π΅οΈββοΈ Microsoft Claims Steady Progress Revamping Security Culture π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In the latest Secure Future Initiative Progress Report, Microsoft described efforts to rebuild its security culture, including making security a core priority for employees during performance reviews and launching a new "Secure by Design UX Toolkit.".π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Microsoft Claims Steady Progress Revamping Security Culture
In the latest "Secure Future Initiative" progress report, Microsoft describes efforts to rebuild its security culture, including making security a core priority for employees during performance reviews and launching a new Secure by Design UX Toolkit.
π΅οΈββοΈ Ransomware Gangs Innovate With New Affiliate Models π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Secureworks research shows two ransomware operators offering multiple business models with ransomwareasaservice, mimicking the structures and processes of legitimate businesses.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Ransomware Gangs Innovate With New Affiliate Models
Secureworks research shows two ransomware operators offering multiple business models with ransomware-as-a-service, mimicking the structures and processes of legitimate businesses.
π΅οΈββοΈ Popular British Retailer Marks & Spencer Addresses 'Cyber Incident' π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
MS has launched an investigation and said some customer operations are impacted.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
British Retailer Marks & Spencer Addresses 'Cyber Incident'
M&S has launched an investigation and said some customer operations are impacted.
π΅οΈββοΈ North Korean Operatives Use Deepfakes in IT Job Interviews π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Use of synthetic identities by malicious employment candidates is yet another way statesponsored actors are trying to game the hiring process and infiltrate Western organizations.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
North Korean Operatives Use Deepfakes in IT Job Interviews
Use of synthetic identities by malicious employment candidates is yet another way state-sponsored actors are trying to game the hiring process and infiltrate Western organizations.
π΅οΈββοΈ Japan Warns on Unauthorized Stock Trading via Stolen Credentials π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Attackers are using credentials stolen via phishing websites that purport to be legitimate securities company homepages, duping victims and selling their stocks before they realize they've been hacked.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Japan Warns on Unauthorized Stock Trading via Stolen Credentials
Attackers are using credentials stolen via phishing websites that purport to be legitimate securities company homepages, duping victims and selling their stocks before they realize they've been hacked.
π΅οΈββοΈ Kubernetes Pods Are Inheriting Too Many Permissions π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Scalable, effective and best of all, free securing Kubernetes workload identity cuts cyberrisk without adding infrastructure, according to new research from SANS.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Kubernetes Pods Are Inheriting Too Many Permissions
Scalable, effective, and best of all β free β securing Kubernetes workload identity cuts cyber risk without adding infrastructure, according to new research from SANS.
π΅οΈββοΈ The Foundations of a Resilient Cyber Workforce π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
In a world where insider threats, nationstate adversaries, and technological evolution create new challenges, companies must prioritize transparency, ethical leadership, and a culture rooted in trust.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
The Foundations of a Resilient Cyber Workforce
In a world where insider threats, nation-state adversaries, and technological evolution create new challenges, companies must prioritize transparency, ethical leadership, and a culture rooted in trust.
π΅οΈββοΈ Zambia's Updated Cyber Laws Prompt Surveillance Warnings π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Critics which include the US embassy in Zambia contend the justsigned Cyber Security Act and the Cyber Crime Act allow suppression of dissent and too much concentration of power.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Zambia's Updated Cyber Laws Prompt Surveillance Warnings
Critics β which include the US embassy in Zambia β contend the just-signed Cyber Security Act and the Cyber Crime Act allow suppression of dissent and too much concentration of power.
π΅οΈββοΈ Verizon: Edge Bugs Soar, Ransoms Lag, SMBs Bedeviled π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The cybersecurity landscape confounded expectations in 2024, as anticipated threats and risk didn't materialize and less widely touted attack scenarios shot up.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Verizon: Edge Bugs Soar, Ransoms Lag, SMBs Bedeviled
The cybersecurity landscape confounded expectations in 2024, as anticipated threats and risk didn't materialize and less widely touted attack scenarios shot up.
βοΈ DOGE Workerβs Code Supports NLRB Whistleblower βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
A whistleblower at the National Labor Relations Board NLRB alleged last week that denizens of Elon Musk's Department of Government Efficiency DOGE siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code bundles shows it is remarkably similar to a program published in January 2025 by Marko Elez, a 25yearold DOGE employee who has worked at a number of Musk's companies.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
DOGE Workerβs Code Supports NLRB Whistleblower
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower saidβ¦
ποΈ DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Multiple threat activity clusters with ties to North Korea aka Democratic People's Republic of Korea or DPRK have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North Korea," Googleowned Mandiant said in.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Irannexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a jobthemed social engineering campaign aimed at Israel in October 2024. Googleowned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber espionagerelated operations. The intrusion set is said to have distributed the malware through a "complex.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs," Doctor Web said in an.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Three Reasons Why the Browser is Best for Stopping Phishing Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identitybased techniques over software exploits, phishing arguably poses a bigger threat than ever before. Attackers are increasingly leveraging identitybased techniques over software exploits, with phishing and stolen credentials a byproduct of phishing now the primary.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Multiple suspected Russialinked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device code.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π±1
ποΈ Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys. The malicious activity has been found to affect five different versions of the package 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google on Tuesday revealed that it will no longer offer a standalone prompt for thirdparty cookies in its Chrome browser as part of its Privacy Sandbox initiative. "We've made the decision to maintain our current approach to offering users thirdparty cookie choice in Chrome, and will not be rolling out a new standalone prompt for thirdparty cookies," Anthony Chavez, vice president of Privacy.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π€1
π Verizon's DBIR Reveals 34% Jump in Vulnerability Exploitation π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
After a 180 rise in last years report, the exploitation of vulnerabilities continues to grow, now accounting for 20 of all breaches.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Verizon's DBIR Reveals 34% Jump in Vulnerability Exploitation
After a 180% rise in last yearβs report, the exploitation of vulnerabilities continues to grow, now accounting for 20% of all breaches
π FBI Reveals βStaggeringβ $16.6bn Lost to Cybercrime in 2024 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The FBI found that cybercrime losses climbed by 33 compared to 2023, driven by tactics like investment fraud and BEC.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
FBI Reveals βStaggeringβ $16.6bn Lost to Cybercrime in 2024
The FBI found that cybercrime losses climbed by 33% compared to 2023, driven by tactics like investment fraud and BEC
π Vulnerability Exploitation and Credential Theft Now Top Initial Access Vectors π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Mandiants MTrends report found that credential theft rose significantly in 2024, driven by the growing use of infostealers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Vulnerability Exploitation and Credential Theft Now Top Initial Access Vectors
Mandiantβs M-Trends report found that credential theft rose significantly in 2024, driven by the growing use of infostealers
π US Data Breach Victim Count Surges 26% Annually π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The latest ITRC data finds breach volumes remained flat in Q1 but victim numbers increased 26 annually.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Data Breach Victim Count Surges 26% Annually
The latest ITRC data finds breach volumes remained flat in Q1 but victim numbers increased 26% annually