π Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Russialinked hacking group Fancy Bear is exploiting a brandnew vulnerability in Microsoft Office, CERTUA says.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says
π¦
Desperate Perth Renters Targeted by Rising Australian Housing Scam π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
For many residents in Perth, finding a rental has become a highstakes challenge. As demand for housing surges, a troubling trend has just been revealed. An Australian housing scam preying on renters who are willing to stretch every dollar to secure a roof over their heads. These rent scams, often orchestrated by individuals posing as private landlords on online platforms like Facebook Marketplace, have left victims financially and emotionally drained. The scheme typically begins with a seemingly genuine rental listing. Scammers steal photos from legitimate properties and post them online, offering rent well below the market rate. In Perth, median rental prices are at historic highs, with houses averaging 700 per week and units 670. Scammers exploit this stress by pitching exclusive...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Perth Renters Warned About Australian Housing Scam
The Australian housing scam is hitting Perth hard. Government advises on spotting fake landlords, avoid scams, and protect your rent in Australia.
π Cybercrime Unit of Paris Prosecutors Raid Elon Muskβs X Offices in France π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Elon Musk and Xs former CEO were summoned for voluntary interviews in Paris on April 20, 2026.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Paris Prosecutors Raid Elon Muskβs X Offices in France
Elon Musk and Xβs former CEO were summoned for voluntary interviews in Paris on April 20, 2026
β€1
π¦
The Week in Vulnerabilities: Open-Sources Fixes Urged by Cyble π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble Vulnerability Intelligence researchers tracked 1,147 vulnerabilities in the last week, and more than 128 of the disclosed vulnerabilities already have a publicly available ProofofConcept PoC, significantly increasing the likelihood of realworld attacks. A total of 108 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 54 received a critical severity rating based on the newer CVSS v4.0 scoring system. Below are some of the IT vulnerabilities flagged by Cyble threat intelligence researchers for prioritization by security teams in recent reports to clients. The Weeks Top IT Vulnerabilities Cybles network of honeypot sensors detected attack attempts on CVE202568613, a critical remote code execution flaw in the n8n opensource workflow automat...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Top IT Vulnerabilities This Week | Cyble Threat Intelligence
Cyble tracked 1,147 vulnerabilities this week, including 128 with PoCs. Critical flaws demand immediate attention from security teams.
π Researchers Warn of New βVectβ RaaS Variant π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A new ransomwareasaservice operation dubbed Vect features custom malware.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ποΈ [Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Most security teams today are buried under tools. Too many dashboards. Too much noise. Not enough real progress. Every vendor promises complete coverage or AIpowered automation, but inside most SOCs, teams are still overwhelmed, stretched thin, and unsure which tools are truly pulling their weight. The result? Bloated stacks, missed signals, and mounting pressure to do more with less. This.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "reactnativecommunitycli" npm package. Cybersecurity company VulnCheck said it first observed exploitation of CVE202511953 aka Metro4Shell on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π UK ICO Launches Investigation into X Over AI Generated Non-Consensual Sexual Imagery π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
UK Data Protection Watchdog has serious concerns over data privacy on Elon Musks social platform.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon
π SQL Injection Flaw Affects 40,000 WordPress Sites π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
40,000 WordPress sites are vulnerable to SQL injection in Quiz and Survey Master plugin.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
β€1
π’ Google issues warning over ShinyHunters-branded vishing campaigns π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Related groups are stealing data through voice phishing and fake credential harvesting websites.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Google issues warning over ShinyHunters-branded vishing campaigns
Related groups are stealing data through voice phishing and fake credential harvesting websites
π’ The CVE system isnβt working β what's next? π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
With 2025's funding issues underlining key issues with the CVE system, what should businesses be doing to source intelligence about security vulnerabilities?.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
The CVE system isnβt working β what's next?
With 2025's funding issues underlining key issues with the CVE system, what should businesses be doing to source intelligence about security vulnerabilities?
π¦Ώ Windows Shutdown Bug Spreads to Windows 10, Microsoft Confirms π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsoft confirms a Windows bug preventing some PCs from shutting down or hibernating after January 2026 updates. A fix is still pending. The post Windows Shutdown Bug Spreads to Windows 10, Microsoft Confirms appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Windows Shutdown Bug Spreads to Windows 10, Microsoft Confirms
Microsoft confirms a Windows bug preventing some PCs from shutting down or hibernating after January 2026 updates. A fix is still pending.
π¦Ώ Chrome Add-On Caught Stealing Amazon Commissions π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
A Chrome extension posing as an Amazon ad blocker was caught hijacking affiliate links in the background, redirecting commissions without user consent. The post Chrome AddOn Caught Stealing Amazon Commissions appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Chrome Add-On Caught Stealing Amazon Commissions
A Chrome extension posing as an Amazon ad blocker was caught hijacking affiliate links in the background, redirecting commissions without user consent.
π¦Ώ New Microsoft Update Improves Windows Sign-In Experience π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Windows 11s optional KB5074105 update fixes the missing password icon bug linked to August 29, 2025s KB5064081 and delivers 32 improvements. The post New Microsoft Update Improves Windows SignIn Experience appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
New Microsoft Update Improves Windows Sign-In Experience
Windows 11βs optional KB5074105 update fixes the missing password icon bug linked to August 29, 2025βs KB5064081 and delivers 32 improvements.
ποΈ China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker AmaranthDragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Orchid Security Introduces Continuous Identity Observability for Enterprise Applications ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge Identity Lives Outside the Identity Stack Identity and access management tools were built to govern users and directories. Modern enterprises run on applications. Over time, identity logic has moved into application code, APIs, service accounts, and custom authentication.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ The First 90 Seconds: How Early Decisions Shape Incident Response Investigations ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I have also seen teams lose control of investigations they should have been able to handle. The.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has warned that informationstealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging crossplatform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it observed macOStargeted infostealer campaigns using social engineering techniques such as ClickFix since.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code VS Code extensions are published to the opensource repository to combat supply chain threats. The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don't end up getting published on the Open VSX Registry.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk WHD to its Known Exploited Vulnerabilities KEV catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE202540551 CVSS score 9.8, is a untrusted data deserialization vulnerability that could pave the way for remote.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity