Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history

 Feed

Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN). "LAGTOY can be

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido By Byron V. Acohido APIs have become foundational to digital business operations, serving as the behind-the-scenes glue that connects apps, platforms and partners. Related: OWASP’s Top 10 Web App Security Risks But this growing reliance has opened a new front in   show more ...

cybersecurity—one where attackers are quietly exploiting weaknesses buried deep […] La entrada RSAC Fireside Chat: Attackers are exploiting gaps in business logic created by proliferation of APIs – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: securityaffairs.com – Author: Pierluigi Paganini Researchers identified a new malware, named DslogdRAT, deployed after exploiting a now-patched flaw in Ivanti Connect Secure (ICS). JPCERT/CC researchers reported that a new malware, dubbed DslogdRAT, and a web shell were deployed by exploiting a zero-day   show more ...

vulnerability during attacks on Japanese organizations in December 2024. The vulnerability, tracked […] La entrada JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at risk. Researchers warn that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being   show more ...

exploited. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer […] La entrada SAP NetWeaver zero-day allegedly exploited by an initial access broker – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South   show more ...

Korea in a cyber espionage campaign tracked as Operation SyncHole. The […] La entrada Operation SyncHole: Lazarus APT targets supply chains in South Korea – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini The Interlock ransomware gang claimed responsibility for the attack on the leading kidney dialysis company DaVita and leaked alleged stolen data. DaVita Inc. provides kidney dialysis services through a network of 2,675 outpatient centers in the United   show more ...

States, serving 200,800 patients, and 367 outpatient centers in 11 other countries, serving 49,400 patients. […] La entrada Interlock ransomware gang started leaking data allegedly stolen from leading kidney dialysis firm DaVita – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons Opinion Just when it seems they couldn’t be that careless, US officials tasked with defending the nation go and do something else that puts American critical infrastructure, national security, and troops’ lives in danger. In Signalgate part 3, or   show more ...

possibly 4 — we’ve lost track — on Thursday it came […] La entrada Signalgate lessons learned: If creating a culture of security is the goal, America is screwed – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons Kent Landfield, a founding member of the Common Vulnerabilities and Exposures (CVE) program and member of the board, learned through social media that the system he helped create was just hours away from losing funding. “Another board member gave me a   show more ...

call and said: ‘What the heck?'” Landfield recalled […] La entrada Amid CVE funding fumble, ‘we were mushrooms, kept in the dark,’ says board member – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Ivanti VPN users should stay alert as IP scanning for the vendor’s Connect Secure and Pulse Secure systems surged by 800 percent last week, according to threat intel biz GreyNoise. The team at the internet monitoring company said this is the kind of   show more ...

pattern that usually precedes exploitation and […] La entrada More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Iain Thomson More than one month after complaints starting flying, Microsoft has fixed a Windows bug that caused some Remote Desktop sessions to freeze. The issue was introduced in a botched February update to Windows 11 24H2, and Server 2025. Three weeks ago, Microsoft   show more ...

warned Remote Desktop sessions would become unresponsive […] La entrada Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Marks & Spencer has paused online orders for customers via its website and app as the UK retailer continues to wrestle with an ongoing “cyber incident.” Contactless payments were halted earlier this week and Click & Collect orders   show more ...

temporarily suspended, yet until today M&S insisted it was continuing to […] La entrada M&S stops online orders as ‘cyber incident’ issues worsen – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones SAP’s latest out-of-band patch is for a perfect 10/10 bug in NetWeaver that experts suspect could have already been exploited as a zero-day. However, we can’t say for sure whether that’s the case because the German software shop has restricted   show more ...

access to the details behind a customer paywall. The […] La entrada Emergency patch for potential SAP zero-day that could grant full system control – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Steven Edwards How It Works The “Hot OSINT Indicators” tab within Uncoder AI extends the built-in Threat Detection Marketplace search with continuously updated TLP:CLEAR threat intelligence. This data is sourced from publicly disclosed CERT-UA reports and is presented in a   show more ...

structured, query-ready format for immediate operational use. The interface allows users […] La entrada Hot OSINT Indicators – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Steven Edwards How It Works Managing detection use cases across tools can be time-consuming and error-prone. With Uncoder AI, this process is fully streamlined. Users can instantly generate structured documentation for a rule or use case in Confluence—directly from within the   show more ...

Uncoder interface. Once an integration with Confluence is set up […] La entrada Use Case Documentation from Uncoder AI – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Steven Edwards How It Works Uncoder AI supports native integration with Microsoft Sentinel, Google SecOps, and Elastic Stack, enabling users to deploy detection rules directly from the platform. Once a rule is authored or translated within Uncoder AI, the user can instantly push   show more ...

it into their SIEM’s data plane without exporting […] La entrada Rule Deployment into a Data Plane – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Steven Edwards WRITTEN BY Steven Edwards Technical Writer [post-views] April 25, 2025 · 2 min read How It Works Uncoder AI’s on-the-fly customization capability enables security teams to instantly adapt rules and queries to their specific environment using Customization   show more ...

Profiles. The screenshot showcases how analysts can: Choose Custom Field Mappings to […] La entrada Rule Customization On The Fly – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team Generative artificial intelligence (AI) is revolutionising the way businesses operate. The widespread adoption and integration of models, such as OpenAI’s ChatGPT and Google’s Gemini, into everyday organisational processes has resulted in the seismic   show more ...

growth of the global market, which is expected to reach $1.3 trillion in 2032. The rapid advancement of […] La entrada Now Is Not the Time to Cut Back on Security Teams – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: www.cyberdefensemagazine.com – Author: Gary Lattica’s Mission: Making Private AI a Reality with the Power of Fully Homomorphic Encryption In the buzz-heavy world of AI and cybersecurity, it’s not every day a company steps out of stealth mode and immediately makes you rethink what’s possible. But   show more ...

that’s exactly what Lattica, a Tel Aviv-based startup, is […] La entrada Innovator Spotlight: LatticaAI – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: Stevin Redefining Cybersecurity for the AI Era With the launch of ChatGPT, everything changed – overnight, AI became democratized. But while everyday users turned to AI for grocery lists and grammar checks, cybercriminals weaponized it to scale attacks like never   show more ...

before. Now, the cyber threat landscape is evolving at an unprecedented […] La entrada The Story of Jericho Security – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISOs

Source: www.cyberdefensemagazine.com – Author: News team Chief Information Security Officers are facing rising pressure to ensure robust security and compliance across globally distributed environments. Managing multiple security tools and platforms while avoiding inconsistencies and gaps in coverage is an   show more ...

ever-growing challenge. Digital transformation and the shift to the cloud introduces even more areas of concern. […] La entrada How CISOs Can Master Operational Control Assurance — And Why It Matters – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially   show more ...

motivated threat actor, scanning for vulnerable systems and deploying a […] La entrada ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control. Learn about the flaws, affected models and the urgent need to apply Planet’s patches. Cybersecurity firm   show more ...

Immersive has identified critical security weaknesses affecting network management tools and industrial switches manufactured by […] La entrada Planet Technology Industrial Switch Flaws Risk Full Takeover – Patch Now – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how to check if your SAP Java systems are affected and the immediate steps to take. A serious security vulnerability, identified as   show more ...

CVE-2025-31324, was discovered in SAP NetWeaver’s Visual Composer development server. […] La entrada SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Application Security

Source: www.csoonline.com – Author: The unrestricted file upload flaw is likely being exploited by an initial access broker to deploy JSP web shells that grant full access to servers and allow installing additional malware payloads. Attackers have been exploiting a critical zero-day vulnerability in the Visual   show more ...

Composer component of the SAP NetWeaver application server since […] La entrada SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Linux security still too reliant on eBPF-based agents, says Armo. An Israeli vendor was able to evade several leading Linux runtime security tools using a new proof-of-concept (PoC) rootkit that it claims reveals the limitations of many products in this space.  The work of   show more ...

cloud and Kubernetes security company Armo, the […] La entrada Proof-of-concept bypass shows weakness in Linux security tools, claims Israeli vendor – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

As part of their spotlight month, the Community Colleges Affinity Group explores the importance of community colleges to SWE and beyond. Source Views: 0 La entrada Community Colleges and SWE: A Celebration of Reciprocity se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-04
Aggregator history
Saturday, April 26
TUE
WED
THU
FRI
SAT
SUN
MON
AprilMayJune