ποΈ Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Russialinked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionagefocused campaign using ClickFixlike social engineering lures. "LOSTKEYS is capable of stealing files from a hardcoded list of extensions and directories, along with sending system information and running processes to the attacker," the Google Threat.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cisco has released software fixes to address a maximumseverity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE202520188, has been rated 10.0 on the CVSS scoring system. "This vulnerability is due to the presence of a hardcoded JSON Web Token JWT on an.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Russian Group Launches LOSTKEYS Malware in Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New LOSTKEYS malware has been identified and linked to COLDRIVER by GTIG, stealing files and system data in targeted attacks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π LockBit Ransomware Hacked, Insider Secrets Exposed π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The data dump will likely shed light on LockBits recent activity and help law enforcement trace cryptocurrency transactions.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
LockBit Ransomware Hacked, Insider Secrets Exposed
The data dump will likely shed light on LockBitβs recent activity and help law enforcement trace cryptocurrency transactions
π Just 5% of Enterprises Have Deployed Quantum-Safe Encryption π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
DigiCert survey finds only 5 of global businesses are using postquantum cryptography.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Just 5% of Enterprises Have Deployed Quantum-Safe Encryption
DigiCert survey finds only 5% of global businesses are using post-quantum cryptography
π UK Cyber Essentials Certification Numbers Falling Short π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UK government is set to prioritize increasing the number of UK organizations who are Cyber Essentials certified over the coming year.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π UK Launches New Cybersecurity Assessment Initiatives to Drive Secure by Design π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UK government unveiled two new assessment schemes to boost confidence in the security of products and services during CYBERUK.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Launches New Cybersecurity Assessment Initiatives to Drive Secure by Design
The UK government unveiled two new assessment schemes to boost confidence in the security of products and services during CYBERUK
π Confusion Reigns as Threat Actors Exploit Samsung MagicInfo Flaw π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Researchers spot inthewild exploits of Samsung MagicInfo despite recent patch.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Confusion Reigns as Threat Actors Exploit Samsung MagicInfo Flaw
Researchers spot in-the-wild exploits of Samsung MagicInfo despite recent patch
π #Infosec2025: Combating Deepfake Threats at the Age of AI Agents π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Organizations can start defending against deepfakes now, before efficient detectors are available.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
#Infosec2025: Combating Deepfake Threats at the Age of AI Agents
Organizations can start defending against deepfakes now, before efficient detectors are available
π Hacker Finds New Technique to Bypass SentinelOne EDR Solution π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Security researchers at Aon have discovered a threat actor who bypassed SentinelOne EDR protection to deploy Babuk ransomware.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Hacker Finds New Technique to Bypass SentinelOne EDR Solution
Security researchers at Aon have discovered a threat actor who bypassed SentinelOne EDR protection to deploy Babuk ransomware
π1
ποΈ Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Chinalinked unnamed threat actor dubbed Chaya004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE202531324 CVSS score 10.0 since April 29, 2025. CVE202531324 refers to a critical SAP NetWeaver flaw.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ LockBit ransomware group falls victim to hackers itself π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A data leak has revealed negotiations with victims, along with Bitcoin wallet addresses, affiliate accounts and details of attacks.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
LockBit ransomware group falls victim to hackers itself
A data leak has revealed negotiations with victims, along with Bitcoin wallet addresses, affiliate accounts and details of attacks
π’ AI-powered banking fraud on the rise β but financial institutions are fighting back π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Banks are increasingly using AI to combat scams, but say that the need for good data management can make progress slow.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
AI-powered banking fraud on the rise β but financial institutions are fighting back
Banks are increasingly using AI to combat scams, but say that the need for good data management can make progress slow
π’ The NCSC wants developers to get serious on software security π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The NCSC's new Software Security Code of Practice has been welcomed by cyber professionals as a positive step toward bolstering software supply chain security.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
The NCSC wants developers to get serious on software security
New voluntary rules outline software security best practices for vendors and developers
π΅οΈββοΈ How Security Has Changed the Hacker Marketplace π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Your ultimate goal shouldn't be security perfection it should be making exploitation of your organization unprofitable.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
How Security Has Changed the Hacker Marketplace
Your ultimate goal shouldn't be security perfection β it should be making exploitation of your organization unprofitable.
ποΈ Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are warning of a new campaign that's targeting Portuguesespeaking users in Brazil with trial versions of commercial remote monitoring and management RMM software since January 2025. "The spam message uses the Brazilian electronic invoice system, NFe, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox," Cisco Talos.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI agents, you need to ask Are they secure? AI agents work with sensitive data and make realtime decisions. If theyre not.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Beyond Vulnerability Management β Can You CVE What I CVE? ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center VOC dataset analysis identified 1,337,797 unique findings security issues across 68,500 unique customer assets. 32,585 of them were distinct.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence AIpowered source code editor. "Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actorcontrolled infrastructure, overwrite Cursor's.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google on Thursday announced it's rolling out new artificial intelligence AIpowered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano, its ondevice large language model LLM, to improve Safe Browsing in Chrome 137 on desktops. "The ondevice approach provides instant insight on risky websites and allows us to offer.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π€1
π Google Deploys On-Device AI to Thwart Scams on Chrome and Android π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The tech giant plans to leverage its Gemini Nano LLM ondevice to enhance scam detection on Chrome.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Google Deploys On-Device AI to Thwart Scams on Chrome and Android
The tech giant plans to leverage its Gemini Nano LLM on-device to enhance scam detection on Chrome
π€1