23174
๐ The finest daily news on cybersecurity and privacy. ๐ Daily releases. ๐ป Is your online life secure? ๐ฉ lalilolalo.dev@gmail.com
๐๏ธ Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense ๐๏ธAs the field of artificial intelligence AI continues to evolve at a rapid pace, new research has found how techniques that render the Model Context Protocol MCP susceptible to prompt injection attacks could be used to develop security tooling or identify malicious tools, according to a new report from Tenable. MCP, launched by Anthropic in November 2024, is a framework designed to connect.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Microsoft CEO Nadella: 20% to 30% of Our Code Was Written by AI ๐ฆฟAt Metas LlamaCon conference, Satya Nadella shared whether AI is better at writing Python or C and asked Mark Zuckerberg how much Meta code is written by artificial intelligence.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ RansomHub Refines Extortion Strategy as RaaS Market Fractures ๐RansomHub refines extortion strategy amid RaaS market fractures, expanding affiliate recruitment.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ Microsoft Expands Cloud, AI Footprint Across Europe ๐Microsoft has announced plans to expand cloud and AI infrastructure in the EU, increasing data center capacity by 40 by 2027.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ DARPA Highlights Critical Infrastructure Security Challenges ๐ต๏ธโโ๏ธLeaders at federal research organizations DARPA, ARPAI, and ARPAH discussed the myriad obstacles in addressing critical infrastructure security at RSAC Conference 2025.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ข "There needs to be an order of magnitude more effort": AI security experts call for focused evaluation of frontier models and agentic systems ๐ขEvaluating the risks of dynamic, evolving AI networks is slow work for cybersecurity analysts.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ France Slams Russiaโs APT28 for Four-Year Cyber-Espionage Campaign ๐The French government has criticized Russias APT28 group for attacking 12 entities in a longrunning espionage campaign.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ US House Approves Bill to Assess Security Threats Posed by Foreign-Made Routers ๐The legislation mandates a probe into foreignmade routers to identify risks for US national security.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Customer Account Takeovers: The Multi-Billion Dollar Problem You Donโt Know About ๐๏ธEveryone has cybersecurity stories involving family members. Heres a relatively common one. The conversation usually goes something like thisย The strangest thing happened to my streaming account. I got locked out of my account, so I had to change my password. When I logged back in, all my shows were gone. Everything was in Spanish and there were all these Spanish shows Ive never seen.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ [Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats ๐๏ธHow Many Gaps Are Hiding in Your Identity System? Its not just about logins anymore. Todays attackers dont need to hack inthey can trick their way in. Deepfakes, impersonation scams, and AIpowered social engineering are helping them bypass traditional defenses and slip through unnoticed. Once inside, they can take over accounts, move laterally, and cause longterm damageall without.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ข RSAC Conference day two: A focus on what attackers are doing ๐ขFrom quantum to AI, experts discussed how new and experimental technologies could be used by hackers to access and decrypt sensitive data.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code ๐๏ธMeta on Tuesday announced LlamaFirewall, an opensource framework designed to secure artificial intelligence AI systems against emerging cyber risks such as prompt injection, jailbreaks, and insecure code, among others. The framework, the company said, incorporates three guardrails, including PromptGuard 2, Agent Alignment Checks, and CodeShield. PromptGuard 2 is designed to detect direct.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Indian Court Orders Action to Block Proton Mail Over AI Deepfake Abuse Allegations ๐๏ธA high court in the Indian state of Karnataka has ordered the blocking of endtoend encrypted email provider Proton Mail across the country. The High Court of Karnataka, on April 29, said the ruling was in response to a legal complaint filed by M Moser Design Associated India Pvt Ltd in January 2025. The complaint alleged its staff had received emails containing obscene, abusive.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool ๐๏ธIn a new campaign detected in March 2025, senior members of the World Uyghur Congress WUC living in exile have been targeted by a Windowsbased malware that's capable of conducting surveillance. The spearphishing campaign involved the use of a trojanized version of a legitimate opensource word processing and spell check tool called UyghurEdit developed to support the use of the Uyghur.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Product Walkthrough: Securing Microsoft Copilot with Reco ๐๏ธFind out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats all while keeping productivity high. Microsoft 365 Copilot promises to boost productivity by turning natural language prompts into actions. Employees can generate reports, comb through data, or get instant answers just by asking Copilot.ย However,.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ 23 Apple AirPlay Vulnerabilities โCould Have Far-Reaching Impactsโ ๐ฆฟThe socalled AirBorne flaws enable zeroclick attacks and device takeover on local networks.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Apple Passwords Review (2025): Features, Pricing, and Security ๐ฆฟApple Passwords provides robust security features, but is it capable of safeguarding your sensitive data?.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Phishers Take Advantage of Iberian Blackout Before It's Even Over ๐ต๏ธโโ๏ธOpportunistic threat actors targeted Portuguese and Spanish speakers by spoofing Portugal's national airline in a campaign offering compensation for delayed or disrupted flights.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ DHS Boss Noem Vows to Get CISA Back 'On Mission' ๐ต๏ธโโ๏ธSecretary Noem asks the cybersecurity community to get in touch with CISA to help reshape the agency to focus on finding efficiencies.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ UK Retailer Co-op Confirms Hack, Reports "Small Impact" to Its Systems ๐The Coop stores, quick commerce operations and funeral homes are trading as usual.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ DHS Head Accuses CISA of Acting Like โthe Ministry of Truthโ ๐Kristi Noem said the Trump administration is introducing reforms to ensure CISA is focusing on the core security functions it was created for.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ JPMorgan CISO Urges SaaS Security Reset ๐JPMorgans CISO has argued that SaaS apps represent a growing risk to businesses, quietly enabling cyber attackers.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control ๐๏ธCybersecurity researchers have revealed that RansomHub's online infrastructure has "inexplicably" gone offline as of April 1, 2025, prompting concerns among affiliates of the ransomwareasaservice RaaS operation. Singaporean cybersecurity company GroupIB said that this may have caused affiliates to migrate to Qilin, given that "disclosures on its DLS data leak site have doubled since.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool ๐๏ธA Chinaaligned advanced persistent threat APT group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversaryinthemiddle AitM attacks. "Spellbinder enables adversaryinthemiddle AitM attacks, through IPv6 stateless address autoconfiguration SLAAC spoofing, to move laterally in the compromised network, intercepting packets and.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ NVIDIA's AI Security Offering Protects From Software Landmines ๐ต๏ธโโ๏ธNVIDIA's DOCA Argus prevents attacks before they compromise AI architectures.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ข Cyber defenders need to remember their adversaries are human, says Trellix research head ๐ขThere's a growing overlap between nationstate actors and cybercriminals, but these attackers are real people who make mistakes.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ This month in security with Tony Anscombe โ April 2025 edition ๐From the neardemise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity.
๐ Read more.
๐ Via "ESET - WeLiveSecurity"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database ๐๏ธThe U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added two highseverity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below CVE20251976 CVSS score 8.6 A code injection flaw.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Google Reports 75 Zero-Days Exploited in 2024 โ 44% Targeted Enterprise Security Products ๐๏ธGoogle has revealed that it observed 75 zeroday vulnerabilities exploited in the wild in 2024, down from 98 in 2023.ย Of the 75 zerodays, 44 of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances. "Zeroday exploitation of browsers and mobile devices fell drastically, decreasing by about a third for browsers and by about half for.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients ๐๏ธCybersecurity company SentinelOne has revealed that a Chinanexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its highvalue customers. "We first became aware of this threat cluster during a 2024 intrusion conducted against an organization previously providing hardware logistics services for SentinelOne employees," security.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity