ποΈ β‘ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A quiet tweak in a popular opensource tool opened the door to a supply chain breachwhat started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasnt the only stealth move. A new allinone malware is silently stealing passwords, crypto, and controlwhile hiding in plain sight. And over 300 Android apps joined the chaos, running ad.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code VSCode Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ How to Balance Password Security Against User Experience ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
If given the choice, most users are likely to favor a seamless experience over complex security measures, as they dont prioritize strong password security. However, balancing security and usability doesnt have to be a zerosum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience UX. This article.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π California AG Reminds 23andMe Customers of Data Deletion Rights Amid Bankruptcy Filing π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Two years after a data breach that compromised almost seven million customers, 23andMe's CEO has resigned as the company files for bankruptcy.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
California AG Reminds 23andMe Customers of Data Deletion Rights Amid Bankruptcy Filing
Two years after a data breach that compromised almost seven million customers, 23andMe's CEO has resigned as the company files for bankruptcy
π’ Building ransomware resilience to avoid paying out π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Amid an impending ransom payment ban, businesses should work to improve their incident response strategies and knowledge of prominent threat groups.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Building ransomware resilience to avoid paying out
Amid an impending ransom payment ban, businesses should work to improve their incident response strategies and knowledge of prominent threat groups
π¦
Stopping Deepfakes in Financial Services Will Require New Processes: Cyble π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Stopping Deepfakes in Financial Services Will Require New Processes Cyble " dataimagecaption"Stopping Deepfakes in Financial Services Will Require New Processes Cyble " datamediumfile"httpscyble.comwpcontentuploads202503CybleBlogsDeepfake300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202503CybleBlogsDeepfake.jpg" title"Stopping Deepfakes in Financial Services Will Require New Processes Cyble 1" The rise of AIgenerated deepfakes has placed the financial services industry and its customers at the epicenter of this growing cyber threat. Whether deepfake fraud is hitting consumers, commercial accounts, or financial institutions themselves, organizations in the banking and financial services sector will need new processes and cybersecurity controls to address this new generat...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Stopping Deepfakes In Finance Needs New Processes: Cyble
Deepfakes threats are evolving quickly β and targeting financial services. A new Cyble report looks at the measures needed to stop these threats.
π΅οΈββοΈ Chinese Hacker Group Tracked Back to iSoon APT Operation π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The group, called FishMonger or Aquatic Panda, is working under contract for the Chinese government to steal data from governmental organizations, Catholic charities, NGOs, think tanks, and more.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Chinese Hacker Group Tracked Back to iSoon APT Operation
The group, called FishMonger or Aquatic Panda, is working under contract for the Chinese government to steal data from governmental organizations, Catholic charities, NGOs, think tanks, and more.
π΅οΈββοΈ FBI Warns of Document Converter Tools Due to Uptick in Scams π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The FBI's Denver field office says the tools will convert documents while also dropping malware and scraping users' systems for sensitive data.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
FBI: Beware of Document Converter Tools
The FBI's Denver field office says the tools will convert documents while also dropping malware and scraping users' systems for sensitive data.
π΅οΈββοΈ Critical 'IngressNightmare' Vulns Imperil Kubernetes Environments π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
More than 40 of all Internetfacing container orchestration clusters are at risk.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
'IngressNightmare' Vulns Imperil Kubernetes Environments
More than 40% of all Internet-facing container orchestration clusters are at risk.
π΅οΈββοΈ China-Nexus APT 'Weaver Ant' Caught in Yearslong Web Shell Attack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
China-Nexus APT Caught in Yearslong Web Shell Attack
A China-nexus persistent threat actor known as "Weaver Ant" was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia.
π΅οΈββοΈ US Weakens Disinformation Defenses, as Russia & China Ramp Up π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Russia and China spend billions of dollars on state media, propaganda, and disinformation, while the Trump administration has slashed funding for US agencies.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
US Cuts Disinformation Defenses As Russia, China Ramp Up
Russia and China spend billions of dollars on state media, propaganda, and disinformation, while the Trump administration has slashed funding for US agencies.
π΅οΈββοΈ FCC Investigates China-Backed Tech Suppliers for Evading US Operations Ban π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
FCC chair warns these companies may still be operating in the US because they don't believe that being added to its "Covered List" poses any serious risk.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
FCC Investigates CCP Orgs for Evading US Operations Ban
The FCC chair's office told the public that it believes these companies may still be operating in the US because they don't believe that being added to its "Covered List" poses any serious risk.
π΅οΈββοΈ Oracle Denies Claim of Oracle Cloud Breach of 6M Records π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A threat actor posted data on BreachForums from an alleged supply chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zeroday flaw in WebLogic, researchers say.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
ποΈ Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities CVE202524513, CVE202524514, CVE20251097, CVE20251098, and CVE20251974 , assigned a CVSS score of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft on Monday announced a new feature called inline data protection for its enterprisefocused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive companyrelated data into consumer generative artificial intelligence GenAI apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A ransomwareasaservice RaaS operation called VanHelsing has already claimed three victims since it launched on March 7, 2025, demanding ransoms as high as 500,000. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a 5,000 deposit. Affiliates keep 80 of the ransom payments, while the core operators earn 20," Check Point said.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π VanHelsingRaaS Expands Rapidly in Cybercrime Market π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
VanHelsingRaaS, a new ransomwareasaservice program, infected three victims within two weeks of release, demanding ransoms of 500,000.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
VanHelsingRaaS Expands Rapidly in Cybercrime Market
VanHelsingRaaS, a new ransomware-as-a-service program, infected three victims within two weeks of release, demanding ransoms of $500,000
π Ukraine Railway Systems Hit by Targeted Cyber-Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Ukraines national railway company has suffered a largescale cyberattack, disrupting online services and operations.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ukraine Railway Systems Hit by Targeted Cyber-Attack
Ukraineβs national railway company has suffered a βlarge-scaleβ cyber-attack, disrupting online services and operations
π Authorities Seize 1842 Devices in Africaβs Cybercrime Crackdown π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Authorities in seven African countries have arrested 306 suspects and seized 1842 devices in Operation Red Card.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Authorities Seize 1842 Devices in Africaβs Cybercrime Crackdown
Authorities in seven African countries have arrested 306 suspects and seized 1842 devices in Operation Red Card
π1
ποΈ INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort "aims to disrupt and dismantle crossborder criminal networks which cause significant harm to individuals and businesses," INTERPOL said, adding it.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π¦
Cyble Sensors Detect Exploit Attempts on Ivanti, AVTECH IP Cameras π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble Cyble Sensors Detect Exploit Attempts on Ivanti, AVTECH IP Cameras. " dataimagecaption"Cyble Cyble Sensors Detect Exploit Attempts on Ivanti, AVTECH IP Cameras " datamediumfile"httpscyble.comwpcontentuploads202503CybleBlogsIvanti300x150.png" datalargefile"httpscyble.comwpcontentuploads202503CybleBlogsIvanti1024x512.png" title"Cyble Sensors Detect Exploit Attempts on Ivanti, AVTECH IP Cameras 1" Overview Vulnerabilities in Ivanti products, AVTECH IP cameras, and WordPress plugins have recently been among the dozens of attempted exploits detected by Cyble honeypot sensors. The attack attempts were detailed in the threat intelligence companys weekly sensor intelligence reports to clients. The Cyble reports have also examined persistent attacks against Linux systems and net...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyble Detects Exploit Attempts On Ivanti & AVTECH Cams
Ivanti and AVTECH products and WordPress plugins have been among dozens of attack targets detected by Cyble honeypots.