Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for United Australia Par ...

 Firewall Daily

The United Australia Party (UAP), led by mining magnate Clive Palmer, has confirmed that it fell victim to a cyberattack late last month, resulting in a serious UAP data breach that may have exposed personal and sensitive information belonging to members, supporters, and others associated with the party.  In an   show more ...

official notification, the UAP revealed that the cyberattack occurred on June 23, 2025, and was identified as a ransomware incident. This UAP cyberattack reportedly involved unauthorized access to the party’s servers, leading to the potential exfiltration of a vast trove of data, including personal records and confidential communications.  The UAP data breach impacts not only the United Australia Party but also an affiliated group known as Trumpets of Patriots, collectively referred to as "the Political Parties" in the official notice.  Details of the UAP Data Breach The cyberattack on UAP allowed threat actors to gain entry to internal systems, compromising virtually all digital correspondence and records. “The data records potentially include all emails to and from the Political Parties (including their attachments) and documents and records created and/or held electronically by the Political Parties at any time in the past,” the notice stated.  [caption id="attachment_103885" align="aligncenter" width="750"] UAP data breach confirmed (Source: United Australia Party)[/caption] Sensitive information potentially affected includes names, email addresses, phone numbers, banking and identity documents, employment histories, and confidential files. However, the UAP acknowledged it cannot confirm the full extent of the breach, admitting, “We do not keep a record of all individuals who were on the server,” and concluded that it would be “impracticable to notify individuals” directly.  Response and Next Steps The United Australia Party cyberattack has prompted a flurry of internal and external responses. The party reported the incident to the Office of the Australian Information Commissioner (OAIC) and the Australian Signals Directorate. In the aftermath, the UAP stated it has taken steps to secure its systems and restore data from backup tapes.  Despite these efforts, the party is urging all individuals who may have interacted with it to assume their data may have been compromised and to act accordingly. The UAP advised concerned individuals to review past communications, monitor bank accounts for unusual activity, change passwords, enable multi-factor authentication, and remain alert for suspicious emails or phone calls.  Public Concern and Political Implications  While the party has issued an apology and emphasized it is taking measures to prevent future incidents, questions remain about the scale of the breach and the delay in individually notifying affected persons.  “Please remain alert, especially with email, text messages, or phone calls, particularly where the sender or call purports to be from the Political Parties,” the statement urged, highlighting the risk of phishing or identity theft that could follow the breach.   Conclusion   For those seeking support or with questions about the breach, the United Australia Party has provided a dedicated helpline at 07 3532 3851. This is an ongoing story, and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the attack or any additional updates from UAP.  

image for Devman Claims Cybera ...

 Firewall Daily

A threat actor named Devman has claimed responsibility for a cyberattack on Thailand Ministry of Labour, compromising over 300 gigabytes of sensitive data and severely disrupting government operations.  The Thailand Ministry of Labour cyberattack was not a hit-and-run incident. According to a post on Devman’s dark   show more ...

web blog, the hackers had access to the Ministry’s systems for over 43 days before executing their attack. They claim to have infiltrated both Active Directory and multiple Linux servers, methodically collecting data and preparing for their strike.  [caption id="attachment_103917" align="alignnone" width="1002"] Ministry of Labour Cyberattack Claims (Source: X)[/caption] The breach came to public attention when the Ministry's official website was defaced, with the homepage replaced by a message: “THIS IS NOT JUST THE WEBSITE. WHAT YOU WITNESS HERE IS PART OF OUR COORDINATED ATTACK, AIMED AT CRIPPLING THIS MINISTRY.”  [caption id="attachment_103925" align="aligncenter" width="719"] Source: X[/caption] However, at the time of writing this, the message was deleted.   In addition to the website defacement, the group alleges that they have encrypted approximately 2,000 laptops, over 98 Linux servers, and more than 50 Windows servers. Perhaps most disturbingly, Devman claims to have completely wiped the Active Directory environment and destroyed all tape backups, potentially crippling restoration efforts.  Details of the Thailand Ministry of Labour Cyberattack  According to Devman, the stolen data includes:  Over 600 classified government documents  Large portions of the citizen and foreign visitor datasets  Confidential government communications and personal details  A ransom of $15 million has been demanded in exchange for not publishing or selling the data.  Technical Analysis: How Was This Possible?  In response to the cyberattack on the Thailand Ministry of Labour, The Cyber Express conducted a preliminary investigation using PentestTools' Light Website Vulnerability Scanner. While this was a limited scan and did not check for critical issues such as SQL Injection or Remote Code Execution, several vulnerabilities were discovered. Medium-Risk Vulnerabilities Identified:  Insecure Cookie Settings: Missing Secure and HttpOnly flags on session cookies (PHPSESSID), which increases the risk of session hijacking.  Outdated jQuery UI Library: The site was using jQuery UI 1.11.4, known to have multiple CVEs, including XSS vulnerabilities and unsafe parameter use that could allow arbitrary code execution.  Weak Content Security Policy (CSP): The use of unsafe-inline, unsafe-eval, and open object-src policies could allow attackers to execute malicious JavaScript.  Exposed Email Addresses: Addresses like webmaster@mol.mail.go.th and servicemol@mol.mail.go.th were publicly available, increasing phishing risks.  Server Technology Fingerprinting: The scan identified the use of PHP, Apache, MySQL, WordPress, Bootstrap, and other technologies, giving attackers a blueprint for targeted exploits.  Misconfigured robots.txt: The file revealed potentially sensitive or admin paths that should not have been publicly accessible.  The combination of these vulnerabilities suggests that the cyberattack on Thailand may have involved a client-side XSS exploit, leveraged through outdated libraries and weak session security, allowing the attackers to escalate access and infiltrate deeper systems.  To Wrap Up As of now, no official response has been issued by the Ministry of Labour. The Cyber Express has reached out for comment, but the Ministry has not responded yet. If Devman’s claims are confirmed, this cyberattack on Thailand would rank among the most severe data breaches in Southeast Asia's recent history, not just in terms of data volume, but also due to the long-term systemic damage inflicted on a critical government institution.  Given the reported destruction of backup infrastructure and the scale of encrypted systems, recovery may be slow and complex. This story is developing. The Cyber Express will continue to monitor updates on the Thailand Ministry of Labour cyberattack, including any official responses, confirmations, or public statements from affected agencies. 

image for DOJ Presses $15M Ext ...

 Ransomware News

The United States Department of Justice has pushed charges against a suspected Ryuk ransomware operator extradited from Ukraine, last month, for carrying out a $15 million “ransomware extortion conspiracy.” The gang targeted thousands of victims worldwide, including an Oregon-based tech company. Karen   show more ...

Serobovich Vardanyan, a 33-year-old Armenian national, was extradited from Ukraine on June 18, to face federal charges in the U.S. for orchestrating high-impact Ryuk ransomware attacks between March 2019 and September 2020. The DOJ unsealed charges on July 16, stating that Vardanyan conspired to deploy Ryuk—a malware strain notorious for encrypting corporate networks and demanding ransoms in Bitcoin—from hundreds of compromised servers and workstations. As per Ukraine’s Office of the Prosecutor General, Ryuk ransomware gang members were responsible for more than 2,400 cyberattacks around the globe, which helped them extort an upward of $100 million. The 33-year-old likely acted as an initial access broker (IAB) and “was engaged in searching for vulnerabilities in the corporate networks of the victim companies,” the Ukrainian police authorities said, at the time of the extradition announcement. “The data obtained by the hacker was used by his accomplices to plan and carry out cyberattacks.” Court documents reveal that Vardanyan and co-conspirators—including an Armenian associate in France, Levon Georgiyovych Avetisyan and two Ukrainians, Oleg Lyulyava and Andrii Prykhodchenko—targeted a wide range of entities, spanning private businesses, municipalities, school districts, critical infrastructure operators, and hospitals. They employed Ryuk ransomware to paralyze systems, lock users out, and issue ransom demands in Bitcoin. Reports indicate that this operation amassed approximately 1,610 Bitcoins, valued at over $15 million at the time. Also read: How the NCA Cracked Billion-Dollar Money Laundering Rings Linked to Ransomware Gangs Vardanyan pleaded not guilty to charges of conspiracy, fraud in connection with computers, and extortion related to ransomware use. The DOJ has set his seven-day jury trial to begin on August 26. If convicted, he faces a maximum sentence of five years in federal prison, three years’ supervised release, and a fine of $250,000 for each count. As the FBI continues to lead the investigation and hunt for the gang's affiliates, Vardanyan’s co-defendant Avetisyan faces a similar extradition request in France, while Lyulyava and Prykhodchenko remain at large.

image for All Co-op Members Hi ...

 Business News

Co-op has confirmed that the personal details of all 6.5 million of its members were stolen in a cyberattack earlier this year. For the first time since the Co-op cyberattack, Co-op’s CEO Shirine Khoury-Haq told BBC Breakfast that she was deeply sorry for what happened and how it affected both customers and staff.   show more ...

She said she was devastated that member information had been taken, and equally concerned about the toll the breach took on employees who worked to contain the attack. The cyberattack on Co-op, which occurred in April, compromised names, addresses, and contact details of members. While no financial or transactional data was accessed, Khoury-Haq acknowledged that the breach had caused concern among members and staff alike. She noted that although payment data was not affected in Co-op cyberattack, the exposure of personal information was still significant. Emotional Toll on Staff and CEO During her interview, Khoury-Haq revealed the personal impact of the Co-op cyberattack, especially after witnessing the pressure and urgency faced by the company’s IT team. “Early on I met with our IT staff and they were in the midst of it. I will never forget the looks on their faces, trying to fight off these criminals,” she said. While the hackers were removed from Co-op's systems, their digital footprints remained, allowing the company to monitor all activities and report them to the authorities. “We know a lot of that information is out there anyway, but people will be worried and all members should be concerned.” The Co-op CEO emphasized that the membership structure of the organization, where members share in the company’s profits, made the attack especially personal. “It hurt my members, they took their data and it hurt our customers and that I do take personally,” she said. Arrests Made, Suspects Out on Bail The cyberattack on Co-op was one of several coordinated attacks also targeting Marks & Spencer (M&S) and Harrods earlier this year. On July 10, 2025, the UK’s National Crime Agency (NCA) announced the arrest of four individuals suspected of orchestrating these cyberattacks. The suspects include: A 17-year-old British male from the West Midlands A 19-year-old Latvian male, also from the West Midlands A 19-year-old British male from London A 20-year-old British female from Staffordshire All four were arrested at their home addresses on suspicion of blackmail, money laundering, offenses under the Computer Misuse Act, and participating in the activities of an organized crime group. They have since been released on bail as investigations continue. Police also seized various electronic devices from their homes as part of the evidence collection process. Ongoing Recovery and New Cybersecurity Initiatives Co-op has not yet disclosed the financial impact of the data breach but confirmed that it is still working to restore back-end systems affected by the incident. In response to the Co-op cyberattack, the retailer is launching a partnership with The Hacking Games, a cybersecurity recruitment organization that seeks to steer young talent toward ethical hacking careers. As part of this initiative, Co-op is planning a pilot program with the Co-op Academies Trust, which oversees 38 schools across England, aiming to build interest and skillsets in cybersecurity at an early age. Timeline and Scope of the Co-op Cyberattack The Co-op cyberattack was first acknowledged by the company on April 30, when the company reported a attack affecting its call center and back-office operations. However, within days, the full extent of the incident became clear. Co-op later confirmed that hackers had gained access to information related to both current and former members. Reports indicate that the company managed to prevent further damage by quickly disconnecting internet access from internal networks, thereby stopping the hackers from deploying ransomware that could have escalated the disruption. LVMH Hit by Multiple Cyberattacks The Co-op incident is part of a growing trend in cyberattacks against well-known brands. According to The Cyber Express, luxury retailer Louis Vuitton, under parent company LVMH, has also suffered repeated cyberattacks in recent months. The most recent LVMH cyberattack occurred on July 2, 2025, following earlier breaches at Christian Dior Couture and Louis Vuitton Korea. In each case, personal data such as names, contact details, and purchase histories were accessed. However, LVMH stated that no financial or payment data was compromised. “Louis Vuitton recently discovered an unauthorized party had accessed some of the data it holds for its clients. We immediately began taking steps to investigate and contain this incident, supported by leading cybersecurity experts,” a company spokesperson told The Cyber Express. The company has since notified the UK Information Commissioner’s Office and is contacting affected customers in compliance with data protection laws. Conclusion The back-to-back attacks on Co-op, M&S, Harrods, and LVMH underline the increasing frequency and impact of cyber threats across sectors. With sensitive data often targeted, even when financial information remains secure, businesses are being forced to reassess their security postures. Co-op’s decision to engage with cybersecurity education initiatives signals a forward-looking approach that goes beyond damage control. It reflects a shift towards preparing the next generation to work on the right side of digital defense.

image for Ex-Army Soldier Came ...

 Cyber News

A former US Army soldier posted in Texas has pleaded guilty to charges linked to a large scale cybercrime conspiracy that involved hacking into telecommunications companies’ networks, stealing sensitive data, and demanding ransom under threat of public exposure. Cameron John Wagenius, 21, self-confessed to his role   show more ...

in a plot to infiltrate at least 10 organizations between April 2023 and December 18, 2024. The court documents reveal that while still serving in the military, Wagenius was actively involved in cybercriminal operations using the online alias “kiberphant0m.” Ex-Army Soldier Hacking Case According to prosecutors, Cameron John Wagenius and his co-conspirators used hacking tools such as SSH Brute to obtain login credentials for protected systems. They reportedly communicated through encrypted Telegram group chats where they shared stolen credentials and planned how to gain unauthorized access to corporate networks. Once inside, the group stole sensitive information and launched extortion campaigns. The threats were made both in private messages to the affected companies and in public forums such as BreachForums and XSS.is, well-known platforms for cybercriminal activity. In these posts, the conspirators not only threatened to leak the stolen data but also offered it for sale, sometimes demanding thousands of dollars per transaction. $1 Million Extortion Attempt and SIM-Swapping Fraud The Justice Department reported that the group attempted to extort at least $1 million from the victim organizations. They also used the stolen data for further fraud schemes, including SIM-swapping, a technique that allows hackers to take control of victims’ phone numbers to bypass two-factor authentication and gain access to email, banking, and other sensitive accounts. Cameron John Wagenius pleaded guilty to conspiracy to commit wire fraud, extortion in relation to computer fraud, and aggravated identity theft. He is currently awaiting sentencing, which is scheduled for October 6. If convicted on all charges, Wagenius faces a maximum of 20 years in prison for conspiracy to commit wire fraud, up to 5 years for computer-related extortion, and a mandatory two-year sentence for aggravated identity theft, which would run consecutively to any other prison time. Cameron John Wagenius: Previous Guilty Plea in Phone Records Case Cameron John Wagenius had previously pleaded guilty in a separate case to two counts involving the unlawful transfer of confidential phone records. That case is also connected to the broader hacking conspiracy. Officials who announced the plea include Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division, Acting U.S. Attorney Teal Luthy Miller for the Western District of Washington, Assistant Director Brett Leatherman of the FBI’s Cyber Division, and Special Agent in Charge Kenneth DeChellis of the Department of Defense Office of Inspector General, Defense Criminal Investigative Service (DCIS), Cyber Field Office. The FBI and DCIS led the investigation. Additional support was provided by the U.S. Army’s Criminal Investigative Division, the U.S. Attorney’s Office for the Western District of Texas, and the National Security Cyber Section. Cyber threat intelligence firms Flashpoint and Unit 221B also contributed to the investigation. Conclusion When someone with trusted access, like a soldier, misuses their skills for cybercrime, it raises bigger questions about how we train, monitor, and hold insiders accountable. Cameron John Wagenius, while still an active-duty soldier, used his access and experience to support and lead coordinated cyberattacks. The court will now assess the sentencing based on the U.S. Sentencing Guidelines and other statutory considerations. As the legal process continues, officials have emphasized that efforts to track down other conspirators and disrupt criminal marketplaces where stolen data is traded will remain a top priority. Companies handling sensitive data must stay one step ahead with stronger security checks, regular monitoring, and better collaboration with law enforcement. Trust is important, but when it comes to data security, trust alone isn’t enough.

image for Belk Suffers Major D ...

 Firewall Daily

The popular U.S. department store chain Belk is under scrutiny following a cyberattack that may have compromised sensitive customer information. The Belk data breach has drawn attention, particularly after the hacking group DragonForce claimed responsibility for attack.  According to the law firm Schubert Jonckheer   show more ...

& Kolbe LLP, which is actively investigating the data breach, Belk identified unauthorized access to its network between May 7 and 11, 2025.   The data breach at Belk prompted an immediate internal response: the company disconnected affected systems, restricted access across its networks, reset passwords, and rebuilt compromised systems. These actions caused noticeable operational disruptions for several days.  Despite the data breach being detected in early May, Belk did not begin notifying potentially affected individuals until around June 5, 2025.  What Data Was Compromised in Belk Data Breach?  The scope of the data breach appears serious. Reports indicate that the following types of personal information may have been exposed:  Full names  Dates of birth  Residential addresses  Social Security numbers  Phone numbers  Email addresses  Details of customer orders, including purchased items  This combination of data puts affected individuals at high risk for identity theft, fraud, and other forms of privacy violations.  Adding to the tension further, the hacking collective DragonForce has claimed credit for the cyberattack on Belk. The group, previously responsible for an attack on UK retailer Marks & Spencer, listed Belk as one of its victims on its DarkForce dark web blog.  Legal and Consumer Action  In response to the Belk data breach, the legal firm Schubert Jonckheer & Kolbe LLP is evaluating the possibility of a class action lawsuit. The firm suggests that impacted individuals may be eligible for monetary compensation and injunctive relief, including mandatory changes to Belk’s cybersecurity practices. “If your personal information was impacted by this incident, you may be at risk of identity theft and other serious violations of your privacy,” the firm stated in a public notice. Consumers who received a breach notification or believe their data may have been affected are encouraged to seek legal guidance through ClassActionLawyers.com. Conclusion  The Cyber Express has reached out to Belk to learn more about this incident. However, at the time of writing this, no official statement or response had been received. This is an ongoing story, and The Cyber Express is closely monitoring the situation. We will update this post once we have more data on the Belk data breach or any additional information from the company.  The company's June 2025 breach notification to the New Hampshire Attorney General acknowledged “unauthorized access to certain corporate systems and data,” but stopped short of connecting the incident to the DragonForce claims. 

image for What is Wi-Fi sensin ...

 Tips

Wi-Fi can be used to track peoples (and pets) movements in the home — from the tiniest gestures, such as hand waves. This application of Wi-Fi is nothing new in theory, but only recently has it been put on a commercial footing. The technology is now being offered by home internet providers and equipment vendors. It   show more ...

may even be incorporated in the new Wi-Fi standard, so its important to understand the associated pros and cons. Lets see how the technology works, whether it poses any privacy risks, and how to disable it if necessary. How Wi-Fi sensing works Wi-Fi sensing came about as a side effect of the quest to speed up Wi-Fi. Modern routers have the ability to focus the signal on devices they exchange data with, making the connection faster and more reliable. Known as Wi-Fi beamforming, this technique involves the router measuring the radio signal with sufficient accuracy to determine not only its strength but also its propagation in space. Based on these parameters, the router beams the signal in the direction of the device, and uses channel state information (CSI) to continuously monitor and adjust the communication link. During the data exchange, if interference of some kind appears between the device and the router, say, a person or a dog passes by, the shape of the radio signal will change slightly. The router is sensitive enough to detect this, effectively making it a motion sensor. Then theres just the small matter of developing mathematical algorithms that can detect movement in the home based on changes in CSI, and implementing them in the router firmware. And to receive analytics and signals about motion events, the router communicates with a mobile app on the users smartphone, for which a proprietary cloud service is used. Smart doorbells or video baby monitors work in exactly the same way. Wi-Fi sensing requirements and limitations There are some important technical nuances that must be considered for Wi-Fi sensing to do its job: The router itself must have multiple antennas and be at least Wi-Fi 5 (802.11ac) compatible. In the home there must be stationary or rarely moved devices (usually one to three) connected to this router via Wi-Fi — for example, a printer, a smart speaker and/or a smart TV. Sometimes Wi-Fi extenders and mesh Wi-Fi devices can perform the role of a sensor. Motion detection will occur only in the oval zone between the router and the sensor, and post-setup testing is required. When motion is detected, its not possible to determine what moved or where exactly it took place between the router and the sensor. In this respect, the technology is not unlike the infrared motion sensors of conventional security systems. However, with advances in computing power and machine learning, this limitation may disappear — witness a new study in which researchers harnessed Wi-Fi for human pose estimation. Wi-Fi sensing can be used to detect motion in the oval zone between the router and a stationary device connected to the router via Wi-Fi The past, present and future of Wi-Fi sensing The first known commercial application of Wi-Fi sensing technology was the Aware feature in Linksys routers. Back in 2019, Linksys positioned Aware as a subscription-based feature. But in mid-2024, the service was discontinued, and now, according to the vendor itself, Linksys routers have no proprietary application and dont collect data. However, since 2025, the feature has been available to customers of Xfinity — Comcasts home internet brand. Its called Wi-Fi Motion. Deutsche Telekom has also announced such a feature, but not yet named it. In any case, Wi-Fi sensing will likely cease to be a rarity in the coming years: work has been underway since 2020 to standardize the feature under the technical name 802.11bf. Once motion recognition enters the 802.11 family of standards, almost all vendors will support it. The pros and cons of Wi-Fi sensing If the service is provided for free, some will jump at the chance of getting a home security system without having to buy additional hardware. At the very least, it will appeal to home owners who want to keep their property under surveillance for a short period of time — for example, when away on vacation. But bear in mind that Wi-Fi sensing is no replacement for a full-fledged security system, and you need an action plan in place should the alarm go off. Note also that the oval zone between your printer or smart TV and router is by no means the only area that thieves can penetrate, so you need to secure other parts of your home too. Another relatively harmless use of Wi-Fi sensing is monitoring routine activity in the home: whether the kids are back from school, whether grandma is okay, etc. Wi-Fi sensing also has potential in the home automation niche; for example, motion tracking can be used to turn the lights on and, after a set period of inactivity, off again. The potential harm from the technology lies in the fact that not only owners can track movements in their homes. Xfinity documentation already states that motion event data may be transferred to the police and other third parties in legal proceedings. And if the provider collects and stores data from motion sensors, its a short step to selling this data to advertisers. Another potential threat is router hacking. Hackers already break into home routers to spy on users or make money in various ways. Another monetization route for malicious actors is to analyze motion-in-the-home data and sell this information on to burglars. How to guard against Wi-Fi sensing abuse So far, the feature is available only on a few router models leased out by certain internet providers. And in Xfinity devices, its disabled by default. If youre one of those who decide that the benefits outweigh the risks, youll need to activate the feature yourself, set up and test it, and also make sure that the router is configured according to our smart-home protection tips. To recap them in brief: the Wi-Fi network and the router control panel must be protected by unique, strong passwords, and all computers and smartphones must have a full-fledged security solution installed that delivers smart-home security analysis (vulnerability search in the home Wi-Fi network, and notifications about attempts to connect new devices to it). But what if you dont want anything to do with Wi-Fi sensing? As the number of compatible devices increases and the risk of forced activation rises, your first line of defense against Wi-Fi sensing will be to buy your own router instead of leasing one from a provider. You can then set up the router yourself and disable unnecessary features; just be sure to choose a model that allows control without mobile apps and doesnt require connection to the vendors cloud service. After buying a router, remember to apply our home network setup tips. A more complex method is to connect all stationary devices to a computer network using an Ethernet cable. For printers, TVs and game consoles, this is not only safe, but also provides the fastest and most stable connection. What other hidden risks and opportunities does Wi-Fi technology harbor? Essential reading: Other peoples smartphones are spying on your router. How to stop it Fake Wi-Fi on board a flight Wi-Fi hacking using PMKID interception Disposing of a gadget? Remember to wipe this How to find a person and recognize their pose using Wi-Fi

 Feed

Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could permit an attacker to execute arbitrary code on the underlying operating system with elevated privileges. Tracked as CVE-2025-20337, the shortcoming carries a CVSS score of 10.0 and is similar to CVE-2025-20281, which was patched

 Feed

The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese state-sponsored threat actors. "Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well as financial investment

 Feed

An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group known as NoName057(16) that has been linked to a string of distributed denial-of-service (DDoS) attacks against Ukraine and its allies. The actions have led to the dismantling of a major part of the group's central server infrastructure and more than 100 systems across the world.

 Feed

The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures that are purely passive and reactive, and in most cases, ineffective against emerging threats and sophisticated threat actors. Prioritizing cybersecurity means implementing more proactive, adaptive, and actionable measures that can work together to effectively address the

 Feed

Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys. The vulnerability in question is CVE-2021-41773 (CVSS score: 7.5), a high-severity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution. "The attacker leverages

 Feed

Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025. "The MaaS [malware-as-a-service] operators used fake GitHub accounts to host payloads, tools, and Amadey plug-ins, likely as an attempt to bypass web filtering and for ease of use," Cisco Talos researchers Chris Neal and Craig Jackson

 AI

In episode 426 of the "Smashing Security" podcast, Graham reveals how you can hijack a train’s brakes from 150 miles away using kit cheaper than a second-hand PlayStation. Meanwhile, Carole investigates how Grok went berserk, which didn't stop the Department of Defense signing a contract with Elon’s AI   show more ...

chatbot. So who is responsible when your chatbot becomes a bigot? Plus: Email headaches, SPF rage, and a glowing review for... Taskmaster SuperMax Plus? All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

 Blog

Source: socprime.com – Author: Daryna Olyniychuk As the summer heat continues to climb, so does the surge of critical vulnerabilities in popular software products, intensifying the global cyber threat landscape. Hot on the heels of the disclosure of CVE-2025-25257, a critical flaw in Fortinet’s FortiWeb web   show more ...

application firewall, another high-impact vulnerability has emerged. Adversaries are […] La entrada CVE-2025-6558 Vulnerability: Google Chrome Zero-Day Under Active Exploitation – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as a conduit   show more ...

for next-stage payloads, including Cobalt Strike beacons and […] La entrada Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 backdoors

Source: thehackernews.com – Author: . A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP. The malicious activity, dating back to at least October 2024, has   show more ...

been attributed by the Google Threat Intelligence Group (GTIG) […] La entrada UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: thehackernews.com – Author: . Cybersecurity researchers have disclosed what they say is a “critical design flaw” in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025. “The flaw can result in high-impact attacks, enabling cross-domain lateral movement and   show more ...

persistent access to all managed service accounts and their resources across Active Directory indefinitely,” Semperis […] La entrada Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 agents

Source: thehackernews.com – Author: . The AI gold rush is on. But without identity-first security, every deployment becomes an open door. Most organizations secure native AI like a web app, but it behaves more like a junior employee with root access and no manager. From Hype to High Stakes Generative AI has   show more ...

moved beyond the […] La entrada AI Agents Act Like Employees With Root Access—Here’s How to Regain Control – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons Ukrainian hackers claim to have taken out the IT infrastructure at Russia’s Gaskar Integration plant, one of the largest suppliers of drones for its army, and also destroyed massive amounts of technical data related to drone production.  Or, as described   show more ...

by the hacking collective (per Google translate), they “deeply […] La entrada Ukrainian hackers claim to have destroyed major Russian drone maker’s entire network – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons International cops shut down more than 100 servers belonging to the pro-Russian NoName057(16) network this week as part of the Europol-led Operation Eastwood. The joint law enforcement effort involved 19 countries across Europe and North America, and resulted   show more ...

in two arrests of Russian nationals, one in France and one […] La entrada Operation Eastwood shutters 100+ servers used to DDoS websites supporting Ukraine – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Crims

Source: go.theregister.com – Author: Jessica Lyons Updated Unknown miscreants are exploiting fully patched, end-of-life SonicWall VPNs to deploy a previously unknown backdoor and rootkit, likely for data theft and extortion, according to Google’s Threat Intelligence Group. In research published on   show more ...

Wednesday, the Chocolate Factory’s intel analysts attribute the ongoing campaign to UNC6148 – UNC in […] La entrada Crims hijacking fully patched SonicWall VPNs to deploy stealthy backdoor and rootkit – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Co-op Group’s chief executive officer has confirmed that all 6.5 million of the organization’s members had their data stolen during its April cyberattack – Scattered Spider is believed to be behind the digital heist. Shirine Khoury-Haq   show more ...

confirmed the scale of the attack to the BBC Breakfast show on Wednesday, […] La entrada Retailer Co-op: Attackers snatched all 6.5M member records – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Exclusive Aviation insiders say Serbia’s national airline, Air Serbia, was forced to delay issuing payslips to staff as a result of a cyberattack it is battling. Internal memos, seen by The Register, dated July 10 told staff: “Given the current   show more ...

situation and the ongoing cyberattacks, for security reasons, we […] La entrada Turbulence at Air Serbia, the latest airline under cyber siege – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: sec.cloudapps.cisco.com – Author: . Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities Medium CVE-2025-20283 CVE-2025-20284 CVE-2025-20285 CWE-302 CWE-74 Download CSAF Email Summary Multiple vulnerabilities in Cisco Identity Services Engine (ISE)   show more ...

and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to issue commands on the underlying operating […] La entrada Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability High CVE-2025-20274 CWE-434 Download CSAF Email Summary A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to   show more ...

upload arbitrary files to an affected device. This vulnerability is due to improper validation of files […] La entrada Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: levelblue.com – Author: hello@alienvault.com. The internet isn’t always a safe place. Behind every click, every download, and every flashy pop-up ad, there might be something lurking that could bring down entire systems or steal sensitive information. That “something” goes by a name we’ve all   show more ...

heard: malware. But while the word gets used a lot, […] La entrada Different Types of Malware Explained – Source:levelblue.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido By Enrico Milanese A few years ago, a casino was breached via a smart fish tank thermometer. Related: NIST’s IoT security standard It’s a now-famous example of how a single overlooked IoT device can become an entry point for attackers — and a cautionary tale   show more ...

that still applies today. The […] La entrada GUEST ESSAY: Why IoT security must start at the module—a blueprint for scaling IoT security – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Livia Gyongyoși Today we’re digging into one of the most dreaded but potentially most powerful parts of running an MSP compliance. For many providers, compliance feels like a never-ending checklist, a client headache, or worse, a barrier to growth. But what if you could   show more ...

flip that script? What if regulation became […] La entrada How Smart MSPs Sell with Compliance, Not Just Tools – With Dustin Bolander – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.fortra.com – Author: Graham Cluley “Operation Elicius”, a joint international law enforcement operation involving Europol and police forces in Italy, France, and Romania, has successfully dismantled a Romanian ransomware gang that targeted network-attached storage (NAS) devices and   show more ...

arrested its suspected leader. The so-called “DiskStation Security” ransomware group has targeted and compromised NAS devices – […] La entrada Police dismantle DiskStation ransomware gang targeting NAS devices, arrest suspected ringleader – Source: www.fortra.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Mark Rasch A statute that requires identity verification to read news articles or shop for groceries would be problematic; one that does so for pornography is catastrophic. The post “Prove Your Age, Lose Your Privacy”: How Free Speech Coalition v. Paxton Turns Porn   show more ...

Sites into Surveillance Platforms appeared first on Security […] La entrada “Prove Your Age, Lose Your Privacy”: How Free Speech Coalition v. Paxton Turns Porn Sites into Surveillance Platforms – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: securityboulevard.com – Author: Bar-El Tayouri What if your AI-powered application leaked sensitive data, generated harmful content, or revealed internal instructions – and none of your security tools caught it? This isn’t hypothetical. It’s happening now and exposing critical gaps in how we   show more ...

secure modern AI systems. When AI systems like LLMs, agents, or AI-driven […] La entrada Red Teaming AI Systems: Why Traditional Security Testing Falls Short – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Alan Shimel Reuven “Rubi” Aronashvili, CEO of CYE, asks a blunt question: Why are breaches still rampant when security budgets have never been larger? Drawing on his journey from leading an Israeli red‑team unit to advising Fortune‑500 boards, Aronashvili argues   show more ...

that most companies are still flying blind. Visibility—knowing exactly which assets, […] La entrada Bridging the Visibility Gap: 2025 Global Cybersecurity Maturity Report – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 American Association of Railways (AAR)

Source: securityboulevard.com – Author: Richi Jennings BCH vs. SDR, AAR vs. CISA: Railroad industry first warned about this nasty vulnerability in 2005. The post ‘FRED’ Security FAIL — Ignored by US Rail for 20 YEARS appeared first on Security Boulevard. Original Post URL: https://securityboulevard.   show more ...

com/2025/07/train-fred-vuln-20-years-richixbw/?utm_source=rss&utm_medium=rss&utm_campaign=train-fred-vuln-20-years-richixbw Category & Tags: Analytics & Intelligence,Cyberlaw,Cybersecurity,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Incident […] La entrada ‘FRED’ Security FAIL — Ignored by US Rail for 20 YEARS – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chinese

Source: thehackernews.com – Author: . The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese state-sponsored threat actors. “Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors   show more ...

and integrated circuits, wider equipment and services supply chain entities within this sector, as well as […] La entrada Chinese Hackers Target Taiwan’s Semiconductor Sector with Cobalt Strike, Custom Backdoors – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cisco

Source: thehackernews.com – Author: . Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could permit an attacker to execute arbitrary code on the underlying operating system with elevated privileges.   show more ...

Tracked as CVE-2025-20337, the shortcoming carries a CVSS score of 10.0 and is […] La entrada Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Owais Sultan. When it comes to sharing sensitive documents online, security sits at the top of everyone’s checklist. Online faxing is generally considered one of the safest ways to send and receive important information, offering advanced encryption and secure transmission that   show more ...

outpaces many traditional methods. But let’s be honest, anyone who has ever […] La entrada How Secure Is Online Fax: Privacy and Data Protection Standards – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device (FRED), also known as an End-of-Train (EOT) device, is   show more ...

attached to the back […] La entrada Hacking Trains – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: davinciforensics.co.za – Author: cyberpro. Hawala is an informal way of sending money without actually moving any physical money.It’s based on trust between people and not on banks or government systems. Here’s how it works: Person A in Country 1 gives money to a local Hawala broker   show more ...

(“hawaladar”). That hawaladar contacts another hawaladar in Country […] La entrada What is Hawala Banking? – Source:davinciforensics.co.za se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-07
Aggregator history
Thursday, July 17
TUE
WED
THU
FRI
SAT
SUN
MON
JulyAugustSeptember