π Fileless Malware Deploys Advanced RAT via Legitimate Tools π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A sophisticated fileless malware campaign has been observed using legitimate tools to deliver AsyncRAT executed in memory.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fileless Malware Deploys Advanced RAT via Legitimate Tools
A sophisticated fileless malware campaign has been observed using legitimate tools to deliver AsyncRAT executed in memory
ποΈ Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity C2PA standard out of the box to verify the origin and history of digital content. To that end, support for C2PA's Content Credentials has been added to Pixel Camera and Google Photos apps for Android. The move, Google said, is designed to further digital media.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π1
ποΈ Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
U.S. Senator Ron Wyden has called on the Federal Trade Commission FTC to probe Microsoft and hold it responsible for what he called "gross cybersecurity negligence" that enabled ransomware attacks on U.S. critical infrastructure, including against healthcare networks. "Without timely action, Microsoft's culture of negligent cybersecurity, combined with its de facto monopolization of the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π CISA Launches Roadmap for the CVE Program π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US cybersecurity agency called for the CVE program to remain publicly maintained and vendorneutral while emphasizing the need for broader engagement.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CISA Launches Roadmap for the CVE Program
The US cybersecurity agency called for the CVE program to remain publicly maintained and vendor-neutral while emphasizing the need for broader engagement
βοΈ Bulletproof Host Stark Industries Evades EU Sanctions βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlinlinked cyberattacks and disinformation campaigns. But new data shows those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Bulletproof Host Stark Industries Evades EU Sanctions
In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacksβ¦
π Are cybercriminals hacking your systems β or just logging in? π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
As bad actors often simply waltz through companies digital front doors with a key, heres how to keep your own door firmly locked tight.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Are cybercriminals hacking your systems β or just logging in?
As bad actors often simply waltz through companiesβ digital front doors with a key, hereβs how to keep your own door firmly locked tight.
ποΈ Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A security weakness has been disclosed in the artificial intelligence AIpowered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program. The issue stems from the fact that an outofthebox security setting is disabled by default, opening the door for attackers to run arbitrary code on users' computers with their privileges. ".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ How to check if youβve been affected by Salesforce attacks β and stop hackers dead in their tracks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The FBI has issued a fresh advisory over the threat posed to Salesforce customers by two threat groups. Here's how you can stay safe and mitigate any risks.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
How to check if youβve been affected by Salesforce attacks β and stop hackers dead in their tracks
The FBI has detailed steps enterprises can take to prevent falling victim to Salesforce attacks
ποΈ 6 Browser-Based Attacks Security Teams Need to Prepare For Right Now ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, well explore what a browserbased attack is, and why theyre proving to be so effective. What is a browserbased attack? First, its important to establish what a browserbased attack is. In most scenarios, attackers dont think of themselves as attacking your web browser.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ β‘ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
In a world where threats are persistent, the modern CISOs real job isn't just to secure technologyit's to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AIdriven attacks, the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new artificial intelligence AIpowered penetration testing tool linked to a Chinabased company has attracted nearly 11,000 downloads on the Python Package Index PyPI repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a red teaming.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Chinesespeaking users are the target of a search engine optimization SEO poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet FortiGuard Labs researcher Pei Han Liao said. "By using convincing language and small character.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π AI-Forged Military IDs Used in North Korean Phishing Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Genians observed the Kimsuky group impersonate a defense institution in a spearphishing attack, leveraging ChatGPT to create fake military ID cards.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
AI-Forged Military IDs Used in North Korean Phishing Attack
Genians observed the Kimsuky group impersonate a defense institution in a spear-phishing attack, leveraging ChatGPT to create fake military ID cards
π CISA at Risk After OIG Accuses it of Wasting Federal Funds π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
US Department of Homeland Security OIG claims CISA mismanaged a key cyber retention incentive program.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CISA at Risk After OIG Accuses it of Wasting Federal Funds
US Department of Homeland Security OIG claims CISA mismanaged a key cyber retention incentive program
π Phishing Campaigns Drop RMM Tools for Remote Access π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Threat actors are using multiple lures to trick users into installing RMM tools.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Phishing Campaigns Drop RMM Tools for Remote Access
Threat actors are using multiple lures to trick users into installing RMM tools
π¦
Inside MaranhΓ£o Stealer: Node.js-Powered InfoStealer Using Reflective DLL Injection π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Executive Summary CRIL identified an active Maranho Stealer campaign that is being distributed through social engineering websites hosted on cloud platforms. Current intelligence indicates that the malware has been active since May 2025 and is actively being developed. Available intelligence shows the malware has been active since May 2025 and is undergoing ongoing development. The threat actors primarily target gaming users by distributing gamingrelated links, cheats, and pirated software downloads. e.g., hxxpsderelictsgame.inDerelictSetup.zip. The ZIP archives include an Inno Setup installer, which launches a Node.jscompiled binary responsible for exfiltrating credentials. Key takeaways Maranho Stealer is actively spreading through social engineering websites that distribut...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Inside MaranhΓ£o Stealer: Node.js-Powered InfoStealer
Cyble Research & Intelligence Labs detected MaranhΓ£o Stealer, a Node.jsβbased credential stealer leveraging reflective DLL injection.
π SEO Poisoning Targets Chinese Users with Fake Software Sites π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
SEO poisoning attack has been observed targeting Chinese Windows users via lookalike domains, installing Hiddengh0st and Winos.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
SEO Poisoning Targets Chinese Users with Fake Software Sites
SEO poisoning attack has been observed targeting Chinese Windows users via lookalike domains, installing Hiddengh0st and Winos
π¦Ώ Skip Geo-Blocks, Not Security with This Lifetime $50 DNS & VPN π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Unlock 500 channels and secure your browsing with Getflix Smart DNS VPN lifetime access a 66 savings.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Skip Geo-Blocks, Not Security with This Lifetime $50 DNS & VPN
Unlock 500+ channels and secure your browsing with Getflix Smart DNS & VPN lifetime accessβa 66% savings.
π HybridPetya Mimics NotPetya, Adds UEFI Compromise π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
HybridPetya ransomware mimics PetyaNotPetya, with an added UEFI bootkit and Secure Boot bypass.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
HybridPetya Mimics NotPetya, Adds UEFI Compromise
HybridPetya ransomware mimics Petya/NotPetya, with an added UEFI bootkit and Secure Boot bypass
ποΈ Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Chinaaligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. "The worm only executes on devices with Thailandbased IP addresses and drops the Yokai backdoor," IBM XForce researchers Golo Mhr and Joshua Chung said in an analysis published last week. The tech giant's.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function NpmModule.updatePackage that downloads a package tarball, modifies package.json, injects a local script bundle.js, repacks the archive, and republishes it, enabling.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity