Oktacron - Cyber Security RSS Feeds History

Yokogawa Recorder Vulnerability Could Let Attackers Hijack Critical Industrial Systems

cyberexpress Apr 21, 2025 Cyber News

A high-severity vulnerability has been discovered in a range of industrial recorder and data acquisition systems produced by Yokogawa Electric Corporation, a Japan-based automation and measurement equipment manufacturer. This flaw has been identified as CVE-2025-1863 and is categorized under CWE-306: Missing show more ...

Authentication for Critical Function. The issue carries a CVSS v4 base score of 9.3 and a CVSS v3.1 score of 9.8, highlighting the extreme risk it poses to affected systems. Overview of Yokogawa Vulnerability The vulnerability is linked to insecure default settings in Yokogawa’s recorder products. Specifically, authentication is disabled by default on several of these devices. This means that when the devices are connected to a network without any configuration changes, anyone with network access can gain full access to critical functions—including system settings and operational controls. Such unrestricted access allows an attacker to manipulate measured values, alter system settings, and potentially compromise the integrity of critical operations in sectors like manufacturing, energy, and agriculture. Affected Yokogawa Products The vulnerability affects a wide range of Yokogawa’s paperless recorders and data acquisition units. The following models and versions are impacted: GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 and earlier GM Data Acquisition System: R5.05.01 and earlier DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 and earlier FX1000 Paperless Recorders: R1.31 and earlier μR10000 / μR20000 Chart Recorders: R1.51 and earlier MW100 Data Acquisition Units: All versions DX1000T / DX2000T Paperless Recorders: All versions CX1000 / CX2000 Paperless Recorders: All versions These devices are commonly used in critical infrastructure environments worldwide, including industrial manufacturing facilities, energy plants, and food processing units. Vulnerability Impact According to the technical evaluation, the Yokogawa vulnerability can be exploited remotely and with low attack complexity. No authentication or user interaction is needed, making it an attractive target for cyber attackers. The ability to manipulate sensitive data and operational settings without proper access control could result in: Incorrect measurements and faulty process outcomes Data integrity compromise Downtime in production lines Safety hazards in automated environments The threat becomes even more critical due to the default-disabled authentication, which implies that unless a user has manually enabled access controls, their systems are likely exposed. Technical Analysis The Yokogawa vulnerability stems from the absence of an enforced authentication mechanism in the default configuration of affected devices. In systems where authentication is not manually activated, any user on the network can access all critical device functions, including: Configuration of sensors and thresholds Adjustment of logging parameters Export and modification of stored data The CVSS v4 vector string for this vulnerability is: CVSS4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N This reflects: Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Confidentiality, Integrity, and Availability Impact: High The vulnerability was discovered and disclosed by Souvik Kandar from MicroSec (microsec.io) and was coordinated with the Cybersecurity and Infrastructure Security Agency (CISA). Yokogawa’s Mitigation Measures Yokogawa has issued guidance for all users of the affected products. Key recommendations include: Enable Authentication: Immediately activate the login function (authentication feature) on all affected devices if they are connected to a network. Change Default Passwords: After enabling authentication, update the default credentials to strong, unique passwords to prevent unauthorized access. Implement a Comprehensive Security Program: Yokogawa strongly recommends a complete security strategy that includes: Patch management and regular firmware updates Anti-virus deployment Data backup and recovery plans Network zoning and segmentation System hardening Application and device whitelisting Proper firewall configuration The company also offers security risk assessments to help customers evaluate and improve their current security posture. Impacted Industries and Global Reach Given the widespread use of Yokogawa recorders in automation and critical systems, this Yokogawa vulnerability has implications across several sectors: Critical Manufacturing: Automated production environments rely heavily on precise data logging and process control. Manipulation of recorder settings could lead to costly downtime or product defects. Energy: In power plants and substations, these devices often monitor critical parameters. A security breach could result in operational disruption or even physical damage. Food and Agriculture: Accurate recording of environmental data is essential for food safety and quality. An attacker could alter data to mask spoilage or unsafe conditions. The default disabled authentication presents a critical security gap that can be easily closed with proper configuration. However, the responsibility lies with users and system integrators to follow through with security best practices. Conclusion Industrial operators must not assume out-of-the-box configurations are secure, especially when deploying devices in critical environments. As threat actors increasingly target operational technology (OT) systems, proactive device hardening and security governance become non-negotiable. Addressing this vulnerability promptly will not only secure your systems but also ensure continuity, safety, and reliability in critical operations.

Zelenskyy Signs Law Advancing Cybersecurity of Ukraine’s State Networks and Critical Infrastructure

cyberexpress Apr 21, 2025 Cyber Essentials

Ukrainian President Volodymyr Zelenskyy has signed a sweeping cybersecurity bill aimed at bolstering the protection of state networks and critical infrastructure amid an ongoing surge in cyberattacks linked to Russia. The newly ratified Law No. 4336-IX, titled “On Amendments to Certain Laws of Ukraine Regarding show more ...

Information Protection and Cybersecurity of State Information Resources, Critical Information Infrastructure Objects,” introduces broad reforms to Ukraine’s national cyber strategy. It was approved by parliament on March 27 and signed into law last week. With the war now deeply entrenched in both physical and digital domains, the law is designed to enhance Ukraine’s capacity to respond to threats targeting government systems and vital services. Officials said it marks a significant shift toward risk-based management, coordinated national response, and better information sharing. “The implementation of this law will allow Ukraine to integrate even more effectively into the global cybersecurity ecosystem,” said Oleksandr Potii, head of Ukraine’s State Service of Special Communications and Information Protection. “Its adoption will contribute to increasing the resilience of Ukraine's digital systems against modern challenges.” Ukraine Cybersecurity Bill: Coordinated Response, Crisis Activation, Information Sharing One of the most impactful aspects of the legislation is the creation of a National Cyber Incident Response System. This framework defines the roles, responsibilities, and coordination mechanisms among state response teams and agencies. It also introduces a crisis response protocol, allowing the government to rapidly activate emergency measures when facing large-scale or nation-state cyberattacks. To complement these efforts, the law mandates the creation of a Cyber Incident Information Exchange System. This platform will streamline how incidents are reported, managed, and disclosed across both public and private sectors, fostering early warning and faster remediation. The system’s design is informed by European Union practices and aims to minimize duplication and confusion in high-pressure scenarios. Moving Beyond Legacy CIPS and Toward Lifecycle Risk Management A major structural shift introduced by the law is the abandonment of the Comprehensive Information Protection System (CIPS)—a framework that critics say had grown outdated and inflexible. In its place, Ukraine will adopt a modern risk management approach that emphasizes continuous security across the lifecycle of digital systems. Each system will now be subject to tailored protection profiles, with oversight mechanisms that stress agility over bureaucracy. The legislation also provides for a cybersecurity assessment framework that includes periodic audits. Importantly, the government clarified that the audit process will avoid excessive interference, focusing instead on practical outcomes and organizational maturity. Building Ukraine’s Cyber Workforce To support implementation, the law requires the designation of dedicated cybersecurity officers within government ministries and critical infrastructure sectors. These roles are tasked with leading internal cyber policy, managing compliance, and interfacing with national authorities during incidents. The move signals Ukraine’s intent to professionalize its cybersecurity workforce and reduce fragmentation in how cyber defense is managed at the institutional level. Aligned With European Norms In addition to domestic reforms, the legislation also positions Ukraine to align more closely with EU cybersecurity directives, including requirements on: Cyber incident reporting Roles and mandates of national response teams Implementation of cybersecurity risk management in both public and private sectors. Ukrainian lawmakers framed the law as a vital step in harmonizing legal frameworks with European partners, paving the way for deeper integration into transnational cybersecurity cooperation. Attacks Surge, Prompting Urgency CERT-UA, the country’s national Computer Emergency Response Team, reported a 70% increase in cyber incidents in 2024 compared to the previous year. The rise includes espionage, infrastructure sabotage, and psychological warfare campaigns—many of them linked to Russia. As of early 2025, the upward trend shows no sign of slowing. In a public alert, CERT-UA said there is growing sophistication and persistence of attackers, especially those targeting telecommunications, energy, and military command systems. Also read: Massive Cyberattack Hits Ukraine Railways, Disrupting Online Ticket Sales Ukraine’s digital space is as much a frontline as the physical battlefield, said Potii. The country's defenses must evolve constantly to match the adversary. Ukraine’s ability to operationalize the law’s provisions will depend on support from both domestic institutions and international partners. NATO allies and European cyber agencies are expected to play a role in technical assistance, as Ukraine seeks to reinforce its cyber posture not only for wartime resilience but long-term digital sovereignty. With this law, Ukraine joins a growing list of countries recognizing that modern cybersecurity policy must be proactive, deeply integrated, and strategically aligned across government and critical infrastructure sectors.

Hackers Can Now Exploit AI Models via PyTorch – Critical Bug Found

cyberexpress Apr 21, 2025 Firewall Daily

A major security flaw has been discovered in PyTorch, the widely used open-source machine learning framework. Identified as CVE-2025-32434, this newly reported PyTorch vulnerability allows attackers to remotely execute arbitrary code on systems that load AI models, even when protective settings like weights_only=True show more ...

are enabled. This critical vulnerability impacts all PyTorch versions up to and including 2.5.1, according to a security advisory published earlier this week. The issue has been addressed in version 2.6.0, which has been made available through pip. PyTorch Vulnerability Details The root of the issue lies within PyTorch’s torch.load() function, a core component frequently used for loading serialized models. For years, developers have relied on the weights_only=True flag to protect against potentially harmful code embedded in model files. However, that protect has now been proven insufficient. Security researcher Ji’an Zhou demonstrated that the weights_only=True setting can be bypassed, enabling attackers to execute remote commands. This revelation directly contradicts PyTorch's own documentation, which previously recommended the setting as a reliable mitigation method. This issue highlights the evolving nature of ML security," the PyTorch team stated. "We urge all users to update immediately and report suspicious model behavior." Who Is at Risk? Any application, research tool, or cloud service that relies on torch.load() using unpatched PyTorch versions is vulnerable. This includes systems designed for inference, federated learning, and model hub integrations. An attacker could easily upload a tampered model to a public repository or inject it into a software supply chain. When a user loads the compromised model, the exploit would trigger, potentially granting full control over the target system. Given the low complexity and high impact of the attack, security experts have classified the vulnerability as critical. According to GitHub's CVE record, CVE-2025-32434 carries a CVSS 4.0 score of 9.3, placing it firmly in the “Critical” category. The vector string highlights its severity: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N In simpler terms, it requires no special privileges, user interaction, or advanced exploitation techniques, making it especially dangerous for real-world applications. Immediate Actions Recommended The PyTorch team strongly urges all users to take the following steps: Upgrade to PyTorch 2.6.0 immediately using pip install-- upgrade torch. Audit existing AI models, especially those sourced from third-party or public repositories. Monitor official security channels, including the PyTorch GitHub Security page and the related GitHub Advisory (GHSA-53q9-r3pm-6pq6), for updates. Conclusion The discovery of the CVE-2025-32434 PyTorch vulnerability highlights the gaps in the AI community. Even widely trusted machine learning frameworks are not immune to serious security flaws. This critical vulnerability, which affects all PyTorch versions up to 2.5.1, allows remote code execution, even with weights_only=True enabled. To protect systems, users must immediately upgrade to PyTorch 2.6.0, audit existing models—especially those from third-party sources—and closely monitor official security channels.

Japan Warns of Hacked Trading Accounts and Unauthorized Trades

cyberexpress Apr 21, 2025 Cyber News

Japan’s Financial Services Agency (FSA) warned last week of the growing threat of hacked trading accounts that has resulted in nearly US $700 million in unauthorized trades since March. The FSA documented a sharp increase in the number of such fraudulent trades, from 33 in February to 685 in March and 736 through show more ...

the first 16 days of April. Accounts in at least six securities firms have been targeted in the attacks. While the FSA cited stolen login information from “fake websites (phishing sites) disguised as websites of real securities companies,” a separate advisory from the Japan Securities Dealers Association (JSDA) also cited infostealer malware as a cause of some stolen credentials. The surge in compromised accounts has itself been used as a pretext for phishing attacks, JSDA said. “Taking advantage of this situation, we have also received many reports of emails being sent in the name of the Japan Securities Dealers Association or securities companies, warning people to be careful of phishing scams, with the aim of getting people to click on suspicious URLs,” the JSDA said. Chinese Stocks Left in Hacked Trading Accounts The number of unauthorized account accesses has also increased sharply in recent months, from 43 in February to 1,422 in March, and 1,847 through the first 16 days of April, for a three-month total of 3,312 compromised accounts, according to the FSA. In most cases, the FSA said “fraudsters gain unauthorized access to victim accounts and manipulate them to sell stocks etc. in the accounts, and use the proceeds to buy Chinese stocks etc. As a result of the fraudulent transactions, the Chinese stocks etc. remain in the victim accounts.” That suggests that share price manipulation could be one possible motive of the fraudulent transactions, to artificially move the share prices of Chinese stocks and other targeted securities that the fraudsters may have a position in. While the FSA listed total sales (50.6 billion yen) and purchase amounts (44.8 billion yen) for the fraudulent trades over the last three months, the agency noted that those figures do not equate to investor losses from the scams, merely the total amount of the transactions. Protecting Against Hacked Trading Accounts The FSA and JSDA both issued steps investors should take to protect themselves from account hacks. Don’t open links contained in emails or texts “even if the sender looks familiar.” Bookmark the correct website URL for your security company and access it only from the bookmark. Enable enhanced security features offered by securities companies such as multi-factor authentication and notification services when logging in, executing a trade, and withdrawing funds, and watch for suspicious transactions. Don’t reuse passwords, and don’t use simple passwords that are easy to guess. Combine numbers, uppercase and lowercase letters, and symbols. The FSA urged account holders to check the status of their accounts frequently, “and if you suspect that you may have entered information on a suspicious website or are engaged in suspicious transactions, contact the inquiry desk of your securities company and change your passwords immediately.” Dark web monitoring is a good resource for discovering leaked account credentials, both for financial services companies and their customers.

Senators Peters and Rounds Lead Bipartisan Push to Extend Critical Cybersecurity Information Sharing Protections

cyberexpress Apr 21, 2025 Firewall Daily

U.S. Senators Gary Peters (D-MI) and Mike Rounds (R-SD) have introduced a bipartisan bill to extend vital provisions from the Cybersecurity Information Sharing Act of 2015. The new legislation, titled the Cybersecurity Information Sharing Extension Act, seeks to maintain and strengthen information-sharing mechanisms show more ...

between the private sector and the federal government, particularly through the Department of Homeland Security (DHS). The original Cybersecurity Information Sharing Act was enacted in 2015 to encourage businesses to voluntarily share cybersecurity threat indicators, such as software vulnerabilities, malware signatures, and malicious IP addresses, with the federal government. This collaborative model has been a cornerstone in protecting critical infrastructure and private data from a wide range of cyber threats, including attacks from nation-state actors and cybercriminals. With the original provisions set to expire, the Cybersecurity Information Sharing Extension Act would renew them for an additional ten years, preserving legal protections that have encouraged companies to share threat data without fear of legal or regulatory repercussions. The Bipartisan Bill “As cybersecurity threats grow increasingly sophisticated, information sharing is not just valuable—it remains essential for our national security,” said Senator Peters, who serves as the Ranking Member of the Homeland Security and Governmental Affairs Committee. “For the past ten years, these critical protections have helped to address rapidly evolving cybersecurity threats, and this bipartisan bill will renew them so we can continue this collaborative partnership between the private sector and government to bolster our nation’s cybersecurity defenses against a wide range of adversaries.” Senator Rounds echoed these sentiments, emphasizing the necessity of maintaining these legal protections to ensure continued cooperation across the public and private sectors. “The Cybersecurity Information Sharing Act of 2015 has been instrumental in strengthening our nation’s cyber defenses by enabling critical information sharing between the private sector and government,” said Rounds. “Allowing this legislation to lapse would significantly weaken our cybersecurity ecosystem, removing vital liability protections and hampering defensive operations across both the defense industrial base and critical infrastructure sectors.” Supporting Cybersecurity in the Region Since its inception, the legislation has helped uncover and mitigate major cyber incidents, including the high-profile SolarWinds attack, as well as ongoing campaigns like Volt Typhoon and Salt Typhoon. These incidents demonstrated the need for rapid, coordinated responses, which were made possible through the sharing of actionable threat intelligence. Moreover, the Department of Homeland Security (DHS), primarily through the Cybersecurity and Infrastructure Security Agency (CISA), has leveraged this shared information to support federal, state, and local agencies, as well as private companies across critical sectors. Through initiatives like the Joint Cyber Defense Collaborative and Information Sharing and Analysis Centers (ISACs), CISA ensures that threat alerts are disseminated widely to help communities and businesses preempt and respond to attacks. Importantly, the legislation also includes strong privacy safeguards. It mandates that personally identifiable information (PII) be stripped from threat data before it is shared, ensuring that public safety does not come at the expense of individual privacy rights. Senator Peters has been a longstanding advocate for improving cybersecurity preparedness. His legislative efforts have led to the enactment of several bipartisan bills aimed at enhancing cybersecurity support for K-12 schools, securing federal supply chains, strengthening the cybersecurity workforce, and improving protection for state and local governments. He also authored a landmark provision requiring critical infrastructure entities to report major cyber incidents or ransomware payments to CISA. Conclusion The reauthorization of the Cybersecurity Information Sharing Extension Act reflects a strong commitment to staying protected from threats by fostering ongoing collaboration between the government and the private sector. With cyberattacks growing more frequent and targeted, the legislation introduced by Senators Peters and Rounds takes a crucial step in reinforcing the nation's digital defenses. As the bill advances through Congress, it marks an important moment of bipartisan cooperation in cybersecurity, demonstrating that addressing cyber threats effectively requires a unified approach and sustained partnership between the public and private sectors.

Ahold Delhaize USA Confirms Data Stolen in 2024 Cyberattack

cyberexpress Apr 21, 2025 Cyber News

Ahold Delhaize USA, the parent company of several well-known American supermarket brands, has confirmed that data was stolen during a cyberattack that took place in the fall of 2024. The company shared an update on Thursday, revealing that hackers managed to extract files from internal business systems connected to show more ...

the earlier security breach. "Based on our investigation to date, we believe certain files were taken from some of our internal U.S. business systems in connection with the prior cybersecurity issue," read the company's statement. Ahold Delhaize USA operates over 2,000 grocery stores across the country, including major names like Stop & Shop, Food Lion, Giant Food, and Hannaford. In November 2024, the company reported disruptions that impacted online grocery ordering and caused temporary website outages for some of its supermarket chains. The company acted quickly at that time to restore its operations. “Our teams have been working diligently to determine what information may have been affected,” the company stated in its latest update. Ongoing Investigation of Ahold Delhaize USA Reveals Data Theft The Ahold Delhaize cyberattack has now been linked to the theft of certain files from internal U.S. business systems. While Ahold Delhaize USA did not detail exactly what kind of data was taken, it has assured that its teams are working hard to determine what information may have been affected. “We will notify affected individuals in accordance with our legal obligations,” the company said. Law enforcement agencies have also been informed and updated about the development. The company emphasized that protecting the information of its customers, employees, and vendors remains a top priority. INC Ransom Gang Takes Responsibility The INC Ransom gang has come forward, claiming responsibility for the cyberattack on Ahold Delhaize. In a post made earlier this week, the cybercriminal group claimed it stole six terabytes of data from Ahold Delhaize USA. As of this writing, The Cyber Express has reached out to Ahold Delhaize for further clarification regarding this claim, but the company has not responded. Who is INC Ransom? According to cybersecurity researchers at Cyble, INC Ransom (also known by the alias GOLD IONIC) is a highly active ransomware and extortion group. The group has been operating since at least July 2023 and has targeted a broad spectrum of industries worldwide, including healthcare, education, government, and now retail. INC Ransom is known for its advanced attack methods, often using multiple tools and malware families to infiltrate systems and steal data. These include: AdFind – A tool used to gather information from Active Directory environments PsExec – A command-line tool used to execute processes on remote systems Rclone – A command-line program used to manage files on cloud storage platforms The group’s reach is global, with confirmed attacks in countries such as the United States, the United Kingdom, Australia, France, Germany, Italy, the Philippines, and many more. A Series of Global Cyberattacks The Ahold Delhaize USA cyberattack is not the first major attack claimed by INC Ransom. In June 2024, the group was allegedly behind a cyberattack on ControlNET LLC, a U.S.-based provider of building technology solutions. ControlNET specializes in HVAC, lighting, video surveillance, access control, and power systems. In that case, the ransomware group not only claimed to have gained access to the company’s network but also released sensitive information to back their claims. The leaked data included: Invoice records Building floor plans Internal email communications Sample project folders involving ControlNET’s clients INC Ransom also claimed to have targeted Rockford Public Schools as part of the same attack vector, suggesting a potential supply chain risk. Why This Matters Cyberattacks like these are a growing concern for companies and consumers alike. For organizations such as Ahold Delhaize USA, which rely on technology to manage inventory, process payments, and offer online services, even a short disruption can cause significant operational and financial harm. When customer or employee data is involved, the risks extend far beyond temporary inconvenience. Leaked data can include sensitive personal information that could be used in phishing scams, identity theft, or even targeted attacks on individuals and other companies. The fact that INC Ransom claims to have stolen six terabytes of data is alarming. While Ahold Delhaize USA has not confirmed the volume or nature of the stolen information, such a large quantity could potentially include anything from employee records and vendor contracts to internal communications and system configurations. What Consumers Should Do If you shop at Stop & Shop, Hannaford, Food Lion, or Giant Food, keep an eye out for communications from the company. If your data was involved, you should receive an official notice with next steps. In the meantime, customers are advised to: Monitor their email and bank accounts for unusual activity Be cautious of phishing attempts pretending to be from Ahold Delhaize or its supermarket brands Change passwords for online accounts related to grocery shopping, especially if the same password is used elsewhere As ransomware groups like INC Ransom continue to adapt and strike globally, companies must prioritize cybersecurity at every level—from their internal systems to vendor relationships and beyond.

Update PyTorch ASAP | Kaspersky official blog

kaspersky Apr 21, 2025 Business

A researcher has discovered a vulnerability in PyTorch, an open-source machine learning framework. The vulnerability, registered as CVE-2025-32434, belongs to the Remote Code Execution (RCE) class and has a 9.3 CVSS rating, meaning it is categorized as critical. Exploitation of CVE-2025-32434 under certain conditions show more ...

allows an attacker to run arbitrary code when malicious AI model is being loaded on the victims computer. Anyone using PyTorch is advised to update the framework to the latest version as soon as possible. The CVE-2025-32434 vulnerability The PyTorch framework, among other things, allows users to save trained models to a file that stores the weights. And, of course, load them from the file using the torch.load() function. Trained models are often shared via various public repositories and, theoretically, they may contain malicious implants. Therefore, the official documentation of the PyTorch project recommends using the torch.load() function with the weights_only=True parameter for security purposes (this way, only primitive data types are loaded: dictionaries, tensors, lists, and so on). The vulnerability CVE-2025-32434 exists due to an incorrectly implemented deserialization mechanism when loading a model. The researcher who discovered it, demonstrated that an attacker can create a model file in such a way that the weights_only=True parameter will lead to the exact opposite effect —while loading of this malicious model will lead to arbitrary code execution that can compromise the environment in which the model is run. How to stay safe? The researcher did not publish a detailed method for exploiting this vulnerability, and at the moment there is no evidence that someone is using CVE-2025-32434 in real attacks. However, the very fact of releasing a patch always attracts both researchers and attackers to the problem, so proof-of-concept exploits are most likely already being developed. The team responsible for developing the PyTorch framework released update 2.6.0, in which the vulnerability CVE-2025-32434 was successfully fixed. All previous versions, up to 2.5.1, remain vulnerable and should be updated as soon as possible. If this is not possible for some reason, then researchers recommend to refrain from using the torch.load() function with the weights_only=True parameter and temporarily switch to alternative methods of model loading. In addition, we recommend paying special attention to protecting virtual and cloud environments this is easiest to do using specialized solutions.

The Global AI Race: Balancing Innovation and Security

darkreading Apr 21, 2025 Feed

The AI security race is on — and it will be won where defenders come together with developers and researchers to do things right.

Nation-State Threats Put SMBs in Their Sights

darkreading Apr 21, 2025 Feed

Cyberthreat groups increasingly see small and medium-sized businesses, especially those with links to larger businesses, as the weak link in the supply chain for software and IT services.

'Fog' Hackers Troll Victims With DOGE Ransom Notes

darkreading Apr 21, 2025 Feed

Since January, threat actors distributing the malware have notched up more than 100 victims.

Can Cybersecurity Weather the Current Economic Chaos?

darkreading Apr 21, 2025 Feed

Cybersecurity firms tend to be more software- and service-oriented than their peers, and threats tend to increase during a downturn, leaving analysts hopeful that the industry will buck a recession.

'Elusive Comet' Attackers Use Zoom to Swindle Victims

darkreading Apr 21, 2025 Feed

The threat actor uses sophisticated social engineering techniques to infect a victim's device, either with an infostealer or remote access Trojan (RAT).

ASUS Urges Users to Patch AiCloud Router Vuln Immediately

darkreading Apr 21, 2025 Feed

The vulnerability is only found in the vendor's router series and can be triggered by an attacker using a crafted request — all of which helps make it a highly critical vulnerability with a 9.2 CVSS score.

Two top cyber officials resign from CISA

cyware Apr 21, 2025 Government

Bob Lord and Lauren Zabierek both posted on LinkedIn Monday morning that they were resigning from the Cybersecurity and Infrastructure Security Agency.

Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts

cyware Apr 21, 2025 Cybercrime

Japanese regulators published an urgent warning about hundreds of millions of dollars worth of unauthorized trades being conducted on hacked brokerage accounts in the country.

Southeast Asian cyber fraud industry at ‘inflection point’ as it expands globally

cyware Apr 21, 2025 Government

Despite China- and Thailand-led crackdowns on scam compounds in Myanmar, the organized crime groups behind the cyber scam industry are growing increasingly professional and deepening ties with other regions and illicit actors.

Texas city takes systems offline after cyberattack

cyware Apr 21, 2025 News

The city of Abilene disconnected servers after officials detected a cyber incident last week.

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

thehackernews Apr 21, 2025 Feed

Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week. "Net

5 Reasons Device Management Isn't Device Trust

thehackernews Apr 21, 2025 Feed

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture. The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device

⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

thehackernews Apr 21, 2025 Feed

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature,

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

thehackernews Apr 21, 2025 Feed

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). "In some systems, initial access was gained through

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

thehackernews Apr 21, 2025 Feed

A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to

Phishing attacks leveraging HTML code inside SVG files – Source: securelist.com

ciso2ciso Apr 21, 2025 .svg

Source: securelist.com – Author: Roman Dedenok With each passing year, phishing attacks feature more and more elaborate techniques designed to trick users and evade security measures. Attackers employ deceptive URL redirection tactics, such as appending malicious website addresses to seemingly safe links, embed show more ...

links in PDFs, and send HTML attachments that either host the entire […] La entrada Phishing attacks leveraging HTML code inside SVG files – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Ensuring a Safe Environment with Least Privilege – Source: securityboulevard.com

ciso2ciso Apr 21, 2025 Cyber Security News

Source: securityboulevard.com – Author: Amy Cohn Why Is Least Privilege Fundamental to Creating Safe Environments? Data is the new gold. If data volumes surge, so do cyber threats, making data protection a top priority. The principle of least privilege (POLP) crucially comes to play here. But what is least show more ...

privilege, and how does it contribute […] La entrada Ensuring a Safe Environment with Least Privilege – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Protected NHIs: Key to Cyber Resilience – Source: securityboulevard.com

ciso2ciso Apr 21, 2025 Cloud Security

Source: securityboulevard.com – Author: Amy Cohn Why is Management of Protected NHIs Essential? Protected Non-Human Identities (NHIs) have become a crucial factor for organizations looking to strengthen their cybersecurity framework. Given the surge in hacking attempts and data breaches, it is pertinent to ask, show more ...

“How crucial are protected NHIs in ensuring cyber resilience?” Let’s delve […] La entrada Protected NHIs: Key to Cyber Resilience – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

BSidesLV24 – Common Ground – Free Your Mind: Battling Our Biases – Source: securityboulevard.com

ciso2ciso Apr 21, 2025 BSides Las Vegas 2024

Source: securityboulevard.com – Author: Marc Handelman Home » Security Bloggers Network » BSidesLV24 – Common Ground – Free Your Mind: Battling Our Biases Author/Presenter: dade Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. show more ...

Originating from the conference’s events located at the Tuscany Suites & Casino; and via the […] La entrada BSidesLV24 – Common Ground – Free Your Mind: Battling Our Biases – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

AI-Powered Cybersecurity Content Strategy: Dominating B2B Search Rankings in 2025 – Source: securityboulevard.com

ciso2ciso Apr 21, 2025 Cyber Security News

Source: securityboulevard.com – Author: Deepak Gupta – Tech Entrepreneur, Cybersecurity Author The search landscape is undergoing a profound transformation driven by artificial intelligence. This detailed research article explores how AI is reshaping search engines and SEO practices, and provides show more ...

actionable recommendations for adapting to this evolving environment. The strategy covers the current state of AI […] La entrada AI-Powered Cybersecurity Content Strategy: Dominating B2B Search Rankings in 2025 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The Significance of Cybersecurity within AI Governance – Source: www.cyberdefensemagazine.com

ciso2ciso Apr 21, 2025 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team In everyday life, AI integration rapidly changes traditional consumers’ shopping experiences, changes work scenarios at work spots, and health provision. With the impacts that AI strikes to the world, many changes develop due to its use; however, the show more ...

involvement in decision-making attracts critical challenges on its ethical usage and […] La entrada The Significance of Cybersecurity within AI Governance – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The Evolution of SOC: Harnessing Data, AI and Automation – Source: www.cyberdefensemagazine.com

ciso2ciso Apr 21, 2025 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team The modern Security Operations Center (SOC) faces an ever-growing tide of data, fueled by the explosion of connected devices, cloud migration, and increasingly sophisticated cyberattacks while the growing impact of automation and artificial intelligence show more ...

remains vital to achieving a robust and efficient SOC. SOC teams should aim to shift […] La entrada The Evolution of SOC: Harnessing Data, AI and Automation – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42 – Source: securityaffairs.com

ciso2ciso Apr 21, 2025 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42 | Security Affairs newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION | Attackers exploited SonicWall SMA appliances since January 2025 | ASUS routers with AiCloud show more ...

vulnerable to auth bypass exploit | U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to […] La entrada SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42 – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Security Affairs newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION – Source: securityaffairs.com

ciso2ciso Apr 21, 2025 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers show more ...

exploited SonicWall SMA appliances since January 2025 ASUS routers with AiCloud […] La entrada Security Affairs newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.