ποΈ Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zeroday vulnerabilities in Ivanti Cloud Services Appliance CSA devices. The campaign, detected at the beginning of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ Dark Web Vendors Shift to Third Parties, Supply Chains π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Dark Web Vendors Shift to Third Parties, Supply Chains
As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web.
ποΈ Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zeroday vulnerabilities in Ivanti Cloud Services Appliance CSA devices. The campaign, detected at the beginning of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ A prolific ransomware group says itβs shutting down and giving out free decryption keys to victims β but cyber experts warn it's not exactly a 'gesture of goodwill' π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Hunters International ransomware group is rebranding and switching tactics.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
A prolific ransomware group says itβs shutting down and giving out free decryption keys to victims β but cyber experts warn it'sβ¦
The Hunters International ransomware group is rebranding and switching tactics
π€2
π΅οΈββοΈ New Cyber Blueprint Aims to Guide Organizations on AI Journey π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Deloitte's new blueprint looks to bridge the gap between the massive push for AI adoption and a lack of preparedness among leaders and employees.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
New Cyber Blueprint Aims to Guide Organizations on AI Journey
Deloitte's new blueprint looks to bridge the gap between the massive push for AI adoption and a lack of preparedness among leaders and employees.
π΅οΈββοΈ Dark Web Vendors Shift to Third Parties, Supply Chains π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Dark Web Vendors Shift to Third Parties, Supply Chains
As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web.
π΅οΈββοΈ Criminals Sending QR Codes in Phishing, Malware Campaigns π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The AntiPhishing Working Group observed how attackers are increasingly abusing QR codes to conduct phishing attacks or to trick users into downloading malware.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Criminals Sending QR Codes in Phishing, Malware Campaigns
The Anti-Phishing Working Group observed how attackers are increasingly abusing QR codes to conduct phishing attacks or to trick users into downloading malware.
π΅οΈββοΈ IDE Extensions Pose Hidden Risks to Software Supply Chain π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
IDE Extensions Pose Hidden Risks to Software Supply Chain
Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security.
π΅οΈββοΈ Attackers Impersonate Top Brands in Callback Phishing π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversarycontrolled phone numbers.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Attackers Impersonate Top Brands in Callback Phishing
Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers.
ποΈ Your AI Agents Might Be Leaking Data β Watch this Webinar to Learn How to Stop It ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Generative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive enterprise data to leakand most teams dont even realize it. If youre building, deploying, or managing AI systems, now is the time to ask Are your AI agents exposing confidential data.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed two security flaws in the Sudo commandline utility for Linux and Unixlike operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below CVE202532462 CVSS score 2.8 Sudo before 1.9.17p1, when used with a sudoers file that specifies a host.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Taiwan Flags Chinese Apps Over Data Security Violations π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Taiwan warned that popular Chineseowned apps, including TikTok and Weibo, are harvesting personal data and sending it back to servers in China.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Taiwan Flags Chinese Apps Over Data Security Violations
Taiwan warned that popular Chinese-owned apps, including TikTok and Weibo, are harvesting personal data and sending it back to servers in China
π1
π EU Launches Plan to Implement Quantum-Secure Infrastructure π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The EUs Quantum Strategy includes plans to develop secure quantum communication infrastructure across the region.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
EU Launches Plan to Implement Quantum-Secure Infrastructure
The EUβs Quantum Strategy includes plans to develop secure quantum communication infrastructure across the region
π WordPress Plugin Flaw Exposes 600,000 Sites to File Deletion π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A severe flaw identified in the Forminator WordPress plugin allows arbitrary file deletion and potential site takeover.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
WordPress Plugin Flaw Exposes 600,000 Sites to File Deletion
A severe flaw identified in the Forminator WordPress plugin allows arbitrary file deletion and potential site takeover
π Privilege Escalation Flaw Found in Azure Machine Learning Service π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A critical Azure Machine Learning flaw allows privilege escalation, risking subscription compromise.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Privilege Escalation Flaw Found in Azure Machine Learning Service
A critical Azure Machine Learning flaw allows privilege escalation, risking subscription compromise
π CVE Program Launches Two New Forums to Enhance CVE Utilization π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The CVE Board has launched a Consumer Working Group and a Researcher Working Group, allowing new stakeholders to shape the future of the CVE Program.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CVE Program Launches Two New Forums to Enhance CVE Utilization
The CVE Board has launched a Consumer Working Group and a Researcher Working Group, allowing new stakeholders to shape the future of the CVE Program
π Automation and Vulnerability Exploitation Drive Mass Ransomware Breaches π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ReliaQuest warns that initial access vulnerability exploitation is driving successful ransomware attacks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Automation and Vulnerability Exploitation Drive Mass Ransomware Breaches
ReliaQuest warns that initial access vulnerability exploitation is driving successful ransomware attacks
π North Korean Hackers Target Crypto Firms with Novel macOS Malware π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
SentinelLabs observed North Korean actors deploying novel TTPs to target crypto firms, including a mix of programming languages and signalbased persistence.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
North Korean Hackers Target Crypto Firms with Novel macOS Malware
SentinelLabs observed North Korean actors deploying novel TTPs to target crypto firms, including a mix of programming languages and signal-based persistence
π Ransomware: Hunters International Is Not Shutting Down, It's Rebranding π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Some admins of Hunters International are now part of the encryptionless cyber extortion group World Leaks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ransomware: Hunters International Is Not Shutting Down, It's Rebranding
Some admins of Hunters International are now part of the encryption-less cyber extortion group World Leaks
π¦
The Week in Vulnerabilities: High-Risk IT and ICS Flaws Flagged by Cyble π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
IT Vulnerabilities " dataimagecaption"" datamediumfile"httpscyble.comwpcontentuploads202507ITVulnerabilities2300x150.webp" datalargefile"httpscyble.comwpcontentuploads202507ITVulnerabilities2.webp" title"The Week in Vulnerabilities HighRisk IT and ICS Flaws Flagged by Cyble 1" Cyble vulnerability intelligence researchers investigated dozens of vulnerabilities this week to highlight the IT and industrial control system ICS vulnerabilities that security teams should prioritize. Cyble honeypot sensors also detected numerous vulnerabilities under active exploitation, and Cyble dark web researchers observed several threat actors discussing vulnerability exploits on underground and cybercrime forums, including a claimed Apple zeroday. What follows are some highlights from Cybles IT and...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Cyble Reports New Critical ICS And IT Vulnerabilities
Cyble highlights high-risk IT vulnerabilities from June 2025, including zero-days in Chrome, Cisco, WinRAR, and threats to ICS and UPS systems.
ποΈ NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle aka APTQ95 that has been observed targeting Microsoft Exchange servers as a part of a zeroday exploit chain designed to target government, defense, and technology sectors in China. According to QiAnXin's RedDrip Team, the threat actor has been active since 2023 and has switched network.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity