23174
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
🕵️♂️ Is the Middle East's Race to Digitize a Threat to Infrastructure? 🕵️♂️As the region continues with its ambitious road map, cybersecurity must be woven into every step of the process.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🖋️ Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed 🖋️The supply chain attack involving the GitHub Action "tjactionschangedfiles" started as a highlytargeted attack against one of Coinbase's opensource projects, before evolving into something more widespread in scope. "The payload was focused on exploiting the public CICD flow of one of their open source projects agentkit, probably with the purpose of leveraging it for further compromises,".
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 FishMonger APT Group Linked to I-SOON in Espionage Campaigns 📔The FishMonger APT Group has been linked with ISOON, targeting governments, NGOs and think tanks in cyberespionage campaigns.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🦅 Hybrid Threats and AI Form the DNA of EU’s Organized Threat Landscape in 2025: Europol 🦅Cyble Hybrid Threats and AI Form the DNA of EUs Organized Threat Landscape in 2025 Europol " dataimagecaption"Cyble Hybrid Threats and AI Form the DNA of EUs Organized Threat Landscape in 2025 Europol " datamediumfile"httpscyble.comwpcontentuploads202503CybleBlogsEuropol1300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202503CybleBlogsEuropol11024x512.jpg" title"Hybrid Threats and AI Form the DNA of EUs Organized Threat Landscape in 2025 Europol 2" Overview The Europol released the EUSOCTA 2025 report, which offers a comprehensive look into the complex dynamics shaping serious and organized crime across Europe. Europols analysis provides insight into the increasing intersection of cybercriminal activities, hybrid threats, and the exploitation of emerging technologies. ...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
📔 Rooted Devices 250 Times More Vulnerable to Compromise 📔Rooted devices are 250 times more vulnerable to security incidents, Zimperium warned.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🌊 Next Level Device Management with Google MDM for Windows 🌊Google Workspace now provides robust Windows device management a truly advanced mobile device management solution from Google. This solution makes enrolling and managing all your devices effortless while keeping everything centralized in your Google Workspace environment. Every device is automatically assigned to the corresponding user since Google Workspace is, first and foremost, an Identity The post Next Level Device Management with Google MDM for Windows appeared first on UnderDefense.
📖 Read more.
🔗 Via "UnderDefense"
----------
👁️ Seen on @cibsecurity
📔 Over Half a Million Hit by Pennsylvania Schools Union Breach 📔The Pennsylvania State Education Association PSEA has sent breach notifications to over 500,000 current and former members.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 UK CNI Security Leaders Express Confidence in Cybersecurity, Despite 95% Breach Rate 📔Bridewell has released its annual report on critical infrastructure security leaders perceived cybersecurity maturity and threats.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation 🖋️The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a highseverity security flaw impacting NAKIVO Backup Replication software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability in question is CVE202448248 CVSS score 8.6, an absolute path traversal bug that could allow an unauthenticated attacker to.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data 🖋️The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab. Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance tool called Graphite that's capable of harvesting sensitive data from instant messaging applications.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems 🖋️Veeam has released security updates to address a critical security flaw impacting its Backup Replication software that could lead to remote code execution. The vulnerability, tracked as CVE202523120, carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12 builds. "A vulnerability allowing remote code execution RCE by authenticated domain users," the.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Mobile Jailbreaks Exponentially Increase Corporate Risk 🕵️♂️Both Android devices and iPhones are 3.5 times more likely to be infected with malware once "broken" and 250 times more likely to be totally compromised, recent research shows.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📢 Hackers are turning to AI tools to reverse engineer millions of apps – and it’s causing havoc for security professionals 📢A marked surge in attacks on clientside apps could be due to the growing use of AI tools among cyber criminals, according to new research.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📢 Get started on post-quantum encryption, organizations warned 📢The UK's national cybersecurity agency is urging companies to begin preparing themselves for quantum threats by 2035.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
♟️ DOGE to Fired CISA Staff: Email Us Your Personal Data ♟️A message posted on Monday to the homepage of the U.S. Cybersecurity Infrastructure Security Agency CISA is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recentlyfired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a passwordprotected email attachment presumably with the password needed to view the file included in the body of the email.
📖 Read more.
🔗 Via "Krebs on Security"
----------
👁️ Seen on @cibsecurity
🖋️ Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed 🖋️The supply chain attack involving the GitHub Action "tjactionschangedfiles" started as a highlytargeted attack against one of Coinbase's opensource projects, before evolving into something more widespread in scope. "The payload was focused on exploiting the public CICD flow of one of their open source projects agentkit, probably with the purpose of leveraging it for further compromises,".
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Ukraine Defense Sector Under Attack Via Dark Crystal RAT 🕵️♂️The UNC200 threat group, active since last summer, has been utilizing the Signal messaging app to social engineer targets into downloading an infostealing remote access Trojan.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🖋️ YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users 🖋️YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russianspeaking users. "What's intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla, and.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦅 CISA Warns of Active Exploitation with Three New Vulnerabilities Added to KEV Catalog 🦅CISA Warns of Active Exploitation with Three New Vulnerabilities Added to KEV Catalog CVE20251316 " dataimagecaption"" datamediumfile"httpscyble.comwpcontentuploads202503CISAWarnsofActiveExploitationwithThreeNewVulnerabilitiesAddedtoKEVCatalog300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202503CISAWarnsofActiveExploitationwithThreeNewVulnerabilitiesAddedtoKEVCatalog.jpg" title"CISA Warns of Active Exploitation with Three New Vulnerabilities Added to KEV Catalog 1" One of the most concerning vulnerabilities in the new CISA catalog is CVE20251316, which affects the Edimax IC7100 IP Camera. This vulnerability, identified on March 4, 2025, is an OS Command Injection Vulnerability that allows attackers to execute arbitrary commands on the device remotely. The Edimax IC7100 ...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Are We Closing the Gender Gap in Cybersecurity? 🕵️♂️Answer Nope. But let's look at the trends because they matter for security.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📔 NCSC Sets 2035 Deadline for Post-Quantum Cryptography Migration 📔New NCSC guidance sets out a threephase migration to postquantum cryptography, designed to ensure all systems are protected from quantum attacks by 2035.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 UK Police Arrest 422 in Major Fraud Crackdown 📔Februarys Operation Henhouse resulted in hundreds of arrests and the seizure of 7.5m.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages 🖋️The Computer Emergency Response Team of Ukraine CERTUA is warning of a new campaign that targets the defense sectors with Dark Crystal RAT aka DCRat. The campaign, detected earlier this month, has been found to target both employees of enterprises of the defenseindustrial complex and individual representatives of the Defense Forces of Ukraine. The activity involves.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers 🖋️Regulatory compliance is no longer just a concern for large enterprises. Small and midsized businesses SMBs are increasingly subject to strict data protection and security regulations, such as HIPAA, PCIDSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain compliance due to limited IT resources, evolving regulatory requirements, and complex security challenges.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model 🖋️Cybersecurity isn't just another checkbox on your business agenda. It's a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model, exemplified through Microsoft 365's approach, offers a framework for comprehending and implementing effective cybersecurity.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 Master IT Fundamentals With This CompTIA Certification Prep Bundle 🦿Prepare for a successful IT career with lifetime access to expertled courses covering CompTIA A, Network, Security, and Cloud certification prep.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📢 Forget MFA fatigue, attackers are exploiting ‘click tolerance’ to trick users into infecting themselves with malware 📢Threat actors are exploiting users familiarity with verification tests to trick them into loading malware onto their systems, new research has warned.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📢 Western Alliance Bank admits cyber attack exposed 22,000 customers 📢An American bank has admitted nearly 22,000 customers had their accounts compromised following an attack that targeted a zeroday flaw in a thirdparty filetransfer tool.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🕵️♂️ India Is Top Global Target for Hacktivists, Regional APTs 🕵️♂️Global politics and a growing economy draw the wrong kind of attention to India, with denialofservice and application attacks both on the rise.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🚨 Cyber chiefs unveil new roadmap for post-quantum cryptography migration 🚨New guidance from the NCSC outlines a threephase timeline for organisations to transition to quantumresistant encryption methods by 2035.
📖 Read more.
🔗 Via "UK NCSC"
----------
👁️ Seen on @cibsecurity