ποΈ Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors have been observed actively exploiting security flaws in GeoVision endoflife EoL Internet of Things IoT devices to corral them into a Mirai botnet for conducting distributed denialofservice DDoS attacks. The activity, first observed by the Akamai Security Intelligence and Response Team SIRT in early April 2025, involves the exploitation of two operating system command.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Texas School District Notifies Over 47,000 People of Major Data Breach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Alvin Independent School District in Texas has notified over 47,000 individuals affected by a data breach exposing sensitive personal information.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Texas School District Notifies Over 47,000 People of Major Data Breach
The Alvin Independent School District in Texas has notified over 47,000 individuals affected by a data breach exposing sensitive personal information
π’ Russian hackers tried to lure diplomats with wine tasting β sound familiar? Itβs an update to a previous campaign by the notorious Midnight Blizzard group π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Midnight Blizzard threat group has been targeting European diplomats with malicious emails offering an invite to wine tasting events, according to Check Point.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Russian hackers tried to lure diplomats with wine tasting β sound familiar? Itβs an update to a previous campaign by the notoriousβ¦
The latest Midnight Blizzard campaign sought to lure politicians with a swanky night out
π΅οΈββοΈ Researcher Says Patched Commvault Bug Still Exploitable π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
CISA added CVE202534028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Researcher Says Fixed Commvault Bug Still Exploitable
CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.
π΅οΈββοΈ 'Easily Exploitable' Langflow Vulnerability Requires Immediate Patching π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
'Easily Exploitable' Langflow Flaw Requires Patching
The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.
π’ Almost a third of workers are covertly using AI at work β hereβs why thatβs a terrible idea π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Employers need to get wise to the use of unauthorized AI tools and tighten up policies.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Almost a third of workers are covertly using AI at work β hereβs why thatβs a terrible idea
Employers need to get wise to the use of unauthorized AI tools and tighten up policies
π€1
π’ Cyber attacks are costing UK firms billions every year β ransom payments, staff overtime, and lost business are crippling victims π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
New research from ESET shows the cost of cyber attacks against UK businesses is surging, with many victims struggling to remediate breaches.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Cyber attacks are costing UK firms billions every year β ransom payments, staff overtime, and lost business are crippling victims
With more than half of firms hit by cyber attacks every year, one-in-eight victims enters administration
π’ 96% of businesses have low cyber-readiness, claims Cisco π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The 2025 Cisco Cybersecurity Readiness Index shows a concerning number of businesses globally are unprepared for rising AIrelated threats.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
96% of businesses have low cyber-readiness, claims Cisco
A tiny increase in the number of βmatureβ organizations shows growing problems with AI
π΅οΈββοΈ Infrastructure as Code: An IaC Guide to Cloud Security π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can't keep up.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Infrastructure as Code: An IaC Guide to Cloud Security
IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can't keep up.
ποΈ Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Europol has announced the takedown of distributed denial of service DDoSforhire services that were used to launch thousands of cyberattacks across the world. In connection with the operation, Polish authorities have arrested four individuals and the United States has seized nine domains that are associated with the nowdefunct platforms. "The suspects are believed to be behind six separate.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A second security flaw impacting the OttoKit formerly SureTriggers WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE202527007 CVSS score 9.8, is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82. "This is due to the createwpconnection function missing a capability check and.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed multiple security flaw in the onpremise version of SysAid IT support software that could be exploited to achieve preauthenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE20252775, CVE20252776, and CVE20252777, have all been described as XML External Entity XXE injections, which occur when an attacker is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Security Service Edge SSE platforms have become the goto architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there's a problem they stop short of where the most sensitive user activity actually happensthe browser. This isnt a small omission. Its a structural.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zeroday as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE202529824, a privilege escalation flaw in the Common Log File System CLFS driver. It was patched by.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that masquerades as a seemingly harmless Discordrelated utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the opensource registry.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A federal jury on Tuesday decided that NSO Group must pay Metaowned WhatsApp WhatsApp approximately 168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally. WhatsApp originally filed the lawsuit against NSO Group in 2019,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π¨ UK pioneering global move away from passwords π¨
π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
Government to roll out passkey technology across digital services as an alternative to SMSbased verification.π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
π¨ UK critical systems at increased risk from 'digital divide' created by AI threats π¨
π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
New report warns that organisations unable to defend AIenabled threats are exposed to greater cyber risk.π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
National Cyber Security Centre - NCSC.GOV.UK
UK critical systems at increased risk from 'digital divide' created by AI threats
New report warns that organisations unable to defend AI-enabled threats are exposed to greater cyber risk.
π Toll road scams are in overdrive: Hereβs how to protect yourself π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Have you received a text message about an unpaid road toll? Make sure youre not the next victim of a smishing scam.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Toll road text scams are in overdrive: Hereβs what to look out for
Have you received a text message about an unpaid road toll? Youβre not alone. Make sure youβre not the next victim of a smishing scam.
π Passkeys Set to Protect GOV.UK Accounts Against Cyber-Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UK government has announced that it will be replace its current SMS verification system with passkeys by the end of 2025.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Passkeys Set to Protect GOV.UK Accounts Against Cyber-Attacks
The UK government has announced that it will be replace its current SMS verification system with passkeys by the end of 2025
π€1
π NSO Group Hit with $168m Fine for WhatsApp Pegasus Spyware Abuse π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Israeli spyware maker must pay 444,719 in compensatory damages to Meta and 167.25m in punitive damages.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
NSO Group Hit with $168m Fine for WhatsApp Pegasus Spyware Abuse
The Israeli spyware maker must pay $444,719 in compensatory damages to Meta and $167.25m in punitive damages
π1