ποΈ Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Russialinked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via crosssite scripting XSS vulnerabilities, including a thenzeroday in MDaemon, according to new findings from ESET. The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It has.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a malicious package named "osinfocheckeres6" that disguises itself as an operating system information utility to stealthily drop a nextstage payload onto compromised systems. "This campaign employs clever Unicodebased steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¨ NCSC statement: Incident impacting retailers π¨
π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
The latest statement from the NCSC regarding the cyber incident impacting UK retailers.π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
www.ncsc.gov.uk
NCSC statement: Incident impacting retailers
The latest statement from the NCSC regarding the cyber incident impacting UK retailers
π "Endemic" Ransomware Prompts NHS to Demand Supplier Action on Cybersecurity π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The voluntary cybersecurity charter asks NHS suppliers to commit to eight cybersecurity pledges, amid rising attacks on healthcare.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
"Endemic" Ransomware Prompts NHS to Demand Supplier Action on Cybersecurity
The voluntary cybersecurity charter asks NHS suppliers to commit to eight cybersecurity pledges, amid rising attacks on healthcare
π Fraud Losses Hit $11m Per Company as Customer Abuse Soars π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Most online merchants now believe customers pose as big a threat as professional fraudsters.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fraud Losses Hit $11m Per Company as Customer Abuse Soars
Most online merchants now believe customers pose as big a threat as professional fraudsters
π #Infosec2025: Ransomware Enters βPost-Trust Ecosystem,β NCA Cyber Expert Says π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The ransomware landscape is more fragmented than ever, with no market leader, says William Lyne, Head of Intelligence at the NCA.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
#Infosec2025: Ransomware Enters βPost-Trust Ecosystem,β NCA Cyber Expert Says
The ransomware landscape is more fragmented than ever, with no βmarket leader,β says William Lyne, Head of Intelligence at the NCA
π What Is Threat Detection and Response? π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Threat detection and response TDR is a continuous, adaptive process of identifying, analyzing, and responding to cyber threats in real time. Effective threat detection starts with continuous monitoring of your digital environment to spot suspicious activitywhether its unusual user behavior, malware, or early signs of a breach. Once a threat is identified, threat response solutions The post What Is Threat Detection and Response? appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
What Is Threat Detection and Response?
Get the Ultimate Threat Detection and Response Guide to identify, contain, and eliminate threats before they impact your business.
π New Linux Vulnerabilities Surge 967% in a Year π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Researchers discovered over 3000 Linux vulnerabilities in 2024, the most of any category.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New Linux Vulnerabilities Surge 967% in a Year
Researchers discovered over 3000 Linux vulnerabilities in 2024, the largest of any category
π΅οΈββοΈ Critical Infrastructure Under Siege: OT Security Still Lags π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
With critical infrastructure facing constant cyber threats from the Typhoons and other corners, federal agencies and others are warning security for the OT network, a core technology in many critical sectors, is not powered up enough.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Critical Infrastructure Siege: OT Security Still Lags
With critical infrastructure facing constant cyber threats from the Typhoons and other corners, federal agencies and others are warning security for the OT network, a core technology in many critical sectors, is not powered up enough.
π Dior Confirms Data Breach Affecting Customer Information π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Dior confirmed a data breach compromising customer personal information, discovered on May 7.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ RSAC 2025: AI Everywhere, Trust Nowhere π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
We're at an inflection point. AI is changing the game, but the rules haven't caught up.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
RSAC 2025: AI Everywhere, Trust Nowhere
We're at an inflection point. AI is changing the game, but the rules haven't caught up.
π SAP NetWeaver Flaw Exploited by Ransomware Groups and Chinese-Backed Hackers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nationstate actor known as Chaya004.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
SAP NetWeaver Flaw Exploited by Ransomware Groups and Chinese-Backed Hackers
The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nation-state actor known as Chaya_004
ποΈ Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. "Criminals targeted our customer support agents overseas," the company said in a statement. "They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1 of Coinbase monthly.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π PowerShell-Based Loader Deploys Remcos RAT in New Fileless Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A stealthy fileless PowerShell attack using Remcos RAT bypassed antivirus by operating in memory.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
PowerShell-Based Loader Deploys Remcos RAT in New Fileless Attack
A stealthy fileless PowerShell attack using Remcos RAT bypassed antivirus by operating in memory
π₯°1
π¦Ώ Patch Tuesday: Microsoft Patches 78 Vulnerabilities, 5 Zero-Day Flaws π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsoft patched vulnerabilities for the Common Log File System driver, Microsoft Edge, SharePoint, and more.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Patch Tuesday: Microsoft Patches 78 Vulnerabilities, 5 Zero-Day Flaws
Microsoft patched vulnerabilities for the Common Log File System driver, Microsoft Edge, SharePoint, and more.
π Coinbase Offers $20m Bounty to Take Down Cybercrime Ring Behind Hack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Coinbase is offering a 20m reward to help catch the threat actor behind a cyberattack that could cost it between 180400m.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Coinbase Offers $20m Bounty to Take Down Cybercrime Ring Behind Hack
Coinbase is offering a $20m reward to help catch the threat actor behind a cyber-attack that could cost it between $180-$400m
π΅οΈββοΈ Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
As threat actors continue to hop on the train of exploiting CVE202531324, researchers are recommending that SAP administrators patch as soon as possible so that they don't fall victim next.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks
As threat actors continue to hop on the train of exploiting CVE-2025-31324, researchers are recommending that SAP administrators patch as soon as possible so that they don't fall victim next.
ποΈ Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Austrian privacy nonprofit noyb none of your business has sent Meta's Irish headquarters a ceaseanddesist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users' data for training its artificial intelligence AI models without an explicit optin. The move comes weeks after the social media behemoth announced its plans to train its AI models.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π΅οΈββοΈ Big Steelmaker Halts Operations After Cyber Incident π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Nucor made it clear its investigation is still in the early stages and didn't specify the nature or scope of the breach, nor who the threat actor might be.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Big Steelmaker Halts Operations After Cyber Incident
Nucor made it clear its investigation is still in the early stages and didn't specify the nature or scope of the breach, nor who the threat actor might be.
π΅οΈββοΈ International Crime Rings Defraud US Gov't Out of Billions π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Fraudsters worldwide apply for money from the US government using stolen and forged identities, making off with hundreds of billions of dollars annually.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
International Crime Rings Defraud US Gov't Out of Billions
Fraudsters worldwide apply for money from the US government using stolen and forged identities, making off with hundreds of billions of dollars annually.
π΅οΈββοΈ Attackers Target Samsung MagicINFO Server Bug, Patch Now π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
CVE20254632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Attackers Target Samsung MagicINFO Server Bug, Patch Now
CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild.