ποΈ SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE202624423, carries a CVSS score of 9.3 out of 10.0. "SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile EPMM that have been exploited in zeroday attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency CISA to its Known Exploited Vulnerabilities KEV catalog. The criticalseverity vulnerabilities are listed below CVE20261281 CVSS score.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the opensource artificial intelligence AI deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries. These systems, which span both cloud and residential networks across the world, operate outside the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Google Disrupts Extensive Residential Proxy Networks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Google has taken coordinated action against the massive IPIDEA residential proxy network, enhancing customer protections and disrupting cybercrime operations.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π Operation Winter SHIELD: FBI Issues Call to Arms for Organizations to Improve Cybersecurity π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The FBI outlines ten actions which organizations can take to defend networks against cybercriminal and nationstate threats.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π France Fines National Employment Agency β¬5m Over 2024 Data Breach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The French data protection regulator said that France Travails response to a 2024 data breach violated GDPR.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π New CISA Guidance Targets Insider Threat Risks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
CISA urges action against insider threats with publication of a new infographic offering strategies to manage risks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π¦
ShadowHS: A Fileless Linux PostβExploitation Framework Built on a Weaponized hackshell π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Executive Summary Cyble Research Intelligence Labs CRIL has identified a Linux intrusion chain leveraging a highly obfuscated, fileless loader that deploys a weaponized variant of hackshell entirely from memory. Cyble tracks this activity under the name ShadowHS, reflecting its fileless execution model and lineage from the original hackshell utility. Unlike conventional Linux malware that emphasizes automated propagation or immediate monetization, this activity prioritizes stealth, operator safety, and longterm interactive control over compromised systems. The loader decrypts and executes its payload exclusively in memory, leaving no persistent binary artifacts on disk. Once active, the payload exposes an interactive postexploitation environment that aggressively fingerprints h...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Shadowhs-fileless-linux-post-exploitation-framework
Cyble uncovered ShadowHS, a stealthy fileless Linux framework running entirely in memory for covert, adaptive postβexploitation control.
β€2
π¦Ώ Comcast to Pay $117M in Security Breach Settlement π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The breach was linked to a vulnerability known as CitrixBleed, a flaw affecting Citrix NetScaler Application Delivery Controller and Gateway appliances. The post Comcast to Pay 117M in Security Breach Settlement appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Comcast to Pay $117M in Security Breach Settlement
The breach was linked to a vulnerability known as βCitrixBleed,β a flaw affecting Citrix NetScaler Application Delivery Controller and Gateway appliances.
π’ The FBI has seized the RAMP hacking forum, but will the takedown stick? History tells us otherwise π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Billing itself as the only place ransomware allowed", RAMP catered mainly for Russianspeaking cyber criminals.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
The FBI has seized the RAMP hacking forum, but will the takedown stick? History tells us otherwise
Billing itself as the βonly place ransomware allowed", RAMP catered mainly for Russian-speaking cyber criminals
π National Crime Agency and NatWest Issue Joint Warning Over Invoice Fraud Threat π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cyber fraudsters targeting corporate finance departments costs businesses millions a year.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ποΈ Badges, Bytes and Blackmail ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Behind the scenes of law enforcement in cyber what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction One view on the scattered fight against cybercrime The growing sophistication and diversification of cybercrime have compelled law enforcement agencies worldwide to respond through increasingly.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π New AI-Developed Malware Campaign Targets Iranian Protests π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The RedKitten campaign distributes lures designed to target people seeking information about missing persons or political dissidents in Iran.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π’ Former Google engineer convicted of economic espionage after stealing thousands of secret AI, supercomputing documents π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Linwei Ding told Chinese investors he could build a worldclass supercomputer.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Former Google engineer convicted of economic espionage after stealing thousands of secret AI, supercomputing documents
Linwei Ding told Chinese investors he could build a world-class supercomputer
ποΈ China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a new campaign attributed to a Chinalinked threat actor known as UAT8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services IIS servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currently.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker ID pnpchphmplpdimbllknjoiopmfphellj, which claims to be a tool to browse Amazon without any sponsored content. It was uploaded to the Chrome.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ CISAβs interim chief uploaded sensitive documents to a public version of ChatGPT β security experts explain why you should never do that π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The incident at CISA raises yet more concerns about the rise of shadow AI and data protection risks.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
CISAβs interim chief uploaded sensitive documents to a public version of ChatGPT β security experts explain why you should neverβ¦
The incident at CISA raises yet more concerns about the rise of βshadow AIβ and data protection risks
β€1
π’ CISAβs interim chief uploaded sensitive documents to a public version of ChatGPT β security experts explain why you should never do that π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The incident at CISA raises yet more concerns about the rise of shadow AI and data protection risks.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
CISAβs interim chief uploaded sensitive documents to a public version of ChatGPT β security experts explain why you should neverβ¦
The incident at CISA raises yet more concerns about the rise of βshadow AIβ and data protection risks
π’ CISAβs interim chief uploaded sensitive documents to a public version of ChatGPT β security experts explain why you should never do that π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The incident at CISA raises yet more concerns about the rise of shadow AI and data protection risks.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
CISAβs interim chief uploaded sensitive documents to a public version of ChatGPT β security experts explain why you should neverβ¦
The incident at CISA raises yet more concerns about the rise of βshadow AIβ and data protection risks
π NSA Publishes New Zero Trust Implementation Guidelines π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
NSA released new guidelines to help organizations achieve targetlevel Zero Trust maturity.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π Notepad++ Update Hijacking Linked to Hosting Provider Compromise π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A supply chain attack on Notepad update process was linked to compromised hosting infrastructure.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity