23174
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
🖋️ CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices 🖋️The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two sixyearold security flaws impacting Sitecore CMS and Experience Platform XP to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below CVE20199874 CVSS score 9.8 A deserialization vulnerability in the Sitecore.Security.AntiCSRF.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert! 🖋️Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zeroclick exploits, malicious Office files are still one of the easiest ways into a victims system. Here are the top three Microsoft Officebased exploits still making the rounds this year and what you need to know to avoid them. 1.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware 🖋️An advanced persistent threat APT group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records 🖋️Cybersecurity researchers have shed light on a new phishingasaservice PhaaS platform that leverages the Domain Name System DNS mail exchange MX records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. "The threat actor behind.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts 🖋️Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers," Sonatype researcher Ax Sharma said. "However, ... the latest.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
♟️ When Getting Phished Puts You in Mortal Danger ♟️Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.
📖 Read more.
🔗 Via "Krebs on Security"
----------
👁️ Seen on @cibsecurity
🦿 Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection 🦿Microsofts .NET MAUI lets developers build crossplatform apps in C, but its use of binary blob files poses new risks by bypassing Androids DEXbased security checks.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Fake DeepSeek Ads Spread Malware to Google Users 🕵️♂️Popularity of the generative AI platform makes it an obvious choice for cybercriminals abusing Googlesponsored search results, according to researchers.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update 🕵️♂️The artificial intelligence research company previously had its maximum payout set at 20,000 before exponentially raising the reward.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Hoff's Rule: People First 🕵️♂️Dark Reading Confidential Episode 5 Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber incident and built from the ground up a security team and security culture.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📢 OpenAI announces five-fold increase in bug bounty reward 📢OpenAI has announced a slew of new cybersecurity initiatives, including a 500 increase to the maximum award for its bug bounty program.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📢 ESET looks to ‘empower’ partners with cybersecurity portfolio updates 📢Cybersecurity solutions provider ESET has launched a series of updates to its business portfolio and ESET PROTECT platform to help partners tackle growing security challenges.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📔 Threat Actors Abuse Trust in Cloud Collaboration Platforms 📔Threat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment 🖋️The Russianspeaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a neverbeforeseen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Malicious npm Packages Deliver Sophisticated Reverse Shells 📔A newly discovered malware campaign uses malicious npm packages to deploy reverse shells, compromising development environments.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ 150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms 🖋️An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chineselanguage gambling platforms has ballooned to compromise approximately 150,000 sites to date. "The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a fullscreen overlay in the visitor's browser," cside security analyst Himanshu.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It 🖋️Whether its CRMs, project management tools, payment processors, or lead management tools your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more. A new report, Understanding SaaS Security Risks Why.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks 🖋️A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response EDR software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability 🖋️Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zeroday. The security vulnerability, CVE20252857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape .
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps 🖋️An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis. PJobRAT, first.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 Which Top Cybersecurity Role of 2024 Was Featured in 64,000+ Job Postings? 🦿IT and security workforce management firm CyberSN surveyed job listings from 2022 to 2024. Yes, decreases in demand for some job titles may be related to AI.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🕵️♂️ High-Severity Cloud Security Alerts Tripled in 2024 🕵️♂️Attackers aren't just spending more time targeting the cloud they're ruthlessly stealing more sensitive data and accessing more critical systems than ever before.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ DoJ Recovers $5M Lost in BEC Fraud Against Workers' Union 🕵️♂️The union received a spoofed email that led to the loss of 6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ How CISA Cuts Impact Election Security 🕵️♂️State and federal security experts weighed in on the impact that budgetary and personnel cuts to CISA will have on election security as a whole.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Iran's MOIS-Linked APT34 Spies on Allies Iraq & Yemen 🕵️♂️The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📢 NHS supplier hit with £3m fine for security failings that led to attack 📢The Information Commissioner's Office ICO said Advanced Computer Software Group failed to use appropriate security measures before the 2022 attack, which put the personal information of tens of thousands of NHS patients at risk.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📢 Healthcare systems are rife with exploits — and ransomware gangs have noticed 📢Nearly nineinten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🕵️♂️ 'Lucid' Phishing-as-a-Service Exploits Faults in iMessage, Android RCS 🕵️♂️Cybercriminals in China have figured out how to undermine the strengths of mobile messaging protocols.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🖋️ EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware 🖋️The threat actor known as EncryptHub exploited a recentlypatched security vulnerability in Microsoft Windows as a zeroday to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path MUIPath to download and execute malicious payload,.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ New Testing Framework Helps Evaluate Sandboxes 🕵️♂️The AntiMalware Testing Standards Organization published a Sandbox Evaluation Framework to set a standard among various sandbox offerings that help protect organizations from rising threats.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity