π΅οΈββοΈ In Salt Typhoon's Wake, Congress Mulls Potential Options π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
While the House Committee on Government Reform was looking for retaliatory options, cybersecurity experts pointed them toward building better defenses.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
In Salt Typhoon's Wake, Congress Mulls Potential Options
While the House Committee on Government Reform was looking for retaliatory options, cybersecurity experts pointed them toward building better defenses.
π¦Ώ Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Apple has also fixed vulnerabilities in iPadOS 17.7.6, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5, as well as its recently released iOS 18.4.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities
Apple has also fixed vulnerabilities in iPadOS 17.7.6, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5, as well as its recently released iOS 18.4.
π Stripe API Skimming Campaign Unveils New Techniques for Theft π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A novel skimming attack has been observed by Jscramber, using the Stripe API to steal payment information by injecting malicious scripts into pages.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Stripe API Skimming Campaign Unveils New Techniques for Theft
A novel skimming attack has been observed by Jscramber, using the Stripe API to steal payment information by injecting malicious scripts into pages
π1
ποΈ Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface API from payment processor Stripe to validate stolen payment information prior to exfiltration. "This tactic ensures that only valid card data is sent to the attackers, making the operation more efficient and potentially harder to detect," Jscrambler researchers Pedro.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
In one of the largest coordinated law enforcement operations, authorities have dismantled Kidflix, a streaming platform that offered child sexual abuse material CSAM. "A total of 1.8 million users worldwide logged on to the platform between April 2022 and March 2025," Europol said in a statement. "On March 11, 2025, the server, which contained around 72,000 videos at the time, was seized by.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1π1
π’ Warning issued over βfast fluxβ techniques used to obscure malicious signals on compromised networks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Cybersecurity agencies have issued a stark message that too little is being done to sniff out malware hiding in corporate networks.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Warning issued over βfast fluxβ techniques used to obscure malicious signals on compromised networks
Cybersecurity agencies have issued a stark message that too little is being done to sniff out malware hiding in corporate networks
π’ Zero trust gains momentum amid growing network visibility challenges π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Organizations are looking to automation, orchestration, and risk mitigation as key security priorities.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Zero trust gains momentum amid growing network visibility challenges
Organizations are looking to automation, orchestration, and risk mitigation as key security priorities
π’ Security experts issue warning over the rise of 'gray bot' AI web scrapers π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
While not malicious, the bots can overwhelm web applications in a way similar to bad actors.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Security experts issue warning over the rise of 'gray bot' AI web scrapers
While not malicious, the bots can overwhelm web applications in a way similar to bad actors
π’ Bugcrowdβs new MSP program looks to transform pen testing for small businesses π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Cybersecurity provider Bugcrowd has launched a new service aimed at helping MSPs drive pen testing capabilities with a particular focus on small businesses.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
Bugcrowdβs new MSP program looks to transform pen testing for small businesses
The firmβs new service is now live and available to a limited number of partners
π’ ICO admits it's too slow dealing with complaints β so it's eying up automation to cut staff workloads π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
ICO admits it's too slow dealing with complaints β so it's eying up automation to cut staff workloads
Rising workloads and a shortage of staff means it's missing its targets - and things may get worse before they get better
π΅οΈββοΈ CISA Layoffs Are a Momentary Disruption, Not a Threat π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Layoffs may cause shortterm disruptions, but they don't represent a catastrophic loss of cybersecurity capability because the true cyber operations never resided solely within CISA to begin with.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
CISA Layoffs Are a Momentary Disruption, Not a Threat
Layoffs may cause short-term disruptions, but they don't represent a catastrophic loss of cybersecurity capability β because the true cyber operations never resided solely within CISA to begin with.
π΅οΈββοΈ Secure Communications Evolve Beyond End-to-End Encryption π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Signal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Secure Communications Evolve Beyond End-to-End Encryption
Signal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private.
π΅οΈββοΈ Rafts of Security Bugs Could Rain Out Solar Grids π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
At least three major energy solution and renewable energy companies have nearly 50 vulnerabilities many of them "basic" mistakes indicating a lack of developed cybersecurity safeguards.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Rafts of Security Bugs Could Rain Out Solar Grids
At least three major energy solution and renewable energy companies have nearly 50 vulnerabilities β many of them "basic" mistakes β indicating a lack of developed cybersecurity safeguards.
π΅οΈββοΈ Microsoft Boosts Email Sender Rules for Outlook π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The tech giant will enforce new email authentication protocols for Outlook users who send large volumes of email beginning on May 5.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Microsoft Boosts Email Sender Rules for Outlook
Beginning on May 5, the tech giant will enforce new email authentication protocols for Outlook users who send large volumes of email.
π΅οΈββοΈ China-Linked Threat Group Exploits Ivanti Bug π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The vendor had originally assessed the flaw as low risk but now says it is a critical issue that enables remote code execution.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
China-Linked Threat Group Exploits Ivanti Bug
The vendor had originally assessed the flaw as low risk but now says it is a critical issue that enables remote code execution.
π΅οΈββοΈ Disclosure Drama Clouds CrushFTP Vulnerability Exploitation π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
CrushFTP CEO Ben Spink slammed several cybersecurity companies for creating confusion around a critical authentication bypass flaw that's currently under attack.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Disclosure Drama Clouds CrushFTP Vulnerability Exploitation
CrushFTP CEO Ben Spink slammed several cybersecurity companies for creating confusion around a critical authentication bypass flaw that's currently under attack.
π΅οΈββοΈ Counterfeit Phones Carrying Hidden Revamped Triada Malware π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Counterfeit Phones Carrying Triada Malware
The malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones.
π΅οΈββοΈ Runtime Ventures Launches New Fund for Seed, Pre-Seed Startups π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Cofounders Michael Sutton and David Endler raised 32 million to invest in early stage cybersecurity startups as well as to provide mentoring support.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Runtime Ventures Launches New Fund for Seed, Pre-Seed Startups
Co-founders Michael Sutton and David Endler raised $32 million to invest in early-stage cybersecurity startups and provide mentoring support.
π΅οΈββοΈ Social Engineering Just Got Smarter π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Polices that forbid employees from divulging company details are worthless if the same information can be obtained from sources employees have no control over.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Social Engineering Just Got Smarter
Polices that forbid employees from divulging company details are worthless if the same information can be obtained from sources employees have no control over.
π΅οΈββοΈ Emerging Risks Require IT/OT Collaboration to Secure Physical Systems π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
With an increase in cyberphysical attacks that can cause significant disruptions, financial fallout and safety concerns for victim organizations, IT and OT security teams cannot keep working in silos.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Emerging Risks Require IT/OT Collaboration to Secure Physical Systems
With an increase in cyber-physical attacks that can cause significant disruptions, financial fallout and safety concerns for victim organizations, IT and OT security teams cannot keep working in silos.
π΅οΈββοΈ Google Quick Share Bug Bypasses Allow Zero-Click File Transfer π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Google addresses patch bypasses for CVE202438272 and CVE202438271, part of the previously announced "QuickShell" silent RCE attack chain against Windows users.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Google Quick Share Bug Bypasses Allow 0-Click File Transfer
Google addresses patch bypasses for CVE-2024-38272 and CVE-2024-38271, part of the previously announced "QuickShell" silent RCE attack chain against Windows users.