ποΈ Simple Steps for Attack Surface Reduction ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Story teaser text Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like denybydefault, MFA enforcement, and application Ringfencing can eliminate entire categories of risk. From disabling Office macros to blocking outbound server.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
ποΈ Google Fined $379 Million by French Regulator for Cookie Consent Violations ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The French data protection authority has fined Google and Chinese ecommerce giant Shein 379 million 325 million and 175 million 150 million, respectively, for violating cookie rules. Both companies set advertising cookies on users' browsers without securing their consent, the National Commission on Informatics and Liberty CNIL said. Shein has since updated its systems to comply with.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added two security flaws impacting TPLink wireless routers to its Known Exploited Vulnerabilities KEV catalog, noting that there is evidence of them being exploited in the wild. The vulnerabilities in question are listed below CVE202350224 CVSS score 6.5 An authentication bypass by spoofing vulnerability.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π GhostRedirector Emerges as New China-Aligned Threat Actor π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A newly identified hacking group named GhostRedirector has compromised 65 Windows servers using previously unknown tools.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
GhostRedirector Emerges as New China-Aligned Threat Actor
A newly identified hacking group named GhostRedirector has compromised 65 Windows servers using previously unknown tools
π North Korean Hackers Exploit Threat Intel Platforms For Phishing π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
North Korean hackers have been observed exploiting cyber threat intelligence platforms in a campaign targeting job seekers with malwarelaced lures.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
North Korean Hackers Exploit Threat Intel Platforms For Phishing
North Korean hackers have been observed exploiting cyber threat intelligence platforms in a campaign targeting job seekers with malware-laced lures
π CMS Provider Sitecore Patches Exploited Critical Zero Day π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Google Clouds Mandiant successfully disrupted an active ViewState deserialization attack affecting Sitecore deployments.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CMS Provider Sitecore Patches Exploited Critical Zero Day
Google Cloudβs Mandiant successfully disrupted an active ViewState deserialization attack affecting Sitecore deployments
π US and 14 Allies Release Joint Guidance on Software Bill of Materials π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The joint guidance is a welcome first step towards a common, global adoption of SBOMs, experts argued.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π Scattered Spider-Linked Group Claims JLR Cyber-Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
JLR said it is investigating following claims by the actor Scattered Lapsus Hunters that it had stolen data from the firm and had issued an extortion demand.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Scattered Spider-Linked Group Claims JLR Cyber-Attack
JLR said it is investigating following claims by the actor βScattered Lapsus$ Huntersβ that it had stolen data from the firm and had issued an extortion demand
π Threat Actors Abuse Hexstrike-AI Tool to Accelerate Exploitation π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Hackers are using legitimate red team tool HexstrikeAI to simplify and speed up vulnerability exploitation.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Threat Actors Abuse Hexstrike-AI Tool to Accelerate Exploitation
Hackers are using legitimate red team tool Hexstrike-AI to simplify and speed up vulnerability exploitation
π Healthcare Sector Takes 58 Days to Resolve Serious Vulnerabilities π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A new Cobalt study finds healthcare organizations among the slowest at resolving serious vulnerabilities.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Healthcare Sector Takes 58 Days to Resolve Serious Vulnerabilities
A new Cobalt study finds healthcare organizations among the slowest at resolving serious vulnerabilities
π Exabeam vs. The Field: 2025βs AI SOC Comparison π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Looking for Exabeam alternatives? High pricing at scale, SIEM baggage that never goes away, and blind spots in SaaS and identity are all legit reasons to shop around. Either way, there are lots of options for you. AI SOC startups are popping up like mushrooms after rain. Investment is flowing, promises are loud. But when The post Exabeam vs. The Field 2025s AI SOC Comparison appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Top 9 Exabeam Alternatives for AI SOCs in 2025
Compare Exabeam to 9 other AI SOC players in 2025. Explore pricing and the hard truths behind "autonomous" detection and response
π GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
ESET researchers have identified a new threat actor targeting Windows servers with a passive C backdoor and a malicious IIS module that manipulates Google search results.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes
ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results.
π¦
The Week in Vulnerabilities: Apple, Citrix Flaws Draw Threat Actor Interest π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
IT Vulnerabilities Recorded by Cyble " dataimagecaption"" datamediumfile"httpscyble.comwpcontentuploads202509ITVulnerabilitiesRecordedbyCyble300x150.webp" datalargefile"httpscyble.comwpcontentuploads202509ITVulnerabilitiesRecordedbyCyble.webp" title"The Week in Vulnerabilities Apple, Citrix Flaws Draw Threat Actor Interest 1" Cyble Vulnerability Intelligence researchers tracked 787 vulnerabilities in the last week, and more than 229 of the disclosed vulnerabilities already have publicly available ProofsofConcept PoCs. The exploitation rate just under 30 is at the high end of the 2030 range observed by Cyble in recent weeks. A total of 56 vulnerabilities were rated as critical under CVSS v3.1, while 43 received a critical severity rating based on the newer CVSS v4.0 scoring system....π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Top IT Vulnerabilities Tracked By Cyble This Week
Cyble tracked 787 IT vulnerabilities this week, including 229 with public PoCs. Learn about critical threats, active exploits, and urgent patch priorities.
ποΈ VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics SVG files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64encoded HTML phishing page masquerading as a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
ποΈ Automation Is Redefining Pentest Delivery ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Pentesting remains one of the most effective ways to identify realworld security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methodsstatic PDFs, emailed documents, and spreadsheetbased tracking. The problem? These outdated workflows introduce delays,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π 61% of US Companies Hit by Insider Data Breaches π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The OPSWAT report found that insider breaches cost impacted firms 2.7m on average due to factors such as regulatory fines and diminished productivity.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
61% of US Companies Hit by Insider Data Breaches
The OPSWAT report found that insider breaches cost impacted firms $2.7m on average due to factors such as regulatory fines and diminished productivity
β€1
π US and 14 Allies Release Joint Guidance on Software Bill of Materials π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The joint guidance is a welcome first step towards a common, global adoption of SBOMs, experts argued.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ποΈ SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A critical security vulnerability impacting SAP S4HANA, an Enterprise Resource Planning ERP software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE202542957 CVSS score 9.9, was fixed by SAP as part of its monthly updates last month. "SAP S4HANA allows an attacker with user privileges to exploit a vulnerability in the function module.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¨ NCSC statement: Incident impacting Jaguar Land Rover π¨
π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
Statement from the NCSC regarding the cyber incident affecting Jaguar Land Rover.π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
National Cyber Security Centre
NCSC statement: Incident impacting Jaguar Land Rover
Statement from the NCSC regarding the cyber incident affecting Jaguar Land Rover.
π macOS Stealer Campaign Uses βCrackedβ App Lures to Bypass Apple Security π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Trend Micro observed the attackers using terminalbased installation methods for the AMOS malware, luring macOS users into installing cracked versions of apps.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
macOS Stealer Campaign Uses βCrackedβ App Lures to Bypass Apple Security
Trend Micro observed the attackers using terminal-based installation methods for the AMOS malware, luring macOS users into installing cracked versions of apps
π Dropzone AI Against 11 Rivals: AI SOC Showdown 2025 π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Running a Tesla on autopilot in LA is fine. In a warzone, though? Youd not give it a chance. Yet some companies switch cybersecurity onto autopilot with AI SOC, reducing human oversight to zero. One of those AI SOC startups is Dropzone AI, but rivals are lining up. Lets see which Dropzone AI competitors are The post Dropzone AI Against 11 Rivals AI SOC Showdown 2025 appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Top 11 Dropzone AI Competitors & Alternatives in the AI SOC Market (2025)
Compare Dropzone AI company with top AI SOC competitors in 2025. Learn strengths, limits, and why hybrid SOCs beat full-autonomy.