ποΈ DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, twofactor authentication 2FA codes, and credit card details under certain conditions. The technique has been dubbed Document Object Model DOMbased extension clickjacking by independent security researcher Marek Tth,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ π΅οΈ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Do you know how many AI agents are running inside your business right now? If the answer is not sure, youre not aloneand thats exactly the concern. Across industries, AI agents are being set up every day. Sometimes by IT, but often by business units moving fast to get results. That means agents are running quietly in the backgroundwithout proper IDs, without owners, and without logs of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Russian statesponsored cyber espionage group known as Static Tundra has been observed actively exploiting a sevenyearold security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent access to target networks. Cisco Talos, which disclosed details of the activity, said the attacks single out organizations in telecommunications, higher education and manufacturing.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Pharmaceutical Company Inotiv Confirms Ransomware Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Indianabased pharmaceutical research company Inotiv has confirmed it suffered a ransomware attack, disrupting operations and compromising data.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Pharmaceutical Company Inotiv Confirms Ransomware Attack
Indiana-based pharmaceutical research company Inotiv has confirmed it suffered a ransomware attack, disrupting operations and compromising data
β€1
ποΈ Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zeroday outofbounds write vulnerability, tracked as CVE202543300, resides in the ImageIO framework that could result in memory corruption when processing a malicious image. "Apple is aware of a report that this issue may have been.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€3
ποΈ GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers are calling attention to multiple campaigns that leverage known security vulnerabilities and expose Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining infrastructure. The first set of attacks entails the exploitation of CVE202436401 CVSS score 9.8, a critical.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
π¦
SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh " dataimagecaption"Cyble SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh " datamediumfile"httpscyble.comwpcontentuploads202508CybleBlogsSikkahbot300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202508CybleBlogsSikkahbot.jpg" title"SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh 1" Executive Summary Cyble Research and Intelligence Labs CRIL has uncovered an ongoing Android malware tracker named "SikkahBot," active since July 2024 and explicitly targeting students in Bangladesh. Disguised as applications from the Bangladesh Education Board, the malware lures victims with promises of scholarships, coerces them into sharing sensitive information, and grants highr...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
SikkahBot Malware Campaign Defrauds Students In Bangladesh
Cyble Research and Intelligence Labs (CRIL) has uncovered βSikkahBotβ, a new Android malware campaign targeting students in Bangladesh since July 2024.
π Fake IT Support Attacks Hit Microsoft Teams π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Fake IT support lures are being used to trick employees into installing remoteaccess tools via Microsoft Teams.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fake IT Support Attacks Hit Microsoft Teams
Fake IT support lures are being used to trick employees into installing remoteβaccess tools via Microsoft Teams
π’ A notorious hacker group is ramping up cloud-based ransomware attacks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Storm0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpointbased attacks and toward cloudbased ransomware.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
A notorious hacker group is ramping up cloud-based ransomware attacks
In one attack, said Microsoft, the Storm-0501 group took advantage of protection and visibility gaps to pivot from on-premises to cloud
π¦
SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh " dataimagecaption"Cyble SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh " datamediumfile"httpscyble.comwpcontentuploads202508CybleBlogsSikkahbot300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202508CybleBlogsSikkahbot.jpg" title"SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh 1" Executive Summary Cyble Research and Intelligence Labs CRIL has uncovered an ongoing Android malware tracker named "SikkahBot," active since July 2024 and explicitly targeting students in Bangladesh. Disguised as applications from the Bangladesh Education Board, the malware lures victims with promises of scholarships, coerces them into sharing sensitive information, and grants highr...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
SikkahBot Malware Campaign Defrauds Students In Bangladesh
Cyble Research and Intelligence Labs (CRIL) has uncovered βSikkahBotβ, a new Android malware campaign targeting students in Bangladesh since July 2024.
π’ Hackers are abusing ConnectWise ScreenConnect, again π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A new spear phishing campaign has targeted more than 900 organizations with fake invitations from platforms like Zoom and Microsoft Teams.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Hackers are abusing ConnectWise ScreenConnect, again
The phishing campaign has targeted hundreds of organizations so far
π¦
SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh " dataimagecaption"Cyble SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh " datamediumfile"httpscyble.comwpcontentuploads202508CybleBlogsSikkahbot300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202508CybleBlogsSikkahbot.jpg" title"SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh 1" Executive Summary Cyble Research and Intelligence Labs CRIL has uncovered an ongoing Android malware tracker named "SikkahBot," active since July 2024 and explicitly targeting students in Bangladesh. Disguised as applications from the Bangladesh Education Board, the malware lures victims with promises of scholarships, coerces them into sharing sensitive information, and grants highr...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
SikkahBot Malware Campaign Defrauds Students In Bangladesh
Cyble Research and Intelligence Labs (CRIL) has uncovered βSikkahBotβ, a new Android malware campaign targeting students in Bangladesh since July 2024.
π¦
SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh " dataimagecaption"Cyble SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh " datamediumfile"httpscyble.comwpcontentuploads202508CybleBlogsSikkahbot300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202508CybleBlogsSikkahbot.jpg" title"SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh 1" Executive Summary Cyble Research and Intelligence Labs CRIL has uncovered an ongoing Android malware tracker named "SikkahBot," active since July 2024 and explicitly targeting students in Bangladesh. Disguised as applications from the Bangladesh Education Board, the malware lures victims with promises of scholarships, coerces them into sharing sensitive information, and grants highr...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
SikkahBot Malware Campaign Defrauds Students In Bangladesh
Cyble Research and Intelligence Labs (CRIL) has uncovered βSikkahBotβ, a new Android malware campaign targeting students in Bangladesh since July 2024.
π Netherlands Confirms China's Salt Typhoon Targeted Small Dutch Telcos π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Salt Typhoons primary Dutch targets were small internet service providers and hosting providers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Netherlands Confirms China's Salt Typhoon Targeted Small Dutch Telcos
Salt Typhoonβs primary Dutch targets were small internet service providers and hosting providers
π Fake IT Support Attacks Hit Microsoft Teams π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Fake IT support lures are being used to trick employees into installing remoteaccess tools via Microsoft Teams.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fake IT Support Attacks Hit Microsoft Teams
Fake IT support lures are being used to trick employees into installing remoteβaccess tools via Microsoft Teams
π’ A notorious hacker group is ramping up cloud-based ransomware attacks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Storm0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpointbased attacks and toward cloudbased ransomware.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
A notorious hacker group is ramping up cloud-based ransomware attacks
In one attack, said Microsoft, the Storm-0501 group took advantage of protection and visibility gaps to pivot from on-premises to cloud
π Netherlands Confirms China's Salt Typhoon Targeted Small Dutch Telcos π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Salt Typhoons primary Dutch targets were small internet service providers and hosting providers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Netherlands Confirms China's Salt Typhoon Targeted Small Dutch Telcos
Salt Typhoonβs primary Dutch targets were small internet service providers and hosting providers
π¦
SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh " dataimagecaption"Cyble SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh " datamediumfile"httpscyble.comwpcontentuploads202508CybleBlogsSikkahbot300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202508CybleBlogsSikkahbot.jpg" title"SikkahBot Malware Campaign Lures and Defrauds Students in Bangladesh 1" Executive Summary Cyble Research and Intelligence Labs CRIL has uncovered an ongoing Android malware tracker named "SikkahBot," active since July 2024 and explicitly targeting students in Bangladesh. Disguised as applications from the Bangladesh Education Board, the malware lures victims with promises of scholarships, coerces them into sharing sensitive information, and grants highr...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
SikkahBot Malware Campaign Defrauds Students In Bangladesh
Cyble Research and Intelligence Labs (CRIL) has uncovered βSikkahBotβ, a new Android malware campaign targeting students in Bangladesh since July 2024.
π Malicious VS Code Extensions Exploit Name Reuse Loophole π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Visual Studio Code extensions have been identified exploiting a loophole that allows reuse of names from removed packages.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Malicious VS Code Extensions Exploit Name Reuse Loophole
Visual Studio Code extensions have been identified exploiting a loophole that allows reuse of names from removed packages
π¦Ώ Google Identifies βWidespread Data Theftβ Impacting Salesforce-Salesloft Drift Users π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Google Threat Intelligence Group shared its findings about a threat actor responsible for stealing Salesforce customer data via Salesloft Drift.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Google Identifies βWidespread Data Theftβ Impacting Salesforce-Salesloft Drift Users
Google Threat Intelligence Group shared its findings about a threat actor responsible for stealing Salesforce customer data via Salesloft Drift.
π’ Hackers are abusing ConnectWise ScreenConnect, again π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A new spear phishing campaign has targeted more than 900 organizations with fake invitations from platforms like Zoom and Microsoft Teams.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Hackers are abusing ConnectWise ScreenConnect, again
The phishing campaign has targeted hundreds of organizations so far