π¦
The Week in Vulnerabilities: Firefox, Roundcube and ICS Flaws Flagged by Cyble π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble The Week in Vulnerabilities Firefox, Roundcube and ICS Flaws Flagged by Cyble " dataimagecaption"Cyble The Week in Vulnerabilities Firefox, Roundcube and ICS Flaws Flagged by Cyble " datamediumfile"httpscyble.comwpcontentuploads202505CybleBlogsITVulnerability300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202505CybleBlogsITVulnerability.jpg" title"The Week in Vulnerabilities Firefox, Roundcube and ICS Flaws Flagged by Cyble 1" Cyble vulnerability intelligence researchers investigated nearly 100 IT and industrial control system ICS vulnerabilities this week and flagged eight as meriting highpriority attention by security teams including two targeted by Russian threat actors. In all, Cyble investigated 21 IT vulnerabilities this week, 68 ICS vulnerabilities, and eight v...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Critical IT Vulnerabilities Flagged In Latest Cyble Report
Cyble highlights major IT vulnerabilities and ICS flaws, including those exploited by threat actors. Security teams urged to prioritize critical patches.
π1
ποΈ 300 Servers and β¬3.5M Seized as Europol Strikes Ransomware Networks Worldwide ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
As part of the latest "season" of Operation Endgame, a coalition of law enforcement agencies have taken down about 300 servers worldwide, neutralized 650 domains, and issued arrest warrants against 20 targets. Operation Endgame, first launched in May 2024, is an ongoing law enforcement operation targeting services and infrastructures assisting in or directly providing initial or consolidating.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π€1
ποΈ ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypotlike network. The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers CVE202320118 to corral them into.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Critical Bugs Left Unpatched in Versa's Concerto Tool π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Three zerodays allow an attacker to completely compromise the Concerto application and the host system running it. The vendor has yet to address the issues after being notified three months ago.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Critical Bugs Left Unpatched in Versa's Concerto Tool
Three zero-days allow an attacker to completely compromise the Concerto application and the host system running it. The vendor has yet to address the issues after being notified three months ago.
π΅οΈββοΈ Rethinking Data Privacy in the Age of Generative AI π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The key to navigating this new GenAI landscape is a balanced approach one that fosters transparency, strengthens regulatory frameworks, and embraces privacyenhancing technologies.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Rethinking Data Privacy in the Age of Generative AI
The key to navigating this new GenAI landscape is a balanced approach β one that fosters transparency, strengthens regulatory frameworks, and embraces privacy-enhancing technologies.
π1
π’ US healthcare firm postponed procedures after cyber attack knocked systems offline π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The incident at Kettering Health disrupted procedures for patients.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
US healthcare firm postponed procedures after cyber attack knocked systems offline
The incident at Kettering Health disrupted procedures for patients
π Danabot: Analyzing a fallen empire π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Danabot: Analyzing a fallen empire
ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation.
π 12 Top Threat Detection Tools That Cybersecurity Pros Are Using in 2025 π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Cyber threats are getting faster, smarter, and bolderand so should your threat detection tools to fight them. Slow threat detection and response lead to data loss, reputational damage, regulatory fines, and costly downtime. Add to it alert fatigue, understaffed security teams, and disconnected tools, and youre facing a perfect risk storm with limited time to The post 12 Top Threat Detection Tools That Cybersecurity Pros Are Using in 2025 appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
12 Best Threat Detection Tools for Cybersecurity
Discover the latest threat detection tools that cybersecurity experts are choosing today to secure their environments.
π 12 Top Threat Detection Tools That Cybersecurity Pros Are Using in 2025 π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Cyber threats are getting faster, smarter, and bolderand so should your threat detection tools to fight them. Slow threat detection and response lead to data loss, reputational damage, regulatory fines, and costly downtime. Add to it alert fatigue, understaffed security teams, and disconnected tools, and youre facing a perfect risk storm with limited time to The post 12 Top Threat Detection Tools That Cybersecurity Pros Are Using in 2025 appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
12 Best Threat Detection Tools for Cybersecurity
Discover the latest threat detection tools that cybersecurity experts are choosing today to secure their environments.
π΅οΈββοΈ 3 Critical Pillars of Cyber-Resilience π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Encryption, collaboration, and AI can help organizations build up essential protection against ransomware.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
3 Critical Pillars of Cyber-Resilience
Encryption, collaboration, and AI can help organizations build up essential protection against ransomware.
π¦Ώ 184 Million Records Database Leak: Microsoft, Apple, Google, Facebook, PayPal Logins Found π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The databases exposure duration is unknown. Signs of infostealer malware were found, but no confirmed breach or misuse of user data, says cybersecurity researcher.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
184 Million Records Database Leak: Microsoft, Apple, Google, Facebook, PayPal Logins Found
The databaseβs exposure duration is unknown. Signs of infostealer malware were found, but no confirmed breach or misuse of user data, says cybersecurity researcher.
π€―1π±1
π¦Ώ Microsoft, DOJ Take Actions Against βFavored Info-Stealing Malwareβ Lumma π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Lumma malware, a MaaS platform active since 2022, has stolen data from 1.7M devices, targeting cryptos, logins, and financial information on Windows systems.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Microsoft, DOJ Take Actions Against βFavored Info-Stealing Malwareβ Lumma
Lumma malware, a MaaS platform active since 2022, has stolen data from 1.7M+ devices, targeting cryptos, logins, and financial information on Windows systems.
ποΈ Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The malware known as Latrodectus has become the latest to embrace the widelyused social engineering technique called ClickFix as a distribution vector. "The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk," Expel said in a report shared with The Hacker News. "This removes many opportunities for browsers or security.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1π₯°1π€1π±1
π¦Ώ Anthropic Future-Proofs New AI Model With Rigorous Safety Rules π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Anthropics AI Safety Level 3 protections add a filter and limited outbound traffic to prevent anyone from stealing the entire model weights.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Anthropic Future-Proofs New AI Model With Rigorous Safety Rules
Anthropicβs AI Safety Level 3 protections add a filter and limited outbound traffic to prevent anyone from stealing the entire model weights.
π1
π¦Ώ Big Apple OS Makeover: Hereβs What to Expect & When π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Apples next OS update dubbed Solarium may bring major design changes, according to reports.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Big Apple OS Makeover: Hereβs What to Expect & When
Appleβs next OS update dubbed βSolariumβ may bring major design changes, according to reports.
π Adidas Customer Data Stolen in Third-Party Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Adidas revealed that customer contact information, including names, emails and phone numbers were accessed by an unauthorized party.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Adidas Customer Data Stolen in Third-Party Attack
Adidas revealed that customer contact information, including names, emails and phone numbers were accessed by an unauthorized party
π¦
FBI Warns Silent Ransom Group Targeting U.S. Law Firms Using Social Engineering and Callback Phishing π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble FBI Warns Silent Ransom Group Targeting U.S. Law Firms Using Social Engineering and Callback Phishing " dataimagecaption"Cyble FBI Warns Silent Ransom Group Targeting U.S. Law Firms Using Social Engineering and Callback Phishing " datamediumfile"httpscyble.comwpcontentuploads202505CybleBlogsFBISilentRansom300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202505CybleBlogsFBISilentRansom.jpg" title"FBI Warns Silent Ransom Group Targeting U.S. Law Firms Using Social Engineering and Callback Phishing 1" Overview The U.S. Federal Bureau of Investigation FBI has issued a fresh alert warning law firms and cybersecurity professionals about ongoing cyber threat activity linked to the Silent Ransom Group SRGalso known as Luna Moth, Chatty Spider, or UNC3753. This threat actor is...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
FBI Warns Silent Ransom Group Targeting U.S. Law Firms
FBI warns law firms and cybersecurity pros of ongoing threats from the Silent Ransom Group (SRG) in a new alert.
π¦
CISA Updates Advisory for Active Exploitation Targeting Commvault Metallic SaaS Cloud Platform π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble CISA Updates Advisory for Active Exploitation Targeting Commvault Metallic SaaS Cloud Platform " dataimagecaption"Cyble CISA Updates Advisory for Active Exploitation Targeting Commvault Metallic SaaS Cloud Platform " datamediumfile"httpscyble.comwpcontentuploads202505CybleBlogsCISACommvault300x150.png" datalargefile"httpscyble.comwpcontentuploads202505CybleBlogsCISACommvault1024x512.png" title"CISA Updates Advisory for Active Exploitation Targeting Commvault Metallic SaaS Cloud Platform 2" Overview The U.S. Cybersecurity and Infrastructure Security Agency CISA has released an urgent updated advisory highlighting cyber threat activity targeting Commvaults Metallic SoftwareasaService SaaS platform, which is widely used to back up Microsoft 365 environments. As of May 2025, th...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
CISA Updates Alert On Commvault Metallic Exploitation
CISA issues urgent update on threats targeting Commvaultβs Metallic SaaS platform, widely used for Microsoft 365 backups.
π Vietnam-Nexus Hackers Distribute Malware Via Fake AI Video Generator Websites π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A Vietnamnexus hacking group distributes infostealers and backdoors via social media ads promoting fake AI generator websites.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Vietnam-Nexus Hackers Distribute Malware Via Fake AI Video Generators
A Vietnam-nexus hacking group distributes infostealers and backdoors via social media ads promoting fake AI generator websites
π Adidas Customer Data Stolen in Third-Party Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Adidas revealed that customer contact information, including names, emails and phone numbers were accessed by an unauthorized party.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Adidas Customer Data Stolen in Third-Party Attack
Adidas revealed that customer contact information, including names, emails and phone numbers were accessed by an unauthorized party
π’ Hackers are abusing Microsoft email notifications to target enterprises π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Researchers have uncovered a hybrid emailandphone scam based on fake Microsoft billing emails.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Hackers are abusing Microsoft email notifications to target enterprises
Researchers have uncovered a hybrid email-and-phone scam based on fake Microsoft billing emails