Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Tea App Data Breach: ...

 Cyber News

Hackers have breached the Tea app which led to the leak of tens of thousands of user selfies and government ID photos.  Tea app is a popular women-only platform that allows the posting of personal data about men that users are currently, formerly, or interested in dating. The Tea app data breach was confirmed by a   show more ...

Tea spokesperson. According to the company, the attackers accessed a database containing approximately 72,000 images, including 13,000 user verification selfies and photographs of government-issued IDs. The exposed data in Tea app data breach includes content that was submitted by users to confirm their identities during the signup process. How Tea App Works Tea has recently gained traction on social media platforms and became the most downloaded free app on the Apple App Store, operates as a virtual whisper network. It allows women to upload photos of men, search by name, and anonymously share reviews, labeling individuals as “red flags” or “green flags.” The app promises anonymity to its users and prohibits screenshots within the platform. To register to Tea app, users are required to submit a selfie to prove their gender, a step that the company claims is intended to promote safety and exclusivity. On its website, Tea states these selfies are deleted after a brief review, a claim now under scrutiny following the data breach. Tea App Data Breach: In Detail According to the Tea spokesperson, the data accessed was stored in a database from more than two years ago. The spokesperson noted that the data had originally been archived “in compliance with law enforcement requirements related to cyberbullying prevention.” Since Tea app data breach, company has engaged third-party cybersecurity firms and stated that it is working “around the clock” to secure its systems. “Protecting our users’ privacy and data is our highest priority,” the company said. “Tea is taking every necessary step to ensure the security of our platform and prevent further exposure.” The situation worsened on Monday when 404 Media revealed a second vulnerability. This flaw allowed unauthorized access to over 1.1 million direct messages exchanged by users on the app from early 2023 until last week. Some of these messages contained deeply personal information that could potentially identify users. Cybersecurity researcher Kasra Rahjerdi, who uncovered the vulnerability, said the exposed database could have allowed someone to send push notifications to users. He also confirmed that other individuals may have accessed the data before he reported it, although it remains unclear whether the information was downloaded. Tea has since taken the affected systems offline and announced plans to offer free identity protection services to impacted users. The company is also working to identify the individuals whose personal data may have been compromised. Role of Online Forums and Potential Misuse The Tea app data breach has been linked to activity on certain online communities. A thread on 4Chan, a platform known for its controversial content, emerged with users reportedly calling for a “hack and leak” campaign targeting Tea. By Friday morning, a 4Chan user had posted a link allegedly allowing others to download the stolen images. Multiple photos of what appear to be Tea users’ identification documents have since been circulated on 4Chan and X (formerly Twitter), though their authenticity has not been independently verified. Moreover, someone created a Google Map that allegedly shows coordinates of users impacted by the Tea app data breach. While names were not attached, the exposure of location data has raised further questions about the safety and privacy of users. Another report revealed that some of the leaked data had been used to trace individuals to U.S. Army bases, and that at least one cybercriminal forum claimed to be offering a 55 GB data dump containing selfies and IDs. It is believed a misconfigured Firebase storage bucket, a cloud-based service developed by Google, was a key entry point for hackers. Multiple researchers confirmed that the storage bucket had been publicly accessible prior to the breach being made public. [caption id="attachment_104211" align="aligncenter" width="390"] Source: X[/caption] Users Reactions The Tea app data breach has ignited a criticism and concern among users, especially as many had trusted the app’s privacy promises. The app explicitly stated during the signup process that verification images would be deleted post-review, a promise now in question. Many users took to Tea’s Instagram page to express their frustration, with some saying they were still on the waitlist despite recent claims of millions of new signups. [caption id="attachment_104209" align="aligncenter" width="376"] Source: X[/caption] The controversy also reflects broader tensions over the app’s purpose. While it was designed to give women a platform to protect themselves and share experiences, critics have accused Tea of enabling unverified allegations and potential cyberbullying. Some men expressed concerns about being misrepresented or falsely flagged on the platform. About the App and Its Founder Tea’s creator, Sean Cook, has said the app was inspired by his mother’s negative experiences with online dating, including being catfished and encountering individuals with criminal histories. In addition to functioning as a review network, Tea allows users to conduct background checks, search criminal histories, and perform reverse image searches to detect catfishing attempts. According to its website, Tea has a strong digital presence with more than 240,000 followers on Instagram and 190,000 on TikTok. It claims to reach millions of users each month and donates 10% of its profits to the National Domestic Violence Hotline, which confirmed that the app is indeed a donor. While Tea app data breach is still being investigated, the incident highlights the inherent risks of platforms that collect sensitive personal data. Despite promises of anonymity and safety, the exposure of identity documents and private messages has left many users feeling betrayed.

image for Cyble Uncovers RedHo ...

 Firewall Daily

Cybersecurity researchers at Cyble Research and Intelligence Labs (CRIL) have uncovered a new Android banking trojan called RedHook that is actively targeting Vietnamese mobile users. The malware is distributed via carefully crafted phishing sites impersonating trusted financial and government agencies. Once   show more ...

installed, RedHook delivers a dangerous combination of phishing, keylogging, and remote access capabilities, enabling full control over infected devices, yet it remains low‑profile with limited antivirus detection.  Decoding the RedHook Android Banking Trojan Campaign  CRIL first detected RedHook via a phishing website at sbvhn[.]com, which mimics the State Bank of Vietnam. The site lures users into downloading a trojanized APK (SBV.apk) from an exposed AWS S3 bucket (hxxps://nfe‑bucketapk.s3.ap‑southeast‑1.amazonaws[.]com/SBV.apk). The bucket, which has been public since November 2024, contained screenshots, phishing templates, and malware versions. It revealed that RedHook has been active since at least November 2024, with samples appearing in the wild by January 2025.  [caption id="" align="aligncenter" width="904"] Phishing site distributing a malicious APK file (Source: Cyble)[/caption] RedHook’s infrastructure includes domains such as mailisa[.]me, previously associated with a Vietnamese cosmetic scam. That shift indicates the threat actor has evolved from social engineering fraud to wielding an Android banking trojan embedded in phishing sites.  Infection Workflow and Capabilities  After installation, the malware prompts the user for overlay access and Android accessibility services. These elevated permissions enable RedHook to perform a range of intrusive actions: launching overlay phishing pages, capturing all keystrokes (keylogging), exfiltrating contacts and SMS, and installing or uninstalling apps. The malware abuses Android’s MediaProjection API to capture the screen and streams images via WebSocket to the attacker's control infrastructure.  RedHook maintains persistent WebSocket communication with its command‑and‑control (C2) server, using the subdomain skt9.iosgaxx423.xyz, while initial HTTP requests go to api9.iosgaxx423.xyz. The malware supports 34 distinct remote commands from the server, numbered actions that let operators collect device info, SMS, screenshots, send commands, trigger overlays, and more. Technical Deep Dive  Upon launch, the malware presents a spoofed login page imitating the State Bank of Vietnam. Once credentials are entered, the trojan sends them to /auth/V2/login. In response, the server issues a JWT access token and client ID. Using these tokens, RedHook reports device specifics to /member/info/addDevice, including device ID, brand, orientation, and screen lock type, allowing the attacker to register and track each compromised device. At the time of the analysis, the number of returned user IDs had increased to 570, indicating over 500 infections.  RedHook’s phishing workflow unfolds in stages:  Victims are prompted to photograph and upload their citizen ID. The resulting image is transmitted to /file/upload/.  Users then provide bank name, account number, name, address, birthdate, and other personal data via templates that interestingly appear in Indonesian, not Vietnamese.  Finally, the victim is asked to enter a 4‑digit password and 6‑digit two‑step verification code.  Every keystroke entered is logged, tagged with app package name and foreground activity, and sent to the C2 server.  The RAT (Remote Access Trojan) capability is enabled via WebSocket connection over skt9. During this session, captured screen frames (converted to JPEG) are streamed live. The exposed S3 bucket contained screenshots showing the WebSocket session and Chinese‑language interface elements, implying a possible Chinese‑speaking threat actor. Chinese‑language strings also appear in the malware logs.  [caption id="" align="aligncenter" width="560"] Exposed S3 bucket used by malware (Source: Cyble)[/caption] The AWS S3 bucket exposed RedHook’s phishing templates mimicking several well‑known Vietnamese targets, including Sacombank, Central Power Corporation, the traffic police (CSGT), and government portals. [caption id="" align="alignnone" width="904"] Exposed data on open S3 bucket (Source: Cyble)[/caption] Icons and branding closely mirrored those institutions to deceive victims into trusting the phishing sites.  Attribution and Indicators  Several artifacts strongly suggest a Chinese-speaking origin: Chinese text is present throughout screenshots captured from the C2 interface, and internal code and log strings also contain Chinese language. Additionally, the staging domain mailisa[.]me has links to previous Vietnamese fraud campaigns, including one case where a victim lost over 1 billion VND after being redirected to MaiLisa salon-branded phishing content.  [caption id="" align="alignnone" width="902"] Malware receiving mailisa.me domain from the server (Source: Cyble)[/caption] Screenshots from an exposed data bucket referenced “MaiLisa Beauty Salon” and showed payments of 5.5 million VND to “DTMG TRADING CO. LTD D MAILISA,” closely resembling the earlier scam. [caption id="" align="aligncenter" width="904"] Exposed S3 bucket images associated with the MaiLisa Beauty Salon theme (Source: Cyble)[/caption] Together, these elements indicate a group likely operating from a Chinese-language background, evolving from basic scams to deploying RedHook, a sophisticated Android banking trojan, through phishing sites.  Conclusion  RedHook represents a dangerous shift in Android malware, combining phishing, remote access, and surveillance to target users, especially in Vietnam, while evading detection through spoofed sites and sideloaded APKs. Its advanced features and low VirusTotal visibility make it highly stealthy.   To combat threats like RedHook, users should avoid installing apps from unknown sources, be cautious of suspicious permission requests, and use behavior-based mobile security. Institutions must proactively share threat intelligence to disrupt mobile attack infrastructure. 

image for Telecom Giant Orange ...

 Cyber News

French telecom giant Orange issued red alert as it responds to a cyberattack targeting its "information systems." Certain services and platforms, of both corporate and regular consumers, facing disruptions due to ongoing response. Orange first detected the cyberattack on Friday, July 25, when its security team   show more ...

saw intrusion on one of its information systems. The telecom provider dialled in its Orange Cyberdefense team who sprung in action "to isolate the potentially affected services and limit the impacts," Orange said in a press statement. "However, these isolation operations have resulted in the disruption of certain services and management platforms for some of our corporate customers and some consumer services, primarily in France," it added. The company ensured that it had already identified the issues and were working on solutions that under "heightened vigilance" will allow a gradual restoration of the important services by Wednesday morning, July 30. Also read: Orange Recovers from Cyberattack, Restoring Internet to Spanish Customers Orange telecom has a strong presence across Europe, Africa and the Middle East. In fact, in MEA, every three out of 10 people are Orange customers. It serves more than 291 million customers worldwide and the breach has definitely got them worried. But to calm the nerves Orange stated: "At this stage of the investigation, there is no evidence to suggest that any customer or Orange data has been extracted. We remain vigilant in this regard." The telecom giant did not respond any further requests that would ascertain the exact type of cyberattack. It said, "For obvious security reasons, Orange will not comment further. The Orange cyberattack is not an isolated incident. The French telecommunications industry has been a primary target for adversaries in the past two years, revealed a recently published report from the Computer Emergency Response Team of France that operates under the French cybersecurity agency, ANSSI. Espionage has been the main reason for these attacks and ANSSI stated it has already dealt with significant compromises of information system operators in this sector for this purpose. Pointing to the Salt Typhoon's attacks on the U.S. telecom sector, the French cybersecurity agency said, "The telecommunications sector as a whole is regularly and significantly targeted by groups of attackers believed to be linked to China, particularly in Asia. Also read: Salt Typhoon Cyberattack: FBI Investigates PRC-linked Breach of US Telecoms It also revealed that in one particular instance, the state-sponsored attackers compromised the core mobile network of an unnamed telecommunications provider in the country. "The main characteristics of the modus operandi observed during this compromise were a good knowledge of the communication protocols specific to the sector and a focus on equipment that is unconventional or rarely supervised by security solutions." In another instance, an operator's satellite communication infrastructure was deeply compromised for several years, enabling the attacker heightened privileges to conduct sabotage actions. Another telecommunications operator received ANSSI's assistance in removing a malicious actor present in its systems since at least December 2022. This attacker, known for targeting the sector again achieved high-level privileges, enabling lateral movement, espionage, and sabotage. Interception of specific communications was confirmed to be a key objective of this threat actor. ANSSI noted that in most cases the cyberattacks were detected years after initial compromise. It anticipates continued targeting of this infrastructure type and urged the telecommunications sector to heighten its vigilance.

image for Hassan Letter Grills ...

 Cyber News

U.S. Senator Maggie Hassan has raised concerns over the alleged use of SpaceX’s Starlink satellite internet service by transnational criminal networks operating scam compounds in Southeast Asia. In a formal Hassan letter addressed to SpaceX CEO Elon Musk on Monday, the Democratic senator from New Hampshire   show more ...

requested detailed information on what measures the company is taking to prevent its technology from being misused in large-scale online fraud operations. The request comes in response to growing evidence, including United Nations reports and investigative journalism, that Starlink has been used by scam networks in countries such as Myanmar, Thailand, Cambodia, and Laos. These criminal groups are accused of running scams that have caused billions of dollars in losses globally, including $3.5 billion in the U.S. alone in 2023. Satellite Internet Powering Online Fraud According to an October 2024 report by the United Nations Office on Drugs and Crime, Starlink’s satellite-based internet service has been adopted by organized criminal groups because of its portability, lack of dependence on local telecom networks, and its ability to provide reliable internet access even in remote or restricted areas. One Wired investigation highlighted the scope of the issue, identifying at least 412 Starlink devices operating across eight scam compounds in Myanmar, logging over 40,000 connections in just three months. A separate law enforcement operation in Thailand reportedly seized more than 130 Starlink units from similar sites. The compounds are known to house thousands of trafficked workers, many of whom are forced to carry out scams such as “pig butchering,” in which scammers manipulate victims through online relationships and ultimately defraud them of large sums of money. The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) and the U.S. Secret Service have both reported a sharp rise in complaints and losses tied to these scam networks. Since November 2022, the Secret Service has received more than 8,000 related complaints, often involving digital assets. Humanitarian and Financial Impact Beyond financial loss, the scams have had severe humanitarian consequences. The UN has estimated that over 220,000 individuals have been trafficked into forced labor for online scams across the region. Victims often face psychological distress, and in some cases, have taken their own lives due to the trauma caused by these experiences. “This fraud, often carried out by forced labor, can also cause profound psychological distress that drives victims of scams to suicide,” Senator Hassan wrote in her letter. Global losses tied to scams originating in Southeast Asia are estimated to exceed $43.8 billion annually, with Americans accounting for a significant portion of those losses. Questions for SpaceX in Hassan Letter Senator Hassan’s letter includes a series of pointed questions for SpaceX, asking for information covering the period from January 1, 2020, to the present. She seeks clarity on several critical issues, including: When and how SpaceX became aware of Starlink’s use in Southeast Asian scam operations. Company policies for investigating, restricting, or deactivating Starlink devices. Safeguards in place to prevent criminal groups from acquiring Starlink units. The number of reports SpaceX has received from government or international agencies regarding misuse of its technology. Whether SpaceX has used “geofencing” capabilities to block Starlink in specific locations, as the UN has stated is technically possible. What actions, if any, the company has taken in cooperation with law enforcement to combat this problem. Revenue generated from devices that were later linked to criminal activity. The senator has requested that SpaceX respond no later than August 18, 2025. While SpaceX has previously stated it investigates and deactivates Starlink devices in various contexts, Senator Hassan noted that the company has not publicly addressed the use of Starlink in Southeast Asian scam operations or disclosed any specific actions it has taken in response. A UN report suggested that Starlink’s failure to prevent its devices from being used in scam operations may constitute a violation of basic human rights principles for businesses. Conclusion Governments in Southeast Asia have taken steps to shut down the scam industry, including cutting electricity and internet access in regions known to host scam compounds. However, criminal networks have reportedly circumvented these efforts by using Starlink’s satellite connectivity, which operates independently of local infrastructure. With billions of dollars at stake and thousands of lives impacted, both directly and indirectly, the pressure is now on Elon Musk and SpaceX to explain what they knew, when they knew it, and what they are doing to address the misuse of their technology. As the August 18 deadline for SpaceX’s response approaches, stakeholders in both government and the tech industry will be watching closely.

image for FBI, CISA Warn About ...

 Cyber News

The FBI and CISA issued updated guidance today on the Scattered Spider threat group, including information on recent attack techniques such as encrypting VMware ESXi servers with DragonForce ransomware.  The advisory, issued in cooperation with security and law enforcement agencies from Canada, Australia and the UK,   show more ...

recommended a number of steps to protect against Scattered Spider cyberattacks, including three urgent actions:  Maintain isolated, offline backups of data that are tested regularly.  Implement phishing-resistant multifactor authentication (MFA).  Implement application controls to manage and control software execution.  Scattered Spider Attack Techniques Scattered Spider, which has been behind recent attack campaigns targeting the insurance, retail and other sectors, has been known for some aggressive attack techniques.  These have included posing as company IT or helpdesk staff using phone calls or SMS messages to steal credentials from employees, directing employees to run remote access tools that enable initial access, and convincing employees to share their one-time passwords (OTPs) for multi-factor authentication.  Most recently, Scattered Spider actors have posed as employees to convince IT or helpdesk staff “to provide sensitive information, reset the employee’s password, and transfer the employee’s MFA to a device they control on separate devices.”  Scattered Spider, which is also known as UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm-0875, and Muddled Libra, has also sent repeated MFA notification prompts to try to get employees to accept the prompt, an attack technique known as MFA fatigue.  The threat actors have also been able to convince cellular carriers to transfer control of a user’s phone number to a SIM card in their possession to gain control over the phone and MFA prompts.  The FBI has observed Scattered Spider threat actors using as many as a dozen legitimate remote access tunneling tools after gaining access to networks, the most recent being AnyDesk and Teleport.sh.  Once persistence has been established on a network, actions have included enumerating Active Directory (AD), performing discovery and exfiltration of code repositories, code-signing certificates, and source code. The threat actors have also activated Amazon Web Services (AWS) Systems Manager Inventory to discover targets for lateral movement and moving to both preexisting and threat actor-created Amazon Elastic Compute Cloud (EC2) instances.  More recent activities have included searching for an organization’s Snowflake access to exfiltrate large volumes of data quickly, “often running thousands of queries immediately,” and deploying DragonForce ransomware onto targeted networks to encrypt VMware ESXi servers.  Protecting Against Scattered Spider Attacks The advisory recommended extensive controls for protecting against Scattered Spider attacks, including:  Application controls for managing, monitoring and controlling execution of software, including allowlisting remote access programs and preventing installation and execution of portable versions of unauthorized remote access and other software.  Monitoring for remote access software loaded only in memory.  Restricting authorized remote access solutions so they can run only from within the network over approved access solutions, such as virtual private networks (VPNs) or virtual desktop interfaces (VDIs).  Blocking inbound and outbound connections on common remote access software ports and protocols at the network perimeter.  Implementing FIDO/WebAuthn authentication or Public Key Infrastructure (PKI)-based MFA.  Enforce account lockouts after a specified number of attempts.  The advisory also referenced May guidance from the UK’s National Cyber Security Centre after Scattered Spider-linked retail incidents, which included:  Monitoring for unauthorized account misuse, such as risky logins within Microsoft Entra ID Protection.  Monitoring Domain Admin, Enterprise Admin, Cloud Admin accounts to ensure that access is legitimate.  Reviewing helpdesk password reset processes, including how the helpdesk authenticates employee credentials before resetting passwords, “especially those with escalated privileges.”  Monitoring logins from atypical sources such as VPN services in residential ranges.   

image for Cyble Launches Essen ...

 Cyber News

MELBOURNE, Australia, July 29, 2025 /PRNewswire/ - Cyble, a global leader in cybersecurity solutions and a trusted Threat Intelligence Provider in Australia, has unveiled a dedicated cybersecurity support package designed to help Australian financial services organizations—including fintech and SMBs—implement the   show more ...

ACSC Essential 8 controls in a cost-effective and scalable manner. Endorsed by APRA, the ACSC Essential 8 outlines key cybersecurity strategies to reduce cyber risks. Yet, smaller financial firms often face cost and complexity barriers. Addressing this, Cyble offers a tailored solution that enhances cyber resilience—particularly in areas like Endpoint Security—while minimizing operational strain, making cybersecurity more accessible for fintechs and SMBs. "At Cyble, we have made a strategic commitment to the Australian market, recognizing its critical role in the Asia-Pacific region's financial landscape," said Beenu Arora, CEO and Co-Founder of Cyble. He further added, "Our continued investment in tailored cybersecurity solutions demonstrates our dedication to supporting fintechs, SMBs, and financial institutions across Australia as they navigate increasingly complex threats and regulatory requirements. Cyble Eight Cybersecurity Support Package The Cyble Essential 8 Support Package maps directly to each of the eight controls, offering: Real-time vulnerability scans for timely patching of applications (Cyble Offers: Vulnerability Intelligence) EASM scans to detect OS vulnerabilities and unpatched systems (Cyble Offers: Attack Surface Management) Identify compromised endpoints and leaked credentials with MFA guidance (Cyble Offers: Dark Web Monitoring) Monitor leaked credentials and pastes across GitHub, Discord, etc., to limit admin access (Cyble Offers: Data Leak) Weekly scans of applications to support robust application control (Cyble Offers: Webscan Apps) Detect leaked scripts or code in cloud buckets to restrict Office macros (Cyble Offers: EASM and Data Leak) Hardening Assessment Tools to ensure user application hardening (Cyble Offers: EASM and Cloud Security Posture Management) Monitor cloud buckets for exposed backups and misconfigurations (Cyble Offers: Data Leak) At Cyble, we are deeply committed to supporting Australia's financial services sector through tailored, locally informed cybersecurity solutions," said Dipesh Ranjan, SVP at Cyble. "Our Essential 8 Support Package reflects substantial investment in the Australian market, enabling fintechs and SMBs to access enterprise-grade security aligned with APRA's standards. We aim to empower organizations of all sizes to build cyber resilience cost-effectively, removing barriers imposed by traditional complexity and cost. Each component is powered by Cyble's advanced threat intelligence and digital risk monitoring capabilities, ensuring proactive identification and mitigation of cyber risks before they escalate. With this initiative, Cyble reaffirms its commitment to supporting Australia's financial sector in building a cyber-resilient future—one that doesn't compromise between security and affordability. About Cyble Cyble, a leading Threat Intelligence provider in Australia, delivers real-time threat intelligence, digital risk monitoring, and AI-powered cyber defense. With platforms like Cyble Vision, Hawk, TIP, and Titan, it helps organizations reduce risk, anticipate threats, and strengthen cyber resilience across a dynamic digital landscape. For more information, visit www.cyble.com

image for CISA Adds Cisco ISE ...

 Firewall Daily

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding three high-impact vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These include two unauthenticated remote code execution flaws in Cisco Identity Services Engine (ISE) and one cross-site request   show more ...

forgery (CSRF) vulnerability affecting PaperCut NG/MF software.   Critical Cisco ISE Flaws: CVE‑2025‑20281 and CVE‑2025‑20337  The first two vulnerabilities, CVE‑2025‑20281 and CVE‑2025‑20337, target Cisco ISE and ISE-PIC versions 3.3 and 3.4. These flaws are caused by improper input validation in the API, allowing attackers to send specially crafted requests that execute commands on the system without needing to authenticate. Both vulnerabilities received a CVSS score of 10.0, the highest possible, reflecting their potential to completely compromise affected systems.  Cisco's security advisory, first published on June 25, warned that CVE‑2025‑20281 could lead to unauthenticated command execution with root privileges. Shortly after, on July 16, the vendor added CVE‑2025‑20337 to the same advisory, noting growing signs of real-world exploitation attempts. Cisco confirmed these attacks in updates posted between July 21 and 24, urging all customers to upgrade immediately.  Cisco ISE plays a crucial role in identity and access management for many enterprise networks; an exploit could allow attackers to bypass security policies and gain deep control over IT infrastructure.  A Third Critical Cisco Bug: CVE‑2025‑20282  Although not listed in the KEV Catalog, Cisco also disclosed CVE‑2025‑20282, another unauthenticated RCE vulnerability. This flaw enables attackers to upload arbitrary files into protected directories in Cisco ISE version 3.4. Like the others, it carries a CVSS score of 10.0. While CISA hasn’t officially added it to the KEV list, Cisco’s inclusion of CVE‑2025‑20282 in the same advisory and evidence of exploitation suggests this vulnerability is equally urgent.  There are no workarounds for any of these Cisco flaws. Cisco advises upgrading to ISE / ISE-PIC version 3.3 Patch 7 or 3.4 Patch 2. Earlier hotfixes, such as Patch 4 or Patch 1, are insufficient.  PaperCut CSRF Flaw: CVE‑2023‑2533  The third vulnerability added to the KEV Catalog is CVE‑2023‑2533, a CSRF vulnerability in PaperCut NG/MF, which was originally disclosed in June 2023. Despite being over a year old, CISA’s decision to add it reflects ongoing exploitation in the wild. CVE‑2023‑2533 affects PaperCut versions 21.2.0 to 22.0.12 across all major operating systems. The flaw allows an attacker to trick a logged-in admin into clicking a malicious link, potentially altering system configurations or executing arbitrary commands. It has been assigned a CVSS score of 8.4. To address this issue, PaperCut Software released version 22.1.1, which includes multiple security hardening features, such as isolating script execution controls and restricting external executables. This version also mitigates two other vulnerabilities: CVE‑2023‑31046 (path traversal) and CVE‑2023‑39469 (a chained exploit scenario).  PaperCut emphasized that only the core application and site servers are impacted. Components such as Direct Print Monitors, Mobility Print, Hive, Pocket, and MFD Embedded software remain unaffected. Timeline of Disclosures and Exploitation  June 25, 2025: Cisco discloses CVE‑2025‑20281.  July 16, 2025: Cisco updates the advisory to include CVE‑2025‑20337.  July 21–24, 2025: Cisco confirms exploitation in the wild.  Late July 2025: CISA adds CVE‑2025‑20281, CVE‑2025‑20337, CVE‑2025‑20282, and CVE‑2023‑2533 to the Known Exploited Vulnerabilities (KEV) Catalog.  While some sources report a lack of confirmed public exploitation, Cisco and CISA’s classification into the KEV Catalog indicates credible evidence of targeted attacks or widespread scanning activity.  Risks to Enterprise Infrastructure  Cisco ISE is central to network access control and user authentication. A successful attack exploiting CVE‑2025‑20281 or CVE‑2025‑20337 could allow a bad actor to gain root access to core systems, potentially compromising entire corporate networks. These vulnerabilities require no credentials or user interaction, significantly increasing their danger. While the PaperCut CSRF issue may seem less severe, it remains a serious risk when the PaperCut admin portal is exposed on internal or external networks. CSRF vulnerabilities like CVE‑2023‑2533 can be used to silently alter configurations or even deploy malware in certain attack chains.  Conclusion  The addition of the recently added vulnerabilities, CVE‑2025‑20281, CVE‑2025‑20337, and CVE‑2023‑2533, highlights the importance of auditing infrastructure for affected versions of Cisco ISE / ISE-PIC and PaperCut NG/MF, applying the recommended security patches, and closely monitoring logs for any signs of compromise.   Network segmentation and system-level exploit mitigations should also be implemented to reduce exposure. These flaws, particularly the unauthenticated remote code execution risks in Cisco ISE and the actively exploited CSRF flaw in PaperCut, underline the urgent need for proactive defense strategies.   Delays in patching or relying on temporary fixes only widen the attack surface, at a time when adversaries are quick to exploit newly disclosed weaknesses in infrastructure software. 

image for Romania Warns of Fin ...

 Cyber News

Romania’s National Cyber Security Directorate (DNSC) has sounded the alarm on an active phishing campaign exploiting the identity of the country’s newly re-appointed Minister of Finance, Alexandru Nazare. Disguised as official communication from the Ministry, the financial scam falsely promises aid and "high   show more ...

returns" on investments, luring victims into handing over personal and banking data. The warning, issued today, comes at a time when the country's Finance Minister said, “We’ve inherited a vulnerable economy and an increasingly unstable budgetary foundation,” barely a week after being in office.  It's a factor that cybercriminals appear to be leveraging to make their scam more believable. Financial Scam Campaign Preying on Current Outlook The fraudulent campaign is circulating across social networks and in sponsored advertisements, presenting itself as an official government initiative. The lures are compelling, promising citizens "high returns between 75% and 150%" on investments – an alleged alternative to traditional bank deposits that preys on the desire for quick wealth. The campaign begins with online ads and social media posts featuring the likeness of the Finance Minister and government logos. Victims are redirected to fake websites styled to mimic official government platforms. These pages often advertise debt relief schemes or fast-track government loans, offering apparent legitimacy through the use of state emblems and formal-sounding messaging. Once users engage with the site, they are prompted to submit identity documents, banking credentials, and personal contact details—information that could be used for identity theft, financial fraud, or further cyberattacks. Authorities have confirmed that no such loan program exists. "We warn the public that this information is completely false. No public institution has launched such a platform, and the image of state officials is being misused to lend credibility to online fraud campaigns. This type of content aims to mislead users, generate a false sense of legitimacy, and redirect them to dangerous sites with the potential for phishing or compromising personal or financial data," the alert said. The ministry added that it also does not solicit personal information via advertisements or unofficial web portals. Exploiting a Vulnerable Moment This campaign is particularly potent given Romania’s current economic environment. A month ago, Finance Minister Alexandru Nazare publicly outlined the fragile state of the country’s finances, citing concerns about budget deficits, growing public debt, and high inflation. In his first public address after taking office for the second time since 2021, he wrote, “We’ve inherited a vulnerable economy and an increasingly unstable budgetary foundation. For years, we were told Romania was growing. But that growth was largely an illusion — pushed forward by consumption, not by real development.” “Budgets were constructed unrealistically, with exaggerated income estimates and undervalued spending. And because corrective measures were not taken in time, Romania has entered into a spiral of permanent deficits,” he added. His remarks have sparked widespread debate and concern among the Romanian public—many of whom are anxious about the potential for reduced subsidies, higher taxes, or economic slowdown. Cybercriminals have seized on this uncertainty, crafting phishing messages that mimic real talking points from the Finance Ministry—like references to debt restructuring, citizen aid programs, or economic support packages. These lures feel authentic and urgent, especially to citizens already worried about financial insecurity. Trust Crisis Meets Cyber Fraud Nazare’s early days in office have also involved efforts to regain investor confidence and stabilize government borrowing. While such reforms are critical for long-term stability, they also amplify a broader narrative of crisis management—one that threat actors are eager to exploit. “Scammers read the news. They know when public trust is strained and when people are financially vulnerable,” said a Bucharest-based expert. “By impersonating a high-profile figure during a national debate on austerity, attackers increase the likelihood of clicks, data submission, and ultimately, fraud.” DNSC's Recommendations to the Public The DNSC urged Romanian citizens to take the following actions to avoid falling victim to the latest fraud campaign: Do not trust financial offers circulated via ads or unofficial websites, even if they display government symbols or the name of a minister. Always check URLs carefully, ensuring that any government service is accessed via the official .gov.ro domain. Report suspicious links or messages to DNSC via their official website, dnsc.ro. Avoid downloading files or applications from unfamiliar sources, particularly those linked from financial "assistance" ads. Enable two-factor authentication on email and banking platforms to reduce risk if credentials are exposed. As Romania works to restore fiscal credibility and chart a course through economic headwinds, the parallel battle in cyberspace must not be ignored. Public trust is not only critical to financial markets—it is a pillar of national cybersecurity. Also read: 13 Arrested in Romania Over Phishing-Based UK Tax Fraud Scheme

image for What to do if you ge ...

 Privacy

Phishing emails typically end up in the spam folder, because todays security systems easily recognize most of them; however, these systems arent completely reliable, so some bona fide email messages land in the junk folder too. This article explains how to detect phishing emails, and what to do about them. Signs of   show more ...

phishing email There are several markers that are widely believed to indicate a message sent by scammers. Below are some examples. Catchy subject line. A phishing message will likely represent a fraction of all the mail landing in your inbox. This is why scammers usually try to make their subject lines stand out by using trigger words like urgent, prize, cash, giveaway, or similar, designed to prompt you to open the message as quickly as possible. Call to action. You can bet the message will encourage you to do at least one of the following: click a link, pay for something you dont really need, or check the details in an attachment. The attackers primary goal is to lure victims away from their email and into unsafe spaces where theyre tricked into spending money or surrendering access to their accounts. Expiring timer. The message might feature a timer that says, Follow this link. It expires in 24 hours. All these tricks are just nonsense. Scammers want to rush you so you start to panic and stop thinking carefully about your money. Mistakes in the email body. In the past year, theres been an increase in phishing emails sent in multiple languages at once, often with some odd mistakes. Suspicious sender address. If you live in, say, Brazil, and you get an email message from an Italian address, thats a red flag and a good reason to completely ignore its contents. An impersonal greeting like Dear %username% used to be a sure sign of a phishing email, but scammers have moved on from that. Targeted messages addressing the victim by name are becoming increasingly common. Ignore those too. What to do if you get a phishing email If youve managed to spot one using the signs described above, well done — youre awesome! You can go ahead and delete it without even opening. And if you want to do your good deed for the day, report the phishing attempt via Outlook or Gmail to make this world a tiny bit safer. We understand that spotting phishing in your email right away isnt easy — so heres a short list of donts to help with detection. Dont open attachments Scammers can hide malware inside various types of email attachments: images, HTML files, and even voice messages. Heres a recent example: you get an email with an attachment that appears to be a voice message with the SVG extension, but thats typically an image format… To listen to the recording, you have to open the attachment, and what do you know — you find yourself on a phishing site that masquerades as Google Voice! And no, you dont hear any audio. Instead, youre redirected to another website where youll be prompted to enter the login and password for your email account. If youre interested in learning more, heres a Securelist blog post on this. It seems that voice messages are sent more often through messengers than by email This and other stories just go to show you shouldnt open attachments. Any attachments. At all. Especially if you werent expecting the message in the first place. Dont open links This is a golden rule that will help keep your money and accounts safe. A healthy dose of caution is exactly what everyone needs when using the internet. Lets take a look at this phishing message. An exciting win-win, but only the scammers benefit Does this look odd? Its written in two languages: Russian and Dutch. It shows the return address of a language school in the Netherlands, yet it references the Russian online marketplace Ozon. The message body congratulates the recipient: You are one of our few lucky clients who get a chance to compete for uncredible prizes. Competing for prizes is easy: just click the link, which has been thoughtfully included twice. A week later, another message landed in the same inbox. Again, it came in two languages: Italian and Russian. This one came from a real Italian email address associated with the archive of Giovanni Korompays works. The artist passed away in 1988. No, this wasnt an offer to commemorate the painter. Most likely, hackers have breached the archives email account and are now sending phishing mail about soccer betting pretending to be from that source. All of that looks a rather fishy. Another email in two languages These messages have a lot in common. One thing we didnt mention is how phishing links are disguised. Scammers deliberately use the TinyURL link shortener to make links look as legitimate as possible. But the truth is, a link that starts with tinyurl.com could point to anything: from the Kaspersky Daily blog to something malicious. Dont believe whats written down Scammers come up with all sorts of tricks: pretending to be Nigerian princes, sending fake Telegram Premium subscriptions, or congratulating people on winning fake giveaways. Every week, I get email with text like this: Congratulations! You can claim your personal prize. Sometimes they even add the amount of the supposed winnings to make sure I open the message. And once, I did. The scammers were too lazy to shorten this link Inside, its all by the book: a flashy headline, congratulations, and calls to click the link. To make it seem even more convincing, the email is supposedly signed by a representative from the Prize Board of the Fund. What fund? What prize board? And how could I possibly have won something I never even entered into? That part is unclear. You may have noticed the unusual design of this message: it clearly stands out from the previous examples. To add credibility, the scammers used Google Forms, Googles official service for surveys and polls. The scheme is a simple one: they create a survey, set it up to send response copies to the email addresses of their future victims, and collect their answers. Read Beware of Google Forms bearing crypto gifts to find out what happens if you open a link like that. The bottom line Following these rules will protect you from many — but not all — of the tricks that attackers might come up with. Thats why we recommend trusting a reliable solution: Kaspersky Premium. Every year, our products undergo testing by the independent Austrian organization AV-Comparatives to evaluate their ability to detect phishing threats. We described the testing procedure in a post a year ago. In June 2025, Kaspersky Premium for Windows successfully met the certification criteria again and received the Approved certificate, a mark of quality in protecting users from phishing. Important clarification: at Kaspersky, we use a unified stack of security technologies, which is what the experts tested. This means the Kaspersky Premium for Windows award also applies to our other products for home users (Kaspersky Standard, Kaspersky Plus, and Kaspersky Premium) and for businesses (such as Kaspersky Endpoint Security for Business and Kaspersky Small Office Security). More about phishing: 6 antiphishing tips Spam 101: what is spam, and how to defeat it Turnkey phishing How cybercriminals disguise URLs How to spot youre on a hacked website

image for The Hidden Threat of ...

 Feed

With the right IGA tools, governance policies, and risk thresholds, enterprises can continuously detect and act on rogue access before attackers do.

 Government

The senator’s letter follows revelations in February that the U.K. government had asked Apple for what critics have called a backdoor to view all content Apple users have uploaded to the cloud even when it has been stored using end-to-end encryption.

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) bug that could

 Feed

Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent: Compromise an endpoint via software exploit, or social engineering a user to run malware on their device;  Find ways to move laterally inside the network and compromise privileged identities; Repeat as needed until you can execute your desired attack — usually

 Feed

Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that's targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data. The cross-platform threat has been codenamed SarangTrap by Zimperium zLabs. Users in South Korea appear to be the primary focus. "This extensive campaign involved

 Feed

React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype pollution to AI-generated code, bypassing the very frameworks designed to keep applications secure. Full 47-page guide with framework-specific defenses (PDF, free). JavaScript conquered the web, but with

 Feed

Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. "The vulnerability we discovered was remarkably simple to exploit -- by providing only a non-secret app_id value to undocumented registration and email verification endpoints, an attacker

 Feed

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line "[PyPI] Email verification" that are sent from the email address noreply@pypj[.]org (note that the domain is not "pypi[.]org"). "This is

 Feed

A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter's dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February 2025, is the latest entrant in the ransomware landscape to conduct big-game hunting and double extortion attacks. "Chaos RaaS actors initiated

 AI

In episode 61 of The AI Fix, a robot called DeREK goes bananas, OpenAI, Google DeepMind, and Anthropic warn we may lose the ability to see what AI is thinking, a dextrous robot changes its own batteries, the USA unveils its AI action plan, and a human beats AI to win the World Coding Championship. Also in this   show more ...

week's episode, Graham reveals why you should never ask a vibe coding app to "clean up" your project, and Mark explains why it was handbags at dawn at the International Mathematical Olympiad. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 Home + Mobile

Let’s be honest – nobody wants antivirus software that slows down their computer. You know the feeling: you install security software to protect yourself, but suddenly your laptop takes forever to start up, programs freeze, and you’re constantly waiting for things to load. Well, we have some great news.   show more ...

A recent independent study by PassMark Software just proved what we’ve been saying all along: Webroot Essentials gives you top-notch protection without the performance headaches. We actually came out on top PassMark tested nine popular antivirus programs (including big names like McAfee, Norton, and Microsoft Defender) to see which one performs best on Windows 11. Webroot Essentials scored the highest overall – but here’s what really matters to you as a user. The numbers that matter to your daily life Instead of boring you with technical jargon, let’s talk about what these test results mean for your everyday computer use: Getting set up Webroot installs 6.7 times faster than other antivirus programs Translation: You’ll be protected in under a minute, not sitting around waiting Using your computer Our software opens 3 times faster when you need to check something Your computer stays snappy and responsive, just like it should Your hard drive space Webroot takes up 33 times less space than the average competitor More room for your photos, music, and the stuff you actually care about Your computer’s memory We use 5 times less memory when just running in the background Even during scans, we use 3.5 times less memory than others Your other programs won’t slow down or crash Security scans Full system scans happen 6 times faster No more hour-long scans that make your computer unusable What this really means for you Think about your typical day with your computer. Maybe you’re checking email, browsing the web, working on documents, or video chatting with family. You want protection running quietly in the background – not something that makes you want to throw your laptop out the window. With Webroot Essentials, you get that peace of mind without any of the frustration. Your computer starts up fast, programs load quickly, and you’ve got plenty of storage space left for your files. Details of the study PassMark Software ran this independent test in June 2025, putting nine antivirus products through 15 different performance tests. Every product was tested exactly the same way on fresh Windows 11 computers with default settings – so it was a fair comparison across the board. Download the full report here. The bottom line Here’s the thing: you shouldn’t have to choose between staying safe online and having a computer that actually works well. Webroot Essentials proves you can have both. If you’re tired of antivirus software that feels like it’s working against you instead of for you, it might be time to make the switch. Your computer – and your patience – will thank you. Learn more about Webroot Essentials The post Why your computer will thank you for choosing Webroot Essentials appeared first on Webroot Blog.

 Critical

Source: www.infosecurity-magazine.com – Author: More than 10,000 WordPress sites have been left vulnerable to full site takeover due to three critical security flaws discovered in the HT Contact Form Widget for Elementor Page Builder & Gutenberg Blocks & Form Builder plugin. The vulnerabilities, which   show more ...

include Arbitrary File Upload, Arbitrary File Deletion and Arbitrary File Move, […] La entrada Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A sophisticated and highly targeted cyber-attack campaign has been identified by security researchers in Google’s Threat Intelligence Group (GTIG). A new report has revealed how the financially motivated threat group UNC3944, also known as Scattered Spider, has   show more ...

pivoted its operations to exploit VMware vSphere environments across the US retail, airline and […] La entrada New Scattered Spider Tactics Target VMware vSphere Environments – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Insurance provider Allianz Life has suffered a major data breach affecting the majority of its 1.4 million US customers, as well as financial professionals and select employees. Allianz Life, a subsidiary of German financial services giant Allianz, confirmed to   show more ...

Infosecurity that a threat actor obtained the personally identifiable data after gaining […] La entrada Third-Party Breach Impacts Majority of Allianz Life US Customers – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . In what’s the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal’s GitHub organization account and leveraged that access to publish 10 malicious packages to the npm registry. The packages contained code to   show more ...

exfiltrate GitHub authentication tokens and destroy victim systems, Socket said in […] La entrada Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Some risks don’t breach the perimeter—they arrive through signed software, clean resumes, or sanctioned vendors still hiding in plain sight. This week, the clearest threats weren’t the loudest—they were the most legitimate-looking. In an environment where identity,   show more ...

trust, and tooling are all interlinked, the strongest attack path is often the […] La entrada ⚡ Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Picture this: you’ve hardened every laptop in your fleet with real‑time telemetry, rapid isolation, and automated rollback. But the corporate mailbox—the front door for most attackers—is still guarded by what is effectively a 1990s-era filter. This isn’t a   show more ...

balanced approach. Email remains a primary vector for breaches, yet we often […] La entrada Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Tom Hollingsworth For decades, network security followed a simple model: the castle and moat design philosophy. We built strong perimeters with firewalls and relied on Network Access Control (NAC) to act as a guardian, checking credentials at the door. Once inside, users   show more ...

and devices were assumed to be trusted. Today, the […] La entrada Nile Gives Your Campus Network More Than Just a Password – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Aeroflot

Source: www.securityweek.com – Author: Associated Press A cyberattack on Russian state-owned flagship carrier Aeroflot caused a mass outage to the company’s computer systems on Monday, Russia’s prosecutor’s office said, forcing the airline to cancel more than 100 flights and delay others. Ukrainian hacker   show more ...

group Silent Crow and Belarusian hacker activist group the Belarus Cyber-Partisans, which […] La entrada Cyberattack On Russian Airline Aeroflot Causes the Cancellation of More Than 100 Flights – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BlackSuit

Source: www.securityweek.com – Author: Ionut Arghire The BlackSuit ransomware group’s Tor-based leak site has been seized by law enforcement as part of an international operation. Active since 2023 and operating as a private group, BlackSuit was a rebrand of the Royal ransomware, as cybersecurity firms and US   show more ...

government agencies announced last year. Now displaying a […] La entrada BlackSuit Ransomware Group Transitioning to ‘Chaos’ Amid Leak Site Seizure – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.bitdefender.com – Author: Graham Cluley European defence giant Naval Group has confirmed that it is investigating an alleged cyber attack which has seen what purports to be sensitive internal data published on the internet by hackers. Naval Group builds and maintains an array of ships and submarines   show more ...

for the French navy, including aircraft carriers […] La entrada French submarine secrets surface after cyber attack – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: grahamcluley.com – Author: Graham Cluley Skip to content US insurance firm Allianz Life has told the media that hackers stole personal info of the “majority” of its customers and staff earlier this month. The company says that a hacker gained access to an unnamed third-party cloud-based CRM used by   show more ...

Allianz Life, using a social […] La entrada Allianz Life hit by hackers, customer and staff personal data stolen – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: grahamcluley.com – Author: Graham Cluley This is painfully ironic. As BBC News reports, a woman’s dating app designed to enhance safety and vet potential dating partners has itself suffered a serious security breach. The Tea Dating Advice app, used by women to do background checks on men, identify   show more ...

catfishers and scammers, and share “red […] La entrada Tea Dating Advice app spills sensitive data – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: securityaffairs.com – Author: Pierluigi Paganini Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data Microsoft found a macOS flaw letting attackers access private data from protected areas like Downloads and Apple Intelligence caches. Microsoft Threat Intelligence   show more ...

researchers discovered a macOS vulnerability that could allow attackers to steal private data of files […] La entrada Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini U.S. U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF   show more ...

flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: […] La entrada U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched. A critical vulnerability, tracked as CVE-2025-24000 (CVSS of 8.8) in the Post SMTP WordPress plugin, used by 400k sites, allows   show more ...

full site takeover. The plugin Post SMTP is an email […] La entrada Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Scattered Spider targets VMware ESXi in North America using social engineering, mainly fake IT help desk calls instead of software exploits. The cybercrime group Scattered Spider (aka 0ktapus, Muddled Libra, Octo Tempest, and UNC3944) is targeting VMware   show more ...

ESXi hypervisors in retail, airline, and transportation sectors across North America. According […] La entrada Scattered Spider targets VMware ESXi in using social engineering – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

FY25 SWE Senate Subteam on Barriers to Women in Academia provides recommendations to address key barriers. Source Views: 0 La entrada Breaking Barriers: Advancing Women in Academia se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.   show more ...

The vulnerability, tracked as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) bug […] La entrada CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Waqas. The GLOBAL GROUP ransomware gang is claiming responsibility for a breach of Albavisión (albavision.tv), a major Spanish-language media conglomerate based in Miami, Florida. The group also claims to have stolen 400 GB of data. GLOBAL GROUP is a newly emerged   show more ...

Ransomware-as-a-Service (RaaS) operation that has been active since early June […] La entrada GLOBAL GROUP Ransomware Claims Breach of Media Giant Albavisión – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: levelblue.com – Author: hello@alienvault.com. How many times have you heard the phrase “don’t trust strangers”? The key point today is that many strangers disguise themselves as someone familiar, and that misplaced trust is what leads us to be deceived. Cybercriminals widely use this tactic, and   show more ...

it has a very specific name. Have you ever […] La entrada What Is Social Engineering in Cybersecurity? – Source:levelblue.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-07
Aggregator history
Tuesday, July 29
TUE
WED
THU
FRI
SAT
SUN
MON
JulyAugustSeptember