Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for From Automation to A ...

 Firewall Daily

Vaibhav Dutta, Associate Vice President and Global Head-Cybersecurity Products & Services at Tata Communications The sophistication and continuous threat of cyberattacks have outpaced manual response times, and enterprises are confronting a pivotal truth: the era of reactionary cybersecurity is over. Traditional   show more ...

Security Operations Centres (SOCs) are no longer enough, while businesses are now requiring a new breed of cybersecurity capability - one that is predictive, adaptive, and fast, powered by automation and intelligent augmentation. Autonomous SOCs are no longer a futuristic concept - they are emerging as a necessity. With cybercrime has costed the global economy $9.5 trillion (projected figure) in 2024 and attackers increasingly using generative AI to scale and sharpen threats, organisations cannot afford even a second of lag in their security posture. The next-gen SOC integrates AI, automation, and real-time threat intelligence to monitor, detect, and respond with speed. The goal for enterprises today is to detect threats faster, contain them earlier, and reduce the blast radius of a breach. This shift isn’t just about automating known responses. It’s about building intelligent workflows that combine the scale and speed of machines with the reasoning and strategic thinking of experienced analysts. The security challenge is too vast for either side to win alone. It’s the combination that matters. The Problem with Legacy SOCs Most traditional SOCs are built for a world that no longer exists. These command centres rely heavily on manual processes, siloed threat monitoring, and static playbooks. As enterprise environments become more fragmented - with data flowing between multi-cloud deployments, edge devices, and mobile workforces, the sheer volume of telemetry becomes unmanageable without intelligent augmentation. On average, security teams use over 40 different cybersecurity tools. Correlating these fragmented signals and making decisions in real-time has become a near-impossible task. This operational sprawl does not just slow down response - it creates gaps. The result? Longer Mean Time to Detect (MTTD), longer Mean Time to Respond (MTTR), and lower overall resilience. Why Augmented SOCs Change the Game AI-augmented SOCs use SOAR (Security Orchestration, Automation, and Response) for predefined rules-based actions, but they’re now evolving to incorporate agentic AI - AI systems that are autonomous, adaptive, and context-aware. Where traditional SOAR tools follow static playbooks and execute rule-based tasks-such as blocking IPs or enriching alerts-agentic AI can go several steps further. It not only analyses threat signals but also understands the broader context, proposes next steps, and explains its reasoning. While SOAR is effective at automating repetitive actions, agentic AI brings flexibility and judgment into the equation. These systems behave more like intelligent assistants: they adapt to evolving threats, handle unstructured situations, and simulate human-like decision-making. As a result, SOCs are no longer limited to automation alone, but can start to operate with goal-driven intelligence that is dynamic, explainable, and far more effective at managing advanced threats. By fusing SOAR with Agentic AI, augmented SOCs reduce detection and response windows dramatically. Playbooks aren’t just triggered - they evolve. Systems can halt lateral movement, isolate infected endpoints, and even initiate recovery workflows based on contextual judgment, not just static rules. The Real-World Impact Before diving into the operational benefits, it's important to frame the stakes. Cybercrime is projected to cost the global economy $10.5 trillion in 2025, making it the third-largest economy if measured by GDP. In such a high-stakes environment, enterprises cannot afford delays, false positives, or fragmented defence. In practice, this evolution translates into three immediate benefits: Speed: Integrated automation shifts detection from minutes to seconds. AI can pre-analyse events before humans even see them. Accuracy: Contextual intelligence reduces false positives and prioritises what really matters. Continuity: AI ensures around-the-clock vigilance - even when human analysts are focused elsewhere. From Analysts to Architects This isn’t a story of replacement - it’s a story of elevation. Security teams evolve from reactive responders to architects of intelligent defence systems. They design detection logic, refine AI playbooks, and continuously train their systems using new threat intelligence. AI doesn’t steal jobs - it changes them. And for forward-thinking enterprises, that’s an opportunity. Conclusion As the cyber threat landscape intensifies, success will come not from full autonomy but from thoughtful augmentation. Enterprises shouldn’t aim for an autonomous SOC, but for an intelligent one. The future belongs to AI-augmented operations where machines act faster and humans think deeper. For organisations navigating increasingly complex digital ecosystems, the focus must shift from automation for the sake of scale to augmentation for the sake of resilience. AI-augmented SOCs represent that balance - and that future.

image for U.S. Data Breach Cos ...

 Cyber News

Data breaches in the U.S. are getting more costly even as they’re getting cheaper in the rest of the world.  That was one of the conclusions in the new IBM-Ponemon Institute 2025 Cost of a Data Breach report, which also found that AI is playing a significant role in cybersecurity, both as an attack vector and as a   show more ...

defensive measure.  While AI is becoming a significant attack target, AI-powered cybersecurity defenses have significantly cut data breach costs, the report found.  Global Average Data Breach Cost Falls but AI Becomes a Target While the global average cost of a data breach fell 9% from the 2024 report to $4.44 million – the first decline in five years – the U.S. saw a 9% increase to $10.22 million, an all-time high for any global region. The U.S. increase was largely due to higher regulatory penalties and rising detection costs, the report said.  The global decline was fueled by faster breach containment driven by AI-powered defenses, the report said. At the same time, 16% of breaches involved some use of AI by attackers, often in phishing and deepfake attacks.  AI itself is becoming a significant vulnerability, IBM and Ponemon found. "What we’ve found is concerning: organizations are skipping over security and governance for AI in favor of do-it-now AI adoption,” the report said. “Those ungoverned systems are more likely to be breached—and more costly when they are.”  As a result, 97% of AI-related security breaches involved AI systems that lacked proper access controls. Most breached organizations also have no governance policies in place to manage AI or prevent shadow AI, the report said.  In all, 13% of organizations reported breaches that involved their AI models or applications. The most common security incidents occurred in the AI supply chain, through compromised apps, APIs or plug-ins. The incidents led to a broader data compromise in 60% of cases, and operational disruption in 31% of incidents.  “The findings suggest AI is emerging as a high-value target,” the report said.  Another 20% said they suffered a breach due to security incidents involving shadow AI. Organizations with high levels of shadow AI faced data breach costs that were $670,000 higher than those that had low levels of shadow AI or none. Those incidents also resulted in high rates of personal identifiable information (65%) and intellectual property (40%) data being compromised.  “And that data was most often stored across multiple environments, revealing just one unmonitored AI system can lead to widespread exposure,” the report said. “The swift rise of shadow AI has displaced security skills shortages as one of the top three costly breach factors tracked by this report.”  Even among organizations that have AI governance polices, only a third perform regular audits for unsanctioned AI. “It shows AI remains largely unchecked as adoption outpaces both security and governance,” IBM and Ponemon said.  AI Security Defenses Cut Data Breach Costs One bright spot in the report is that security teams using AI and automation shortened their breach times by 80 days and lowered their average breach costs by $1.9 million over organizations that don’t use those solutions.  “Nearly a third of organizations said they used these tools extensively across the security lifecycle—in prevention, detection, investigation and response,” the report said. “However, that figure is up only slightly from the previous year, suggesting AI adoption may have stalled. It also shows the majority are still not using AI and automation and, therefore, aren’t seeing the cost benefits.”  Time to identify and contain a breach fell to 241 days, a nine-year low and continuing a downtrend that began after a 287-day peak in 2021.  Malicious insider attacks were the most costly breaches, at $4.92 million, followed by third-party vendor and supply chain attacks at $4.91 million. Other expensive attack vectors included vulnerability exploitation and phishing, which was the most frequent type of attack vector, followed by supply chain compromises (image below). [caption id="attachment_104325" align="aligncenter" width="892"] Initial attack vectors (IBM-Ponemon)[/caption]   Healthcare breaches were the most costly, followed by those affecting financial organizations (chart below). [caption id="attachment_104327" align="aligncenter" width="432"] Cost of a data breach by industry (IBM-Ponemon)[/caption] More ransomware victims refused to pay a ransom – 63%, up from 59% in the 2024 report – and law enforcement involvement declined significantly, from 52% to 40% of incidents. The average cost of an extortion or ransomware incident remained high at $5.08 million.  Breaches identified by internal security teams cost less than those first disclosed by third parties or attackers ($4.18 million vs. $5.08 million for attacker-disclosed breaches), as security teams are able to respond faster when they detect attacks first.  The report examined 600 organizations impacted by data breaches between March 2024 and February 2025. Ponemon researchers interviewed 3,470 security and C-suite business leaders with firsthand knowledge of the data breach incidents.   

image for India’s Financial ...

 Firewall Daily

The financial capital of India, Mumbai, has suffered staggering financial losses amounting to Rs 1,127 crore (approximately $135 million) between January 2024 and March 2025. According to data released by the Mumbai Police, many of these losses, nearly 85%, were due to cyber frauds and scams.  The latest figures   show more ...

expose a deepening crisis. Of the total loss, Rs 964 crore ($115 million) was swindled through elaborate scams involving fraudulent stock market schemes, fake cryptocurrency investments, and misleading digital platforms.   There is also a  sharp increase in digital arrest scams, a particularly insidious form of cyber fraud. In one widely publicized case, an elderly woman from South Mumbai was duped into believing she was under investigation for money laundering. Fraudsters posing as law enforcement officers allegedly held her in isolation within her own home for nearly two months, coercing her into transferring Rs 20 crore ($2.4 million) to overseas accounts.  In another case, a commercial pilot was conned out of Rs 3 crore ($360,000) through a bogus trading app that promised hefty returns. Underreporting of Cyber Frauds and Legal Barriers  Cybercrime legal experts warn that the actual extent of the damage may be underreported. “Victims often choose silence due to the fear of social stigma or mental trauma,” one expert noted. Adding to the problem is the fact that many of these complaints are not even registered as First Information Reports (FIRs), making it harder for law enforcement agencies to pursue justice or recover funds, as reported by The Times Of India. The first quarter of 2025 alone saw digital arrest scams rob Mumbai residents of Rs 73 crore ($8.75 million). During the same period, cyber fraud involving fake investment opportunities cost victims another Rs 118 crore ($14.13 million). Credit card fraud (Rs 34 crore) and sextortion scams (Rs 47 crore) also form a part of the cyber fraud landscape. Banks, Crypto, and Cross-Border Challenges  Another growing concern is the use of mule accounts, bank accounts used by cybercriminals to launder money. Despite widespread cybersecurity campaigns and awareness programs, experts point to a glaring lack of accountability among financial institutions. “Banks continue to enable cyber fraud by failing to monitor suspicious transactions effectively,” said one cybercrime investigator. “The Reserve Bank of India must enforce stricter regulations, including penalties for non-compliance.”  The global reach of these cybercrimes adds another layer of complexity. Frequently, the stolen funds are converted into cryptocurrency and moved offshore, putting them beyond the reach of Indian law enforcement. This international element makes tracking and prosecuting perpetrators especially challenging.  Conclusion  Despite the rise in cyber fraud, experts are proposing proactive solutions to address both the financial and emotional toll on victims. Initiatives like a proposed Digital India Insurance scheme could offer critical financial protection, while the establishment of cyber trauma centers aims to support those facing psychological distress.   At the same time, authorities continue to stress the need for personal vigilance, warning the public to be cautious of too-good-to-be-true investment offers and to report suspicious activity immediately via the national cybercrime helpline 1930.  

image for CodeIgniter4 Flaw CV ...

 Firewall Daily

A major security flaw has been detected in the popular PHP framework CodeIgniter4. The tag of a critical vulnerability, CVE-2025-54418, was officially disclosed on July 26, 2025, targeting users with file upload attacks that could compromise millions of web applications worldwide.  The vulnerability affects   show more ...

CodeIgniter4, specifically versions prior to 4.6.2, and has received a maximum severity rating based on the CVSS v3.1 scoring system: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high risk in terms of confidentiality, integrity, and availability. This means attackers require no privileges or user interaction to exploit the flaw, making it especially dangerous.  What Is CVE-2025-54418?  According to the official GitHub advisory, CVE-2025-54418 is a command injection vulnerability in CodeIgniter4’s ImageMagick handler, part of its image processing component. Applications that rely on ImageMagick for image manipulation, particularly through the resize() and text() methods, are at risk, especially if they accept user-controlled input such as filenames or text content.  Quoting the advisory, "CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability," and further explains that an attacker can upload files with malicious filenames containing shell metacharacters, which may be executed when the image is processed. Alternatively, malicious text content supplied by users to the text() method can trigger the same result.  Who Is Affected?  Any application built with CodeIgniter4 that uses:  ImageMagick (imagick) as the image library, and  Accepts user-uploaded files with controllable filenames, or  Processes user-supplied text via the text() method  These conditions create an opening for an attacker to run arbitrary commands on the host system, potentially leading to a full system compromise.  The Fix and Workarounds  To address this CodeIgniter vulnerability, the framework's maintainers have released a patch in version 4.6.2. All developers are strongly encouraged to upgrade immediately to this version or later.  For those unable to upgrade, several workarounds have been suggested:  Switch to the GD image handler (the default handler), which is not affected by this issue.  Avoid using user-provided filenames. Instead, use secure alternatives like getRandomName() or store(), which generate safe filenames automatically.  If user-controlled text input is essential, sanitize it rigorously using regular expressions like: preg_replace('/[^a-zA-Z0-9s.,!?-]/', '', $text) Additionally, all text options should be validated to ensure safety.  Conclusion  The recently disclosed CodeIgniter vulnerability, CVE-2025-54418, was reported by GitHub user @vicevirus, with a fix implemented under the guidance of CodeIgniter4 maintainer @paulbalandan. Cataloged in the GitHub advisory database as GHSA-9952-gv64-x94c, this critical flaw highlights the ongoing cybersecurity risks posed by file upload attacks in modern web development.   Despite CodeIgniter's historically strong security record, this incident again puts us back in the same position where even the most well-maintained frameworks like CodeIgniter4 are not immune to serious threats, particularly when user input and powerful tools like ImageMagick are involved.   Developers are urged to act promptly by upgrading to version 4.6.2 or applying the recommended mitigations, ensuring proper input validation and avoiding unsafe defaults. Proactive steps now are essential to protect systems from exploitation and maintain the integrity of applications built with CodeIgniter4. 

image for Minnesota National G ...

 Cyber News

The state of Minnesota has activated the National Guard to assist the city of St. Paul after a massive cyberattack disrupted internal systems and city services. Officials described the city of St Paul cyberattack as a “deliberate, coordinated, digital attack” by hackers, prompting an emergency declaration and a   show more ...

full-scale response involving local, state, and federal agencies. Governor Tim Walz announced that he had signed an executive order authorizing the deployment of the Minnesota National Guard’s cyber protection teams. “The magnitude and complexity of the cybersecurity incident have exceeded the city’s response capacity,” the governor said. “The Minnesota National Guard’s cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts. Above all, we are committed to protecting the safety and security of the people of Saint Paul.” State of Emergency Declared St. Paul Mayor Melvin Carter declared a state of emergency to streamline the city’s response and secure additional resources. The order authorizes the city’s Department of Emergency Management and the Office of Technology and Communications (OTC) to coordinate efforts with partner agencies. “Protecting the integrity of our city’s digital infrastructure is critical to the safety and wellbeing of our residents and citywide operations,” Mayor Carter said. “While this security incident disrupted some of our internal systems, our top priority remains ensuring our emergency response continues without interruption.” City officials said that in the early hours of July 25, cybersecurity monitoring systems detected suspicious activity on the city’s network. A rapid investigation confirmed that malicious actors were targeting St. Paul’s information systems. In an effort to contain the threat, officials proactively restricted access to affected networks and then initiated a full shutdown of internal systems. Systems Shut Down to Contain City of St Paul Cyberattack The shutdown due to city of St Paul cyberattack led to citywide service outages, including the loss of Wi-Fi in government buildings, disruptions to the library collection management system, and the temporary suspension of several internal applications. However, Mayor Carter emphasized that essential services, including public safety and emergency response, remain fully operational. “This was not a system glitch or technical error,” Carter said during a press briefing. “This was a deliberate, coordinated digital attack, carried out by a sophisticated external actor—intentionally and criminally targeting our city’s information infrastructure.” The Saint Paul city has activated its Emergency Operations Center to lead the response. According to OTC Director Jaime Wascalus, the city is working around the clock with the Minnesota Information Technology Services team, national cybersecurity partners, and federal law enforcement agencies, including the FBI, to investigate the incident. “We are the victim of a serious crime,” Wascalus said. “In response, we have mobilized every available local, state, and federal partner to support our investigation and response efforts. We continue to assess this situation in real time.” National Cybersecurity Support Mobilized As part of the emergency response to city of St Paul cyberattack, the city has retained two national cybersecurity firms with extensive expertise in dealing with large-scale data breaches. These experts will support the restoration of systems, the strengthening of network defenses, and the investigation into the origin of the city of St. Paul cyberattack. Mayor Carter confirmed that he had spoken directly with Governor Walz and formally requested the Minnesota National Guard’s support. “Their cybersecurity experts are now actively assisting us in securing, restoring, and rebuilding our digital infrastructure,” he said. The National Guard’s cyber protection team is expected to provide additional technical capacity to speed up system recovery and reduce the risk of further compromise. [caption id="attachment_104287" align="aligncenter" width="941"] Source: https://mn.gov/governor/[/caption] Ongoing Investigation City leaders have not yet disclosed the identity of the attackers or their motives, citing the sensitivity of the ongoing investigation. They also said it is too early to confirm whether any sensitive data was accessed or stolen during the cyberattack on city of St. Paul. “We are urging all city staff to take precautionary steps to safeguard their digital security, in both their professional and personal lives,” Carter said. At press conference, Chief Information Security Officer Stefanie Horvath, Deputy Mayor Jaime Tincher, and Emergency Management Director Rick Schute joined Mayor Carter and OTC Director Wascalus to outline the coordinated effort underway. St. Paul Police Chief Axel Henry and Fire Assistant Chief Jeramiah Melquist also briefed the media on how emergency responders are adapting to service disruptions while maintaining readiness for public safety incidents. Protecting Public Trust Mayor Carter reiterated that maintaining the trust of residents is at the center of the city’s response. “From the very beginning of this incident, preserving our ability to deliver emergency services has been a top priority,” he said. “We remain focused on defending our systems, protecting our city, and upholding the trust of the people we serve.” While most city systems remain offline as a precaution, officials said they are making progress in restoring critical functions. “This remains not only an ongoing investigation but an active and dynamic threat,” Carter said. “We are able to provide basic information about what has happened and the steps we are taking in response—but we will not speculate on the motivations of the threat actor or share specific details about the investigation at this time.” Broader Impact Cyberattacks targeting municipal governments have become increasingly common in recent years, often involving ransomware groups seeking financial gain or politically motivated actors attempting to disrupt essential services. Such cyberattacks can paralyze city operations and potentially expose sensitive data, making rapid response critical. Governor Walz emphasized the state’s commitment to helping Saint Paul recover and prevent future attacks. “We are committed to working alongside the City of Saint Paul to restore cybersecurity as quickly as possible,” he said. City officials promised to continue providing updates as they work to assess the full scope of the breach, rebuild secure systems, and return to normal operations. “This breach was intentionally caused by a criminal external threat actor,” Mayor Carter said. “We will not stop until we have restored our systems and ensured the safety and security of our city’s digital infrastructure.”

image for Passkey support in b ...

 Business

Transition to passkeys promises organizations a cost-effective path toward robust employee authentication, increased productivity, and regulatory compliance. Weve already covered all the pros and cons of this business solution in a separate, in-depth article. However, the success of the transition — and even its   show more ...

feasibility — really hinges on the technical details and implementation specifics across numerous corporate systems. Passkey support in identity management systems Before tackling organizational hurdles and drafting policies, youll have to determine if your core IT systems are ready for the switch to passkeys. Microsoft Entra ID (Azure AD) fully supports passkeys, letting admins set them as the primary sign-in method. For hybrid deployments with on-premises resources, Entra ID can generate Kerberos tickets (TGTs), which your Active Directory domain controller can then process. However, Microsoft doesnt yet offer native passkey support for RDP, VDI, or on-premises-only AD sign-ins. That said, with a few workarounds, organizations can store passkeys on a hardware token like a YubiKey. This kind of token can simultaneously support both the traditional PIV (smart cards) technology and FIDO2 (passkeys). There are also third-party solutions for these scenarios, but youll need to evaluate how using them impacts your overall security posture and regulatory compliance. Good news for Google Workspace and Google Cloud users: they offer full passkey support. Popular identity management systems like Okta, Ping, Cisco Duo, and RSA IDplus also support FIDO2 and all major forms of passkeys. Passkey support on client devices We have a detailed post on the subject. All modern operating systems from Google, Apple, and Microsoft support passkeys. However, if your company uses Linux, youll likely need extra tools, and overall support is still limited. Also, while for all major operating systems it might look like full support on the surface, theres a lot of variety in how passkeys are stored, and that can lead to compatibility headaches. Combinations of several systems like Windows computers and Android smartphones are the most problematic. You might create a passkey on one device and then find you cant access it on another. For companies with a strictly managed device fleet, there are a couple of ways to tackle this. For example, you could have employees generate a separate passkey for each company device they use. This means a bit more initial setup: employees will need to go through the same process of creating a passkey on every device. However, once thats done, signing in takes minimal time. Plus, if they lose one device, they wont be completely locked out of their work data. Another option is to use a company-approved password manager to store and sync passkeys across all employees devices. This is also a must for companies using Linux computers, as its operating system cant natively store passkeys. Just a heads-up: this approach might add some complexity when it comes to regulatory compliance audits. If youre looking for a solution with almost no issues with sync and multiple platforms, hardware passkeys like the YubiKey are the way to go. The catch is that they can be significantly more expensive to deploy and manage. Passkey support in business applications The ideal scenario for bringing passkeys into your business apps is to have all your applications sign in through single sign-on (SSO). That way, you only need to implement passkey support in your corporate SSO solution, such as Entra ID or Okta. However, if some of your critical business applications dont support SSO, or if that support isnt part of your contract (which, unfortunately, happens), youll have to issue individual passkeys for users to sign in to each separate system. Hardware tokens can store anywhere from 25 to 100 passkeys, so your main extra cost here would be on the administrative side. Popular business systems that fully support passkeys include Adobe Creative Cloud, AWS, GitHub, Google Workspace, HubSpot, Office 365, Salesforce, and Zoho. Some SAP systems also support passkeys. Employee readiness Rolling out passkeys means getting your team up to speed regardless of the scenario. You dont want them scratching their heads trying to figure out new interfaces. The goal is for everyone to feel confident using passkeys on every single device. Here are the key things your employees will need to understand. Why passkeys beat passwords (theyre much more secure, faster to sign in with, and dont need to be rotated) How biometrics work with passkeys (the biometric data never leaves the device, and isnt stored or processed by the employer) How to get their very first passkey (for example, Microsoft has a Temporary Access Pass feature, and third-party IAM systems often send an onboarding link; the process needs to be thoroughly documented, though) What to do if their device doesnt recognize their passkey What to do if they lose a device (sign in from another device that has its own passkey, or use an OTP, perhaps given to them in a sealed envelope for just such an emergency) How to sign in to work systems from other computers (if the companys policies permit it) What a passkey-related phishing attempt might look like Passkeys are no silver bullet Moving to passkeys doesnt mean your cybersecurity team can just cross identity threats off their risk list. Sure, it makes things tougher for attackers, but they can still do the following: Target systems that havent switched to passkeys Go after systems that still have fallback login methods like passwords and OTPs Steal authentication tokens from devices infected with infostealers Use special techniques to bypass passkey protections While its impossible to phish the passkey itself, attackers can set up fake web infrastructure to trick a victim into authenticating and validating a malicious session on a corporate service. A recent example of this kind of AiTM attack was documented in the U.S. In that incident, the victim was lured to a fake authentication page for a corporate service, where attackers first phished their username and password, and then the session confirmation by having them scan a QR code. In this incident, the security policies were configured correctly, so scanning this QR code did not lead to successful authentication. But since such a mechanism with passkeys was implemented, the attackers hope that somewhere it is configured incorrectly, and the physical proximity of the device on which authentication is carried out and the device where the key is stored is not checked. Ultimately, switching to passkeys requires detailed policy configuration. This includes both authentication policies (such as disabling passwords when a passkey is available, or banning physical tokens from unknown vendors) and monitoring policies (such as logging passkey registrations or cross-device scenarios from suspicious locations).

image for Scammers Unleash Flo ...

 A Little Sunshine

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and   show more ...

remarkable traits of this sprawling network of more than 1,200 scam sites. The scam begins with deceptive ads posted on social media that claim the wagering sites are working in partnership with popular social media personalities, such as Mr. Beast, who recently launched a gaming business called Beast Games. The ads invariably state that by using a supplied “promo code,” interested players can claim a $2,500 credit on the advertised gaming website. An ad posted to a Discord channel for a scam gambling website that the proprietors falsely claim was operating in collaboration with the Internet personality Mr. Beast. Image: Reddit.com. The gaming sites all require users to create a free account to claim their $2,500 credit, which they can use to play any number of extremely polished video games that ask users to bet on each action. At the scam website gamblerbeast[.]com, for example, visitors can pick from dozens of games like B-Ball Blitz, in which you play a basketball pro who is taking shots from the free throw line against a single opponent, and you bet on your ability to sink each shot. The financial part of this scam begins when users try to cash out any “winnings.” At that point, the gaming site will reject the request and prompt the user to make a “verification deposit” of cryptocurrency — typically around $100 — before any money can be distributed. Those who deposit cryptocurrency funds are soon asked for additional payments. However, any “winnings” displayed by these gaming sites are a complete fantasy, and players who deposit cryptocurrency funds will never see that money again. Compounding the problem, victims likely will soon be peppered with come-ons from “recovery experts” who peddle dubious claims on social media networks about being able to retrieve funds lost to such scams. KrebsOnSecurity first learned about this network of phony betting sites from a Discord user who asked to be identified only by their screen name: “Thereallo” is a 17-year-old developer who operates multiple Discord servers and said they began digging deeper after users started complaining of being inundated with misleading spam messages promoting the sites. “We were being spammed relentlessly by these scam posts from compromised or purchased [Discord] accounts,” Thereallo said. “I got frustrated with just banning and deleting, so I started to investigate the infrastructure behind the scam messages. This is not a one-off site, it’s a scalable criminal enterprise with a clear playbook, technical fingerprints, and financial infrastructure.” After comparing the code on the gaming sites promoted via spam messages, Thereallo found they all invoked the same API key for an online chatbot that appears to be in limited use or else is custom-made. Indeed, a scan for that API key at the threat hunting platform Silent Push reveals at least 1,270 recently-registered and active domains whose names all invoke some type of gaming or wagering theme. The “verification deposit” stage of the scam requires the user to deposit cryptocurrency in order to withdraw their “winnings.” Thereallo said the operators of this scam empire appear to generate a unique Bitcoin wallet for each gaming domain they deploy. “This is a decoy wallet,” Thereallo explained. “Once the victim deposits funds, they are never able to withdraw any money. Any attempts to contact the ‘Live Support’ are handled by a combination of AI and human operators who eventually block the user. The chat system is self-hosted, making it difficult to report to third-party service providers.” Thereallo discovered another feature common to all of these scam gambling sites [hereafter referred to simply as “scambling” sites]: If you register at one of them and then very quickly try to register at a sister property of theirs from the same Internet address and device, the registration request is denied at the second site. “I registered on one site, then hopped to another to register again,” Thereallo said. Instead, the second site returned an error stating that a new account couldn’t be created for another 10 minutes. The scam gaming site spinora dot cc shares the same chatbot API as more than 1,200 similar fake gaming sites. “They’re tracking my VPN IP across their entire network,” Thereallo explained. “My password manager also proved it. It tried to use my dummy email on a site I had never visited, and the site told me the account already existed. So it’s definitely one entity running a single platform with 1,200+ different domain names as front-ends. This explains how their support works, a central pool of agents handling all the sites. It also explains why they’re so strict about not giving out wallet addresses; it’s a network-wide policy.” In many ways, these scambling sites borrow from the playbook of “pig butchering” schemes, a rampant and far more elaborate crime in which people are gradually lured by flirtatious strangers online into investing in fraudulent cryptocurrency trading platforms. Pig butchering scams are typically powered by people in Asia who have been kidnapped and threatened with physical harm or worse unless they sit in a cubicle and scam Westerners on the Internet all day. In contrast, these scambling sites tend to steal far less money from individual victims, but their cookie-cutter nature and automated support components may enable their operators to extract payments from a large number of people in far less time, and with considerably less risk and up-front investment. Silent Push’s Zach Edwards said the proprietors of this scambling empire are spending big money to make the sites look and feel like some fancy new type of casino. “That’s a very odd type of pig butchering network and not like what we typically see, with much lower investments in the sites and lures,” Edwards said. Here is a list of all domains that Silent Push found were using the scambling network’s chat API.

 Feed

Google has announced that it's making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen cookies to sign-in to victims' accounts and gain

 Feed

Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025. "Over the course of three days, a threat actor gained access to the customer's network, attempted to download several suspicious files and communicated with malicious infrastructure linked to Auto-Color

 Feed

Google Cloud's Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses. "Since the recent arrests tied to the alleged Scattered Spider (UNC3944) members in the U.K., Mandiant Consulting hasn't observed any new intrusions directly

 Feed

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. "The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device,"

 Feed

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities. The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to

 Feed

In this article, we will provide a brief overview of Pillar Security's platform to better understand how they are tackling AI security challenges. Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI systems. Using its holistic approach, the platform introduces new ways of detecting AI threats, beginning

 Feed

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser's ANGLE and GPU components that could result in a sandbox escape via

 Feed

Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets. The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct

 Feed

Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free. "Because the ransomware is now considered dead, we released the decryptor for public download," Gen Digital researcher Ladislav Zezula said. FunkSec, which emerged towards the end of 2024, has claimed 172 victims, according to data from

 0CISO2CISO

Source: www.csoonline.com – Author: Critical flaw in new tool could allow attackers to steal data at will from developers working with untrusted repositories. It’s barely been out for a month and already security researchers have discovered a prompt injection vulnerability in Google’s Gemini command line   show more ...

interface (CLI) AI agent that could be exploited to steal […] La entrada Google patches Gemini CLI tool after prompt injection flaw uncovered – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Attackers tried chaining the just-patched SAP Netweaver bug with the stealthy Auto-Color Linux RAT for a multi-stage compromise. Threat actors recently tried to exploit a freshly patched max-severity SAP Netweaver flaw to deploy a persistent Linux remote access trojan (RAT)   show more ...

“Auto-Color.” According to a Darktrace report, a recent attack abused the […] La entrada Auto-Color RAT targets SAP NetWeaver bug in an advanced cyberattack – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Analyse 29. Juli 20254 Minuten SicherheitThreat and Vulnerability Management Gartner prognostiziert, dass die weltweiten Ausgaben im Jahr 2025 über 200 Milliarden Dollar erreichen werden. Die Ausgaben steigen weltweit, in Deutschland aber mit leichter Delle. PeopleImages.com   show more ...

– Yuri A Viele Unternehmen haben bereits realisiert, wie wichtig Investitionen in Cybersicherheit sind und erhöhen […] La entrada Cybersicherheitsausgaben wachsen langsamer – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Eine Tätergruppe richtet mit Erpressung im Netz weltweit fast eine halbe Milliarde Euro Schaden an. Jetzt gelang Fahndern ein empfindlicher Schlag gegen die Cyberkriminellen. Die Angreifer verschlüsseln Daten nicht nur, sondern stehlen diese vorher. AIBooth – shutterstock.   show more ...

com Fast 200 Opfer und ein Millionenschaden: Internationalen Ermittlern ist ein Schlag gegen weltweit agierende […] La entrada Ermittler stoppen Erpresser-Software von Blacksuit/Royal – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Immer wieder kommt es in Russlands Luftverkehr bei ukrainischen Drohnenangriffen zu massiven Problemen. Neue Dutzende Flugausfälle in Moskau haben aber wohl einen anderen Grund. Im Kreml spricht man von alarmierenden Nachrichten. FOTOGRIN – shutterstock.com In Moskau sind   show more ...

nach einem mutmaßlichen Angriff proukrainischer Hackergruppen Dutzende Flüge ausgefallen. Die staatliche russische Fluggesellschaft Aeroflot […] La entrada Nach Flugausfällen sprechen Hacker und Kreml von Angriff – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Application Security

Source: www.csoonline.com – Author: As generative AI transforms business, security experts are adapting hacking techniques to discover vulnerabilities in intelligent systems — from prompt injection to privilege escalation. AI systems present a new kind of threat environment, leaving traditional security   show more ...

models — designed for deterministic systems with predictable behaviors — struggling to account for the […] La entrada How AI red teams find hidden flaws before attackers do – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.csoonline.com – Author: Changing business models, rapid technology adoption, continuous skills shortages, and tight budgets will make healthcare organizations an easy target for cyber adversaries. CISOs must respond accordingly. Healthcare is one of the largest industries in the world. In the US,   show more ...

healthcare spending accounts for about 17% of the country’s gross domestic product […] La entrada The healthcare industry is at a cybersecurity crossroads – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. “The vulnerability we discovered was remarkably simple to   show more ...

exploit — by providing only a non-secret app_id value to undocumented registration and […] La entrada Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44 – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line   show more ...

“[PyPI] Email verification” that are sent from the email […] La entrada PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 chaos

Source: thehackernews.com – Author: . A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter’s dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February 2025, is the   show more ...

latest entrant in the ransomware landscape to […] La entrada Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed   show more ...

triggered the security solution. There are several actions that could […] La entrada Nimble ‘Gunra’ Ransomware Evolves With Linux Variant – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the   show more ...

security solution. There are several actions that could […] La entrada Critical Flaw in Vibe-Coding Platform Base44 Exposes Apps – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Durgaprasad Balakrishnan Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the   show more ...

security solution. There are several actions that could trigger this […] La entrada The Hidden Threat of Rogue Access – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: grahamcluley.com – Author: Graham Cluley Skip to content In episode 61 of The AI Fix, a robot called DeREK goes bananas, OpenAI, Google DeepMind, and Anthropic warn we may lose the ability to see what AI is thinking, a dextrous robot changes its own batteries, the USA unveils its AI action plan, and a   show more ...

[…] La entrada The AI Fix #61: Replit panics, deletes $1M project; AI gets gold at Math Olympiad – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.bitdefender.com – Author: Graham Cluley Over 200,000 websites running a vulnerable version of a popular WordPress plugin could be at risk of being hijacked by hackers. The Post SMTP plugin is an add-on used by approximately 400,000 WordPress-powered websites to improve the reliability and security   show more ...

of their email delivery. The plugin has proven popular […] La entrada 200,000 WordPress websites at risk of being hijacked due to vulnerable Post SMTP plugin – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 API security

Source: securityboulevard.com – Author: Jeffrey Burt The security breach of the popular women-only safe-dating app Tea widened over the weekend, when a second database storing 1.1 million DMs between members was compromised. News of the exposure came days after an initial investigation found that a database   show more ...

holding older data, including photos, was breached. The post […] La entrada Tea App Data Breach Deepens, with 1.1 Million User Chats Exposed – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Acquisition

Source: securityboulevard.com – Author: Jon Swartz Palo Alto Networks Inc. is in discussions to acquire CyberArk Software for more than $20 billion in one of tech’s biggest deals this year, as vendors scramble to fortify their cybersecurity defenses. Palo Alto Networks could finalize a deal for the identity   show more ...

management software maker — its largest ever […] La entrada Palo Alto Networks In Talks to Acquire CyberArk for $20 Billion: Report – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: George V. Hulme For years, primarily driven by regulatory compliance mandates, such as the Sarbanes-Oxley Act of 2002, identity and access management has been treated as a regulatory compliance exercise, rather than the security exercise it should be — and simply   show more ...

checking off compliance requirements leaves many organizations with a dangerous […] La entrada Mapping Mayhem: Security’s Blind Spots in Identity Security – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Associated Press Tea, a dating discussion app that recently suffered a high-profile cybersecurity breach, announced late Monday that some direct messages were also accessed in the incident. The app — designed to let women safely discuss men they date — rocketed to the   show more ...

top of the U.S. Apple App Store last […] La entrada Tea App Takes Messaging System Offline After Second Security Issue Reported – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Eduard Kovacs Lenovo devices are affected by several vulnerabilities, including ones that could allow attackers to deploy persistent implants on targeted systems, firmware security and supply chain risk management company Binarly reported on Tuesday. Binarly discovered a   show more ...

total of six flaws in Lenovo all-in-one desktops, specifically the System Management Mode (SMM), […] La entrada Lenovo Firmware Vulnerabilities Allow Persistent Implant Deployment – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breach

Source: www.infosecurity-magazine.com – Author: The global average cost of a data breach fell by 9% to $4.44m in 2025, the first decline observed in five years, according to IBM’s Cost of a Data Breach Report 2025. The fall has been attributed to improved detection and containment capabilities in   show more ...

organizations, boosted by AI and automation tools. […] La entrada Data Breach Costs Fall for First Time in Five Years – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A total of 396 compromised systems have been identified following the widespread exploitation of the Microsoft SharePoint zero-day vulnerability ToolShell (CVE-2025-53770/53771). Eye Security, the Dutch company that discovered the global zero-day, analyzed 27,000   show more ...

SharePoint servers between July 18 and 23 and confirmed the compromise affected at least 145 unique organizations across […] La entrada US Tops Hit List as 396 SharePoint Systems Compromised Globally – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: The Open Worldwide Application Security Project (OWASP) has published new practical guidance for securing agentic AI applications powered by large language models (LLMs). The comprehensive guidance, published on July 28, focuses on concrete technical   show more ...

recommendations for builders and developers of AI agents, including AI/ML engineers, software developers, security professionals and AppSec […] La entrada OWASP Launches Agentic AI Security Guidance – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Google has announced that it’s making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind   show more ...

authentication sessions to a device so as to […] La entrada Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025. “Over the course of three days, a threat actor gained access to the   show more ...

customer’s network, attempted to download several suspicious files and […] La entrada Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Google Cloud’s Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses. “Since the recent arrests tied   show more ...

to the alleged Scattered Spider (UNC3944) members in […] La entrada Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: levelblue.com – Author: hello@alienvault.com. LevelBlue is proud to present the second edition of our biannual Threat Trends Report! This report builds on what we started in our first edition, providing cybersecurity teams with critical insights into current threats. This edition covers threat actor   show more ...

activity observed in the first half of 2025 by the LevelBlue […] La entrada Fool Me Once: How Cybercriminals Are Mastering the Art of Deception – Source:levelblue.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software CVE-2017-6736 CVE-2017-6737 CVE-2017-6738 Summary The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an   show more ...

authenticated, remote attacker to remotely execute code on an affected system or cause […] La entrada SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier “Who’s winning on the internet, the attackers or the defenders?” I’m asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain’s latest Lawfare piece has amassed data. The essay provides the   show more ...

first framework for metrics about how we […] La entrada Measuring the Attack/Defense Balance – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 air travel

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments Clive Robinson • July 29, 2025 12:44 PM Hmm, I would have said that it should have been expected, and whilst annoying and destabilising it’s not life threatening as such. Or at least not yet… I would not rule out a “False Flag” attack   show more ...

to cover some […] La entrada Aeroflot Hacked – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: News Jul 30, 20255 mins Patch Management SoftwareThreat and Vulnerability ManagementZero-Day Vulnerabilities Recent research into KEVs and CVEs shows that threat actors are capitalizing on flaws much more quickly, leaving defenders in need of improved detection and patching   show more ...

regimens. Patching windows for organizations keep shortening, as threat actors exploit important vulnerabilities […] La entrada 32% of exploited vulnerabilities are now zero-days or 1-days – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-07
Aggregator history
Wednesday, July 30
TUE
WED
THU
FRI
SAT
SUN
MON
JulyAugustSeptember