23174
๐ The finest daily news on cybersecurity and privacy. ๐ Daily releases. ๐ป Is your online life secure? ๐ฉ lalilolalo.dev@gmail.com
๐ Verizon's DBIR Reveals 34% Jump in Vulnerability Exploitation ๐After a 180 rise in last years report, the exploitation of vulnerabilities continues to grow, now accounting for 20 of all breaches.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems ๐๏ธCybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below nodetelegramutils 132 downloads nodetelegrambotsapi 82 downloads nodetelegramutil 73 downloads According to supply chain.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ If Boards Don't Fix OT Security, Regulators Will ๐ต๏ธโโ๏ธAround the world, governments are setting higherbar regulations with clear corporate accountability for breaches on the belief organizations won't drive up security maturity for operational technology unless they're made to.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ How Full-Spectrum Security with SIEM and SOC Helped Avoid a Potential $650K Loss ๐Our clients company issues business licenses and hosts events. Before reaching out to us, they... The post How FullSpectrum Security with SIEM and SOC Helped Avoid a Potential 650K Loss appeared first on UnderDefense.
๐ Read more.
๐ Via "UnderDefense"
----------
๐๏ธ Seen on @cibsecurity
๐ Rapid7 Pricing 2025: Ultimate Guide for Security Products ๐Rapid7 delivers a full suite of security solutions to help organizations detect, manage, and respond to cyber threats. As of 2025, Rapid7s productssuch as InsightVM, InsightIDR, and Managed Threat Completestart at around 2,000 to 5,000 per year for smaller environments, while enterprise deployments can range from 30,000 to over 150,000 annually, depending on the size, The post Rapid7 Pricing 2025 Ultimate Guide for Security Products appeared first on UnderDefense.
๐ Read more.
๐ Via "UnderDefense"
----------
๐๏ธ Seen on @cibsecurity
๐ Senators Urge Cyber-Threat Sharing Law Extension Before Deadline ๐Bipartisan support grows in Congress to extend Cybersecurity Information Sharing Act for 10 years.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure ๐Russian state actor Midnight Blizzard is using fake wine tasting events as a lure to spread malware for espionage purposes, according to Check Point.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns ๐๏ธMultiple statesponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a threemonth period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 aka Kimsuky, TA450 aka MuddyWater,.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ CVE-2025-24054 Under Active AttackโSteals NTLM Credentials on File Download ๐๏ธThe U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a mediumseverity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE202524054 CVSS score 6.5, is a Windows New Technology LAN Manager NTLM hash disclosure.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ [Webinar] AI Is Already Inside Your SaaS Stack โ Learn How to Prevent the Next Silent Breach ๐๏ธYour employees didnt mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AIenhanced tool. Integrated a chatbot into Salesforce. No big dealuntil it is. If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Apple Patches Two Zero-Days Used in โExtremely Sophisticatedโ Attacks ๐ฆฟFind out the specifics of these iOS and macOS vulnerabilities, as well as which Apple devices were impacted.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ Network Edge Devices the Biggest Entry Point for Attacks on SMBs ๐Sophos found that compromise of network edge devices, such as VPN appliances, accounted for 30 of incidents impacted SMBs in 2024.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ GPS Spoofing Attacks Spike in Middle East, Southeast Asia ๐ต๏ธโโ๏ธAn Indian disasterrelief flight delivering aid is the latest airtraffic incident, as attacks increase in the Middle East and Myanmar and along the IndiaPakistan border.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Blockchain Offers Security Benefits โ But Don't Neglect Your Passwords ๐๏ธBlockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchainbased security tools, could the technology one day replace passwords? How blockchain worksย Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Cybersecurity by Design: When Humans Meet Technology ๐ต๏ธโโ๏ธIf security tools are challenging to use, people will look for workarounds to get around the restrictions.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures ๐๏ธThe Russian statesponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initialstage tool.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures ๐๏ธThe Russian statesponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initialstage tool.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader ๐๏ธA new multistage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical writeup of the campaign. The.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ Social Engineering Exposes Flaws in Ransomware Response Plan โ Time for an Update ๐Lets be frankno one wakes up thinking, Todays the day I get phished. But thats exactly what keeps happeningand groups like BlackBasta ransomware group operating as ransomwareasaservice RaaS know how to pull it off. Slow, sneaky, and painfully effective if your ransomware response plan isnt ready. At UnderDefense, we see this play out far too The post Social Engineering Exposes Flaws in Ransomware Response Plan Time for an Update appeared first on UnderDefense.
๐ Read more.
๐ Via "UnderDefense"
----------
๐๏ธ Seen on @cibsecurity
๐ Veracode Pricing 2025: Ultimate Guide for Security Products ๐Veracode offers a full suite of application security tools to help businesses protect their software from cyber threats. In 2025, Veracodes pricing starts around 15,000 per year for basic packages and can exceed 100,000 annually for full enterprise solutions. With flexible plans for small businesses and large enterprises alike, Veracode makes it easier to secure The post Veracode Pricing 2025 Ultimate Guide for Security Products appeared first on UnderDefense.
๐ Read more.
๐ Via "UnderDefense"
----------
๐๏ธ Seen on @cibsecurity
๐ NTLM Hash Exploit Targets Poland and Romania Days After Patch ๐An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Artificial Intelligence โ What's all the fuss? ๐๏ธTalking about AI Definitions Artificial Intelligence AI AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decisionmaking and problemsolving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning ML and Deep Learning. Machine.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates ๐๏ธThe Chinalinked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement.
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐๏ธ Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT ๐๏ธCybersecurity researchers are warning of continued risks posed by a distributed denialofservice DDoS malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis.ย .
๐ Read more.
๐ Via "The Hacker News"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ Network Security at the Edge for AI-ready Enterprise ๐ฆฟThe widespread use of AI, particularly generative AI, in modern businesses creates new network security risks for complex enterprise workloads across various locations.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ฆฟ โNo AI Agents are Allowed.โ EU Bans Use of AI Assistants in Virtual Meetings ๐ฆฟIn a presentation delivered this month by the European Commission, a meeting etiquette slide stated No AI Agents are allowed.
๐ Read more.
๐ Via "Tech Republic"
----------
๐๏ธ Seen on @cibsecurity
๐ Network Edge Devices the Biggest Entry Point for Attacks on SMBs ๐Sophos found that compromise of network edge devices, such as VPN appliances, accounted for 30 of incidents impacted SMBs in 2024.
๐ Read more.
๐ Via "Infosecurity Magazine"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ GPS Spoofing Attacks Spike in Middle East, Southeast Asia ๐ต๏ธโโ๏ธAn Indian disasterrelief flight delivering aid is the latest airtraffic incident, as attacks increase in the Middle East and Myanmar and along the IndiaPakistan border.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Middle East, North Africa Security Spending to Top $3B ๐ต๏ธโโ๏ธGartner projects IT security spending in the MENA region will continue to increase in 2025, with security services accounting for the most growth.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity
๐ต๏ธโโ๏ธ Middle East, North Africa Security Spending to Top $3B ๐ต๏ธโโ๏ธGartner projects IT security spending in the MENA region will continue to increase in 2025, with security services accounting for the most growth.
๐ Read more.
๐ Via "Dark Reading"
----------
๐๏ธ Seen on @cibsecurity