23174
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
🕵️♂️ OPSEC Nightmare: Leaking US Military Plans to a Reporter 🕵️♂️Experts say the leakage of US military plans to a reporter this month reflects a severe operational security failure on the part of US leadership.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📢 Fake file converter tools are on the rise – here’s what you need to know 📢The FBI has issued an alert over the rise of fake file converter tools available online after observing a spate of scams and ransomware attacks.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🦅 Cyble Sensors Detect Exploit Attempts on Ivanti, AVTECH IP Cameras 🦅Cyble Cyble Sensors Detect Exploit Attempts on Ivanti, AVTECH IP Cameras. " dataimagecaption"Cyble Cyble Sensors Detect Exploit Attempts on Ivanti, AVTECH IP Cameras " datamediumfile"httpscyble.comwpcontentuploads202503CybleBlogsIvanti300x150.png" datalargefile"httpscyble.comwpcontentuploads202503CybleBlogsIvanti1024x512.png" title"Cyble Sensors Detect Exploit Attempts on Ivanti, AVTECH IP Cameras 1" Overview Vulnerabilities in Ivanti products, AVTECH IP cameras, and WordPress plugins have recently been among the dozens of attempted exploits detected by Cyble honeypot sensors. The attack attempts were detailed in the threat intelligence companys weekly sensor intelligence reports to clients. The Cyble reports have also examined persistent attacks against Linux systems and net...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
📔 Authorities Seize 1842 Devices in Africa’s Cybercrime Crackdown 📔Authorities in seven African countries have arrested 306 suspects and seized 1842 devices in Operation Red Card.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 VanHelsingRaaS Expands Rapidly in Cybercrime Market 📔VanHelsingRaaS, a new ransomwareasaservice program, infected three victims within two weeks of release, demanding ransoms of 500,000.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks 🖋️Microsoft on Monday announced a new feature called inline data protection for its enterprisefocused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive companyrelated data into consumer generative artificial intelligence GenAI apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Oracle Denies Claim of Oracle Cloud Breach of 6M Records 🕵️♂️A threat actor posted data on BreachForums from an alleged supply chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zeroday flaw in WebLogic, researchers say.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ US Weakens Disinformation Defenses, as Russia & China Ramp Up 🕵️♂️Russia and China spend billions of dollars on state media, propaganda, and disinformation, while the Trump administration has slashed funding for US agencies.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Critical 'IngressNightmare' Vulns Imperil Kubernetes Environments 🕵️♂️More than 40 of all Internetfacing container orchestration clusters are at risk.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Chinese Hacker Group Tracked Back to iSoon APT Operation 🕵️♂️The group, called FishMonger or Aquatic Panda, is working under contract for the Chinese government to steal data from governmental organizations, Catholic charities, NGOs, think tanks, and more.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📢 Building ransomware resilience to avoid paying out 📢Amid an impending ransom payment ban, businesses should work to improve their incident response strategies and knowledge of prominent threat groups.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🖋️ How to Balance Password Security Against User Experience 🖋️If given the choice, most users are likely to favor a seamless experience over complex security measures, as they dont prioritize strong password security. However, balancing security and usability doesnt have to be a zerosum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience UX. This article.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More 🖋️A quiet tweak in a popular opensource tool opened the door to a supply chain breachwhat started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasnt the only stealth move. A new allinone malware is silently stealing passwords, crypto, and controlwhile hiding in plain sight. And over 300 Android apps joined the chaos, running ad.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📢 Security experts warn of ‘contradictory confidence’ over critical infrastructure threats 📢Almost all critical national infrastructure CNI organizations in the UK 95 experienced a data breach in the last year, according to new research.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📔 Teen Boys at Risk of Sextortion as 74% Lack Basic Awareness 📔The UKs National Crime Agency has launched a new campaign designed to raise awareness of sextortion among teenage boys.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📢 Oracle breach claims spark war of words with security researchers 📢A war of words has erupted between Oracle and cybersecurity researchers following claims the company suffered a security breach.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📢 Millions of 23andMe users’ genetic data could be up for grabs – and experts worry it’s a looming privacy nightmare 📢DNA testing company 23andMe has filed for bankruptcy protection, raising questions about the future of the company and the personal data it holds.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🖋️ INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust 🖋️Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort "aims to disrupt and dismantle crossborder criminal networks which cause significant harm to individuals and businesses," INTERPOL said, adding it.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Ukraine Railway Systems Hit by Targeted Cyber-Attack 📔Ukraines national railway company has suffered a largescale cyberattack, disrupting online services and operations.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics 🖋️A ransomwareasaservice RaaS operation called VanHelsing has already claimed three victims since it launched on March 7, 2025, demanding ransoms as high as 500,000. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a 5,000 deposit. Affiliates keep 80 of the ransom payments, while the core operators earn 20," Check Point said.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication 🖋️A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities CVE202524513, CVE202524514, CVE20251097, CVE20251098, and CVE20251974 , assigned a CVSS score of.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ FCC Investigates China-Backed Tech Suppliers for Evading US Operations Ban 🕵️♂️FCC chair warns these companies may still be operating in the US because they don't believe that being added to its "Covered List" poses any serious risk.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ China-Nexus APT 'Weaver Ant' Caught in Yearslong Web Shell Attack 🕵️♂️The persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ FBI Warns of Document Converter Tools Due to Uptick in Scams 🕵️♂️The FBI's Denver field office says the tools will convert documents while also dropping malware and scraping users' systems for sensitive data.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🦅 Stopping Deepfakes in Financial Services Will Require New Processes: Cyble 🦅Stopping Deepfakes in Financial Services Will Require New Processes Cyble " dataimagecaption"Stopping Deepfakes in Financial Services Will Require New Processes Cyble " datamediumfile"httpscyble.comwpcontentuploads202503CybleBlogsDeepfake300x150.jpg" datalargefile"httpscyble.comwpcontentuploads202503CybleBlogsDeepfake.jpg" title"Stopping Deepfakes in Financial Services Will Require New Processes Cyble 1" The rise of AIgenerated deepfakes has placed the financial services industry and its customers at the epicenter of this growing cyber threat. Whether deepfake fraud is hitting consumers, commercial accounts, or financial institutions themselves, organizations in the banking and financial services sector will need new processes and cybersecurity controls to address this new generat...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
📔 California AG Reminds 23andMe Customers of Data Deletion Rights Amid Bankruptcy Filing 📔Two years after a data breach that compromised almost seven million customers, 23andMe's CEO has resigned as the company files for bankruptcy.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware 🖋️Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code VSCode Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦅 FizzBuzz to FogDoor: Targeted Malware Campaign Exploits Job-Seeking Developers 🦅Cyble FogDoor FizzBuzz " dataimagecaption"" datamediumfile"httpscyble.comwpcontentuploads202503FizzbuzzFogDoor300x150.png" datalargefile"httpscyble.comwpcontentuploads202503FizzbuzzFogDoor1024x512.png" title"FizzBuzz to FogDoor Targeted Malware Campaign Exploits JobSeeking Developers 1" Key Takeaways A GitHub repository masqueraded as a coding challenge to deceive developers, particularly targeting Polishspeaking job seekers Opening the provided ISO file triggers a PowerShell script that installs a backdoor named FogDoor and steals sensitive data. The backdoor retrieves commands from a social media profile and exfiltrates stolen data using temporary webhook services, making detection more difficult. The malware extracts browser cookies, saved credentials, installed application...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
🖋️ Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks 🖋️A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE202529927, carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header xmiddlewaresubrequest to prevent recursive requests from triggering infinite loops," Next.js said in an.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Google Account Hijackers Target Victims Via Semrush Ads 📔Threat actors are looking to compromise Google accounts to further malvertising and data theft.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity