ποΈ AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors are using adversaryinthemiddle AitM phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware. "TikTok has been historically abused to distribute.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ We Are At War ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Rising geopolitical tensions are reflected or in some cases preceded by cyber operations, while technology itself has become politicized. Lets admit it we are in the middle of it. Introduction One tech power to rule them all is a thing of the past The relative safety, peace and prosperity that much of the world has enjoyed since 1945 was not accidental. It emerged from the ashes.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A proUkrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. "Bearlyfy also known as Labubu operates as a dualpurpose group aimed at inflicting maximum damage upon Russian businesses.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are opensource frameworks that are used to build applications powered by Large Language Models LLMs. LangGraph is built on the foundations of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credentialstealing malware.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
QDay and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its postquantum cryptography migration.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The UK government has sanctioned Xinbi, described as the secondlargest illicit online marketplace ever.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
UK Cracks Down on Chinese Crypto Marketplace for Funding Scam Hubs
The UK government has sanctioned Xinbi, described as βthe second-largest illicit online marketplace everβ
π¦
Chinaβs APT41 and the Expanding Enterprise Attack Surface: What Security Teams Must Prepare For π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
The modern enterprise attack surface is no longer confined to corporate networks and endpoints it now stretches across cloud workloads, supply chains, remote devices, and even operational technology environments. Within this fragmented landscape, the activities of the APT41 threat group stand out as a signal of how hackers and adversaries are adapting. Known for blending statesponsored espionage with financially motivated operations, APT41 represents a dualpurpose threat model that security teams can no longer afford to treat as an edge case. Understanding APT41s Hybrid Threat Model Unlike many threat actors that operate with a singular objective, China APT41 cyberattacks are notable for their breadth of intent. Active since 2012, the group has consistently targeted industries r...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
APT41 Threat Group: Enterprise Risk & Attack Surface
APT41 blends espionage and cybercrime, exploiting modern attack surfaces. Learn risks, tactics, and how to strengthen enterprise defenses.
π¦Ώ AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
See what you missed in Daily Tech Insider from March 2327. The post AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech
This weekβs tech news saw AI tools surge across major platforms as breaches, exploits, legal battles, and security updates kept the industryβs growing pains in full view.
π New Wave of AiTM Phishing Targets TikTok for Business π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
ποΈ TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index PyPI repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file. Users are.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of webbased attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting outofdate iOS software, including the version on your iPhone. Install this critical update to protect your iPhone," the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π AI SOC Guide: Architecture, Capabilities, Pricing, and Migration Playbook π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
AI SOC guide autonomous triage, humanAI collaboration, compliance automation, and realworld use cases. Built for IT Directors. Discover how. The post AI SOC Guide Architecture, Capabilities, Pricing, and Migration Playbook appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
AI SOC Guide: Architecture, Capabilities, Pricing, and Migration Playbook
AI SOC guide: autonomous triage, human-AI collaboration, compliance automation, and real-world use cases. Built for IT Directors. Discover how.
β€2
ποΈ Iran-Linked Hackers Breach FBI Directorβs Personal Email, Hit Stryker With Wiper Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation FBI, and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel "will now find his name among the list of successfully hacked victims." In a statement.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Iran-Linked Hackers Breach FBI Directorβs Personal Email, Hit Stryker With Wiper Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation FBI, and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel "will now find his name among the list of successfully hacked victims." In a statement.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE20263055 CVSS score 9.3, refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information. Per.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian statesponsored threat group known as TA446, which is also tracked by the broader cybersecurity community under the monikers Callisto,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
ποΈ CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a critical security flaw impacting F5 BIGIP Access Policy Manager APM to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability in question is CVE202553521 CVSS v4 score 9.3, which could allow a threat actor to achieve remote code execution. "When a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content," the cybersecurity company said in.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Cybercriminals Exploit Tax Season With New Phishing Tactics π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Taxseason phishing floods deliver RMM malware, credential theft, BEC and taxform scams.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Cybercriminals Exploit Tax Season With New Phishing Tactics
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
β€2
π¦Ώ Android Alert: 50 Google Play Apps Linked to βNoVoiceβ Malware Reached 2.3M Downloads π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
NoVoice malware was found in 50 Android apps on Google Play, with 2.3 million downloads, by bypassing detection and targeting outdated devices. The post Android Alert 50 Google Play Apps Linked to NoVoice Malware Reached 2.3M Downloads appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Android Alert: 50 Google Play Apps Linked to βNoVoiceβ Malware Reached 2.3M Downloads
NoVoice malware was found in 50 Android apps on Google Play, with 2.3 million downloads, by bypassing detection and targeting outdated devices.