π Europol Warns of βShadow Allianceβ Between States and Criminals π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Europols annual report warns of a growing threat from aligned state and cybercrime groups, enabled by AI technologies.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Europol Warns of βShadow Allianceβ Between States and Criminals
Europolβs annual report warns of a growing threat from aligned state and cybercrime groups, enabled by AI technologies
π¦
CISA Adds Two Critical Vulnerabilities (CVE-2025-24472 and CVE-2025-30066) to the Known Exploited Vulnerabilities Catalog π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble CISA Adds Two Critical Vulnerabilities CVE202524472 and CVE202530066 to the Known Exploited Vulnerabilities Catalog " dataimagecaption"Cyble CISA Adds Two Critical Vulnerabilities CVE202524472 and CVE202530066 to the Known Exploited Vulnerabilities Catalog " datamediumfile"httpscyble.comwpcontentuploads202503CybleBlogsCISACVE202524472300x150.png" datalargefile"httpscyble.comwpcontentuploads202503CybleBlogsCISACVE2025244721024x512.png" title"CISA Adds Two Critical Vulnerabilities CVE202524472 and CVE202530066 to the Known Exploited Vulnerabilities Catalog 1" Overview The Cybersecurity and Infrastructure Security Agency CISA has recently added two major vulnerabilities to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. These vulnerabilities, ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Adds CVE-2025-24472 And CVE-2025-30066 To KEV Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) adds CVE-2025-24472 and CVE-2025-30066 to its Known Exploited Vulnerabilities Catalog.
π¦
CERT NZ Shares Critical Advisory for CVE-2025-24813 Vulnerability in Apache Tomcat π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble Cyble CERT NZ Shares Critical Advisory for CVE202524813 Vulnerability in Apache Tomcat " dataimagecaption"Cyble Cyble CERT NZ Shares Critical Advisory for CVE202524813 Vulnerability in Apache Tomcat " datamediumfile"httpscyble.comwpcontentuploads202503CybleBlogsCVE2025248131300x150.png" datalargefile"httpscyble.comwpcontentuploads202503CybleBlogsCVE20252481311024x512.png" title"CERT NZ Shares Critical Advisory for CVE202524813 Vulnerability in Apache Tomcat 2" Overview The New Zealand Computer Emergency Response Team CERT NZ recently issued an urgent security advisory regarding a critical vulnerability, CVE202524813, affecting Apache Tomcat across multiple versions. This Apache Tomcat vulnerability, identified in March 2025, poses severe risks, including remote code execution...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CERT NZ Shares Critical Advisory For CVE-2025-24813 Vulnerability In Apache Tomcat
CERT NZ issued a critical advisory for CVE-2025-24813, a severe Apache Tomcat vulnerability affecting multiple versions.
π¦Ώ Agentic AIβs Role in the Future of AppSec π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Overwhelmed AppSec teams are turning to agentic AI to handle the tedious manual work of security reporting, threat modeling, and code reviews, but successful implementation requires careful human oversight.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Agentic AIβs Role in the Future of AppSec
Overwhelmed AppSec teams are turning to agentic AI to handle the tedious manual work of security reporting, threat modeling, and code reviews, but successful implementation requires careful human oversight.
ποΈ Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the ecrime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user ExploitWhispers last month. According to an analysis of the messages by cybersecurity company.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Keeper Security launches revamped partner program for 2025 π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Keeper Security has announced an update to its partner program designed to help partners expand their cybersecurity offerings and drive new revenue.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
Keeper Security launches revamped partner program for 2025
The refreshed initiative aims to meet increased demand for PAM solutions and drive revenue growth for partners
π’ Keeper Security launches revamped partner program for 2025 π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Keeper Security has announced an update to its partner program designed to help partners expand their cybersecurity offerings and drive new revenue.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
Keeper Security launches revamped partner program for 2025
The refreshed initiative aims to meet increased demand for PAM solutions and drive revenue growth for partners
π1
ποΈ Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans RATs like Quasar RAT. The vulnerability, assigned the CVE identifier CVE20244577, refers to an argument injection vulnerability in PHP affecting Windowsbased systems running in CGI mode that could allow remote attackers to run arbitrary code. Cybersecurity company.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦Ώ Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
By simply sending HTTP requests, attackers can trigger the deserialisation of malicious data in Tomcat's session storage and gain control.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk?
By simply sending HTTP requests, attackers can trigger the deserialisation of malicious data in Tomcat's session storage and gain control.
π Windows Shortcut Flaw Exploited by 11 State-Sponsored Groups π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Newly discovered vulnerability ZDICAN25373 takes advantage of Windows shortcuts has been exploited by 11 statesponsored groups since 2017.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Windows Shortcut Flaw Exploited by 11 State-Sponsored Groups
Newly discovered vulnerability ZDI-CAN-25373 takes advantage of Windows shortcuts has been exploited by 11 state-sponsored groups since 2017
π€―1
π΅οΈββοΈ AI Cloud Adoption Is Rife With Cyber Mistakes π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Research finds that organizations are granting root access by default and making other big missteps, including a Jengalike building concept, in deploying and configuring AI services in cloud deployments.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
AI Cloud Adoption Is Rife With Cyber Mistakes
Research finds that organizations are granting root access by default and making other big missteps, including a Jenga-like building concept, in deploying and configuring AI services in cloud deployments.
π΅οΈββοΈ Critical Fortinet Vulnerability Draws Fresh Attention π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
CISA this week added CVE202524472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Critical Fortinet Vuln Draws Fresh Attention
CISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw.
π΅οΈββοΈ Nation-State Groups Abuse Microsoft Windows Shortcut Exploit π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Trend Micro uncovered a method that nationstate threat actors are using to target victims via the Windows .Ink shortcut file extension.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
APT Groups Abuse Microsoft Windows Shortcut Exploit
Trend Micro uncovered a method that nation-state threat actors are using to target victims via the Windows .Ink shortcut file extension.
π΅οΈββοΈ Infosys Settles $17.5M Class Action Lawsuit After Sprawling Third-Party Breach π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Several major companies in the finance sector were impacted by the thirdparty breach, prompting them to notify thousands of customers of their compromised data.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
$17.5M Infosys Lawsuit Settled After Third-Party Breach
Several major companies in the finance sector were impacted by the third-party breach, prompting them to notify thousands of customers of their compromised data.
π¦Ώ TechRepublic Exclusive: New Ransomware Attacks are Getting More Personal as Hackers βApply Psychological Pressureβ π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Ransomware attackers know where your kids go to school and they want you to know it, according to professional negotiators at Sygnia.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
TechRepublic Exclusive: New Ransomware Attacks are Getting More Personal as Hackers βApply Psychological Pressureβ
Ransomware attackers know where your kids go to school and they want you to know it, according to professional negotiators at Sygnia.
π¦Ώ Scam Alert: FBI βIncreasingly Seeingβ Malware Distributed In Document Converters π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
FBI warns computer users to keep an eye out for malware, including ransomware, distributed through working document converters.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Scam Alert: FBI βIncreasingly Seeingβ Malware Distributed In Document Converters
FBI warns computer users to keep an eye out for malware, including ransomware, distributed through working document converters.
π¨ Cyber chiefs unveil new roadmap for post-quantum cryptography migration π¨
π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
New guidance from the NCSC outlines a threephase timeline for organisations to transition to quantumresistant encryption methods by 2035.π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
www.ncsc.gov.uk
Cyber chiefs unveil new roadmap for post-quantum cryptography migration
New guidance from the NCSC outlines a three-phase timeline for organisations to transition to quantum-resistant encryption methods by 2035.
βοΈ DOGE to Fired CISA Staff: Email Us Your Personal Data βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
A message posted on Monday to the homepage of the U.S. Cybersecurity Infrastructure Security Agency CISA is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recentlyfired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a passwordprotected email attachment presumably with the password needed to view the file included in the body of the email.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
DOGE to Fired CISA Staff: Email Us Your Personal Data
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recently-firedβ¦
π΅οΈββοΈ India Is Top Global Target for Hacktivists, Regional APTs π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Global politics and a growing economy draw the wrong kind of attention to India, with denialofservice and application attacks both on the rise.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
India Is Top Global Target for Hacktivists, Regional APTs
Global politics and a growing economy draw the wrong kind of attention to India, with denial-of-service and application attacks both on the rise.
π’ Get started on post-quantum encryption, organizations warned π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The UK's national cybersecurity agency is urging companies to begin preparing themselves for quantum threats by 2035.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Get started on post-quantum encryption, organizations warned
The NCSC has published advice on the transition, with a ten-year timeline for change
π’ Western Alliance Bank admits cyber attack exposed 22,000 customers π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
An American bank has admitted nearly 22,000 customers had their accounts compromised following an attack that targeted a zeroday flaw in a thirdparty filetransfer tool.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Western Alliance Bank admits cyber attack exposed 22,000 customers
The Arizona-based bank has begun notifying affected customers