ποΈ Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Apple has disclosed that a nowpatched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE202543200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ LockBit data dump reveals a treasure trove of intel on the notorious hacker group π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
An analysis of May's SQL database dump shows how much LockBit was really making.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
An analysis of May's SQL database dump shows how much LockBit was really making
π European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
This is the first forensic evidence that journalists devices have been infected with Paragons Graphite spyware.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms
This is the first forensic evidence that journalistsβ devices have been infected with Paragonβs Graphite spyware
β€1
π’ AI security blunders have cyber professionals scrambling π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Growing AI security incidents have cyber teams fending off an array of threats.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
AI security blunders have cyber professionals scrambling
Growing AI security incidents have cyber teams fending off an array of threats
π’ Application security risk: How leaders can protect their businesses π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Application security risk is higher than ever, as new services and expanding attack surfaces put pressure on cyber leaders.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Application security risk: How leaders can protect their businesses
Application security risk is higher than ever, as new services and expanding attack surfaces put pressure on cyber leaders
π΅οΈββοΈ Why CISOs Must Align Business Objectives & Cybersecurity π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
This alignment makes a successful CISO, but creating the same sentiment across business leadership creates a culture of commitment and greatly contributes to achieving goals.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Why CISOs Must Align Business Objectives & Cybersecurity
This alignment makes a successful CISO, but creating the same sentiment across business leadership creates a culture of commitment and greatly contributes to achieving goals.
π΅οΈββοΈ Cyberattacks on Humanitarian Orgs Jump Worldwide π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
These groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Cyberattacks on Humanitarian Orgs Jump Worldwide
These groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.
ποΈ Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management RMM instances to compromise customers of an unnamed utility billing software provider. "This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Introduction Security at a Tipping Point Security Operations Centers SOCs were built for a different era, one defined by perimeterbased thinking, known threats, and manageable alert volumes. But todays threat landscape doesnt play by those rules. The sheer volume of telemetry, overlapping tools, and automated alerts has pushed traditional SOCs to the edge. Security teams are overwhelmed,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
This is the first forensic evidence that journalists devices have been infected with Paragons Graphite spyware.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms
This is the first forensic evidence that journalistsβ devices have been infected with Paragonβs Graphite spyware
π Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing Firm π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A CISA advisory urged all software vendors and downstream customers to check if they are impacted by unpatched versions of the SimpleHelp RMM tool.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π Microsoft 365 Copilot: New Zero-Click AI Vulnerability Allows Corporate Data Theft π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple email.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π 12 Best MSSP Providers Businesses Trust and Grow With π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Managed security services providers, or MSSP providers for short, have become essential allies to businesses in the face of soaring cyber attacks. These thirdparty experts step in to fill the critical cybersecurity gaps, delivering managed security servicesall backed by deep expertise that many inhouse teams simply cant afford. To help you find the right security The post 12 Best MSSP Providers Businesses Trust and Grow With appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Best MSSP Providers You Can Trust
See the list of 12 best MSSP providers that companies choose and recommend to strengthen cyber defense.
β€1
π Python Developer π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
The post Python Developer appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Python Developer - UnderDefense
π¦
The Week in Vulnerabilities: Ivanti, Versa Flaws Flagged by Cyble π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble The Week in Vulnerabilities Ivanti, Versa Flaws Flagged by Cyble " dataimagecaption"Cyble The Week in Vulnerabilities Ivanti, Versa Flaws Flagged by Cyble " datamediumfile"httpscyble.comwpcontentuploads202506CybleBlogsVulnerabilitiesIvanti300x150.png" datalargefile"httpscyble.comwpcontentuploads202506CybleBlogsVulnerabilitiesIvanti1024x512.png" title"The Week in Vulnerabilities Ivanti, Versa Flaws Flagged by Cyble 1" Cyble vulnerability intelligence researchers highlighted several highrisk IT and ICS vulnerabilities this week, including some that are actively targeted in attack attempts detected by Cyble honeypot sensors. As the week also included Patch Tuesday for many vendors, several new critical vulnerabilities emerged, including some that are already under active attack or...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
ποΈ Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are calling attention to a "largescale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an "esoteric and educational programming style" that uses only a limited set of characters to write and execute code.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦Ώ First Known βZero-Clickβ AI Exploit: Microsoft 365 Copilotβs EchoLeak Flaw π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Security researchers uncovered EchoLeak, a zeroclick flaw in Microsoft 365 Copilot, exposing sensitive data without user action. Microsoft has mitigated the vulnerability.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
First Known Zero-Click AI Exploit: Microsoft 365 Copilotβs βEchoLeakβ Flaw
Security researchers uncovered βEchoLeak,β a zero-click flaw in Microsoft 365 Copilot, exposing sensitive data without user action. Microsoft has mitigated the vulnerability.
π΅οΈββοΈ Threat Actor Abuses TeamFiltration for Entra ID Account Takeovers π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Proofpoint researchers discovered a largescale campaign using the open source penetrationtesting framework that has targeted more than 80,000 Microsoft accounts.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Threat Actor Abuses TeamFiltration for Entra ID Attacks
Researchers discovered a large-scale campaign using the open-source penetration testing framework that has targeted more than 80,000 Microsoft accounts.
π Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Jen Easterly and Ciaran Martin called for a universal, vendorneutral cyber threat actor naming system.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names
Jen Easterly and Ciaran Martin called for a universal, vendor-neutral cyber threat actor naming system
π₯1
π¦Ώ INTERPOL-Led Effort Dismantles Infostealer Malware Network in 26 Countries Across Asia-Pacific Region π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
INTERPOL partnered with GroupIB, Kaspersky, and Trend Micro to take down a cybercrime network. They alerted more than 216,000 individuals and organizations that were possible victims.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
INTERPOL-Led Effort Dismantles Infostealer Malware Network in 26 Countries Across Asia-Pacific Region
INTERPOL partnered with Group-IB, Kaspersky, and Trend Micro to take down a cybercrime network. They alerted more than 216,000 individuals and organizations that were possible victims.
π’ RSAC Conference 2025: The front line of cyber innovation π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
RSAC Conference 2025: The front line of cyber innovation
Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event