23174
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
📔 TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack 📔Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credentialstealing malware.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware 🖋️A proUkrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. "Bearlyfy also known as Labubu operates as a dualpurpose group aimed at inflicting maximum damage upon Russian businesses.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion 🖋️Threat actors are using adversaryinthemiddle AitM phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware. "TikTok has been historically abused to distribute.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 Google Issues High-Risk Security Patch for 3.5 Billion Chrome Users: What You Need to Know 🦿Google patches eight highseverity Chrome vulnerabilities affecting 3.5 billion users. Heres why you should update and relaunch your browser now. The post Google Issues HighRisk Security Patch for 3.5 Billion Chrome Users What You Need to Know appeared first on TechRepublic.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📢 Google just revised its ‘Q-Day’ timeline: Quantum computers could break existing encryption techniques within three years – and enterprises are nowhere near ready 📢Google has warned that QDay, the point where a quantum computer is powerful enough to crack current encryption techniques, could come as soon as 2029.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📢 AI challenges mean it's time to shine for cyber professionals – but they need a helping hand 📢Keep your security pros close, you never know when youll need them to solve an AIrelated crisis.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🦿 Millions of UK iPhone Users Will Need to Verify Their Age — Here’s Why 🦿Apples latest iOS update adds some new features and fixes several bugs but it also introduces mandatory age verification for users in the United Kingdom. The post Millions of UK iPhone Users Will Need to Verify Their Age Heres Why appeared first on TechRepublic.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📔 Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code 📔Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AIgenerated code.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🦿 TP-Link Fixes Bug That Lets Hackers Take Over Routers Without a Password 🦿TPLink patched highseverity Archer NX router flaws, including one that could let attackers upload rogue firmware without authentication. The post TPLink Fixes Bug That Lets Hackers Take Over Routers Without a Password appeared first on TechRepublic.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🦅 The Energy Sector’s Ransomware Nightmare: Why Critical Infrastructure Can’t Catch a Break 🦅 Let's talk about the sector that keeps our lights on, water running, and industries hummingand why it's become ransomware's favorite target. In 2025, the global energy and utilities sector faced 187 confirmed ransomware attacks. Not attempts. Confirmed, successful intrusions where attackers locked systems, stole data, and demanded payment. And that's just what we know about. If you think that number sounds alarming, you're paying attention. When Ransomware Hits Where It Hurts Here's the thing about attacking energy infrastructure the impact cascades. When ransomware paralyzed Halliburton's operations in August 2025, the company disclosed a 35 million loss. When hackers using FrostyGoop malware hit a Ukrainian municipal energy company, residents in Lviv lost heating during ...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
📔 Iran-Linked Pay2Key Ransomware Group Re-Emerges 📔Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns 📔PwC Annual Threat Dynamics report says AIthreats are the biggest concern of clients.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites 🖋️Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data," Sansec said in a report published this week. The attack,.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories 🖋️Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldnt even be touching. Theres a little bit of everything in this one, too. Weird delivery tricks, old problems coming back in slightly worse forms, shady infrastructure doing.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website 🖋️Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if the user wrote them," Koi Security researcher Oren Yomtov said in a report shared with The Hacker News. "No clicks, no.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks 🖋️Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are opensource frameworks that are used to build applications powered by Large Language Models LLMs. LangGraph is built on the foundations of.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ We Are At War 🖋️Rising geopolitical tensions are reflected or in some cases preceded by cyber operations, while technology itself has become politicized. Lets admit it we are in the middle of it. Introduction One tech power to rule them all is a thing of the past The relative safety, peace and prosperity that much of the world has enjoyed since 1945 was not accidental. It emerged from the ashes.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks 🖋️Cybersecurity researchers have disclosed details of a nowpatched bug impacting Open VSX's prepublish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code VS Code extension to pass the vetting process and go live in the registry. "The pipeline had a single boolean return value that meant both 'no scanners are configured' and 'all scanners failed to run,'" Koi.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📢 OpenAI is cracking down on AI misuse with a new bug bounty program 📢Submissions don't have to be security vulnerabilities, OpenAI says, just the potential to cause material harm.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📢 March rundown: RSAC warnings and Arm's AGI CPU 📢AI agents are complicating the jobs of cyber professionals.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🦿 Microsoft 365 Under Siege: Phishing Campaign Bypasses MFA Across 5 Countries 🦿A global phishing campaign targeting Microsoft 365 bypasses security codes using a legitimate login feature, impacting hundreds of organizations. The post Microsoft 365 Under Siege Phishing Campaign Bypasses MFA Across 5 Countries appeared first on TechRepublic.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🖋️ China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks 🖋️A longterm and ongoing campaign attributed to a Chinanexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that's also tracked as Earth Bluecrow,.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 The Next Billion Users Won’t Be Human: Securing the Agentic Enterprise 🦿Menlo Securitys Ramin Farassat speaks with TechRepublic about how browserbased controls can protect AI agents from prompt injection and other fastscaling enterprise risks. The post The Next Billion Users Wont Be Human Securing the Agentic Enterprise appeared first on TechRepublic.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📔 Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds 📔Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Invoice Fraud Costs UK Construction Sector Millions, NCA Warns 📔The National Crime Agency has warned construction firms about surging invoice fraud.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns 📔OpenAIs Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts 📔EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks 🖋️The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. "When Coruna was first reported, the public evidence wasn't sufficient to link its code to Triangulation shared.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception 🖋️Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit masterworks of Picasso, Matisse, and Renoir to unsuspecting collectors and renowned museums. Over the next several decades,.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ [Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks 🖋️Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered Would your defenses actually stop a real attack? Thats where things get shaky. A control exists, so its assumed to work. A detection rule is active, so its expected to catch something. But very.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity