Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Apple Patches Flaw E ...

 Cyber News

Apple has fixed a vulnerability that was used in zero-click attacks that installed Paragon Graphite spyware on the iPhones of two European journalists. Apple patched the vulnerability – CVE-2025-43200 – in iOS 18.3.1 back in February but didn’t add it to the advisory until this week. In the Messages   show more ...

vulnerability, “A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link,” the updated Apple advisory says. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.” While Apple didn’t provide details of the attack, the updated advisory coincided with the publication of a Citizen Lab report that CVE-2025-43200 was used in zero-click attacks to install Paragon spyware on the iPhones of two European journalists. Paragon Spyware Attacks Detailed The Citizen Lab report said that on April 29, 2025, “a select group of iOS users were notified by Apple that they were targeted with advanced spyware.” While the size of that group is unknown, two journalists in the group – an anonymous European journalist and Italian journalist Ciro Pellegrino – provided their devices to Citizen Lab for technical analysis. That analysis linked the targeting of the two journalists “to the same Paragon operator,” the Citizen Lab report said. The Paragon operator and the reasons the journalists were targeted remain unknown. Citizen Lab said its forensic analysis concluded that the anonymous journalist’s device was compromised in January and early February 2025 while running iOS 18.2.1. Logs on the device “indicated that it made a series of requests to a server that, during the same time period, matched our published Fingerprint P1. We linked this fingerprint to Paragon’s Graphite spyware with high confidence.” An iMessage account was identified in the device logs around the same time that the phone was communicating with Paragon server 46.183.184[.]91. “Based on our forensic analysis, we conclude that this account was used to deploy Paragon’s Graphite spyware using a sophisticated iMessage zero-click attack,” Citizen Lab said. “We believe that this infection would not have been visible to the target.” The same iMessage account appeared in the device logs of Pellegrino’s iPhone, “which we associate with a Graphite zero-click infection attempt.” As each customer of a mercenary spyware company typically has their own dedicated infrastructure, the account “would be used exclusively by a single Graphite customer / operator, and we conclude that this customer targeted both individuals.” Links to Other Paragon Spyware Cases Pellegrino was the second journalist at Fanpage.it known to be targeted with Paragon spyware, suggesting that the news organization itself may have been a target. In the first Fanpage case, editor Francesco Cancellato was notified in January 2025 by WhatsApp that he was targeted with Paragon spyware. “At the time of publishing, three European journalists have been confirmed as targets of Paragon’s graphite mercenary spyware,” Citizen Lab said. “... Yet to date, there has been no explanation as to who is responsible for spying on these journalists. “Furthermore, the confirmation of a second case linked to a specific Italian news outlet (Fanpage.it) adds urgency to the question of which Paragon customer is responsible for this targeting, and pursuant to what legal authority (if any) this targeting took place. “The lack of accountability available to these spyware targets highlights the extent to which journalists in Europe continue to be subjected to this highly invasive digital threat, and underlines the dangers of spyware proliferation and abuse.”

image for Inside a Dark Adtech ...

 A Little Sunshine

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout   show more ...

from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known. Image: Infoblox. In November 2024, researchers at the security firm Qurium published an investigation into “Doppelganger,” a disinformation network that promotes pro-Russian narratives and infiltrates Europe’s media landscape by pushing fake news through a network of cloned websites. Doppelganger campaigns use specialized links that bounce the visitor’s browser through a long series of domains before the fake news content is served. Qurium found Doppelganger relies on a sophisticated “domain cloaking” service, a technology that allows websites to present different content to search engines compared to what regular visitors see. The use of cloaking services helps the disinformation sites remain online longer than they otherwise would, while ensuring that only the targeted audience gets to view the intended content. Qurium discovered that Doppelganger’s cloaking service also promoted online dating sites, and shared much of the same infrastructure with VexTrio, which is thought to be the oldest malicious traffic distribution system (TDS) in existence. While TDSs are commonly used by legitimate advertising networks to manage traffic from disparate sources and to track who or what is behind each click, VexTrio’s TDS largely manages web traffic from victims of phishing, malware, and social engineering scams. BREAKING BAD Digging deeper, Qurium noticed Doppelganger’s cloaking service used an Internet provider in Switzerland as the first entry point in a chain of domain redirections. They also noticed the same infrastructure hosted a pair of co-branded affiliate marketing services that were driving traffic to sketchy adult dating sites: LosPollos[.]com and TacoLoco[.]co. The LosPollos ad network incorporates many elements and references from the hit HBO series “Breaking Bad,” mirroring the fictional “Los Pollos Hermanos” restaurant chain that served as a money laundering operation for a violent methamphetamine cartel. The LosPollos advertising network invokes characters and themes from the hit show Breaking Bad. The logo for LosPollos (upper left) is the image of Gustavo Fring, the fictional chicken restaurant chain owner in the show. Affiliates who sign up with LosPollos are given JavaScript-heavy “smartlinks” that drive traffic into the VexTrio TDS, which in turn distributes the traffic among a variety of advertising partners, including dating services, sweepstakes offers, bait-and-switch mobile apps, financial scams and malware download sites. LosPollos affiliates typically stitch these smart links into WordPress websites that have been hacked via known vulnerabilities, and those affiliates will earn a small commission each time an Internet user referred by any of their hacked sites falls for one of these lures. The Los Pollos advertising network promoting itself on LinkedIn. According to Qurium, TacoLoco is a traffic monetization network that uses deceptive tactics to trick Internet users into enabling “push notifications,” a cross-platform browser standard that allows websites to show pop-up messages which appear outside of the browser. For example, on Microsoft Windows systems these notifications typically show up in the bottom right corner of the screen — just above the system clock. In the case of VexTrio and TacoLoco, the notification approval requests themselves are deceptive — disguised as “CAPTCHA” challenges designed to distinguish automated bot traffic from real visitors. For years, VexTrio and its partners have successfully tricked countless users into enabling these site notifications, which are then used to continuously pepper the victim’s device with a variety of phony virus alerts and misleading pop-up messages. Examples of VexTrio landing pages that lead users to accept push notifications on their device. According to a December 2024 annual report from GoDaddy, nearly 40 percent of compromised websites in 2024 redirected visitors to VexTrio via LosPollos smartlinks. ADSPRO AND TEKNOLOGY On November 14, 2024, Qurium published research to support its findings that LosPollos and TacoLoco were services operated by Adspro Group, a company registered in the Czech Republic and Russia, and that Adspro runs its infrastructure at the Swiss hosting providers C41 and Teknology SA. Qurium noted the LosPollos and TacoLoco sites state that their content is copyrighted by ByteCore AG and SkyForge Digital AG, both Swiss firms that are run by the owner of Teknology SA, Guilio Vitorrio Leonardo Cerutti. Further investigation revealed LosPollos and TacoLoco were apps developed by a company called Holacode, which lists Cerutti as its CEO. The apps marketed by Holacode include numerous VPN services, as well as one called Spamshield that claims to stop unwanted push notifications. But in January, Infoblox said they tested the app on their own mobile devices, and found it hides the user’s notifications, and then after 24 hours stops hiding them and demands payment. Spamshield subsequently changed its developer name from Holacode to ApLabz, although Infoblox noted that the Terms of Service for several of the rebranded ApLabz apps still referenced Holacode in their terms of service. Incredibly, Cerutti threatened to sue me for defamation before I’d even uttered his name or sent him a request for comment (Cerutti sent the unsolicited legal threat back in January after his company and my name were merely tagged in an Infoblox post on LinkedIn about VexTrio). Asked to comment on the findings by Qurium and Infoblox, Cerutti vehemently denied being associated with VexTrio. Cerutti asserted that his companies all strictly adhere to the regulations of the countries in which they operate, and that they have been completely transparent about all of their operations. “We are a group operating in the advertising and marketing space, with an affiliate network program,” Cerutti responded. “I am not [going] to say we are perfect, but I strongly declare we have no connection with VexTrio at all.” “Unfortunately, as a big player in this space we also get to deal with plenty of publisher fraud, sketchy traffic, fake clicks, bots, hacked, listed and resold publisher accounts, etc, etc.,” Cerutti continued. “We bleed lots of money to such malpractices and conduct regular internal screenings and audits in a constant battle to remove bad traffic sources. It is also a highly competitive space, where some upstarts will often play dirty against more established mainstream players like us.” Working with Qurium, researchers at the security firm Infoblox released details about VexTrio’s infrastructure to their industry partners. Just four days after Qurium published its findings, LosPollos announced it was suspending its push monetization service. Less than a month later, Adspro had rebranded to Aimed Global. A mind map illustrating some of the key findings and connections in the Infoblox and Qurium investigations. Click to enlarge. A REVEALING PIVOT In March 2025, researchers at GoDaddy chronicled how DollyWay — a malware strain that has consistently redirected victims to VexTrio throughout its eight years of activity — suddenly stopped doing that on November 20, 2024. Virtually overnight, DollyWay and several other malware families that had previously used VexTrio began pushing their traffic through another TDS called Help TDS. Digging further into historical DNS records and the unique code scripts used by the Help TDS, Infoblox determined it has long enjoyed an exclusive relationship with VexTrio (at least until LosPollos ended its push monetization service in November). In a report released today, Infoblox said an exhaustive analysis of the JavaScript code, website lures, smartlinks and DNS patterns used by VexTrio and Help TDS linked them with at least four other TDS operators (not counting TacoLoco). Those four entities — Partners House, BroPush, RichAds and RexPush — are all Russia-based push monetization programs that pay affiliates to drive signups for a variety of schemes, but mostly online dating services. “As Los Pollos push monetization ended, we’ve seen an increase in fake CAPTCHAs that drive user acceptance of push notifications, particularly from Partners House,” the Infoblox report reads. “The relationship of these commercial entities remains a mystery; while they are certainly long-time partners redirecting traffic to one another, and they all have a Russian nexus, there is no overt common ownership.” Renee Burton, vice president of threat intelligence at Infoblox, said the security industry generally treats the deceptive methods used by VexTrio and other malicious TDSs as a kind of legally grey area that is mostly associated with less dangerous security threats, such as adware and scareware. But Burton argues that this view is myopic, and helps perpetuate a dark adtech industry that also pushes plenty of straight-up malware, noting that hundreds of thousands of compromised websites around the world every year redirect victims to the tangled web of VexTrio and VexTrio-affiliate TDSs. “These TDSs are a nefarious threat, because they’re the ones you can connect to the delivery of things like information stealers and scams that cost consumers billions of dollars a year,” Burton said. “From a larger strategic perspective, my takeaway is that Russian organized crime has control of malicious adtech, and these are just some of the many groups involved.” WHAT CAN YOU DO? As KrebsOnSecurity warned way back in 2020, it’s a good idea to be very sparing in approving notifications when browsing the Web. In many cases these notifications are benign, but as we’ve seen there are numerous dodgy firms that are paying site owners to install their notification scripts, and then reselling that communications pathway to scammers and online hucksters. If you’d like to prevent sites from ever presenting notification requests, all of the major browser makers let you do this — either across the board or on a per-website basis. While it is true that blocking notifications entirely can break the functionality of some websites, doing this for any devices you manage on behalf of your less tech-savvy friends or family members might end up saving everyone a lot of headache down the road. To modify site notification settings in Mozilla Firefox, navigate to Settings, Privacy & Security, Permissions, and click the “Settings” tab next to “Notifications.” That page will display any notifications already permitted and allow you to edit or delete any entries. Tick the box next to “Block new requests asking to allow notifications” to stop them altogether. In Google Chrome, click the icon with the three dots to the right of the address bar, scroll all the way down to Settings, Privacy and Security, Site Settings, and Notifications. Select the “Don’t allow sites to send notifications” button if you want to banish notification requests forever. In Apple’s Safari browser, go to Settings, Websites, and click on Notifications in the sidebar. Uncheck the option to “allow websites to ask for permission to send notifications” if you wish to turn off notification requests entirely.

 Feed

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1,

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider. "This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp

 Feed

Introduction: Security at a Tipping Point Security Operations Centers (SOCs) were built for a different era, one defined by perimeter-based thinking, known threats, and manageable alert volumes. But today’s threat landscape doesn’t play by those rules. The sheer volume of telemetry, overlapping tools, and automated alerts has pushed traditional SOCs to the edge. Security teams are overwhelmed,

 Feed

Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an "esoteric and educational programming style" that uses only a limited set of characters to write and execute code.

 Data loss

Bert is a recently-discovered strain of ransomware that encrypts victims' files and demands a payment for the decryption key. Read more in my article on the Fortra blog.

 Privacy

According to a new report, there are 13 China-owned VPN apps in the Apple App Store. None of them clearly disclose their links to China, and some use shell companies to hide their origin.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Exclusive Cybercriminals broke into systems belonging to the UK’s NHS Professionals body in May 2024, stealing its Active Directory database, but the healthcare organization never publicly disclosed it, The Register can reveal. NHS Professionals (NHSP) is   show more ...

a private organization owned by the Department of Health and Social Care (DHSC), […] La entrada ‘Major compromise’ at NHS temping arm exposed gaping security holes – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that’s designed to   show more ...

distribute malicious content. “VexTrio is a group of malicious adtech […] La entrada WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model’s (LLM) safety and content moderation guardrails with just a single character change. “The TokenBreak attack targets a text   show more ...

classification model’s tokenization strategy to induce false negatives, leaving end targets vulnerable […] La entrada New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 agents

Source: thehackernews.com – Author: . AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you’re not paying attention. Behind every AI agent, chatbot, or automation script lies   show more ...

[…] La entrada AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . A novel attack technique named EchoLeak has been characterized as a “zero-click” artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot’s context sans any user interaction. The   show more ...

critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer […] La entrada Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI security   show more ...

platform is here to close the gap. Enterprises are […] La entrada Non-Human Identities: How to Address the Expanding Security Risk – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. Cybersecurity firm Aim Labs has uncovered a serious new security problem, named EchoLeak, affecting Microsoft 365 (M365) Copilot, a popular AI assistant. This flaw is a zero-click vulnerability, meaning attackers can steal sensitive company information without user   show more ...

interaction. Aim Labs has shared details of this vulnerability and how it […] La entrada EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. A new study by BitSight TRACE shows that over 40,000 security cameras connected to the internet are openly available for anyone to see. These cameras, meant to keep us safe, are actually putting us at risk because they don’t have passwords or any protection.   show more ...

Bitsight first warned about this […] La entrada US Tops List of Unsecured Cameras Exposing Homes and Offices – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Steven Edwards How It Works Uncoder AI reads a Sigma detection rule designed to identify DNS queries to malicious domains linked with the Katz Stealer malware family. It then automatically rewrites the logic into a fully compatible Microsoft Defender for Endpoint (MDE) Advanced   show more ...

Hunting query using the Kusto Query Language (KQL). […] La entrada Sigma-to-MDE Query Conversion: DNS Detection for Katz Stealer via Uncoder AI – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Steven Edwards How It Works This feature enables detection engineers to seamlessly convert Sigma rules into Google SecOps Query Language (UDM). In the screenshot, the original Sigma rule is designed to detect DNS queries to known Katz Stealer domains — a malware family   show more ...

associated with data exfiltration and command-and-control activity. Left […] La entrada Detect DNS Threats in Google SecOps: Katz Stealer Rule Conversion with Uncoder AI – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.troyhunt.com – Author: Troy Hunt It’s time to fly! It’s two months to the day since we came back from the last European trip, again spending the time with some of the agencies and partners we’ve fostered at HIBP over the years. This time, it’s the driving tour I talked about   show more ...

earlier last month, […] La entrada Weekly Update 456 – Source: www.troyhunt.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Security researchers at Citizen Lab revealed that Paragon’s Graphite spyware can hack fully updated iPhones via zero-click attacks. Citizen Lab has confirmed that Paragon’s Graphite spyware was used to hack fully updated iPhones, targeting at least   show more ...

two journalists in Europe. The group found forensic evidence showing the phones had […] La entrada Paragon Graphite Spyware used a zero-day exploit to hack at least two journalists’ iPhones – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by attackers, US CISA warns. U.S. CISA warns of two vulnerabilities in SinoTrack GPS devices that remote attackers can exploit to access a vehicle’s   show more ...

device profile without permission. The researchers warn that potential exploitation could […] La entrada SinoTrack GPS device flaws allow remote vehicle control and location tracking – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and   show more ...

ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: […] La entrada U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Over 40,000 internet-exposed security cameras worldwide are vulnerable to remote hacking, posing serious privacy and security risks. Bitsight warns that over 40,000 security cameras worldwide are exposed to remote hacking due to unsecured HTTP or RTSP   show more ...

(Real-Time Streaming Protocol) access. These cameras stream live feeds openly via IP addresses, […] La entrada Exposed eyes: 40,000 security cameras vulnerable to remote hacking – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 A Little Sunshine

Source: krebsonsecurity.com – Author: BrianKrebs Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online   show more ...

hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad […] La entrada Inside a Dark Adtech Empire Fed by Fake CAPTCHAs – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Michael Lyborg How to Develop a Cybersecurity Strategy in 7 Steps  Developing a cyber security strategy involves these key phases: establishing your governance and compliance foundation, assessing your current security posture and identifying gaps, defining clear   show more ...

strategic objectives, creating detailed roadmaps and action plans, selecting and integrating appropriate technologies and controls, […] La entrada 7 Steps to Developing a Cybersecurity Strategy – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Compliance

Source: securityboulevard.com – Author: Alison Mack Is Assured Compliance Your Ultimate Goal? Consider Effective NHI Management Ever wondered how Non-Human Identities (NHIs) and Secrets Security Management could significantly enhance your cybersecurity strategy and lead to assured compliance? With the   show more ...

ever-increasing threats, it is essential for every organization, regardless of its sector, to prioritize robust strategies […] La entrada Assured Compliance Through Effective NHI Management – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Alison Mack Does Non-Human Identity Management Hold the Key to Effective Cybersecurity? The management of Non-Human Identities (NHIs) and secrets has emerged as a pivotal component. For organizations aiming to bolster their cybersecurity strategy, the integration of NHI   show more ...

management can yield substantial benefits. But what is NHI management, and how can […] La entrada Freedom to Choose Your NHI Security Approach – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Application Security

Source: securityboulevard.com – Author: Marc Handelman Author/Presenter: Jon “maddog” Hall (Board Chair Emeritus: Linux Professional Institute, Founder: Project Cauã, Co-Founder: Caninos Loucos, Technical Advisor: QSentinel, Executive Director: Linux® International®) Our sincere appreciation to LinuxFest   show more ...

Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video […] La entrada LinuxFest Northwest: LFNW 2025: In The Beginning… – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

As part of their spotlight month, the Women Engineers in Government Contractor Careers Affinity Group explores how women in government contracting are building community and changing the face of national security. Source Views: 0 La entrada Mission-Driven Engineering With SWE’s WEgcc Affinity Group se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: thehackernews.com – Author: . Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of   show more ...

iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia […] La entrada Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons Both Apple’s and Google’s online stores offer free virtual private network (VPN) apps owned by Chinese companies, according to researchers at the Tech Transparency Project, and they don’t make this fact readily known to people downloading the   show more ...

apps. Neither company requires all app developers in their respective stores to […] La entrada Do you trust Xi with your ‘private’ browsing data? Apple, Google stores still offer China-based VPNs, report says – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: go.theregister.com – Author: Connor Jones Apple has updated its iOS/iPadOS 18.3.1 documentation, confirming it introduced fixes for the zero-click vulnerability used to infect journalists with Paragon’s Graphite spyware. The infections were confirmed when two journalists approached spyware   show more ...

researchers at The Citizen Lab after receiving notifications from Apple in April that they were targeted by […] La entrada Apple fixes zero-click exploit underpinning Paragon spyware attacks – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Cybersecurity hiring managers need a reality check when it comes to hiring junior staff, with job adverts littered with unfair expectations that are hampering recruitment efforts, says industry training and cert issuer ISC2. According to the organization’s   show more ...

latest hiring trends study, entry-level and junior job descriptions contain requirements that […] La entrada Wanted: Junior cybersecurity staff with 10 years’ experience and a PhD – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-06
Aggregator history
Friday, June 13
SUN
MON
TUE
WED
THU
FRI
SAT
JuneJulyAugust