Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Versa Patches 3 Conc ...

 Cyber News

Versa Networks has patched three vulnerabilities in its Concerto network security and SD-WAN orchestration platform, including one that scored a 10.0, the highest possible severity rating. The Versa Concerto vulnerabilities were revealed by Project Discovery in a blog post earlier this week, which said Versa hadn’t   show more ...

responded to the researchers’ disclosures that were first made in February. The researchers said they had “not received any response or indication of a forthcoming patch. As a result, we are compelled to publish our findings to raise awareness and prompt the necessary actions to secure affected systems.” However, in a statement to The Cyber Express, Versa said the vulnerabilities were fixed with a hotfix on March 7 and then in the Concerto 12.2.1 general release on April 16. Versa offered a screenshot as proof of the April 16 fix. Versa also said the company had been in touch with the researchers. “There is no indication that these vulnerabilities were exploited in the wild, and no customer impact has been reported,” Versa said. “All affected customers were notified through established security and support channels with guidance on how to apply the recommended updates.” The Versa Concerto Vulnerabilities The Versa Concerto vulnerabilities have been assigned the following CVEs: CVE-2025-34027, a 10.0-rated Race Condition and Improper Authentication vulnerability. The Versa Concerto platform in versions 12.1.2 through 12.2.0 is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, which could allow an attacker to access administrative endpoints. The Spack upload endpoint can potentially be leveraged with a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation. CVE-2025-34026, a 9.2-severity Improper Authentication vulnerability. The authentication bypass in the Traefik reverse proxy configuration could potentially allow the internal Actuator endpoint to be leveraged for access to heap dumps and trace logs. CVE-2025-34025, an 8.6-severity Incorrect Permission Assignment for Critical Resource vulnerability. The Concerto platform is vulnerable to a privilege escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape could potentially be used to trigger remote code execution or direct host access, depending on host operating system configuration. “These vulnerabilities, when chained together, could allow an attacker to fully compromise both the application and the underlying host system,” the Project Discovery researchers wrote. “This research highlights how small misconfigurations in modern cloud-based deployments can escalate into severe security risks, particularly for platforms handling sensitive network configurations and enterprise data.” Versa’s Response With a customer base that includes enterprises and service providers, a Versa vulnerability can have significant effects, so the company’s prompt response was the right one. “Versa follows responsible disclosure practices and takes a proactive approach to identifying, mitigating, and communicating potential risks,” the company told The Cyber Express. “Security is foundational to our platform, and we continue to invest in continuous monitoring, rapid response, and customer education as part of our commitment to trust and protection.” Many customers have already upgraded to the April 16 release, the company said, “though we recognize some deployments may still be pending.” Detailed information on affected releases and mitigation steps is limited to customer access only, Versa said.

image for International Operat ...

 Cyber News

The U.S. Justice Department has unsealed an indictment against Rustam Rafailevich Gallyamov, a Russian national accused of running a cybercrime group responsible for one of the most notorious malware threats in recent years: Qakbot. According to prosecutors, Gallyamov, 48, was the architect behind a decade-long   show more ...

malware operation that infected thousands of computers worldwide and helped deploy a batch of ransomware attacks. His alleged actions netted millions in cryptocurrency, over $24 million of which has now been seized by the FBI. The charges come as part of Operation Endgame, an ongoing international law enforcement effort to take down global cybercrime networks. The operation involves agencies from the United States, France, Germany, the Netherlands, Denmark, the United Kingdom, and Canada. “This is a clear message to cybercriminals everywhere: we will find you, we will charge you, and we will take back what you stole,” said Matthew R. Galeotti, head of the Justice Department’s Criminal Division. From Qakbot Malware to Millions Qakbot, also known as Qbot, first surfaced in 2008 as a banking trojan. But under Gallyamov’s alleged leadership, it evolved into a malware platform used to build a global botnet, a network of infected machines that gave hackers a backdoor into private and corporate systems. Beginning in 2019, the malware was increasingly used as a launchpad for ransomware attacks. Prosecutors say Gallyamov rented out access to infected systems to cyber gangs who then released ransomware strains like REvil, Dopplepaymer, Conti, and Black Basta on victims across the world. In return, Gallyamov reportedly took a cut of the ransom payments, usually paid in cryptocurrency. “He wasn’t just writing malware—he was monetizing misery on a global scale,” said U.S. Attorney Bill Essayli of the Central District of California. “And now we’re working to return those stolen funds to the victims.” Takedown and the Comeback The U.S. and its partners dealt a major blow to the operation in August 2023, when they disrupted the Qakbot infrastructure in a coordinated takedown. That effort led to the seizure of 170 bitcoin and over $4 million in stablecoins from Gallyamov’s digital wallets. But Gallyamov didn’t back down, officials say. He allegedly changed tactics and continued launching attacks—this time using “spam bomb” campaigns, flooding employees at target companies with malicious emails to trick them into opening the door to new infections. According to the indictment, as recently as January 2025, Gallyamov and his associates were still deploying ransomware, including Black Basta and Cactus, on newly compromised systems. “Even after we took down his botnet, he found other ways to get back into business,” said Akil Davis, Assistant Director in Charge of the FBI’s Los Angeles Field Office. “This guy was relentless. But so are we.” Crypto Crackdown In April, FBI agents executed another seizure warrant, this time netting over 30 bitcoin and $700,000 in USDT tokens. Combined with earlier seizures, authorities have now locked down more than $24 million in alleged illicit crypto profits linked to Gallyamov. A civil forfeiture complaint filed today aims to permanently confiscate those funds—and eventually return them to the victims. “This case highlights the growing importance of crypto forensics in cybercrime investigations,” said one DOJ official. “It’s not just about catching hackers anymore—it’s about taking away their profits.” Global Effort The case against Gallyamov is the result of an extensive, multi-year investigation led by the FBI’s Los Angeles Field Office, with crucial support from partners in Germany, France, the Netherlands, and Europol. The DOJ’s Office of International Affairs also played a key role, coordinating across borders to track digital evidence and execute seizures. Prosecutors from the DOJ’s Computer Crime and Intellectual Property Section (CCIPS) and the Central District of California are handling the case. What’s Next? Gallyamov is still believed to be in Russia, and his extradition prospects remain unclear. However, officials say this case isn’t just about prosecution, it’s about disruption. By seizing funds, disabling infrastructure, and publicly unmasking key players, law enforcement hopes to raise the stakes for cybercriminals who think they’re untouchable. “Indictments like this one won’t stop cybercrime overnight,” said an FBI spokesperson. “But they make it harder to hide, harder to profit, and harder to sleep at night if you’re in that world.” As always, an indictment is merely an accusation, and Gallyamov is presumed innocent until proven guilty in court. But for now, the DOJ has made its position clear: Cybercrime has real consequences—even when it crosses international lines.

image for Dark Web No Longer S ...

 Cyber News

In an international law enforcement operation, 270 individuals involved in dark web criminal activity have been arrested across ten countries. Coordinated by Europol, the operation, codenamed Operation RapTor, targeted online vendors and buyers dealing in illegal drugs, weapons, counterfeit goods, and other illicit   show more ...

items. This large-scale crackdown sends a strong message to criminals hiding behind the anonymity of the dark web: their digital hiding places are no longer safe. Operation RapTor: A Coordinated International Effort Operation RapTor was led by Europol, with support from law enforcement and intelligence agencies across North America, Europe, South America, and Asia. The arrests followed intelligence gathered from several previously dismantled dark web marketplaces, including Nemesis, Tor2Door, Bohemia, and Kingdom Market. Many of the suspects had carried out thousands of transactions on these platforms, relying on encryption and cryptocurrencies to mask their identities and operations. However, the coordinated efforts of international law enforcement agencies allowed investigators to track and identify them. The arrests were distributed across several countries: United States: 130 arrests Germany: 42 arrests United Kingdom: 37 arrests France: 29 arrests South Korea: 19 arrests Austria & Netherlands: 4 arrests each Brazil: 3 arrests Switzerland & Spain: 1 arrest each Investigations are ongoing, and more arrests may follow as authorities continue to analyze seized data. Massive Seizures Disrupt Dark Web Supply Chains In addition to the arrests, law enforcement officers confiscated a large volume of illegal goods and financial assets. The operation led to the seizure of: Over €184 million in cash and cryptocurrency More than 2 tonnes of illegal drugs, including amphetamines, cocaine, ketamine, opioids, and cannabis Over 180 firearms, along with imitation weapons, tasers, and knives 12,500 counterfeit products, ranging from fake IDs to branded knock-offs Over 4 tonnes of illicit tobacco These seizures have significantly disrupted criminal supply chains that feed the dark web economy, particularly those involved in the sale of illegal drugs and counterfeit goods. Europol’s Role and Strategy Europol played a central role in the operation by analyzing and sharing intelligence collected from previously seized dark web marketplaces. Investigators compiled this data into intelligence packages and distributed them to national authorities through the Joint Cybercrime Action Taskforce (J-CAT), hosted at Europol headquarters. This collaborative approach mirrors the success of Operation SpecTor, conducted in 2023, which resulted in 288 arrests. Together, these efforts highlight a growing ability among law enforcement agencies to work across borders and identify key players in the dark web ecosystem. According to Edvardas Šileris, Head of Europol’s European Cybercrime Centre: “Operation RapTor shows that the dark web is not beyond the reach of law enforcement. Through close cooperation and intelligence sharing, officers across four continents identified and arrested suspects, sending a clear message to those who think they can hide in the shadows.” The Growing Threat of Online Crime As traditional dark web marketplaces face increasing pressure, criminals are shifting their tactics. Law enforcement officials have observed a growing trend toward single-vendor shops—websites operated by individual sellers. These smaller platforms aim to reduce exposure and avoid the risks associated with larger, centralized marketplaces. Illegal drugs remain the top commodity sold on the dark web. However, law enforcement is also tracking a rise in prescription drug trafficking and fraudulent services. These include scam websites offering fake hitmen, forged documents, or non-existent goods to exploit unsuspecting buyers. This shift highlights the evolving nature of cybercrime. As criminals adopt new methods to avoid detection, law enforcement must adapt and innovate accordingly. Cooperation Is Key The success of Operation RapTor was made possible through cooperation between multiple international agencies, including: Austria: Criminal Intelligence Service and Provincial Criminal Police Departments Brazil: Civil Police of the States of Pará and São Paulo France: Customs and National Gendarmerie Germany: Federal Criminal Police, Prosecutor’s Office in Cologne, and German Customs Netherlands: Team High Tech Crime and other national units Spain: National Police South Korea: Darknet Investigations Unit of the Seoul Central District Prosecutors’ Office Switzerland: Zurich Cantonal Police and Public Prosecutor’s Office United Kingdom: National Crime Agency and Police Chiefs’ Council United States: Department of Justice and a host of federal agencies, including the FBI, DEA, HSI, IRS, ATF, CBP, NCIS, and more Strengthening Law Enforcement Magnus Brunner, European Commissioner for Internal Affairs and Migration, emphasized the importance of continued investment in law enforcement capabilities: “This operation is proof of how criminal gangs operate today: offline and online, internationally and locally, using technology to their full advantage. To counter this, coordinated action is essential. And that is exactly the added value Europol provides.” He added that the European Union is working on ProtectEU, an Internal Security Strategy designed to make law enforcement future-proof. Part of this effort includes increasing funding and expanding the mandate of Europol to respond more effectively to emerging digital threats. A Clear Message to Criminals The success of Operation RapTor sends a strong and clear message: the dark web is no longer a safe haven for criminals. While the internet provides tools that criminals can use to hide, it also offers opportunities for law enforcement to track and catch them. Through advanced investigative techniques, cross-border cooperation, and the intelligent use of data, law enforcement agencies around the world are proving that even in the darkest corners of the internet, justice can still reach.

image for Operation Endgame 2. ...

 Ransomware News

A coordinated cyber takedown executed by international law enforcement this week has hit the ransomware economy where it hurts most—its infrastructure. Dubbed Operation Endgame 2.0, the sweeping effort saw over 300 servers dismantled, 650 domains neutralized, and 20 suspected cybercriminals slapped with   show more ...

international arrest warrants. It’s a follow-up to 2024’s record-setting botnet crackdown, but this time with a sharper aim: kill the attack chain before ransomware even loads. And it’s working. Also read: Operation Endgame – Largest Ever Operation Against Multiple Botnets Used to Deliver Ransomware From May 19 to 22, agencies across seven countries, including the U.S., U.K., Germany, France, the Netherlands, Canada, and Denmark, worked under the coordination of Europol and Eurojust to go after what cybersecurity pros call initial access malware—the first-stage droppers that sneak into systems, open the back door, and pave the way for full-scale ransomware deployment. In short, Operation Endgame 2.0 just made life a lot harder for ransomware crews. From Bumblebee to Trickbot, the Droppers Are Dropping On the hit list were some of the nastiest names in malware-as-a-service: Bumblebee, Qakbot, DanaBot, WarmCookie, Lactrodectus, Trickbot, and HijackLoader. These aren’t flashy strains that encrypt your files and demand crypto. Instead, they’re stealthy loaders—used by ransomware gangs to gain access, establish footholds, and hand off victims to affiliates for the final payload. By pulling the plug on these services, law enforcement didn’t just nab some servers. They disrupted a billion-dollar cybercrime ecosystem. “This new phase demonstrates law enforcement’s ability to adapt and strike again, even as cybercriminals retool and reorganize,” said Europol Executive Director Catherine De Bolle in a statement. “By disrupting the services criminals rely on to deploy ransomware, we are breaking the kill chain at its source.” Follow the Money—and the Servers The takedown wasn't just about digital infrastructure. Investigators seized over €3.5 million in cryptocurrency during the operation, pushing the total crypto haul from the two Endgame operations north of €21 million. That kind of financial disruption hits threat actors right in their incentive structure. Meanwhile, over 300 servers and hosting services across dozens of countries went offline, thanks to simultaneous seizures and shutdowns coordinated through Europol’s cybercrime task force. The operation was so complex that Europol set up a real-time Command Post in The Hague, where agents from across North America and Europe directed the digital sting like a cyber version of Interpol meets Ocean’s Eleven. Cybercrime’s Most Wanted Authorities aren’t done yet. Germany has placed 18 of the suspects involved on the EU’s Most Wanted list. These aren’t low-level scammers. Many of the individuals targeted are believed to be the architects of infrastructure used to deploy ransomware globally—providing access-as-a-service to criminal gangs responsible for attacks on hospitals, city governments, and major corporations. The announcement also suggests more arrests could follow, with investigations still unfolding and infrastructure leads being analyzed. Operation Endgame 2.0, in name and nature, seems far from over. Why This Matters Now Ransomware has dominated the cybersecurity conversation for years, evolving from isolated extortion attempts into a full-blown criminal industry backed by scalable infrastructure and professional-grade support services. In fact, a Y-o-Y comparison from cybersecurity company Cyble's latest Ransomware Threat Landscape report showed that ransomware attacks have jumped by 86% in this year's first four months alone. And no points for guessing, the United States remained the most targeted country around the globe with nearly 1400 attacks. [caption id="attachment_103006" align="aligncenter" width="600"] U.S. the most targeted country by ransomware actors between January and April 2025. (Source: Cyble's Ransomware Threat Landscape)[/caption] Much of that industry depends on initial access brokers—shadowy groups that specialize in getting into systems, then selling or renting out that access to ransomware gangs like LockBit, BlackCat, or Royal. By targeting these brokers and the malware they use, Endgame strikes at the root of modern ransomware. It’s the cyber equivalent of cutting off supply lines before enemy forces even get to the battlefield. And with droppers like Qakbot and Trickbot re-emerging even after previous takedowns, the new wave of arrests and infrastructure seizures sends a clear message: rebuild if you dare, but we’re watching. What Comes Next The Europol-led coalition isn’t just celebrating its wins. It’s looking ahead. When the agency releases its next Internet Organised Crime Threat Assessment (IOCTA) on June 11, the spotlight will be firmly on initial access brokers. That’s a strategic shift from whack-a-mole takedowns to long-term disruption of how cybercriminals do business. Operation Endgame 2.0 also marks another turning point in cross-border cyber policing. With adversaries operating globally, the defenders are finally catching up. The seamless cooperation between countries, rapid sharing of intelligence, and simultaneous global enforcement may just be the new normal for tackling cybercrime. So, while the ransomware threat isn’t gone—and probably won’t be anytime soon—its digital supply chain just took a serious hit. And this time, the message wasn’t just "We see you." It was: "We’re coming for the foundation you built."

image for Cloudflare Closes Se ...

 Firewall Daily

Cloudflare has alerted users of a security vulnerability—tracked as CVE-2025-4366—in the widely used Pingora OSS framework. This vulnerability, a request smuggling flaw, was discovered by a security researcher while testing exploits against Cloudflare’s Content Delivery Network (CDN) free tier, which utilizes   show more ...

Pingora to serve cached assets.  The vulnerability surfaced within the Pingora caching components—specifically in the pingora-proxy and pingora-cache crates, which provide HTTP caching functionality to improve performance on Cloudflare’s CDN. When enabled, caching allows content to be served from a storage backend, reducing bandwidth and load on origin servers. However, an HTTP/1.1 request parsing bug in Pingora’s caching logic allowed for potential request smuggling attacks.  Overview of the CVE-2025-4366 Vulnerability  Request smuggling exploits inconsistencies in how HTTP requests are parsed across different network components. Typically, a client’s HTTP request passes through multiple layers, such as load balancers, proxies, and servers, each parsing the request independently. If these layers interpret the request boundaries differently, such as the length of the request body, a malicious actor can craft a request that is treated as two distinct requests by different components. This discrepancy enables the attacker to “smuggle” a malicious request inside a legitimate one on the same connection.  In Pingora’s case, the vulnerability occurred due to skipped request body consumption on cache hits. Normally, Pingora processes requests in a manner compliant with HTTP/1.1 standards, fully consuming request bodies or refusing to reuse connections when errors occur. But when a cached response was served, Pingora skipped this step, leaving unread data in the connection. This leftover data could be manipulated to inject a “smuggled” HTTP request, causing Pingora to misinterpret subsequent requests.  Because of the vulnerability, Pingora might treat the injected “smuggled” request as part of the next request sequence, allowing attackers to alter headers or URLs seen by the origin server.  Impact on Cloudflare’s CDN Free Tier Users  At the time the vulnerability was identified, Cloudflare was rolling out a new Pingora proxy with caching enabled to a portion of its free CDN plan traffic. This meant that customers using the free tier or those directly employing the caching features of Pingora OSS were potentially exposed to this flaw.  The most concerning impact was the ability of attackers to cause visitors to Cloudflare-hosted sites to make additional requests to attacker-controlled servers, effectively leaking which URLs the visitor had originally accessed. This attack was made possible because some vulnerable origin servers responded to the smuggled Host header with HTTP 301 redirects to the attacker’s domain, which would prompt browsers to follow the redirect and send the original URL in the Referer header. This behavior could expose sensitive browsing patterns and enable the injection of malicious content. Upon receiving notification of the vulnerability on April 11, 2025, Cloudflare’s security addressed this vulnerability. Between April 11, and April 12, they confirmed the flaw and identified the vulnerable Pingora component responsible. By April 12, preparations were underway to disable traffic to the affected proxy with caching enabled, and by 06:44 UTC that same day, traffic to the vulnerable component was fully blocked.   Conclusion  Cloudflare advised all users of the Pingora OSS framework—especially those leveraging the caching crates—to upgrade to version 0.5.0 or later, which includes the fix for this request smuggling vulnerability. Importantly, customers using the Cloudflare CDN free tier do not need to take any action, as the patch has already been deployed on their behalf. In a statement, Cloudflare expressed gratitude to security researchers James Kettle and Wannes Verwimp, who responsibly disclosed the flaw through the Bug Bounty Program.  

image for AI Finds What Humans ...

 Firewall Daily

A zero-day vulnerability in the Linux kernel’s SMB (Server Message Block) implementation, identified as CVE-2025-37899, has been discovered using OpenAI’s powerful language model, o3. The vulnerability is a use-after-free flaw located in the logoff command handler of the ksmbd kernel module.  Security researcher   show more ...

Sean H. documented the process in a detailed technical blog. He had initially set out to audit ksmbd, a Linux kernel module responsible for implementing the SMB3 protocol. While intending to take a break from large language model (LLM) tools, curiosity led him to benchmark the capabilities of o3, a new AI model from OpenAI.  Rather than using complex frameworks or automation tools, Sean leveraged only the o3 API to analyze targeted code sections. During this process, o3 successfully unearthed CVE-2025-37899, a zero-day vulnerability in the Linux kernel. The model identified a scenario where shared objects between concurrent server connections led to unsafe memory access—specifically, a use-after-free situation in the SMB ‘logoff’ command handler.  Technical Breakdown of CVE-2025-37899  The issue arises when one thread processes an SMB2 LOGOFF request and frees the sess->user object while another thread may still be using it. This occurs without proper synchronization mechanisms, which can lead to dereferencing of freed memory, opening doors to kernel memory corruption or arbitrary code execution.  The vulnerability exploits a subtle interaction between SMB session handling and Linux kernel memory management: Multiple connections may bind to the same SMB session.  One thread (Worker-B) handling a LOGOFF request frees the session’s user object (ksmbd_free_user(sess->user)).  Another thread (Worker-A), still processing requests using the same session, continues accessing sess->user, now pointing to freed memory. Depending on timing, this results in a traditional use-after-free exploit or a null pointer dereference, leading to system crashes or privilege escalation.  Comparative Performance: o3 vs. Other Models  Interestingly, o3 also rediscovered CVE-2025-37778, another use-after-free vulnerability that Sean had previously identified manually. This bug resides in the Kerberos authentication path during SMB session setup. The AI detected this bug in 8 out of 100 runs, while OpenAI’s Claude Sonnet 3.7 managed only 3 detections in 100 tries, and Claude 3.5 failed to detect it altogether. These results reflect both the promise and current limitations of AI-assisted vulnerability research. o3 showed notable capability but also returned a high false positive rate—about 28 out of 100 attempts. Still, with a true positive to false positive ratio of around 1:4.5, the model proved useful enough to warrant serious consideration in practical workflows.  Lessons from o3’s Analysis  One of the most insightful takeaways from o3’s analysis of CVE-2025-37899 was its understanding of concurrency in kernel operations. The model successfully reasoned through non-trivial control flow paths and object lifecycle management under concurrent execution—something even experienced researchers may overlook, especially under time pressure. What’s more compelling is that o3 sometimes offered better remediation advice than its human counterpart. For example, in addressing CVE-2025-37778, Sean had initially suggested setting sess->user = NULL after freeing it. However, o3 identified that such a fix might be insufficient due to the SMB protocol allowing multiple connections to bind to a session. Conclusion   Large language models are not yet a replacement for expert analysts. o3’s success in identifying complex flaws highlights its ability to augment human expertise, streamline analysis, and extend the reach of automated security tools. Though the experiment revealed limitations in processing large codebases, it also highlighted the model’s effectiveness in targeted scans and the importance of developing tools to manage false positives and intelligently structure input.

image for Commvault Nation-Sta ...

 Cyber News

Nation-state threat actors targeting Commvault applications hosted in Microsoft Azure may be part of a broader campaign targeting Software-as-a-Service (SaaS) applications, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned in an advisory this week. The May 22 CISA advisory builds on a Commvault   show more ...

warning earlier this month that nation-state threat actors were exploiting CVE-2025-3928 to target Commvault applications hosted in their Microsoft Azure cloud environment in an attempt to access customer Microsoft 365 (M365) environments. CISA’s new advisory says the agency believes the Commvault M365 threat “may be part of a larger campaign targeting various SaaS companies’ cloud applications with default configurations and elevated permissions.” CISA offered no specifics on other SaaS apps that may be targeted, but CISA and Commvault both offered guidance for protecting Commvault and M365 environments, some of which could be applicable to other SaaS apps. Commvault M365 Threat Campaign Detailed According to CISA, threat actors may have accessed client secrets for Commvault’s Metallic Microsoft 365 backup SaaS solution hosted in Azure. “This provided the threat actors with unauthorized access to Commvault’s customers’ M365 environments that have application secrets stored by Commvault,” the advisory said. Commvault’s May 4 update on the incident said the nation-state threat actor “may have accessed a subset of app credentials that certain Commvault customers use to authenticate their M365 environments.” Commvault responded with several remedial actions, including rotating credentials and issuing customer recommendations. Commvault also provided guidance for M365, Dynamics 365 and EntraID backups configured with additional single-tenant app registrations. Commvault listed known IP addresses associated with the malicious activity for clients to block. Those IP addresses include: 69.148.100 92.80.210 153.42.129 6.189.53 223.17.243 242.42.20 Guidance for Protecting Commvault and M365 CISA recommended that organizations apply patches and updates and follow detailed mitigation guidance and best practices, which include: Monitor Entra audit logs for unauthorized modifications or new credentials to service principals initiated by Commvault applications and service principals, and handle deviations from regular login schedules as suspicious Review Microsoft Entra audit, Entra sign-in, and unified audit logs and conduct internal threat hunting For single tenant apps, implement a conditional access policy that limits authentication of an application service principal to an approved IP address listed within Commvault’s allowlisted range of IP addresses (conditional access policies require a Microsoft Entra Workload ID Premium License) Customers who can should establish a policy to regularly rotate credentials at least every 30 days Review the list of Application Registrations and Service Principals in Entra with administrative consent for higher privileges than needed Implement M365 security recommendations outlined in CISA’s Secure Cloud Business Applications (SCuBA) project Where possible, limit access to Commvault management interfaces to trusted networks and administrative systems Detect and block path-traversal attempts and suspicious file uploads by deploying a Web Application Firewall and removing external access to Commvault applications Monitor activity from unexpected directories, especially web-accessible paths.  

image for $223M Exploit Halts ...

 Cyber News

In the ever-volatile world of decentralized finance (DeFi), yet another major exploit has shaken investor confidence—this time with a staggering $223 million theft from Cetus Protocol, a key player in the Sui blockchain ecosystem. On May 22, Cetus announced an emergency pause of its smart contract following the   show more ...

detection of “an incident” impacting the protocol. Within hours, the scope of the breach became alarmingly clear: attackers had siphoned off roughly $223 million in digital assets. While the team acted swiftly to lock down the contract and halt further losses, the damage had already been done. “We took immediate action to lock our contract preventing further theft of funds,” the protocol posted on X. Swift Response Halts $162M Mid-Exploit The rapid response wasn’t just damage control—it prevented further catastrophe. Cetus confirmed that $162 million of the stolen assets were successfully paused, likely through disabling or restricting access to impacted contracts and freezing certain token transfers. The team also activated an ecosystem-wide alert, working closely with the Sui Foundation, associated builders, and blockchain security researchers to trace the stolen assets and mitigate collateral risks to other protocols operating within the Sui ecosystem. Root Cause Identified and Patched In a follow-up statement, Cetus confirmed it had identified the root cause of the exploit and patched the vulnerable package. It did not, however, disclose the technical details of the vulnerability.  Notably, they acted quickly to inform other developers and ecosystem partners, reducing the risk of similar exploits elsewhere. “We informed ecosystem builders as fast as we could with help from ecosystem members to prevent other teams being affected,” Cetus stated. This level of collaboration speaks to the maturing security response of newer blockchain ecosystems like Sui, which—despite still being in the early innings of adoption—are working to build reputational resilience in the face of inevitable technical setbacks. Law Enforcement and White Hat Negotiations In a move that’s becoming increasingly common in DeFi exploits, Cetus has identified the Ethereum wallet address linked to the attacker and is attempting to negotiate a whitehat settlement. The offer: return the funds in exchange for immunity from legal prosecution. “We have offered a time-sensitive whitehat settlement in exchange for the outstanding balance. Should the hacker accept our terms, we would also refrain from pursuing further legal action.” Cetus even made the negotiation offer public, sharing links on-chain: SuiVision Whitehat Offer Etherscan Transaction Log Simultaneously, Cetus has brought in anti-cybercrime organizations to assist with fund tracing and law enforcement engagement, in case negotiations fail and a legal path becomes inevitable. Also read: Morpho App Vulnerability Triggers $2.6M Incident, Funds Later Returned by White Hat Community Reactions and Market Fallout While the crypto market has largely learned to absorb shock from exploits of this magnitude, sentiment around newer Layer 1 ecosystems like Sui has taken a hit. Community members on social media praised the speed of the response, but many also questioned the underlying security audit processes that failed to catch such a high-impact vulnerability. As DeFi matures, the industry is being forced to reckon with an uncomfortable truth: innovative code doesn't always mean secure code. Also read: Abracadabra Cyberattack: How Hackers Drained $13M from DeFi Platform What’s Next for Cetus Protocol? The protocol has promised a full post-mortem report once the investigation is complete, and all eyes are now on how much of the $223 million will be recovered—or lost forever. In the meantime, Cetus says its highest priority is fund recovery and is keeping communication channels open for updates. While the full impact remains to be seen, this breach is a stark reminder that even in the most promising ecosystems, one exploit can undo months of growth and trust. For investors, developers, and DeFi platforms alike, the Cetus incident underscores a critical mantra in web3: move fast, but patch faster. This is a developing story. The Cyber Express will continue to monitor and update as more details emerge.

image for Vulnerability in the ...

 News

Smart homes today are nothing like the science fiction in late-90s movies. Theyre a reality for almost everyone living in a major city. Youd be hard-pressed to find a modern apartment without smart electricity outlets, speaker, or TV. In new construction, youll sometimes see homes built smart right from the get-go,   show more ...

which results in entire smart residential complexes. Residents can manage not just their in-apartment devices, but also external systems like intercoms, cameras, gates, utility meters, and fire alarms – all through a single app. But what happens if theres a security hole in an app like that? Our experts in the Global Research and Analysis Team (GReAT) know the answer. Theyve uncovered a vulnerability in the Rubetek Home app and explored the potential security risks for smart-home owners, which, thankfully, didnt materialize. What the vulnerability was all about This vulnerability stemmed from the app sending sensitive data during its logging process. The developers used the Telegram Bot API to collect analytics and send debug information files from users to a private development-team chat via a Telegram bot. The problem was that these files, in addition to system information, contained users personal data and, more critically, refresh tokens needed to authorize access to the users account. Potential attackers could have forwarded all these files to themselves using the same Telegram bot. To do this, they could obtain its Telegram token and the chat ID from the app code, and then iterate through the sequential numbers of messages containing the files. Recently, logging events via Telegram has become increasingly popular. Its convenient and fast to receive important notifications in messenger. However, this approach requires caution: we recommend not to forward sensitive data in the application logs, and, in addition, to prohibit copying and forwarding content from the group in Telegram settings or use the protect_content parameter when sending a message through a Telegram bot. Important note: we contacted Rubetek immediately upon discovering the vulnerability. At the time of this post, the issue had been fixed. Potential attackers could have gained access to data that all of the users apps were sending to the developer. The list of this data is mind-boggling: Full name, email address or cellphone number, and address of the property linked to the app List of devices linked to the smart-home system Information about events logged by smart devices, like whether the home was armed or disarmed, or whether any suspicious sounds were picked up by cameras System information about devices within the local home network: MAC address, IP address, and device type IP addresses for connecting to cameras over the WebRTC protocol Snapshots from smart cameras and intercoms The users chats with form of assistance Tokens allowing to initiate a new session with the users account Users of both Android and iOS apps were at risk. What happens if bad actors actually gain control of your smart home? This wide range of data could have allowed for comprehensive surveillance – permitting knowing who lives where and on which days they arent home. Criminals could have learned someones schedule and, during those empty hours, enter any apartment after remotely disabling cameras and other security systems through the app. While such a blatant break-in would certainly have been noticed, there are other, more subtle possibilities. For example, by exploiting the vulnerability, attackers could have remotely changed the colors of smart lightbulbs and floor temperatures, endlessly turning lights on and off, causing the homeowners a noticeable financial loss. Whats even more unsettling was the potential for an attacker to target not just one apartment or house, but thousands of residents in an entire complex. Of course, simultaneously disabling access-control systems wouldnt have gone unnoticed by the building management, but how quickly would they work out what was happening, and what damage could residents suffer in the meantime? How to secure your smart home Keep in mind that the type of vulnerabilities were discussing could be present in other smart-home apps as well. Being one of millions of customers, you have virtually no way of knowing if an app has been compromised. Therefore, if you notice even the slightest kinds of suspicious activity, such as new people on your guest list, unauthorized opening and closing of gates and doors, and so on, we recommend contacting the app administrator and vendor as soon as possible. Back in a more common scenario, like using smart devices within your own apartment with no network administrator to turn to, we recommend following these rules: Secure your Wi-Fi router by changing the default password to a stronger one, disable WPS, and enable WPA2 encryption. Create a dedicated Wi-Fi network for your smart-home devices, and set a different password for it. Modern routers support guest networks, so if, say, a smart cradle is hacked, criminals wont gain access to your computers or smartphones. Use the Kaspersky Premium app to regularly check your network for unauthorized devices. If everything is fine, Smart Home Monitor will only show information about your devices. Set strong passwords for each device. You dont have to memorize them: Kaspersky Password Manager can handle that. Regularly update the firmware of all your smart devices – including your router. Check out these links to explore other potential risks of a hacked smart home and ways to protect your property. How to secure your smart home IP camera security: the bad, the ugly, and the evil Home smart home Are your TV, smartphone, and smart speakers eavesdropping on you? Hole in the bowl: smart pet feeder springs a leak

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," the agency said. "This

 Feed

Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users to write,

 Feed

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization. The malware, the DoJ said, infected more than 300,000

 Feed

Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network. The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into

 Feed

As part of the latest "season" of Operation Endgame, a coalition of law enforcement agencies have taken down about 300 servers worldwide, neutralized 650 domains, and issued arrest warrants against 20 targets. Operation Endgame, first launched in May 2024, is an ongoing law enforcement operation targeting services and infrastructures assisting in or directly providing initial or consolidating

 Feed

From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K stars and a rapidly growing global user base. This walkthrough covers what SafeLine is, how it works, and why it’s

 Feed

The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. "The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk," Expel said in a report shared with The Hacker News. "This removes many opportunities for browsers or security

 Feed

ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure

 1 - Cyber Security News Post

Source: hackread.com – Author: Waqas. Coca-Cola and its bottling partner, Coca-Cola Europacific Partners (CCEP), are facing separate cyberattack claims from two distinct threat groups. The Everest ransomware gang says it has breached Coca-Cola’s systems, while another group named Gehenna (aka GHNA) is   show more ...

offering what it claims is a massive database stolen from CCEP’s Salesforce environment. […] La entrada Coca-Cola, Bottling Partner Named in Separate Ransomware and Data Breach Claims – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Waqas. In one of the largest global law enforcement actions against dark web crime to date, authorities from ten countries have arrested 270 individuals involved in drug trafficking, weapons sales, and the distribution of counterfeit goods online. The operation has been dubbed   show more ...

Operation RapTor. Coordinated by Europol and the U.S. Department […] La entrada Operation RapTor: 270 Arrested in Global Crackdown on Dark Web Vendors – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Waqas. Cybersecurity researcher Jeremiah Fowler discovered a misconfigured cloud server containing a massive 184 million login credentials, likely collected using infostealer malware. Cybersecurity researcher Jeremiah Fowler has discovered a misconfigured and unprotected database,   show more ...

containing over 184 million unique login names and passwords. According to Fowler’s research, shared with Hackread.com, this exposed […] La entrada Database Leak Reveals 184 Million Infostealer-Harvested Emails and Passwords – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Owais Sultan. Ever tried resizing an image only to end up with a blurry, pixelated mess? Whether you’re adjusting a photo for a website, social media, or an email campaign, keeping your images sharp and professional is essential. But if you’ve worked with JPEG files, you’ve   show more ...

probably noticed how resizing can […] La entrada Why Image Quality Drops When Resizing a JPEG (and How to Fix It) – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. A 19-year-old college student faces charges after pleading guilty to cyber extortion targeting PowerSchool, exposing data of 60 million+ students & 10 million teachers. Learn about the repercussions of this breach dubbed the largest in US schools’ history. A   show more ...

19-year-old college student, Matthew D. Lane from Sterling, Massachusetts, has […] La entrada 19-Year-Old Admits to PowerSchool Data Breach Extortion – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cryptocurrency

Source: www.bitdefender.com – Author: Graham Cluley The US Department of Justice (DOJ) has turned up the heat on a multi-national cryptocurrency fraud ring that allegedly swindled over a quarter of a billion dollars from victims worldwide. The charges, filed under the Racketeer Influenced and Corrupt   show more ...

Organizations Act (RICO), bring the total number of defendants in […] La entrada DOJ charges 12 more in $263 million crypto fraud takedown where money was hidden in squishmallow stuffed animals – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 critical infrastructure

Source: grahamcluley.com – Author: Graham Cluley Skip to content In this week’s episode, Graham investigates the mysterious Iberian Peninsula blackout (aliens? toaster? cyberattack?), Carole dives in the UK legal aid hack that exposed deeply personal data of society’s most vulnerable, and Dinah Davis   show more ...

recounts how Instagram scammers hijacked her daughter’s account – and how a […] La entrada Smashing Security podcast #418: Grid failures, Instagram scams, and Legal Aid leaks – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AA25-141A

Source: socprime.com – Author: Veronika Telychko A coordinated advisory from cybersecurity and intelligence agencies across North America, Europe, and Australia confirms a two-year-long cyberespionage campaign by russian GRU Unit 26165 (APT28, Forest Blizzard, Fancy Bear). The campaign targets logistics and   show more ...

tech providers facilitating foreign aid to Ukraine. Detect APT28 (Forest Blizzard, Fancy Bear) Attacks Against […] La entrada Detect APT28 Attacks: russian GRU Unit 26156 Targets Western Logistics and Technology Companies Coordinating Aid to Ukraine in a Two-Year Hacking Campaign – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI-Generated

Source: www.infosecurity-magazine.com – Author: A new malware campaign has been observed using TikTok’s viral nature and vast user base to spread information-stealing malware such as Vidar and StealC. According to a new advisory by Trend Micro, this latest social engineering effort marks a shift from   show more ...

traditional malicious tactics, exploiting the platform’s reach and user trust […] La entrada AI-Generated TikTok Videos Used to Distribute Infostealer Malware – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Kettering Health, a major healthcare provider in western Ohio, US, is dealing with the aftermath of a systemwide outage caused by a cyber-attack. The incident disrupted internal systems and forced the cancellation of elective inpatient and outpatient procedures   show more ...

across its 14 hospitals and over 120 facilities. As of May 22, emergency […] La entrada Kettering Health Cyber-Attack Disrupts Services – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Coinbase

Source: www.infosecurity-magazine.com – Author: Written by The large-scale extortion scheme targeting Coinbase customers has affected close to 70,000 individuals, according to a new official document from the US-based cryptocurrency exchange. Following its disclosure of the breach on May 15, Coinbase filed a   show more ...

data breach notification to the Office of Maine’s Attorney General on May 21. […] La entrada Coinbase Breach Affected Almost 70,000 Customers – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: www.infosecurity-magazine.com – Author: Three critical vulnerabilities have been reported in Versa Concerto, an orchestration platform for Versa Networks’ Software-Defined Wide Area Network (SD-WAN) and Secure Access Service Edge (SASE) solutions. Versa has not released a patch for any of the   show more ...

vulnerabilities, despite being made aware of the issues in mid-February. Three Critical Flaws in […] La entrada Critical Zero-Days Found in Versa Networks SD-WAN/SASE Platform – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 A Little Sunshine

Source: krebsonsecurity.com – Author: BrianKrebs The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of   show more ...

DanaBot was used for espionage, and that many of the defendants […] La entrada Oops: DanaBot Malware Devs Infected Their Own PCs – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier Technology and innovation have transformed every part of society, including our electoral experiences. Campaigns are spending and doing more than at any other time in history. Ever-growing war chests fuel billions of voter contacts every cycle. Campaigns now   show more ...

have better ways of scaling outreach methods and offer volunteers and […] La entrada The Voter Experience – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 All things Heimdal

Source: heimdalsecurity.com – Author: Guest Author Social engineering and AI-driven fraud are climbing to the top of global security concerns. The World Economic Forum lists them among the biggest cybersecurity threats of 2025. And the threat is no longer just spam emails with obvious typos. Today’s scams   show more ...

are targeted, convincing, and increasingly powered by artificial intelligence. […] La entrada The evolution of social engineering and the rise of AI-powered cybercrime – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: Votiro When it comes to data security, the usual suspects get all the attention. We lock down PII, PCI, and PHI like Fort Knox, understandably so, with regulators breathing down our necks. But lurking in the shadows of email threads, shared drives, and cloud folders is a   show more ...

different beast. It’s powerful […] La entrada Material Nonpublic Information: Why It Deserves Enterprise-Grade Protection – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: cybernewswire Miami, Fla., May 22, 2025, CyberNewsWire — Halo Security, a leading provider of attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type 1 compliance following a comprehensive audit by Insight   show more ...

Assurance. This certification validates that Halo Security’s security controls and practices are properly […] La entrada News Alert: Halo Security reaches SOC 2 milestone, validating its security controls and practices – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: securityaffairs.com – Author: Pierluigi Paganini Law enforcement operation codenamed ‘Operation RapTor’ led to the arrest of 270 dark web vendors and buyers across 10 countries. Police arrested 270 suspects following an international law enforcement action codenamed ‘Operation RapTor’ that   show more ...

targeted dark web vendors and customers from ten countries. The Operation RapTor has dismantled networks […] La entrada Operation RapTor led to the arrest of 270 dark web vendors and buyers – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy Cobalt Strike and VShell. Cisco Talos researchers attribute the exploitation of the CVE-2025-0994 in Trimble Cityworks to Chinese-speaking threat actor   show more ...

UAT-6382, based on tools and TTPs used in the intrusions. The vulnerability CVE-2025-0994 (CVSS […] La entrada Chinese threat actors exploited Trimble Cityworks flaw to breach U.S. local government networks – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung MagicINFO 9   show more ...

Server vulnerability, tracked as CVE-2025-4632 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is […] La entrada U.S. CISA adds a Samsung MagicINFO 9 Server flaw to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Signal implements new screen security on Windows 11, blocking screenshots by default to protect user privacy from Microsoft’s Recall feature. A Signal update for the Windows app prevents the system from capturing screenshots by default. The feature   show more ...

protects users’ privacy from Microsoft’s Recall feature. “Signal Desktop now includes support […] La entrada New Signal update stops Windows from capturing user chats – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: securityaffairs.com – Author: Pierluigi Paganini Microsoft found 394,000 Windows systems talking to Lumma stealer controllers, a victim pool that included global manufacturers. A US court order, with Europol and Japan’s JC3 dismantled the Lumma Stealer malware operation, seizing 2,300 domains used for   show more ...

command-and-control and blocking dark web markets offering the infostealer. A US court […] La entrada Law enforcement dismantled the infrastructure behind Lumma Stealer MaaS – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A new large-scale law enforcement operation to disrupt fentanyl and opioid trafficking, as well as the sales of other illicit goods and services on the dark web, resulted in 270 arrests of dark web vendors and buyers across four continents. This effort was led by   show more ...

Europol as part of Operation RapTor […] La entrada Global Dark Web Sting Sees 270 Arrested – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Written by DragonForce is fighting a “turf war” with rival ransomware operators as it seeks to assert its dominance in the cybercrime marketplace, according to new Sophos research. The group appears to be responsible for RansomHub’s infrastructure outage in   show more ...

late March 2025, which contributed to a significant fall in ransomware attacks […] La entrada DragonForce Engages in “Turf War” for Ransomware Dominance – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: www.infosecurity-magazine.com – Author: Three critical vulnerabilities have been reported in Versa Concerto, an orchestration platform for Versa Networks’ Software-Defined Wide Area Network (SD-WAN) and Secure Access Service Edge (SASE) solutions. Versa has not publicly released a patch for any of the   show more ...

vulnerabilities, despite being made aware of the issues in mid-February. Three Critical Flaws […] La entrada Critical Vulnerabilities Found in Versa Networks SD-WAN/SASE Platform – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which   show more ...

it said was controlled by a Russia-based cybercrime organization. The malware, […] La entrada U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. “The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being   show more ...

written to disk,” Expel said in a report shared with […] La entrada Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network. The threat actor has been observed exploiting a critical security   show more ...

flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 […] La entrada ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . As part of the latest “season” of Operation Endgame, a coalition of law enforcement agencies have taken down about 300 servers worldwide, neutralized 650 domains, and issued arrest warrants against 20 targets. Operation Endgame, first launched in May 2024, is an   show more ...

ongoing law enforcement operation targeting services and infrastructures assisting […] La entrada 300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over   show more ...

16.4K stars and a rapidly growing global user base. This walkthrough […] La entrada SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Austrian privacy non-profit noyb (none of your business) has sent Meta’s Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users’ data for training its artificial intelligence   show more ...

(AI) models without an explicit opt-in. The move comes weeks after […] La entrada Noyb Threatens Meta with Lawsuit for Violating GDPR to Train AI on E.U. User Data From May 27 – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: www.darkreading.com – Author: Tiago Henriques Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security   show more ...

solution. There are several actions that could trigger this […] La entrada 3 Critical Pillars of Cyber-Resilience – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered   show more ...

the security solution. There are several actions that could […] La entrada How AI Is Transforming SASE, Zero Trust for Modern Enterprises – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jimmy Astle Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution.   show more ...

There are several actions that could trigger this […] La entrada Rethinking Data Privacy in the Age of Generative AI – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the   show more ...

security solution. There are several actions that could […] La entrada 3 Severe Bugs Patched in Versa’s Concerto Orchestrator – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Companies

Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered   show more ...

the security solution. There are several actions that could […] La entrada Companies Look to AI to Tame the Chaos of Event Security, Operations – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-05
Aggregator history
Friday, May 23
THU
FRI
SAT
SUN
MON
TUE
WED
MayJuneJuly