ποΈ UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An Irannexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitmentthemed activity on LinkedIn. Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It's assessed to be affiliated with Iran's Islamic.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Getting a grip on digital identity π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
As AI agent adoption explodes, security leaders will need better identity controls than ever before.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Getting a grip on digital identity
As AI agent adoption explodes, security leaders will need better identity controls than ever before
ποΈ DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to the Democratic People's Republic of Korea aka DPRK or North Korea have been observed leveraging ClickFixstyle lures to deliver a known malware called BeaverTail and InvisibleFerret. "The threat actor used ClickFix lures to target marketing and trader roles in cryptocurrency and retail sector organizations rather than targeting software development roles," GitLab.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malwarelaced programs masquerading as legitimate tools. "In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware," researchers Alex Cox, Mike Kosak, and.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware that bakes in Large Language Model LLM capabilities. The malware has been codenamed MalTerminal by SentinelOne SentinelLABS research team. The findings were presented at the LABScon 2025 security conference. In a report examining the malicious use of LLMs, the cybersecurity company said.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed a zeroclick flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak sensitive Gmail inbox data with a single crafted email without any user action. The new class of attack has been codenamed ShadowLeak by Radware. Following responsible disclosure on June 18, 2025, the issue was addressed by OpenAI in early August. "The attack.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to the Democratic People's Republic of Korea aka DPRK or North Korea have been observed leveraging ClickFixstyle lures to deliver a known malware called BeaverTail and InvisibleFerret. "The threat actor used ClickFix lures to target marketing and trader roles in cryptocurrency and retail sector organizations rather than targeting software development roles," GitLab.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to the Democratic People's Republic of Korea aka DPRK or North Korea have been observed leveraging ClickFixstyle lures to deliver a known malware called BeaverTail and InvisibleFerret. "The threat actor used ClickFix lures to target marketing and trader roles in cryptocurrency and retail sector organizations rather than targeting software development roles," GitLab.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to the Democratic People's Republic of Korea aka DPRK or North Korea have been observed leveraging ClickFixstyle lures to deliver a known malware called BeaverTail and InvisibleFerret. "The threat actor used ClickFix lures to target marketing and trader roles in cryptocurrency and retail sector organizations rather than targeting software development roles," GitLab.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to the Democratic People's Republic of Korea aka DPRK or North Korea have been observed leveraging ClickFixstyle lures to deliver a known malware called BeaverTail and InvisibleFerret. "The threat actor used ClickFix lures to target marketing and trader roles in cryptocurrency and retail sector organizations rather than targeting software development roles," GitLab.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A critical token validation failure in Microsoft Entra ID previously Azure Active Directory could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE202555241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A critical token validation failure in Microsoft Entra ID previously Azure Active Directory could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE202555241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
π¨ NCSC statement: Incident impacting Collins Aerospace π¨
π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
Statement from the NCSC regarding the cyber incident affecting Collins Aerospace.π Read more.
π Via "UK NCSC"
----------
ποΈ Seen on @cibsecurity
www.ncsc.gov.uk
NCSC statement: Incident impacting Collins Aerospace
Statement from the NCSC regarding the cyber incident affecting Collins Aerospace.
ποΈ Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A critical token validation failure in Microsoft Entra ID previously Azure Active Directory could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE202555241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A critical token validation failure in Microsoft Entra ID previously Azure Active Directory could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE202555241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ A terrifying Microsoft flaw couldβve allowed hackers to compromise βevery Entra ID tenant in the worldβ π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Entra ID vulnerability could have allowed full access to virtually all Azure customer accounts.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
A terrifying Microsoft flaw couldβve allowed hackers to compromise βevery Entra ID tenant in the worldβ
The Entra ID vulnerability could have allowed full access to virtually all Azure customer accounts
π’ A cyber attack has caused chaos at airports across Europe β here's everything we know so far π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Passengers at a string of European airports faced severe disruption.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
A cyber attack has caused chaos at airports across Europe β here's everything we know so far
Passengers at a string of European airports faced severe disruption
π¦Ώ Google Touts βBiggest Upgrade to Chrome in Its Historyβ With Gemini AI π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Google embeds Gemini into Chrome in what it calls the browsers biggest upgrade, adding features to summarize pages, combat scams, and simplify browsing. The post Google Touts Biggest Upgrade to Chrome in Its History With Gemini AI appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Google Touts βBiggest Upgrade to Chrome in Its Historyβ With Gemini AI
Google embeds Gemini into Chrome in what it calls the browserβs biggest upgrade, adding features to summarize pages, combat scams, and simplify browsing.
ποΈ β‘ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The security landscape now moves at a pace no patch cycle can match. Attackers arent waiting for quarterly updates or monthly fixesthey adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrows breach. This weeks recap explores the trends driving that constant churn how threat.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ How to Gain Control of AI Agents and Non-Human Identities ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
We hear this a lot Weve got hundreds of service accounts and AI agents running in the background. We didnt create most of them. We dont know who owns them. How are we supposed to secure them? Every enterprise today runs on more than users. Behind the scenes, thousands of nonhuman identities, from service accounts to API tokens to AI agents, access systems, move data, and execute tasks.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Major Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
MITRE said it understands why Microsoft, SentinelOne and Palo Alto pulled out of its 2025 of ATTCK Evaluations test and promises to do better next year.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test
MITRE said it understands why Microsoft, SentinelOne and Palo Alto pulled out of its 2025 of ATT&CK Evaluations test β and promises to do better next year