ποΈ North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The North Korealinked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the "trajectory of the Russian invasion." "The group's interest in Ukraine follows historical targeting.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Moldovan Police Arrest Suspect in β¬4.5M Ransomware Attack on Dutch Research Agency ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Moldovan law enforcement authorities have arrested a 45yearold foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. "He is wanted internationally for committing several cybercrimes ransomware attacks, blackmail, and money laundering against companies based in the Netherlands," officials said in a statement Monday. In conjunction with the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ TΓΌrkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Trkiyeaffiliated threat actor exploited a zeroday security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the Microsoft Threat Intelligence team said. "The targets of the attack are associated with the Kurdish.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π European Vulnerability Database Launches Amid US CVE Chaos π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ENISA has officially launched the European Vulnerability Database as required by the NIS2 directive.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
European Vulnerability Database Launches Amid US CVE Chaos
Enisa has officially launched the European Vulnerability Database as required by the NIS2 directive
π M&S Confirms Customer Data Stolen in Cyber-Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
MS Chief Executive, Stuart Machin, said that the firm has written to customers to inform them that some personal information was accessed by threat actors.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
M&S Confirms Customer Data Stolen in Cyber-Attack
M&S Chief Executive, Stuart Machin, said that the firm has written to customers to inform them that some personal information was accessed by threat actors
π UK Considers New Enterprise IoT Security Law π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UK government wants to hear feedback on a possible new standard or legislation to improve enterprise IoT security.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Considers New Enterprise IoT Security Law
The UK government wants to hear feedback on a possible new standard or legislation to improve enterprise IoT security
π 10 Best Managed Cybersecurity Services: Expert Picks and Why Theyβre Worth It π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
With severe cyberattacks, tightening regulations, and growing infrastructure complexity, managed cybersecurity services have become the top strategic necessity for business resilience. When keeping up with cybersecurity gets toughbecause youre short on time, talent, and budgetmanaged security gives you access to the latest cyber technology and expert support from a trusted cybersecurity service provider. By handing The post 10 Best Managed Cybersecurity Services Expert Picks and Why Theyre Worth It appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
10 Best Managed Cybersecurity Services
Managed cybersecurity services are proactive against cyberattacks and outpace evolving threats to protect your business.
π CISA Shifts Alert Distribution Strategy to Email, Social Media π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
CISA won't post standard cybersecurity updates on its website, shifting to email and social media.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CISA Shifts Alert Distribution Strategy to Email, Social Media
CISA won't post standard cybersecurity updates on its website, shifting to email and social media
π¦
Australia Records Highest-Ever Data Breaches in 2024, Says OAICβs Report π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
OAIC Reports " dataimagecaption"" datamediumfile"httpscyble.comwpcontentuploads202505OAICReports300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202505OAICReports1024x512.jpg" title"Australia Records HighestEver Data Breaches in 2024, Says OAICs Report 1" Australia witnessed a hoard of data breach in 2024, with over 1,100 incidents reported to the Office of the Australian Information Commissioner OAIC. The figures, released in the OAIC Reportsspecifically the Notifiable Data Breaches Report July to December 2024highlight a 25 increase in data breach notifications compared to 2023. According to the OAIC, a total of 1,113 data breaches were reported in 2024 the highest since the Notifiable Data Breaches NDB scheme came into effect in 2018. Of these, 595 breaches occurred in t...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
OAIC Reports Highest Australian Data Breaches In 2024
OAIC reports reveals a 25% rise in data breaches, highlighting malicious attacks, with health and finance sectors most affected.
π DPRK-Backed TA406 Targets Ukraine With Malware Campaigns π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cyber espionage campaign linked to North Korean actor TA406 targeted Ukrainian government entities.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ποΈ China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple Chinanexus nationstate actors to target critical infrastructure networks. "Actors leveraged CVE202531324, an unauthenticated file upload vulnerability that enables remote code execution RCE," EclecticIQ researcher Arda Bykkaya said in an analysis published today. Targets of the campaign.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solanatoken, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Turkey-Aligned Hackers Targeted Iraq-Based Kurds with Zero-Day Exploit π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Marbled Dust has been exploiting a vulnerability in user accounts associated with the Kurdish military operating in Iraq for over a year, according to Microsoft.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Turkey-Aligned Hackers Targeted Iraq-Based Kurds with Zero-Day Exploit
Marbled Dust has been exploiting a vulnerability in user accounts associated with the Kurdish military operating in Iraq for over a year, according to Microsoft
π¦Ώ Noodlophile Malware Distributed Through Bogus AI Video Generators: Who Are the Targets? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
By downloading what they believe is an AIgenerated video, victims have installed malware that can steal their data or offer attackers remote access to infected devices.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Noodlophile Malware Distributed Through Bogus AI Video Generators: Who Are the Targets?
By downloading what they believe is an AI-generated video, victims have installed malware that can steal their data or offer attackers remote access to infected devices.
π€1
π΅οΈββοΈ Hacktivists Make Little Impact During India-Pakistan Conflict π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
While hacktivists claimed more than 100 successful attacks against Indian government, education, and military targets, the attacks were overblown in most cases and often did not even happen.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Hacktivists Make Little Impact During India-Pakistan Conflict
While hacktivists claimed more than 100 successful attacks against Indian government, education, and military targets, the attacks were overblown in most cases and often did not even happen.
ποΈ Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Fortinet has patched a critical security flaw that it said has been exploited as a zeroday in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE202532756, carries a CVSS score of 9.6 out of 10.0. "A stackbased overflow vulnerability CWE121 in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile EPMM software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below CVE20254427 CVSS score 5.3 An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
πͺ Five Years Later: Evolving IoT Cybersecurity Guidelines πͺ
π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
The Backgroundand NISTs Plan for Improving IoT Cybersecurity The passage of the Internet of Things IoT Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers.π Read more.
π Via "NIST"
----------
ποΈ Seen on @cibsecurity
NIST
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Backgroundβ¦and NISTβs Plan for Improving IoT Cybersecurity
π’ The EU just launched its own vulnerability database π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Security practitioners have welcomed the move after the disruption caused by the MITRE incident.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
The EU just launched its own vulnerability database
Security practitioners have welcomed the move after the disruption caused by the MITRE incident
π’ CISOs take the back seat as dev teams claim responsibility for application security π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Development and engineering teams are steering security and budget strategies.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
CISOs take the back seat as dev teams claim responsibility for application security
Development and engineering teams are steering security and budget strategies
π΅οΈββοΈ Orca Security Gets AI-Powered Remediation From Opus Deal π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The acquisition will enhance Orca's CNAPP offering with autonomous vulnerability remediation and prevention technologies from Opus.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Orca Security Gets AI-Powered Remediation From Opus Deal
The acquisition will enhance Orca's CNAPP offering with autonomous vulnerability remediation and prevention technologies from Opus.