, vendor executive, and now runs The Business of Tech podcast – that’s not a throwaway comment. Dave […]

The post Follow the Money Blueprint For MSP Success (With Dave Sobel) appeared first on Heimdal Security Blog.

Digital doppelgängers: How sophisticated impersonation scams target content creators and audiences

Content creation is no longer niche. Over 50 million Americans earn income by making videos, livestreams, podcasts, or other digital media. Many are full-time creators, while others pursue it as a side hustle. Either way, having an online presence is becoming increasingly risky. Scammers are catching on. In 2024 alone, the Federal Trade Commission’s logged […]

The post Digital doppelgängers: How sophisticated impersonation scams target content creators and audiences appeared first on Heimdal Security Blog.

Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary], (Wed, Nov 5th)

[This is a Guest Diary by David Hammond, an ISC intern as part of the SANS.edu BACS program]

ISC Stormcast For Thursday, November 6th, 2025 https://isc.sans.edu/podcastdetail/9688, (Thu, Nov 6th)

No summary available.

Updates to Domainname API, (Wed, Nov 5th)

For several years, we have offered a "new domain" list of recently registered (or, more accurately, recently discovered) domains. This list is offered via our API (https://isc.sans.edu/api). However, the size of the list has been causing issues, resulting in a "cut-off" list being returned. To resolve this issue, I updated the API call. It is sort of backward compatible, but it will not allow you to retrieve the full list. Additionally, we offer a simple "static file" containing the complete list. This file should be used whenever possible instead of the API.

ISC Stormcast For Wednesday, November 5th, 2025 https://isc.sans.edu/podcastdetail/9686, (Wed, Nov 5th)

No summary available.

Apple Patches Everything, Again, (Tue, Nov 4th)

Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating systems. None of the vulnerabilities is marked as already exploited. Apple only offers very sparse vulnerability descriptions. Here are some vulnerabilities that may be worth watching:

ISC Stormcast For Tuesday, November 4th, 2025 https://isc.sans.edu/podcastdetail/9684, (Tue, Nov 4th)

No summary available.

XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers, (Mon, Nov 3rd)

XWiki describes itself as "The Advanced Open-Source Enterprise Wiki" and considers itself an alternative to Confluence and MediaWiki. In February, XWiki released an advisory (and patch) for an arbitrary remote code execution vulnerability. Affected was the SolrSearch component, which any user, even with minimal "Guest" privileges, can use. The advisory included PoC code, so it is a bit odd that it took so long for the vulnerability to be widely exploited.

ISC Stormcast For Monday, November 3rd, 2025 https://isc.sans.edu/podcastdetail/9682, (Mon, Nov 3rd)

No summary available.

Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287, (Sun, Nov 2nd)

Sensors reporting firewall logs detected a significant increase in scans for port 8530/TCP and 8531/TCP over the course of last week. Some of these reports originate from Shadowserver, and likely other researchers, but there are also some that do not correspond to known research-related IP addresses.

ISC Stormcast For Friday, October 31st, 2025 https://isc.sans.edu/podcastdetail/9680, (Fri, Oct 31st)

No summary available.

New Study Warns of AI-Driven Extortion Attacks

A study from Malwarebytes has found that one in three mobile users has been targeted by an extortion scam, and one in five of these users has fallen victim. Additionally, one in six users has been targeted by sextortion, with a higher number of these attacks (38%) affecting Gen Z users.

Human Error is Still a Top Contributor to Cyberattacks

Human error remains the primary exploitation vector in mobile security incidents, according to Verizon’s latest Mobile Security Index (MSI).

The Rapid Advancement of Malicious AI Is Changing Cyberdefense Forevermore

AI maturation is leading to more malicious hacking attacks.

CyberheistNews Vol 15 #44 [Mystery] Tough One: Is It or Is It Not an HP Scam?

Report: AI Poisoning Attacks Are Easier Than Previously Thought

Attackers can more easily introduce malicious data into AI models than previously thought, according to a new study from Antropic.

Poisoned AI models can produce malicious outputs, leading to follow-on attacks. For example, attackers can train an AI model to provide links to phishing sites or plant backdoors in AI-generated code.

UN Convention Against Cybercrime Is a Huge Win!

One of the biggest reasons why cybercrime is so bad — and is increasing each year —is that so much of it is committed by foreign nationals who are not physically located in the country they are attacking.

When a “Contact Us” Form Becomes “Contact a Cybercriminal”

Lead Analysts: Lucy Gee and James Dyer

Cybercriminals want their payday. Unfortunately for the targets of phishing (and the organizations they work for) that means they’re constantly refining their tactics to create more sophisticated attacks that are harder to detect – by both email security products and people.

Report: Organizations Are Struggling to Keep Up With AI-Powered Attacks

76% of organizations are struggling to keep up with the sophistication of AI-powered attacks, according to CrowdStrike’s latest State of Ransomware Survey.

Insider Risk, Ethical Walls and the Future of Data Governance in Financial Services

In the complex ecosystem of financial services, some of the greatest threats come from within. While cybersecurity for financial institutions often focuses on external threat actors, the reality is that insider risks—whether intentional or accidental—pose an equally dangerous challenge to regulatory compliance and organizational integrity.

The Human-AI Partnership: Securing the New Dual-Front of Business Risk

The integration of artificial intelligence into the modern workplace represents a paradigm shift in productivity and innovation.

News alert: Insider risk report finds behavioral blind spots leave most orgs exposed, confidence low

BALTIMORE, Nov. 4, 2025, CyberNewswire — he new 2025 Insider Risk Report, produced by Cybersecurity Insiders in collaboration with Cogility, highlights that nearly all security leaders (93%) say insider threats are as difficult or harder to detect than … (more…)

The post News alert: Insider risk report finds behavioral blind spots leave most orgs exposed, confidence low first appeared on The Last Watchdog.

MY TAKE: From AOL-Time Warner to OpenAI-Amazon — is the next tech bubble already inflating?

Anyone remember the dot-com bubble burst? The early warning came in January 2000, when AOL and Time Warner joined forces in a $164 billion deal — the largest merger in U.S. history at the time.

Related: Reuters’ backstory on Amazon … (more…)

The post MY TAKE: From AOL-Time Warner to OpenAI-Amazon — is the next tech bubble already inflating? first appeared on The Last Watchdog.

MY TAKE: Microsoft pitches an AI ‘protopian’ future — while civic groups pedal to stay upright

SEATTLE — At a well-meaning civic forum hosted inside a south Seattle community space yesterday (Oct. 30,) Microsoft’s Lorraine Bardeen coined a new term: protopian.

Related: The workflow cadences of GenAI

She said it three times, as if underlining … (more…)

The post MY TAKE: Microsoft pitches an AI ‘protopian’ future — while civic groups pedal to stay upright first appeared on The Last Watchdog.

News alert: Aembit extends Workload IAM to close the access-control gap in enterprise AI deployments

SILVER SPRING, Md., Oct. 30, 2025, CyberNewswire — Aembit today announced the launch of Aembit Identity and Access Management (IAM) for Agentic AI, a set of capabilities that help organizations safely provide and enforce access policies for AI agents as … (more…)

The post News alert: Aembit extends Workload IAM to close the access-control gap in enterprise AI deployments first appeared on The Last Watchdog.

MY TAKE: What a cystoscopy taught me about the changing face of patient care — and trusting AI

The other day, I found myself flat on my back in a urologist’s exam room, eyes fixed on the ceiling tiles as a cystoscope made its slow, deliberate circuit.

Dr. Mitchell narrated … (more…)

The post MY TAKE: What a cystoscopy taught me about the changing face of patient care — and trusting AI first appeared on The Last Watchdog.

MY TAKE: Have you noticed how your phone’s AI assistant is starting to remap what you trust?

This morning, I tried to power down my Samsung S23 smartphone.

I long-pressed the side key expecting the usual “Power off / Restart” menu. Instead, a small Gemini prompt window appeared towards … (more…)

The post MY TAKE: Have you noticed how your phone’s AI assistant is starting to remap what you trust? first appeared on The Last Watchdog.

News alert: Arsen rolls out ‘Smishing Simulation’ to strengthen defenses against mobile phishing threats

PARIS, Oct. 24, 2025, CyberNewswire — Arsen, the cybersecurity company dedicated to helping organizations defend against social engineering, today introduced its new Smishing Simulation module: a feature designed to let companies run realistic, large-scale SMS phishing simulations across their … (more…)

The post News alert: Arsen rolls out ‘Smishing Simulation’ to strengthen defenses against mobile phishing threats first appeared on The Last Watchdog.

News Alert: SquareX reveals new browser threat — AI sidebars cloned to exploit user trust

PALO ALTO, Calif., Oct. 23, 2025, CyberNewswire: SquareX released critical research exposing a new class of attack targeting AI browsers.

The AI Sidebar Spoofing attack leverages malicious browser extensions to impersonate trusted AI sidebar interfaces, which is used to trick … (more…)

The post News Alert: SquareX reveals new browser threat — AI sidebars cloned to exploit user trust first appeared on The Last Watchdog.

MY TAKE: Sam Altman is wielding OpenAI to usurp the browser, seize the user interface crown

Something quietly consequential just happened in Silicon Valley.

At OpenAI’s first-ever developer conference, CEO Sam Altman showcased a new capability inside ChatGPT: the ability to interact directly with apps — no browser, no … (more…)

The post MY TAKE: Sam Altman is wielding OpenAI to usurp the browser, seize the user interface crown first appeared on The Last Watchdog.

News Alert: Sendmarc taps veteran email security leader Dan Levinson to expand U.S. footprint

WILMINGTON, Del., Oct. 21, 2025, CyberNewswire — Sendmarc has announced the appointment of Dan Levinson as Customer Success Director – North America, furthering the company’s regional expansion and commitment to providing expert, locally aligned support to organizations across the continent.… (more…)

The post News Alert: Sendmarc taps veteran email security leader Dan Levinson to expand U.S. footprint first appeared on The Last Watchdog.

Should you let Chrome store your driver’s license and passport?

Chrome’s enhanced autofill makes storing your passport and ID easy—but convenience like this can come at a high cost.

Apple patches 50 security flaws—update now

Apple has patched nearly 50 security flaws across iPhones, Macs, Safari and more. Some could expose your data or let hackers in, so don’t wait to update.

“Sneaky” new Android malware takes over your phone, hiding in fake news and ID apps

Think you’re just checking the news? A particularly sneaky Android Trojan has other plans—like stealing your banking details.

Sling TV turned privacy into a game you weren’t meant to win

California has fined Sling TV for misleading privacy controls that made opting out nearly impossible. Even children’s data ended up in ad targeting.

Attack of the clones: Fake ChatGPT apps are everywhere

App stores are overflowing with AI lookalikes—some harmless copies, others hiding adware or even spyware.

Would you sext ChatGPT? (Lock and Code S06E22)

This week on the Lock and Code podcast, we speak with Deb Donig about OpenAI's stated desire to release "erotica" on ChatGPT.

Malwarebytes aces PCMag Readers’ Choice Awards and AVLab Cybersecurity Foundation tests

Malwarebytes earned three PCMag wins and achieved 100% protection in AVLab Cybersecurity Foundation’s latest malware test.

A week in security (October 27 – November 2)

A list of topics we covered in the week of October 27 to November 2 of 2025

Update Chrome now: 20 security fixes just landed

Google’s latest Chrome release fixes seven serious flaws that could let attackers run malicious code just by luring you to a compromised page.

How scammers use your data to create personalized tricks that work

Attackers don’t need to hack you to find you. They just piece together what’s already public.

Ransomware gang claims Conduent breach: what you should watch for next [updated]

You could be one of more than 10 million people caught up in its recent data breach. Here's what to watch out for.

Fake PayPal invoice from Geek Squad is a tech support scam

Tina Pal wants a word about your PayPal account—but it's a scam. Here’s how to spot the red flags and what to do if you’ve already called.

Atlas browser’s Omnibox opens up new privacy and security risks

By blending search and chat in one field, OpenAI’s Atlas has made browsing more convenient—and more dangerous.

Gmail breach panic? It’s a misunderstanding, not a hack

No, Gmail wasn’t hacked. But a flood of old stolen credentials on the dark web sparked headlines suggesting otherwise. Here’s what really happened.

School’s AI system mistakes a bag of chips for a gun

“I don’t think a chip bag should be mistaken for a gun,” said the student, as eight police cars showed up to take down him and his Doritos.

Around 70 countries sign new UN Cybercrime Convention—but not everyone’s on board

A global deal to fight cybercrime sounds sensible—but critics warn it could expand surveillance and criminalize researchers.

NSFW ChatGPT? OpenAI plans “grown-up mode” for verified adults

ChatGPT is about to get a whole lot more human. OpenAI will roll out a version that can flirt, joke, and even get steamy—with age checks in place.

How to set up two factor authentication (2FA) on your Instagram account

Step-by-step instructions on how to enable 2FA on your Instagram account—for Android, iOS, and on the web.

Phishing scam uses fake death notices to trick LastPass users

LastPass is warning that phishers are exploiting the digital will feature to trick people into handing over their master passwords.

A week in security (October 20 – October 26)

A list of topics we covered in the week of October 20 to October 26 of 2025

How DORA fits with ISO 27001, NIS2 and the GDPR

Although DORA (the EU Digital Operational Resilience Act) has been in effect since January 2025, organisations that supply the EU’s financial services sector are under growing pressure to demonstrate compliance with its requirements. For most, this isn’t about starting from scratch but about mapping what’s already in place, identifying where DORA goes further and then expanding on current practices. After all, DORA builds on – not replaces – established frameworks, standards and other compliance regimes such as ISO 27001, NIS2 (the Network and Information Security Directive 2) and the GDPR (General Data Protection Regulation). It formalises ICT risk governance for

The post How DORA fits with ISO 27001, NIS2 and the GDPR appeared first on IT Governance Blog.

CISM Exam Tips from a Consultant: Five Insider Insights to Help You Pass

The CISM® (Certified Information Security Manager) exam is one of the toughest in the field – according to most providers, pass rates are around 60–65% (ISACA doesn’t publish official figures). Even experienced professionals find it demanding, something our consultants know first-hand. Soji Ogunjobi is a cyber security specialist and instructor, with nearly two decades of experience as a cyber security professional and IT auditor. He also has an MSc in Information Technology, Computer and Information Systems, as well as CISM, CISSP, CISA, CCSP and various other cyber security qualifications. Below are five practical CISM exam tips drawn directly from his

The post CISM Exam Tips from a Consultant: Five Insider Insights to Help You Pass appeared first on IT Governance Blog.

How To Comply with ISO 27001’s New Cloud Services Control

The 2022 update to ISO 27001 introduced a new control for the use of Cloud services. It outlines the policies and procedures that are required when acquiring, using, managing or exiting Cloud services. Adding this control was an obvious and necessary step given just how many organisations use Cloud services as part of their core business activities. An estimated 96% of all organisations use at least one Internet-based IT resource, such as Amazon Web Services or Microsoft Azure. Whenever an organisation implements a new resource on which sensitive data is stored or upon which key business activities rely, it must

The post How To Comply with ISO 27001’s New Cloud Services Control appeared first on IT Governance Blog.

What DORA Means for ICT Suppliers: MSPs, SaaS and Cloud in Scope

If you provide ICT (information and communication technology) services to financial institutions in the EU – whether managed services, SaaS (software as a service), Cloud facilities, payment infrastructure, or other tools and platforms – then DORA (the EU Digital Operational Resilience Act) affects you. What does DORA do? DORA creates a single, EU-wide framework for ICT risk management, incident reporting, resilience testing, third-party risk and information sharing for financial services companies. It also establishes a supervisory regime for their third-party ICT providers. For suppliers, two points are therefore important: What it means in practice You will likely see DORA in RFPs

The post What DORA Means for ICT Suppliers: MSPs, SaaS and Cloud in Scope appeared first on IT Governance Blog.

Cyber Security Must Be a Board Priority – And It Starts With Cyber Essentials

Senior ministers and national security officials have called on boards to take urgent action to strengthen their organisations’ cyber resilience. The Chancellor of the Exchequer, the Secretaries of State for Science, Innovation and Technology and for Business and Trade, the Minister for Security, the Chief Executive of the NCSC (National Cyber Security Centre) and the Director General of the NCA (National Crime Agency) have co-signed an open letter to FTSE 350 companies and other large UK organisations, warning that hostile cyber activity in the UK is “growing more intense, frequent and sophisticated”, posing “a direct and active threat to our

The post Cyber Security Must Be a Board Priority – And It Starts With Cyber Essentials appeared first on IT Governance Blog.

Top 5 Skills Every ISO 27001 Internal Auditor Needs

Internal audits are essential to ISO 27001 compliance, as mandated by Clause 9.2 – but what does it actually take to be an effective internal auditor? Many professionals know the Standard from a theoretical point of view but are less confident about audit practicalities such as interviewing staff, sampling evidence, writing findings and presenting results without friction. This blog post breaks down five practical skills every internal auditor needs and how training helps build them, turning theory into repeatable practice. Skill 1 – Evidence gathering The auditor’s role is to test whether the ISMS operates as described and achieves its

The post Top 5 Skills Every ISO 27001 Internal Auditor Needs appeared first on IT Governance Blog.

AWS Outage: A Supply-Chain Security Lesson

It sometimes seems that each new supply-chain security breach we see in the news affects more organisations than the last one. This isn’t particularly surprising when the same few tech companies support almost everything else. So, when it comes to AWS (Amazon Web Services) – the world’s largest Cloud provider, which is relied on by something like a third of the Internet – an outage like Monday’s really does demonstrate the problem of concentrating so much Internet infrastructure in one place. What happened and why it matters It might not have been a cyber attack but it still counts as

The post AWS Outage: A Supply-Chain Security Lesson appeared first on IT Governance Blog.

Global Encryption Day: Why Encryption Is a Core Requirement

Today, 21 October, is Global Encryption Day. Led by the Global Encryption Coalition, the campaign’s message is simple: “In uncertain times, encryption keeps us safe.” For organisations, it’s also a timely reminder that encryption isn’t optional, but a core control embedded in almost every major security and privacy framework and law – from the PCI DSS (Payment Card Industry Data Security Standard) and ISO 27001 to the GDPR (General Data Protection Regulation). This blog post explains why encryption is essential and how to strengthen your organisation’s approach. The risks of unencrypted data Data breaches remain one of the most damaging

The post Global Encryption Day: Why Encryption Is a Core Requirement appeared first on IT Governance Blog.

Why You Need Cyber Resilience and Defence in Depth

And how to become resilient with ISO 27001 and ISO 22301 Cyber resilience combines cyber security with the ability to detect, respond to and recover from cyber incidents. This goes hand in hand with defence in depth, a dynamic approach that has multiple security measures working together, so if one layer fails, another will still prevent an attacker from succeeding. Our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explains. In this interview Cyber incidents are a matter of ‘when, not if’ What mindset should organisations adopt when addressing information security risks? Key is to focus on when,

The post Why You Need Cyber Resilience and Defence in Depth appeared first on IT Governance Blog.

ISO 27001:2022 Clause 6 – What’s Changed and What You Need to Do About It

All ISO 27001:2013 certificates expire at the end of this month. For organisations that are yet to update their ISMS (information security management system) to align with the 2022 iteration of the Standard, there are inevitably certain areas that demand their attention more than others. One of these is the new Clause 6. What’s changed in Clause 6? ISO 27001:2013 emphasised: Related to this, Clause 8 dealt with planning, implementing and controlling processes to implement the actions and achieve the objectives determined by Clause 6. ISO 27001:2022 introduces updates in this area: These may look like relatively minor changes, but

The post ISO 27001:2022 Clause 6 – What’s Changed and What You Need to Do About It appeared first on IT Governance Blog.

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Kaspersky GReAT experts dive deep into the BlueNoroff APT's GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.

Mem3nt0 mori – The Hacking Team is back!

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

Deep analysis of the flaw in BetterBank reward logic

Kaspersky experts break down the recent BetterBank incident involving ESTEEM token bonus minting due to the lack of liquidity pool validation.

The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques

Common email phishing tactics in 2025 include PDF attachments with QR codes, password-protected PDF documents, calendar phishing, and advanced websites that validate email addresses.

PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations

Kaspersky GReAT experts break down a recent PassiveNeuron campaign that targets servers worldwide with custom Neursite and NeuralExecutor APT implants and Cobalt Strike.

Post-exploitation framework now also delivered via npm

The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims' devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS.

SEO spam and hidden links: how to protect your website and your reputation

Are you seeing your website traffic drop, and security systems blocking it for pornographic content that is not there? Hidden links, a type of SEO spam, could be the cause.

Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution

A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It delivered a new Maverick banker, which features code overlaps with Coyote malware.

Mysterious Elephant: a growing threat

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

Signal in the noise: what hashtags reveal about hacktivism in 2025

Kaspersky researchers identified over 2000 unique hashtags across 11,000 hacktivist posts on the surface web and the dark web to find out how hacktivist campaigns function and whom they target.

About This Website

Cybersecurity News

Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach

Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data

Securing the Open Android Ecosystem with Samsung Knox

Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions

U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud

Why SOC Burnout Can Be Avoided: Practical Steps

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces

European Authorities Dismantle €600 Million Crypto Fraud Network in Global Sweep

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed

Ransomware Defense Using the Wazuh Open Source Platform

Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks

Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More

The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations

Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically

Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack

China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats

China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

The MSP Cybersecurity Readiness Guide: Turning Security into Growth

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers

Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do

Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month

Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks

New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

The Death of the Security Checkbox: BAS Is the Power Behind Real Defense

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising

PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices

New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts

Discover Practical AI Tactics for GRC — Join the Free Expert Webinar

Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc

Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack

New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves

New Android Trojan 'Herodotus' Outsmarts Anti-Fraud Systems by Typing Like a Human

Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains

Cloudflare Scrubs Aisuru Botnet from Top Domains List

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody

Aisuru Botnet Shifts from DDoS to Residential Proxies

Canada Fines Cybercrime Friendly Cryptomus $176M

Email Bombs Exploit Lax Authentication in Zendesk

Patch Tuesday, October 2025 ‘End of 10’ Edition

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS

ShinyHunters Wage Broad Corporate Extortion Spree

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

Self-Replicating Worm Hits 180+ Software Packages

Scientists Need a Positive Vision for AI

Cybercriminals Targeting Payroll Sites

AI Summarization Optimization

Friday Squid Blogging: Giant Squid at the Smithsonian

Will AI Strengthen or Undermine Democracy?

What’s the big idea?

The AI-Designed Bioweapon Arms Race

Signal’s Post-Quantum Cryptographic Implementation

Social Engineering People’s Credit Card Details

Louvre Jewel Heist

First Wap: A Surveillance Computer You’ve Never Heard Of

This Windows PC could easily replace my Mac Mini when it comes to local AI performance

Anxious about AI job cuts? How white-collar workers can protect themselves - starting now

Own a Samsung phone? I changed these 7 settings to extend the battery life by hours

My 4-step routine to make any Android phone operate like new again (and reliably)

My search for the ultimate Apple Watch band is over: This one nails form and function

5 Samsung bloatware apps you should delete right now (and never miss)

One critical feature makes these wireless earbuds worthy of your attention