23174
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
♟️ China-based SMS Phishing Triad Pivots to Banks ♟️Chinabased purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the socalled Smishing Triad mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff.
📖 Read more.
🔗 Via "Krebs on Security"
----------
👁️ Seen on @cibsecurity
📢 Foreign AI model launches may have improved trust in US AI developers, says Mandiant CTO – as he warns Chinese cyber attacks are at an “unprecedented level” 📢Concerns about enterprise AI deployments have faded due to greater understanding of the technology and negative examples in the international community, according to Mandiant CTO Charles Carmakal.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📔 SpyNote Malware Targets Android Users with Fake Google Play Pages 📔A new Android malware campaign uses fake Google Play pages to distribute the SpyNote Trojan.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📢 Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up sting 📢Europol has detained several people believed to be involved in a botnet operation as part of a followup to a major takedown last year.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📔 Google Cloud: CISOs Demand Simplified Security Tools Amid Growing Tech Complexity 📔Google Cloud announced a number of security products designed to reduce complexity for security leaders.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🦅 ICS Vulnerability Report: Energy, Manufacturing Device Fixes Urged by Cyble 🦅ICS Vulnerability Report " dataimagecaption"ICS Vulnerability Report " datamediumfile"httpscyble.comwpcontentuploads202504ICSVulnerabilityReport300x150.png" datalargefile"httpscyble.comwpcontentuploads202504ICSVulnerabilityReport1024x512.png" title"ICS Vulnerability Report Energy, Manufacturing Device Fixes Urged by Cyble 1" Overview The Cyble report, part of the latest ICS Vulnerability Report, examined 70 ICS, Operational Technology OT, and Supervisory Control and Data Acquisition SCADA vulnerabilities identified in 16 recent advisories issued by the U.S. Cybersecurity and Infrastructure Security Agency CISA. Cyble highlighted several critical industrial control system ICS vulnerabilities in recent reports to clients, with the most severe vulnerabilities reaching 9.8 to 9.9 ...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
📔 Google Cloud: China Achieves “Cyber Superpower” Status 📔Google Clouds Sandra Joyce said that Chinese state actors advanced techniques and ability to stay undetected pose huge challenges.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🕵️♂️ 2 Android Zero-Day Bugs Under Active Exploit 🕵️♂️Neither security issue requires user interaction, and one of the vulnerabilities was used to unlock a student activist's device in an attempt to install spyware.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🖋️ Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings 🖋️Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. "One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office addins copied from a.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ 2 Android Zero-Day Bugs Under Active Exploit 🕵️♂️Neither security issue requires user interaction and one of the vulnerabilities was used to unlock a student activist's device in an attempt to install spyware.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🌊 What Is EDR (Endpoint Detection and Response)? 🌊Endpoint detection and Response EDR is a cybersecurity technology that provides continuous endpoint monitoring to detect, investigate, and respond to threats. EDR solutions empower security teams to quickly identify, understand, and mitigate risks by providing realtime visibility, automated threat containment, and detailed insights into the entire attack lifecycle. How Does EDR Work? EDR software acts The post What Is EDR Endpoint Detection and Response? appeared first on UnderDefense.
📖 Read more.
🔗 Via "UnderDefense"
----------
👁️ Seen on @cibsecurity
📔 CISA Warns of CrushFTP Vulnerability Exploitation in the Wild 📔The US Cybersecurity and Infrastructure Security Agency CISA has added CVE202531161 to its Known Exploited Vulnerabilities KEV catalog.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog 📔NIST marks CVEs pre2018 as Deferred in the NVD as agency focus shifts to managing emerging threats.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation 🖋️A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency CISA to its Known Exploited Vulnerabilities KEV catalog after reports emerged of active exploitation in the wild. The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Agentic AI in the SOC - Dawn of Autonomous Alert Triage 🖋️Security Operations Centers SOCs today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a goto solution, the term AI often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Google Cloud: CISOs Demand Simplified Security Tools Amid Growing Tech Complexity 📔Google Cloud announced a number of security products designed to reduce complexity for security leaders.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Google Cloud: China Achieves “Cyber Superpower” Status 📔Google Clouds Sandra Joyce said that Chinese state actors advanced techniques and ability to stay undetected pose huge challenges.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📢 Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up sting 📢Europol has detained several people believed to be involved in a botnet operation as part of a followup to a major takedown last year.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📔 Over 40% of UK Businesses Faced Cybersecurity Breaches in 2024 📔The Cyber Security Breaches Survey 2025 has been released by the UK Home Office and DSIT today, reporting a slight decline in incidents compared to 2024 report.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🦿 Can VPNs Be Tracked by the Police? 🦿VPNs are popular due to the fact they add security and privacy to what are otherwise fairly open WiFi and public internet channels. But can VPNs be tracked by the police?.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🦅 ICS Vulnerability Report: Energy, Manufacturing Device Fixes Urged by Cyble 🦅ICS Vulnerability Report " dataimagecaption"ICS Vulnerability Report " datamediumfile"httpscyble.comwpcontentuploads202504ICSVulnerabilityReport300x150.png" datalargefile"httpscyble.comwpcontentuploads202504ICSVulnerabilityReport1024x512.png" title"ICS Vulnerability Report Energy, Manufacturing Device Fixes Urged by Cyble 1" Overview The Cyble report, part of the latest ICS Vulnerability Report, examined 70 ICS, Operational Technology OT, and Supervisory Control and Data Acquisition SCADA vulnerabilities identified in 16 recent advisories issued by the U.S. Cybersecurity and Infrastructure Security Agency CISA. Cyble highlighted several critical industrial control system ICS vulnerabilities in recent reports to clients, with the most severe vulnerabilities reaching 9.8 to 9.9 ...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
🕵️♂️ UK Orgs Pull Back Digital Projects With Looming Threat of Cyberwarfare 🕵️♂️Artificial intelligence poses a significant concern when it comes to nationstate cyberthreats and AI's ability to supercharge attacks.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🖋️ Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw 🖋️Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE202448887, carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change vulnerability CWE620 in FortiSwitch GUI may allow a remote unauthenticated attacker to modify.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal 🖋️Cybersecurity researchers have disclosed details of a nowpatched security flaw in the Amazon EC2 Simple Systems Manager SSM Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges,.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Google Releases April Android Update to Address Two Zero-Days 📔Googles latest Android update fixes 62 flaws, including two zerodays previously used in limited targeted attacks.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Boards Urged to Follow New Cyber Code of Practice 📔The British government has launched a new code of practice designed to boost corporate cyber governance.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges 📔Armis survey reveals that the growing threat of nationstate cyberattacks is disrupting digital transformation.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities 🖋️Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two highseverity vulnerabilities are listed below CVE202453150 CVSS score 7.8 An outofbounds flaw in the USB subcomponent of Kernel that could result in information disclosure CVE202453197 CVSS score 7.8 A privilege escalation flaw in the USB subcomponent of Kernel.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine 🖋️The Computer Emergency Response Team of Ukraine CERTUA has revealed a new set of cyber attacks targeting Ukrainian institutions with informationstealing malware. The activity is aimed at military formations, law enforcement agencies, and local selfgovernment bodies, particularly those located near Ukraine's eastern border, the agency said. The attacks involve distributing phishing emails.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 How to Use a VPN: 4 Easy Steps to Get Started 🦿Learn how to set up and use a VPN with just four easy steps. This stepbystep guide takes you through how you can secure your connection and online data.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity