Cybersecurity News

Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams

A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the company's Satori Threat Intelligence and Research Team. The apps have

Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox

The Hidden Weaknesses in AI SOC Tools that No One Talks About

If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterday’s SOC, today's reality is different. Modern security operations teams face a

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected at the beginning of

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges. The vulnerability, tracked as CVE-2025-20309, carries a CVSS score

North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics. "Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,"

That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat

With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting the most important threats to your organization? Breaches at edge devices and VPN gateways have risen from 3% to 22%, according to

Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. "A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD

U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world. The sanctions also extend to its subsidiaries Aeza International Ltd., the U.K. branch of Aeza Group, as well

Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale

Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts. "This observation signals a new evolution in the weaponization of Generative AI by threat actors who have demonstrated an ability to generate a functional phishing site from simple text prompts," Okta

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts. The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4 out of a maximum of 10.0. "This is one

TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader. Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under the moniker TA829. The latter is also known by the

New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. "We discovered that flawed verification checks in Visual Studio Code allow publishers to add functionality

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

Despite years of investment in Zero Trust, SSE, and endpoint protection, many enterprises are still leaving one critical layer exposed: the browser. It’s where 85% of modern work now happens. It’s also where copy/paste actions, unsanctioned GenAI usage, rogue extensions, and personal devices create a risk surface that most security stacks weren’t designed to handle. For security leaders who know

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary

U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms

The U.S. Department of Justice (DoJ) on Monday announced sweeping actions targeting the North Korean information technology (IT) worker scheme, leading to the arrest of one individual and the seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers. The coordinated action saw searches of 21 known or suspected "laptop farms" between June 10 and 17, 2025, across 14 states

Microsoft Removes Password Management from Authenticator App Starting August 2025

Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. Microsoft’s move is part of a much larger shift away from traditional password-based logins. The company said the changes are also meant to streamline autofill within its two-factor authentication (2FA) app, making the experience simpler and more secure.Over the past few years, Microsoft

U.S. Agencies Warn of Rising Iranian Cyber Attacks on Defense, OT Networks, and Critical Infrastructure

U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors. "Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which is expected to escalate due to recent events," the agencies said. "These cyber actors often

Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects

Europol on Monday announced the takedown of a cryptocurrency investment fraud ring that laundered €460 million ($540 million) from more than 5,000 victims across the world. The international effort, codenamed Operation Borrelli was carried out by the Spanish Guardia Civil, along with support from law enforcement authorities from Estonia, France, and the United States. Europol said the

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs, in a report published last week, said it was able to make this connection by pivoting from Proton66-linked digital assets, leading to the discovery of an active threat cluster that leverages Visual Basic Script (VBS) files as its

Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories

Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. Some recent reports estimate that 83% of attacks involve compromised secrets. According to reports such as the Verizon DBIR, attackers are more commonly using stolen

⚡ Weekly Recap: Airline Hacks, Citrix 0-Day, Outlook Malware, Banking Trojans and more

Ever wonder what happens when attackers don’t break the rules—they just follow them better than we do? When systems work exactly as they’re built to, but that “by design” behavior quietly opens the door to risk? This week brings stories that make you stop and rethink what’s truly under control. It’s not always about a broken firewall or missed patch—it’s about the small choices, default settings

FBI Warns of Scattered Spider's Expanding Attacks on Airlines Using Social Engineering

The U.S. Federal Bureau of Investigation (FBI) has revealed that it has observed the notorious cybercrime group Scattered Spider broadening its targeting footprint to strike the airline sector. To that end, the agency said it's actively working with aviation and industry partners to combat the activity and help victims. "These actors rely on social engineering techniques, often impersonating

GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool

The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool. "Recent campaigns in June 2025 demonstrate GIFTEDCROOK's enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and

Facebook’s New AI Tool Asks to Upload Your Photos for Story Ideas, Sparking Privacy Concerns

Facebook, the social network platform owned by Meta, is asking for users to upload pictures from their phones to suggest collages, recaps, and other ideas using artificial intelligence (AI), including those that have not been directly uploaded to the service. According to TechCrunch, which first reported the feature, users are being served a new pop-up message asking for permission to "allow

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard's STRIKE team. "The LapDogs network has a high concentration of victims

PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack

A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians' Convention on Tibet (WPCT), China's education policy in the Tibet Autonomous Region (TAR), and a recently published book by the 14th Dalai Lama,

Business Case for Agentic AI SOC Analysts

Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to the threat actor.

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive data

OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious," Trellix researchers Nico Paulo

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry ("open-vsx[.]org") that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. "This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the defects is

New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even

The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

SaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn’t. These platforms weren’t built with full-scale data

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks

An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. "In some of those campaigns, Israeli technology and cyber security professionals were approached by attackers who posed as fictitious assistants to

Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa

Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking the activity under the moniker CL-CRI-1014, where "CL" refers to "cluster" and "CRI" stands for "criminal motivation." It's suspected

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-54085 (CVSS score: 10.0) - An authentication bypass by spoofing

WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews

Popular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature, called Message Summaries, is currently rolling out in the English language to users in the United States, with plans to bring it to other regions and languages later this year. It "uses Meta AI to

nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications. Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse. First disclosed by

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January

Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games

Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of SQL database dumps, characterizing it as an information operation "carried out by Iran and its proxies." "The actors

Beware the Hidden Risk in Your Entra Environment

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them. All the guest user needs are the permissions to create subscriptions in

SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks

Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. "NetExtender enables remote users to securely connect and run applications on the company network," SonicWall researcher Sravan Ganachari said. "Users can upload and download files, access network drives, and use

North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages

Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the JavaScript

Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options

Microsoft on Tuesday announced that it's extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud. The development comes ahead of the tech giant's upcoming October 14, 2025, deadline, when it plans to officially end support and stop providing security updates for devices running Windows 10. The

New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public

The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S. law. The U.S. Embassy said every visa application review is a "national security decision." "Effective immediately, all individuals applying for an

Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue

Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in order to shut down the mining process, Akamai said in a new report published today. "We developed two techniques by leveraging the mining topologies and pool policies that enable us to reduce a

Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new analysis published last week, said it identified two different kinds of keylogger code written in JavaScript on the Outlook login page - Those that save collected data to a local file

Big Tech’s Mixed Response to U.S. Treasury Sanctions

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.

Senator Chides FBI for Weak Advice on Mobile Security

Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate's most tech-savvy lawmakers says the feds aren't doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known.

Patch Tuesday, June 2025 Edition

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.

Proxy Services Feast on Ukraine’s IP Address Exodus

Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of proxy and anonymity services nested at some of America's largest Internet service providers (ISPs).

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers.

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

Authorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware.

Oops: DanaBot Malware Devs Infected Their Own PCs

The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware.

KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.

Breachforums Boss to Pay $700k in Healthcare Breach

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. "Pompompurin," is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM).

Surveillance Used by a Drug Cartel

Once you build a surveillance system, you can’t control who will use it:

A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice department report.

The incident was disclosed in a justice department inspector general’s audit of the FBI’s efforts to mitigate the effects of “ubiquitous technical surveillance,” a term used to describe the global proliferation of cameras and the thriving trade in vast stores of communications, travel, and location data...

Ubuntu Disables Spectre/Meltdown Protections

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops.

Now, people are rethinking the trade-off. Ubuntu has disabled some protections, resulting in 20% performance boost.

After discussion between Intel and Canonical’s security teams, we are in agreement that Spectre no longer needs to be mitigated for the GPU at the Compute Runtime level. At this point, Spectre has been mitigated in the kernel, and a clear warning from the Compute Runtime build serves as a notification for those running modified kernels without those patches. For these reasons, we feel that Spectre mitigations in Compute Runtime no longer offer enough security impact to justify the current performance tradeoff...

Iranian Blackout Affected Misinformation Campaigns

Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran.

Well, that’s one way to identify fake accounts and misinformation campaigns.

How Cybersecurity Fears Affect Confidence in Voting Systems

American democracy runs on trust, and that trust is cracking.

Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly. Some voters accept election results only when their side wins. The problem isn’t just political polarization—it’s a creeping erosion of trust in the machinery of democracy itself.

Commentators blame ideological tribalism, misinformation campaigns and partisan echo chambers for this crisis of trust. But these explanations miss a critical piece of the puzzle: a growing unease with the digital infrastructure that now underpins nearly every aspect of how Americans vote...

Friday Squid Blogging: What to Do When You Find a Squid “Egg Mop”

Tips on what to do if you find a mop of squid eggs.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.

The Age of Integrity

We need to talk about data integrity.

Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks.

More broadly, integrity refers to ensuring that data is correct and accurate from the point it is collected, through all the ways it is used, modified, transformed, and eventually deleted. Integrity-related incidents include malicious actions, but also inadvertent mistakes...

White House Bans WhatsApp

Reuters is reporting that the White House has banned WhatsApp on all employee devices:

The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.”

TechCrunch has more commentary, but no more information.

What LLMs Know About Their Users

Simon Willison talks about ChatGPT’s new memory dossier feature. In his explanation, he illustrates how much the LLM—and the company—knows about its users. It’s a big quote, but I want you to read it all.

Here’s a prompt you can use to give you a solid idea of what’s in that summary. I first saw this shared by Wyatt Walls.

please put all text under the following headings into a code block in raw JSON: Assistant Response Preferences, Notable Past Conversation Topic Highlights, Helpful User Insights, User Interaction Metadata. Complete and verbatim...

Here’s a Subliminal Channel You Haven’t Considered Before

Scientists can manipulate air bubbles trapped in ice to encode messages.

Largest DDoS Attack to Date

It was a recently unimaginable 7.3 Tbps:

The vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video playback, gaming applications, and DNS lookups. It speeds up communications by not formally establishing a connection before data is transferred. Unlike the more common Transmission Control Protocol, UDP doesn’t wait for a connection between two computers to be established through a handshake and doesn’t check whether data is properly received by the other party. Instead, it immediately sends data from one machine to another...

This Sony Bravia is my pick for best TV for the money - and it hit a new low price for July 4th

The Sony Bravia X90L from 2023 remains one of the top-performing TVs in its class -- and it's available at a new low price ($899) at several retailers during Fourth of July sales.

Why I'm switching to the MacBook Air M4 from my Windows laptop (and you should too at this price)

If you're a Windows user thinking about changing to Apple's ecosystem, the new MacBook Air M4 marks an elegant maturation of the lineup, especially at $150 off with this Prime Day deal.

Best July 4th TV deals 2025: My favorite early sales save you up to $2,500

Top retailers like Best Buy, Amazon, and Walmart are offering great Fourth of July TV discounts and deals that are live now.

This portable battery station powered my home for two weeks - and it's on sale for Prime Day

The Jackery Explorer 2000 Plus is a powerful, solar-ready energy solution built to keep your home running without missing a beat. Get it for up to 50% off with this Amazon Prime Day deal.

Best July 4th laptop deals live now

We've found the five best laptop deals from Dell, Apple, Asus, and more - just in time for the Fourth of July.

I replaced my Ray-Ban Meta with these Amazon smart glasses, and was impressed

The Amazon Echo Frames (3rd Gen) may be the most subtle-looking pair of smart glasses on the market - and they're nearly 60% off ahead of Amazon Prime Day.

My favorite USB-C accessory of all time got a magnetic upgrade - and it's only $8 on sale

I've always valued these easy-to-use accessories - and now, they're more practical than ever. Get one for cheap with this Amazon Prime Day deal.

I'm a phone expert, and these July 4th mobile deals are worth upgrading to

For July 4th, multiple retailers and carriers are offering steep discounts on iPhones, Samsung Galaxy, Google Pixel models, and more. Here are our top picks.

The DeWalt cordless power tool set I recommend to everyone is 42% off for Prime Day

My favorite DeWalt power tool kit is perfect for DIY beginners and tradespeople, and it's currently $110 off on Amazon.

The 70+ best July 4th deals live now: Save on outdoor, tech, home and more

Save big with Fourth of July offers from Amazon, Best Buy, Walmart, and more, ahead of Prime Day next week.

How to switch to a Prime Student membership ahead of Prime Day (and why you should)

With Amazon Prime Day around the corner, now's the perfect time to sign up for - or change your account to - a Prime Student membership. You don't even have to be a student.

Best early Prime Day headphones deals: My 16 favorite sales live now

Prime Day is a few weeks away, but some deals are popping off now. Here are the best headphones, earbuds, and Bluetooth speaker deals so far.

Best Prime Day tablet deals: My 21 favorite sales live now

ZDNET found the best early Prime Day deals on top tablet brands like Apple, Samsung, Lenovo, and more, as well as tablet accessories.

Best early Prime Day phone deals: These 14 sales are worth upgrading to

Prime Day is just a few more days away, but early phone deals from Samsung, Google, Apple, and others are already live for eager shoppers.

Best early Prime Day monitor deals: Over 30 discounts that are live now

Amazon Prime Day kicks off next week, and it brings major discounts on computer monitors. Here are the best monitor deals we've found.

Best early Prime Day smartwatch and fitness tracker deals: My 9 favorite sales live now

Prime Day kicks off in less than a week. Shop these early deals on wearables like smartwatches, smart rings, accessories, and more discounted ahead of Prime Day.

Best early Prime Day Kindle deals: My 10 favorite sales live now

Cross more books off your to-read list with help from a Kindle you can take anywhere. We're tracking major savings on the e-readers ahead of Prime Day.

Best Prime Day Samsung deals: My 25 favorite sales live now

Prime Day is officially a week away, but we've already found discounts on Samsung TVs, smartphones, tablets, watches, and more.

Best Prime Day Apple deals: My 15 favorite sales live now

Amazon Prime Day is less than a week away, and you can already find savings on some of our favorite Apple devices, including iPads, MacBooks, AirPods, and more.

The 18 best Prime Day 2025 deals under $25

Amazon Prime Day is one week away, and ahead of the big sales event, we've found lots of useful tech gadgets and products all under $25.

Undetectable Android Spyware Backfires, Leaks 62,000 User Logins

A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts.

The post Undetectable Android Spyware Backfires, Leaks 62,000 User Logins appeared first on SecurityWeek.

Cisco Warns of Hardcoded Credentials in Enterprise Software

Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root.

The post Cisco Warns of Hardcoded Credentials in Enterprise Software appeared first on SecurityWeek.

North Korean Hackers Use Fake Zoom Updates to Install macOS Malware

SentinelOne says the fake Zoom update scam delivers ‘NimDoor’, a rare Nim-compiled backdoor.

The post North Korean Hackers Use Fake Zoom Updates to Install macOS Malware appeared first on SecurityWeek.

Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response

Ransomware is a major threat to the enterprise. Tools and training help, but survival depends on one thing: your organization’s muscle memory to respond fast and recover stronger.

The post Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response appeared first on SecurityWeek.

US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’

The United States has warned of continued Iranian cyberattacks following American strikes on Iran’s nuclear facilities.

The post US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’ appeared first on SecurityWeek.

Cybersecurity M&A Roundup: 41 Deals Announced in June 2025

Forty-one cybersecurity merger and acquisition (M&A) deals were announced in June 2025.

The post Cybersecurity M&A Roundup: 41 Deals Announced in June 2025 appeared first on SecurityWeek.

Kelly Benefits Data Breach Impacts 550,000 People

As Kelly Benefits’s investigation into a recent data breach progressed, the number of impacted individuals continued to grow.

The post Kelly Benefits Data Breach Impacts 550,000 People appeared first on SecurityWeek.

Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover

A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites.

The post Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover appeared first on SecurityWeek.

CISA Warns of Two Exploited TeleMessage Vulnerabilities

CISA says two more vulnerabilities in the messaging application TeleMessage TM SGNL have been exploited in the wild.

The post CISA Warns of Two Exploited TeleMessage Vulnerabilities appeared first on SecurityWeek.

Cyberattack Targets International Criminal Court

The International Criminal Court (ICC) has detected and contained a sophisticated and targeted cyberattack.

The post Cyberattack Targets International Criminal Court appeared first on SecurityWeek.

Microsoft Windows Firewall complains about Microsoft code

Just ignore the warnings. Nothing to see here. Move along

A mysterious piece of "under development" code is playing havoc with the Windows Firewall after the latest preview update for Windows 11 24H2.…

Young Consulting finds even more folks affected in breach mess – now over 1 million

The insurance SaaS slinger may trade under a different name, but past continues to haunt it

Young Consulting's cybersecurity woes continue after the number of affected individuals from last year's suspected ransomware raid passed the 1 million mark.…

Meta calls €200M EU fine over pay-or-consent ad model 'unlawful'

'Deserves fair compensation for the valuable and innovative services'? Which ones are those then?

Meta has come out swinging following the European Commission's decision that its pay-or-consent model falls foul of the Digital Markets Act (DMA).…

Ransomware crew Hunters International shuts down, hands out keys to victims

Don't let their kind words sway you – leaders are still up to no good

Ransomware gang Hunters International has shut up shop and offered decryption keys to all victims as a parting favor.…

Let's Encrypt rolls out free security certs for IP addresses

You probably don't need one, but it's nice to have the option

Let's Encrypt, a certificate authority (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses.…

ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies

Crims have cottoned on to a new way to lead you astray

AI-powered chatbots often deliver incorrect information when asked to name the address for major companies’ websites, and threat intelligence business Netcraft thinks that creates an opportunity for criminals.…

Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform

The second max score this week for Netzilla - not a good look

If you're running the Engineering-Special (ES) builds of Cisco Unified Communications Manager or its Session Management Edition, you need to apply Cisco's urgent patch after someone at Switchzilla made a big mistake.…

CISA warns the Signal clone used by natsec staffers is being attacked, so patch now

Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors'

The US security watchdog CISA has warned that malicious actors are actively exploiting two flaws in the Signal clone TeleMessage TM SGNL, and has directed federal agencies to patch the flaws or discontinue use of the app by July 22.…

23andMe's new owner says your DNA is safe this time

Nonprofit TTAM assures everything is BAU. Whether that makes customers feel better is another matter

The medical research nonprofit vying to buy 23andMe is informing existing customers that it plans to complete the deal on July 8.…

US imposes sanctions on second Russian bulletproof hosting vehicle this year

Aeza Group accused of assisting data bandits and BianLian ransomware crooks

The US Treasury has sanctioned Aeza Group, a Russian bulletproof hosting (BPH) provider, and four of its cronies for enabling ransomware and other cybercriminal activity.…

Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks

Experts say they don't expect the MOVEit menace to do much about it

Security experts have uncovered a hole in Cl0p's data exfiltration tool that could potentially leave the cybercrime group vulnerable to attack.…

UK eyes new laws as cable sabotage blurs line between war and peace

It might be time to update the Submarine Telegraph Act of 1885

Cyberattacks and undersea cable sabotage are blurring the line between war and peace and exposing holes in UK law, a government minister has warned lawmakers.…

Australian airline Qantas reveals data theft impacting six million customers

Frequent flyers’ info takes flight

Australian airline Qantas on Wednesday revealed it fell victim to a cyberattack that saw information describing six million customers stolen.…

Microsoft admits to Intune forgetfulness

Customizations not saved with security baseline policy update

Microsoft Intune administrators may face a few days of stress after Redmond acknowledged a problem with security baseline customizations.…

International Criminal Court swats away 'sophisticated and targeted' cyberattack

Body stays coy on details but alludes to similarities with 2023 espionage campaign

The International Criminal Court (ICC) says a "sophisticated" cyberattack targeted the institution, the second such incident in two years.…

Terrible tales of opsec oversights: How cybercrooks get themselves caught

The silly mistakes to the flagrant failures

They say that success breeds complacency, and complacency leads to failure. For cybercriminals, taking too many shortcuts when it comes to opsec delivers a little more than that. …

Proton bashes Apple and joins antitrust suit that seeks to throw the App Store wide open

Makes the usual complaints about control and cost, adds argument Apple's practices harm privacy

Secure comms biz Proton has joined a lawsuit that alleges Apple’s anticompetitive ways are harming developers, consumers, and privacy.…

US shuts down a string of North Korean IT worker scams

Resulting in two indictments, one arrest, and 137 laptops seized

The US Department of Justice has announced a major disruption of multiple North Korean fake IT worker scams.…

British IT worker sentenced to seven months after trashing company network

Don't leave the door open to disgruntled workers

A judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police.…

Scattered Spider crime spree takes flight as focus turns to aviation sector

Time ticking for defenders as social engineering pros weave wider web

Just a few weeks after warning about Scattered Spider's tactics shifting toward the insurance industry, the same experts now say the aviation industry is now on the ransomware crew's radar.…

Sinaloa drug cartel hired a cybersnoop to identify and kill FBI informants

Device compromises and deep-seated access to critical infrastructure exposed surveillance vulnerabilities in agency's work

A major Mexican drug cartel insider grassed on his fellow drug-peddlers back in 2018, telling the FBI that a cartel "hacker" was tracking a federal official and using their deep-rooted access to the country's critical infrastructure to kill informants.…

Your browser has ad tech's fingerprints all over it, but there's a clean-up squad in town

Like being hard to spot? They’d much rather you didn’t

Opinion There are few tech deceptions more successful than Chrome's Incognito Mode.…

Canada orders Chinese CCTV biz Hikvision to quit the country ASAP

PLUS: Broadband blimps to fly in Japan; Starbucks China put ads before privacy; and more!

Asia In Brief Canada’s government has ordered Chinese CCTV systems vendor Hikvision to cease its local operations.…

It's 2025 and almost half of you are still paying ransomware operators

PLUS: Crooks target hardware crypto wallets; Bad flaws in Brother printers; ,O365 allows takeover-free phishing; and more

Infosec in Brief Despite warnings not to pay ransomware operators, almost half of those infected by the malware send cash to the crooks who planted it, according to infosec software slinger Sophos.…

Ex-NATO hacker: 'In the cyber world, there's no such thing as a ceasefire'

Watch out for supply chain hacks especially

interview The ceasefire between Iran and Israel may prevent the two countries from firing missiles at each other, but it won't carry any weight in cyberspace, according to former NATO hacker Candan Bolukbas.…

Crims are posing as insurance companies to steal health records and payment info

Taking advantage of the ridiculously complex US healthcare billing system

Criminals masquerading as insurers are tricking patients and healthcare providers into handing over medical records and bank account information via emails and text messages, according to the FBI.…

Cisco punts network-security integration as key for agentic AI

Getting it in might mean re-racking the entire datacenter and rebuilding the network, though

Cisco is talking up the integration of security into network infrastructure such as its latest Catalyst switches, claiming this is vital to AI applications, and in particular the current vogue for "agentic AI."…

Aloha, you’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’

'No impact on safety,' FAA tells The Reg

update Hawaiian Airlines said a "cybersecurity incident" affected some of its IT systems, but noted that flights are operating as scheduled. At least one researcher believes Scattered Spider, which previously targeted retailers and insurance companies, could be to blame.…

So you CAN turn an entire car into a video game controller

Pen Test Partners hijack data from Renault Clio to steer, brake, and accelerate in SuperTuxKart

Cybersecurity nerds figured out a way to make those at-home racing simulators even more realistic by turning an actual car into a game controller.…

Data spill in aisle 5: Grocery giant Ahold Delhaize says 2.2M affected after cyberattack

Finance, health, and national identification details compromised

Multinational grocery and retail megacorp Ahold Delhaize says upwards of 2.2 million people had their data compromised during its November cyberattack with personal, financial and health details among the trove.…

FBI used bitcoin wallet records to peg notorious IntelBroker as UK national

Pro tip: Don't use your personal email account on BreachForums

The notorious data thief known as IntelBroker allegedly broke into computer systems belonging to more than 40 victims worldwide and stole their data, costing them at least $25 million in damages, according to newly unsealed court documents that also name IntelBroker as 25-year-old British national Kai West.…

What if Microsoft just turned you off? Security pro counts the cost of dependency

Czech researcher lays out a business case for reducing reliance on Redmond

Comment A sharply argued blog post warns that heavy reliance on Microsoft poses serious strategic risks for organizations – a viewpoint unlikely to win favor with Redmond or its millions of corporate customers.…

Cisco fixes two critical make-me-root bugs on Identity Services Engine components

A 10.0 and a 9.8 – these aren’t patches to dwell on

Cisco has dropped patches for a pair of critical vulnerabilities that could allow unauthenticated remote attackers to execute code on vulnerable systems.…

Glasgow City Council online services crippled following cyberattack

Nothing confirmed but authority is operating under the assumption that data has been stolen

A cyberattack on Glasgow City Council is causing massive disruption with a slew of its digital services unavailable.…

Qilin ransomware attack on NHS supplier contributed to patient fatality

Pathology outage caused by Synnovis breach linked to harm across dozens of healthcare facilities

The NHS says Qilin's ransomware attack on pathology services provider Synnovis last year led to the death of a patient.…

UK to buy nuclear-capable F-35As that can't be refueled from RAF tankers

Aircraft meant to bolster NATO deterrent will rely on allied support to stay airborne

The UK government is to buy 12 F-35A fighters capable of carrying nuclear weapons as part of the NATO deterrent, but there's a snag: the new jets are incompatible with the RAF's refueling tanker aircraft.…

Frozen foods supermarket chain deploys facial recognition tech

Privacy campaigner brands Iceland's use of 'Orwellian' camera tech 'chilling,' CEO responds: 'It'll cut violent crime'

Privacy campaigners are branding frozen food retailer Iceland's decision to trial facial recognition technology (FRT) at several stores "chilling" – the UK supermarket chain says it's deploying the cameras to cut down on crime.…

That WhatsApp from an Israeli infosec expert could be a Iranian phish

Charming Kitten unsheathes its claws and tries to catch credentials

The cyber-ops arm of Iran's Islamic Revolutionary Guard Corps has started a spear-phishing campaign intent on stealing credentials from Israeli journalists, cybersecurity experts, and computer science professors from leading Israeli universities.…

Citrix bleeds again: This time a zero-day exploited - patch now

Two emergency patches issued in two weeks

Hot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued an emergency patch for yet another super-serious flaw in the same products — but not before criminals found and exploited it as a zero-day.…

Amazon's Ring can now use AI to 'learn the routines of your residence'

It's meant to cut down on false positives but could be a trove for mischief-makers

Ring doorbells and cameras are using AI to "learn the routines of your residence," via a new feature called Video Descriptions.…

Computer vision research feeds surveillance tech as patent links spike 5×

A bottomless appetite for tracking people as 'objects'

A new study shows academic computer vision papers feeding surveillance-enabling patents jumped more than fivefold from the 1990s to the 2010s.…

Supply chain attacks surge with orgs 'flying blind' about dependencies

Who is the third party that does the thing in our thing? Yep. Attacks explode over past year

The vast majority of global businesses are handling at least one material supply chain attack per year, but very few are doing enough to counter the growing threat.…

French cybercrime police arrest five suspected BreachForums admins

Twentysomethings claimed to be linked to spate of high-profile cybercrimes

The Paris police force's cybercrime brigade (BL2C) has arrested a further four men as part of a long-running investigation into the criminals behind BreachForums.…

UK govt dept website that campaigns against encryption hijacked to advertise ... payday loans

Company at center of findings blamed SEO on outsourcer

A website developed for the UK Home Office's 2022 "flop" anti-encryption campaign has seemingly been hijacked to push a payday loan scheme.…

Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack

Why are you even reading this story? Patch now!

Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cyber scum, although there haven't been any reports of active exploitation. Yet.…

Beware of fake SonicWall VPN app that steals users' credentials

A good reminder not to download apps from non-vendor sites

Unknown miscreants are distributing a fake SonicWall app to steal users' VPN credentials.…

The vulnerability management gap no one talks about

If an endpoint goes ping but isn't on the network, does anyone hear it?

Partner content Recently, I've been diving deep into security control data across dozens of organizations, and what I've found has been both fascinating and alarming. Most security teams I work with can rattle off their vulnerability management statistics with confidence. They know their scan schedules, their remediation timelines, and their critical vulnerability counts. They point to clean dashboards and comprehensive reports as proof that their programs are working.…

Four REvil ransomware crooks walk free, escape gulag fate, after admitting guilt

Russian judge lets off accused with time served – but others who refused to plead guilty face years in penal colony

Four convicted members of the once-supreme ransomware operation REvil are leaving captivity after completing most of their five-year sentences.…

Psylo browser tries to obscure digital fingerprints by giving every tab its own IP address

Gotta keep 'em separated so the marketers and snoops can't come out and play

Psylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple's App Store, one day ahead of a report warning about the widespread use of browser fingerprinting for ad tracking and targeting.…

Typhoon-like gang slinging TLS certificate 'signed' by the Los Angeles Police Department

Chinese crew built 1,000+ device network that runs on home devices then targets critical infrastructure

A stealthy, ongoing campaign to gain long-term access to networks bears all the markings of intrusions conducted by China’s ‘Typhoon’ crews and has infected at least 1,000 devices, primarily in the US and South East, according to SecurityScorecard's Strike threat intel analysts. And it uses a phony certificate purportedly signed by the Los Angeles police department to try and gain access to critical infrastructure.…

WordPress Plugin Flaw Exposes 600,000 Sites to File Deletion

A severe flaw identified in the Forminator WordPress plugin allows arbitrary file deletion and potential site takeover

Privilege Escalation Flaw Found in Azure Machine Learning Service

A critical Azure Machine Learning flaw allows privilege escalation, risking subscription compromise

CVE Program Launches Two New Forums to Enhance CVE Utilization

The CVE Board has launched a Consumer Working Group and a Researcher Working Group, allowing new stakeholders to shape the future of the CVE Program

Automation and Vulnerability Exploitation Drive Mass Ransomware Breaches

ReliaQuest warns that initial access vulnerability exploitation is driving successful ransomware attacks

North Korean Hackers Target Crypto Firms with Novel macOS Malware

SentinelLabs observed North Korean actors deploying novel TTPs to target crypto firms, including a mix of programming languages and signal-based persistence

Linux Users Urged to Patch Critical Sudo CVE

Two elevation of privilege vulnerabilities have been discovered on the popular Sudo utility, affecting 30-50 million endpoints in the US alone

Android SMS Stealer Infects 100,000 Devices in Uzbekistan

New Android malware Qwizzserial has infected 100,000 devices, primarily in Uzbekistan, stealing SMS data via Telegram distribution

AI Models Mislead Users on Login URLs

A third of AI-generated login URLs lead to incorrect or dangerous domains, according to Netcraft

Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign

The French cybersecurity agency identified Houken, a new Chinese intrusion campaign targeting various industries in France

US Treasury Sanctions Russian Bulletproof Hosting Service Aeza Group

The Treasury said that Aeza Group has provided infrastructure services for notorious infostealer and ransomware operators

Dozens of Corporates Caught in Kelly Benefits Data Breach

Benefits admin specialist Kelly Benefits has revealed a breach impacting over 500,000 individuals across 45 client organizations

Qantas Reveals “Significant” Contact Center Data Breach

Qantas admits that a “significant” volume of customer data may have been stolen from a contact center

Google open-sources privacy tech for age verification

Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID or birthdate, which raises privacy and security concerns. In response, Google has open-sourced a cryptographic solution that uses zero-knowledge proofs (ZKPs) to let people verify their age without giving up sensitive information. The newly released ZKP codebase allows users to prove they are over or under a certain age without … More →

The post Google open-sources privacy tech for age verification appeared first on Help Net Security.

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code

Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their efforts to get them to spew out information that may benefit them, such as phishing URLs and fake download pages. Surfacing incorrect, potentially malicious URLs SEO poisoning and malvertising has made searching for login pages and software via Google or other search engines a minefield: if you don’t … More →

The post You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code appeared first on Help Net Security.

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)

Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) platforms and use the acquired access to execute arbitrary commands with the highest privileges. About CVE-2025-20309, and how to fix it Cisco Unified Communications Manager – … More →

The post Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) appeared first on Help Net Security.

GitPhish: Open-source GitHub device code flow security assessment tool

GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication server, automated landing page deployment, and an administrative management interface. GitPhish can be accessed via a command-line interface or a web dashboard, offering comprehensive features such as logging, analytics, and token management. “We designed GitPhish explicitly for security teams looking to conduct assessments and build detection capabilities around Device Code Phishing in … More →

The post GitPhish: Open-source GitHub device code flow security assessment tool appeared first on Help Net Security.

StealthMACsec strengthens Ethernet network security

StealthCores launched StealthMACsec, a comprehensive IEEE 802.1AE compliant MACsec engine that brings advanced side-channel countermeasures to Ethernet network security. Building on the proven security foundation of StealthAES, StealthMACsec delivers line-rate processing up to 10 Gbps on FPGA and even faster on ASIC while maintaining the highest levels of protection against sophisticated attacks. As Ethernet networks become increasingly critical to defense, industrial, and embedded systems, the need for link-layer security has never been greater. StealthMACsec addresses … More →

The post StealthMACsec strengthens Ethernet network security appeared first on Help Net Security.

Healthcare CISOs must secure more than what’s regulated

In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. Jiang also shares tips on working with engineering teams and how automation helps in DevSecOps. In a heavily regulated industry like healthcare, what specific challenges do CISOs encounter when integrating security into DevOps workflows? In healthcare, … More →

The post Healthcare CISOs must secure more than what’s regulated appeared first on Help Net Security.

Cyberattacks are draining millions from the hospitality industry

Every day, millions of travelers share sensitive information like passports, credit card numbers, and personal details with hotels, restaurants, and travel services. This puts pressure on the hospitality sector to keep that information safe and private. Cybersecurity challenges in the hospitality industry The industry itself is booming. The hotel segment alone is expected to reach a new peak of $511.91 billion in 2029. It’s no surprise that cybercriminals are taking notice. The growing financial impact … More →

The post Cyberattacks are draining millions from the hospitality industry appeared first on Help Net Security.

AI tools are everywhere, and most are off your radar

80% of AI tools used by employees go unmanaged by IT or security teams, according to Zluri’s The State of AI in the Workplace 2025 report. AI is popping up all over the workplace, often without anyone noticing. If you’re a CISO, if you want to avoid blind spots and data risks, you need to know where AI is showing up and what it’s doing across the entire organization. What’s happening and why it matters … More →

The post AI tools are everywhere, and most are off your radar appeared first on Help Net Security.

90% aren’t ready for AI attacks, are you?

As AI reshapes business, 90% of organizations are not adequately prepared to secure their AI-driven future, according to a new report from Accenture. Globally, 63% of companies are in the “Exposed Zone,” indicating they lack both a cohesive cybersecurity strategy and necessary technical capabilities. Generative AI spend vs. security spend (Source: Accenture) The urgency of embedding cybersecurity by design The report reveals AI adoption has accelerated the speed, scale and sophistication of cyber threats, far … More →

The post 90% aren’t ready for AI attacks, are you? appeared first on Help Net Security.

Industrial security is on shaky ground and leaders need to pay attention

44% of industrial organizations claim to have strong real-time cyber visibility, but nearly 60% have low to no confidence in their OT and IoT threat detection capabilities, according to Forescout. How confident are you in your OT/IoT threat detection coverage? (Source: Forescout) Digitalization raises industrial cyber risks Digitalization has increased connectivity across devices, transforming industrial environments, which in turn increases cyber risk. Rising geopolitical tensions further compound these challenges, demanding more nuanced, strategic and integrated … More →

The post Industrial security is on shaky ground and leaders need to pay attention appeared first on Help Net Security.

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024

ESET Threat Report H1 2025: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for organizations in 2025

ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits

ESET experts discuss Sandworm’s new data wiper, relentless campaigns by UnsolicitedBooker, attribution challenges amid tool-sharing, and other key findings from the latest APT Activity Report

This month in security with Tony Anscombe – June 2025 edition

From Australia's new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news

ESET Threat Report H1 2025

A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

BladedFeline: Whispering in the dark

ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig

Don’t let dormant accounts become a doorway for cybercriminals

Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order.

This month in security with Tony Anscombe – May 2025 edition

From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news

Word to the wise: Beware of fake Docusign emails

Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data

Danabot under the microscope

ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure

Danabot: Analyzing a fallen empire

ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation

Lumma Stealer: Down for the count

The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies

ESET takes part in global operation to disrupt Lumma Stealer

Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation

The who, where, and how of APT attacks in Q4 2024–Q1 2025

ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report

ESET APT Activity Report Q4 2024–Q1 2025

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025

Sednit abuses XSS flaws to hit gov't entities, defense companies

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU

Operation RoundPress

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)

Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.

Catching a phish with many faces

Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly

Beware of phone scams demanding money for ‘missed jury duty’

When we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer.

Toll road scams are in overdrive: Here’s how to protect yourself

Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam.

RSAC 2025 wrap-up – Week in security with Tony Anscombe

From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks

This month in security with Tony Anscombe – April 2025 edition

From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity

How safe and secure is your iPhone really?

Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.

Deepfake 'doctors' take to TikTok to peddle bogus cures

Look out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements

How fraudsters abuse Google Forms to spread scams

The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe.

Will super-smart AI be attacking us anytime soon?

What practical AI attacks exist today? “More than zero” is the answer – and they’re getting better.

CapCut copycats are on the prowl

Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead

They’re coming for your data: What are infostealers and how do I stay safe?

Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data

Attacks on the education sector are surging: How can cyber-defenders respond?

Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?

Watch out for these traps lurking in search results

Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results

So your friend has been hacked: Could you be next?

When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.

1 billion reasons to protect your identity online

Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t.

The good, the bad and the unknown of AI: A Q&A with Mária Bieliková

The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us

This month in security with Tony Anscombe – March 2025 edition

From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news

Resilience in the face of ransomware: A key to business survival

Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage

Making it stick: How to get the most out of cybersecurity training

Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near

RansomHub affiliates linked to rival RaaS gangs

ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions

FamousSparrow resurfaces to spy on targets in the US, Latin America

Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time

Shifting the sands of RansomHub’s EDRKillShifter

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play

You will always remember this as the day you finally caught FamousSparrow

ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor

Operation FishMedley

ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON

MirrorFace updates toolset, expands targeting to Europe

The group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure

Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor

ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor

AI's biggest surprises of 2024 | Unlocked 403 cybersecurity podcast (S2E1)

Here's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams

When IT meets OT: Cybersecurity for the physical world

While relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure can’t afford to dismiss the OT threat

Don’t let cybercriminals steal your Spotify account

Listen up, this is sure to be music to your ears – a few minutes spent securing your account today can save you a ton of trouble tomorrow

AI-driven deception: A new face of corporate fraud

Malicious use of AI is reshaping the fraud landscape, creating major new risks for businesses

Kids behaving badly online? Here's what parents can do

By taking time to understand and communicate the impact of undesirable online behavior, you can teach your kids an invaluable set of life lessons for a new digital age

Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights

Take a moment to think beyond our current capabilities and consider what might come next in the grand story of evolution

Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani

Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media

Bernhard Schölkopf: Is AI intelligent? | Starmus highlights

With AI's pattern recognition capabilities well-established, Mr. Schölkopf's talk shifts the focus to a pressing question: what will be the next great leap for AI?

This month in security with Tony Anscombe – February 2025 edition

Ransomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news

Laurie Anderson: Building an ARK | Starmus highlights

The pioneering multi-media artist reveals the creative process behind her stage show called ARK, which challenges audiences to reflect on some of the most pressing issues of our times

Fake job offers target software developers with infostealers

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers

DeceptiveDevelopment targets freelance developers

ESET researchers analyzed a campaign delivering malware bundled with job interview challenges

No, you’re not fired – but beware of job termination scams

Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff

Katharine Hayhoe: The most important climate equation | Starmus highlights

The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action

Gaming or gambling? Lifting the lid on in-game loot boxes

The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down

What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)

Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.

How AI-driven identity fraud is causing havoc

Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back

Neil Lawrence: What makes us unique in the age of AI | Starmus highlights

As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?

Patch or perish: How organizations can master vulnerability management

Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching

Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights

Left unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?

How scammers are exploiting DeepSeek's rise

As is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek

This month in security with Tony Anscombe – January 2025 edition

DeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy

Untrustworthy AI: How to deal with data poisoning

You should think twice before trusting your AI assistant, as database poisoning can markedly alter its output – even dangerously so

Brian Greene: Until the end of time | Starmus highlights

The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanity

Going (for) broke: 6 common online betting scams and how to avoid them

Don’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammers

The evolving landscape of data privacy: Key trends to shape 2025

Incoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams

PlushDaemon compromises supply chain of Korean VPN service

ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon

Under lock and key: Protecting corporate data from cyberthreats in 2025

Data breaches can cause a loss of revenue and market value as a result of diminished customer trust and reputational damage

UEFI Secure Boot: Not so secure

ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

The story of a signed UEFI application allowing a UEFI Secure Boot bypass

Cybersecurity and AI: What does 2025 have in store?

In the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threats

Protecting children online: Where Florida’s new law falls short

Some of the state’s new child safety law can be easily circumvented. Should it have gone further?

Crypto is soaring, but so are threats: Here’s how to keep your wallet safe

As detections of cryptostealers surge across Windows, Android and macOS, it's time for a refresher on how to keep your bitcoin or other crypto safe

State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone

The blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats

AI moves to your PC with its own special hardware

Seeking to keep sensitive data private and accelerate AI workloads? Look no further than AI PCs powered by Intel Core Ultra processors with a built-in NPU.

Gary Marcus: Taming Silicon Valley | Starmus highlights

The prominent AI researcher explores the societal impact of artificial intelligence and outlines his vision for a future in which AI upholds human rights, dignity, and fairness

This month in security with Tony Anscombe – December 2024 edition

From attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity news

Chris Hadfield: The sky is falling – what to do about space junk? | Starmus highlights

The first Canadian to walk in space dives deep into the origins of space debris, how it’s become a growing problem, and how we can clean up the orbital mess

ESET Research Podcast: Telekopye, again

Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'

Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (special edition)

ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud

Cybersecurity is never out-of-office: Protecting your business anytime, anywhere

While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year

ESET Threat Report H2 2024: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025

ESET Threat Report H2 2024

A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Black Hat Europe 2024: Hacking a car – or rather, its infotainment system

Our ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow

Black Hat Europe 2024: Why a CVSS score of 7.5 may be a 'perfect' 10 in your organization

Aggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems

Black Hat Europe 2024: Can AI systems be socially engineered?

Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally?

How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8)

As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats?

Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks

Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost

Philip Torr: AI to the people | Starmus highlights

We’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impact

Achieving cybersecurity compliance in 5 steps

Cybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements

Richard Marko: Rethinking cybersecurity in the age of global challenges | Starmus highlights

ESET's CEO unpacks the complexities of cybersecurity in today’s hyper-connected world and highlights the power of innovation in stopping digital threats in their tracks

Month in security with Tony Anscombe – November 2024 edition

Zero days under attack, a new advisory from 'Five Eyes', thousands of ICS units left exposed, and mandatory MFA for all – it's a wrap on another month filled with impactful cybersecurity news

Scams to look out for this holiday season

‘Tis the season to be wary – be on your guard and don’t let fraud ruin your shopping spree

Bootkitty marks a new chapter in the evolution of UEFI threats

ESET researchers make a discovery that signals a shift on the UEFI threat landscape and underscores the need for vigilance against future threats

Bootkitty: Analyzing the first UEFI bootkit for Linux

ESET researchers analyze the first UEFI bootkit designed for Linux systems

Security Pros Say Hunters International RaaS Operators are ‘Changing Jerseys’

ransomware, backups, LockBit ransomware Federal Reserve

The notorious Hunters International RaaS group that racked up hundreds of victims over two years says it's shutting down and offering decryption software to victims, but security pros say this happens regularly in the cybercriminal world and that the threat actors likely will return affiliated with other operations.

The post Security Pros Say Hunters International RaaS Operators are ‘Changing Jerseys’ appeared first on Security Boulevard.

Analysis Surfaces Increased Usage of LLMs to Craft BEC Attacks

LLM, Barracuda, email, secure, LastPass WithSecure language Expel BEC Delivering Email Post-Data Breach

A Barracuda Networks analysis of unsolicited and malicious emails sent between February 2022 to April 2025 indicates 14% of the business email compromise (BEC) attacks identified were similarly created using a large language model (LLM).

The post Analysis Surfaces Increased Usage of LLMs to Craft BEC Attacks appeared first on Security Boulevard.

Beyond Silos: The Power of Internal Collaboration on Transforming Fraud Prevention

fraud, time, cybersecurity data Emotet Spring4Shell ransomware API security cyberattack threats fraud

By breaking down internal silos, leveraging advanced technology and embracing industrywide cooperation, organizations can shift from reactive to proactive fraud prevention to protect revenue and reputation while supporting sustainable business growth.

The post Beyond Silos: The Power of Internal Collaboration on Transforming Fraud Prevention appeared first on Security Boulevard.

We Are Losing the Scan/Patch Battle

vulnerability, patch, Cisco, flaw, patch, vulnerabilities, Cato, patch, automation, patch management, Action1 patching cyberattacks JumpCloud patching

There is no question that vulnerability scanning and patch management remain necessary, but they are clearly no longer sufficient

The post We Are Losing the Scan/Patch Battle appeared first on Security Boulevard.

The Differences and Similarities Between Shadow IT and BYOC

shadow IT, BYOC, shadow AI, security, Cisco cybersecurity

Understanding the difference between Shadow IT and BYOC, although subtle, requires different policies, procedures and technology to resolve.

The post The Differences and Similarities Between Shadow IT and BYOC appeared first on Security Boulevard.

Silent Push, NordVPN Uncover Thousands of Brand-Spoofing Websites

online trusted domains spoofing Phishers’ Favorite Brands to Spoof

Researchers from NordVPN and Silent Push uncover separate brand-spoofing campaigns that involve tens of thousands of fake websites impersonating real plans that are used to lure victims to hand their data and money to threat actors.

The post Silent Push, NordVPN Uncover Thousands of Brand-Spoofing Websites appeared first on Security Boulevard.

Concentric AI Expands Data Security Ambitions With Swift Security, Acante Acquisitions

Data security governance provider Concentric AI announced its acquisition of Swift Security and Acante, two AI-driven security startups, in a move Concentric AI founder and CEO Karthik Krishnan hopes will reshape enterprise data protection.

The post Concentric AI Expands Data Security Ambitions With Swift Security, Acante Acquisitions appeared first on Security Boulevard.

Blumira Identifies 824 Iranian Cyber Incidents Over 21 Months

iranian, IBM quantum generative AI security, management, organizations, GDPR, Strike Force privacy, vendors, RFPs, cloud, data security DLP Iran DUMPS Conti Hackers Sandbox government HackerOne IBM data security

Security operations platform provider Blumira today released an intelligence assessment that tracked 824 security incidents attributed to Iranian threat actors over 21 months, providing insights into recent Iranian threat activity.

The post Blumira Identifies 824 Iranian Cyber Incidents Over 21 Months appeared first on Security Boulevard.

Report Finds LLMs Are Prone to Be Exploited by Phishing Campaigns

NETSCOUT cybersecurity, attacks resources security challenges tools breach API attacker Radware Report Sees Major Spike in DDoS Attacks

A report published this week by Netcraft, a provider of a platform for combating phishing attacks, finds that large language models (LLMs) might not be a reliable source when it comes to identifying where to log in to various websites.

The post Report Finds LLMs Are Prone to Be Exploited by Phishing Campaigns appeared first on Security Boulevard.

API Sprawl Can Trip Up Your Security, Big Time

api, api sprawl, api security, pen testing, Salt Security, API, APIs, attacks, testing, PTaaS, API security, API, cloud, audits, testing, API security vulnerabilities testing BRc4 Akamai security pentesting ThreatX red team pentesting API APIs Penetration Testing

The future of API security is not just about better firewalls — it is about smarter governance, automation and visibility at scale.

The post API Sprawl Can Trip Up Your Security, Big Time appeared first on Security Boulevard.

Leaks hint at Operator-like tool in ChatGPT ahead of GPT-5 launch

A few new code references in the ChatGPT web app and Android point to an Operator-like tool in GPT's chain of thoughts. [...]

xAI prepares Grok 4 Code as it plans to take on Claude and Gemini

xAI is preparing the rollout of Grok 4, which replaces Grok 3 as the new state-of-the-art model. [...]

Police dismantles investment fraud ring stealing €10 million

The Spanish police have dismantled a large-scale investment fraud operation based in the country, which has caused cumulative damages exceeding €10 million ($11.8M). [...]

Grafana releases critical security update for Image Renderer plugin

Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. [...]

IdeaLab confirms data stolen in ransomware attack last year

IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information. [...]

Microsoft investigates ongoing SharePoint Online access issues

Microsoft is investigating an ongoing incident causing intermittent issues for users attempting to access SharePoint Online sites. [...]

Microsoft: Exchange Server Subscription Edition now available

Microsoft has announced that the Exchange Server Subscription Edition (SE) is now available to all customers of its enterprise email service. [...]

Hunters International ransomware shuts down, releases free decryptors

The Hunters International Ransomware-as-a-Service (RaaS) operation announced today that it has officially closed down its operations and will offer free decryptors to help victims recover their data without paying a ransom. [...]

Microsoft asks users to ignore Windows Firewall config errors

Microsoft asked customers this week to disregard incorrect Windows Firewall errors that appear after rebooting their systems following the installation of the June 2025 preview update. [...]

NimDoor crypto-theft macOS malware revives itself when killed

North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. [...]

DOJ investigates ex-ransomware negotiator over extortion kickbacks

An ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals. [...]

Spain arrests hackers who targeted politicians and journalists

The Spanish police have arrested two individuals in the province of Las Palmas for their alleged involvement in cybercriminal activity, including data theft from the country's government. [...]

Google is adding new device-level features for its Advanced Protection program

At the Android Show, taking place ahead of Google I/O 2025, Google announced that it is adding new device-specific features to its Advanced Protection program, which is designed to protect public figures such as politicians and journalists from different digital threats, with the Android 16 release. The new features include a new way of storing […]

Google announces new security features for Android for protection against scam and theft

At the Android Show on Tuesday, ahead of Google I/O, Google announced new security and privacy features for Android. These new features include new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a […]

A 25-year-old police drone founder just raised $75M led by Index

If you ever call 911 from an area that’s hard to get to, you might hear the buzz of a drone well before a police cruiser pulls up. And there’s a good chance that it will be one made by Brinc Drones, a Seattle-based startup founded by 25-year-old Blake Resnick, who dropped out of college […]

A new security fund opens up to help protect the fediverse

A new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.

How to tell if your online accounts have been hacked

This is a guide on how to check whether someone compromised your online accounts.

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Threat intelligence startup GreyNoise says it has observed a ‘notable resurgence’ in attack activity

US teachers’ union says hackers stole sensitive personal data on over 500,000 members

PSEA says it "took steps to ensure" its stolen data was deleted, suggesting a ransom demand was paid

CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’

Federal court rules U.S. cybersecurity agency must re-hire over 100 former employees

DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts

Affected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning

What PowerSchool won’t say about its data breach affecting millions of students

New details have emerged about PowerSchool's data breach — but here's what PowerSchool still isn't saying.

Hacker accessed PowerSchool’s network months before massive December breach

CrowdStrike says a hacker had access to PowerSchool's internal system as far back as August.

Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations

Unidentified hackers breached NTT Com’s network to steal personal information of employees at thousands of corporate customers

FBI says scammers are targeting US executives with fake BianLian ransom notes

The FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]

UK quietly scrubs encryption advice from government websites

The UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands

Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation

Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape

US said to halt offensive cyber operations against Russia

The reported policy shift comes as the U.S. government signals a change in its threat assessment of Russia

‘Uber for guns’ app Protector lets you hire armed bodyguards like you would an Uber — but does anyone need this?

In a TikTok video with over 3 million views, a woman in a fluffy, maximalist coat sits in the back seat of a luxury SUV, parked in the middle of a New York City street. Atop the 6-second video, a line of text reads, “our bodyguards got us matcha.” The camera zooms in on two […]

Belgium investigating alleged cyberattack on intelligence agency by China-linked hackers

The hackers reportedly exploited a flaw in US cybersecurity firm Barracuda’s software to access VSSE's email server

Archipelo comes out of stealth with $12M funding to secure human and AI-driven code

When it comes to AI software, you can build something clever, but that’s not always the same as building something that is secure. With so much software now getting written by AI, having a window into its security can be a challenge. That’s the premise of Archipelo, a San Francisco-based cybersecurity startup that is today […]

Hackers publish sensitive patient data allegedly stolen from Australian IVF provider Genea

Genea gets a court injunction after ransomware gang Termite claims to have leaked patient information

Recap of Our Presence at VivaTech 2025

Our Core Expertise: Offshore Hosting & Advanced Cybersecurity At KoDDoS, we’ve built our reputation on two complementary pillars: 🛡️ Robust Cybersecurity Capabilities For over a decade, we’ve been protecting digital infrastructure with cutting-edge security technologies: 🌐 Resilient and Sovereign Offshore Hosting Our global infrastructure is distributed across strategic offshore data centers in: This setup offers … Continue reading Recap of Our Presence at VivaTech 2025

The post Recap of Our Presence at VivaTech 2025 appeared first on KoDDoS Blog.

KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.

Paris, June 2025 – From June 11 to 14, Paris will once again become the global epicenter of technological innovation with the return of VivaTechnology 2025, held at Paris Expo Porte de Versailles. Bringing together major tech companies, disruptive startups, global investors, and public institutions, the event stands out as a pivotal moment for the … Continue reading KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges.

The post KoDDoS at VivaTechnology 2025: A Strategic Presence at the Heart of Cybersecurity and AI Challenges. appeared first on KoDDoS Blog.

Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

Video games are more than entertainment; they’re a $200 billion global industry. But as gaming grows, so do cyberattacks. Hackers now see games as goldmines for stealing data, extorting companies, and exploiting players. According to Infosecurity Magazine, Akamai’s 2024 report shows that attacks on gaming platforms are rising alarmingly. In 2024 alone, the industry suffered … Continue reading Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

The post Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe appeared first on KoDDoS Blog.

How Social Media Use Can Create Hidden Cybersecurity Risks

Social media is all around us, helping us stay connected, updated, and entertained. But beneath the endless scroll, a darker reality exists. Hidden cybersecurity threats are growing- some obvious, others much harder to spot. The risks are especially alarming for young users. According to the National Institutes of Health, up to 95% of teens aged … Continue reading How Social Media Use Can Create Hidden Cybersecurity Risks

The post How Social Media Use Can Create Hidden Cybersecurity Risks appeared first on KoDDoS Blog.

KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

From April 1st to 3rd, 2025, KoDDoS, a provider of specialized services in DDoS protection and secure offshore hosting, marked its presence at the InCyber Europe Forum, held at the Lille Grand Palais. A true crossroads of cyber innovation and cooperation, the event is the largest cybersecurity event in Europe. A benchmark event on an … Continue reading KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

The post KoDDoS at the InCyber Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem appeared first on KoDDoS Blog.

Looking back at CloudFest 2025: An essential event for the future of the cloud!

CloudFest is one of the world’s largest cloud computing events. Every year, it brings together the industry’s leading players to discuss the latest technological advancements, emerging trends, and market challenges. In 2025, the event once again cemented its leadership status by providing a dynamic platform for professional exchange and cloud innovation. This edition featured captivating … Continue reading Looking back at CloudFest 2025: An essential event for the future of the cloud!

The post Looking back at CloudFest 2025: An essential event for the future of the cloud! appeared first on KoDDoS Blog.

KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

KoDDoS recently strengthened its commitment to the European tech scene by participating in several major events in France. Our team was honored to be invited to key gatherings in the tech industry, highlighting the importance of innovation and cybersecurity in the evolving digital ecosystem. This strategic tour in Paris allowed us to meet top-tier partners, … Continue reading KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

The post KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris. appeared first on KoDDoS Blog.

KoDDos Will be at CyberShow 2025 in Paris!

The post KoDDos Will be at CyberShow 2025 in Paris! appeared first on KoDDoS Blog.

Technological innovation in the heart of Los Angeles at the CES 2025 🚀

🚀 Cutting-Edge Services KoDDoS has established itself as a key player in the field of high-performance hosting. Specializing in anti-DDoS protection, we ensure unmatched service continuity for our clients in the face of growing threats targeting digital infrastructures. We also invest in groundbreaking technologies, including Web3, blockchain, and the Internet of Things (IoT), providing tailored … Continue reading Technological innovation in the heart of Los Angeles at the CES 2025 🚀

The post Technological innovation in the heart of Los Angeles at the CES 2025 🚀 appeared first on KoDDoS Blog.

Recruitment Announcement: B2B Sales Representatives and Business Introducers

To meet growing demand and accelerate our growth, we are launching a new sales team. Weare looking for talented, ambitious, and motivated B2B sales representatives and businessintroducers who share our vision of a safer and more resilient internet. Job Profile:Position: B2B Sales Representatives and Business IntroducersAs a key member of our Sales Team, you will … Continue reading Recruitment Announcement: B2B Sales Representatives and Business Introducers

The post Recruitment Announcement: B2B Sales Representatives and Business Introducers appeared first on KoDDoS Blog.

OT Security in Ports: Lessons from the Coast Guard's Latest Warning

The cranes that move goods in and out of America's busiest ports (some of the most essential components of our national logistics chain) are under growing scrutiny. In a newly issued MARSEC Directive 105-5, the U.S. Coast Guard has raised red flags about the cybersecurity risks that come with ship-to-shore (STS) cranes manufactured in China. These cranes, mostly produced by state-owned enterprises like Shanghai Zhenhua Heavy Industries (ZPMC), make up nearly 80% of the STS equipment at U.S. ports. While efficient and widely used, they are a risk to supply chains thanks to built-in...

5 Critical Security Risks Facing COBOL Mainframes

COBOL remains deeply embedded in the infrastructure of global enterprises, powering critical systems in banking, insurance, government, and beyond. While its stability and processing efficiency are unmatched, legacy environments running COBOL face a growing challenge: Security. As cyber threats evolve and legacy systems continue to age, COBOL-based mainframes present attractive targets due to their outdated configurations, minimal security oversight, and lack of modern defenses. Understanding these risks is the first step toward securing the legacy systems that continue to run the world's most...

Essential Features to Look for in a VM Solution

Why Choosing the Right VM Tool Matters Your vulnerability management solution is the fuel that powers the rest of your strategic cybersecurity objectives. Put good in, get good out. That's why the vulnerability management tool you choose matters. And there are a lot of features that are necessary to protect a modern environment today that weren't on the list before. Done right, VM provides a stable foundation for cyber hygiene and regulatory compliance. Done wrong, and misaligned tools can slow the process from discovery to remediation, complicating and compromising the most important part of...

Outdated Routers: The Hidden Threat to Network Security, FBI Warns

When was the last time you updated your router? If you’re not sure, you’re not alone, and this uncertainty could pose a serious risk to your business. The FBI recently warned that malicious actors are targeting end-of-life (EOL) routers (network devices that manufacturers no longer support or update). These outdated routers are being hijacked by bad actors who use them as a stepping stone into networks, turning them into cybercriminal proxies. The threat is real, and it’s growing. The weapon of choice behind many of these attacks is a sophisticated strain of malware known as TheMoon, which has...

Securing Our Water: Understanding the Water Cybersecurity Enhancement Act of 2025

Cyberattacks on public infrastructure are no longer hypothetical. From ransomware disabling city services to foreign actors probing utility networks, the risks are real and rising. Among the most vulnerable targets are our public water systems. Often underfunded, technologically fragmented, and encumbered by legacy systems, water utilities are easy pickings for determined attackers. In recent years, a slew of incidents have highlighted these vulnerabilities. In October 2024, American Water experienced a cyberattack that took its MyWater account system offline for a week, temporarily preventing...

Revenge, Fame, and Fun: The Motives Behind Modern Cyberattacks

Ever wondered what really drives today's cyberattacks? It's not always just about stealing data or demanding a ransom. Motives can vary widely depending on the attacker, their intent, and their capabilities. In the most simple terms, a cyberattack is a malicious intent to access, steal, expose, or destroy data and systems without authorized access. Every attack typically involves a motive or goal, a method of execution, and a vulnerability that's exploited to achieve the intended outcome. The motive or intent is where it all starts. It's what drives an attack from beginning to end. But not all...

Clean Up in the Cybersecurity Aisle: Cybercriminals and Groceries

Picture this: You’re at the supermarket, looking for your favorite brand of cereal. But the shelves are empty, staff are frazzled, and the checkout terminals are flickering ominously. That’s not just a supply chain hiccup, it’s a direct result of the latest wave of cyberattacks targeting the UK’s biggest grocery chains. In 2025, major retailers like Co-op, Marks & Spencer, and Harrods found themselves at the mercy of criminals who didn’t need crowbars or ski masks ; just a laptop and some cunning. Let’s unpack how these attacks happened, the tactics used, and most importantly, how any business...

Qilin Offers "Call a lawyer" Button For Affiliates Attempting To Extort Ransoms From Victims Who Won't Pay

Imagine for one moment that you are a cybercriminal. You have compromised an organisation's network, you have stolen their data, you have encrypted their network, and you are now knee-deep in the ransomware negotiation. However, there's a problem. Your target is stalling for time. Who can you, as the perpetrator of the crime rather than the innocent victim, turn to for advice? Well, if you are an affiliate of the Qilin ransomware group, you can simply hit the "Call Lawyer" button. Because, as researchers at Cybereason have revealed, Qilin has introduced a number of new features for its...

Shifting Gears: India's Government Calls for Financial Cybersecurity Change

Escalating tensions in the Kashmiri conflict between India and Pakistan illustrate a point the Indian government has been driving home for years; it is time to double-down on securing India's critical financial services. As the cornerstone of the nation's stability, the Banking, Financial Services, and Insurance (BFSI) sector was the focus of India's first Digital Threat Report 2024, and offers a "comprehensive view of the most critical risks facing the industry today." The report leverages attack data from last year to pinpoint several areas of concern, including advanced social engineering...

Continuous Threat Exposure Management (CTEM): The Future of Vulnerability Assessment

As a cybersecurity expert, you are aware that performing static scans is only one part of a good defense-in-depth strategy. Similarly, periodic vulnerability assessments, while valuable, are only a single piece of cyber defense fortification. Continuous Threat Exposure Management (CTEM) establishes a logical setting to control organizational threats proactively. CTEM enables an augmented cybersecurity posture, active real-time risk mitigation, and threat precursor disabling. Decoding CTEM CTEM is an always-on strategy that monitors all attack surfaces for risk detection. It focuses on...

Beware of Fake Chinese E-Commerce Sites Imitating Apple, Wrangler, and Exploiting Payment Services like MasterCard and PayPal

A sophisticated phishing campaign, initially spotlighted by Mexican journalist Ignacio Gómez Villaseñor, has evolved into a sprawling global threat, as revealed by Silent Push Threat Analysts. What began as a targeted attack on Spanish-language audiences during Mexico’s “Hot Sale 2025” an annual sales event akin to Black Friday has expanded into a massive fake marketplace […]

The post Beware of Fake Chinese E-Commerce Sites Imitating Apple, Wrangler, and Exploiting Payment Services like MasterCard and PayPal appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New Hpingbot Exploits Pastebin for Payload Delivery and Uses Hping3 for DDoS Attacks

NSFOCUS Fuying Lab’s Global Threat Hunting System has discovered a new botnet family called “hpingbot” that has been quickly expanding since June 2025, marking a significant shift in the cybersecurity scene. This cross-platform botnet, built from scratch using the Go programming language, targets both Windows and Linux/IoT environments and supports multiple processor architectures including amd64, […]

The post New Hpingbot Exploits Pastebin for Payload Delivery and Uses Hping3 for DDoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Azure API Vulnerabilities Expose VPN Keys and Grant Over-Privileged Access via Built-In Roles

Token Security experts recently conducted a thorough investigation that exposed serious security weaknesses in Microsoft Azure’s Role-Based Access Control (RBAC) architecture. Azure RBAC, the backbone of permission management in the cloud platform, allows administrators to assign roles to users, groups, or service principals with predefined permissions at varying scopes, from entire subscriptions to specific resources. […]

The post Azure API Vulnerabilities Expose VPN Keys and Grant Over-Privileged Access via Built-In Roles appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat Actors Exploit .COM TLD to Host Widespread Credential Phishing Sites

Threat actors have dramatically increased their exploitation of the cybersecurity sector, which is a disturbing development. Spain’s country code TLD, ES, is used to plan credential phishing attacks. According to recent findings from Cofense Intelligence, the abuse of .ES TLD domains surged by an astonishing 19-fold from Q4 2024 to Q1 2025, propelling it to […]

The post Threat Actors Exploit .COM TLD to Host Widespread Credential Phishing Sites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Citrix Alerts on Authentication Failures After NetScaler Update to Resolve Auth Vulnerability

Citrix has issued an urgent advisory for NetScaler users following the release of builds 14.1.47.46 and 13.1.59.19, warning of potential authentication disruptions stemming from a 16c3 a newly implemented security feature. As part of Citrix’s secure-by-design and secure-by-default initiative, the Content Security Policy (CSP) header has been enabled by default in these builds to bolster […]

The post Citrix Alerts on Authentication Failures After NetScaler Update to Resolve Auth Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Apache Tomcat and Camel Vulnerabilities Actively Targeted in Cyberattacks

The Apache Foundation disclosed several critical vulnerabilities affecting two of its widely used software platforms, Apache Tomcat and Apache Camel, sparking immediate concern among cybersecurity experts and organizations worldwide. Apache Tomcat, a popular platform for running Java-based web applications, was found to have a severe flaw identified as CVE-2025-24813. This vulnerability, impacting versions 9.0.0.M1 to […]

The post Apache Tomcat and Camel Vulnerabilities Actively Targeted in Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

13-Year-Old Dylan Joins Forces with Microsoft Security Response Center as the Youngest Security Researcher

Dylan, 13, has accomplished a remarkable achievement by becoming the youngest security researcher to work with the Microsoft Security Response Center (MSRC), leaving his mark on the history of cybersecurity. His journey from tinkering with Scratch, a visual programming language for creating games, to identifying critical vulnerabilities in Microsoft products showcases a rare blend of […]

The post 13-Year-Old Dylan Joins Forces with Microsoft Security Response Center as the Youngest Security Researcher appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

New ‘BUBBAS GATE’ Malware Advertised on Telegram Boasts SmartScreen and AV/EDR Bypass

A new malware loader dubbed “BUBBAS GATE” has surfaced on underground forums and Telegram channels, drawing attention for its bold claims of advanced evasion capabilities, including bypassing Microsoft’s SmartScreen and modern AV/EDR solutions. The loader was first advertised on June 22, 2025, with the threat actor touting a suite of features designed to evade detection and maximize […]

The post New ‘BUBBAS GATE’ Malware Advertised on Telegram Boasts SmartScreen and AV/EDR Bypass appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Acknowledges Error Entry in Windows Firewall With Advanced Security

Microsoft has officially confirmed that its recent Windows 11 update, KB5060829, is causing unexpected error entries in the Windows Firewall With Advanced Security logs. The company has assured users and IT administrators that these errors, while potentially alarming, do not indicate any malfunction or security risk and can be safely ignored. Following the installation of […]

The post Microsoft Acknowledges Error Entry in Windows Firewall With Advanced Security appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Let’s Encrypt Expands to Issue SSL/TLS Certificates for IP Addresses

Let’s Encrypt, a leading certificate authority (CA) known for providing free SSL/TLS certificates since 2015, has issued its first-ever certificate for an IP address. This development, announced earlier in January, marks a significant step in expanding secure communication options for Internet infrastructure. The organization is now rolling out this feature gradually to its subscribers, with […]

The post Let’s Encrypt Expands to Issue SSL/TLS Certificates for IP Addresses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year

French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities.

The post China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year appeared first on CyberScoop.

Top FBI cyber official: Salt Typhoon ‘largely contained’ in telecom networks

Brett Leatherman told CyberScoop in an interview that while the group still poses a threat, the bureau is focused on resilience and victim support, and going on offense could be in the future.

The post Top FBI cyber official: Salt Typhoon ‘largely contained’ in telecom networks appeared first on CyberScoop.

Cloudflare rolls out ‘pay-per-crawl’ feature to constrain AI’s limitless hunger for data

The move is the result customer feedback, since they neither wanted to grant AI web crawlers unrestricted access to their data nor block the practice entirely.

The post Cloudflare rolls out ‘pay-per-crawl’ feature to constrain AI’s limitless hunger for data appeared first on CyberScoop.

US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations

Russia-based Aeza Group allegedly provided infrastructure to BianLian ransomware and the Meduza, RedLine and Lumma infostealer operators.

The post US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations appeared first on CyberScoop.

AT&T deploys new account lock feature to counter SIM swapping

The feature is available for both consumer and business accounts.

The post AT&T deploys new account lock feature to counter SIM swapping appeared first on CyberScoop.

Scammers have a new tactic: impersonating DOGE

An email reviewed by Scoop News Group and analyzed by Proofpoint reveals the latest attempt by fraudsters to capitalize on confusion over the Elon Musk-created group.

The post Scammers have a new tactic: impersonating DOGE appeared first on CyberScoop.

Arrest, seizures in latest U.S. operation against North Korean IT workers

The coordinated steps included searches spanning 16 states involving workers who obtained employment at more than 100 U.S. companies.

The post Arrest, seizures in latest U.S. operation against North Korean IT workers appeared first on CyberScoop.

Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

A cartel affiliate notified an FBI agent about a hacker who infiltrated cameras and phones to track an FBI official’s meetings, the DOJ inspector general said.

The post Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report appeared first on CyberScoop.

Slavery, torture, human trafficking discovered at 53 Cambodian online scamming compounds

Pig butchering scams were the most common activity carried out at the facilities identified in the Amnesty International investigation.

The post Slavery, torture, human trafficking discovered at 53 Cambodian online scamming compounds appeared first on CyberScoop.

Microsoft security updates address CrowdStrike crash, kill ‘Blue Screen of Death’

Third-party antivirus software will no longer have access to the Windows kernel as Microsoft rolls out changes to reduce IT downtime from unexpected crashes or disruptions.

The post Microsoft security updates address CrowdStrike crash, kill ‘Blue Screen of Death’ appeared first on CyberScoop.

China-linked group Houken hit French organizations using zero-days

China-linked group Houken hit French govt, telecom, media, finance and transport sectors using Ivanti CSA zero-days, says France’s ANSSI. France’s cyber agency ANSSI revealed that a Chinese hacking group used Ivanti CSA zero-days to target government, telecom, media, finance, and transport sectors. The campaign, active since September 2024, is linked to the Houken intrusion set, […]

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

Resecurity found a breach in Brazil’s CIEE One platform, exposing PII and documents, later sold by data broker “888” on the dark web. Resecurity identified a data breach of one of the major platforms in Brazil connecting businesses and trainees called CIEE One – leading to the compromise of sensitive PII, including ID records, contact […]

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

Europol shuts down Archetyp Market, longest-running dark web drug site, the police arrested the admin in Spain, top vendors hit in Sweden. An international law enforcement operation led by German authorities has shut down Archetyp Market, the longest-running dark web drug marketplace, in a coordinated operation across six countries with support from Europol and Eurojust. […]

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

A data breach at Kelly Benefits has impacted 550,000 people, with the number of affected individuals growing as the investigation continues. Benefits and payroll solutions firm Kelly Benefits has confirmed that a recent data breach has affected 550,000 individuals. As the investigation continued, the scale of the impact expanded, revealing that more people were affected […]

Cisco removed the backdoor account from its Unified Communications Manager

Digital communications technology giant Cisco addressed a static SSH credentials vulnerability in its Unified Communications Manager (Unified CM). A flaw, tracked as CVE-2025-20309 (CVSS score of 10), in Cisco Unified Communications Manager and its Session Management Edition lets remote attackers log in using hardcoded root credentials set during development. Cisco Unified Communications Manager (CUCM) is a call […]

U.S. Sanctions Russia’s Aeza Group for aiding crooks with bulletproof hosting

U.S. Treasury sanctions Russia-based Aeza Group and affiliates for aiding cybercriminals via bulletproof hosting services. The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Russia-based Aeza Group for aiding global cybercriminals via bulletproof hosting services. A bulletproof hosting service is a type of internet hosting provider that knowingly allows cybercriminals to host malicious content […]

Qantas confirms customer data breach amid Scattered Spider attacks

Qantas reports a cyberattack after hackers accessed customer data via a third-party platform, amid ongoing Scattered Spider aviation breaches. Qantas, Australia’s largest airline, disclosed a cyberattack after hackers accessed a third-party platform used by a call centre, stealing significant customer data. The breach, linked to ongoing Scattered Spider activity, was detected and contained on Monday. […]

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit exists in the wild. Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit is available in the wild. “Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker […]

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2025-48927 is an Initialization of a Resource with an Insecure Default […]

A sophisticated cyberattack hit the International Criminal Court

The International Criminal Court (ICC) is probing a sophisticated cyberattack that was discovered and contained last week. On June 30, 2025, the International Criminal Court (ICC) announced that it was hit by a sophisticated and targeted cyberattack. The organization confirmed that the incident was detected and contained by its defense systems. “Late last week, the […]

A third of organisations take more than 90 days to remediate threats

The recent Global Industrial Cybersecurity Benchmark 2025 by Takepoint Research, sponsored by Forescout, revealed an overconfidence in critical infrastructure security. Notably, the research found that 44% of industrial organisations claim to have strong real-time cyber visibility, but nearly 60% have low to no confidence in their Operational Technology (OT) and Internet of Things (IoT) threat […]

The post A third of organisations take more than 90 days to remediate threats appeared first on IT Security Guru.

How to Secure Your Promo Codes Against Cyber Exploits

Promo codes provide a fantastic opportunity to increase customer traffic and generate sales, yet there is a potential risk with them. Promo codes are one of the objects of interest to cybercriminals because they exploit those codes and use them to their personal advantage, which can cost your company its customers. Among the most popular […]

The post How to Secure Your Promo Codes Against Cyber Exploits appeared first on IT Security Guru.

Infinity Global Services’ Pen Testing Achieves CREST-Accreditation

With today’s unpredictable cyber threat landscape, proactive security measures are crucial. Infinity Global Services (IGS) offers penetration testing (PT), a vital service that uncovers vulnerabilities before exploitation. Delivered by a team of seasoned experts, IGS’s penetration testing service has now achieved CREST accreditation. This globally recognised standard validates the quality, methodology, and integrity of IGS’s […]

The post Infinity Global Services’ Pen Testing Achieves CREST-Accreditation appeared first on IT Security Guru.

How Betting Sites Keep Your Information Safe (Without You Even Noticing)

Ever wondered what’s going on behind the scenes when you place a bet online? No, not the odds or the algorithms that somehow know your team’s about to blow a 2–0 lead again – we’re talking about the security side of things. Because let’s face it: if you’re logging in, placing wagers, and moving money […]

The post How Betting Sites Keep Your Information Safe (Without You Even Noticing) appeared first on IT Security Guru.

Defining Cyber Resilience: Industry Leaders Meet in London as AI Threats Accelerate

Last week, Check Point hosted its annual Cyber Leader Summit at Landing Forty-Two in London’s iconic Leadenhall Building. The summit convened influential figures from the cybersecurity, law enforcement, and enterprise communities to explore the rapidly evolving threat landscape and the transformative role of artificial intelligence. Key discussions focused on the urgent need for proactive, resilience-focused […]

The post Defining Cyber Resilience: Industry Leaders Meet in London as AI Threats Accelerate appeared first on IT Security Guru.

Bridewell report indicates rise in lone wolf ransomware actors

Bridewell, a UK-based cybersecurity services company, has released its latest CTI Annual Report – a comprehensive deep dive into ransomware trends. It highlighted a significant shift in attack strategies, payment dynamics and threat actor behaviours, revealing that data theft and extortion have overtaken traditional encryption-only ransomware as the most successful approach for attackers. While encryption-based […]

The post Bridewell report indicates rise in lone wolf ransomware actors appeared first on IT Security Guru.

Keeper Security Achieves SOC 3 Compliance

Keeper Security has achieved System and Organisation Controls (SOC) 3® compliance, demonstrating the company’s commitment to the highest standards of security for all users. The SOC 3 report, governed by the American Institute of Certified Public Accountants (AICPA), is a public-facing certification that validates the security, availability and confidentiality of Keeper’s systems. As part of […]

The post Keeper Security Achieves SOC 3 Compliance appeared first on IT Security Guru.

Black Duck Teams with Arm to Boost EU Cyber Resilience Act Compliance

Software security company Black Duck is ramping up efforts to help organizations comply with the European Cyber Resilience Act (CRA), building on a 20-year partnership with British chip design giant Arm. The collaboration focuses on securing software running on Arm64-based systems, now widely used in hyperscaler and enterprise environments. Since 2005, Black Duck has played […]

The post Black Duck Teams with Arm to Boost EU Cyber Resilience Act Compliance appeared first on IT Security Guru.

US States with Notable Consumer Data Privacy Laws

Privacy issues have garnered significant attention from the state despite not typically being at the forefront of discussions regarding data regulation. The states included in the article are not in any specific sequence. Kentucky Steps Up Early Sectors like entertainment and online platforms in Kentucky take data protection seriously. For example, popular iGaming services that […]

The post US States with Notable Consumer Data Privacy Laws appeared first on IT Security Guru.

Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals

Today, Cybersmart, a provider of cyber risk management for small businesses, has released the findings from its second annual CyberSmart MSP Survey, which focuses on the security of Managed Service Providers (MSPs) and their customers. The 2025 report revealed that 69% of MSP leaders globally admitted to being hit by multiple breaches over the past 12 […]

The post Over Two Thirds of MSPs Hit by Multiple Breaches in Past Year, Survey Reveals appeared first on IT Security Guru.

Introducing the Cybereason TTP Briefing: Frontline Threat Intelligence Insights

Gain insight into the latest attack trends, techniques, and procedures our Incident Response experts are actively facing with the brand new TTP Briefing, a report built on frontline threat intelligence from our global incident response (IR) investigations, enriched by noteworthy detections from our SOC.

Ransomware Gangs Collapse as Qilin Seizes Control

The ransomware landscape is undergoing a turbulent realignment, marked by collapses, takeovers, and unexpected internal betrayals.

Copyright Phishing Lures Leading to Rhadamanthys Stealer Now Targeting Europe

Cybereason issues Threat Alerts to inform customers of emerging impacting threats, critical vulnerabilities and attacker campaigns. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.

Genesis Market - Malicious Browser Extension

Cybereason GSOC has identified a malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023.

CVE-2025-32433: Unauthenticated RCE Vulnerability in Erlang/OTP’s SSH Implementation

Key Takeaways

A critical vulnerability has been discovered in Erlang/OTP, tracked as CVE-2025-32433, and has a CVSS score of 10 (critical).
This critical remote code execution (RCE) vulnerability affects the SSH server within the Erlang/OTP software platform.
This vulnerability allows unauthenticated attackers to gain full system access by sending crafted SSH packets before any login or credentials are provided.
Systems running Erlang/OTP’s native SSH server are at risk and may be embedded in telecom, IoT, cloud platforms, databases, etc.
We recommend patching impacted systems immediately.

From Shadow to Spotlight: The Evolution of LummaStealer and Its Hidden Secrets

This article is a continuation of the previous research published on the malware LummaStealer: "Your Data Is Under New Lummanagement: The Rise of LummaStealer".

A Class Above: Expert Support for Data Breach Class Action Defense

Between 2022 and 2024, data breach-related class actions in the United States surged by over 146%, with the top 10 settlements in 2024 averaging 15% higher than in 2023. As organizations grapple with increasingly aggressive litigation stemming from cybersecurity incidents, class action lawsuits have become a major risk vector—one that now rivals the breach itself in terms of financial, operational, and reputational impact, underscoring the importance of both proactive cybersecurity posture and a strong defensive strategy in litigation. Whether it’s demonstrating reasonable security practices or disputing claims of harm resulting from cybersecurity incidents, the involvement of technical experts has become critical.

The Curious Case of PlayBoy Locker

Cybereason issues Threat Analysis reports to investigate emerging threats and provide practical recommendations for protecting against them. In this Threat Analysis report, Cybereason investigates the new Ransomware-as-a-Service (RaaS) known as PlayBoy Locker and how to defend against it through the Cybereason Defense Platform.

Are you keeping pace with Cyber Security AI innovation?

Skip ahead if you have heard this story, but when I started in anti-virus at Dr Solomon’s, Alan Solomon would share how he moved from doing hard disk data recoveries into antivirus because he received a drive to recover and recognized the corruption was logical. As such to fix the damage he wrote an algorithm (he was a mathematician by education) to undo the corruption. A few months later he was recovering another drive and recognized the same logical corruption, which led him to write a new algorithm to detect this corruption; this was how he started Dr Solomon’s antivirus software. The point here is that traditional anti-virus has always been based on pattern matching. Find something unique to each attack in its code, then you can write an algorithm or more commonly called these days a signature to detect, block and repair the attack. I remember Alan saying effectively that signatures had solved the virus problem, the volume would continue to grow, as would the complexity, but the same signature solution would always apply.

Cracking the Code: How to Identify, Mitigate, and Prevent BIN Attacks

KEY TAKEAWAYS

Understanding BIN Attacks: BIN attacks exploit the publicly available Bank Identification Numbers (BINs) on payment cards to brute-force valid card details, enabling fraudulent transactions. Identifying patterns of failed authorization attempts is critical for early detection.
Effective Mitigation Strategies: Implementing rate limiting, enhanced authentication (e.g., CAPTCHA, MFA), Web Application Firewalls (WAFs), geofencing, and machine-learning-based fraud detection tools can significantly reduce the likelihood of successful BIN attacks.
Collaborative Incident Response: Engage payment processors, card issuers, and digital forensics teams to trace attacks, freeze compromised cards, and implement long-term measures like tokenization and PCI DSS compliance to strengthen payment security.

Threat actors with financial motivations often leverage BIN attacks when targeting financial services or eCommerce victims. BIN attacks involve threat actors systematically testing card numbers stemming from a Bank Identification Number (BIN) to find valid card details. BIN values are assigned to card issuers and form the first 6-8 digits on payment cards. These values are published to merchants, payment processors, and other service providers to facilitate transactions and are publicly available. The BIN is then followed by an additional set of numbers (the account number) to form a complete Primary Account Number (PAN), or card number.

How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Soon�

Posted by Sean @ 12:52 GMT

Our "construction project" is progressing nicely.

A work in progress

And it should resolve this…

Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.

On 18/08/15 At 12:52 PM

Work In Progress

Posted by Sean @ 13:25 GMT

Regular readers will have noticed it's been slow here of late.

Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.

On 13/08/15 At 01:25 PM

"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT

Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:

iOS 9 Public Beta 2, Install

And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.

iOS 9 Public, Safari Block Alerts

We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.

On 23/07/15 At 09:53 AM

Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.

seaduke_crossplatform (39k image)
An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.

bastion_z (12k image)
A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.

onedrive_z (7k image)
A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".

decoy_ndi_small (63k image)
Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.

decoy_fax (72k image)
The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP

On 22/07/15 At 11:59 AM

'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT

VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.

The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.

On 20/07/15 At 12:40 PM

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:

iosclean.com

Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:

Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.

error1014.com

The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)

On 17/07/15 At 10:15 AM

Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.

overall_stats (11k image)

Here are the stats for each exploit kit:

ek_stats (27k image)

The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:

weekend_wave_stats (22k image)

Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:

angler_vs_hanjuan_urlpattern (9k image)

We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:

anglerek_ht0d_3 (26k image)

HanJuan Flash Exploit:

hanjuanek_ht0d_3 (23k image)

There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.

On 13/07/15 At 12:29 PM

The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT

When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):

hacking_team_client_list (86k image)

Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:

hacking_team_hack_1 (95k image)

hacking_team_hack_2 (72k image)

Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.

Post by – Su Gim

On 08/07/15 At 02:31 AM

Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT

The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.

Wassenaar Arrangement definitions
(Source)

So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.

On 09/06/15 At 01:25 PM

Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT

I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.

_WalkinWiFi

Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean

On 08/06/15 At 01:27 PM

SMS Exploit Messages

Posted by Sean @ 13:56 GMT

There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.

S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:

Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:

Effective Power Unicode iOS hack vs Twitter

On 28/05/15 At 01:56 PM

Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT

In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:

crypt_email (104k image)

When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:

crypt_email_redirect_italy (187k image)

So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:

crypt_email_mal_italy (302k image)

Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:

crypt_email_redirect_spain (74k image)

If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:

crypt_email_target_spain (57k image)

And then to the malware itself:

crypt_email_mal_spain (313k image)

This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor

On 19/05/15 At 03:17 AM

Mac Hack Demonstration

Posted by Sean @ 12:46 GMT

Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.

Don't worry, it's an authorized hack, she asked her mom for permission.

On 15/05/15 At 12:46 PM

Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries. As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

Scattered Spider Attacks US Airlines – The MSP Cyber News Snapshot – July 3rd

From courtroom breaches to cockpit infiltration, here’s this week’s Cyber Snapshot. Five critical stories you need on your radar, with safety advice included. We’ve got insider revenge, MFA manipulation, rogue browser extensions, and state-sponsored email theft, all in one rapid-fire rundown. Whether you’re in IT, cybersecurity compliance, or just trying to keep your team one […]

The post Scattered Spider Attacks US Airlines – The MSP Cyber News Snapshot – July 3rd appeared first on Heimdal Security Blog.

Heimdal Partners with Portland to Deliver Unified Cybersecurity for Benelux MSPs

Amsterdam, Netherlands – July 3, 2025 – Heimdal, a leading European provider of unified, AI-driven cybersecurity solutions, today announced a strategic distribution partnership with Portland, a top-tier IT channel specialist in the Benelux region. The collaboration gives Managed Service Providers (MSPs) across Belgium, the Netherlands, and Luxembourg streamlined access to Heimdal’s award-winning Extended Detection and […]

The post Heimdal Partners with Portland to Deliver Unified Cybersecurity for Benelux MSPs appeared first on Heimdal Security Blog.

97% of MSPs Still Use Excel. Here’s the Risk – With Kevin Lancaster

Too many vendors, too little time, and more logins than you can count. Sound familiar? Our guest today is Kevin Lancaster, an advisor, investor, and founder of Channel Program, a platform that gives MSPs and vendors the data they need to make smarter, faster decisions. Kevin’s been on every side of this industry, from building […]

The post 97% of MSPs Still Use Excel. Here’s the Risk – With Kevin Lancaster appeared first on Heimdal Security Blog.

AI-fueled fake IDs and identity theft: What you need to know

Identity theft happens every 22 seconds in the U.S. and now, artificial intelligence is making it easier for scammers. What used to be rough Photoshop jobs has evolved into slick, AI-generated IDs that can trick high-end security systems. These fakes often rely on something people give away freely: their social media photos. As AI tools […]

The post AI-fueled fake IDs and identity theft: What you need to know appeared first on Heimdal Security Blog.

New DDoS Attack Record – The MSP Cyber News Snapshot – June 26th

Cybersecurity Advisor Adam Pilton is back with a fresh Cyber News Snapshot for MSPs & other professionals in the IT industry. Top cybersecurity news between 20th and 26th June talks about Qilin ransomware’s new tricks, a DHS advisory on Iran-supported threat actors, a healthcare facilities’ data breach impact, and a new record for DDoS attacks. Adam seasoned all that with actionable […]

The post New DDoS Attack Record – The MSP Cyber News Snapshot – June 26th appeared first on Heimdal Security Blog.

European Cybersecurity Leader Heimdal Partners with Montreal’s Fusion Cyber Group for Canadian Market Expansion

MONTREAL, CANADA – June 25, 2025 – Heimdal Security, a leading European provider of unified, AI-powered cybersecurity solutions, has partnered with Montreal-based Fusion Cyber Group to deliver its integrated platform to small and medium-sized businesses (SMBs) across Canada. Under the partnership, Fusion Cyber Group will distribute Heimdal’s solutions across Canada, while addressing the growing problem of […]

The post European Cybersecurity Leader Heimdal Partners with Montreal’s Fusion Cyber Group for Canadian Market Expansion appeared first on Heimdal Security Blog.

The MSP Cyber Snapshot – Weekly News with Adam Pilton – June 19th 2025

In this week’s Snapshot, cybersecurity advisor Adam Pilton breaks down the latest news on dodgy VPNs, sneaky phishing, a worrying shift from Scattered Spider, and more. Read on to find out how to avoid falling victim to similar threats. Adam is a former cyber detective with years of experience in this field. Use his insights […]

The post The MSP Cyber Snapshot – Weekly News with Adam Pilton – June 19th 2025 appeared first on Heimdal Security Blog.

From Frankenstack to Framework: How MSPs Can Build Simpler, Smarter Security with Ross Brouse

Welcome back to the MSP Security Playbook. In today’s episode, we’re diving deep into one of the most persistent challenges MSPs face: balancing layered security with operational simplicity. From tool sprawl and alert fatigue to vendor bloat and agent overload, it’s a complex puzzle. It’s easy to think more tools mean better protection, but is […]

The post From Frankenstack to Framework: How MSPs Can Build Simpler, Smarter Security with Ross Brouse appeared first on Heimdal Security Blog.

What Can Schools Expect When Choosing Heimdal?

This piece is authored by Michael Coffer, Heimdal’s resident sales expert for the education sector. Michael speaks to hundreds of IT admins a year, so there are few people who understand the challenges of this sector better than him. Here, he explains what to expect when you get on the phone with a Heimdal sales […]

The post What Can Schools Expect When Choosing Heimdal? appeared first on Heimdal Security Blog.

How Smart IT Teams Are Stopping Cyber Attacks on Schools

This piece is authored by Michael Coffer, Heimdal’s resident sales expert for the education sector. Michael speaks to hundreds of IT admins a year, so there are few people who understand the challenges of this sector better than him. Here, he explains why Heimdal is an increasingly popular choice for IT admins everywhere. In the […]

The post How Smart IT Teams Are Stopping Cyber Attacks on Schools appeared first on Heimdal Security Blog.

From Cyber Essentials to Real Protection in Education

This piece is authored by Michael Coffer, Heimdal’s resident sales expert for the education sector. Michael speaks to hundreds of IT admins a year, so there are few people who understand the challenges of this sector better than him. Here, he explains why Cyber Essentials alone isn’t enough to keep you safe – and how […]

The post From Cyber Essentials to Real Protection in Education appeared first on Heimdal Security Blog.

Heimdal Cybersecurity for Schools: Why IT Teams Make the Switch

This piece is authored by Michael Coffer, Heimdal’s resident sales expert for the education sector. Michael speaks to hundreds of IT administrators a year, so few people understand the challenges of this sector better than he does. Here, he explains why Heimdal is an increasingly popular choice for IT admins everywhere. As Heimdal’s in-house […]

The post Heimdal Cybersecurity for Schools: Why IT Teams Make the Switch appeared first on Heimdal Security Blog.

Heimdal’s Latest Podcast Episode Unpacks Long-Term MSP Marketing Strategies with Paul Green

COPENHAGEN, Denmark – June 5, 2025 – We are proud to announce the release of Episode 2 of our podcast series, The MSP Security Playbook. This episode features Paul Green, a renowned MSP marketing expert, who shares insights on building long-term client relationships and effective marketing strategies for managed service providers (MSPs). In this episode, […]

The post Heimdal’s Latest Podcast Episode Unpacks Long-Term MSP Marketing Strategies with Paul Green appeared first on Heimdal Security Blog.

Forget Your Tech Stack – Focus on Sales First with Paul Green

Welcome back to the MSP Security Playbook, the podcast that helps Managed Service Providers (MSPs) build stronger, more profitable businesses. I’m your host, Jacob Hazelbaker, BDR here at Heimdal Security, your partner in unified AI-powered cybersecurity solutions. In today’s episode, we’re talking about something every MSP struggles with at some point: selling security. You might […]

The post Forget Your Tech Stack – Focus on Sales First with Paul Green appeared first on Heimdal Security Blog.

Admin Rights Are the Problem, Not Which Antivirus You Choose

There’s been a lot of noise lately on Reddit and other platforms about how “easy” it is to disable Windows Defender ATP. MSPs are getting questions from clients about this concern. But these discussions are focusing on the wrong issue entirely. Yes, You Can Disable Defender ATP (But That’s Not the Real Problem) If you […]

The post Admin Rights Are the Problem, Not Which Antivirus You Choose appeared first on Heimdal Security Blog.

ISC Stormcast For Thursday, July 3rd, 2025 https://isc.sans.edu/podcastdetail/9512, (Thu, Jul 3rd)

No summary available.

ISC Stormcast For Monday, June 30th, 2025 https://isc.sans.edu/podcastdetail/9510, (Mon, Jun 30th)

No summary available.

ISC Stormcast For Friday, June 27th, 2025 https://isc.sans.edu/podcastdetail/9508, (Fri, Jun 27th)

No summary available.

ISC Stormcast For Thursday, June 26th, 2025 https://isc.sans.edu/podcastdetail/9506, (Thu, Jun 26th)

No summary available.

ISC Stormcast For Wednesday, June 25th, 2025 https://isc.sans.edu/podcastdetail/9504, (Wed, Jun 25th)

No summary available.

Quick Password Brute Forcing Evolution Statistics, (Tue, Jun 24th)

We have collected SSH and telnet honeypot data in various forms for about 10 years. Yesterday&#;x26;#;39;s diaries, and looking at some new usernames attempted earlier today, made me wonder if botnets just add new usernames or remove old ones from their lists. So I pulled some data from our database to test this hypothesis. I didn&#;x26;#;39;t spend a lot of time on this, and this could use a more detailed analysis. But here is a preliminary result:

ISC Stormcast For Tuesday, June 24th, 2025 https://isc.sans.edu/podcastdetail/9502, (Tue, Jun 24th)

No summary available.

Scans for Ichano AtHome IP Cameras, (Mon, Jun 23rd)

Ichano&#;x26;#;39;s "AtHome Camera" is a bit of a different approach to home surveillance cameras [1]. Instead of a hardware camera solution, this product is a software solution that turns existing devices like computers and tablets into webcams. The software implements features we know from similar IP camera devices. It enabled streaming of images and remote access to features like motion detection and alerting.

ISC Stormcast For Monday, June 23rd, 2025 https://isc.sans.edu/podcastdetail/9500, (Mon, Jun 23rd)

No summary available.


ADS & Python Tools, (Sat, Jun 21st)

Ehsaan Mavani talks about Alternate Data Streams (ADS) in diary entry "Alternate Data Streams ? Adversary Defense Evasion and Detection [Guest Diary]".

What Makes Southeast Asia the “Ground Zero of Cybercrime”?

Author: Bex Bailey

Our 2025 Phishing By Industry Benchmarking Report examines why organizations across Asia face some of the highest levels of cybersecurity risk worldwide.

Is your Human Risk Management Program Creating Measurable Change? Find Out with Our Free Program Maturity Assessment

In today's threat landscape, your employees represent both your greatest vulnerability and your strongest defense.

CyberheistNews Vol 15 #26 [My Clicking Time Bomb] What Do I Do About the Repeat Clickers?

Your KnowBe4 Compliance Plus Fresh Content Updates from June 2025

Check out the June updates in Compliance Plus so you can stay on top of featured compliance training content.

US Tech Executives Cite Cyberattacks as Their Top Concern

A new survey has found that 64% of C-Suite executives in cybersecurity or data center roles view data breaches and ransomware attacks as the top threat to companies over the next decade.

Your KnowBe4 Fresh Content Updates from June 2025

Check out the 33 new pieces of training content added in June, alongside the always fresh content update highlights, new features and events.

Warning: Scammers are Targeting WhatsApp Users

Researchers at Bitdefender warn of a wave of social engineering attacks targeting WhatsApp accounts.

What Is Human Risk Management?

Cybersecurity has long focused on fortifying networks, securing endpoints and blocking malicious code.

Europol Warns of Social Engineering Attacks

Social engineering remains a primary initial access vector for cybercriminals, according to a new report from Europol.

CyberheistNews Vol 15 #25 Microsoft & KnowBe4 Collab: Strengthen Email Security Through Strategic Integration

News alert: SquareX research finds browser AI agents are proving riskier than human employees

Palo Alto, Calif., Jun. 30, 2025, CyberNewswire–Every security practitioner knows that employees are the weakest link in an organization, but this is no longer the case.

SquareX’s research reveals that Browser AI Agents are more likely to fall prey … (more…)

The post News alert: SquareX research finds browser AI agents are proving riskier than human employees first appeared on The Last Watchdog.

STRATEGIC REEL: APIs are the new perimeter — and business logic attacks are slipping through

APIs have become the digital glue of the enterprise — and attackers know it.

Related: API security – the big picture

In this debut edition of the Last Watchdog Strategic Reel (LWSR), A10 Networks’ Field CISO Jamison Utter cuts … (more…)

The post STRATEGIC REEL: APIs are the new perimeter — and business logic attacks are slipping through first appeared on The Last Watchdog.

News alert: Halo Security’s attack surface management platform wins MSP Today’s top award

Miami, June 18, 2025, CyberNewswire — Halo Security today announced that its attack surface management solution has been named a 2025 MSP Today Product of the Year Award winner by TMC, a leading global media company recognized for building communities … (more…)

The post News alert: Halo Security’s attack surface management platform wins MSP Today’s top award first appeared on The Last Watchdog.

MY TAKE: Microsoft takes ownership of AI risk — Google, Meta, Amazon, OpenAI look the other way

Last week at Microsoft Build, Azure CTO Mark Russinovich made headlines by telling the truth.

Related: A basis for AI optimism

In a rare moment of public candor from a Big Tech executive, Russinovich warned that current AI architectures—particularly … (more…)

The post MY TAKE: Microsoft takes ownership of AI risk — Google, Meta, Amazon, OpenAI look the other way first appeared on The Last Watchdog.

GUEST ESSAY: The AI illusion: Don’t be fooled, innovation without guardrails is just risk–at scale

Artificial intelligence is changing everything – from how we search for answers to how we decide who gets hired, flagged, diagnosed, or denied.

Related: Does AI take your data?

It offers speed and precision at unprecedented scale. But without intention, … (more…)

The post GUEST ESSAY: The AI illusion: Don’t be fooled, innovation without guardrails is just risk–at scale first appeared on The Last Watchdog.

News alert: Arsen launches AI-powered vishing simulation to help combat voice phishing at scale

Paris, Jun. 3, 2025, CyberNewswire–Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation module, a cutting-edge tool designed to train employees against one of the fastest-growing … (more…)

The post News alert: Arsen launches AI-powered vishing simulation to help combat voice phishing at scale first appeared on The Last Watchdog.

SHARED INTEL Q&A: A sharper lens on rising API logic abuse — and a framework to fight back

In today’s digital enterprise, API-driven infrastructure is the connective tissue holding everything together.

Related: The DocuSign API-abuse hack

From mobile apps to backend workflows, APIs are what keep digital services talking—and scaling. But this essential layer of connectivity is also … (more…)

The post SHARED INTEL Q&A: A sharper lens on rising API logic abuse — and a framework to fight back first appeared on The Last Watchdog.

RSAC Fireside Chat: Operationalizing diverse security to assure customers, partners–and insurers

Catastrophic outages don’t just crash systems — they expose assumptions.

At RSAC 2025, I met with ESET Chief Security Evangelist Tony Anscombe to trace a quiet but growing convergence: endpoint defense, cyber insurance, … (more…)

The post RSAC Fireside Chat: Operationalizing diverse security to assure customers, partners–and insurers first appeared on The Last Watchdog.

News alert: Seraphic launches BrowserTotal™ — a free AI-powered tool to stress test browser security

Tel Aviv, Israel, June 9, 2025, CyberNewswire — Seraphic Security, a leader in enterprise browser security, today announced the launch of BrowserTotal, a unique and proprietary public service enabling enterprises to assess their browser security posture in … (more…)

The post News alert: Seraphic launches BrowserTotal™ — a free AI-powered tool to stress test browser security first appeared on The Last Watchdog.

Shared Intel Q&A: Can risk-informed patching finally align OT security with real-world threats?

Cyber threats to the U.S. electric grid are mounting. Attackers—from nation-state actors to ransomware gangs—are growing more creative and persistent in probing utility networks and operational technology systems that underpin modern life.

Related: The evolution of OT security

And yet, … (more…)

The post Shared Intel Q&A: Can risk-informed patching finally align OT security with real-world threats? first appeared on The Last Watchdog.

Drug cartel hacked cameras and phones to spy on FBI and identify witnesses

The “El Chapo” Mexican drug cartel snooped on FBI personnel through hacked cameras, and listened in on their phone calls to...

Catwatchful “child monitoring” app exposes victims’ data

Stalkerware app Catwatchful has been leaking customer and victim information. It is one in a long line of such apps to do this.

Microsoft, PayPal, DocuSign, and Geek Squad faked in callback phishing scams

Callback phishing scam emails are masquerading as messages from popular brands used for everyday tasks that put small businesses at risk.

Qantas: Breach affects 6 million people, “significant” amount of data likely taken

Australian airline Qantas has confirmed a data breach at a third party provider that affects six million customers.

Update your Chrome to fix new actively exploited zero-day vulnerability

Google has released an urgent update for the Chrome browser to patch a vulnerability which has already been exploited.

Bluetooth vulnerability in audio devices can be exploited to spy on users

Researchers have found a set of vulnerabilities in Bluetooth connected devices that could allow an attacker to spy on users.

Facebook wants to look at your entire camera roll for “AI restyling” suggestions, and more

Facebook's pursuit of your personal data continues, and now it has a new target: photos on your phone that you haven't shared with it yet.

Corpse-eating selfies, and other ways to trick scammers (Lock and Code S06E14)

This week on the Lock and Code podcast, we speak with Becky Holmes about how she tricks, angers, and jabs at romance scammers online.

AT&T to pay compensation to data breach victims. Here’s how to check if you were affected

AT&T is set to pay $177 million to customers affected by two significant data breaches. Were you affected and how can you submit your claim?

Android threats rise sharply, with mobile malware jumping by 151% since start of year

We've seen several spikes in Android threats since the start of 2025. Here's how to protect yourself.

A week in security (June 23 – June 29)

A list of topics we covered in the week of June 23 to June 29 of 2025

Fake DocuSign email hides tricky phishing attempt

An invitation to sign a DocuSign document went through mysterious ways and a way-too-easy Captcha to fingerprint the target.

Jailbroken AIs are helping cybercriminals to hone their craft

Cybercriminals are using jailbroken AI models to assist them in designing campaigns and improving their tactics.

Why the Do Not Call Registry doesn’t work

The Do Not Call Registry hardly works. The reason why is simple and frustrating—it was never meant to stop all unwanted calls.

Facial recognition: Where and how you can opt out

Facial recognition is quickly becoming commonplace. It is important to know where, when, and how you can opt out.

Many data brokers are failing to register with state consumer protection agencies

Data brokers that have registered in one state are failing to register in other states. What could be behind this?

Sextortion email scammers increase their “Hello pervert” money demands

"Hello pervert" sextortion emails are going through some changes and the price they're demanding has gone up considerably.

Thousands of private camera feeds found online. Make sure yours isn’t one of them

What happens in the privacy of your own home stays there. Or does it?

Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks

Russian hackers have convinced targets to share their app passwords in very sophisticated and targeted social engineering attacks.

A week in security (June 15 – June 21)

Last week on Malwarebytes Labs: Last week on ThreatDown: Stay safe!

7 Steps to a Successful ISO 27001 Risk Assessment (Updated for 2025)

Risk assessments remain central to ISO 27001 compliance in 2025, ensuring your ISMS (information security management system) is robust and effective. ISO 27001:2022 and ISO 27002:2022 introduced several updates that organisations should incorporate into their risk assessment processes. Here are the seven essential steps for conducting a successful ISO 27001 risk assessment in line with current best practices. 1. Define your risk assessment methodology ISO 27001 does not prescribe a single methodology. Rather, organisations must tailor the approach to fit their needs. Your methodology should clearly define: Consistency and clarity in these definitions ensure reliable and comparable results across your

The post 7 Steps to a Successful ISO 27001 Risk Assessment (Updated for 2025) appeared first on IT Governance Blog.

How to Write a GDPR Data Protection Policy (Updated for 2025)

Whether you’re a UK-based SME or a multinational, having a clear and effective data protection policy is a critical step toward complying with the UK GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018, the EU GDPR, and other privacy laws in 2025. A well-written policy not only protects your organisation against regulatory penalties but also helps build trust with customers, partners, and employees – demonstrating that you take privacy and data security seriously. What is a data protection policy? A data protection policy is an internal document that outlines how your organisation collects, processes, stores and protects

The post How to Write a GDPR Data Protection Policy (Updated for 2025) appeared first on IT Governance Blog.

Building Your Cyber Security Career: The Credentials Needed for Management and Specialist Roles

In a recent webinar hosted by IT Governance, Andy Johnston (divisional director for training), Nikolai Nikolaev (information security specialist) and Soji Obunjobi (cyber security specialist) shared valuable insights into navigating a career in cyber security, with particular focus on the qualifications and experience needed for management and specialist roles. This blog summarises key takeaways from the webinar, providing guidance on career pathways, essential certifications and the skills required to advance in the cyber security field. You might also be interested in our blog How to Start Your Career in Data Protection and Privacy. The growing demand for cyber security professionals

The post Building Your Cyber Security Career: The Credentials Needed for Management and Specialist Roles appeared first on IT Governance Blog.

Unlocking Access: How to Respond to a DSAR (Data Subject Access Request)

Under both the UK and EU GDPR, individuals have the right to know what personal data an organisation processes about them and how it is used. This right is exercised through a DSAR (data subject access request). This guide outlines how to handle DSARs in compliance with current legislation. Contents What are data subject access requests? What should be included in a DSAR response? Can information be redacted? Do individuals have to provide a reason for a DSAR? Does a DSAR need to be in writing? Can someone submit a DSAR on behalf of someone else? How long do organisations

The post Unlocking Access: How to Respond to a DSAR (Data Subject Access Request) appeared first on IT Governance Blog.

How to Write a GDPR Data Privacy Notice – Updated Guide and Template for 2025

In 2025, transparency continues to be at the heart of effective data protection. A clear and compliant privacy notice is not only a regulatory necessity under the UK and EU GDPR (General Data Protection Regulation), but also a critical element in building trust with your customers and stakeholders. This updated guide will help your organisation craft a privacy notice that meets current standards, enhances transparency and demonstrates your commitment to data privacy. What is a GDPR privacy notice? A GDPR privacy notice is a public-facing document that clearly informs individuals about how an organisation collects, processes and protects their personal

The post How to Write a GDPR Data Privacy Notice – Updated Guide and Template for 2025 appeared first on IT Governance Blog.

The Critical Role of a DPO: Why Outsourcing is the Smart Choice

As data protection regulations become more stringent, the DPO (data protection officer) role has become increasingly critical for organisations. In a recent webinar, Dr Loredana Tassone explored the legal requirements for a DPO, the common pitfalls when appointing internal DPOs and why outsourcing this function might be the smart choice for many organisations seeking to avoid conflicts of interest while ensuring expertise and independence. This blog post provides an overview of what was discussed. When must you appoint a DPO? According to the GDPR, controllers and processors must designate a DPO in three specific situations: The GDPR doesn’t explicitly define

The post The Critical Role of a DPO: Why Outsourcing is the Smart Choice appeared first on IT Governance Blog.

The Data (Use and Access) Act and How it Affects the UK GDPR and DPA 2018, and PECR

Enacted today, the Data (Use and Access) Bill – now the Data (Use and Access) Act 2025 or ‘DUAA’ – marks a significant moment in the evolution of UK data protection legislation. The Act builds on previous legislative efforts – most notably 2022’s shelved DPDI (Data Protection and Digital Information) Bill – and brings together key reforms under one cohesive framework. While its principal focus is to reform the UK GDPR (General Data Protection Regulation and DPA (Data Protection Act) 2018, and the PECR (Privacy and Electronic Communications Regulations), the DUAA is far more than a privacy update. It also

The post The Data (Use and Access) Act and How it Affects the UK GDPR and DPA 2018, and PECR appeared first on IT Governance Blog.

Understanding the CIA Triad in 2025: A Cornerstone of Cyber Security

The CIA triad – confidentiality, integrity and availability – remains the foundational model for information security in 2025. It’s embedded into virtually every modern security framework, from ISO 27001 to the GDPR. Article 32 of the GDPR explicitly refers to these principles when defining the necessary security measures for protecting personal data. Understanding and applying the CIA triad correctly helps organisations manage risk, implement robust security controls and build operational resilience. What Is the CIA triad? The CIA triad refers to three core principles: Watch our explainer video: What is the CIA triad and why is it important? CIA step

The post Understanding the CIA Triad in 2025: A Cornerstone of Cyber Security appeared first on IT Governance Blog.

Global Data Breaches and Cyber Attacks in May 2025 – More Than 1.4 Billion Records Breached

Summary Sources of breached data Top 5 incidents by number of records affected The following are the largest incidents publicly disclosed in May 2025, ranked by known/claimed impact: 1. Facebook (Meta) 2. Unknown credentials database 3. AT&T (unverified) 4. Co-op UK 5. LexisNexis Risk Solutions Trends in May 2025 Key vulnerabilities exploited List of data breaches and cyber attacks disclosed in May 2025 Disclosure date Organisation Country Sector Incident type Records affected 1 May Ascension Health USA Healthcare Third-party data breach (vulnerability exploit) 430,000 patients 1 May Barnstable County Sheriff’s Office USA Government (Law Enforcement) Insider data leak 101 employees

The post Global Data Breaches and Cyber Attacks in May 2025 – More Than 1.4 Billion Records Breached appeared first on IT Governance Blog.

Penetration Testing for SaaS Providers: Building Trust and Security

In today’s rapidly evolving digital landscape, SaaS (software as a service) providers face increasing scrutiny regarding the security of their platforms. And with increasing numbers of customers entrusting sensitive data to Cloud-based solutions, penetration testing has become an essential component of a comprehensive security strategy. In a recent webinar, Penetration Testing for SaaS Providers, our head of security testing, James Pickard, discussed: This blog post provides an overview of what was discussed. What is a SaaS platform? SaaS platforms are Internet-accessible products that can be accessed across multiple devices or platforms. They are typically hosted in the Cloud to facilitate

The post Penetration Testing for SaaS Providers: Building Trust and Security appeared first on IT Governance Blog.

AI and collaboration tools: how cyberattackers are targeting SMBs in 2025

In its annual SMB threat report, Kaspersky shares insights into trends and statistics on malware, phishing, scams, and other threats to small and medium-sized businesses, as well as security tips.

SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play

SparkKitty, a new Trojan spy for iOS and Android, spreads through untrusted websites, the App Store, and Google Play, stealing images from users' galleries.

Toxic trend: Another malware threat targets DeepSeek

Kaspersky GReAT experts discovered a new malicious implant: BrowserVenom. It enables a proxy in browsers like Chrome and Mozilla and spreads through a DeepSeek-mimicking phishing website.

Sleep with one eye open: how Librarian Ghouls steal data by night

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721

Kaspersky GReAT experts describe the new features of a Mirai variant: the latest botnet infections target TBK DVR devices with CVE-2024-3721.

IT threat evolution in Q1 2025. Non-mobile statistics

The report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q1 2025.

IT threat evolution in Q1 2025. Mobile statistics

The number of attacks on mobile devices involving malware, adware, or unwanted apps saw a significant increase in the first quarter.

Host-based logs, container-based threats: How to tell where an attack began

Kaspersky expert shares insights on how to determine whether an attack was first launched in a container or on the host itself when an organization’s logs lack container visibility.

Exploits and vulnerabilities in Q1 2025

This report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025.

Zanubis in motion: Tracing the active evolution of the Android banking malware

A comprehensive historical breakdown of Zanubis' changes, including RC4 and AES encryption, credentials stealing and new targets in Peru, provided by Kaspersky GReAT experts.

About This Website

Cybersecurity News

Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams

Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets

The Hidden Weaknesses in AI SOC Tools that No One Talks About

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat

Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware

Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns

New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms

Microsoft Removes Password Management from Authenticator App Starting August 2025

U.S. Agencies Warn of Rising Iranian Cyber Attacks on Defense, OT Networks, and Critical Infrastructure

Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories

⚡ Weekly Recap: Airline Hacks, Citrix 0-Day, Outlook Malware, Banking Trojans and more

FBI Warns of Scattered Spider's Expanding Attacks on Airlines Using Social Engineering

GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool

Facebook’s New AI Tool Asks to Upload Your Photos for Story Ideas, Sparking Privacy Concerns

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack

Business Case for Agentic AI SOC Analysts

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks

Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews

nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games

Beware the Hidden Risk in Your Entra Environment

SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks

North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages

Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options

New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public

Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue

Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

Big Tech’s Mixed Response to U.S. Treasury Sanctions

Senator Chides FBI for Weak Advice on Mobile Security

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

Patch Tuesday, June 2025 Edition

Proxy Services Feast on Ukraine’s IP Address Exodus

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

Oops: DanaBot Malware Devs Infected Their Own PCs

KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

Breachforums Boss to Pay $700k in Healthcare Breach

Surveillance Used by a Drug Cartel

Ubuntu Disables Spectre/Meltdown Protections

Iranian Blackout Affected Misinformation Campaigns

How Cybersecurity Fears Affect Confidence in Voting Systems

Friday Squid Blogging: What to Do When You Find a Squid “Egg Mop”

The Age of Integrity

White House Bans WhatsApp

What LLMs Know About Their Users

Here’s a Subliminal Channel You Haven’t Considered Before

Largest DDoS Attack to Date

This Sony Bravia is my pick for best TV for the money - and it hit a new low price for July 4th

Why I'm switching to the MacBook Air M4 from my Windows laptop (and you should too at this price)

Best July 4th TV deals 2025: My favorite early sales save you up to $2,500

This portable battery station powered my home for two weeks - and it's on sale for Prime Day

Best July 4th laptop deals live now

I replaced my Ray-Ban Meta with these Amazon smart glasses, and was impressed

My favorite USB-C accessory of all time got a magnetic upgrade - and it's only $8 on sale

I'm a phone expert, and these July 4th mobile deals are worth upgrading to