π Grafana Labs Says Code Breach Stemmed from TanStack Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack
βοΈ Lawmakers Demand Answers as CISA Tries to Contain Data Leak βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity Infrastructure Security Agency CISA after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of otherβ¦
β€1
ποΈ Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Belarusaligned threat actor known as Ghostwriter aka UAC0057 and UNC1151Ukraine's National Security and Defense Council has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine CERTUA, involves sending phishing emails to government.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Hackers are turning up at law firms to gain physical access to machines π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The FBI is warning companies to look out for fake IT staff.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Hackers are turning up at law firms to gain physical access to machines
The FBI is warning companies to look out for fake IT staff
π’ UK wants an AI-powered anti-hacking system π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
GCHQ is building a national cyber defence capability powered by AI though it may take five years.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
UK wants an AI-powered anti-hacking system
GCHQ is building a national cyber defence capability powered by AI β though it may take five years
π¦Ώ ShinyHunters Alleges 42M Records Stolen from Charter Communications π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Charter confirmed a cyber incident after ShinyHunters claimed it stole Spectrum customer data through vishing and SaaS account access. The post ShinyHunters Alleges 42M Records Stolen from Charter Communications appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
π¦Ώ Krispy Kreme Settlement Deadline Nears: Eligible Members Could Claim Up to $3,500 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Krispy Kreme data breach settlement claims are due June 22. See who qualifies, payment options, key deadlines, and what eligible people need to file. The post Krispy Kreme Settlement Deadline Nears Eligible Members Could Claim Up to 3,500 appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
π¦Ώ FBI Warns Companies About Ransom Gangβs Fake IT Support Tactics π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The FBI warns Silent Ransom Group is targeting US law firms with phishing, fake IT calls, and inperson visits to steal data for extortion. The post FBI Warns Companies About Ransom Gangs Fake IT Support Tactics appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
FBI Warns Companies About Ransom Gangβs Fake IT Support Tactics
The FBI warns Silent Ransom Group is targeting US law firms with phishing, fake IT calls, and in-person visits to steal data for extortion.
π¦Ώ Apple May Bring Android-Style Theft Detection to iPhones π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Apple is reportedly testing an iPhone antisnatching feature that would lock stolen devices using motion signals and checks for familiar locations. The post Apple May Bring AndroidStyle Theft Detection to iPhones appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Apple May Bring Android-Style Theft Detection to iPhones
Apple is reportedly testing an iPhone anti-snatching feature that would lock stolen devices using motion signals and checks for familiar locations.
π¦Ώ Googleβs $135M Android Privacy Settlement: Who May Be Eligible π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Googles 135 million Android settlement could pay eligible US users who used Android devices with cellular data since November 2017. The post Googles 135M Android Privacy Settlement Who May Be Eligible appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
ποΈ Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A critical security vulnerability has been disclosed in Gogs, a popular opensource selfhosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier. "The vulnerability allows any authenticated user to achieve remote code execution RCE on.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors are continuing to exploit a critical, nowpatched security flaw impacting FortiClient Endpoint Management Server EMS deployments to deliver credentialstealing malware. "The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints," Arctic Wolf said. "Threat actors disguised the credential stealer payload as a Fortinet endpoint.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure CVD, urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a researcher named Chaotic Eclipse aka NightmareEclipse disclosed details of multiple zeroday.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Every time you think the industry has finally stopped doing some reckless, loweffort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled socialengineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now meanwhile some researcher casually drops a technique that turns a "minor" foothold into total account.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users" ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
State of AI Usage Report 2026 full report here by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily concentrated among a small group of AI power users and a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitmentthemed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CICD infrastructure," Wiz researchers Shira Ayal,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π What to consider before asking an AI chatbot for health advice π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Heres whats at stake and how to stay safe.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
What to consider before asking an AI chatbot for health advice
Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Hereβs whatβs at stake and how to stay safe.
π BTMOB: A stealthy RAT burrowing deep into Android devices π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
The malware pairs remote access capabilities with readymade campaign tools, lowering the barrier for full device compromise.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
BTMOB: A stealthy RAT burrowing deep into Android devices
The BTMOB malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise.
π Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise π
π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data.π Read more.
π Via "ESET - WeLiveSecurity"
----------
ποΈ Seen on @cibsecurity
Welivesecurity
Foul play: Scams target soccer fans with fake World Cup tickets, merchandise
Watch out for bogus FIFA World Cup-themed websites that mimic official ticket and merchandise flows to steal money and personal data.
π Attackers Move Past Typosquatting to Realistic Package Impersonation π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Most malicious open source packages now mimic real code rather than rely on typosquatting.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Attackers Move Past Typosquatting to Realistic Package Impersonation
Most malicious open source packages now mimic real code rather than rely on typosquatting
π Microsoft Condemns "Uncoordinated" Zero Day Disclosures π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft warned the disclosure of several unpatched vulnerabilities without notice has put customers at unnecessary risk.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft Condemns
Microsoft warned the disclosure of several unpatched vulnerabilities without notice has put βcustomers at unnecessary riskβ