ποΈ North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
North Korealinked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industryBlockNovas LLC blocknovas. com, Angeloper Agency angeloper.com, and SoftGlide LLC softglide.coto spread.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. "The exploitation is likely tied to either a previously disclosed vulnerability like CVE20179844 or an unreported remote file inclusion RFI issue," ReliaQuest said in a report published this week. The cybersecurity.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Why NHIs Are Security's Most Dangerous Blind Spot ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of NonHuman Identities NHIs. At the top of mind when NHIs are mentioned, most security teams immediately think of Service Accounts.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below CVE202527610 CVSS score 7.5 A path traversal.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a nowpatched security flaw in Ivanti Connect Secure ICS. The malware, along with a web shell, were "installed by exploiting a zeroday vulnerability at that time, CVE20250282, during attacks against organizations in Japan around December 2024," JPCERTCC researcher Yuma.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Increased law enforcement pressure has forced ransomware groups like DragonForce and Anubis to move away from traditional affiliate models.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes
Increased law enforcement pressure has forced ransomware groups like DragonForce and Anubis to move away from traditional affiliate models
π SAP Fixes Critical Vulnerability After Evidence of Exploitation π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
SAP Fixes Critical Vulnerability After Evidence of Exploitation
A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors
π M&S Shuts Down Online Orders Amid Ongoing Cyber Incident π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
British retailer MS continues to tackle a cyber incident with online orders now paused for customers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
M&S Shuts Down Online Orders Amid Ongoing Cyber Incident
British retailer M&S continues to tackle a cyber incident with online orders now paused for customers
π Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Researchers have found a Chrome extension that can act on the users behalf by using a popular AI agent orchestration protocol.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input
Researchers have found a Chrome extension that can act on the userβs behalf by using a popular AI agent orchestration protocol
π US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Panaseer's latest cybersecurity study revealed that US companies have paid 155M in data breach lawsuit settlements over just six months.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures
Panaseer's latest cybersecurity study revealed that US companies have paid $155M in data breach lawsuit settlements over just six months
π Popular LLMs Found to Produce Vulnerable Code by Default π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Backslash Security found that nave prompts resulted in code vulnerable to at least four of the of the 10 most common vulnerabilities across popular LLMs.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Popular LLMs Found to Produce Vulnerable Code by Default
Backslash Security found that naΓ―ve prompts resulted in code vulnerable to at least four of the of the 10 most common vulnerabilities across popular LLMs
π΅οΈββοΈ Mobile Applications: A Cesspool of Security Issues π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
An analysis of more than a halfmillion mobile apps find encryption problems, privacy issues, and known vulnerabilities in thirdparty code. What can users and developers do?.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Mobile Applications: A Cesspool of Security Issues
An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?
π¦Ώ Breakthrough Could Lead to Quantum Encryption in 10 Years π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
This research might also help pave the way for the quantum internet and other quantum systems in perhaps 4050 years.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Breakthrough Could Lead to Quantum Encryption in 10 Years
This research might also help pave the way for the quantum internet and other quantum systems in perhaps 40-50 years.
ποΈ WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are warning about a largescale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are warning about a largescale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are warning about a largescale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are warning about a largescale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦Ώ Breakthrough Could Lead to Quantum Encryption in 10 Years π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
This research might also help pave the way for the quantum internet and other quantum systems in perhaps 4050 years.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Breakthrough Could Lead to Quantum Encryption in 10 Years
This research might also help pave the way for the quantum internet and other quantum systems in perhaps 40-50 years.
ποΈ Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zeroday attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities CVE202458136 CVSS score 9.0 An improper protection of alternate path flaw in the Yii PHP.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zeroday attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities CVE202458136 CVSS score 9.0 An improper protection of alternate path flaw in the Yii PHP.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are warning about a largescale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity