π Are cybercriminals hacking your systems β or just logging in? π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
As bad actors often simply waltz through companies digital front doors with a key, heres how to keep your own door firmly locked tight.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Are cybercriminals hacking your systems β or just logging in?
As bad actors often simply waltz through companiesβ digital front doors with a key, hereβs how to keep your own door firmly locked tight.
ποΈ Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A security weakness has been disclosed in the artificial intelligence AIpowered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program. The issue stems from the fact that an outofthebox security setting is disabled by default, opening the door for attackers to run arbitrary code on users' computers with their privileges. ".π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ How to check if youβve been affected by Salesforce attacks β and stop hackers dead in their tracks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The FBI has issued a fresh advisory over the threat posed to Salesforce customers by two threat groups. Here's how you can stay safe and mitigate any risks.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
How to check if youβve been affected by Salesforce attacks β and stop hackers dead in their tracks
The FBI has detailed steps enterprises can take to prevent falling victim to Salesforce attacks
ποΈ 6 Browser-Based Attacks Security Teams Need to Prepare For Right Now ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, well explore what a browserbased attack is, and why theyre proving to be so effective. What is a browserbased attack? First, its important to establish what a browserbased attack is. In most scenarios, attackers dont think of themselves as attacking your web browser.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ β‘ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
In a world where threats are persistent, the modern CISOs real job isn't just to secure technologyit's to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AIdriven attacks, the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new artificial intelligence AIpowered penetration testing tool linked to a Chinabased company has attracted nearly 11,000 downloads on the Python Package Index PyPI repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes. Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a red teaming.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Chinesespeaking users are the target of a search engine optimization SEO poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet FortiGuard Labs researcher Pei Han Liao said. "By using convincing language and small character.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π AI-Forged Military IDs Used in North Korean Phishing Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Genians observed the Kimsuky group impersonate a defense institution in a spearphishing attack, leveraging ChatGPT to create fake military ID cards.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
AI-Forged Military IDs Used in North Korean Phishing Attack
Genians observed the Kimsuky group impersonate a defense institution in a spear-phishing attack, leveraging ChatGPT to create fake military ID cards
π CISA at Risk After OIG Accuses it of Wasting Federal Funds π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
US Department of Homeland Security OIG claims CISA mismanaged a key cyber retention incentive program.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CISA at Risk After OIG Accuses it of Wasting Federal Funds
US Department of Homeland Security OIG claims CISA mismanaged a key cyber retention incentive program
π Phishing Campaigns Drop RMM Tools for Remote Access π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Threat actors are using multiple lures to trick users into installing RMM tools.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Phishing Campaigns Drop RMM Tools for Remote Access
Threat actors are using multiple lures to trick users into installing RMM tools
π¦
Inside MaranhΓ£o Stealer: Node.js-Powered InfoStealer Using Reflective DLL Injection π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Executive Summary CRIL identified an active Maranho Stealer campaign that is being distributed through social engineering websites hosted on cloud platforms. Current intelligence indicates that the malware has been active since May 2025 and is actively being developed. Available intelligence shows the malware has been active since May 2025 and is undergoing ongoing development. The threat actors primarily target gaming users by distributing gamingrelated links, cheats, and pirated software downloads. e.g., hxxpsderelictsgame.inDerelictSetup.zip. The ZIP archives include an Inno Setup installer, which launches a Node.jscompiled binary responsible for exfiltrating credentials. Key takeaways Maranho Stealer is actively spreading through social engineering websites that distribut...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Inside MaranhΓ£o Stealer: Node.js-Powered InfoStealer
Cyble Research & Intelligence Labs detected MaranhΓ£o Stealer, a Node.jsβbased credential stealer leveraging reflective DLL injection.
π SEO Poisoning Targets Chinese Users with Fake Software Sites π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
SEO poisoning attack has been observed targeting Chinese Windows users via lookalike domains, installing Hiddengh0st and Winos.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
SEO Poisoning Targets Chinese Users with Fake Software Sites
SEO poisoning attack has been observed targeting Chinese Windows users via lookalike domains, installing Hiddengh0st and Winos
π¦Ώ Skip Geo-Blocks, Not Security with This Lifetime $50 DNS & VPN π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Unlock 500 channels and secure your browsing with Getflix Smart DNS VPN lifetime access a 66 savings.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Skip Geo-Blocks, Not Security with This Lifetime $50 DNS & VPN
Unlock 500+ channels and secure your browsing with Getflix Smart DNS & VPN lifetime accessβa 66% savings.
π HybridPetya Mimics NotPetya, Adds UEFI Compromise π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
HybridPetya ransomware mimics PetyaNotPetya, with an added UEFI bootkit and Secure Boot bypass.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
HybridPetya Mimics NotPetya, Adds UEFI Compromise
HybridPetya ransomware mimics Petya/NotPetya, with an added UEFI bootkit and Secure Boot bypass
ποΈ Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Chinaaligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. "The worm only executes on devices with Thailandbased IP addresses and drops the Yokai backdoor," IBM XForce researchers Golo Mhr and Joshua Chung said in an analysis published last week. The tech giant's.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function NpmModule.updatePackage that downloads a package tarball, modifies package.json, injects a local script bundle.js, repacks the archive, and republishes it, enabling.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A team of academics from ETH Zrich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 DDR5 memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix CVE20256202, CVSS score 7.1, is capable of bypassing sophisticated protection mechanisms put in place to resist the attack. "We have proven that.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ This DeepSeek-powered pen testing tool could be a Cobalt Strike successor β and hackers have downloaded it 10,000 times since July π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Villager, a tool developed by a Chinabased red team project known as Cyberspike, is being used to automate attacks under the guise of penetration testing.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
This DeepSeek-powered pen testing tool could be a Cobalt Strike successor β and hackers have downloaded it 10,000 times since July
βVillagerβ is a China-developed tool that can dynamically adapt attacks to breach the domains and devices of victims
π’ NinjaOne expands availability on CrowdStrike Marketplace π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
CrowdStrike Falcon customers now have simplified access to NinjaOnes automated endpoint management capabilities.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
NinjaOne expands availability on CrowdStrike Marketplace
CrowdStrike Falcon customers now have simplified access to NinjaOneβs automated endpoint management capabilities
π’ Hackers behind Jaguar Land Rover announce their 'retirement' β should we believe them? π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Is this really the end for Scattered Lapsus Hunters?.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Hackers behind Jaguar Land Rover announce their 'retirement' β should we believe them?
Is this really the end for Scattered Lapsus$ Hunters?
ποΈ Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE202543300 CVSS score 8.8, an outofbounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. "Apple is aware of a report that this issue may have been exploited in an.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity