Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Ofcom Finalizes Onli ...

 Policy Updates

The United Kingdom communications regulator Ofcom has finalized a comprehensive set of child safety rules under the Online Safety Act, ushering in what it calls a “reset” for how children experience the internet. Announced Thursday, the new regulations require over 40 practical safeguards for apps, websites, and   show more ...

online platforms accessed by children in the UK. These range from filtering harmful content in social feeds to robust age checks and stronger governance requirements. The measures apply to platforms in social media, gaming, and search—any online service likely to be accessed by children under 18. “These changes are a reset for children online,” said Dame Melanie Dawes, Ofcom’s Chief Executive. “They will mean safer social media feeds with less harmful and dangerous content, protections from being contacted by strangers and effective age checks on adult content. If companies fail to act they will face enforcement.” The finalized Codes of Practice are the product of consultations with over 27,000 children, 13,000 parents, civil society organizations, child protection experts, and tech companies. The rules will be enforceable from July 25, 2025. Algorithmic Filters, Age Assurance, and Governance A key focus of the reforms targets personalized recommendation algorithms—often the pathway through which children are exposed to harmful content. Under the new rules, platforms using recommender systems must filter out harmful material from children’s feeds if they pose medium or high risks. The rules also impose mandatory age assurance on the most high-risk services. Platforms must verify users’ ages with a high degree of accuracy, and if unable to do so, must assume children are present and provide an age-appropriate experience. In some cases, this may mean blocking children’s access entirely to certain content, features, or services. In addition, all providers must maintain fast-action processes to quickly assess and remove harmful material once identified. “These reforms prioritize safety-by-design,” said a UK-based child safety policy expert. “The burden is finally shifting onto platforms to proactively assess and mitigate risks, rather than waiting for harm to happen.” Child Safety Rule: More Control, Better Support for Children Beyond content moderation, the rules talk about giving children more control over their online environment. Required features include: The ability to decline group chat invites. Tools to block or mute accounts. The option to disable comments on their own posts. Mechanisms to flag content they do not wish to see. Services must also provide supportive information to children who search for or encounter harmful material, including around topics like self-harm, suicide, or eating disorders. Clear and accessible reporting and complaint tools are also mandatory. Ofcom requires platforms to ensure their terms of service are understandable to children and that complaints receive timely, meaningful responses. Accountability at the Top A standout requirement under the new framework is "strong governance." Every platform must designate a named individual responsible for children’s safety, and senior leadership must annually review risk management practices related to child users. “These aren’t just tech tweaks. This is a cultural shift in corporate responsibility,” said the child saffety policy expert. “They [Ofcom] are holding leadership accountable for keeping children safe.” Also read: Australia Gives Online Industry Ultimatum to Protect Children from Age-Explicit Harmful Content Enforcement, Deadlines, and What’s Next Tech firms have until July 24, 2024, to finalize risk assessments for services accessed by UK children. From July 25, 2025, they must implement the measures outlined in Ofcom’s Codes—or demonstrate alternative approaches that meet the same safety standards. Ofcom has the authority to issue fines or apply to the courts to block access to non-compliant sites in the UK. The child safety measures build upon earlier rules introduced under the Online Safety Act to prevent illegal harms, such as grooming and exposure to child sexual abuse material (CSAM). They also complement new age verification requirements for pornography websites. More regulations are expected soon. Ofcom plans to launch a follow-up consultation on: Banning accounts found to have shared CSAM. Crisis response protocols for real-time harms. AI tools to detect grooming and illegal content. Hash matching to prevent the spread of non-consensual intimate imagery and terrorist material. Tighter controls around livestreaming, which presents unique risks for children. “Children deserve a safer internet. This framework lays the foundation, but we’re not stopping here,” Ofcom said in a statement. Resources for Parents and Children To accompany the new regulations, Ofcom published guidance for parents, including videos and answers to common safety questions. It also launched child-friendly content explaining what changes children can expect in their favorite apps and platforms. As the codes go before Parliament for final approval, stakeholders across the tech ecosystem will be watching closely. For many, this marks a critical test of how well regulatory bodies can compel tech giants to prioritize child safety over engagement metrics.

image for Cybercrime Losses Ju ...

 Cyber News

The Federal Bureau of Investigation (FBI) has released its latest Internet Crime Report for 2024, revealing a steep rise in cybercrime-related losses and spotlighting the growing challenges in securing the digital lives of individuals and businesses across the globe. According to the report, the FBI’s Internet Crime   show more ...

Complaint Center (IC3) received 859,532 complaints last year, with reported losses totaling more than $16 billion—a significant 33% increase compared to 2023. The report provides a comprehensive snapshot of cyber-enabled crimes affecting citizens in the U.S. and internationally. Top Internet Crimes in 2024 The most common types of internet crime reported were: Phishing/Spoofing Extortion Personal Data Breaches These categories dominated complaint submissions, showing how scammers continue to rely on proven methods of manipulation and deception to steal personal information, money, and access credentials. However, when it comes to financial losses, investment fraud, particularly those involving cryptocurrencies, was the most damaging. Victims reported losses exceeding $6.5 billion, highlighting how scammers are capitalizing on the popularity and complexity of digital currencies. Senior Citizens Hit the Hardest In 2024, Americans aged 60 and above filed the most cybercrime complaints—147,127 in total, with reported losses exceeding $4.8 billion. This demographic was not only the most targeted but also the most financially affected. [caption id="attachment_102213" align="aligncenter" width="685"] Source: FBI[/caption] Individuals in the 50-59 age group followed with $2.5 billion in losses, while those between 40-49 suffered $2.2 billion in financial damage. Although younger age groups, such as those under 20, filed fewer complaints and faced smaller monetary losses, the report indicates no age group is immune to cyber threats. Cybercrime Trends: 2020–2024 According to IC3 report, the number of annual complaints has remained consistently high, with 2023 peaking at nearly 890,000 complaints. While there was a slight dip in complaint volume in 2024 to around 860,000, financial losses hit more than $16 billion. Over the last five years alone, IC3 has recorded 4.2 million complaints totaling $50.5 billion in losses, averaging 836,000 complaints annually. Since its inception in 2000, the IC3 has received more than 9 million complaints, highlighting the growing scale and sophistication of cybercrime. [caption id="attachment_102216" align="aligncenter" width="744"] Source: FBI[/caption] Cyber-Enabled Fraud: A Closer Look Cyber-enabled fraud accounted for 83% of all reported losses in 2024. This broad category includes crimes where the internet or digital tools are used to commit fraud, steal identities, or impersonate services. Some notable trends include: Call Center Scams: Over 53,000 complaints led to $1.9 billion in losses. These typically involve scammers pretending to be representatives from tech companies or financial institutions. Tech Support Scams: An increase was seen in fake tech support calls, especially targeting older adults. These scams often direct victims to send cash by mail or wire funds under false pretenses. Gold Courier Scams: In one of the most financially damaging schemes, 525 complaints led to $219 million in losses. In these scams, victims are tricked into sending gold or cash via couriers who claim to be officials or bank representatives. Toll and Emergency Scams: These included 59,271 complaints and 357 complaints, respectively, highlighting smaller-scale but still harmful frauds involving unpaid toll claims or fake family emergencies. The FBI also issued alerts for "smishing" scams—fraudulent text messages that trick victims into clicking malicious links or revealing personal data—and scams targeting senior citizens with fake “grandchild in trouble” stories. Ransomware on the Rise Another troubling trend in 2024 was the appearance of 67 new ransomware variants, adding to the already complex cyber threat landscape. The most commonly reported new variants were: FOG Lynx Cicada 3301 Dragonforce Frag These ransomware types often target businesses and infrastructure by encrypting systems and demanding ransom payments, sometimes in cryptocurrency. Information about these variants is passed to FBI field offices to help identify and counteract threats in real-time. FBI Director Emphasizes Importance of Reporting FBI Director Kash Patel urged citizens to report suspicious online activity, emphasizing that public participation is essential in combating cybercrime. “Reporting is one of the first and most important steps in fighting crime so law enforcement can use this information to combat a variety of frauds and scams,” said Director Patel. “The IC3, which is celebrating its 25th anniversary this year, is only as successful as the reports it receives.” The IC3 platform has become a cornerstone of cybercrime prevention, averaging 836,000 complaints per year, covering a wide range of internet-based fraud schemes. Global Reach of Cybercrime Internet crime isn’t limited to the United States. In 2024, IC3 received complaints from over 200 countries, with the United Kingdom, Canada, India, and Australia among the top reporting countries outside the U.S. This international participation provides critical data on how criminals are operating across borders. It also offers insights into where stolen funds are being sent and which countries are most affected. How the FBI’s IC3 Is Fighting Back Since its launch in May 2000, the Internet Crime Complaint Center has become a vital resource for law enforcement, compiling over nine million complaints to date. By analyzing submitted data, the IC3 identifies patterns, flags new scams, and partners with law enforcement agencies and private sector organizations. Performing analysis, complaint referrals, and freezing illicit assets Providing a central hub for public alerts Partnering with private and government sectors to strengthen response Hosting a secure portal for public crime reporting Offering a remote access database for law enforcement [caption id="attachment_102214" align="aligncenter" width="700"] Source: FBI[/caption] The 2024 Internet Crime Report is more than just a summary—it’s a call to action. It shows the value of reporting even minor incidents. The more detailed and timely the information, the better equipped the FBI and its partners are in combating these crimes. How to Stay Protected The FBI recommends a few key practices to protect against online fraud: Be skeptical of unsolicited emails or calls requesting personal or financial information. Never send money or personal data to unknown parties, especially through unsecured or unconventional methods. Enable multi-factor authentication on all your online accounts. Regularly check IC3 alerts and FBI consumer notices for the latest scam trends. If you or someone you know has fallen victim to a cyber-enabled scam, file a complaint on the IC3 website as soon as possible. The more accurate and complete the report, the more helpful it is in the fight against cybercrime.

image for DslogdRAT Malware De ...

 Malware News

A new wave of attacks targeting Ivanti Connect Secure VPN devices has revealed a stealthy malware strain known as DslogdRAT, deployed alongside a simple but effective Perl web shell. Security researchers at JPCERT/CC identified these infections during a forensic investigation into exploitation of CVE-2025-0282—a   show more ...

zero-day vulnerability abused in December 2024 attacks on Japanese organizations. DslogdRAT Initial Access via Lightweight Web Shell The attackers initially deployed a Perl-based CGI script as a web shell. By checking the value of a specific cookie, the script could run arbitrary commands when the cookie matched a hardcoded token. This barebones backdoor enabled remote command execution on compromised Ivanti devices and likely served as the launchpad for deploying DslogdRAT. Once launched, DslogdRAT establishes persistence through a multi-process design. The main process spawns a child and exits, while the first child enters a persistent loop and creates a second child tasked with command-and-control (C2) communication. This core process uses the pthread library to manage a dedicated thread for communicating with its remote C2 server. The communication routine includes retrieving configuration data, managing sockets, and handling commands received from the attacker. According to JPCERT/CC’s analysis, the C2 communications are XOR-encoded in 7-byte blocks, using keys from 0x01 to 0x07. Malware Configuration: Operating Hours and C2 Details The DslogdRAT binary contains hardcoded and XOR-encoded configuration data. After decoding, researchers found settings tailored for evasion and operational control. For example, the malware is programmed to activate only between 8:00 AM and 2:00 PM—likely to blend in with normal business activity and evade anomaly detection tools. Key configuration details include: C2 server IP: 3.112.192[.]119 Port: 443 Command shell: /bin/sh Proxy setup: 127.0.0.1, user: admin, password: admin Thread and file references: /home/bin/dslogd, [kworker/0:02] The design shows clear intent to avoid detection and maintain a foothold while operating within seemingly normal traffic windows. Capabilities: From Shell Execution to Full Proxy Support DslogdRAT can handle a wide range of functions. These include uploading and downloading files, executing shell commands, and serving as a proxy tunnel—effectively allowing lateral movement or data exfiltration via other compromised assets. Supported command values include: File transfers: 0x4, 0x8, 0xA Shell operations: 0xC to 0xE Proxy services: 0x13 to 0x18 Forwarding and redirection: 0x28, 0x29 During initial C2 contact, the malware sends a system fingerprint using a structured packet that includes encoded host information, designed for parsing by the operator’s server-side tooling. Overlap with SPAWNSNARE Malware Researchers also observed the SPAWNSNARE backdoor on the same compromised systems. This malware, linked to Chinese threat actor UNC5221, had previously been disclosed by both Google and CISA in April 2025. While no direct attribution links DslogdRAT to the same actor, the concurrent presence of both malware strains suggests possible coordination or toolset sharing. Also read: CISA Details New Malware Used in Ivanti Attacks Security Advisory and Outlook Japan’s JPCERT/CC and U.S. CISA have issued alerts about the vulnerabilities affecting Ivanti Connect Secure, particularly CVE-2025-22457. These incidents are part of a broader wave of state-aligned cyber activity targeting edge devices and VPN appliances—favored targets due to their position in network perimeters and often-lax patching cycles. Organizations using Ivanti Connect Secure are urged to apply available patches immediately, conduct forensic reviews of their appliances, and monitor for known indicators of compromise (IoCs), including: Malware hash: 1dd64c00f061425d484dd67b359ad99df533aa430632c55fa7e7617b55dab6a8 Web shell path: /home/webserver/htdocs/dana-na/cc/ccupdate.cgi C2 IP: 3.112.192[.]119 The DslogdRAT intrusion reveals a layered and disciplined intrusion strategy exploiting zero-day flaws in Ivanti systems. With distinct operating windows, encoded communications, and modular capabilities, the malware reflects an ongoing evolution in stealth-focused, post-exploitation tooling. As exploitation of Ivanti vulnerabilities continues, defenders must prioritize threat hunting and network segmentation to limit potential lateral movement.

image for South Korea Accuses ...

 Firewall Daily

Chinese artificial intelligence startup DeepSeek has come under intense scrutiny from South Korean authorities for allegedly transferring user data and AI prompts without proper consent. The controversy erupted after Korea’s data protection authority, the Personal Information Protection Commission (PIPC), released a   show more ...

detailed statement on April 18, 2025, accusing Hangzhou DeepSeek Artificial Intelligence Co. Ltd. of bypassing user permissions during its South Korean launch in January.  According to the PIPC, when the DeepSeek app was still available in the Korean app market, the company transmitted personal information and user-entered AI prompts to entities in both China and the United States without obtaining prior user consent. These actions directly violated South Korea’s stringent privacy laws and have led to the suspension of the app’s downloads within the country since February 2025.  The DeepSeek User Data Controversy  The Commission further revealed that content input by users into the AI system was being shared with Beijing Volcano Engine Technology Co. Ltd., along with data about users' devices, networks, and application usage. DeepSeek later responded that this data transfer was intended to enhance the user experience, and stated it halted the practice as of April 10. However, the damage had already been done, and questions around data security and ethical use of artificial intelligence were raised globally, reported Reuters. The Cyber Express reached out to DeepSeek to learn more about the situation. However, at the time of writing this, no official statement or response has been shared addressing the data privacy violations.  DeepSeek’s Meteoric Rise and the Fallout  Founded in 2023, DeepSeek rapidly became a disruptive force in the AI landscape. It claimed that its models—including DeepSeek-V3, DeepSeek-R1, and Janus-Pro—could rival industry giants like OpenAI and Stability AI, but at a fraction of the cost and energy consumption. In January, DeepSeek's app soared to the top of Apple’s App Store rankings in the U.S., surpassing even ChatGPT.  The company submitted a paper to arXiv asserting that its DeepSeek-R1 model delivered reasoning capabilities comparable to OpenAI’s proprietary offerings. These claims, while still unverified, have been deemed “plausible” by at least one independent researcher.  Following its breakout performance, DeepSeek alleged that it was targeted by “large-scale malicious attacks,” which coincided with a sharp decline in shares of leading AI chip providers like NVIDIA and Broadcom. NVIDIA alone recorded a staggering $589 million market cap loss in a single day.  DeepSeek’s Popularity Exploited by Cybercriminals  With its rapid success, DeepSeek has also attracted the attention of cybercriminals. Cybersecurity firm Cyble reported a surge in phishing, malware, and investment scams leveraging the company's name and reputation. Their research division, Cyble Research and Intelligence Labs (CRIL), identified multiple fraudulent domains impersonating DeepSeek:  abs-register[.]com  deep-whitelist[.]com  deepseek-ai[.]cloud  deepseek[.]boats  deepseek-shares[.]com  deepseek-aiassistant[.]com  usadeepseek[.]com  [caption id="" align="alignnone" width="602"] Crypto phishing website impersonating DeepSeek (Source: Cyble)[/caption] These websites were found to host deceptive QR code-based phishing schemes designed to steal cryptocurrency and personal data. In some instances, users were tricked into scanning QR codes that compromised their wallets by mimicking legitimate wallet connection interfaces.  A particularly concerning site, deepseek-shares[.]com, falsely claimed to offer pre-IPO shares in DeepSeek—despite the company being privately held and having made no announcements regarding an IPO. Cyble warned that these fake investment sites are particularly dangerous due to their ability to exploit the hype surrounding DeepSeek.  International Backlash and Security Concerns  Beyond South Korea, DeepSeek has faced international backlash. Taiwan’s Ministry of Digital Affairs banned the use of the DeepSeek AI chatbot in the public sector in February. The ban came after the chatbot responded to politically sensitive questions, such as “Is Taiwan a country?” by aligning with China’s official stance, causing concern over potential political bias.  The ban extended to government agencies, public schools, and critical infrastructure, citing risks associated with cross-border data transmission. Radio Free Asia also reported on the ban, highlighting Taiwan’s efforts to safeguard national information security.  In the U.S., agencies such as the U.S. Navy, NASA, and congressional offices have reportedly advised against using DeepSeek, citing national security risks due to the AI’s overseas data storage. Japanese officials, including legislator Itsunori Onodera, also voiced concerns after DeepSeek’s responses aligned with Chinese territorial claims in disputed regions.  Conclusion  DeepSeek’s rise reflects a larger trend in artificial intelligence—fast-paced innovation accompanied by growing concerns over privacy, ethics, and cybersecurity. The DeepSeek app continues to be under intense scrutiny, and the company’s future may hinge on how quickly it can address its security flaws and regain trust.  This is an ongoing story, and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the data privacy controversy or any official statement from the company.  

image for BCPS Cyberattack Con ...

 Cyber News

The Baltimore City Public Schools system has confirmed a cybersecurity incident that compromised the personal information of certain individuals associated with the district, including current and former employees, volunteers, contractors, and a small percentage of students. This Baltimore City Public Schools   show more ...

cyberattack, which occurred on February 13, 2025, is currently under investigation with assistance from law enforcement and cybersecurity professionals. Baltimore City Public Schools Cyberattack Key Takeaways: Incident Date: February 13, 2025 Impact: Employee, volunteer, contractor, and student information compromised Student Data: Less than 1.5% of the student population affected Response: Law enforcement notified, systems secured, credit monitoring offered Next Steps: Call center support, ongoing cybersecurity upgrades, forensic audit What Happened? On February 13, Baltimore City Public Schools (BCPS) detected unusual activity affecting parts of its IT network. Immediate steps were taken to contain the incident, which included notifying law enforcement, initiating an internal investigation, and securing the compromised systems. In coordination with cybersecurity experts, a thorough investigation was carried out, revealing that criminal actors had accessed and possibly exfiltrated certain documents from the district’s network. The cyberattack on Baltimore City Public Schools affected information related to some staff, volunteers, and contractors, particularly those who had completed background checks or I-9 verification during onboarding. Additionally, data involving less than 1.5% of the student population was found in the compromised files. What Information Was Involved? The stolen or accessed files potentially included: For Employees, Volunteers, and Contractors: Social Security numbers, driver’s license numbers, and passport numbers tied to background checks and I-9 verification. For Students (Less Than 1.5%): Call logs, absentee records, student data, and in limited cases, information about maternity status. Despite the Baltimore City Public Schools data breach, school operations and critical services remained largely undisturbed thanks to a swift and aggressive response by the district's IT team and investigators. How Is Baltimore City Public Schools Responding? Baltimore City Public Schools has taken several critical steps in the aftermath of this cybersecurity incident to protect those affected and bolster its digital defenses: Notification Letters: On April 22, 2025, City Schools began mailing out letters to individuals whose data may have been compromised. These letters include details about what was affected and instructions on accessing free protective services. Credit Monitoring Services: Impacted individuals have been offered complimentary 24-month credit monitoring and identity protection services. These are designed to detect and alert users to suspicious activity and help mitigate the risk of identity theft. Call Center for Support: A dedicated call center has been established to answer questions and guide individuals through the enrollment process for the monitoring services. Cybersecurity Enhancements: In response to the breach, BCPS has implemented a range of cybersecurity upgrades: Installation of endpoint detection and response (EDR) tools across its network. Resetting all user passwords district-wide. Conducting a full forensic audit to understand the method of intrusion and enhance existing security protocols. Ongoing review and revision of policies to ensure proactive defense against evolving cyber threats. Commitment to Transparency and Security Baltimore City Public Schools has emphasized its commitment to safeguarding personal information and restoring trust with its community. The district acknowledged the concerns caused by the incident and expressed regret for any distress or inconvenience it may have caused to students, staff, and families. “We deeply value the trust our students, families, and staff place in us to protect their privacy. We regret any concern this may have caused,” stated a spokesperson from the school system. What Can Impacted Individuals Do? In addition to enrolling in the credit monitoring service provided by Baltimore City Public Schools, affected individuals are encouraged to take the following precautions: Monitor Credit Reports: Regularly check credit reports for unauthorized or suspicious activity. Place a Fraud Alert: Contact one of the major credit bureaus (Equifax, Experian, TransUnion) to place a fraud alert on personal credit files. File Reports if Needed: If any suspicious activity is noticed, individuals should report it to local law enforcement, the state attorney general, or the Federal Trade Commission (FTC). Use Identity Protection Tools: Consider freezing credit to prevent unauthorized accounts from being opened. Broader Implications Schools and universities across the U.S. have become common targets for threat actors due to their large repositories of personal and sensitive data. The cyberattack on Baltimore City Public Schools underlines the need for continuous investment in cybersecurity infrastructure, employee training, and data protection policies. Experts warn that such breaches could become more frequent and severe unless educational institutions adopt advanced cybersecurity practices. For those impacted or with questions, Baltimore City Public Schools urges you to contact their dedicated support line provided in the notification letter or visit the district’s official website for more information.

image for DDoS Attack Hits Ady ...

 Cyber News

Global payment platform Adyen has confirmed it was the target of a Distributed-Denial-of-Service (DDoS) attack on April 21, 2025, which disrupted services for several customers across Europe. The Adyen cyberattack caused significant delays and failures in processing transactions, highlighting the growing cyber threat   show more ...

of digital attacks on critical financial infrastructure. The cyberattack on Adyen began at 18:51 CEST on April 21, when Adyen’s internal monitoring systems flagged unusual levels of errors and slow responses across several of its payment services hosted in European data centers. The company’s engineering team swiftly launched an investigation and identified the disruption as a DDoS attack. Adyen Cyberattack: What Exactly Happened? A DDoS attack works by beating a system with a flood of traffic, typically from many different sources, making it difficult for genuine requests to be processed. In this case, Adyen reported that the attack came in three distinct waves, each requiring the team to adjust their mitigation strategies in real time. “At peak, the attack generated millions of requests per minute, originating from a globally distributed and constantly shifting set of IP addresses,” said Tom Adams, CTO, Adyen, in a statement.  “This caused saturation of key infrastructure components, which resulted in intermittent availability of some of our services.” [caption id="attachment_102203" align="aligncenter" width="1024"] Source: Adyen[/caption] Services Affected in Adyen cyberattack The Adyen cyberattack specifically targeted the company’s European data centers, which are responsible for handling a large volume of transaction processing and customer-facing applications. The main impact occurred between 18:51 and 19:35 CEST, during which E-commerce and In-Person Payment Transaction processing services experienced intermittent outages and degraded performance. Additional services affected included: Customer Area Hosted Onboarding Transfer API Some checkout services, including Session Integrations, Secured Fields, and Pay by Link, remained impacted throughout the entire incident. This resulted in failed or delayed transactions for a portion of Adyen’s customer base, disrupting normal business operations for those relying on the platform for real-time payments and services. Adyen’s Response to Cyberattack The company’s response team quickly activated mitigation protocols, which involved enabling anti-DDoS protections, increasing system capacity, and deploying targeted filtering to identify and block malicious traffic. “Our teams activated mitigation strategies immediately upon detecting the attack. This included enabling anti-DDoS protections, scaling internal defenses, offloading traffic away from affected services, and deploying targeted filtering rules to block malicious traffic,” the CTO stated in a company statement. “We actively blocked the most aggressive sources of traffic coming from a wide range of IP addresses.” Despite these efforts, the evolving nature of the attack, with new waves having different traffic patterns, meant that some services continued to perform below normal standards for several hours. The incident was officially marked resolved by 03:20 CEST on April 22, nearly nine hours after the Adyen cyberattack began. During this period, Adyen says it kept its customers informed through regular updates on impact and resolution progress. Commitment to Transparency and Improvement Adyen’s Chief Technology Officer, Tom Adams, acknowledged the seriousness of the incident and emphasized the company’s commitment to reliability and transparency. “Reliability is a cornerstone of our business, both for our customers and within our own operations. We take this responsibility seriously, and we deeply regret the disruption this may have caused to your business,” Adams said. He continued, “Transparency is key, especially when things go wrong. This update outlines what happened, what we’ve done so far, and the actions we are taking to prevent it from happening in the future.” What’s Next? Adyen is continuing to monitor its systems for any further attack attempts and is working on a comprehensive post-incident review. This review will include a root cause analysis and outline long-term strategies for preventing similar incidents. The company has promised to share the findings of this review with its customers to maintain openness and trust. “We understand how important our platform is to your business, and ensuring the resilience of our platform against future attacks is our ongoing focus,” the company stated. Conclusion This cyberattack incident highlights the increasing challenges that digital financial service providers face in ensuring uninterrupted service in the face of evolving cyber threats. DDoS attacks, while not new, are becoming harder to mitigate, especially when they target mission-critical infrastructure like payment gateways. As businesses and consumers grow more dependent on digital payment systems, the resilience and security of platforms like Adyen become not just a business requirement but a fundamental expectation. The Cyber Express team has reached out to Adyen for more information regarding the Adyen cyberattack and the precautionary measures being implemented. As of now, no response has been received. We will update this copy as soon as we receive further details.

image for FBI: Cybercrime Loss ...

 Feed

The losses are 33% higher than the year before, with phishing leading the way as the most-reported cybercrime last year, and ransomware was the top threat to critical infrastructure, according to the FBI Internet Crime Report.

 Feed

WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups. "This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp said in a statement. The optional feature

 Feed

Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. "This mechanism allows a user application to perform various actions without using system calls," the company said in

 Feed

As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in a report shared with The Hacker News. This translates to 45 security flaws that have been weaponized

 Feed

The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes," Netcraft said in a fresh report shared with The Hacker News.

 Feed

The Evolving Healthcare Cybersecurity Landscape  Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security approaches are proving inadequate. According to recent statistics, the healthcare sector

 Feed

A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without

 Feed

At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in

 Malware

Graham explores how the Elusive Comet cybercrime gang are using a sneaky trick of stealing your cryptocurrency via an innocent-appearing Zoom call, and Carole goes under the covers to explore the extraordinary lengths bio-hacking millionaire Bryan Johnson is attempting to extend his life. All this and more is   show more ...

discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire Security researcher Sharon Brizinov earned $64,000 in bug bounties after finding hundreds of secrets leaking in dozens of public GitHub repositories. What makes Brizinov’s findings special is that the leaked secrets were found in files that had been deleted   show more ...

from the scanned repositories, which also reveals risks associated with […] La entrada Files Deleted From GitHub Repos Leak Valuable Secrets – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups. “This new setting available in both chats and groups helps prevent   show more ...

others from taking content outside of WhatsApp for when […] La entrada WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securelist.com – Author: Sojun Ryu, Vasily Berdnikov We have been tracking the latest attack campaign by the Lazarus group since last November, as it targeted organizations in South Korea with a sophisticated combination of a watering hole strategy and vulnerability exploitation within South Korean   show more ...

software. The campaign, dubbed “Operation SyncHole”, has impacted at least […] La entrada Operation SyncHole: Lazarus APT goes back to the well – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Alpine Quest

Source: securityaffairs.com – Author: Pierluigi Paganini A new Android spyware was discovered in a fake Alpine Quest app, reportedly used by Russian soldiers for war zone planning. Doctor Web researchers uncovered a new spyware, tracked as Android.Spy.1292.origin, targeting Russian military personnel. The   show more ...

malicious code was hidden in a trojanized Alpine Quest app and spread via […] La entrada Android spyware hidden in mapping software targets Russian soldiers – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique   show more ...

to mine cryptocurrency. The malware campaign targets Docker environments to deploy a malicious node connected […] La entrada Crypto mining campaign targets Docker environments with new evasion technique – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini The xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users’ private keys. Threat actors compromised the Ripple cryptocurrency npm JavaScript library xrpl.js to harvest users’ private keys. xrpl.js is   show more ...

the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 […] La entrada The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Marks & Spencer (M&S) confirmed it’s managing a cyber incident after multiple customer complaints surfaced on social media. Marks and Spencer Group plc (M&S) announced it has been managing a cyber incident in recent days with the help of   show more ...

external cyber security experts. Customers report outages affecting card payments, […] La entrada British retailer giant Marks & Spencer (M&S) is managing a cyber incident – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Cybercriminals leverage NFC fraud against ATMs and POS terminals, stealing money from consumers at scale. Resecurity (USA) investigated multiple incidents identified in Q1 2025, exceeding several million dollars in damages for one of the top Fortune 100   show more ...

financial institutions in the United States due to NFC fraud. Stopping cybercriminals […] La entrada Chinese Cybercriminals Released Z-NFC Tool for Payment Fraud – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: FireTail – AI and API Security Blog AI security is a crtical issue in today’s landscape. With developers, teams, employees and lines of business racing ahead to compete, security teams consistently fall short in an ecosystem where new risks are rising up every day.   show more ...

The result is that we are seeing […] La entrada Securing AI Innovation Without Sacrificing Pace – FireTail Blog – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Amy Cohn Implementing Strategic Non-Human Identity Management for Sensitive Data Protection Are your organization’s secrets safe? How comprehensive is your strategy for securing your Non-Human Identities (NHIs) and their secrets? Businesses must aim to eliminate data   show more ...

leaks and security breaches by incorporating NHI and Secrets management as a core part of […] La entrada Are Your Secrets Properly Protected? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones UK high street retailer Marks & Spencer says contactless payments are still down following its “cyber incident” and order delays are likely to continue. The clothing, homeware, and produce purveyor told customers in an update on Wednesday   show more ...

evening that Click & Collect orders were also suspended until further notice, […] La entrada M&S takes systems offline as ‘cyber incident’ lingers – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones The percentage of confirmed data breaches involving third-party relationships doubled last year as cybercriminals increasingly exploited weak links in supply chains and partner ecosystems. That’s according to Verizon’s Data Breach Investigations   show more ...

Report (DBIR) —one of the industry’s most-watched autopsies on what actually goes wrong in infosec. This year’s edition, […] La entrada Your vendor may be the weakest link: Percentage of third-party breaches doubled in a year – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Booby-trapped

Source: go.theregister.com – Author: Iain Thomson Russian soldiers are being targeted with an Android app specially altered to pinpoint their location and scan their phones for files, with the ability to exfiltrate sensitive documents if instructed. The software in question is Alpine Quest, a legit topographic   show more ...

mapping tool popular among hikers, hunters, and more to […] La entrada Booby-trapped Alpine Quest Android app geolocates Russian soldiers – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons Digital scammers and extortionists bilked businesses and individuals in the US out of a “staggering” $16.6 billion last year, according to the FBI — the highest losses recorded since bureau’s Internet Crime Complaint Center (IC3) started   show more ...

tracking them 25 years ago. Also in 2024: Ransomware again posed the biggest […] La entrada Ransomware scum and other crims bilked victims out of a ‘staggering’ $16.6B last year, says FBI – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons US health insurance giant Blue Shield of California handed sensitive health information belonging to as many as 4.7 million members to Google’s advertising empire, likely without these individuals’ knowledge or consent. The data shared may have   show more ...

included medical claim dates and providers used, which raises the specter of Google […] La entrada Blue Shield says it shared health info on up to 4.7M patients with Google Ads – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency. The NPM package, xrpl, is a JavaScript/TypeScript library that devs use to interact with and build apps using the cryptocurrency   show more ...

ledger’s features. This includes wallet and key management, payment channels, decentralized […] La entrada Ripple NPM supply chain attack hunts for private keys – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Calling

Source: go.theregister.com – Author: Jessica Lyons The security industry loves its buzzwords, and this is always on full display at the annual RSA Conference event in San Francisco. Don’t believe us? Take a lap on the expo floor, and you’ll be bombarded with enough acronyms and over-the-top claims   show more ...

to send you straight to the nearest […] La entrada We’re calling it now: Agentic AI will win RSAC buzzword Bingo – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons Criminals used stolen credentials more frequently than email phishing to gain access into their victims’ IT systems last year, marking the first time that compromised login details claimed the number two spot in Mandiant’s list of most common   show more ...

initial infection vectors. “Credential stealers have been and are a major […] La entrada Who needs phishing when your login’s already in the wild? – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

How SWE’s commitment to diversity, equity, inclusion, and belonging extends beyond the organization and across the globe. Source Views: 0 La entrada Diversity at Work: SWE’s Joint Member Partners se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

In this episode, Major Melissa K. Bierma shares about her military career, her early mentorship experiences, and the advice she would give to women who are interested in pursuing a career in the U.S. Space Force. Source Views: 0 La entrada SWE Diverse Podcast: Ep. 215: Inspiring Women in the U.S. Military with Major   show more ...

Melissa K. Bierma of the U.S. Space Force se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido By Byron V. Acohido As enterprises brace for a new wave of stealthy intrusions — so-called Typhoon attacks — security leaders are doubling down on network intelligence that goes beyond surface-level alerts. Related: What is NDR? In this RSAC 2025 Fireside   show more ...

Chat, I sat down with Corelight CEO Brian Dye […] La entrada RSAC Fireside Chat: The NDR evolution story—from open source start to kill chain clarity – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido By Byron V. Acohido As RSAC 2025 convenes next week in San Francisco, digital trust is poised to take center stage. Related: PKI and the IoT cloud One quiet but consequential development now taking root in the financial sector could prove pivotal: the emergence of   show more ...

a dedicated Public Key Infrastructure […] La entrada RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’ – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido By Byron V. Acohido It’s no secret that cyber criminals go after data. What’s often overlooked is shoring up direct protection where that data typically resides: in enterprise storage systems. That’s beginning to change. Related: The data storage economy   show more ...

Enterprise storage security has moved to the front burner. The emerging […] La entrada RSAC Fireside Chat: Enterprise storage security – ground zero for protecting data, preserving resilience – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Access Management

Source: heimdalsecurity.com – Author: Gabriella Antal Privileged access management (PAM) is a key part of modern cybersecurity. In simple terms, it’s the strategy you use to monitor and control access to the most sensitive assets or data – like confidential customer information or mission-critical servers.   show more ...

The logic is simple: These assets carry a unique level of […] La entrada Effective Privileged Access Management Implementation: A Step-by-Step Guide – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Gabriella Antal Admin rights are one of the most important and fundamental aspects of cybersecurity. Without elevated permissions, hackers will have a hard time stealing your data or disrupting your services. For that reason, they’re often trying to gain access to an   show more ...

administrator account to successfully carry off whatever attack they’re […] La entrada Admin Rights in Action: How Hackers Target Privileged Accounts – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Steven Edwards How It Works Threat reports often contain valuable Indicators of Compromise (IOCs) — hashes, IP addresses, domain names — that security teams need to operationalize quickly. But manually copying and converting them into queries for platforms like Microsoft   show more ...

Sentinel is slow, error-prone, and distracting from real response. Uncoder AI […] La entrada From IOCs to Queries: How Uncoder AI Automates Threat Intelligence Action – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT29

Source: socprime.com – Author: Steven Edwards How It Works Writing detection rules often starts with a question: What am I trying to find, and under what conditions? But even the best threat intel reports don’t come prepackaged in platform-ready syntax. Uncoder AI’s Custom Prompt Generation bridges that gap.   show more ...

This feature allows users to input natural […] La entrada Custom AI Prompting in Uncoder AI Enables On-Demand Detection Generation – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Steven Edwards How It Works Turning threat reports into detection logic is often the most time-intensive part of the detection engineering lifecycle. Reports are written for humans, not machines — and transforming narrative threat intelligence into actionable rules can take   show more ...

hours of manual interpretation. Uncoder AI solves this with AI-assisted rule […] La entrada From Threat Report to Detection Logic: Uncoder AI Automates Rule Generation – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 ATT&CK

Source: socprime.com – Author: Daryna Olyniychuk We are excited to participate in the 2025 EU MITRE ATT&CK® Community Workshop, taking place on May 15, 2025, in Brussels. The event is hosted by Eurocontrol and supported by the MITRE Center for Threat-Informed Defense and the Centre for Cybersecurity   show more ...

Belgium. Check out the workshop registration details here. […] La entrada SOC Prime to Present at 2025 MITRE ATT&CK® Community Workshop – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-04
Aggregator history
Thursday, April 24
TUE
WED
THU
FRI
SAT
SUN
MON
AprilMayJune