23174
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
🦿 Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters 🦿FBI warns computer users to keep an eye out for malware, including ransomware, distributed through working document converters.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Infosys Settles $17.5M Class Action Lawsuit After Sprawling Third-Party Breach 🕵️♂️Several major companies in the finance sector were impacted by the thirdparty breach, prompting them to notify thousands of customers of their compromised data.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Critical Fortinet Vulnerability Draws Fresh Attention 🕵️♂️CISA this week added CVE202524472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📔 Windows Shortcut Flaw Exploited by 11 State-Sponsored Groups 📔Newly discovered vulnerability ZDICAN25373 takes advantage of Windows shortcuts has been exploited by 11 statesponsored groups since 2017.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners 🖋️Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans RATs like Quasar RAT. The vulnerability, assigned the CVE identifier CVE20244577, refers to an argument injection vulnerability in PHP affecting Windowsbased systems running in CGI mode that could allow remote attackers to run arbitrary code. Cybersecurity company.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📢 Keeper Security launches revamped partner program for 2025 📢Keeper Security has announced an update to its partner program designed to help partners expand their cybersecurity offerings and drive new revenue.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🦿 Agentic AI’s Role in the Future of AppSec 🦿Overwhelmed AppSec teams are turning to agentic AI to handle the tedious manual work of security reporting, threat modeling, and code reviews, but successful implementation requires careful human oversight.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🦅 CISA Adds Two Critical Vulnerabilities (CVE-2025-24472 and CVE-2025-30066) to the Known Exploited Vulnerabilities Catalog 🦅Cyble CISA Adds Two Critical Vulnerabilities CVE202524472 and CVE202530066 to the Known Exploited Vulnerabilities Catalog " dataimagecaption"Cyble CISA Adds Two Critical Vulnerabilities CVE202524472 and CVE202530066 to the Known Exploited Vulnerabilities Catalog " datamediumfile"httpscyble.comwpcontentuploads202503CybleBlogsCISACVE202524472300x150.png" datalargefile"httpscyble.comwpcontentuploads202503CybleBlogsCISACVE2025244721024x512.png" title"CISA Adds Two Critical Vulnerabilities CVE202524472 and CVE202530066 to the Known Exploited Vulnerabilities Catalog 1" Overview The Cybersecurity and Infrastructure Security Agency CISA has recently added two major vulnerabilities to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. These vulnerabilities, ...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
📔 Gartner Warns Agentic AI Will Accelerate Account Takeovers 📔Gartner has claimed that AI agents will reduce the time it takes to exploit exposed accounts.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge 📔Security firm Barracuda said it has detected more than a million phishingasaservice PhaaS attacks in 2025.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 752,000 Browser Phishing Attacks Mark 140% Increase YoY 📔A surge in browserbased phishing attacks has been recorded over the past year, with a 140 increase compared to 2023 according to Menlo Security.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ 5 Identity Threat Detection & Response Must-Haves for Super SaaS Security 🖋️Identitybased attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaSreliant organizations big and small.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen 🖋️In todays digital world, security breaches are all too common. Despite the many security tools and training programs available, identitybased attackslike phishing, adversaryinthemiddle, and MFA bypassremain a major challenge. Instead of accepting these risks and pouring resources into fixing problems after they occur, why not prevent attacks from happening in the first place? Our upcoming.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📢 Keeper Security launches revamped partner program for 2025 📢Keeper Security has announced an update to its partner program designed to help partners expand their cybersecurity offerings and drive new revenue.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🦿 Google Acquires Startup Wiz for $32B to Make ‘Cybersecurity More Accessible And Simpler’ 🦿Googles agreement to buy cloud security startup Wiz will face antitrust scrutiny amid Alphabets ongoing legal battles.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🦿 TechRepublic Exclusive: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure’ 🦿Ransomware attackers know where your kids go to school and they want you to know it, according to professional negotiators at Sygnia.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Nation-State Groups Abuse Microsoft Windows Shortcut Exploit 🕵️♂️Trend Micro uncovered a method that nationstate threat actors are using to target victims via the Windows .Ink shortcut file extension.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ AI Cloud Adoption Is Rife With Cyber Mistakes 🕵️♂️Research finds that organizations are granting root access by default and making other big missteps, including a Jengalike building concept, in deploying and configuring AI services in cloud deployments.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🦿 Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? 🦿By simply sending HTTP requests, attackers can trigger the deserialisation of malicious data in Tomcat's session storage and gain control.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📢 Keeper Security launches revamped partner program for 2025 📢Keeper Security has announced an update to its partner program designed to help partners expand their cybersecurity offerings and drive new revenue.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🖋️ Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia 🖋️The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the ecrime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user ExploitWhispers last month. According to an analysis of the messages by cybersecurity company.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦅 CERT NZ Shares Critical Advisory for CVE-2025-24813 Vulnerability in Apache Tomcat 🦅Cyble Cyble CERT NZ Shares Critical Advisory for CVE202524813 Vulnerability in Apache Tomcat " dataimagecaption"Cyble Cyble CERT NZ Shares Critical Advisory for CVE202524813 Vulnerability in Apache Tomcat " datamediumfile"httpscyble.comwpcontentuploads202503CybleBlogsCVE2025248131300x150.png" datalargefile"httpscyble.comwpcontentuploads202503CybleBlogsCVE20252481311024x512.png" title"CERT NZ Shares Critical Advisory for CVE202524813 Vulnerability in Apache Tomcat 2" Overview The New Zealand Computer Emergency Response Team CERT NZ recently issued an urgent security advisory regarding a critical vulnerability, CVE202524813, affecting Apache Tomcat across multiple versions. This Apache Tomcat vulnerability, identified in March 2025, poses severe risks, including remote code execution...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
📔 Europol Warns of “Shadow Alliance” Between States and Criminals 📔Europols annual report warns of a growing threat from aligned state and cybercrime groups, enabled by AI technologies.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns 📔The US Cybersecurity and Infrastructure Security Agency added flaws in Fortinet and a popular GitHub Action to its Known Exploited Vulnerabilities catalog.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Brian Cox to Discuss Quantum Computing's Impact at Infosecurity Europe 2025 📔Worldrenowned physicist, Professor Brian Cox, will headline day one of Infosecurity Europe, analyzing the science behind quantum computing and the challenges it brings.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems 🖋️Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition SCADA system used in operational technology OT environments, that could allow malicious actors to take control of susceptible systems. "These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers 🖋️The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web browser update baits on compromised WordPress as a malware distribution vector. The.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Why Cybersecurity Needs More Business-Minded Leaders 🕵️♂️The question is no longer "Are we compliant?" but "Are we truly resilient?".
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🖋️ CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise 🖋️The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tjactionschangedfiles, to its Known Exploited Vulnerabilities KEV catalog. The highseverity flaw, tracked as CVE202530066 CVSS score 8.6, involves the breach of the GitHub Action to inject malicious code that enables a remote.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Extortion Reboot: Ransomware Crew Threatens Leak to Snowden 🕵️♂️Though the group initially stuck to classic ransomware TTPs before demanding the ransom, it went off script when it began threatening the group and detailing potential consequences the victim would face.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity