π΅οΈββοΈ Thousands of Buggy BeyondTrust Systems Remain Exposed π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Thousands of BeyondTrust Systems Remain Exposed
Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say β though it's impossible to tell how many are still vulnerable.
π΅οΈββοΈ New HIPAA Cybersecurity Rules Pull No Punches π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
New HIPAA Security Rules Pull No Punches
Healthcare organizations will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it.
π΅οΈββοΈ Treasury Dept. Sanctions Chinese Tech Vendor for Complicity π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Integrity Technology Group was found complicit with Flax Typhoon as part of a broader Chinese strategy to infiltrate the IT systems of US critical infrastructure.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Treasury Sanctions Chinese Vendor for APT Complicity
Integrity Technology Group was found complicit with Flax Typhoon as part of a broader Chinese strategy to infiltrate the IT systems of US critical infrastructure.
ποΈ U.S. Treasury Sanctions Beijing Cybersecurity Firm for State-Backed Hacking Campaigns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Treasury Department's Office of Foreign Assets Control OFAC on Friday issued sanctions against a Beijingbased cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese statesponsored threat actor tracked as Flax Typhoon aka Ethereal Panda or.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of informationgathering features like keylogging, screen capture, audio capture, remote shell, and file transferexecution. The backdoor, according to Google's Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT, which had its source.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A highseverity security flaw has been disclosed in ProjectDiscovery's Nuclei, a widelyused opensource vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE202443405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0. "The.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Scammers Drain $500m from Crypto Wallets in a Year π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Scam Sniffer claims that threat actors used wallet drainers to steal 494m from victims in 2024.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Scammers Drain $500m from Crypto Wallets in a Year
Scam Sniffer claims that threat actors used wallet drainers to steal $494m from victims in 2024
ποΈ Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π New Infostealer Campaign Uses Discord Videogame Lure π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Threat actors are tricking victims into downloading malware with the promise of testing a new videogame.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New Infostealer Campaign Uses Discord Videogame Lure
Threat actors are luring victims into downloading malware with the promise of trying a new videogame
π’ Fake CAPTCHA attacks surged in late 2024 β hereβs what to look out for π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
CAPTCHA pages that trick users into executing malicious commands almost doubled in two months at the end of 2024.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Fake CAPTCHA attacks surged in late 2024 β hereβs what to look out for
CAPTCHA pages that trick users into executing malicious commands almost doubled in two months at the end of 2024
π’ US sanctions Chinese tech firm that targets critical infrastructure π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Integrity Technology Group has been linked to Flax Typhoon, a hacking group that has targeted US critical infrastructure and other organizations.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
US sanctions Chinese tech firm that targets critical infrastructure
Integrity Technology Group has been linked to Flax Typhoon, a hacking group that has targeted US critical infrastructure and other organizations
π¦Ώ The 5 Fastest VPNs for 2025 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Looking for a VPN that delivers speed and security? Weve rounded up the best of the best take a look and see which ones perfect for you!.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
The 5 Fastest VPNs for 2025
Explore the fastest VPNs for secure, high-speed browsing. Discover VPN services that protect your data and ensure smooth streaming and safe internet access.
β€2
ποΈ β‘ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan] ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Every tap, click, and swipe we make online shapes our digital lives, but it also opens doorssome we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line between convenience and vulnerability has never been thinner. This week, we dive into the hidden risks, surprising loopholes, and the clever tricks.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second just in Entra IDa 75 increase from last yearand phishing attempts up by 58, causing 3.5 billion in losses source Microsoft Digital Defense Report 2024. SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices. "Disguised as a fake 'Telegram Premium' app, it is distributed through a GitHub.iohosted phishing site that impersonates RuStore a popular app store in the Russian Federation,".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π New PhishWP Plugin Enables Sophisticated Payment Page Scams π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The PhishWP plugin enables scammers to create fake payment pages, stealing sensitive data via Telegram.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New PhishWP Plugin Enables Sophisticated Payment Page Scams
The PhishWP plugin enables scammers to create fake payment pages, stealing sensitive data via Telegram
π Chinese Hackers Double Cyber-Attacks on Taiwan π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Taiwans security service said government networks faced 2.4 million attacks in 2024, most of which are attributed to Chinese state actors.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Chinese Hackers Double Cyber-Attacks on Taiwan
Taiwanβs security service said government networks faced 2.4 million attacks in 2024, most of which are attributed to Chinese state actors
π¦
Weekly Vulnerability Insights Report: Critical Vulnerabilities Highlighted from December 25-31, 2024 π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview This weeks vulnerability report sheds light on a broad range of critical vulnerabilities identified from December 25 to December 31, 2024. The report emphasizes several highseverity flaws that pose online threats to cybersecurity, including new additions to the CISA's Known Exploited Vulnerability KEV catalog. Among the most pressing vulnerabilities, one concerning Palo Alto Networks PANOS stands out. This vulnerability has been actively exploited by cybercriminals to compromise firewalls, forcing them to reboot and disrupting network security. The Cybersecurity and Infrastructure Security Agency CISA added this vulnerability to their KEV catalog, signifying its exploitation in the wild. Beyond this, CRIL also analyzed multiple highprofile vulnerabilities impacting DL...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π¦
Weekly Vulnerability Roundup: Highlights from SingCERTβs Security Bulletin π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The Singapore Computer Emergency Response Team SingCERT has released its latest Security Bulletin, summarizing vulnerabilities reported in the past week from the National Institute of Standards and Technology NISTs National Vulnerability Database NVD. This bulletin provides essential insights for businesses and security professionals to mitigate risks associated with these vulnerabilities. The vulnerabilities have been categorized based on the Common Vulnerability Scoring System v3 CVSSv3 base scores, which assess their severity levels Critical CVSS score of 9.0 to 10.0 High CVSS score of 7.0 to 8.9 Medium CVSS score of 4.0 to 6.9 Low CVSS score of 0.1 to 3.9 None CVSS score of 0.0 Lets take a closer look at the critical vulnerabilities reported this wee...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
SingCERT Highlights Critical CVEs In Latest Security Bulletin
SingCERTβs latest security bulletin covers key vulnerabilities from the National Vulnerability Database. Protect your systems now.
π΅οΈββοΈ IoT's Regulatory Reckoning Is Overdue π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
New security regulations are more than compliance hurdles they're opportunities to build better products, restore trust, and lead the next chapter of innovation.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
IoT's Regulatory Reckoning Is Overdue
New security regulations are more than compliance hurdles β they're opportunities to build better products, restore trust, and lead the next chapter of innovation.
ποΈ India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Indian government has published a draft version of the Digital Personal Data Protection DPDP Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau PIB said in a statement released Sunday. "Citizens are empowered with rights to demand data erasure,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity