Cybersecurity News

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend

From the "Department of No" to a "Culture of Yes": A Healthcare CISO's Journey to Enabling Modern Care

Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn't, because we were so concentrated on where we were." This chaotic approach has

U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud

The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved in

ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor, which affected a very small number of ScreenConnect

Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas

Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its quarterly Adversarial Threat Report. This included a network of 658 accounts on Facebook, 14 Pages, and

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan

New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet. The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable. While the DOS header makes the executable file backward compatible

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that were

Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2). The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities. "Misuse of cloud

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social

Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore

An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware. Sina Gholinejad (aka Sina Ghaaf), 37, and his co-conspirators are said to have breached the computer networks of various organizations in the United States and encrypted files with Robbinhood ransomware to demand Bitcoin ransom payments.

Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack

The Czech Republic on Wednesday formally accused a threat actor associated with the People's Republic of China (PRC) of targeting its Ministry of Foreign Affairs. In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The extent of the breach is presently not

Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File

Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's entire cloud storage content, as opposed to just the files selected for upload via the tool. "This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,

New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts. "Rather than scanning the internet, the malware retrieves a list of targets from a command-and-control (C2) server

From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign

Stealer malware no longer just steals passwords. In 2025, it steals live sessions—and attackers are moving faster and more efficiently than ever. While many associate account takeovers with personal services, the real threat is unfolding in the enterprise. Flare’s latest research, The Account and Session Takeover Economy, analyzed over 20 million stealer logs and tracked attacker activity across

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The vulnerability in question is CVE-2025-32432, a maximum severity flaw in Craft CMS that was patched in

How 'Browser-in-the-Middle' Attacks Steal Sessions in Seconds

Would you expect an end user to log on to a cybercriminal’s computer, open their browser, and type in their usernames and passwords? Hopefully not! But that’s essentially what happens if they fall victim to a Browser-in-the-Middle (BitM) attack. Like Man-in-the-Middle (MitM) attacks, BiTM sees criminals look to control the data flow between the victim’s computer and the target service, as

251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch

Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct "exposure points" earlier this month. The activity, observed by GreyNoise on May 8, 2025, involved as many as 251 malicious IP addresses that are all geolocated to Japan and hosted by Amazon. "These IPs triggered 75 distinct behaviors, including CVE exploits,

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone. The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from "deceptive apps designed to steal personal information to fraudulent payment schemes that attempt to exploit

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. The attacks, designed to mine for Dero currency, is notable for its worm-like capabilities to propagate the malware to other exposed Docker instances and rope them into an ever-growing horde of mining bots. Kaspersky said it observed an unidentified threat

Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets

Cybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT. The campaign indicates a "clear intent to target individuals for financial gain by compromising their credentials, crypto wallets, and potentially selling access to their systems," the

Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

Microsoft has shed light on a previously undocumented cluster of malicious activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to "worldwide cloud abuse." Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government objectives,

AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale

Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot’s code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non‑human identities (NHIs) across corporate clouds. That population is already overwhelming the enterprise: many companies

Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers

Threat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud. The activity, first detected by ReliaQuest in May 2025 targeting an unnamed customer in the manufacturing sector, is characterized by the use of fake login pages to access the employee payroll portal and redirect

Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth’s Stealth Phishing Campaign

The U.S. Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over the past two years. The campaign leverages "information technology (IT) themed social engineering calls, and callback phishing emails, to gain remote access to systems or devices and steal sensitive data to extort the victims,"

Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents

The Russia-aligned threat actor known as TAG-110 has been observed conducting a spear-phishing campaign targeting Tajikistan using macro-enabled Word templates as an initial payload. The attack chain is a departure from the threat actor's previously documented use of an HTML Application (.HTA) loader dubbed HATVIBE, Recorded Future's Insikt Group said in an analysis. "Given TAG-110's historical

Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto

As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint. The packages, published under three different accounts, come with an install‑time script that's triggered during npm install, Socket security researcher Kirill Boychenko said in a

CISO's Guide To Web Privacy Validation And Why It's Important

Are your web privacy controls protecting your users, or just a box-ticking exercise? This CISO’s guide provides a practical roadmap for continuous web privacy validation that’s aligned with real-world practices. – Download the full guide here. Web Privacy: From Legal Requirement to Business Essential As regulators ramp up enforcement and users grow more privacy-aware, CISOs face a mounting

⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs

Cyber threats don't show up one at a time anymore. They’re layered, planned, and often stay hidden until it’s too late. For cybersecurity teams, the key isn’t just reacting to alerts—it’s spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today’s complex systems, we

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework. The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena. "Catena uses embedded shellcode and configuration switching logic to stage

Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique

The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. "The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk," Expel said in a report shared with The Hacker News. "This removes many opportunities for browsers or security

ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices

Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network. The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into

300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide

As part of the latest "season" of Operation Endgame, a coalition of law enforcement agencies have taken down about 300 servers worldwide, neutralized 650 domains, and issued arrest warrants against 20 targets. Operation Endgame, first launched in May 2024, is an ongoing law enforcement operation targeting services and infrastructures assisting in or directly providing initial or consolidating

SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection

From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K stars and a rapidly growing global user base. This walkthrough covers what SafeLine is, how it works, and why it’s

U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization. The malware, the DoJ said, infected more than 300,000

CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," the agency said. "This

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users to write,

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access," Cisco Talos researchers

Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise

A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD). "The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement," Akamai security researcher Yuval Gordon said in a

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary code on a

Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program

It’s not enough to be secure. In today’s legal climate, you need to prove it. Whether you’re protecting a small company or managing compliance across a global enterprise, one thing is clear: cybersecurity can no longer be left to guesswork, vague frameworks, or best-effort intentions. Regulators and courts are now holding organizations accountable for how “reasonable” their security programs are

Identity Security Has an Automation Problem—And It's Bigger Than You Think

For many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders, reveals a different reality: too much still depends on people—not systems—to function. In fact, fewer than 4% of security teams have fully automated their core identity workflows. Core workflows, like

Critical Versa Concerto Flaws Let Attackers Escape Docker and Compromise Hosts

Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform that could be exploited to take control of susceptible instances. It's worth noting that the identified shortcomings remain unpatched despite responsible disclosure on February 13, 2025, prompting a public release of the issues

FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections

A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure associated with a commodity information stealer known as Lumma (aka LummaC or LummaC2), seizing 2,300 domains that acted as the command-and-control (C2) backbone to commandeer infected Windows systems. "Malware like LummaC2 is deployed to steal

Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics

Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165.

PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms

Russian organizations have become the target of a phishing campaign that distributes malware called PureRAT, according to new findings from Kaspersky. "The campaign aimed at Russian business began back in March 2023, but in the first third of 2025 the number of attacks quadrupled compared to the same period in 2024," the cybersecurity vendor said. The attack chains, which have not been

Fake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential Victims

Counterfeit Facebook pages and sponsored ads on the social media platform are being employed to direct users to fake websites masquerading as Kling AI with the goal of tricking victims into downloading malware. Kling AI is an artificial intelligence (AI)-powered platform to synthesize images and videos from text and image prompts. Launched in June 2024, it's developed by Kuaishou Technology,

Securing CI/CD workflows with Wazuh

Continuous Integration and Continuous Delivery/Deployment (CI/CD) refers to practices that automate how code is developed and released to different environments. CI/CD pipelines are fundamental in modern software development, ensuring code is consistently tested, built, and deployed quickly and efficiently. While CI/CD automation accelerates software delivery, it can also introduce security

How to Detect Phishing Attacks Faster: Tycoon2FA Example

It takes just one email to compromise an entire system. A single well-crafted message can bypass filters, trick employees, and give attackers the access they need. Left undetected, these threats can lead to credential theft, unauthorized access, and even full-scale breaches. As phishing techniques become more evasive, they can no longer be reliably caught by automated solutions alone. Let’s take

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers.

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

Authorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware.

Oops: DanaBot Malware Devs Infected Their Own PCs

The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware.

KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.

Breachforums Boss to Pay $700k in Healthcare Breach

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. "Pompompurin," is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM).

Patch Tuesday, May 2025 Edition

Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available.

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals.

xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

A employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk's companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.

Alleged ‘Scattered Spider’ Member Extradited to U.S.

A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims.

DOGE Worker’s Code Supports NLRB Whistleblower

A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code bundles shows it is remarkably similar to a program published in January 2025 by Marko Elez, a 25-year-old DOGE employee who has worked at a number of Musk's companies.

Why Take9 Won’t Improve Cybersecurity

There’s a new cybersecurity awareness campaign: Take9. The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share.

There’s a website—of course—and a video, well-produced and scary. But the campaign won’t do much to improve cybersecurity. The advice isn’t reasonable, it won’t make either individuals or nations appreciably safer, and it deflects blame from the real causes of our cyberspace insecurities...

Friday Squid Blogging: NGC 1068 Is the “Squid Galaxy”

I hadn’t known that the NGC 1068 galaxy is nicknamed the “Squid Galaxy.” It is, and it’s spewing neutrinos without the usual accompanying gamma rays.

Surveillance Via Smart Toothbrush

The only links are from The Daily Mail and The Mirror, but a marital affair was discovered because the cheater was recorded using his smart toothbrush at home when he was supposed to be at work.

Location Tracking App for Foreigners in Moscow

Russia is proposing a rule that all foreigners in Moscow install a tracking app on their phones.

Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information:

• Residence location
• Fingerprint
• Face photograph
• Real-time geo-location monitoring

This isn’t the first time we’ve seen this. Qatar did it in 2022 around the World Cup:

“After accepting the terms of these apps, moderators will have complete control of users’ devices,” he continued. “All personal content, the ability to edit it, share it, extract it as well as data from other apps on your device is in their hands. Moderators will even have the power to unlock users’ devices remotely.” ...

Chinese-Owned VPNs

One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain.

A new study found that many commercials VPNS are (often surreptitiously) owned by Chinese companies.

It would be hard for U.S. users to avoid the Chinese VPNs. The ownership of many appeared deliberately opaque, with several concealing their structure behind layers of offshore shell companies. TTP was able to determine the Chinese ownership of the 20 VPN apps being offered to Apple’s U.S. users by piecing together corporate documents from around the world. None of those apps clearly disclosed their Chinese ownership...

Friday Squid Blogging: US Naval Ship Attacked by Squid in 1978

Interesting story:

USS Stein was underway when her anti-submarine sonar gear suddenly stopped working. On returning to port and putting the ship in a drydock, engineers observed many deep scratches in the sonar dome’s rubber “NOFOUL” coating. In some areas, the coating was described as being shredded, with rips up to four feet long. Large claws were left embedded at the bottom of most of the scratches.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Signal Blocks Windows Recall

This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data.

The Voter Experience

Technology and innovation have transformed every part of society, including our electoral experiences. Campaigns are spending and doing more than at any other time in history. Ever-growing war chests fuel billions of voter contacts every cycle. Campaigns now have better ways of scaling outreach methods and offer volunteers and donors more efficient ways to contribute time and money. Campaign staff have adapted to vast changes in media and social media landscapes, and use data analytics to forecast voter turnout and behavior.

Yet despite these unprecedented investments in mobilizing voters, overall trust in electoral health, democratic institutions, voter satisfaction, and electoral engagement has significantly declined. What might we be missing?...

More AIs Are Taking Polls and Surveys

I already knew about the declining response rate for polls and surveys. The percentage of AI bots that respond to surveys is also increasing.

Solutions are hard:

1. Make surveys less boring.
We need to move past bland, grid-filled surveys and start designing experiences people actually want to complete. That means mobile-first layouts, shorter runtimes, and maybe even a dash of storytelling. TikTok or dating app style surveys wouldn’t be a bad idea or is that just me being too much Gen Z?

2. Bot detection.
There’s a growing toolkit of ways to spot AI-generated responses—using things like response entropy, writing style patterns or even metadata like keystroke timing. Platforms should start integrating these detection tools more widely. Ideally, you introduce an element that only humans can do, e.g., you have to pick up your price somewhere in-person. Btw, note that these bots can easily be designed to find ways around the most common detection tactics such as Captcha’s, timed responses and postcode and IP recognition. Believe me, way less code than you suspect is needed to do this...

DoorDash Hack

A DoorDash driver stole over $2.5 million over several months:

The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created. Devagiri would then mark the undelivered orders as complete and prompt DoorDash’s system to pay the driver accounts. Then he’d switch those same orders back to “in process” and do it all over again. Doing this “took less than five minutes, and was repeated hundreds of times for many of the orders,” writes the US Attorney’s Office...

This Eufy robot vacuum has a built-in handheld vac - and just hit its lowest price

Eufy features the cheapest robot vacuum combination this year, with a handheld unit built into the robot's body instead of the dock.

The best sleep headphones of 2025: Expert tested

I tested the best sleep headphones to find which whisked me away to sleep in minutes. These are the ones I recommend most.

I highly recommend this Lenovo laptop, and it's nearly 50% off

Lenovo's ThinkPad T14s Gen 6 is a top-notch work laptop with a long-lasting battery and solid performance. For a limited time, multiple configurations are on sale.

My picks for the best robot vacuums for pet hair of 2025: Roomba, Eufy, Ecovacs, and more

I tested the best robot vacuums for pet hair from iRobot, Roborock, and more to effortlessly keep your floors clean without the old upright vacuum.

Best robot mowers of 2025: I tested the best models on the market, and these are my favorites

We went hands-on with the best robot mowers that can cut your lawn regularly, so you can kick back and relax this spring.

Disney+ and Hulu now offer prizes, freebies, and other perks to keep you subscribed

If your next Disney+ binge can also score you a potential four-night Disney cruise or a host of other perks, streaming just got a lot more interesting.

The best laptop docking stations of 2025: Expert tested

Here are the best laptop docking stations we've gone hands-on with to tidy up your workspace.

This new YouTube Shorts feature lets you circle to search videos more easily

Now in beta, the new feature allows you to pull up detailed information in a video without leaving the YouTube app.

I replaced my Kindle with this E Ink tablet that runs Android - and don't regret it

The Onyx Boox Page delivers a rich feature set for an E Ink tablet, all housed within an equally noteworthy design.

I changed 10 Samsung phone settings to give it a significant performance boost

Samsung phones are brimming with useful features, but are you taking advantage of them?

How practical AI prevailed over hype at Red Hat Summit 2025

At Red Hat Summit and Ansible Fest 2025, discussions included open source, automation, security, and, of course, AI - but in a refreshing way.

Microsoft's Copilot for Gaming arrives in beta - how to try it on your phone

Stuck in a game on Xbox? Copilot is here to help.

Apple celebrates Global Running Day with a new Apple Watch reward - how to get it

Log a 5K (or more!) on June 4 and unlock an exclusive badge.

Amazon Prime Day 2025 returns this July: What we know so far

Amazon's Prime Day sale is back this July. Here's everything you need to know.

I recommend this HP laptop to creatives and business pros alike - especially at nearly 50% off

HP's EliteBook Ultra G1i is impressively lightweight, reliably powerful, and built to last on battery life. But there's more to it.

I changed 6 settings on my Roku TV to instantly improve the user experience

Here's a breakdown of several methods you can use to clear your Roku TV cache and boost performance in just minutes.

The 12 best expert-picked Father's Day gifts for tech-loving dads

Forget tool kits and socks -- these top gadgets from smart wearables to thermometers will make the perfect gift for dad, no matter how tech-savvy he is (or isn't).

This hidden Google Earth slider lets you travel up to 80 years back in time. Here's how to try it

Ever wonder what your street looked like in the 1980s - or even the 30s? With Google Earth's historical imagery feature, you can view almost any location as it would've appeared throughout time.

Save $200 on this 77-piece Milwaukee wrench set at The Home Depot

Need an early Father's Day gift or just looking to expand your toolbox? The Home Depot is currently offering the 77-piece Milwaukee SAE/Metric combination wrench and socket set for 27% off.

I worked from the viral Couchmaster for a month - here's my buying advice now

Yes, you can be productive from the couch. This lap desk is packed with intentional features that make it great for gamers and workers alike.

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns

Security researchers flag two phishing campaigns abusing Firebase and Google Apps Script to host malware and fake login pages.

The post Firebase, Google Apps Script Abused in Fresh Phishing Campaigns appeared first on SecurityWeek.

US Sanctions Philippine Company for Supporting Crypto Scams

The US Treasury Department US has slapped sanctions on Funnull Technology for providing support to cryptocurrency investment scams.

The post US Sanctions Philippine Company for Supporting Crypto Scams appeared first on SecurityWeek.

Watch Now: Why Context is a Secret Weapon in Application Security Posture Management

Join the live webinar to understand why data in itself is not enough to make informed decisions for prioritization.

The post Watch Now: Why Context is a Secret Weapon in Application Security Posture Management appeared first on SecurityWeek.

Chinese Hacking Group APT41 Exploits Google Calendar to Target Governments

China-linked hackers used a compromised government site to target other government entities with the ToughProgress malware that uses an attacker-controlled Google Calendar for C&C.

The post Chinese Hacking Group APT41 Exploits Google Calendar to Target Governments appeared first on SecurityWeek.

MITRE Publishes Post-Quantum Cryptography Migration Roadmap

The roadmap provides an overview of four key stages of the migration process, namely preparation, baseline understanding, planning and execution, and monitoring and evaluation.

The post MITRE Publishes Post-Quantum Cryptography Migration Roadmap appeared first on SecurityWeek.

ConnectWise Discloses Suspected State-Sponsored Hack

The IT software provider says ScreenConnect users were impacted by the attack, which exploited a high-severity ASP.NET vulnerability.

The post ConnectWise Discloses Suspected State-Sponsored Hack appeared first on SecurityWeek.

CISA Releases Guidance on SIEM and SOAR Implementation

The guidance outlines the benefits and challenges or SIEM and SOAR platforms, and shares implementation recommendations.

The post CISA Releases Guidance on SIEM and SOAR Implementation appeared first on SecurityWeek.

Chinese Hacking Group ‘Earth Lamia’ Targets Multiple Industries

Active since at least 2023, the hacking group has been targeting the financial, government, IT, logistics, retail, and education sectors.

The post Chinese Hacking Group ‘Earth Lamia’ Targets Multiple Industries appeared first on SecurityWeek.

Unbound Raises $4 Million to Secure Gen-AI Adoption

Security startup Unbound has raised $4 million in funding to help organizations adopt generative-AI tools securely and responsibly.

The post Unbound Raises $4 Million to Secure Gen-AI Adoption appeared first on SecurityWeek.

GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability

Professional hackers have built a network of ASUS routers that can survive firmware upgrades, factory reboots and most anti-malware scans.

The post GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability appeared first on SecurityWeek.

ConnectWise customers get mysterious warning about 'sophisticated' nation-state hack

Pen tester on ScreenConnect bug: This one ‘terrifies’ me

ConnectWise has brought in the big guns to investigate a "sophisticated nation state actor" that broke into its IT environment and then breached some of its customers.…

Feds arrest DoD techie, claim he dumped top secret files in park for foreign spies to find

28-year-old alleged to have made multiple drops to folks who turned out to be undercover FBI agents

A Defense Intelligence Agency (DIA) IT specialist is scheduled to appear in court today after being caught by the FBI trying to surreptitiously drop top secret information to a foreign government in a public park.…

US medical org pays $50M+ to settle case after crims raided data and threatened to swat cancer patients

Cash splashed on damages, infrastructure improvements, and fraud monitoring

A Seattle cancer facility has agreed to fork out around $52.5 million as part of a class action settlement linked to a Thanksgiving 2023 cyberattack where criminals directly threatened cancer patients with swat attacks.…

Meta – yep, Facebook Meta – is now a defense contractor

Giving people the power to build community and bring the world closer together so we can shoot them

Meta has partnered with Anduril Industries to build augmented and virtual reality devices for the military, eight years after it fired the defense firm's founder, Palmer Luckey.…

Crims defeat human intelligence with fake AI installers they poison with ransomware

Take care when downloading AI freebies, researcher tells The Register

Criminals are using installers for fake AI software to distribute ransomware and other destructive malware.…

Data watchdog put cops on naughty step for lost CCTV footage

Greater Manchester Police reprimanded over hours of video that went AWOL

The UK’s data watchdog has reprimanded Greater Manchester Police (GMP) force for losing CCTV footage the cop shop was later requested to retain.…

The UK wants you to sign up for £1B cyber defense force

War in Ukraine causes major rethink in policy and spending

The UK is spending more than £1 billion ($1.35 billion) setting up a new Cyber and Electromagnetic Command and is recruiting a few good men and women to join up and staff it.…

Infosecurity Europe 2025 drives cybersecurity priorities amid growing global risks

30-year anniversary event adds classes and sessions to address new risks

Partner content  Infosecurity Europe celebrates its 30th anniversary by doubling down on its mission: Building a Safer Cyber World. Returning to ExCeL London from 3-5 June, the landmark edition of Europe's most influential cybersecurity event is set to be its most ambitious yet. With global cyberthreats mounting in scale and sophistication, the 2025 show will deliver strategic insight, practical training, and powerful connections across three days of expert content and community collaboration.…

Security outfit SentinelOne's services back online after lengthy outage

Probably not a cyber-incident, but definitely not a good look

Security services vendor SentinelOne experienced a major outage on Thursday.…

Feds gut host behind pig butchering scams that bilked $200M from Americans

Philippines company allegedly run by Chinese national has form running scams

The US Treasury has sanctioned a Philippine company and its administrator after linking them to the infrastructure behind the majority of so-called "pig butchering" scams reported to the FBI.…

Microsoft's May Patch Tuesday update fails on some Windows 11 VMs

'The operating system couldn't be loaded' is never a great message

Microsoft's latest Patch Tuesday update is failing to install on some Windows 11 machines, mostly virtual ones, and dumping them into recovery mode with a boot error. Its only recommendation to avoid the problem for now is to dodge the update.…

Why is China deep in US networks? 'They're preparing for war,' HR McMaster tells lawmakers

House Homeland Security Committee takes a field trip to Silicon Valley

Chinese government spies burrowed deep into American telecommunications systems and critical infrastructure networks for one reason, according to retired US Army Lt. Gen. H.R. McMaster.…

8,000+ Asus routers popped in 'advanced' mystery botnet plot

No formal attribution made but two separate probes hint at the same suspect

Thousands of Asus routers are currently ensnared by a new botnet that is trying to disable Trend Micro security features before exploiting vulnerabilities for backdoor access.…

Billions of cookies up for grabs as experts warn over session security

Law enforcement crackdowns are gathering pace but online marketplaces still teeming with valuable tokens

A VPN vendor says billions of stolen cookies currently on sale either on dark web or Telegram-based marketplaces remain active and exploitable.…

European Commission: Make Europe Great Again... for startups

Sick of paying the US tech tax and relinquishing talent to other continents, politicians finally wake up

The European Commission (EC) has kicked off a scheme to make Europe a better place to nurture global technology businesses, providing support throughout their lifecycle, from startup through to maturity.…

Victoria's Secret website laid bare for three days after 'security incident'

Knickers outlet knackered

Underwear retailer Victoria's Secret’s website has been down for three days, with the company blaming an unspecified security problem.…

Adversarial AI: The new frontier in financial cybersecurity

The financial sector is adept at balancing risk and opportunity. Adversarial AI is its next big challenge

Sponsored Post  From the use of ATMs to online banking, the financial services sector has always been at the forefront of technology. Now, it's leading the charge in AI. In their third annual survey of financial institutions the Bank of England and Financial Conduct Authority found 75% of companies already using AI with another 10% planning to do so over the next three years.…

Attack on LexisNexis Risk Solutions exposes data on 300k +

Data analytics and risk management biz says software dev platform breached, not itself

LexisNexis Risk Solutions (LNRS) is the latest big-name organization to disclose a serious cyberattack leading to data theft, with the number of affected individuals pegged at 364,333.…

Russian IT pro sentenced to 14 years forced labor for sharing medical data with Ukraine

The latest in a long line of techies to face Putin’s wrath

A Russian programmer will face the next 14 years in a "strict-regime" (high-security) penal colony after a regional court ruled he leaked sensitive data to Ukraine.…

The cost of compromise: Why password attacks are still winning in 2025

Poor password management is responsible for thousands of data breaches, but it doesn’t have to be this way.

Sponsored feature  The IT business likes to reinvent things as quickly as possible. Except passwords, that is. We've been using them since Roman times, only now they're digital. They're the fungal skin disease of tech; irritating and hard to get rid of.…

DragonForce double-whammy: First hit an MSP, then use RMM software to push ransomware

SimpleHelp was the vector for the attack

Updated  DragonForce ransomware infected a managed service provider, and its customers, after attackers exploited security flaws in remote monitoring and management tool SimpleHelp.…

ASUS to chase business PC market with free AI, or no AI - because nobody knows what to do with it

Really strong USB ports make a difference too by reducing the need for motherboard replacements

Computex  Analysts rate Taiwan’s ASUS the world’s fifth most prolific PC-maker, but the company wants to climb the charts by targeting business buyers, according to Shawn Chang, Head of Go-To-Market for the outfit’s Commercial Business Unit.…

Don't click on that Facebook ad for a text-to-AI-video tool

Millions may fall for it - and end up with malware instead

A group of miscreants tracked as UNC6032 is exploiting interest in AI video generators by planting malicious ads on social media platforms to steal credentials, credit card details, and other sensitive info, according to Mandiant.…

New Russian cyber-spy crew Laundry Bear joins the email-stealing pack

Dutch intel services, Microsoft go big-game hunting

A previously unknown Kremlin-linked group has conducted cyber-espionage operations against Dutch police, NATO member states, Western tech companies, and other organizations of interest to the Russian government since at least April 2024, according to Dutch intelligence services and Microsoft.…

Adidas confirms criminals stole data from customer service provider

Hackers take personal data bytes from the brand with three stripes

Adidas is warning customers some of their data was stolen after an "unauthorized" person lifted it from a "third-party customer service provider."…

Ransomware attack on MATLAB dev MathWorks – licensing center still locked down

Commercial customers, STEM students all feeling the pain after mega outage of engineering data-analysis tool

Software biz MathWorks is cleaning up a ransomware attack more than a week after it took down MATLAB, its flagship product used by more than five million people worldwide.…

TeleMessage security SNAFU worsens as 60 government staffers exposed

PLUS: Interpol kills more malware; GoDaddy settles in awful infosec case; Giant stolen creds DB exposed

Infosec In Brief  Secrets of the Trump administration may have been exposed after a successful attack on messaging service TeleMessage, which has been used by some officials.…

China approves rules for national ‘online number’ ID scheme

PLUS: Original emoji retired; Xiaomi's custom silicon; Pakistan dedicates 2,000 MW to AI and crypto

Asia In Brief  China last week approved rules that will see Beijing issue identity numbers that netizens can use as part of a federated identity scheme that will mean they can use one logon across multiple online services.…

Cybercrime is 'orders of magnitude' larger than state-backed ops, says ex-White House advisor

Michael Daniel also thinks Uncle Sam should increase help to orgs hit by ransomware

INTERVIEW  Uncle Sam's cybersecurity apparatus can't only focus on China and other nation-state actors, but also has to fight the much bigger damage from plain old cybercrime, says former White House advisor Michael Daniel. And the Trump administration's steep cuts to federal government staff are making that a lot harder.…

Remembering John Young, co-founder of web archive Cryptome

The original leak site that never sold out, never surrendered

Obituary  John Young, the co-founder of the legendary internet archive Cryptome, died at the age of 89 on March 28. The Register talked to friends and peers who gave tribute to a bright, pugnacious man who was devoted to the public's right to know.…

Ransomware scum leaked Nova Scotia Power customers' info

Bank accounts, personal details all hoovered up in the attack

Nova Scotia Power on Friday confirmed it had been hit by a ransomware attack that began earlier this spring and disrupted certain IT systems, and admitted the crooks leaked data belonging to about 280,000 customers online. The stolen info may have included billing details and, for those on autopay, bank account numbers.…

CISA says SaaS providers in firing line after Commvault zero-day Azure attack

Cyberbaddies are coming for your M365 creds, US infosec agency warns

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that SaaS companies are under fire from criminals on the prowl for cloud apps with weak security.…

Grandpa-conning crook jailed over sugar-coated drug scam

Callous fraudster tricked elderly gents into smuggling meth hidden in chocolate truffles

A ruthless cyber conman who duped elderly pensioners – including an 80-year-old man – into smuggling deadly class A drugs was this week locked up.…

Suspected creeps behind DanaBot malware that hit 300K+ computers revealed

And the associated fraud'n'spy botnet is about to be shut down

The US Department of Justice has unsealed indictments against 16 people accused of spreading and using the DanaBot remote-control malware that infected more than 300,000 computers, plus operating a botnet of the same name, and appears set to shutter its operations.…

Ivanti makes dedicated fans of Chinese spies who just can't resist attacking its buggy kit

If it ain't broke?

A suspected Chinese government spy group is behind the rash of attacks that exploit two Ivanti bugs that can be chained together to achieve unauthenticated remote code execution (RCE), according to analysts at threat intelligence outfit EclecticIQ.…

US Navy sailor charged in horrific child sextortion case

Blackmailed teen allegedly scared into carving his handle onto her arm

The FBI has filed an affidavit detailing how it identified a US Navy man who was allegedly distributing child sex abuse material (CSAM) through Discord.…

How lean security teams can build resilient defenses

Improving security on a budget with continuous monitoring

Partner content  Most security teams face a staggering challenge. They're tasked with protecting themselves against the same advanced threats as any large enterprise, but often have a fraction of the budget, tools, and personnel. It's not uncommon to hear these teams being told to "do more with less." But still, the stakes couldn't be higher.…

Feds finger Russian 'behind Qakbot malware' that hit 700K computers

Agents thought they shut this all down in 2023, but the duck quacked again

Uncle Sam on Thursday unsealed criminal charges and a civil forfeiture case against a Russian national accused of leading the cybercrime ring behind Qakbot, the notorious malware that infected hundreds of thousands of computers worldwide and helped fuel ransomware attacks costing victims tens of millions of dollars.…

Chinese snoops tried to break into US city utilities, says Talos

Intrusions began weeks before Trimble patched the Cityworks hole

A suspected Chinese crew has been exploiting a now-patched remote code execution (RCE) flaw in Trimble Cityworks to break into US local government networks and target utility management systems, according to Cisco's Talos threat intelligence group.…

Irish privacy watchdog OKs Meta to train AI on EU folks' posts

Case in Germany could derail Zuck's plans, noyb tells El Reg fight isn't over

The Irish Data Protection Commission has cleared the way for Meta to begin slurping up the data of European citizens for training AI next week, ongoing legal challenges notwithstanding. …

Russia expected to pass experimental law that tracks foreigners in Moscow via smartphones

4-year trial is second major initiative this year that clamps down on 'illegal immigrants'

Foreigners in Moscow will now be subject to a new experimental law that affords the state enhanced tracking mechanisms via a smartphone app.…

Signal shuts the blinds on Microsoft Recall with the power of DRM

Chat app blocks Windows' screenshot-happy feature from peeking at private convos

Chat app biz Signal is unhappy with the current version of Microsoft Recall and has invoked some Digital Rights Management (DRM) functionality in Windows to stop the tool from snapshotting private conversations.…

Scottish council admits ransomware crooks stole school data

Parents and teachers have personal info, ID documents leaked online, but exam season mostly unaffected

Scotland's West Lothian Council has confirmed that data was stolen from its education network after the Interlock ransomware group claimed responsibility for the intrusion earlier this month.…

US teen to plead guilty to extortion attack against PowerSchool

The 19-year-old and a partner first tried to extort an unnamed telco, but failed

A 19-year-old student has agreed to plead guilty to hacking into the systems of two companies as part of an extortion scheme, and The Register has learned that one of the targets was PowerSchool.…

Russia's Fancy Bear swipes a paw at logistics, transport orgs' email servers

Their connection? Aiding Ukraine, duh

Russian cyberspies have targeted "dozens" of Western and NATO-country logistics providers, tech companies, and government orgs providing transport and foreign assistance to Ukraine, according to a joint government announcement issued Wednesday.…

FBI, Microsoft, international cops bust Lumma infostealer service

Credit card theft losses in 2023 alone totaled $36.5M

International cops working with Microsoft have shut down infrastructure and seized web domains used to run a distribution service for info-stealing malware Lumma. Criminals paid $250 to $1,000 a month to get access to the infostealer.…

Coinbase confirms insiders handed over data of 70K users

Bribed support staff identified, fired

Coinbase says the data of nearly 70,000 customers was handed over by overseas support staff who were bribed by criminals to give up the goods.…

Judge allows Delta's lawsuit against CrowdStrike to proceed with millions in damages on the line

CS remains hopeful damages will be limited to seven figures

CrowdStrike is "confident" that the worst-case scenario of its pending lawsuit with Delta will result in it paying the airline a sum in the "single-digit millions."…

Google carves out cloudy safe spaces for nations nervous about America's reach

From air-gapped bunkers to partner-run platforms, sovereignty is suddenly in vogue

Google has updated its sovereign cloud services, including an air-gapped solution for customers with strict data security and residency requirements, as customers grow uneasy over US digital dominance.…

Trump announces $175B for Golden Dome defense shield over America

In practice, it'll cost many times that and almost certainly won't work

In a White House press conference on Tuesday President Trump announced his plans for a defensive network of missiles, radar, space surveillance, and attack satellites that he promised would protect America.…

Mandatory Ransomware Payment Disclosure Begins in Australia

Australian firms with an annual turnover of AUS $3m are now required to report any payments to ransomware groups to authorities

US Banks Urge SEC to Repeal Cyber Disclosure Rule

Five major banking associations in the US claim the new SEC cyber incident disclosure rule puts a strain on their resources

FBI Flags Philippines Tech Company Behind Crypto Scam Infrastructure

The FBI provided details of Funnull’s malicious activities, selling infrastructure to criminal groups to facilitate cryptocurrency fraud in the US

UK MoD Launches New Cyber Warfare Command

The UK MoD has unveiled a new Cyber and Electromagnetic Command, which will focus on offensive cyber operations and “electromagnetic warfare” capabilities

CISA Urged to Enrich KEV Catalog with More Contextual Data

Security teams should use vulnerability context alongside KEV lists to prioritize patching, OX argued

ConnectWise Confirms Hack, “Very Small Number” of Customers Affected

The firm’s remote monitoring management tool, ScreenConnect, has reportedly been patched

New Browser Exploit Technique Undermines Phishing Detection

Fullscreen Browser-in-the-Middle attacks are making it harder for users to detect malicious websites

Malware Analysis Reveals Sophisticated RAT With Corrupted Headers

Fortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques

Thousands of ASUS Routers Hijacked in Stealthy Backdoor Campaign

A threat actor has used ASUS routers’ legitimate features to create persistent backdoors that survive firmware updates and reboots

Cybersecurity Teams Generate Average of $36M in Business Growth

A new EY report found that cybersecurity teams are a major vehicle for business growth, and CISOs should push for a seat at the top table

#Infosec2025: Over 90% of Top Email Domains Vulnerable to Spoofing Attacks

EasyDMARC found that just 7.7% of the world’s top 1.8 million email domains have implemented the most stringent DMARC policy

Ivanti Vulnerability Exploit Could Expose UK NHS Data

Two NHS England trusts could see highly sensitive patient records exposed

Why privacy in blockchain must start with open source

Traditionally, trust came from centralized institutions. Banks, payment networks, and clearinghouses are closed systems. Users cannot see the inner workings, but they rely on external audits, government regulation, and long histories of compliance to feel secure. It’s a model that has and continues to work, but it comes with trade-offs, namely: opacity, concentration of power, and limited innovation. A new model of trust With blockchains and decentralized applications (dApps), a new model of trust has … More →

The post Why privacy in blockchain must start with open source appeared first on Help Net Security.

Using AI to outsmart AI-driven phishing scams

Phishing scams used to be filled with awkward wording and obvious grammar mistakes. Not anymore. AI is now making it harder to distinguish what is real. According to Cofense, email-based scams surged 70% year over year, driven by AI’s ability to automate lures, spoof internal conversations, and bypass spam filters with subtle text variations. Criminals use AI algorithms to analyze large amounts of data to understand the interests, behavior, and preferences of their target. For … More →

The post Using AI to outsmart AI-driven phishing scams appeared first on Help Net Security.

AI agents have access to key data across the enterprise

82% of organizations already use AI agents, but only 44% of organizations report having policies in place to secure them, according to SailPoint. While 53% are in the process of developing such policies, the reality is that most remain exposed today. AI agents pose security risks for organizations 96% of technology professionals consider AI agents a growing risk, even as 98% of organizations plan to expand their use of them within the next year. The … More →

The post AI agents have access to key data across the enterprise appeared first on Help Net Security.

Exchange 2016, 2019 support ends soon: What IT should do to stay secure

Microsoft is ending support for Exchange Server 2016, Exchange Server 2019, and Outlook 2016 on October 14, 2025. That date might seem far off, but if you’re managing email systems or Office deployments, it’s worth paying attention to now. These products will keep working past that deadline, but without security updates or tech support, they’ll be risky to keep in production. What’s ending and when? The key date to remember is October 14, 2025. On … More →

The post Exchange 2016, 2019 support ends soon: What IT should do to stay secure appeared first on Help Net Security.

Infosec products of the month: May 2025

Here’s a look at the most interesting products from the past month, featuring releases from: Anchore, BalkanID, Cyble, groundcover, Hunted Labs, LogicGate, McAfee, Obsidian Security, Outpost24, PentestPad, ProcessUnity, Resecurity, Searchlight Cyber, SecuX, ServiceNow, ThreatMark, and Verosint. New MCP server from groundcover redefines LLM observability A new MCP server, faster than any other on the market, has been launched from groundcover, the eBPF-driven observability platform. Developers can now enhance their AI-driven workflows with deep system context, … More →

The post Infosec products of the month: May 2025 appeared first on Help Net Security.

Microsoft unveils “centralized” software update tool for Windows

Microsoft is looking to streamline the software updating process for IT admins and users by providing a Windows-native update orchestration platform, and to help organizations upgrade their computer fleet to Windows 11 with the help of Windows Backup for Organizations. The software update orchestration platform “Today, line-of-business apps, Windows components, Visual Studio, and other products are updated independently,” says Microsoft Product Manager Angie Chen. “Updates across the Windows ecosystem can feel like a fragmented experience … More →

The post Microsoft unveils “centralized” software update tool for Windows appeared first on Help Net Security.

Resecurity Compliance Manager empowers cybersecurity leaders with AI-driven insights

Resecurity has officially launched its AI-driven Compliance Manager. The solution is engineered to help CISOs and compliance teams manage complex regulatory demands, reduce risk, and maintain alignment with global cybersecurity standards. The Compliance Manager delivers centralized visibility, automation, and expert-level guidance to ensure organizations stay audit-ready and resilient in the face of expanding data protection and information security regulations. The platform currently supports over 20 international and regional compliance frameworks, including: GDPR (General Data Protection … More →

The post Resecurity Compliance Manager empowers cybersecurity leaders with AI-driven insights appeared first on Help Net Security.

Cisco Duo IAM protects against AI-driven identity threats

Cisco unveiled Duo Identity and Access Management (IAM), a new security solution that transforms how organizations combat persistent identity-based attacks that are accelerating in the AI era. Identity is a prime target for bad actors, accounting for 60% of Cisco Talos Incident Response cases in 2024, because current solutions have critical weaknesses that attackers exploit. Duo IAM offers an innovative and security-first approach, with added protection built on its globally trusted multifactor authentication (MFA). Duo IAM … More →

The post Cisco Duo IAM protects against AI-driven identity threats appeared first on Help Net Security.

What CISOs can learn from the frontlines of fintech cybersecurity

At Span Cyber Security Arena, I sat down with Ria Shetty, Director, Cyber Security & Resilience for Europe at Mastercard. Our conversation cut through the hype and focused on what CISOs deal with every day: how to embed security into innovation, manage supply chain risk, and prepare both systems and people for the threats ahead. For Shetty, the idea that innovation competes with security is a false choice. “They go hand in hand,” she says. … More →

The post What CISOs can learn from the frontlines of fintech cybersecurity appeared first on Help Net Security.

How CISOs can regain ground in the AI fraud war

Fraudsters are winning the AI arms race, first-party fraud is rising, and siloed systems are holding back defenses, according to DataVisor. Their 2025 Fraud & AML Executive Report, based on surveys of banks, fintechs, credit unions, and digital platforms, outlines clear signals for CISOs trying to build resilient, forward-looking strategies. Fraudsters have the upper hand The most urgent issue? Criminals are using AI better than most organizations. Three in four respondents said fraudsters currently have … More →

The post How CISOs can regain ground in the AI fraud war appeared first on Help Net Security.

Word to the wise: Beware of fake Docusign emails

Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data

Danabot under the microscope

ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure

Danabot: Analyzing a fallen empire

ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation

Lumma Stealer: Down for the count

The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies

ESET takes part in global operation to disrupt Lumma Stealer

Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation

The who, where, and how of APT attacks in Q4 2024–Q1 2025

ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report

ESET APT Activity Report Q4 2024–Q1 2025

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025

Sednit abuses XSS flaws to hit gov't entities, defense companies

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU

Operation RoundPress

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)

Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.

Catching a phish with many faces

Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly

Beware of phone scams demanding money for ‘missed jury duty’

When we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer.

Toll road scams are in overdrive: Here’s how to protect yourself

Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam.

RSAC 2025 wrap-up – Week in security with Tony Anscombe

From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks

This month in security with Tony Anscombe – April 2025 edition

From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity

How safe and secure is your iPhone really?

Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.

Deepfake 'doctors' take to TikTok to peddle bogus cures

Look out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements

How fraudsters abuse Google Forms to spread scams

The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe.

Will super-smart AI be attacking us anytime soon?

What practical AI attacks exist today? “More than zero” is the answer – and they’re getting better.

CapCut copycats are on the prowl

Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead

They’re coming for your data: What are infostealers and how do I stay safe?

Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data

Attacks on the education sector are surging: How can cyber-defenders respond?

Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?

Watch out for these traps lurking in search results

Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results

So your friend has been hacked: Could you be next?

When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.

1 billion reasons to protect your identity online

Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t.

The good, the bad and the unknown of AI: A Q&A with Mária Bieliková

The computer scientist and AI researcher shares her thoughts on the technology’s potential and pitfalls – and what may lie ahead for us

This month in security with Tony Anscombe – March 2025 edition

From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news

Resilience in the face of ransomware: A key to business survival

Your company’s ability to tackle the ransomware threat head-on can ultimately be a competitive advantage

Making it stick: How to get the most out of cybersecurity training

Security awareness training doesn’t have to be a snoozefest – games and stories can help instill ‘sticky’ habits that will kick in when a danger is near

RansomHub affiliates linked to rival RaaS gangs

ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions

FamousSparrow resurfaces to spy on targets in the US, Latin America

Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time

Shifting the sands of RansomHub’s EDRKillShifter

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play

You will always remember this as the day you finally caught FamousSparrow

ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor

Operation FishMedley

ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON

MirrorFace updates toolset, expands targeting to Europe

The group's Operation AkaiRyū begins with targeted spearphishing emails that use the upcoming World Expo 2025 in Osaka, Japan, as a lure

Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor

ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor

AI's biggest surprises of 2024 | Unlocked 403 cybersecurity podcast (S2E1)

Here's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams

When IT meets OT: Cybersecurity for the physical world

While relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure can’t afford to dismiss the OT threat

Don’t let cybercriminals steal your Spotify account

Listen up, this is sure to be music to your ears – a few minutes spent securing your account today can save you a ton of trouble tomorrow

AI-driven deception: A new face of corporate fraud

Malicious use of AI is reshaping the fraud landscape, creating major new risks for businesses

Kids behaving badly online? Here's what parents can do

By taking time to understand and communicate the impact of undesirable online behavior, you can teach your kids an invaluable set of life lessons for a new digital age

Martin Rees: Post-human intelligence – a cosmic perspective | Starmus highlights

Take a moment to think beyond our current capabilities and consider what might come next in the grand story of evolution

Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani

Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media

Bernhard Schölkopf: Is AI intelligent? | Starmus highlights

With AI's pattern recognition capabilities well-established, Mr. Schölkopf's talk shifts the focus to a pressing question: what will be the next great leap for AI?

This month in security with Tony Anscombe – February 2025 edition

Ransomware payments trending down, the cyber-resilience gap facing SMBs, and APT groups embracing generative AI – it's a wrap on another month filled with impactful security news

Laurie Anderson: Building an ARK | Starmus highlights

The pioneering multi-media artist reveals the creative process behind her stage show called ARK, which challenges audiences to reflect on some of the most pressing issues of our times

Fake job offers target software developers with infostealers

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers

DeceptiveDevelopment targets freelance developers

ESET researchers analyzed a campaign delivering malware bundled with job interview challenges

No, you’re not fired – but beware of job termination scams

Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff

Katharine Hayhoe: The most important climate equation | Starmus highlights

The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action

Gaming or gambling? Lifting the lid on in-game loot boxes

The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down

What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)

Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.

How AI-driven identity fraud is causing havoc

Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back

Neil Lawrence: What makes us unique in the age of AI | Starmus highlights

As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?

Patch or perish: How organizations can master vulnerability management

Don’t wait for a costly breach to provide a painful reminder of the importance of timely software patching

Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights

Left unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?

How scammers are exploiting DeepSeek's rise

As is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek

This month in security with Tony Anscombe – January 2025 edition

DeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy

Untrustworthy AI: How to deal with data poisoning

You should think twice before trusting your AI assistant, as database poisoning can markedly alter its output – even dangerously so

Brian Greene: Until the end of time | Starmus highlights

The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanity

Going (for) broke: 6 common online betting scams and how to avoid them

Don’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammers

The evolving landscape of data privacy: Key trends to shape 2025

Incoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams

PlushDaemon compromises supply chain of Korean VPN service

ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon

Under lock and key: Protecting corporate data from cyberthreats in 2025

Data breaches can cause a loss of revenue and market value as a result of diminished customer trust and reputational damage

UEFI Secure Boot: Not so secure

ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

The story of a signed UEFI application allowing a UEFI Secure Boot bypass

Cybersecurity and AI: What does 2025 have in store?

In the hands of malicious actors, AI tools can enhance the scale and severity of all manner of scams, disinformation campaigns and other threats

Protecting children online: Where Florida’s new law falls short

Some of the state’s new child safety law can be easily circumvented. Should it have gone further?

Crypto is soaring, but so are threats: Here’s how to keep your wallet safe

As detections of cryptostealers surge across Windows, Android and macOS, it's time for a refresher on how to keep your bitcoin or other crypto safe

State-aligned actors are increasingly deploying ransomware – and that’s bad news for everyone

The blurring of lines between cybercrime and state-sponsored attacks underscores the increasingly fluid and multifaceted nature of today’s cyberthreats

AI moves to your PC with its own special hardware

Seeking to keep sensitive data private and accelerate AI workloads? Look no further than AI PCs powered by Intel Core Ultra processors with a built-in NPU.

Gary Marcus: Taming Silicon Valley | Starmus highlights

The prominent AI researcher explores the societal impact of artificial intelligence and outlines his vision for a future in which AI upholds human rights, dignity, and fairness

This month in security with Tony Anscombe – December 2024 edition

From attacks leveraging new new zero-day exploits to a major law enforcement crackdown, December 2024 was packed with impactful cybersecurity news

Chris Hadfield: The sky is falling – what to do about space junk? | Starmus highlights

The first Canadian to walk in space dives deep into the origins of space debris, how it’s become a growing problem, and how we can clean up the orbital mess

ESET Research Podcast: Telekopye, again

Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'

Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (special edition)

ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud

Cybersecurity is never out-of-office: Protecting your business anytime, anywhere

While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year

ESET Threat Report H2 2024: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025

ESET Threat Report H2 2024

A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Black Hat Europe 2024: Hacking a car – or rather, its infotainment system

Our ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow

Black Hat Europe 2024: Why a CVSS score of 7.5 may be a 'perfect' 10 in your organization

Aggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems

Black Hat Europe 2024: Can AI systems be socially engineered?

Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally?

How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8)

As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats?

Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks

Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost

Philip Torr: AI to the people | Starmus highlights

We’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impact

Achieving cybersecurity compliance in 5 steps

Cybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements

Richard Marko: Rethinking cybersecurity in the age of global challenges | Starmus highlights

ESET's CEO unpacks the complexities of cybersecurity in today’s hyper-connected world and highlights the power of innovation in stopping digital threats in their tracks

Month in security with Tony Anscombe – November 2024 edition

Zero days under attack, a new advisory from 'Five Eyes', thousands of ICS units left exposed, and mandatory MFA for all – it's a wrap on another month filled with impactful cybersecurity news

Scams to look out for this holiday season

‘Tis the season to be wary – be on your guard and don’t let fraud ruin your shopping spree

Bootkitty marks a new chapter in the evolution of UEFI threats

ESET researchers make a discovery that signals a shift on the UEFI threat landscape and underscores the need for vigilance against future threats

Bootkitty: Analyzing the first UEFI bootkit for Linux

ESET researchers analyze the first UEFI bootkit designed for Linux systems

Firefox and Windows zero days chained to deliver the RomCom backdoor

The backdoor can execute commands and lets attackers download additional modules onto the victim’s machine, ESET research finds

RomCom exploits Firefox and Windows zero days in the wild

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit

Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine

ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood

Kathryn Thornton: Correcting Hubble's vision | Starmus highlights

The veteran of four space missions discusses challenges faced by the Hubble Space Telescope and how human ingenuity and teamwork made Hubble’s success possible

My information was stolen. Now what?

The slow and painful recovery process

“Scam Likely” calls: What are they and how do I block them?

Tired of dodging all those 'Scam Likely' calls? Here's what’s behind the label and how to stay one step ahead of phone scammers.

ESET APT Activity Report Q2 2024–Q3 2024: Key findings

ESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity Report

ESET Research Podcast: Gamaredon

ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation

USDA Worker, 5 Others Charged in Food Stamp Fraud Operation

Six New York residents were charged with running a complex scheme that involved fraudulent documentation and unauthorized payment systems to steal as much as $30 million from the country's food stamp program that tens of millions of Americans rely on every month.

The post USDA Worker, 5 Others Charged in Food Stamp Fraud Operation appeared first on Security Boulevard.

SentinelOne Outage Leaves Security Teams Hanging for Six Hours

SentinelOne's commercial customers consoles went down for about six hours May 29 in what the company says wasn't a "security incident," but it still faces questions from a customer based that wants to know what happened and why communication from SentinelOne about the issues was bad.

The post SentinelOne Outage Leaves Security Teams Hanging for Six Hours appeared first on Security Boulevard.

BSidesLV24 – PasswordsCon – All Your Badge Are Belong To Me

Author/Presenter: John-André Bjørkhaug

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – PasswordsCon – All Your Badge Are Belong To Me appeared first on Security Boulevard.

Million-dollar Salaries, Board Influence Mark the CISO’s Rise

Five years post-pandemic, half of CISOs at enterprises with revenue of $20 billion or more now hold EVP- or SVP-level titles.

The post Million-dollar Salaries, Board Influence Mark the CISO’s Rise  appeared first on Security Boulevard.

Vulnerability Management: Hidden Costs, Confidence Shortfalls, and Siloed Processes

The post Vulnerability Management: Hidden Costs, Confidence Shortfalls, and Siloed Processes appeared first on AI Security Automation.

The post Vulnerability Management: Hidden Costs, Confidence Shortfalls, and Siloed Processes appeared first on Security Boulevard.

The Sequential Kill Chain for AI – FireTail Blog

May 30, 2025 - Timo Rüppell - The Sequential Kill Chain for AI-Powered Attacks
Excerpt: We’ve talked before about Mean Time To Attack, or MTTA, which has grown alarmingly short for new vulnerabilities across the cyber landscape. In this blog, we’ll dive into the “how” and “why” of this…
Summary:
In our current cyber landscape, Mean Time To Attack is shorter than ever, and all signs point to AI being involved. And in the meantime, Mean Time to Patch isn’t getting shorter…
Blog text:
AI security is a critical challenge in 2025. Developers and security experts are struggling to stay ahead of attacks that are continuing to rise in volume and complexity. We’ve seen a rapid increase in the number of breaches and new kinds of attacks, such as indirect prompt injection. Many researchers believe that AI is partially responsible for attacks growing and advancing at such a rapid rate. Mean Time To Attack, or MMTA, is the time it takes for a new vulnerability to be exploited in the wild. In recent years, we’ve seen this number decrease dramatically to only 22 minutes. On the other hand, the Mean Time To Patch, or MTTP, is still extremely long, sitting around 50 to 160 days, which is more than enough time for attackers and bad actors to exploit the vulnerabilities repeatedly and even find more weak spots. Pictured below is the Sequential Kill Chain for AI-Powered attacks. The early stages of the kill chain- Recon, Weaponize, and Deliver, to Exploit- are occurring at a rate that seems too fast to not be automated in a lot of cases. If hackers had to do each step manually- reconnaissance into APIs or web apps looking for vulnerabilities, figuring out how to exploit them, then building and deploying the code, delivering these attacks until one of them is successful- it would take a lot longer than 22 minutes, even with the most experienced threat actors. And we already know this is possible from cases like when researchers got ChatGPT 4 to exploit one-day vulnerabilities. They tested this method across 15 different sites, container management software, and Python packages. Their findings were shocking. ChatGPT was able to correctly exploit one-day vulnerabilities 87% of the time. (IBM)
So what does this mean?
Developers and security teams need to work together and stay vigilant and aware of the risks. Since vulnerabilities are being exploited so rapidly, they need to be addressed proactively and the best way to do this is to employ the principles of “secure by design.” “Secure by design,” is effectively the process of eliminating vulnerabilities as you build. There are multiple types of ways to employ “secure by design,” including code analysis and continuous security testing throughout every stage of development. Now more than ever, security needs to be a top concern from code to cloud. We’ve talked before about how secure by design is the best way to enforce security postures before platforms even go live in their environment. But with MTTA sitting so incredibly low, and MTTP remaining high, this construct is even more critical. And unfortunately, it seems like this problem is going to get worse before it gets better. Based on the data, the industry behavior around patching has been consistent for the past two decades. Quite simply, vulnerabilities are not taken seriously enough. There also may be a need down the line for automated deployments that can fix a vulnerability and deploy the patch within minutes, instead of months. One of the best ways to do this is to rely heavily on infrastructure as code, with fully automated pipelines. Once a vulnerability is identified, push the patch in code, and initiate a build and deploy automation. This is the same for both AI security and API security. APIs power the different platforms that provide data to LLMs, so without APIs, there is no AI. Therefore: AI security is API security. And as with vulnerability exploit mitigation, the best way to fix an API is in the security of its design. Analyzing the design for security weaknesses with automated testing during the design and build phase, coupled with automated updates when issues are fixed, leads to the best and most consistent security outcomes.
Takeaways
We are seeing a rapid surge of attacks powered by AI. AI can automate steps of the sequential kill chain, as we’ve already seen with OpenAI, making it much simpler to find, analyse, and exploit vulnerabilities in real-time. For this reason, researchers suspect AI is responsible for the decrease in Mean Time To Attack of vulnerabilities. On the other hand, Mean Time to Patch remains high for vulnerabilities across the board, leaving them open to attack for prolonged periods of time. The only solution is for developers and security teams to stay vigilant by employing practices such as “secure by design,” continuously testing APIs, and patching vulnerabilities proactively, so attackers won’t even have the 22 minutes they need to find and target the weaknesses. Looking for ways to simplify your team’s AI security posture? FireTail can help. Set up a demo or start your free trial today.

The post The Sequential Kill Chain for AI – FireTail Blog appeared first on Security Boulevard.

BSidesLV24 – PasswordsCon – Cloud Attack: Dissecting Attack Paths With Graph-Mode

Author/Presenter: Filipi Pires

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – PasswordsCon – Cloud Attack: Dissecting Attack Paths With Graph-Mode appeared first on Security Boulevard.

Why AI Hallucinations Are the Biggest Threat to Gen AI’s Adoption in Enterprises

In 2024, enterprise investments in generative AI skyrocketed. Microsoft alone committed over $10 billion to OpenAI, and according to a Gartner report, more than 80%...Read More

The post Why AI Hallucinations Are the Biggest Threat to Gen AI’s Adoption in Enterprises appeared first on ISHIR | Software Development India.

The post Why AI Hallucinations Are the Biggest Threat to Gen AI’s Adoption in Enterprises appeared first on Security Boulevard.

Cybersecurity Insights with Contrast CISO David Lindner | 05/30/25

Insight No. 1 — Prioritize proof over promises in agentic AI

SC World recently noted that there were three points missing from agentic AI conversations at RSAC. I agree. Many new technologies arrive with significant fanfare. Agentic AI is no exception. However, we must prioritize practical validation over promises. Without thorough proof of concepts (PoCs), our security operations cannot truly integrate these tools. Without clear ROI metrics, we cannot justify the investment. Our long-term security posture depends on this disciplined approach.

The post Cybersecurity Insights with Contrast CISO David Lindner | 05/30/25 appeared first on Security Boulevard.

Cybersecurity Snapshot: New Standard for AI System Security Published, While Study Finds Cyber Teams Boost Value of Business Projects

Check out ETSI’s new global standard for securing AI systems and models. Plus, learn how CISOs and their teams add significant value to orgs’ major initiatives. In addition, discover what webinar attendees told Tenable about their cloud security challenges. And get the latest on properly decommissioning tech products; a cyber threat targeting law firms; and more!

Dive into six things that are top of mind for the week ending May 30.

1 - ETSI publishes global standard for AI security

What is the proper way to secure your artificial intelligence models and systems? Are you confused by all the different AI security recommendations and guidance? The European Telecommunications Standards Institute (ETSI) is trying to bring clarity to this issue.

ETSI, in collaboration with the U.K. National Cyber Security Center (NCSC) and the U.K. Department for Science, Innovation & Technology (DSIT), has published a global standard for AI security designed to cover the full lifecycle of an AI system.

Aimed at developers, vendors, operators, integrators, buyers and other AI stakeholders, ETSI’s “Securing Artificial Intelligence (SAI); Baseline Cyber Security Requirements for AI Models and Systems” technical specification outlines a set of foundational security principles for an AI system’s entire lifecycle.

Here's an overview of the five stages of an AI system and the 13 security principles that must be adopted:

• Secure design stage
  • Raise awareness about AI security threats and risks.
  • Design the AI system not only for security but also for functionality and performance.
  • Evaluate the threats and manage the risks to the AI system.
  • Make it possible for humans to oversee AI systems.
• Secure development stage
  • Identify, track and protect the assets.
  • Secure the infrastructure.
  • Secure the supply chain.
  • Document data, models and prompts.
  • Conduct appropriate testing and evaluation.
• Secure deployment stage
  • Communication and processes associated with end-user and affected entities.
• Secure maintenance stage
  • Maintain regular security updates, patches and mitigations.
  • Monitor system behavior.
• Secure end-of-life stage
  • Ensure proper data and model disposal.
     

Each one of the 13 security principles is further broken down into multiple provisions that provide detailed requirements. 

For example, in the secure maintenance stage, ETSI calls for developers to test and evaluate major AI system updates as they would a new version of an AI model. Also in this stage, system operators need to analyze system and user logs to detect security issues such as anomalies and breaches.

The 73-page companion technical report, “Securing Artificial Intelligence (SAI): Guide to Cyber Security for AI Models and Systems,” offers significantly more technical detail about each provision. 

Together the technical specification and the technical report “provide stakeholders in the AI supply chain with a robust set of baseline security requirements that help protect AI systems from evolving cyber threats,” reads an NCSC blog.

For more information about AI security, check out these Tenable resources:

• “Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources” (blog)
• “Tenable Cloud AI Risk Report 2025” (report)
• “Who's Afraid of AI Risk in Cloud Environments?” (blog)
• “Tenable Cloud AI Risk Report 2025: Helping You Build More Secure AI Models in the Cloud” (on-demand webinar)
• “Securing the AI Attack Surface: Separating the Unknown from the Well Understood” (blog)

2 - Report: CISOs and cyber teams pump value into business projects

Cybersecurity teams’ involvement in large-scale organizational initiatives yields significant monetary benefits – especially if CISOs are incorporated early into these efforts.

That’s a key finding from Ernst & Young’s “2025 EY Global Cybersecurity Leadership Insights Study,” which surveyed 550 C-suite and cybersecurity leaders globally from organizations with more than $1 billion in annual revenue.

Specifically, the study found that cybersecurity teams contribute a median of $36 million to every enterprise-wide initiative they’re involved in. That’s equivalent to between 11% and 20% of the value of each project.

“CISOs who are involved early in cross-function decision-making generate more value than those who were consulted late or not at all,” the report reads. 

“CEOs, CFOs and boards should take steps to more meaningfully integrate cybersecurity into transformations and other strategic initiatives,” it adds.
 

The finding points to how CISOs and their cybersecurity teams are expanding their scope from managing security, risk and compliance to becoming “key enablers of business growth.”

Unfortunately, over the past two years, cybersecurity budgets have shrunk as a percentage of annual revenue, and only 13% of surveyed CISOs said they get looped in early into critical business decisions.

Using a framework, the report concluded that cybersecurity adds considerable value to these six key types of initiatives:

• Adopting and building technology
• Strengthening brand trust and reputation
• Improving customer experience
• Transforming and innovating across the business
• Expanding to new markets
• Developing new products and services

For more information about how CISOs and their cyber teams add value to business ventures:

• “Better metrics can show how cybersecurity drives business success” (CSO)
• “Build CISO Strategic Impact and Visibility” (IANS Research)
• “Nearly half of CISOs now report to CEOs, showing their rising influence” (Help Net Security)
• “CISOs embrace rise in prominence — with broader business authority” (CSO)
• “How leading CISOs build business-critical cyber cultures” (CIO)

3 - Tenable poll zooms in on cloud security

During our recent webinar “Confident in the Cloud: How to Overcome Complexity and Get AWS Security Right,” we asked attendees about their cloud security practices and challenges. Check out what they said.

^{(137 webinar attendees polled by Tenable, May 2025)}

^{(60 webinar attendees polled by Tenable, May 2025)}

Interested in learning about proven best practices for how to control and secure your AWS environment? Watch this webinar on-demand!

4 - Guide: How to safely decommission tech products

It’s important to properly dispose of software and hardware products after removing them from your IT environment.

To help organizations with this process, the U.K. National Cyber Security Centre (NCSC) has published guidance on how to securely retire obsolete technical wares.

“Decommissioning can be highly expensive and complex, with potentially severe repercussions if not executed properly,” the NCSC document reads. “Outdated or unsupported assets can pose an unacceptable risk to the organisation.”
 

For example, an improperly decommissioned IT product could allow unauthorized people to access confidential data and could be used to breach services and devices.

The NCSC guidance, titled “Decommissioning assets,” addresses topics including:

• How to plan the decommissioning process
• How to carry out the decommissioning of obsolete assets
• What to do after the decommissioning process is completed

For more information about properly disposing of obsolete hardware and software:

• “How to Decommission IT Hardware” (Techbuyer)
• “Why end-of-life IT is ruining innovation and how to fix it” (OliverWyman)
• “Cybersecurity guidance: Obsolete products (Canadian Centre for Cyber Security)
• “The Top 5 Risks of Using Obsolete and Unsupported Software” (IT Convergence)
• “Managing the risks of legacy IT” (Australian Cyber Security Centre)

5 - FBI warns law firms about Silent Ransom threat

Hacker group Silent Ransom is targeting law firms via phishing calls and emails aimed at tricking employees into granting it remote access to their computers. Once they gain remote access, the attackers steal confidential data and use it to extort the victims.

So said the U.S. Federal Bureau of Investigation (FBI) in an alert titled “Silent Ransom Group Targeting Law Firms.”

Silent Ransom, also known as Luna Moth, Chatty Spider and UNC3753, employs two different schemes:

• It emails its targets offering fake, inexpensive subscriptions, and when victims request that the subscription be cancelled, the attackers email them a link that downloads remote access software on their computers.
• A Silent Ransom attacker calls a law firm employee and, pretending to be a member of the IT department, asks the victim to join a remote access session.

Detecting a Silent Ransom attack is difficult. Its hackers don’t leave behind traditional attack indicators because they use legitimate remote-access and systems-management tools. Thus, to spot a Silent Ransom breach, the FBI recommends looking for:

• New, unauthorized downloads of systems-management and remote-access tools
• A WinSCP or Rclone connection made to an external IP address
• Anonymous emails or calls claiming data was stolen
• Emails regarding how to cancel a subscription service
• Unsolicited calls from individuals claiming to work in the law firm’s IT department

To mitigate the threat, FBI recommendations include:

• Train staff on recognizing and resisting phishing attempts.
• Establish and relay policies for when and how your law firm’s IT department will reach out to employees and prove their identities.
• Regularly back up company data.
• Adopt multi-factor authentication for all employees.

For more information about remote access attacks:

• “12 remote access security risks and how to prevent them” (TechTarget)
• “Guide to Securing Remote Access Software” (CISA)
• “Remote-access tools the intrusion point to blame for most ransomware attacks“ (Cybersecurity Dive)
• “Avoiding Ratting – Remote Access Trojans” (Get Safe Online)
• “RDP and Other Remote Login Attacks” (Ransomware.org)

6 - New, updated CIS Benchmarks for Kubernetes, Microsoft and Red Hat products

The Center for Internet Security has updated its CIS Benchmarks for Kubernetes, Azure Kubernetes Service and Microsoft Intune, and has released a new CIS Benchmark for Red Hat Enterprise Linux Security Technical Implementation Guide (STIG).

These are the CIS Benchmarks updated in April:

• CIS Azure Kubernetes Service (AKS) Benchmark v1.7.0
• CIS Kubernetes Benchmark v1.11.1
• CIS Microsoft Intune for Windows 10 Benchmark v4.0.0
• CIS Microsoft Intune for Windows 11 Benchmark v4.0.0

Meanwhile, the brand new Benchmark is CIS Red Hat Enterprise Linux 9 STIG Benchmark v1.0.0.
 

Organizations can use the CIS Benchmarks’ secure-configuration guidelines to harden products against attacks. Currently, there are more than 100 Benchmarks for 25-plus vendor product families in categories including: 

• cloud platforms
• databases
• desktop and server software
• mobile devices
• operating systems

To get more details, read the CIS blog “CIS Benchmarks May 2025 Update.” For more information about the CIS Benchmarks list, check out its home page, as well as:

• “How to use CIS benchmarks to improve public cloud security” (TechTarget)
• “How to Unlock the Security Benefits of the CIS Benchmarks” (Tenable)
• “CIS Benchmarks Communities: Where configurations meet consensus” (HelpNet Security)
• “CIS Benchmarks: DevOps Guide to Hardening the Cloud” (DevOps)

CIS Benchmarks

The post Cybersecurity Snapshot: New Standard for AI System Security Published, While Study Finds Cyber Teams Boost Value of Business Projects appeared first on Security Boulevard.

Hackers are exploiting critical flaw in vBulletin forum software

Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. [...]

Microsoft now testing Notepad text formatting in Windows 11

Microsoft announced today that the Windows 11 Notepad application is getting a text formatting feature supporting Markdown-style input. [...]

Police takes down AVCheck site used by cybercriminals to scan malware

An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild. [...]

Germany doxxes Conti ransomware and TrickBot ring leader

The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev. [...]

Getting Exposure Management Right: Insights from 500 CISOs

Pentesting isn't just about finding flaws — it's about knowing which ones matter. Pentera's 2025 State of Pentesting report uncovers which assets attackers target most, where security teams are making progress, and which exposures still fly under the radar. Focus on reducing breach impact, not just breach count. [...]

Mozilla releases Firefox 139.0.1 update to fix artifacts on Nvidia GPUs

Mozilla has rolled out an emergency Firefox 139.0.1 update after the Tuesday release caused graphical artifacts on PCs with NVIDIA GPUs. [...]

Microsoft Authenticator now warns to export passwords before July cutoff

The Microsoft Authenticator app is now issuing notifications warning that the password autofill feature is being deprecated in July, suggesting users move to Microsoft Edge instead. [...]

ConnectWise breached in cyberattack linked to nation-state hackers

IT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers. [...]

Threat actors abuse Google Apps Script in evasive phishing attacks

Threat actors are abusing the trusted Google platform 'Google Apps Script' to host phishing pages, making them appear legitimate and eliminating the risk of them getting flagged by security tools. [...]

Apple Safari exposes users to fullscreen browser-in-the-middle attacks

A weakness in Apple's Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. [...]

US sanctions firm linked to cyber scams behind $200 million in losses

The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans. [...]

Cybercriminals exploit AI hype to spread ransomware, malware

Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. [...]

Attackers are mapping your attack surface—are you?

Attackers are mapping your infrastructure before you even realize what's exposed. Sprocket ASM flips the script — giving you the same recon capabilities they use, plus change detection and actionable insights to close gaps fast. See your attack surface the way hackers do and beat them to it. [...]

Google is adding new device-level features for its Advanced Protection program

At the Android Show, taking place ahead of Google I/O 2025, Google announced that it is adding new device-specific features to its Advanced Protection program, which is designed to protect public figures such as politicians and journalists from different digital threats, with the Android 16 release. The new features include a new way of storing […]

Google announces new security features for Android for protection against scam and theft

At the Android Show on Tuesday, ahead of Google I/O, Google announced new security and privacy features for Android. These new features include new protections for calls, screen sharing, messages, device access, and system-level permissions. With these features, Google aims to protect users from falling for a scam, keep their details secure in case a […]

A 25-year-old police drone founder just raised $75M led by Index

If you ever call 911 from an area that’s hard to get to, you might hear the buzz of a drone well before a police cruiser pulls up. And there’s a good chance that it will be one made by Brinc Drones, a Seattle-based startup founded by 25-year-old Blake Resnick, who dropped out of college […]

A new security fund opens up to help protect the fediverse

A new security fund aims to help apps in the fediverse — like Mastodon, Threads, and Pixelfed — to pay researchers for disclosing security bugs.

How to tell if your online accounts have been hacked

This is a guide on how to check whether someone compromised your online accounts.

Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems

Threat intelligence startup GreyNoise says it has observed a ‘notable resurgence’ in attack activity

US teachers’ union says hackers stole sensitive personal data on over 500,000 members

PSEA says it "took steps to ensure" its stolen data was deleted, suggesting a ransom demand was paid

CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’

Federal court rules U.S. cybersecurity agency must re-hire over 100 former employees

DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts

Affected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning

What PowerSchool won’t say about its data breach affecting millions of students

New details have emerged about PowerSchool's data breach — but here's what PowerSchool still isn't saying.

Hacker accessed PowerSchool’s network months before massive December breach

CrowdStrike says a hacker had access to PowerSchool's internal system as far back as August.

Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations

Unidentified hackers breached NTT Com’s network to steal personal information of employees at thousands of corporate customers

FBI says scammers are targeting US executives with fake BianLian ransom notes

The FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]

UK quietly scrubs encryption advice from government websites

The UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands

Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation

Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape

US said to halt offensive cyber operations against Russia

The reported policy shift comes as the U.S. government signals a change in its threat assessment of Russia

‘Uber for guns’ app Protector lets you hire armed bodyguards like you would an Uber — but does anyone need this?

In a TikTok video with over 3 million views, a woman in a fluffy, maximalist coat sits in the back seat of a luxury SUV, parked in the middle of a New York City street. Atop the 6-second video, a line of text reads, “our bodyguards got us matcha.” The camera zooms in on two […]

Belgium investigating alleged cyberattack on intelligence agency by China-linked hackers

The hackers reportedly exploited a flaw in US cybersecurity firm Barracuda’s software to access VSSE's email server

Archipelo comes out of stealth with $12M funding to secure human and AI-driven code

When it comes to AI software, you can build something clever, but that’s not always the same as building something that is secure. With so much software now getting written by AI, having a window into its security can be a challenge. That’s the premise of Archipelo, a San Francisco-based cybersecurity startup that is today […]

Hackers publish sensitive patient data allegedly stolen from Australian IVF provider Genea

Genea gets a court injunction after ransomware gang Termite claims to have leaked patient information

Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

Video games are more than entertainment; they’re a $200 billion global industry. But as gaming grows, so do cyberattacks. Hackers now see games as goldmines for stealing data, extorting companies, and exploiting players.  According to Infosecurity Magazine, Akamai’s 2024 report shows that attacks on gaming platforms are rising alarmingly. In 2024 alone, the industry suffered … Continue reading Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe

The post Gamer Over? Why Hackers Target Popular Video Games & How to Stay Safe appeared first on KoDDoS Blog.

How Social Media Use Can Create Hidden Cybersecurity Risks

Social media is all around us, helping us stay connected, updated, and entertained. But beneath the endless scroll, a darker reality exists. Hidden cybersecurity threats are growing- some obvious, others much harder to spot. The risks are especially alarming for young users. According to the National Institutes of Health, up to 95% of teens aged … Continue reading How Social Media Use Can Create Hidden Cybersecurity Risks

The post How Social Media Use Can Create Hidden Cybersecurity Risks appeared first on KoDDoS Blog.

KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

From April 1st to 3rd, 2025, KoDDoS, a provider of specialized services in DDoS protection and secure offshore hosting, marked its presence at the InCyber ​​Europe Forum, held at the Lille Grand Palais. A true crossroads of cyber innovation and cooperation, the event is the largest cybersecurity event in Europe. A benchmark event on an … Continue reading KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem

The post KoDDoS at the InCyber ​​Europe 2025 Forum: a strategic participation at the heart of the European cyber ecosystem appeared first on KoDDoS Blog.

Looking back at CloudFest 2025: An essential event for the future of the cloud!

CloudFest is one of the world’s largest cloud computing events. Every year, it brings together the industry’s leading players to discuss the latest technological advancements, emerging trends, and market challenges. In 2025, the event once again cemented its leadership status by providing a dynamic platform for professional exchange and cloud innovation. This edition featured captivating … Continue reading Looking back at CloudFest 2025: An essential event for the future of the cloud!

The post Looking back at CloudFest 2025: An essential event for the future of the cloud! appeared first on KoDDoS Blog.

KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

KoDDoS recently strengthened its commitment to the European tech scene by participating in several major events in France. Our team was honored to be invited to key gatherings in the tech industry, highlighting the importance of innovation and cybersecurity in the evolving digital ecosystem. This strategic tour in Paris allowed us to meet top-tier partners, … Continue reading KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris.

The post KoDDoS in Europe: A Strong Presence at Major Tech Events in Paris. appeared first on KoDDoS Blog.

KoDDos Will be at CyberShow 2025 in Paris!

The post KoDDos Will be at CyberShow 2025 in Paris! appeared first on KoDDoS Blog.

Technological innovation in the heart of Los Angeles at the CES 2025 🚀

🚀 Cutting-Edge Services KoDDoS has established itself as a key player in the field of high-performance hosting. Specializing in anti-DDoS protection, we ensure unmatched service continuity for our clients in the face of growing threats targeting digital infrastructures. We also invest in groundbreaking technologies, including Web3, blockchain, and the Internet of Things (IoT), providing tailored … Continue reading Technological innovation in the heart of Los Angeles at the CES 2025 🚀

The post Technological innovation in the heart of Los Angeles at the CES 2025 🚀 appeared first on KoDDoS Blog.

Recruitment Announcement: B2B Sales Representatives and Business Introducers

To meet growing demand and accelerate our growth, we are launching a new sales team. Weare looking for talented, ambitious, and motivated B2B sales representatives and businessintroducers who share our vision of a safer and more resilient internet. Job Profile:Position: B2B Sales Representatives and Business IntroducersAs a key member of our Sales Team, you will … Continue reading Recruitment Announcement: B2B Sales Representatives and Business Introducers

The post Recruitment Announcement: B2B Sales Representatives and Business Introducers appeared first on KoDDoS Blog.

⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃

The countdown has begun! There are only 3 days left to take advantage of our Halloween special and enjoy 10% off on all our hosting and DDoS protection services. Don’t miss this limited-time offer to secure your website with KoDDoS’s high-performance solutions at a great price! 🎃 Promo Code: HALLOWEEN2024 🎃 Use code HALLOWEEN2024 at … Continue reading ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃

The post ⏳ Only 3 Days Left to Grab 10% Off on All KoDDoS Services! 🎃 appeared first on KoDDoS Blog.

Understanding and Preventing DDoS Attacks with KoDDoS

Distributed Denial of Service (DDoS) attacks represent one of the most formidable threats to modern businesses and organizations whose information systems are connected to the internet. These attacks aim to render a service unavailable by overwhelming the target server’s resources with a massive volume of malicious traffic from multiple sources. In the face of this … Continue reading Understanding and Preventing DDoS Attacks with KoDDoS

The post Understanding and Preventing DDoS Attacks with KoDDoS appeared first on KoDDoS Blog.

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID and Azure environments, where attackers can exploit lesser-known billing roles to escalate privileges within organizational tenants. This sophisticated attack vector leverages the ability of guest users, often invited for collaboration with limited permissions, to create and control Azure subscriptions in […]

The post Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google Apps Script a legitimate development platform within Google’s ecosystem to host deceptive phishing pages. This attack, masquerading as an invoice email, exploits the inherent trust users place in Google’s trusted environment to trick recipients into divulging sensitive information. A Sophisticated […]

The post Threat Actors Exploit Google Apps Script to Host Phishing Sites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by the notorious hacker group Storm-1575, also known as “Dadsec.” Since September 2023, this group has been leveraging a Phishing-as-a-Service (PhaaS) platform called Tycoon2FA to target Microsoft 365 users, aiming to harvest credentials through meticulously crafted phishing pages. This campaign, active […]

The post Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers, targeting unsuspecting users and businesses across multiple industries. These threats, including the CyberLock and Lucky_Gh0$t ransomware families, along with a newly identified destructive malware dubbed “Numero,” exploit the growing popularity of AI solutions in sectors like B2B sales, technology, and […]

The post Beware: Weaponized AI Tool Installers Infect Devices with Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features

Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for threat actors targeting Windows-based systems in a thorough technical research carried out by eSentire’s Threat Response Unit (TRU) during 2024 and 2025. This loader, favored for deploying information stealers like Lumma and Rhadamanthys via the ClickFix initial access vector, has […]

The post Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges

A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security gap in Microsoft Entra ID that could allow external guest users to gain powerful control over Azure environments. Contrary to common assumptions, Entra B2B guest accounts—typically used for collaboration with external partners—can leverage specific billing roles to create and transfer […]

The post Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft Reveals Techniques for Defending Against Evolving AiTM Attacks

Microsoft has exposed the escalating sophistication of phishing attacks, particularly focusing on Adversary-in-the-Middle (AiTM) techniques that are becoming a cornerstone of modern cyber threats. As organizations increasingly adopt multifactor authentication (MFA), passwordless solutions, and robust email protections, threat actors are adapting with advanced methods to steal credentials, especially targeting enterprise cloud environments. AiTM attacks, often […]

The post Microsoft Reveals Techniques for Defending Against Evolving AiTM Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Critical Icinga 2 Vulnerability Allows Attackers to Obtain Valid Certificates

A critical vulnerability (CVE-2025-48057) has been discovered in Icinga 2, the widely used open-source monitoring platform. The flaw, affecting installations built with OpenSSL versions older than 1.1.0, could allow attackers to obtain valid certificates from the Icinga Certificate Authority (CA), potentially impersonating trusted nodes and compromising monitoring environments. Security updates have been released in versions […]

The post Critical Icinga 2 Vulnerability Allows Attackers to Obtain Valid Certificates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining

Hackers have been targeting Internet cafés in South Korea since the second half of 2024, exploiting specialized management software to install malicious tools for cryptocurrency mining. According to a detailed report from AhnLab SEcurity intelligence Center (ASEC), the attackers, active since 2022, are using the notorious Gh0st RAT (Remote Access Trojan) to seize control of […]

The post Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Windows 11 Security Update for 22H2 & 23H2 May Cause Recovery Errors

A recent Windows 11 security update, KB5058405, released on May 13, 2025, has caused significant boot failures for some users running Windows 11 versions 22H2 and 23H2—especially in enterprise and virtual environments. Affected systems display a recovery error with code 0xc0000098, specifically referencing the ACPI.sys file, a crucial kernel-mode driver responsible for power management and […]

The post Windows 11 Security Update for 22H2 & 23H2 May Cause Recovery Errors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Top counter antivirus service disrupted in global takedown

AVCheck and related crypting services helped cybercriminals make malware difficult to detect and confirm that malware could slip through various antivirus tools undetected, officials said.

The post Top counter antivirus service disrupted in global takedown appeared first on CyberScoop.

US intelligence employee arrested for alleged double-dealing of classified info

The 28-year-old, who’d been employed by the Defense Intelligence Agency since 2019, specialized in insider threats and had top secret security clearance, officials said.

The post US intelligence employee arrested for alleged double-dealing of classified info appeared first on CyberScoop.

Four Senate Democrats call on DHS to reinstate Cyber Safety Review Board membership

The lawmakers say the January purge has left the United States blind on the nature of the historic Salt Typhoon telecommunications breach.

The post Four Senate Democrats call on DHS to reinstate Cyber Safety Review Board membership appeared first on CyberScoop.

Parties behind 2024 Biden AI robocall reach deal in lawsuit

 The defendants will increase reporting on spoofing, create a compliance team or AI and conduct regular training for staff on how to identify deceptive messages and the dangers of misinformation in U.S. elections.

The post Parties behind 2024 Biden AI robocall reach deal in lawsuit appeared first on CyberScoop.

Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims

The Philippines-based company Funnull operated a large cybercrime platform encompassing more than 332,000 domains, the FBI said.

The post Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims appeared first on CyberScoop.

Questions mount as Ivanti tackles another round of zero-days

The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it.

The post Questions mount as Ivanti tackles another round of zero-days appeared first on CyberScoop.

Chinese hackers used Google Calendar to aid attacks on government entities

Google Threat Intelligence Group said it developed means to counter the activity, which it linked to APT41.

The post Chinese hackers used Google Calendar to aid attacks on government entities appeared first on CyberScoop.

Iranian man pleads guilty in Robbinhood ransomware scheme

Sina Gholinejad pleaded guilty to two counts in a scheme that most visibly hit the city of Baltimore, causing $19 million in damages.

The post Iranian man pleads guilty in Robbinhood ransomware scheme appeared first on CyberScoop.

ZScaler acquires Red Canary for boost in AI-driven security operations

The deal reflects a growing trend in cybersecurity toward consolidation and integration.

The post ZScaler acquires Red Canary for boost in AI-driven security operations appeared first on CyberScoop.

Mandiant flags fake AI video generators laced with malware

A Vietnam-based group has spread thousands of advertisements, fake websites and social media posts promising access to popular prompt-to-video AI generation tools, delivering infostealers and backdoors instead. 

The post Mandiant flags fake AI video generators laced with malware appeared first on CyberScoop.

Meta stopped covert operations from Iran, China, and Romania spreading propaganda

Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread propaganda on social media platforms. Meta announced the disruption of three influence operations from Iran, China, and Romania using fake accounts to spread propaganda and manipulate discourse on Facebook, Instagram, and more. The social media giant pointed out that it […]

US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator

The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major crypto losses through fraud infrastructure. The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Philippines-based company Funnull Technology Inc. and its admin Liu Lizhi for enabling romance scams, causing $200M in U.S. victim losses. A romance scam […]

ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor

ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its ScreenConnect customers. ConnectWise revealed it had detected suspicious activity linked to an advanced nation-state actor. The company confirmed that the attack impacted a small number of its ScreenConnect customers. “ConnectWise recently learned of suspicious activity within our environment that we […]

Victoria’s Secret ‘s website offline following a cyberattack

Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats against major retailers. American lingerie, clothing, and beauty retailer Victoria’s Secret took its website offline following a cyberattack. At this time, the site shows the following message: “Valued customer, we identified and are taking steps to address a security incident. […]

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website. ” In late October 2024, GTIG discovered an exploited government website hosting malware being used to target multiple […]

New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.

GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor. GreyNoise discovered the AyySSHush botnet has hacked over 9,000 ASUS routers, adding a persistent SSH backdoor. “Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that […]

Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry

The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on its critical infrastructure. The Czech government strongly condemned China after the cyber espionage group APT31 was linked to a cyberattack targeting the nation’s critical infrastructure. The Czech government condemned China after APT31 hackers infiltrated a ministry’s unclassified system in 2022 […]

New PumaBot targets Linux IoT surveillance devices

PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. PumaBot skips broad internet scans and instead pulls a list of targets from its […]

App Store Security: Apple stops $2B in fraud in 2024 alone, $9B over 5 years

Apple blocked over $9B in fraud in 5 years, including $2B in 2024, stopping scams from deceptive apps to fake payment schemes on the App Store. In the past five years alone, Apple says it has blocked over $9 billion in fraudulent transactions, more than $2 billion of that in 2024, highlighting its ongoing efforts […]

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (“bitdefender-download[.]com”) spoofing Bitdefender’s Antivirus for Windows download page to trick visitors into downloading a remote access trojan called Venom RAT. “A malicious campaign […]

Smarter Defenses: How AI Improves Security for Low/No-Code and Vibe Coded Applications

Companies want results fast, and low/no-code (LCNC) and Vibe Coding platforms promise just that: rapid application development with either no coding or AI-generated coding.   LCNC and Large Language Model (LLM) Vendors quickly release products to get ahead in the AI race. Organizations procure these products to implement right away aiming for quick returns on investment […]

The post Smarter Defenses: How AI Improves Security for Low/No-Code and Vibe Coded Applications appeared first on IT Security Guru.

IT Security Guru picks for Infosecurity Europe 2025

With Infosecurity Europe around the corner next week, planning your schedule can be tricky. But never fear! The Gurus have been busy collecting a selection of unmissable events to help you plan your days and ensure you get the most out of your visit.  First up: the talks. And there are a lot to choose […]

The post IT Security Guru picks for Infosecurity Europe 2025 appeared first on IT Security Guru.

Check Point Launches Next-Gen Branch Office Security, Boosting Threat Prevention Speed by 4x

Check Point has announced significant advancements to its Quantum Force Security Gateways family. As a result, all Quantum Force Security Gateways for data centres and perimeters are set to receive a 15-25% performance uplift in threat prevention throughput, delivered automatically via a software update. In parallel, Check Point is rolling out a new line-up of […]

The post Check Point Launches Next-Gen Branch Office Security, Boosting Threat Prevention Speed by 4x appeared first on IT Security Guru.

Check Point Enhances Enterprise Security with AI-Driven Threat Management

Check Point Software has announced the launch of its next generation Quantum Smart-1 Management Appliances. These appliances deliver 2X increase in managed gateways and up to 70% higher log rate, with AI-powered security tools designed to meet the demands of hybrid enterprises. Fully integrated within the Check Point Infinity Platform, they offer faster, more intelligent […]

The post Check Point Enhances Enterprise Security with AI-Driven Threat Management appeared first on IT Security Guru.

Check Point to Acquire Veriti to Transform Threat Exposure Management

Check Point Software has announced a definitive agreement to acquire Veriti Cybersecurity, the first fully automated, multi-vendor pre-emptive threat exposure and mitigation platform. The acquisition aims to respond to the uptick in AI-fuelled attacks facing organisations, as well as the increasing connectivity of IT environments.  Founded in 2021, Veriti pioneered the Preemptive Exposure Management (PEM) […]

The post Check Point to Acquire Veriti to Transform Threat Exposure Management appeared first on IT Security Guru.

Finding the right balance between ‘vibe coders’ and security

In today’s digital workplaces, more employees are building their own applications by generating code using Low Code No Code (LCNC), Artificial Intelligence (AI) and Large Language Model (LLM) tools instead of manually writing lines of code. These employees are called vibe coders. Vibe Coders prompt LCNC and AI tools using natural language prompts to generate […]

The post Finding the right balance between ‘vibe coders’ and security appeared first on IT Security Guru.

Keeper Security appoints new CISO

Keeper Security, the cybersecurity provider of zero-trust and zero-knowledge Privileged Access Management (PAM) software protecting passwords, passkeys, privileged accounts, secrets and remote connections, is pleased to announce that security industry veteran Shane Barney has been appointed Chief Information Security Officer (CISO). Shane joins Keeper from the U.S. Citizenship and Immigration Services (USCIS), where he served […]

The post Keeper Security appoints new CISO appeared first on IT Security Guru.

Salt Security Partners With Wiz, Combines Cloud and API Security

API security orgnanisation Salt Security has announced its expanded partnership and new integration with Wiz, the leader in cloud security. The integration between Salt Security and Wiz enables organisations to detect, comprehend, and respond to both API security posture gaps and critical risks directly within their cloud security infrastructure. The complexity and size of modern […]

The post Salt Security Partners With Wiz, Combines Cloud and API Security appeared first on IT Security Guru.

ENISA Launches European Vulnerability Database to Bolster EU Cyber Resilience

The European Union Agency for Cybersecurity (ENISA) has unveiled the European Vulnerability Database (EUVD), a strategic move designed to enhance digital security across the bloc and reduce reliance on U.S.-centric cybersecurity infrastructure. The EUVD, now live for consultation, aggregates vulnerability data from a wide range of sources, including national Computer Security Incident Response Teams (CSIRTs), […]

The post ENISA Launches European Vulnerability Database to Bolster EU Cyber Resilience appeared first on IT Security Guru.

AI Agents: Transformative or Turbulent?

Described as revolutionary and disruptive, AI agents are the new cornerstone of innovation in 2025. But as with any technology standing on the cutting edge, this evolution isn’t without its trade-offs. Will this new blend of intelligence and autonomy really introduce a new era of efficiency? Or does the ability for AI Agents to act […]

The post AI Agents: Transformative or Turbulent? appeared first on IT Security Guru.

Copyright Phishing Lures Leading to Rhadamanthys Stealer Now Targeting Europe

Cybereason issues Threat Alerts to inform customers of emerging impacting threats, critical vulnerabilities and attacker campaigns. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.

Genesis Market - Malicious Browser Extension

Cybereason GSOC has identified a malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023.

CVE-2025-32433: Unauthenticated RCE Vulnerability in Erlang/OTP’s SSH Implementation

Key Takeaways

• A critical vulnerability has been discovered in Erlang/OTP, tracked as CVE-2025-32433,  and has a CVSS score of 10 (critical). 
• This critical remote code execution (RCE) vulnerability affects the SSH server within the Erlang/OTP software platform.
• This vulnerability allows unauthenticated attackers to gain full system access by sending crafted SSH packets before any login or credentials are provided. 
• Systems running Erlang/OTP’s native SSH server are at risk and may be embedded in telecom, IoT, cloud platforms, databases, etc.
• We recommend patching impacted systems immediately. 

From Shadow to Spotlight: The Evolution of LummaStealer and Its Hidden Secrets

This article is a continuation of the previous research published on the malware LummaStealer: "Your Data Is Under New Lummanagement: The Rise of LummaStealer".

A Class Above: Expert Support for Data Breach Class Action Defense

Between 2022 and 2024, data breach-related class actions in the United States surged by over 146%, with the top 10 settlements in 2024 averaging 15% higher than in 2023. As organizations grapple with increasingly aggressive litigation stemming from cybersecurity incidents, class action lawsuits have become a major risk vector—one that now rivals the breach itself in terms of financial, operational, and reputational impact, underscoring the importance of both proactive cybersecurity posture and a strong defensive strategy in litigation. Whether it’s demonstrating reasonable security practices or disputing claims of harm resulting from cybersecurity incidents, the involvement of technical experts has become critical.

The Curious Case of PlayBoy Locker

Cybereason issues Threat Analysis reports to investigate emerging threats and provide practical recommendations for protecting against them. In this Threat Analysis report, Cybereason investigates the new Ransomware-as-a-Service (RaaS) known as PlayBoy Locker and how to defend against it through the Cybereason Defense Platform.

Are you keeping pace with Cyber Security AI innovation?

Skip ahead if you have heard this story, but when I started in anti-virus at Dr Solomon’s, Alan Solomon would share how he moved from doing hard disk data recoveries into antivirus because he received a drive to recover and recognized the corruption was logical. As such to fix the damage he wrote an algorithm (he was a mathematician by education) to undo the corruption. A few months later he was recovering another drive and recognized the same logical corruption, which led him to write a new algorithm to detect this corruption; this was how he started Dr Solomon’s antivirus software. The point here is that traditional anti-virus has always been based on pattern matching. Find something unique to each attack in its code, then you can write an algorithm or more commonly called these days a signature to detect, block and repair the attack. I remember Alan saying effectively that signatures had solved the virus problem, the volume would continue to grow, as would the complexity, but the same signature solution would always apply.

Cracking the Code: How to Identify, Mitigate, and Prevent BIN Attacks

KEY TAKEAWAYS

• Understanding BIN Attacks: BIN attacks exploit the publicly available Bank Identification Numbers (BINs) on payment cards to brute-force valid card details, enabling fraudulent transactions. Identifying patterns of failed authorization attempts is critical for early detection.
• Effective Mitigation Strategies: Implementing rate limiting, enhanced authentication (e.g., CAPTCHA, MFA), Web Application Firewalls (WAFs), geofencing, and machine-learning-based fraud detection tools can significantly reduce the likelihood of successful BIN attacks.
• Collaborative Incident Response: Engage payment processors, card issuers, and digital forensics teams to trace attacks, freeze compromised cards, and implement long-term measures like tokenization and PCI DSS compliance to strengthen payment security.

Threat actors with financial motivations often leverage BIN attacks when targeting financial services or eCommerce victims. BIN attacks involve threat actors systematically testing card numbers stemming from a Bank Identification Number (BIN) to find valid card details. BIN values are assigned to card issuers and form the first 6-8 digits on payment cards. These values are published to merchants, payment processors, and other service providers to facilitate transactions and are publicly available. The BIN is then followed by an additional set of numbers (the account number) to form a complete Primary Account Number (PAN), or card number.

Three Zero-Day Vulnerabilities Discovered in VMware Products

Key Takeaways

• Three zero-day vulnerabilities have been discovered in VMware products, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226.
• Nearly all supported and unsupported VMware products are impacted, including VMware ESXi, VMware Workstation Pro / Player (Workstation), VMware Fusion, VMware Cloud Foundation, and VMware Telco Cloud Platform.
• Chaining these 3 vulnerabilities together allows an attacker to escape or “break out” of a “child” Virtual Machine (VM), gain access to the “parent” ESXi Hypervisor, and potentially access any other accessible VM as well as gain access to the management network of the exposed VMware cluster.
• We recommend upgrading to “fixed versions” indicated in the VMware by Broadcom matrix immediately.

Deceptive Signatures: Advanced Techniques in BEC Attacks

KEY TAKEAWAYS

• Sophistication of BEC Attacks: Business Email Compromise (BEC) attacks are becoming increasingly sophisticated, leveraging advanced social engineering, AI-driven personalization, and phishing kits in order to overcome MFA protections.
• Exploitation of Trust: Some threat actor groups have been discovered levering a technique that involves embedding phishing lures within email signature blocks on user accounts. This deceptive tactic exploits recipients’ trust and attention to the benign nature of signature sections by replacing it with a formatted email. It can also remain undetected during certain investigative steps as it's not considered an inbox rule change which could be associated with specific audit logging and alerting.
• Cascading Impact: Once initial credentials are compromised, attackers often use these accounts to launch secondary phishing campaigns, expanding their reach and escalating financial and reputational damage to organizations. Additionally, even after a password change and a threat actor has lost access to a previously compromised account, if the signature block alteration is not caught and remediated quickly, then normal sending of emails by the user may unknowingly perpetuate the attack forward.

Business email compromise attacks have become increasingly common in recent years, driven by sophisticated social engineering tactics that make it easier to dupe victims. This is in part to the believability that the threat actors are able to achieve by collecting sensitive information from publicly available sources, including corporate websites and social media. Criminals leverage this information to pose as trusted colleagues or business partners, using stolen or spoofed email accounts to deliver convincing messages that prompt recipients to transfer funds or disclose confidential information. The evolving nature of these schemes is characterized by their high success rate, low technological barriers to entry for threat actors, and the substantial financial losses incurred by victim organizations. Advancements in automation, AI-driven personalization, and ready-to-use phishing kits have further accelerated the proliferation of BEC attacks, creating a lucrative marketplace for cybercriminals.

How to spot a holiday shopping scam: Fake deals, trick surveys & bogus gift cards

Scammers, fraudsters, and phishers take advantage of every season. But the holiday shopping season - which includes Black Friday, Cyber Monday, and Christmas - may be their favorite.

As retailers rush to capitalize on what is generally their most profitable time of year, they will generally flood email boxes with great offers that are often time sensitive and may even seem too-good-to-be-true. Meanwhile, consumers also feel the urgency to get their shopping done, along with the stresses of work and family. Add in the financial pressure of an inflationary economy and the likelihood of making a quick mistake keeps increasing. Read on for some simple yet effective ways to ruin the scammers' fun as you celebrate the season of giving.

Soon�

Posted by Sean @ 12:52 GMT

Our "construction project" is progressing nicely.



And it should resolve this…



Fix mobile usability issues?

Translation: your site doesn't help us sell more Android phones and ads.

But whatever, the "issues" should be fixed soon enough.

On 18/08/15 At 12:52 PM

Work In Progress

Posted by Sean @ 13:25 GMT

Regular readers will have noticed it's been slow here of late.


Under Construction

We're finally undertaking an upgrade from Greymatter 1.7.3. This may be the world's oldest Greymatter blog… that will now change.

More info coming soon.

In the meantime, you can still catch us on Twitter.

On 13/08/15 At 01:25 PM

"IOS Crash Report" Update: Safari Adds Block Feature

Posted by Sean @ 09:53 GMT

Ask, and sometimes, you shall receive.

Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help.

Apple released iOS 9 Public Beta 2:



And it appears that one of Safari's new features allows people to block fraud-focused JavaScript.



We tested a scam-site and after a few attempts to dismiss the JavaScript dialog, Safari included a prompt to "Block Alerts". We were then easily able to close the page.

Kudos Apple! Looking forward to seeing this in iOS 9's general release.

Big hat tip to Rosyna Keller.

On 23/07/15 At 09:53 AM

Duke APT group's latest tools: cloud services and Linux support

Posted by Artturi @ 11:59 GMT

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke group. While SeaDuke is a single - albeit cross-platform - trojan, CloudDuke appears to be an entire toolset of malware components, or "solutions" as the Duke group apparently calls them. These components include a unique loader, downloader, and not one but two different trojan components. CloudDuke also greatly expands on the Duke group's usage of cloud storage services, specifically Microsoft's OneDrive, as a channel for both command and control as well as the exfiltration of stolen data. Finally, some of the recent CloudDuke spear-phishing campaigns have born a striking resemblance to CozyDuke spear-phishing campaigns from a year ago.

Linux support added with the cross-platform SeaDuke malware

Last week, both Symantec and Palo Alto Networks published research on SeaDuke, a newer addition to the arsenal of trojans being used by the Duke group. While older malware by the Duke group has always been written with a combination of the C and C++ programming languages as well as assembly language, SeaDuke is peculiarly written in Python with multiple layers of obfuscation. This Python code is usually then compiled into Windows executables using py2exe or pyinstaller. However, the Python code itself has been designed to work on both Windows and Linux. We therefore suspect, that the Duke group is also using the same SeaDuke Python code to target Linux victims. This is the first time we have seen the Duke group employ malware to target Linux platforms.


An example of the cross-platform support found in SeaDuke.

A new set of solutions with the CloudDuke malware toolset

Last week, we also saw Palo Alto Networks and Kaspersky Labs publish research on malware components they respectively called MiniDionis and CloudLook. MiniDionis and CloudLook are both components of a larger malware toolset we call CloudDuke. This toolset consists of malware components that provide varying functionality while partially relying on a shared code framework and always using the same loader. Based on PDB strings found in the samples, the malware authors refer to the CloudDuke components as "solutions" with names such as "DropperSolution", "BastionSolution" and "OneDriveSolution". A list of PDB strings we have observed is below:

� C:\DropperSolution\Droppers\Projects\Drop_v2\Release\Drop_v2.pdb
� c:\BastionSolution\Shells\Projects\miniDionis4\miniDionis\obj\Release\miniDionis.pdb
� c:\BastionSolution\Shells\Projects\miniDionis2\miniDionis\obj\Release\miniDionis.pdb
� c:\OneDriveSolution\Shells\Projects\OneDrive2\OneDrive\obj\x64\Release\OneDrive.pdb

The first of the CloudDuke components we have observed is a downloader internally called "DropperSolution". The purpose of the downloader is to download and execute additional malware on the victim's system. In most observed cases, the downloader will attempt to connect to a compromised website to download an encrypted malicious payload which the downloader will decrypt and execute. Depending on the way the downloader has been configured, in some cases it may first attempt to log in to Microsoft's cloud storage service OneDrive and retrieve the payload from there. If no payload is available from OneDrive, the downloader will revert to the previously mentioned method of downloading from compromised websites.

We have also observed two distinct trojan components in the CloudDuke toolset. The first of these, internally called "BastionSolution", is the trojan that Palo Alto Networks described in their research into "MiniDionis". Interestingly, BastionSolution appears to functionally be an exact copy of SeaDuke with the only real difference being the choice of programming language. BastionSolution also makes significant use of a code framework that is apparently internally called "Z". This framework provides classes for functionality such as encryption, compression, randomization and network communications.


A list of classes in the BastionSolution trojan, including multiple classes from the "Z" framework.

Classes from the same "Z" framework, such as the encryption and randomization classes, are also used by the second trojan component of the CloudDuke toolset. This second component, internally called "OneDriveSolution", is especially interesting because it relies on Microsoft's cloud storage service OneDrive as its command and control channel. To achieve this, OneDriveSolution will attempt to log into OneDrive with a preconfigured username and password. If successful, OneDriveSolution will then proceed to copy data from the victim's computer to the OneDrive account. It will also search the OneDrive account for files containing commands for the malware to execute.


A list of classes in the OneDriveSolution trojan, including multiple classes from the "Z" framework.

All of the CloudDuke "solutions" use the same loader, a piece of code whose primary purpose is to decrypt the embedded, encrypted solution, load it in memory and execute it. The Duke group has often employed loaders for their malware but unlike the previous loaders they have used, the CloudDuke loader is much more versatile with support for multiple methods of loading and executing the final payload as well as the ability to write to disk and execute additional malware components.

CloudDuke spear-phishing campaigns and similarities with CozyDuke

CloudDuke has recently been spread via spear-phishing emails with targets reportedly including organizations such as the US Department of Defense. These spear-phising emails have contained links to compromised websites hosting zip archives that contain CloudDuke-laden executables. In most cases, executing these executables will have resulted in two additional files being written to the victim's hard disk. The first of these files has been a decoy, such as an audio file or a PDF file while the second one has been a CloudDuke loader embedding a CloudDuke downloader, the so-called "DropperSolution". In these cases, the victim has been presented with the decoy file while in the background the downloader has proceeded to download and execute one of the CloudDuke trojans, "OneDriveSolution" or "BastionSolution".


Example of one of the decoy documents employed in the CloudDuke spear-phishing campaigns. It has apparently been copied by the attackers from here.

Interestingly, however, some of the other CloudDuke spear-phishing campaigns we have observed this July have born a striking resemblance to CozyDuke spear-phishing campaigns seen almost exactly a year ago, in the beginning of July 2014. In both spear-phishing campaigns, the decoy document has been the exact same PDF file, a "US letter fax test page" (28d29c702fdf3c16f27b33f3e32687dd82185e8b). Similarly, the URLs hosting the malicious files have, in both campaigns, purported to be related to eFaxes. It is also interesting to note, that in the case of the CozyDuke-inspired CloudDuke spear-phishing campaign, the downloading and execution of the malicious archive linked to in the emails has not resulted in the execution of the CloudDuke downloader but in the execution of the "BastionSolution" component thereby skipping one step from the process described for the other CloudDuke spear-phishing campaigns.


The "US letter fax test page" decoy employed in both CloudDuke and CozyDuke spear-phishing campaigns.

Increasingly using cloud services to evade detection

CloudDuke is not the first time we have observed the Duke group use cloud services in general and Microsoft OneDrive specifically as part of their operations. Earlier this spring we released research on CozyDuke where we mentioned observing CozyDuke sometimes either directly use a OneDrive account to exfiltrate stolen data or alternatively CozyDuke downloading Visual Basic scripts that would copy stolen files to a OneDrive account and sometimes even retrieve files containing additional commands from the same OneDrive account.

In these previous cases the Duke group has only used OneDrive as a secondary communication channel but still relied on more traditional C&C channels for most of their actions. It is therefore interesting to note that CloudDuke actually enables the Duke group to rely solely on OneDrive for every step of their operation from downloading the actual trojan, passing commands to the trojan and finally exfiltrating stolen data.

By relying solely on 3rd party web services, such as OneDrive, as their command and control channel, we believe the Duke group is trying to better evade detection. Large amounts of data being transferred from an organization's network to an unknown web server easily raises suspicions. However, data being transferred to a popular cloud storage service is normal. What better way for an attacker to surreptitiously transfer large amounts of stolen data than the same way people are transferring that same data every day for legitimate reasons. (Coincidentally, the implications of 3rd party web services being used as command and control channels is also the subject of an upcoming talk at the VirusBulletin 2015 conference).

Directing limited resources towards evading detection and staying ahead of defenders

Developing even a single multipurpose malware toolset, never mind many, requires time and resources. Therefore it seems logical to attempt to reuse code such as supporting frameworks between different toolsets. The Duke group, however, appear to have taken this a step further with SeaDuke and the CloudDuke component BastionSolution, by rewriting the same code in multiple programming languages. This has the obvious benefits of saving time and resources by providing two malware toolsets, that while similar on the inside, appear completely different on the outside. This way, the discovery of one toolset does not immediately lead to the discovery of the second toolset.

The Duke group, long suspected of ties to the Russian state, have been running their espionage operation for an unusually long time and - especially lately - with unusual brazenness. These latest CloudDuke and SeaDuke campaigns appear to be a clear sign that the Duke's are not planning to stop any time soon.

Research and post by Artturi (@lehtior2)

F-Secure detects CloudDuke as Trojan:W32/CloudDuke.B and Trojan:W64/CloudDuke.B

Samples:

04299c0b549d4a46154e0a754dda2bc9e43dff76
2f53bfcd2016d506674d0a05852318f9e8188ee1
317bde14307d8777d613280546f47dd0ce54f95b
476099ea132bf16fa96a5f618cb44f87446e3b02
4800d67ea326e6d037198abd3d95f4ed59449313
52d44e936388b77a0afdb21b099cf83ed6cbaa6f
6a3c2ad9919ad09ef6cdffc80940286814a0aa2c
78fbdfa6ba2b1e3c8537be48d9efc0c47f417f3c
9f5b46ee0591d3f942ccaa9c950a8bff94aa7a0f
bfe26837da22f21451f0416aa9d241f98ff1c0f8
c16529dbc2987be3ac628b9b413106e5749999ed
cc15924d37e36060faa405e5fa8f6ca15a3cace2
dea6e89e36cf5a4a216e324983cc0b8f6c58eaa8
e33e6346da14931735e73f544949a57377c6b4a0
ed0cf362c0a9de96ce49c841aa55997b4777b326
f54f4e46f5f933a96650ca5123a4c41e115a9f61
f97c5e8d018207b1d546501fe2036adfbf774cfd

Compromised servers used for command and control:

hxxps://cognimuse.cs.ntua.gr/search.php
hxxps://portal.sbn.co.th/rss.php
hxxps://97.75.120.45/news/archive.php
hxxps://portal.sbn.co.th/rss.php
hxxps://58.80.109.59/plugins/search.php

Compromised websites used to host CloudDuke:

hxxp://flockfilmseries.com/eFax/incoming/5442.ZIP
hxxp://www.recordsmanagementservices.com/eFax/incoming/150721/5442.ZIP
hxxp://files.counseling.org/eFax/incoming/150721/5442.ZIP

On 22/07/15 At 11:59 AM

'Zero Days', The Documentary

Posted by Mikko @ 12:40 GMT

VPRO (the Dutch public broadcasting organization) produced a 45-minute documentary about hacking and the trade of zero days. The documentary has now been released in English on YouTube.



The documentary features Charlie Miller, Joshua Corman, Katie Moussouris, Ronald Prins, Dan Tentler, Eric Rabe (of Hacking Team), Felix Lindner, Rodrigo Branco, Ben Nagy, The Grugq, and many others.

On 20/07/15 At 12:40 PM

IOS Crash Report: Blocking "Pop-Ups" Doesn't Really Help

Posted by Sean @ 10:15 GMT

The Telegraph published an article on Thursday about a scam targeting iOS users. Here's the gist: scammers are using JavaScript generated dialogs to display warnings of so-called "IOS Crash" reports prompting people to call for tech support. Near the end of the Telegraph's article, the following advice is offered:

"To prevent the issue happening again, go to Settings -> Safari -> Block Pop-ups."

Unfortunately, this advice is incorrect. And perhaps even more unfortunately, some security and tech pundits are now repeating the bad advice on numerous websites. How do we know the advice is wrong? Because we actually tested it…

First of all, this "IOS Crash Report" scam is a variation of the technical support scam, cases of which have been documented as early as 2008. In the past, cold-calls originated directly from call centers in India. But more recently, web-based lures are used to prompt potential victims into contacting the scammers.

A Google Search returns several live scam sites with this text:

"Due to a third party application in your phone, IOS is crashed."

Here's one of the sites as viewed with iOS Safari on an iPad:



Safari's "Fraudulent Website Warning" and "Block Pop-ups" features didn't prevent the page from loading.

What looks like a pop-up on the image above is actually a JavaScript generated dialog. One which will continuously re-spawn itself and can be very difficult to dismiss. Turning off JavaScript in Safari is the quickest way to regain control. Unfortunately, leaving JavaScript disabled will significantly impact a large number of legitimate websites.

Here's the same site as viewed with Google Chrome for Windows:



Notice the additional text in the image above: prevent this page from creating additional dialogs. Current versions of Chrome and Firefox (for Windows, at least) will inject this option into re-spawning dialogs, allowing the user to break the loop. Sadly, Internet Explorer and Safari do not. (We tested with IE for Windows / Windows Phone, and iOS Safari.)

Wouldn't be great if all browsers supported this prevention feature?

Yeah, we think so, too.

But it's not just browsers, apps with browser functionality can also be affected.

Here's an example of a JavaScript dialog displayed via Cydia.



The end of the Telegraph's article included the following advice from City of London police:

"Never give your iCloud username and password or your bank details to someone over the phone."

Indeed! Giving somebody your iCloud password could quickly turn a support scam into a data hijacking and extortion scheme. We attempted to call several of the scammer telephone numbers to see if they would ask for our iCloud credentials — only to discover that the numbers we tried are currently not in service.

Hopefully they stay that way. (They won't.)

On 17/07/15 At 10:15 AM

Hacking Team 0-day Flash Wave with Exploit Kits

Posted by Patricia @ 12:29 GMT

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using.

Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the flash exploit was integrated into exploit kits such as Angler, Magnitude, Nuclear, Neutrino, Rig, and HanJuan as reported by Kafeine.

Based on our telemetry, there was a rise in Flash exploits beginning 6th and continued until 9th.




Here are the stats for each exploit kit:




The security advisory for CVE-2015-5119 zero-day was released on 7th July and the patch was made available on 8th. So the hits started to decline about two days after the patch.

But just when people have started updating their systems, there was yet another spike from the Angler flash exploit hits:




Apparently, two more flash vulnerabilities, CVE-2015-5122 and CVE-2015-5123, were discovered. These vulnerabilities are still waiting to be patched. According to Kafeine, one of the two vulnerabilities were added into the Angler exploit kit.

As a side note related to Angler exploit kit, if you noticed in the second chart above, Angler and HanJuan share the same statistics. This was due to the fact that our detections for Angler Flash exploits were also hitting on HanJuan Flash exploits.

We have verified this after discovering that there was a different URL pattern being detected by Angler:




We looked at the flash exploit used by both kits, and the two are very much identical.

Angler Flash Exploit:




HanJuan Flash Exploit:




There were already speculations that there seem to be strong connections between the actors behind the two exploits kits. For example, both have used �fileless� delivery of payload and even similar encryption methods. Perhaps at some point we will see HanJuan supporting this new flash 0 day as well.

In the meantime, since there hasn�t been a patch out yet for these new ones, our users remain protected from the effects of the exploit kits through Browsing Protection as well as these detections:

Exploit:SWF/AnglerEK.L
Exploit:SWF/NeutrinoEK.C
Exploit:SWF/NeutrinoEK.D
Exploit:SWF/NuclearEK.H
Exploit:SWF/NuclearEK.J
Exploit:SWF/Salama.H
Exploit:SWF/Salama.R
Exploit:JS/AnglerEK.D
Exploit:JS/NuclearEK.I
Exploit:JS/MagnitudeEK.A

UPDATE: Adobe has released patches for the recent two vulnerabilities: CVE-2015-5122 and CVE-2015-5123. Users are recommended to update to the latest version of Adobe Flash Player.

On 13/07/15 At 12:29 PM

The Trusted Internet: Who governs who gets to buy spyware from surveillance software companies?

Posted by FSLabs @ 02:31 GMT

When hackers get hacked, that's when secrets are uncovered. On July 5th, Italian-based surveillance technology company Hacking Team was hacked. The hackers released a 400GB torrent file with internal documents, source code, and emails to the public - including the company's client list of close to 60 customers.

The list included countries such as Sudan, Kazakhstan and Saudi Arabia - despite official company denials of doing business with oppressive regimes. The leaked documents strongly implied that in the South-East Asian region, government agencies from Singapore, Thailand and Malaysia had purchased their most advanced spyware, referred to as a Remote Control System (RCS).

According to security researchers Citizen Lab, this spyware is extraordinarily intrusive, with the ability to turn on microphone and cameras on mobile devices, intercept Skype and instant messages, and use an anonymizer network of proxy servers to prevent harvested information from being traced back to the command and control servers.

Based on images of the client list posted to pastebin the software was purchased in Malaysia by the Malaysia Anti-Corruption Commission (MACC), Malaysia Intelligence (MI) and the Prime Minister's Office (PMO):



Additional images of leaked invoices posted to medium.com indicated the spyware was sold through a locally-based Malaysian company named Miliserv Technologies (M) Sdb Bhd (registered with the Ministry of Finance Malaysia), which specializes in providing digital forensics, intelligent gathering and public security services:





Why the Prime Minister's Office would need surveillance software remains puzzling. Mind you, professional grade spyware ain't cheap - a license upgrade could cost you MYR400, 000 and maintenance renewal will set you back about MYR160,000.

According to reports of the incident in Malaysian alternative media, Malaysian government agencies have probably been using the spyware even before discovery of the FinFisher malware that was detected in the run-up to the 2013 General Elections.

Coincidentally, Malaysia has also been the frequent host of the annual ISS World Asia tradeshow, where companies promote their arsenal of 'lawful' surveillance software to law enforcement agencies, telco service provider or government employees. During the 2014 event, the Hacking Team was present and the associate lead sponsor of the event.

MiliServ Technologies is currently involved in the upcoming 2015 ISS World Asia in Kuala Lumpur. The event is invitation-only � though it may be interesting to see if Hacking Team will make it there this year.


Post by – Su Gim

On 08/07/15 At 02:31 AM

Problematic Wassenaar Definitions

Posted by Sean @ 13:25 GMT

The Wassenaar Arrangement, a multilateral export control regime, defines "intrusion software" as software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device. Intrusion software is used to: extract data or information, or to modify system or user data; or to modify the standard execution path of a program or process in order to allow the execution of externally provided instructions.

Wassenaar states that monitoring tools are software or hardware devices that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.


(Source)


So… what we at F-Secure (and the rest of the antivirus industry) call "malware" appears to easily fit Wassenaar's definition of intrusion software.

Why is this interesting?

Well, the US Bureau of Industry and Security (BIS), part of the US Department of Commerce, has proposed updating its rules to require a license for the export of intrusion software.

And according to the Dept of Commerce, "an export" is –any– item that is sent from the United States to a foreign destination. "Items" include among other things, software and technology.

The Paradox

So… if malware is intrusion software, and any item is an export, how exactly are US-based customers supposed to submit a malware sample to their European antivirus vendor? Seriously, customers send us zero-day using malware all the time. Not to mention the samples that we routinely exchange with other trusted AV vendors from around the globe.

Unintended Consequences

The text associated with the BIS proposal says the scope includes penetration testing products that use intrusion software in what looks like an attempt to limit "hacking" tools, but there is nothing about what is excluded from the scope. So the BIS might not intend to limit customers from uploading malware samples to their AV vendor, but that could be the effect if this new rule is adopted and arbitrarily enforced. Or else it could just force people to operate in a legal limbo. Is that what we want?

The BIS is taking comments until July 20th.

On 09/06/15 At 01:25 PM

Found Item: UK Wi-Fi Law?

Posted by Sean @ 13:27 GMT

I visited the UK last Thursday, found a coffee shop offering "free" Wi-Fi, and read this…

"UK Law states that we must know who is using our Wi-Fi at all times."

Now I'm not a lawyer — but that seems like quite the disingenuous claim.



Mobile number, post code, and date of birth??

I wonder how many people fall for this type of malarkey.

Post by — @Sean

On 08/06/15 At 01:27 PM

SMS Exploit Messages

Posted by Sean @ 13:56 GMT

There's an iOS vulnerability affecting iPhone, iPad, and even Apple Watch that allows for a denial of service.

Crashing a phone with an SMS? That's so 2008.


S60 SMS Exploit Messages

Unlike 2008, this time kids are reportedly using the vulnerability to harass others.

Apple is working on a security update. But unfortunately… that update very likely won't be available for older iPhones.

Updated to add:

Here's the "Effective Power" exploit crashing an iPhone 6:


Effective Power Unicode iOS hack on iPhone 6

And this… is Effective Power crashing the iOS Twitter app:


Effective Power Unicode iOS hack vs Twitter

On 28/05/15 At 01:56 PM

Ransomware Spam E-Mails Targeting Users in Italy and Spain

Posted by FSLabs @ 03:17 GMT

In the past few days, we received some cases from our customers in Italy and Spain, regarding malicious spam e-mails that pointed to Cryptowall or Cryptolocker ransomware.

The spam e-mails pretended to come from a courier/postal service, regarding a parcel that was waiting to be collected. The e-mails offer a link to track that parcel online:



When we did the initial investigation of the e-mails from our standard test system, the link redirected to Google:



So, no malicious behavior? Well, we noted that the first two URLs were PHP. Since PHP code is executed on the server side, not locally on the client, it is possible that the servers were 'deciding' whether to redirect the user to Google or to serve malicious content, based on some preset conditions.

Since this particular spam e-mail is written in Italian - perhaps only a customer based in Italy would be able to see the malicious payload? Fortunately, we have Freedome, so we can travel to Italy for a little while to experiment.

So we turned on Freedome, set the location to Milan and clicked the link in the e-mail again:



Now we see the bad stuff. If the user is (or appears to be) located in Italy, the server will redirect them to a malicious file hosted on a cloud storage server.

The e-mail spam sent to Spanish users is similar, though in those cases, a CAPTCHA challenge is included to make the site seem more authentic. If the link in the e-mail is clicked by a user located outside Spain, again we end up in Google:



If the site is visited instead from an Spanish IP, we get to the CAPTCHA screen:



And then to the malware itself:



This spam campaign doesn't use any exploits (so far), just old-fashioned social engineering; infection only occurs if the user manually downloads and executes the files offered on the malicious URLs. For our customers, the URLs are blocked and the files are detected.

(malware SHA1s: 483be8273333c83d904bfa30165ef396fde99bf2, 295042c167b278733b10b8f7ba1cb939bff3cb38)

Post by — Victor

On 19/05/15 At 03:17 AM

Mac Hack Demonstration

Posted by Sean @ 12:46 GMT

Securing your SSH password is very important. Otherwise, you might be pwned by a little girl with her Raspberry Pi.



Don't worry, it's an authorized hack, she asked her mom for permission.

On 15/05/15 At 12:46 PM

Email Security Considerations for Microsoft 365 Users

The post Email Security Considerations for Microsoft 365 Users appeared first on GreatHorn.

Email Security Considerations for Google Workspace Users

The post Email Security Considerations for Google Workspace Users appeared first on GreatHorn.

Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates

The post Show the Value of Your Email Security Solutions: Don’t Just Measure Detection Rates appeared first on GreatHorn.

Universities and Colleges Face Multi-faceted Email Security Challenges

The post Universities and Colleges Face Multi-faceted Email Security Challenges appeared first on GreatHorn.

Spam vs Phish: The Problem with User-Reported Phish Buttons

The post Spam vs Phish: The Problem with User-Reported Phish Buttons appeared first on GreatHorn.

Phishing for Google Impersonation Attacks

Bad actors around the globe go phishing in emails twenty-four hours a day, seven days a week. Whether they are “guppies” like your local bakery down the street or big “fish” like Google, no one is immune to their attacks. Google, one of the largest, most well-known – and used – applications, will always be […]

The post Phishing for Google Impersonation Attacks appeared first on GreatHorn.

GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes

GMX (Global Mail eXchange) Mail is an email service where users may register up to 10 individual email addresses at no cost. As a result, threat actors are leveraging this service to easily spin up new email addresses and effectively delivering phishing attacks that bypass Microsoft o365 and Google Workspace, landing in an organization’s email […]

The post GMX.Net Phishing Campaigns: Why They’re Hitting Users’ Inboxes appeared first on GreatHorn.

Native vs SEG vs ICES: What You Need to Know About Email Security

The shift from on-premise email platforms to cloud email platforms has taken shape, with the majority (70%) of organizations. Microsoft 365 and Google Workspace remain the predominant email platforms for organizations. However, a significant change has occurred in the past year. With an estimated 40% of ransomware attacks that start through email, and BEC and […]

The post Native vs SEG vs ICES: What You Need to Know About Email Security appeared first on GreatHorn.

Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security

In cybersecurity, buzzwords come and go, often being replaced with new buzzwords while the market is still attempting to realize the benefits of the former. Today, every technology vendor is talking about Artificial Intelligence (AI). In reality, Machine Learning (the method to one day achieve AI) is still the predominant technical solution deployed within vendor […]

The post Blueberry Muffins vs Blonde Chihuahuas: Debunking Artificial Intelligence in Email Security appeared first on GreatHorn.

Global Supply Chain: Attackers Targeting Business Deliveries

Our global supply chain includes all the people, companies and countries that need to work cohesively to manufacture, process and ship goods. Disruptions in the global supply chain are increasingly impacting organizations, with logistical problems crossing most industries.  As a result, the continued strain on the supply chain puts added pressure on businesses as they […]

The post Global Supply Chain: Attackers Targeting Business Deliveries appeared first on GreatHorn.

The hidden price of free: How businesses’ cost-cutting tech choices compromise your security

Free software is everywhere, used for email, marketing, accounting, scheduling, and even storing customer data. For small businesses under pressure, it’s a tempting way to cut costs and stay afloat. But “free” often comes with strings. Many of these tools don’t offer strong security, putting your customers or clients at risk. What looks like a […]

The post The hidden price of free: How businesses’ cost-cutting tech choices compromise your security appeared first on Heimdal Security Blog.

The evolution of social engineering and the rise of AI-powered cybercrime

Social engineering and AI-driven fraud are climbing to the top of global security concerns. The World Economic Forum lists them among the biggest cybersecurity threats of 2025. And the threat is no longer just spam emails with obvious typos. Today’s scams are targeted, convincing, and increasingly powered by artificial intelligence. We’re not just talking about phishing […]

The post The evolution of social engineering and the rise of AI-powered cybercrime appeared first on Heimdal Security Blog.

MSPs in 2025: From “Break-Fix to Business Advisor” with Nigel Moore

Welcome back to the MSP Security Playbook, the podcast that helps MSPs cut through the noise, eliminate inefficiencies, and build stronger, more profitable security businesses. I’m your host, Jacob Hazelbaker, business development representative at Heimdal Security, an industry-leading unified and AI-powered cybersecurity solutions provider. Today, I’m diving into a critical topic: the future of MSPs […]

The post MSPs in 2025: From “Break-Fix to Business Advisor” with Nigel Moore appeared first on Heimdal Security Blog.

Heimdal Launches New Podcast: The MSP Security Playbook

COPENHAGEN, Denmark, May 21, 2025 – Heimdal launches a new podcast, The MSP Security Playbook – a show for managed service providers ready to scale smarter, boost profitability, and lead with next-gen cybersecurity solutions. The first episode features Nigel Moore, founder of The Tech Tribe, who discusses how MSPs can move beyond reactive IT support models and embrace more […]

The post Heimdal Launches New Podcast: The MSP Security Playbook appeared first on Heimdal Security Blog.

When Visibility Meets Action in NHS Cybersecurity

In NHS cybersecurity, one problem keeps security teams up at night: the gap between spotting issues and actually fixing them. If you work in healthcare IT, you know this headache all too well. Legacy systems that can’t be easily patched, security teams stretched too thin, and the constant balancing act of keeping operations running while […]

The post When Visibility Meets Action in NHS Cybersecurity appeared first on Heimdal Security Blog.

PDF Malware: How Educational Institutions Can Prevent Infection Spreading

Since 2020, there has been a sharp rise in the number of cyberattacks targeting educational institutions. And PDF malware is one of the most common attack vectors.   Through my work at Heimdal, I regularly speak with staff at universities, schools, and other educational institutions. While IT professionals are usually aware of the risks posed by […]

The post PDF Malware: How Educational Institutions Can Prevent Infection Spreading appeared first on Heimdal Security Blog.

NIS2 Compliance Checklist

The post NIS2 Compliance Checklist appeared first on Heimdal Security Blog.

EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive

The post EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive appeared first on Heimdal Security Blog.

NIS2 Compliance | Challenges, Pain Points and Solutions

The post NIS2 Compliance | Challenges, Pain Points and Solutions appeared first on Heimdal Security Blog.

NIS2 Compliance – How to Do It Sustainably by Continuous Compliance

The post NIS2 Compliance – How to Do It Sustainably by Continuous Compliance appeared first on Heimdal Security Blog.

How to Negotiate Your NIS2 Fine or Completely Avoid the Risk

The post How to Negotiate Your NIS2 Fine or Completely Avoid the Risk appeared first on Heimdal Security Blog.

How to Prepare for NIS2 Audits – A Compliance Expert’s View

The post How to Prepare for NIS2 Audits – A Compliance Expert’s View appeared first on Heimdal Security Blog.

5 Best NIS2 Compliance Software and Solution Providers

The post 5 Best NIS2 Compliance Software and Solution Providers appeared first on Heimdal Security Blog.

Effective Privileged Access Management Implementation: A Step-by-Step Guide

The post Effective Privileged Access Management Implementation: A Step-by-Step Guide appeared first on Heimdal Security Blog.

Privileged Access Management (PAM) – PAM in the Cloud vs PAM for the Cloud

The post Privileged Access Management (PAM) – PAM in the Cloud vs PAM for the Cloud appeared first on Heimdal Security Blog.

ISC Stormcast For Friday, May 30th, 2025 https://isc.sans.edu/podcastdetail/9472, (Fri, May 30th)

No summary available.

Usage of "passwd" Command in DShield Honeypots, (Fri, May 30th)

DShield honeypots &#;x26;#;x5b;1&#;x26;#;x5d; receive different types of attack traffic and the volume of that traffic can change over time. I&#;x26;#;39;ve been collecting data from a half dozen honeypots for a little over a year to make comparisons. This data includes:

ISC Stormcast For Thursday, May 29th, 2025 https://isc.sans.edu/podcastdetail/9470, (Thu, May 29th)

No summary available.

Alternate Data Streams ? Adversary Defense Evasion and Detection [Guest Diary], (Wed, May 28th)

[This is a Guest Diary by Ehsaan Mavani, an ISC intern as part of the SANS.edu BACS program]

[Guest Diary] Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack, (Wed, May 28th)

&#;x26;#;x5b;This is a Guest Diary by Jennifer Wilson, an ISC intern as part of the SANS.edu Bachelor&#;x26;#;39;s Degree in Applied Cybersecurity (BACS) program &#;x26;#;x5b;1].]

ISC Stormcast For Wednesday, May 28th, 2025 https://isc.sans.edu/podcastdetail/9468, (Wed, May 28th)

No summary available.

Securing Your SSH authorized_keys File, (Tue, May 27th)

This is nothing "amazingly new", but more of a reminder to secure your "authorized_keys" file for SSH. One of the first things I see even simple bots do to obtain persistent access to a UNIX system is to add a key to the authorized_keys file of whatever account they are compromising.

ISC Stormcast For Tuesday, May 27th, 2025 https://isc.sans.edu/podcastdetail/9466, (Tue, May 27th)

No summary available.

SVG Steganography, (Mon, May 26th)

Didier recently published several diaries related to steganography. I have to admit that steganography isn&#;x26;#;39;t exactly my favorite topic. It is one of those "neat" infosec toys, but its applicability is limited. Data exfiltration usually does not require proper steganography, but just appending data to an image will usually work just fine.

ISC Stormcast For Friday, May 23rd, 2025 https://isc.sans.edu/podcastdetail/9464, (Fri, May 23rd)

No summary available.

Your KnowBe4 Fresh Content Updates from May 2025

Check out the 25 new pieces of training content added in May, alongside the always fresh content update highlights, new features and events. 

Scammers Exploit Uncertainty Surrounding US Tariffs

Cybersecurity experts are warning that scammers are taking advantage of uncertainty surrounding the U.S. administration’s tariff policies, CNBC reports.

Capital One Customers Targeted By Credential Harvesting Phishing Campaign

The KnowBe4 Threat Lab has identified an active phishing campaign impersonating Capital One.

CyberheistNews Vol 15 #21 I Got This Coinbase-Related Scam in My Personal Inbox Last Week

Threat Actors Are Using AI-Generated Audio to Impersonate U.S. Officials

The FBI is warning that threat actors are impersonating senior US officials in phishing attacks designed to compromise users’ accounts.

If I Had Only 20 Seconds To Teach People How To Avoid Scams

Human risk management involves more than security awareness training, but training is a huge part of the mix.

The Lost Art of Writing Things Down

I was once enrolled in a programming module back at university. We had been given a task, to code something, so we all sat banging out whatever code we could on our keyboards.

Impersonating Meta, Powered by AppSheet: A Rising Phishing Campaign Exploits Trusted Platforms to Evade Detection

Since March 2025, the KnowBe4 Threat Labs team has observed a surge in phishing attacks that exploit Google’s AppSheet platform to launch a highly targeted, sophisticated campaign impersonating social media platform giant Meta.

Phishing Campaign Targets International Students in the US

The FBI has issued an alert on a wave of phishing attacks targeting Middle Eastern students who are studying in the US.

The Ransomware Threat: Still Alive and Kicking

Many organizations, after a period of relative quiet, might believe the ransomware bubble has burst. The headlines may have shifted, and other emerging cyber threats might seem to dominate the news cycle, but recent data from Marsh's 2024 UK cyber insurance claims report suggests otherwise.

RSAC Fireside Chat: Human and machine identity risks are converging — and they’re finally visible

Non-human service accounts have quietly become one of the biggest liabilities in enterprise security.

Related: Why identity is the cornerstone of cyber defense

These machine credentials — used to automate connections between systems — now outnumber humans by 30 to … (more…)

The post RSAC Fireside Chat: Human and machine identity risks are converging — and they’re finally visible first appeared on The Last Watchdog.

RSAC Fireside Chat: Cyber risk mitigation turns personal–defending the CEO as an attack vector

Executives are under digital siege—and most don’t even know it.

Related: Shareholders sue over murder

At RSAC 2025, I sat down with Chuck Randolph, SVP of Strategic Intelligence and Security at 360 Privacy, to unpack a … (more…)

The post RSAC Fireside Chat: Cyber risk mitigation turns personal–defending the CEO as an attack vector first appeared on The Last Watchdog.

RSAC Fireside Chat: ‘Purple’ teams dismantle the reactive trap — and can help restore cyber readiness

Reactive security isn’t just outdated — it’s become a liability. Attackers have figured out how to weaponize speed, and defenders are struggling to keep pace.

Related: Mastering adversary emulation

At RSAC 2025, I spoke with Derek Manky, Chief … (more…)

The post RSAC Fireside Chat: ‘Purple’ teams dismantle the reactive trap — and can help restore cyber readiness first appeared on The Last Watchdog.

News Alert: Halo Security reaches SOC 2 milestone, validating its security controls and practices

Miami, Fla., May 22, 2025, CyberNewsWire — Halo Security, a leading provider of attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type 1 compliance following a comprehensive audit by Insight Assurance.

This … (more…)

The post News Alert: Halo Security reaches SOC 2 milestone, validating its security controls and practices first appeared on The Last Watchdog.

News alert: INE Security, Abadnet Institute partner to deliver cybersecurity training in Saudi Arabia

Cary, NC. May 22, 2025, CyberNewswire — INE Security, a global leader in Cybersecurity training and certifications, has announced a strategic partnership with Abadnet Institute for Training, a Riyadh-based leader in specialized Information Technology, Cybersecurity, and Networking training.… (more…)

The post News alert: INE Security, Abadnet Institute partner to deliver cybersecurity training in Saudi Arabia first appeared on The Last Watchdog.

SHARED INTEL Q&A: Visibility, not volume — reframing detection for the AI-enabled SOC

For years, network security has revolved around the perimeter: firewalls, antivirus, endpoint controls. But as attackers grow more sophisticated — and as operations scatter to the cloud, mobile, and IoT — it’s increasingly what happens inside the network that counts.… (more…)

The post SHARED INTEL Q&A: Visibility, not volume — reframing detection for the AI-enabled SOC first appeared on The Last Watchdog.

News alert: DataHub secures $35M Series B to enable AI to safely manage and use data

Palo Alto, Calif., May 21, 2025 – DataHub, by Acryl Data, the leading open source metadata platform, today announced it has raised $35 million in Series B funding led by Bessemer Venture Partners.

This latest round brings the company’s total … (more…)

The post News alert: DataHub secures $35M Series B to enable AI to safely manage and use data first appeared on The Last Watchdog.

News alert: Attaxion integrates its EASM Platform with ENISA’s EU Vulnerability Database (EUVD)

Dover, Del., May 21, 2025, CyberNewswire — Attaxion, the external attack surface management (EASM) vendor with industry-leading asset coverage, announces the integration of the European Vulnerability Database (EUVD) into its platform.

Operated by the European Union Agency for Cybersecurity … (more…)

The post News alert: Attaxion integrates its EASM Platform with ENISA’s EU Vulnerability Database (EUVD) first appeared on The Last Watchdog.

RSAC Fireside Chat: Enterprise browsers arise to align security with the modern flow of work

A quiet but consequential shift is underway in enterprise workspace security. The browser has effectively become the new operating system of business.

Related: Gartner’s enterprise browser review

It didn’t happen all at once. But as SaaS took over, remote work … (more…)

The post RSAC Fireside Chat: Enterprise browsers arise to align security with the modern flow of work first appeared on The Last Watchdog.

MY TAKE: Semantics aside, “agentic AI” is already reshaping how we work, think, envision what’s next

Stephen Klein didn’t just stir the pot. He lit a fire.

Related: Klein’s LinkedIn debate

In a sharply worded post that quickly went viral on LinkedIn, the technologist and academic took direct aim at what he called the “hype-as-a-service” business … (more…)

The post MY TAKE: Semantics aside, “agentic AI” is already reshaping how we work, think, envision what’s next first appeared on The Last Watchdog.

Porn sites probed for allegedly failing to prevent minors from accessing content

Four porn sites are being investigated by the European Commission under its Digital Services Act (DSA) for allegedly failing to verify its users' ages properly.

Take back control of your browser—Malwarebytes Browser Guard now blocks search hijacking attempts

Malwarebytes Browser Guard has a cool new feature to protect you against search hijacking.

Deepfake-posting man faces huge $450,000 fine

A man is facing a $450,000 AU fine after he published deepfake images of prominent Australian women on the now-defunct MrDeepfakes web site.

Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware

Cybercriminals are using text-to-video-AI tools to lure victims to fake websites that deliver malware like infostealers and Trojans.

New warning issued over toll fee scams

A renewed warning about toll fee scams has gone out. This time it comes from the DMVs of several US states.

184 million logins for Instagram, Roblox, Facebook, Snapchat, and more exposed online

A huge dataset with all kinds of sensitive information, likely to be the result of infostealers, has been found unsecured online.

A week in security (May 19 – May 25)

A list of topics we covered in the week of May 19 to May 25 of 2025

Lumma information stealer infrastructure disrupted

The Lumma infostealer infrastructure has suffered a serious blow by a coordinated action of the DOJ and Microsoft.

Stalkerware apps go dark after data breach

A stalkerware company that recently leaked millions of users' personal information online has taken all of its assets offline without any explanation.

Scammers are using AI to impersonate senior officials, warns FBI

Cybercriminals are using AI-based tools to generate voice clones of the voices of senior US officials in order to scam people.

23andMe and its customers’ genetic data bought by a pharmaceutical org

The bankrupt 23andMe, along with all of its genetic data, has been bought by US drugmaker Regeneron Pharmaceuticals.

Malware-infected printer delivered something extra to Windows users

You'd hope that spending $6,000 on a printer would give you a secure experience, free from viruses and other malware. However, in the case of Procolored printers, you'd be wrong.

How Los Angeles banned smartphones in schools (Lock and Code S06E10)

This week on the Lock and Code podcast, we speak with Nick Melvoin about the Los Angeles Unified School District smartphone ban for students.

Update your Chrome to fix serious actively exploited vulnerability

Make sure your Chrome is on the latest version, to patch against an actively exploited vulnerability that can be used to steal sensitive information from websites.

A week in security (May 12 – May 18)

A list of topics we covered in the week of May 12 to May 18 of 2025

Data broker protection rule quietly withdrawn by CFPB

The CFPB has decided to withdraw a 2024 rule that was aimed at limiting the sale of Americans’ personal information by data brokers.

Meta sent cease and desist letter over AI training

A privacy advocacy group has clapped back at Meta over its plans to start training its AI model on European users' data.

Google to pay $1.38 billion over privacy violations

The state of Texas reached a mammoth financial agreement with Google last week, securing $1.375 billion in payments to settle two lawsuits concerning the use of consumers' data.

Android users bombarded with unskippable ads

The Kaleidoscope ad fraud network uses a combination of legitimate and malicious apps, according to researchers.

A week in security (May 4 – May 10)

A list of topics we covered in the week of May 4 to May 10 of 2025

Data Protection Gap Analysis: Identifying Weak Spots Before Regulators Do

In today’s regulatory landscape, organisations face increasing scrutiny over their data protection practices. With fines increasing and regulatory expectations tightening, it’s crucial to identify and address compliance vulnerabilities before they attract unwanted attention from authorities. A recent webinar by GRC Solutions, featuring experts Louise Brooks, Ryan Peeney and Zoe Hewitt, explored how organisations can use data protection gap analysis to identify weak spots in their compliance frameworks and stay ahead of regulators. This blog provides a summary of that webinar. What is a data protection gap analysis? A data protection gap analysis is a robust assessment of your organisation’s data

The post Data Protection Gap Analysis: Identifying Weak Spots Before Regulators Do appeared first on IT Governance Blog.

Lessons Learned from the Legal Aid Agency Data Breach

The MoJ (Ministry of Justice) has disclosed that the LAA (Legal Aid Agency) suffered a data breach last month, in which criminals accessed data relating to hundreds of thousands of people, dating back to 2010. Exfiltrated data may have included “contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments”. According to the BBC, more than 2 million pieces of information were taken, including data relating to “domestic abuse victims, those in family cases and others facing criminal prosecution”. It’s not known whether

The post Lessons Learned from the Legal Aid Agency Data Breach appeared first on IT Governance Blog.

How to Spot a Phishing Email in 2025 –with Real Examples and Red Flags

Despite growing awareness and increasingly sophisticated security tools, phishing is still one of the most persistent and pernicious threats of the modern age: according to Proofpoint’s 2024 State of the Phish report, 86% of organisations experienced a phishing attempt last year and over 70% suffered a successful compromise due to human error. Phishing is also the most prevalent form of attack: the UK government’s Cyber Security Breaches Survey 2025 found that phishing accounted for 93% of all cyber crime in the UK. So why is phishing so effective? Simply because it exploits the weakest link in any cyber security setup:

The post How to Spot a Phishing Email in 2025 –with Real Examples and Red Flags appeared first on IT Governance Blog.

The Co-Op, M&S, Harrods… You? Mitigating the Risk of Ransomware

The recent DragonForce cyber attacks on the Co-Op, Marks & Spencer and Harrods show the threat of ransomware is as prevalent as ever – and, despite warnings from the attackers that they’re “putting UK retailers on the Blacklist”, it’s obviously not just the retail sector that needs to be concerned. For all organisations, it can be disastrous when systems are encrypted and data is exfiltrated. According to Sophos’s State of Ransomware report for 2024, 59% of organisations were hit by ransomware attacks last year. So what can you do to counter the risk? Ransomware as a service Ransomware is, of

The post The Co-Op, M&S, Harrods… You? Mitigating the Risk of Ransomware appeared first on IT Governance Blog.

The 8 CISSP domains explained

The CISSP® (Certified Information Systems Security Professional) qualification is one of the most respected certifications in the information security industry, demonstrating an advanced knowledge of cyber security. It ranks alongside CCSP (Certified Cloud Security Professional) and CSSLP (Certified Secure Software Lifecycle Professional) as one of the most in-demand credentials when hiring C-level leaders in information security. Below, we explain the structure of CISSP and its domains. CISSP was launched in 1994 and its structure was last updated by (ISC)2 in 2015, moving from ten domains to eight. The domain weightings in the CISSP exam were last changed on 15 April 2024. These regular updates

The post The 8 CISSP domains explained appeared first on IT Governance Blog.

Windows 10 End of Life: What Does it Mean for Your Organisation?

And what are the challenges of migrating to a newer system, such as Windows 11? Windows 10 reaches the end of its lifecycle on 14 October 2025. But what does this mean? What are the challenges of migrating to new systems? What are the security implications? And what are the risks of delaying migration? We put these questions – and others – to our head of security testing, James Pickard. In this interview Hi James. So, what does it mean when systems or software reach the end of their lifecycle? End of life is basically when software or hardware products

The post Windows 10 End of Life: What Does it Mean for Your Organisation? appeared first on IT Governance Blog.

Author of the Month: Richard Bingley

Combatting Cyber Terrorism – A guide to understanding the cyber threat landscape and incident response planning Richard has led and operated various vital security projects, including the London 2012 Olympics and Russia 2014 Winter Olympics. He’s also served as executive director of London First’s security and resilience division. In addition, Richard was a senior lecturer in security and resilience at Buckinghamshire New University, and director of the BNU Business School. Currently, he’s director of the business security briefing service CSARN.org and CEO at the Global Cyber Academy. Richard is also a frequent media commentator on AI, cyber security and future

The post Author of the Month: Richard Bingley appeared first on IT Governance Blog.

Author of the Month: Andrew Pattison

This month, we are celebrating author Andrew Pattison! His book: NIST CSF 2.0 – Your essential introduction to managing cybersecurity risks was published in February 2025 and covers the latest updates to the NIST framework.   The NIST CSF (Cybersecurity Framework) 2.0 is designed to help organisations prevent and protect themselves from cyber attacks. This book will help you understand how to: About the author: Andrew Pattison is the global head of GRC and PCI consultancy at GRC International Group, a GRC Solutions company. He has been working in information security, risk management and business continuity since the mid-1990s, helping

The post Author of the Month: Andrew Pattison appeared first on IT Governance Blog.

The Cyber Essentials Scheme’s 2025 Update and What it Means for Your Organisation

The Cyber Essentials scheme is updated each year to ensure its best-practice approach to basic cyber security remains relevant. So, what’s new for 2025? Cyber Essentials and Cyber Essentials Plus: what’s new in the 2025 update? As of 28 April 2025, new Cyber Essentials certifications will be assessed according to v3.2 of the NCSC Requirements for IT Infrastructure and must use the new ‘Willow’ Question Set, which replaces the Montpellier version. The changes introduced by the 2025 update are minor, but organisations will still need to be aware of what’s expected of them. Here’s a high-level summary. Cyber Essentials Requirements

The post The Cyber Essentials Scheme’s 2025 Update and What it Means for Your Organisation appeared first on IT Governance Blog.

What It Takes to Be Your Organisation’s DPO or Data Privacy Lead

‘GDPR’ has become a familiar term. We recognise the visible and consumer-facing aspects of the General Data Protection Regulation in our everyday lives – when consumers exercise their right to withdraw consent to their data being processed via ‘opt out’ or ‘unsubscribe’ buttons, for example. What’s less evident is whether organisations are keeping their practices fully up to date and in line with the GDPR and other applicable data protection laws. For instance: So, how sure are you that your organisation is fully compliant with the relevant data protection legislation? In this blog ‘Once compliant’ does not mean ‘still compliant’

The post What It Takes to Be Your Organisation’s DPO or Data Privacy Lead appeared first on IT Governance Blog.

Exploits and vulnerabilities in Q1 2025

This report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025.

Zanubis in motion: Tracing the active evolution of the Android banking malware

A comprehensive historical breakdown of Zanubis' changes, including RC4 and AES encryption, credentials stealing and new targets in Peru, provided by Kaspersky GReAT experts.

Dero miner zombies biting through Docker APIs to build a cryptojacking horde

Kaspersky experts break down an updated cryptojacking campaign targeting containerized environments: a Dero crypto miner abuses the Docker API.

Threat landscape for industrial automation systems in Q1 2025

Kaspersky ICS CERT shares trends and statistics on industrial threats in Q1 2025.

Using a Mythic agent to optimize penetration testing

Kaspersky experts discuss optimizing penetration testing with an agent for the Mythic framework and object files for Cobalt Strike.

State of ransomware in 2025

Kaspersky researchers review ransomware trends for 2024, analyze the most active groups and forecast how this threat will evolve in 2025.

Outlaw cybergang attacking targets worldwide

The Kaspersky Global Emergency Response Team (GERT) detected an Outlaw mining botnet in a customer incident. In this article, we share insights into this botnet's SSH-based infection chain.

Triada strikes back

Kaspersky expert has discovered a new version of the Triada Trojan, with custom modules for Telegram, WhatsApp, TikTok, and other apps.

Operation SyncHole: Lazarus APT goes back to the well

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

Russian organizations targeted by backdoor masquerading as secure networking software updates

While investigating an incident, we discovered a sophisticated new backdoor targeting Russian organizations by impersonating secure networking software updates.