ποΈ Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Researchers at ETH Zrich have discovered yet another security flaw that they say impacts all modern Intel CPUs and causes them to leak sensitive data from memory, showing that the vulnerability known as Spectre continues to haunt computer systems after more than seven years. The vulnerability, referred to as Branch Privilege Injection BPI, "can be exploited to misuse the prediction.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShellbased shellcode loader to deploy a remote access trojan called Remcos RAT. "Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents," Qualys security researcher Akshay Thorve said in a technical report. "The attack chain leverages mshta.exe for.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Modern apps move fastfaster than most security teams can keep up. As businesses rush to build in the cloud, security often lags behind. Teams scan code in isolation, react late to cloud threats, and monitor SOC alerts only after damage is done. Attackers dont wait. They exploit vulnerabilities within hours. Yet most organizations take days to respond to critical cloud alerts. That delay isnt.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Sednit abuses XSS flaws to hit gov't entities, defense companies π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Sednit abuses XSS flaws to hit gov't entities, defense companies
Operation RoundPress exploits security holes in webmail software to target Ukrainian governmental entities and defense companies in Eastern Europe.
π US Officials Impersonated Via SMS and Voice Deepfakes π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The FBI has warned about an ongoing smishing and vishing scheme using AI deepfakes to impersonate US officials.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π UK Cyber Vacancies Growing 12% Per Year π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
An analysis by Robert Walters found there are around 17,000 cybersecurity vacancies in the UK currently, with organizations struggling to fill open positions.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π Russian Espionage Operation Targets Organizations Linked to Ukraine War π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim's webmail page.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Russian Espionage Operation Targets Organizations Linked to Ukraine War
In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim's webmail page
π Healthcare Cyber-Attacks Intensify, Sector Now Prime Target π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New data from Darktrace showed that cyberattacks targeting healthcare organizations increased in intensity in 2024.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π¦
Cyble Detects 200 Billion Files Exposed in Cloud Buckets π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble Detects 200 Billion Files Exposed in Cloud Buckets " dataimagecaption"" datamediumfile"httpscyble.comwpcontentuploads202505CloudBuckets300x150.png" datalargefile"httpscyble.comwpcontentuploads202505CloudBuckets1024x512.png" title"Cyble Detects 200 Billion Files Exposed in Cloud Buckets 1" Cybles ODIN vulnerability search tool has detected more than 200 billion exposed files in cloud buckets across seven major cloud providers. The 200 billion exposed files reflect the sheer scale of accidental data exposure on the internet, data thats often left publicly accessible due to misconfigurations. The files include data ranging from documents and credentials to source code and internal backups. The ODIN platform scans cloud buckets at scale and classifies exposed content using ma...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Turkish APT Exploits Chat App Zero-Day to Spy Kurds π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Even after their zeroday vulnerability turned into an nday, attackers known as Marbled Dust or Sea Turtle continued to spy on military targets that had failed to patch Output Messenger.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Turkish APT Exploits Chat Zero-Day to Spy on Iraqi Kurds
Even after their zero-day vulnerability turned into an n-day, attackers known as Marbled Dust or Sea Turtle continued to spy on military targets that had failed to patch Output Messenger.
π΅οΈββοΈ How to Develop and Communicate Metrics for CSIRPs π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A welldocumented cybersecurity incident response program CSIRP provides the transparency needed for informed decisionmaking, protecting the organization in a constantly changing threat environment.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
How to Develop & Communicate Metrics for CSIRPs
A well-documented cybersecurity incident response program (CSIRP) provides the transparency needed for informed decision-making, protecting the organization in a constantly changing threat environment.
π΅οΈββοΈ Attacker Specialization Puts Threat Modeling on Defensive π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Specialization among threat groups poses challenges for defenders, who now must distinguish between different actors responsible for different facets of an attack.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Attacker Specialization Puts Threat Modeling on Defensive
Specialization among threat groups poses challenges for defenders, who now must distinguish between different actors responsible for different facets of an attack.
π΅οΈββοΈ Coinbase Extorted, Offers $20M for Info on Its Hackers π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Coinbase is going Liam Neeson on its attackers, potentially setting a new precedent for incident response in the wake of crypto and blockchaintargeting cyberattacks.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Coinbase Extorted, Offers $20M for Info on Its Hackers
Coinbase is going Liam Neeson on its attackers, potentially setting a new precedent for incident response in the wake of crypto- and blockchain-targeting cyberattacks.
π΅οΈββοΈ Australian Human Rights Commission Leaks Docs in Data Breach π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
An internal error led to public disclosure of reams of sensitive data that could be coopted for followon cyberattacks.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Australian Human Rights Commission Leaks Docs in Data Breach
An internal error led to public disclosure of reams of sensitive data that could be co-opted for follow-on cyberattacks.
π΅οΈββοΈ Dynamic DNS Emerges as Go-to Cyberattack Facilitator π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Scattered Spider and other phishers and hacking groups are using rentable subdomains from dynamic DNS providers to obfuscate their activity and impersonate wellknown brands.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Dynamic DNS Emerges as Go-to Cyberattack Facilitator
Scattered Spider and other phishers and hacking groups are using rentable subdomains from dynamic DNS providers to obfuscate their activity and impersonate well-known brands.
π¦Ώ UK Supermarket Avoided Ransomware Because βThey Yanked Their Own Plug,β Hackers Say π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The proactive steps taken by Coops IT team are thought to be why the supermarket is recovering more quickly after being hacked than fellow UK retailer MS from its recent cyber attack.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
UK Supermarket Avoided Ransomware Because βThey Yanked Their Own Plug,β Hackers Say
The proactive steps taken by Co-opβs IT team are thought to be why the supermarket is recovering more quickly after being hacked than fellow UK retailer M&S from its recent cyber attack.
ποΈ [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Modern apps move fastfaster than most security teams can keep up. As businesses rush to build in the cloud, security often lags behind. Teams scan code in isolation, react late to cloud threats, and monitor SOC alerts only after damage is done. Attackers dont wait. They exploit vulnerabilities within hours. Yet most organizations take days to respond to critical cloud alerts. That delay isnt.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
π’ Criminal records, financial data exposed in cyber attack on Legal Aid Agency π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The UK's Legal Aid Agency has warned members of the public after a data breach exposed a "significant amount" of data, including criminal records, personal details, and financial information.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Criminal records, financial data exposed in cyber attack on Legal Aid Agency
The Legal Aid Agency has been βworking around the clockβ to tackle the incident
π1
π¦Ώ Malwarebytes vs McAfee: Which Antivirus Is Right for You? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Malwarebytes and McAfee are both firmly established in the antivirus business, but which is better? Read this guide to find out.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Malwarebytes vs McAfee: Which Antivirus Is Right for You?
Discover the key differences between Malwarebytes and McAfee to find the best antivirus solution for your needs. Read more now.
ποΈ Why CTEM is the Winning Bet for CISOs in 2025 ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Continuous Threat Exposure Management CTEM has moved from concept to cornerstone, solidifying its role as a strategic enabler for CISOs. No longer a theoretical framework, CTEM now anchors todays cybersecurity programs by continuously aligning security efforts with realworld risk. At the heart of CTEM is the integration of Adversarial Exposure Validation AEV, an advanced, offensive.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution. The vulnerabilities, both of which were exploited as a zeroday at Pwn2Own Berlin, are listed below CVE20254918 An outofbounds access vulnerability when resolving Promise objects that could allow an.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π2