π SecurityScorecard Observes Surge in Third-Party Breaches π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
In its 2025 Global ThirdParty Breach Report, SecurityScorecard has found that 35.5 of all cyber breaches in 2024 were thirdparty related, up from 29 in 2023.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
SecurityScorecard Observes Surge in Third-Party Breaches
SecurityScorecard has found that 35.5% of all cyber breaches in 2024 were third-party related, up from 29% in 2023
π¦
Hacktivists Increasingly Target France for Its Diplomatic Efforts π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble Hacktivists Increasingly Target France for Its Diplomatic Efforts " dataimagecaption"Cyble Hacktivists Increasingly Target France for Its Diplomatic Efforts " datamediumfile"httpscyble.comwpcontentuploads202503CybleBlogsHacktivistsFrance300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202503CybleBlogsHacktivistsFrance1024x512.jpg" title"Hacktivists Increasingly Target France for Its Diplomatic Efforts 1" According to a Cyble report sent to clients recently, France is increasingly becoming a target of hacktivists for its active role in international diplomacy and in ongoing conflicts in Ukraine and the Middle East. Frances role in those conflicts has drawn the ire of proRussian and proPalestinian hacktivist groups, Cyble said, as those hacktivists have found ideological ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Hacktivists Target France Over Diplomatic Moves
Pro-Russian and pro-Palestinian hacktivist groups share a common adversary in France, leading to coordinated cyberattacks against the country.
ποΈ Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require solutions that go beyond storage and enable instant recovery to minimize downtime and data loss. This is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Developers spend 17 hours a week on security β but don't consider it a top priority π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
More work on DevSecOps has been identified as a top priority for developer teams.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Developers spend 17 hours a week on security β but don't consider it a top priority
More work on DevSecOps has been identified as a top priority for developer teams
π1
π Morphing Meerkat PhaaS Platform Spoofs 100+ Brands π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A PhaaS platform, dubbed 'Morphing Meerkat,' uses DNS MX records to spoof over 100 brands and steal credentials, according to Infoblox Threat Intel.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Morphing Meerkat PhaaS Platform Spoofs 100+ Brands
A PhaaS platform, dubbed 'Morphing Meerkat,' uses DNS MX records to spoof over 100 brands and steal credentials, according to Infoblox Threat Intel
π Trump CISA Cuts Threaten US Election Integrity, Experts Warn π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Expert speakers discussed the impact of reported cutbacks to CISA on the ability of local officials to protect against surging cyberattacks on US election infrastructure.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Trump CISA Cuts Threaten US Election Integrity, Experts Warn
Expert speakers discussed the impact of reported cutbacks to CISA on the ability of local officials to protect against surging cyber-attacks on US election infrastructure
π’ Security researchers hack BlackLock ransomware gang in push back against rising threat actor π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
BlackLock's reputation may not recover as analysts publish extensive details of its victims and associated accounts.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Security researchers hack BlackLock ransomware gang in push back against rising threat actor
BlackLock's reputation may not recover as analysts publish extensive details of its victims and associated accounts
π¦
TsarBot: A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble TsarBot A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications " dataimagecaption"" datamediumfile"httpscyble.comwpcontentuploads202503TsarBot300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202503TsarBot.jpg" title"TsarBot A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications 1" Key Takeaways A new Android Banking Trojan, TsarBot, targets over 750 applications globally, including banking, finance, cryptocurrency, and ecommerce apps. TsarBot spreads via phishing sites masquerading as legitimate financial platforms and is installed through a dropper disguised as Google Play Services. It uses overlay attacks to steal banking credentials, credit card details, and login credentials ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
TsarBot Trojan Hits 750+ Banking & Crypto Apps!
Beware of TsarBot! This Android banking Trojan spreads via phishing, steals credentials, and hijacks devices. Stay safe with our latest insights.
π’ Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Combined with other vulnerabilities, the flaws could lead to full system access.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions
Combined with other vulnerabilities, the flaws could lead to full system access
ποΈ CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader. "The purpose of the malware is to download and execute secondstage payloads while evading.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids. The vulnerabilities have been collectively codenamed SUNDOWN by Forescout Vedere Labs. "The new vulnerabilities can be.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geofenced servers located in Russia and Germany to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
βοΈ How Each Pillar of the 1st Amendment is Under Attack βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, lawyers and judges. This story explores a slew of recent actions by the Trump administration that threaten to undermine all five pillars of the First Amendment to the U.S. Constitution, which guarantees freedoms concerning speech, religion, the media, the right to assembly, and the right to petition the government and seek redress for wrongs.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
How Each Pillar of the 1st Amendment is Under Attack
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists,β¦
βοΈ How Each Pillar of the 1st Amendment is Under Attack βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, lawyers and judges. This story explores a slew of recent actions by the Trump administration that threaten to undermine all five pillars of the First Amendment to the U.S. Constitution, which guarantees freedoms concerning speech, religion, the media, the right to assembly, and the right to petition the government and seek redress for wrongs.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
How Each Pillar of the 1st Amendment is Under Attack
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists,β¦
βοΈ How Each Pillar of the 1st Amendment is Under Attack βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, lawyers and judges. This story explores a slew of recent actions by the Trump administration that threaten to undermine all five pillars of the First Amendment to the U.S. Constitution, which guarantees freedoms concerning speech, religion, the media, the right to assembly, and the right to petition the government and seek redress for wrongs.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
How Each Pillar of the 1st Amendment is Under Attack
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists,β¦
ποΈ Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors are using the "muplugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. muplugins, short for mustuse plugins, refers to plugins in a special directory "wpcontentmuplugins" that are automatically executed by WordPress without the need to enable them explicitly via the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¨ Vulnerability affecting Next.js web development framework π¨
π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability CVE202529927 affecting the Next.js framework used to build web applications.π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
www.ncsc.gov.uk
Vulnerability affecting Next.js web development framework
The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability (CVE-2025-29927) affecting the Next.js framework used to build web applications.
π’ Law enforcement needs to fight fire with fire on AI threats π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
UK law enforcement agencies have been urged to employ a more proactive approach to AIrelated cyber crime as threats posed by the technology accelerate.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Law enforcement needs to fight fire with fire on AI threats
A report from the UK's national data science institute calls for a new AI-focused taskforce
ποΈ β‘ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Every week, someone somewhere slips upand threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a tooconvenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversightsand the unexpected.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π ClickFake Interview Campaign by Lazarus Targets Crypto Job Seekers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New ClickFake Interview campaign attributed to the Lazarus Group targets crypto professionals with fake job offers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
ClickFake Interview Campaign by Lazarus Targets Crypto Job Seekers
New βClickFake Interviewβ campaign attributed to the Lazarus Group targets crypto professionals with fake job offers
ποΈ Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors are using the "muplugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. muplugins, short for mustuse plugins, refers to plugins in a special directory "wpcontentmuplugins" that are automatically executed by WordPress without the need to enable them explicitly via the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity