23174
๐ The finest daily news on cybersecurity and privacy. ๐ Daily releases. ๐ป Is your online life secure? ๐ฉ lalilolalo.dev@gmail.com
๐ข Global cybersecurity spending is set to rise 12% in 2025 โ here are the industries ramping up investment ๐ขGlobal cybersecurity spending is expected to surge this year, fueled by escalating statesponsored threats and the rise of generative AI, according to new analysis from IDC.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ โก Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More ๐๏ธAttackers arent waiting for patches anymore they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This weeks events show a hard truth its not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Pall Mall Process Progresses but Leads to More Questions ๐ต๏ธโโ๏ธNations continue to sign the Code of Practice for States in an effort to curb commercial spyware, yet implementation and enforcement concerns have yet to be figured out.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ Cyble Urges Critical Vulnerability Fixes Affecting Industrial Systems ๐Rockwell Automation, Hitachi Energy and Inaba Denki Sangyo have products affected by critical vulnerabilities carrying severity ratings as high as 9.9.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ NVD Revamps Operations as Vulnerability Reporting Surges ๐The NVD program manager has announced undergoing process improvements to catch up with its growing vulnerability backlog.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps ๐๏ธCybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an attempt to deceive unsuspecting users into installing the malware instead. "The threat actor utilized a.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Initial Access Brokers Shift Tactics, Selling More for Less ๐๏ธWhat are IABs? Initial Access Brokers IABs specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise exploiting vulnerabilities through methods like social engineering and bruteforce attacks.ย By selling access, they significantly mitigate the.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit ๐๏ธFortinet has revealed that threat actors have found a way to maintain readonly access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and nowpatched security flaws, including, but not limited to, CVE202242475, CVE202327997, and CVE202421762. "A threat actor used a known.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Why Data Privacy Isn't the Same as Data Security ๐ต๏ธโโ๏ธFailing to distinguish between data privacy and data security leaves businesses vulnerable to regulatory scrutiny and the kinds of breaches that erode consumer trust overnight.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ What Should the US Do About Salt Typhoon? ๐ต๏ธโโ๏ธSecurity experts weigh in on the problem Salt Typhoon and its hacking of telecoms poses against the United States, including what the US should do and how defenders can protect themselves.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ AuthZEN Aims to Harmonize Fractured Authorization Controls ๐ต๏ธโโ๏ธManaging permissions and authorizations across dozens or hundreds of cloud services and platforms poses significant headaches for companies. An open specification aims to change that.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ 10 Bugs Found in Perplexity AI's Chatbot Android App ๐ต๏ธโโ๏ธResearchers characterize the company's artificial intelligence chatbot as less secure than ChatGPT and even DeepSeek.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Using Third-Party ID Providers Without Losing Zero Trust ๐ต๏ธโโ๏ธWith 4.4 billion in worldwide data breach fines in 2024, the cost of not knowing who's walking into your systems is devastating.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ข Cyber attacks against UK firms dropped by 10% last year, but experts say don't get complacent ๐ขMore than fourinten UK businesses were hit by a cyber attack last year, marking a decrease on the year prior but security experts have warned enterprises to still remain vigilant.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ข Bigger salaries, more burnout: Is the CISO role in crisis? ๐ขCISOs are more stressed than ever before but why is this and what can be done?.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ข Businesses are taking their eye off the ball with vulnerability patching ๐ขSecurity leaders are overconfident in their organizations security posture while allowing vulnerability patching to fall by the wayside.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ โก Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More ๐๏ธAttackers arent waiting for patches anymore they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This weeks events show a hard truth its not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Paper Werewolf Threat Actor Targets Flash Drives With New Malware ๐ต๏ธโโ๏ธThe threat actor, also known as Goffee, has been active since at least 2022 and has changed its tactics and techniques over the years while targeting Russian organizations.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ Google Cloud: Top 5 Priorities for Cybersecurity Leaders Today ๐Experts at the Google Cloud Next event set out how security teams need to adapt their focuses in the wake of trends such as rising cyberattacks and advances in AI.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation ๐๏ธA newly disclosed highseverity security flaw impacting OttoKit formerly SureTriggers has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE20253102 CVSS score 8.1, is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. "The.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways ๐๏ธPalo Alto Networks has revealed that it's observing bruteforce login attempts against PANOS GlobalProtect gateways, days after threat hunters warned of a surge in suspicious login scanning activity targeting its appliances. "Our teams are observing evidence of activity consistent with passwordrelated attacks, such as bruteforce login attempts, which does not indicate exploitation of a.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors ๐๏ธThe threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday. Paper Werewolf, also known.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Threat Actors Use 'Spam Bombing' Technique to Hide Malicious Motives ๐ต๏ธโโ๏ธDarktrace researchers detailed "spam bombing," a technique in which threat actors bombard targets with spam emails as a pretense for activity like social engineering campaigns.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Open Source Poisoned Patches Infect Local Software ๐ต๏ธโโ๏ธMalicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy offering "patches" for locally installed programs.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Trump's DoJ Targets Krebs, Revokes SentinelOne Security Clearance ๐ต๏ธโโ๏ธAn executive order is targeting former Trump appointees, including former CISA director Chris Krebs and his current coworkers, in the latest in a series of directives against those who dissented against the president and his associates.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Zero-Day in CentreStack File-Sharing Platform Under Attack ๐ต๏ธโโ๏ธGladinet's platform is widely used among managed service providers, and a critical deserialization flaw could put MSP customers in jeopardy.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Organizations Lack Incident Response Plans, But Answers Are on the Way ๐ต๏ธโโ๏ธDeveloping strong incident response plans remains an area that requires significant improvement. Here are some shortcomings and how to address them.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims ๐ต๏ธโโ๏ธThe most damaging attacks continue to be ransomware, but financial fraud claims are more numerous and both are driven by increasing thirdparty breaches.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ข โPhishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 โ and experts warn itโs lowering the barrier of entry for amateur hackers ๐ขResearch from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than 25.
๐ Read more.
๐ Via "ITPro"
----------
๐๏ธ Seen on @cibsecurity
๐ Over 40% of UK Businesses Faced Cybersecurity Breaches in 2024 ๐The Cyber Security Breaches Survey 2025 has been released by the UK Home Office and DSIT today, reporting a slight decline in incidents compared to 2024 report.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity