π΅οΈββοΈ Keeping LLMs on the Rails Poses Design, Engineering Challenges π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Despite adding alignment training, guardrails, and filters, large language models continue to give up secrets, make unfiltered statements, and provide dangerous information.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Keeping LLMs on the Rails Poses Design, Engineering Challenges
Despite adding alignment training, guardrails, and filters, large language models continue to give up secrets, make unfiltered statements, and provide dangerous information.
π1
π΅οΈββοΈ GitLab's AI Assistant Opened Devs to Code Theft π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Prompt injection risks in GitLab's AI assistant could have allowed attackers to steal source code, or indirectly deliver developers malware, dirty links, and more.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
GitLab's AI Assistant Opened Devs to Code Theft
Prompt injection risks in GitLab's AI assistant could have allowed attackers to steal source code, or indirectly deliver developers malware, dirty links, and more.
π΅οΈββοΈ GitLab's AI Assistant Opened Devs to Code Theft π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Prompt injection risks in GitLab's AI assistant could have allowed attackers to steal source code, or indirectly deliver developers malware, dirty links, and more.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
GitLab's AI Assistant Opened Devs to Code Theft
Prompt injection risks in GitLab's AI assistant could have allowed attackers to steal source code, or indirectly deliver developers malware, dirty links, and more.
π΅οΈββοΈ SideWinder APT Caught Spying on India's Neighbor Gov'ts π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A recent spearphishing campaign against countries in South Asia aligns with broader political tensions in the region.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
SideWinder APT Caught Spying on India's Neighbor Govts.
A recent spear-phishing campaign against countries in South Asia aligns with broader political tensions in the region.
π΅οΈββοΈ SideWinder APT Caught Spying on India's Neighbor Gov'ts π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
A recent spearphishing campaign against countries in South Asia aligns with broader political tensions in the region.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
SideWinder APT Caught Spying on India's Neighbor Govts.
A recent spear-phishing campaign against countries in South Asia aligns with broader political tensions in the region.
βοΈ Oops: DanaBot Malware Devs Infected Their Own PCs βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of informationstealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their reallife identities after accidentally infecting their own systems with the malware.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Oops: DanaBot Malware Devs Infected Their Own PCs
The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer versionβ¦
π AI-Generated TikTok Videos Used to Distribute Infostealer Malware π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Malware campaign exploiting TikToks popularity has been observed using social engineering to spread Vidar and StealC.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
AI-Generated TikTok Videos Used to Distribute Infostealer Malware
Malware campaign exploiting TikTokβs popularity has been observed using social engineering to spread Vidar and StealC
π±1
π Kettering Health Cyber-Attack Disrupts Services π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Kettering Health is facing significant disruptions from a cyberattack that impacted patient care.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Kettering Health Cyber-Attack Disrupts Services
Kettering Health is facing significant disruptions from a cyber-attack that impacted patient care
ποΈ Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Chinesespeaking threat actor tracked as UAT6382 has been linked to the exploitation of a nowpatched remotecodeexecution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT6382 successfully exploited CVE20250944, conducted reconnaissance, and rapidly deployed a variety of web shells and custommade malware to maintain longterm access," Cisco Talos researchers.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Coinbase Breach Affected Almost 70,000 Customers π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US cryptocurrency exchange claimed that the breach occurred in December 2024.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Coinbase Breach Affected Almost 70,000 Customers
The US cryptocurrency exchange claimed that the breach occurred in December 2024
ποΈ Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory AD. "The attack exploits the delegated Managed Service Account dMSA feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement," Akamai security researcher Yuval Gordon said in a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Critical Zero-Days Found in Versa Networks SD-WAN/SASE Platform π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The unpatched vulnerabilities, with a CVSS score of 8.6 to 10.0, can lead to remote code execution via authentication bypass.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ποΈ Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile EPMM software has been exploited by a Chinanexus threat actor to target a wide range of sectors across Europe, North America, and the AsiaPacific region. The vulnerabilities, tracked as CVE20254427 CVSS score 5.3 and CVE20254428 CVSS score 7.2, could be chained to execute arbitrary code on a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Sensitive Personal Data Stolen in West Lothian Ransomware Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
West Lothian Council confirmed that ransomware attackers have stolen personal and sensitive information held on its education network.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ποΈ Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Its not enough to be secure. In todays legal climate, you need to prove it. Whether youre protecting a small company or managing compliance across a global enterprise, one thing is clear cybersecurity can no longer be left to guesswork, vague frameworks, or besteffort intentions. Regulators and courts are now holding organizations accountable for how reasonable their security programs are.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Global Law Enforcers and Microsoft Seize 2300+ Lumma Stealer Domains π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Law enforcers worldwide have teamed up with Microsoft to disrupt the infrastructure behind Lumma Stealer.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Global Law Enforcers and Microsoft Seize 2300+ Lumma Stealer Domains
Law enforcers worldwide have teamed up with Microsoft to disrupt the infrastructure behind Lumma Stealer
ποΈ Identity Security Has an Automation ProblemβAnd It's Bigger Than You Think ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
For many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders, reveals a different reality too much still depends on peoplenot systemsto function. In fact, fewer than 4 of security teams have fully automated their core identity workflows. Core workflows, like.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Western Logistics and Tech Firms Targeted by Russiaβs APT28 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
NSA, NCSC and allies warn Western tech and logistics firms of Russian APT28 cyberespionage threat.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ποΈ Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SDWAN orchestration platform that could be exploited to take control of susceptible instances. It's worth noting that the identified shortcomings remain unpatched despite responsible disclosure on February 13, 2025, prompting a public release of the issues.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π #Infosec2025: NCC Group Expert Warns UK Firms to Prepare for Cyber Security and Resilience Bill π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
UK businesses should start to plan for required changes to their cybersecurity programs ahead of the Cyber Security and Resilience Bill.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
NCC Group Expert Warns UK Firms to Prepare for New Cybersecurity Bill
UK businesses should start to plan for required changes to their cybersecurity programs ahead of the Cyber Security and Resilience Bill
ποΈ FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure associated with a commodity information stealer known as Lumma aka LummaC or LummaC2, seizing 2,300 domains that acted as the commandandcontrol C2 backbone to commandeer infected Windows systems. "Malware like LummaC2 is deployed to steal.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity