π Syncjacking Attack Enables Full Browser and Device Takeover π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
SquareX researchers warn that browser syncjacking could lead to full browser and device hijacking.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Syncjacking Attack Enables Full Browser and Device Takeover
SquareX researchers warn that browser syncjacking could lead to full browser and device hijacking
π DeepSeek Exposed Database Leaks Sensitive Data π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Researchers at Wiz uncovered a publicly accessible database belonging to Chinese GenAI provider DeepSeek that leaked sensitive data, including chat history.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
DeepSeek Exposed Database Leaks Sensitive Data
Researchers at Wiz uncovered a publicly accessible database belonging to Chinese GenAI provider DeepSeek that leaked sensitive data, including chat history
π1
π¦
DeepSeekβs Growing Influence Sparks a Surge in Frauds and Phishing Attacks π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview DeepSeek is a Chinese artificial intelligence company that has developed opensource large language models LLMs. In January 2025, DeepSeek launched its first free chatbot app, DeepSeek AI Assistant, which rapidly became the most downloaded free app on the iOS App Store in the United States, surpassing even OpenAIs ChatGPT. However, with rapid growth comes new riskscybercriminals are exploiting DeepSeeks reputation through phishing campaigns, fake investment scams, and malware disguised as DeepSeek. This analysis seeks to explore recent incidents where Threat Actors TAs have impersonated DeepSeek to target users, highlighting their tactics and how readers can secure themselves accordingly. Recently, Cyble Research and Intelligence Labs CRIL identified multiple suspicious...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Deepseeks' Growing Influence: Surge In Frauds & Phishing Attacks
Explore how Deepseeks' growing influence is driving a surge in frauds and phishing attacks. Learn the impact on cybersecurity and how to stay protected
π1
π΅οΈββοΈ New Jailbreaks Allow Users to Manipulate GitHub Copilot π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Whether by intercepting its traffic or just giving it a little nudge, GitHub's AI assistant can be made to do malicious things it isn't supposed to.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
New Jailbreaks Allow Users to Manipulate GitHub Copilot
Whether by intercepting its traffic or just giving it a little nudge, GitHub's AI assistant can be made to do malicious things it isn't supposed to.
ποΈ Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence AI technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Attackers Increase Use of HTTP Clients for Account Takeovers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
HTTP client tools used to compromise Microsoft 365 environments with 78 of tenants targeted in 2024.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Attackers Increase Use of HTTP Clients for Account Takeovers
HTTP client tools used to compromise Microsoft 365 environments with 78% of tenants targeted in 2024
π1
βοΈ Infrastructure Laundering: Blending in with the Cloud βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit a sprawling network tied to Chinese organized crime gangs and aptly named "Funnull" highlights a persistent whacamole problem facing cloud services.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Infrastructure Laundering: Blending in with the Cloud
In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one suchβ¦
π Google Blocked 2.36 Million Policy-Violating Apps π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Google Play blocked 2.36 million policyviolating apps and banned 158,000 harmful developer accounts in 2024.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Google Blocked 2.36 Million Policy-Violating Apps
Google Play blocked 2.36 million policy-violating apps and banned 158,000 harmful developer accounts in 2024
π1
π¦Ώ DeepSeek Locked Down Public Database Access That Exposed Chat History π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Research Firm Wiz Research began investigating DeepSeek soon after its generative AI took the tech world by storm.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
DeepSeek Locked Down Public Database Access That Exposed Chat History
Research Firm Wiz Research began investigating DeepSeek soon after its generative AI took the tech world by storm.
π΅οΈββοΈ Healthcare Sector Charts 2 More Ransomware Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
No ransomware groups have yet to claim responsibility for either attack, and both institutions have yet to reveal what may have been stolen.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Healthcare Sector Charts 2 More Ransomware Attacks
No ransomware groups have yet to claim responsibility for either attack, and both institutions have yet to reveal what may have been stolen.
ποΈ Broadcom Patches VMware Aria Flaws β Exploits May Lead to Credential Theft ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below CVE202522218 CVSS score 8.5 A malicious actor with View Only Admin.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦
Dark Web Activity January 2025: A New Hacktivist Group Emerges π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cyble dark web researchers investigated more than 250 dark web claims by threat actors in January 2025, with more than a quarter of those targeting U.S.based organizations. Of threat actors TAs on the dark web targeting U.S. organizations during the month, 15 were ransomware groups claiming successful attacks or selling data from those attacks. Ransomware group claims accounted for about 40 of the Cyble investigations. Most of the investigations examined threat actors claiming to be selling data stolen from organizations, or selling access to those organizations networks. Several investigations focused on cyberattacks orchestrated by hacktivist groups including a new Russian threat group identified here for the first time. Sector 16 Teams Up With Russian Hackti...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Dark Web Report Jan 2025: New Hacktivist Group Rises
A new Russian hacktivist group emerged on the dark web in January, along with numerous data and network access sales by threat actors.
π DeepSeek's Flagship AI Model Under Fire for Security Vulnerabilities π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cyber reports exposed major security flaws in DeepSeeks R1 LLM.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
DeepSeek's Flagship AI Model Under Fire for Security Vulnerabilities
Cyber reports exposed major security flaws in DeepSeekβs R1 LLM
π International Operation Dismantles Cracked and Nulled Cybercrime Hubs π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A global law enforcement operation has taken down infrastructure used by Cracked.io and Nulled.io, which provide cybercriminal tools and services.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
International Operation Dismantles Cracked and Nulled Cybercrime Hubs
A global law enforcement operation has taken down infrastructure used by Cracked.io and Nulled.io, which provide cybercriminal tools and services
π¦
Cybleβs Weekly Vulnerability Update: Critical SonicWall Zero-Day and Exploited Flaws Discovered π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Cybles weekly vulnerability insights to clients cover key vulnerabilities discovered between January 22 and January 28, 2025. The findings highlight a range of vulnerabilities across various platforms, including critical issues that are already being actively exploited. Notably, the Cybersecurity and Infrastructure Security Agency CISA added two vulnerabilities to their Known Exploited Vulnerability KEV catalog this week. Among these, the zeroday vulnerability CVE202523006 stands out as a critical threat affecting SonicWalls SMA1000 appliances. In this weeks analysis, Cyble delves into multiple vulnerabilities across widely used software tools and plugins, with particular attention to SimpleHelp remote support software, Ivantis Cloud Services Appliance, and issues wit...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyble's Weekly Vulnerability Update: Critical SonicWall Zero-Day
Cybleβs weekly report highlights key vulnerabilities discovered from Jan 22-28, 2025, including critical SonicWall zero-day and active exploits targeting major platforms.
π’ Two of the world's largest cyber crime forums knocked offline π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Two cyber crime forums, Cracked and Nulled, have been taken down as part of a police operation involving international partners.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Two of the world's largest cyber crime forums knocked offline
Europol, the US Justice Department, and other agencies have seized Cracked and Nulled
π’ Data sovereignty a growing priority for UK enterprises π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Many firms view data sovereignty as simply a compliance issue.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Data sovereignty a growing priority for UK enterprises
Many firms view data sovereignty as simply a compliance issue
π§ AI decision-making: Where do businesses draw the line? π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
A computer can never be held accountable, therefore a computer must never make a management decision. IBM Training Manual, 1979 Artificial intelligence AI adoption is on the rise. According to the IBM Global AI Adoption Index 2023, 42 of enterprises have actively deployed AI, and 40 are experimenting with the technology. Of those using The post AI decisionmaking Where do businesses draw the line? appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
AI decision-making: Where do businesses draw the line?
As AI takes a greater role in our lives, it begs an important question: If AI makes a mistake with serious consequences, who takes the blame?
ποΈ CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Food and Drug Administration FDA have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN120 patient monitors. The vulnerability, tracked as CVE20250626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Top 5 AI-Powered Social Engineering Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. Theres no bruteforce spray and pray password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Italy's data protection watchdog has blocked Chinese artificial intelligence AI firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data. In particular, it wanted.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity