ποΈ New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new sidechannel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome. The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon SLAP and Breaking the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ How Interlock Ransomware Infects Healthcare Organizations ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total. This breach shows just how deeply ransomware.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A critical security flaw has been disclosed in the Cacti opensource network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE202522604, carries a CVSS score of 9.1 out of a maximum of 10.0. "Due to a flaw in the multiline SNMP result parser, authenticated users can inject.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Chinese GenAI Startup DeepSeek Sparks Global Privacy Debate π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Government agencies and privacy watchdogs have started investigating the Chinese AI chatbot provider over data privacy concerns.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π Breakout Time Accelerates 22% as Cyber-Attacks Speed Up π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22 in 2024.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Breakout Time Accelerates 22% as Cyber-Attacks Speed Up
ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22% in 2024
π¦
New ICS Vulnerabilities Discovered in Schneider Electric and B&R Automation Systems π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview The U.S. Cybersecurity and Infrastructure Security Agency CISA issued two urgent advisories regarding serious ICS vulnerabilities in industrial control systems ICS products. These ICS vulnerabilities, identified in Schneider Electric's RemoteConnect and SCADAPack x70 Utilities, as well as BR Automation's Runtime software, pose online risks to critical infrastructure systems worldwide. The ICS vulnerabilities, if exploited, could lead to potentially devastating impacts on the integrity, confidentiality, and availability of systems within energy, critical manufacturing, and other essential sectors. Schneider Electrics Vulnerability in RemoteConnect and SCADAPack x70 Utilities The ICS vulnerability in Schneider Electrics RemoteConnect and SCADAPack x70 Utilities arises...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
ICS Vulnerabilities In Schneider Electric & B&R Automation
CISA warns of serious ICS vulnerabilities in Schneider Electric and B&R Automation products and urges urgent action to protect critical infrastructure from cyber threats.
π1
π¦
Australiaβs Health Sector Receives $6.4 Million Cybersecurity Boost with New Threat Information-Sharing Network π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
The Australian Government has awarded a 6.4 million grant to CIISAC Australia, enabling the establishment of a new Health Cyber Sharing Network HCSN. This initiative is designed to facilitate the rapid exchange of critical cyber threat information within Australia's healthcare industry, which has become a target for cyberattacks. The recent surge in cyberattacks on Australian healthcare organizations, including hospitals and health insurance providers, has highlighted the pressing need for enhanced cybersecurity measures. In response, the Australian Government has made healthcare the priority sector for its formal funding efforts. This grant is part of a broader strategy to address the vulnerabilities in the nations health sector and ensure it is better equipped to handle the cybe...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Health Cyber Sharing Network: $6.4M Boost For Australia
The Australian Government invests $6.4M in the Health Cyber Sharing Network to strengthen cybersecurity and protect Australian healthcare organizations from cyber threats.
π§ AI and cloud vulnerabilities arenβt the only threats facing CISOs today π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
With cloud infrastructure and, more recently, artificial intelligence AI systems becoming prime targets for attackers, security leaders are laserfocused on defending these highprofile areas. Theyre right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks. However, this heightened attention to emerging threats makes The post AI and cloud vulnerabilities arent the only threats facing CISOs today appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
AI and cloud vulnerabilities arenβt the only threats facing CISOs today
While cyber criminals are increasingly targeting cloud infrastructure and using AI to scale their attacks, CISOs canβt afford to ignore the traditional threats.
π Threat Actors Exploit Government Websites for Phishing π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Threat Actors Exploit Government Websites for Phishing
Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections
π¦Ώ Top 8 Penetration Testing Tools to Enhance Your Security π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Penetration testing is vital in keeping an organizations digital assets secure. Here are the top picks among the latest pen testing tools and software.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Top 8 Penetration Testing Tools to Enhance Your Security
Discover the best penetration testing tools to secure your systems. Explore our guide and start improving your security today.
π΅οΈββοΈ The Old Ways of Vendor Risk Management Are No Longer Good Enough π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Managing thirdparty risk in the SaaS era demands a proactive, datadriven approach beyond checkbox compliance.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Old Ways of Vendor Risk Management Are No Longer Enough
Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.
π AI Surge Drives Record 1205% Increase in API Vulnerabilities π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
AIrelated API vulnerabilities surged 1,205 in 2024, with 99 tied to API flaws, according to a new report by Wallarm.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
AI Surge Drives Record 1205% Increase in API Vulnerabilities
AI-related API vulnerabilities surged 1,205% in 2024, with 99% tied to API flaws, according to a new report by Wallarm
π Nation-State Hackers Abuse Gemini AI Tool π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Google highlighted significant abuse of its Gemini LLM tool by nation state actors to support malicious activities, including research and malware development.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Nation-State Hackers Abuse Gemini AI Tool
Google highlighted significant abuse of its Gemini LLM tool by nation state actors to support malicious activities, including research and malware development
π New Hellcat Ransomware Gang Employs Humiliation Tactics π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cato Networks highlighted how the recently emerged HellCat ransomware group is using novel psychological tactics to court attention and pressurize victims.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New Hellcat Ransomware Gang Employs Humiliation Tactics
Cato Networks highlighted how the recently emerged HellCat ransomware group is using novel psychological tactics to court attention and pressurize victims
ποΈ Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The North Korean threat actor known as the Lazarus Group has been observed leveraging a "webbased administrative platform" to oversee its commandandcontrol C2 infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a webbased administrative platform, built with a React application and a Node.js API," SecurityScorecard's.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π΅οΈββοΈ Mirai Variant βAquabotβ Exploits Mitel Device Flaws π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoSasaservice model.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Mirai Variant βAquabotβ Exploits Mitel Device Flaws
Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.
π΅οΈββοΈ Researchers Uncover Lazarus Group Admin Layer for C2 Servers π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The threat actor is using a sophisticated network of VPNs and proxies to centrally manage commandandcontrol servers from Pyongyang.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Researchers Uncover Lazarus Admin Layer for C2 Servers
The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command-and-control servers from Pyongyang.
π΅οΈββοΈ Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
VulnCheck initially disclosed the critical commandinjection vulnerability CVE202440891 six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers
VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.
π¦Ώ DeepSeek Chatbot Beats OpenAI on App Store Leaderboard π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The Chinese firm said training the model cost just 5.6 million. Alibaba Cloud followed with a new generative AI model, while Microsoft alleges DeepSeek distilled OpenAIs work.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
DeepSeek Chatbot Beats OpenAI on App Store Leaderboard
The Chinese firm said training the model cost just $5.6 million. Microsoft alleges DeepSeek βdistilledβ OpenAIβs work.
β€1
π¦Ώ DeepSeek Chatbot Beats OpenAI on App Store Leaderboard π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The Chinese firm said training the model cost just 5.6 million. Alibaba Cloud followed with a new generative AI model, while Microsoft alleges DeepSeek distilled OpenAIs work.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
DeepSeek Chatbot Beats OpenAI on App Store Leaderboard
The Chinese firm said training the model cost just $5.6 million. Microsoft alleges DeepSeek βdistilledβ OpenAIβs work.
π΅οΈββοΈ PrintNightmare Aftermath: Windows Print Spooler is Better. What's Next? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
PrintNightmare Aftermath: Windows Print Spooler Is Better. What's Next?
While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore.
π1