Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for New Android Malware ...

 Firewall Daily

A newly discovered Android malware, dubbed SikkahBot, is actively targeting students in Bangladesh by posing as official applications from the Bangladesh Education Board. This malware campaign, identified by Cyble Research and Intelligence Labs (CRIL), has been in operation since July 2024.  According to CRIL, the   show more ...

SikkahBot malware is distributed through shortened URLs, including links like bit[.]ly/Sikkahbord, apped[.]short[.]gy, and downloadapp[.]website/tyup[.]apk. These URLs are likely spread through smishing attacks, tricking victims into downloading malicious APK files under the pretense of scholarship applications from government bodies.  Once installed, the fake apps prompt users to log in using their Google or Facebook accounts and request personal details such as name, department, and institute. It then demands financial information, including wallet numbers, wallet PINs, and payment methods. After submission, a fake message informs the victim that a representative will contact them soon, a ploy to buy time while the malware begins its work in the background.  SikkahBot Malware: Permissions Abuse and Automated Banking Fraud  What sets SikkahBot apart is its aggressive abuse of Android permissions. Upon installation, it pushes users to grant high-risk access, including the Accessibility Service, SMS access, call management, and the ability to draw over other apps. These permissions allow it to monitor and manipulate user activity with deep control over the device.  [caption id="" align="alignnone" width="904"] Permission Activity (Source: Cyble)[/caption] Once these permissions are granted, the malware activates a fake homepage showing doctored images of students supposedly receiving scholarships, part of its social engineering strategy to establish legitimacy.  Behind the scenes, SikkahBot registers a broadcast receiver to intercept all incoming SMS messages. It specifically targets keywords related to mobile banking services widely used in Bangladesh, such as “bKash,” “Nagad,” and “MYGP,” as well as associated service numbers like “16216” and “26969.” Captured messages are then sent to an attacker-controlled Firebase server at update-app-sujon-default-rtdb[.]firebaseio.com.  Accessibility Exploits and Offline USSD Transactions  The malware’s exploitation of the Accessibility Service is particularly dangerous. When it detects that a user is interacting with banking apps such as bKash, Nagad, or Dutch-Bangla Bank, it pulls credentials from its command-and-control server. It attempts to autofill login details, bypassing user input entirely.  [caption id="" align="alignnone" width="904"] Login and registration page (Source: Cyble)[/caption] If the user isn’t actively using these apps, SikkahBot initiates USSD-based banking transactions. It receives USSD codes and SIM slot information from the server, executes the calls, and automatically interacts with response prompts by clicking on UI elements labeled "SEND" or "OK." This method allows transactions without requiring internet access, increasing the malware’s reach and reliability in low-connectivity environments.  Evasion and Evolution  Despite its high-risk behavior, SikkahBot malware variants maintain low detection rates on VirusTotal, a factor that highlights the malware’s obfuscation techniques and the attackers’ continued refinement. CRIL reports that more than 10 distinct samples have been discovered, with newer versions incorporating more automated features and sophisticated command execution methods.  “The combination of phishing, automated banking activity, and offline USSD exploitation makes it a highly effective tool for financial fraud against unsuspecting students,” CRIL stated in its technical analysis.  Recommendations for Protection  To protect against malware campaigns like SikkahBot, CRIL stresses the need for improved mobile security awareness and proactive defense strategies. Their key recommendations include: Install apps only from trusted sources such as the Google Play Store.  Avoid clicking on shortened or suspicious links, especially those received via SMS or social media.  Limit permissions: Do not grant Accessibility or overlay permissions unless absolutely necessary and verified.  Enable Multi-Factor Authentication (MFA) for financial apps.  Use mobile security software that includes real-time threat detection.  Keep Android OS and apps up to date to patch known vulnerabilities.  Report suspicious activity immediately to your bank and perform a factory reset if necessary.  Cyble’s Threat Intelligence Platform continues to monitor emerging malware like SikkahBot, providing early detection capabilities, infrastructure tracking, and threat attribution. As digital fraud increases in complexity and scope, constant vigilance and cybersecurity hygiene remain the first lines of defense. 

image for Not Larger Telecommu ...

 Threat Intelligence News

China-linked espionage actor Salt Typhoon is again in news but this time not for targeting larger telecommunication giants, instead its the smaller internet and hosting service providers in the Netherlands. The Dutch intelligence service on Thursday said that the country "didn't receive the same level of   show more ...

attention from the Salt Typhoon hackers as those in the U.S.," but it "can now corroborate some of the findings of the U.S. investigation with independent intelligence." The Dutch MIVD and AIVD (General Intelligence and Security Service) said, "The Chinese hacker group had access to routers belonging to the Dutch targets. As far as we know, the hackers did not penetrate any further into their internal networks." No information on the number of routers accessed or which sectors were targeted was provided but the authorities said, "(It)did observe targets in the Netherlands. These were not large telecommunications providers, but smaller internet service and hosting providers." The MIVD and the AIVD have been warning for some time about the growing Chinese cyber threat," the authorities said. "These activities have become so sophisticated that continuous effort and attention are required to promptly detect and mitigate cyber operations against Dutch interests. This can reduce risks, but not eliminate them entirely. This poses a major challenge to Dutch resilience." The MIVD, AIVD, and the National Cyber ​​Security Centre (NCSC) have previously shared threat intelligence with targets and other relevant audiences, whenever possible. Salt Typhoon Campaign's Roots This announcement cam on the heels of a multi-nation joint advisory released a day before that warned of China-linked threat groups Salt Typhoon and GhostEmperor's targeting of critical infrastructure networks around the world in a persistent campaign of cyber espionage. Read: Chinese State Hackers Target Global Critical Infrastructure, NSA Warns These operations have been traced to three China-based companies: Sichuan Juxinhe Network Technology Co. Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd., which allegedly act as a front for the Chinese Ministry of State Security and the People’s Liberation Army. Salt Typhoon's wider operation net first came to light late last year when several U.S. Telecom companies reported hack and wiretap of key members of the Presidential elections. In an official hearing, earlier this year, the chairman of the Senate Intelligence Committee said, evicting these intruders will require replacing “thousands and thousands and thousands” of network devices. Read: China Attack on U.S. Telecom Networks: ‘Thousands and Thousands’ of Devices Need to Be Replaced The Salt Typhoon tied breach of U.S. telecom networks lasted for more than a year in some cases, and while only 150 victims were notified at the time, the total could eventually number in the “millions,” experts had warned Warner, a former telecom venture capitalist, called the breaches the “worst telecom hack" in the nation’s history – by far.

image for German Prosecutors C ...

 Cyber News

Berlin prosecutors have formally charged a 30-year-old German man accused of carrying out the Rosneft cyberattack in March 2022, an incident that severely disrupted one of Germany’s most critical energy companies and caused millions of euros in damages. The Berlin Public Prosecutor’s Office announced that the   show more ...

suspect faces two counts of data espionage, including one charge of particularly serious computer sabotage. According to investigators from the Federal Criminal Police Office (BKA), the hacker infiltrated the systems of Rosneft Deutschland GmbH, stole around 20 terabytes of data, and deleted critical files that formed part of Germany’s critical infrastructure in the energy sector. Anonymous Germany Hack Targeted Critical Infrastructure The Rosneft Deutschland cyberattack unfolded just weeks after Russia launched its full-scale invasion of Ukraine, placing European energy companies under pressure. Rosneft Deutschland, the German subsidiary of Russia’s state-owned oil giant, was classified as part of the country’s critical infrastructure and became a target for hacktivist activity. The man accused was allegedly linked to Anonymous Germany, a hacking group that publicly claimed responsibility for the breach. The hackers said their attack was motivated by Rosneft’s ties to Russian President Vladimir Putin and its attempts to evade international sanctions. Screenshots later posted online suggested the attackers had administrator rights over dozens of systems, including at least 59 Apple devices. The hackers also embedded the slogan “Glory to Ukraine” into Rosneft’s infrastructure, framing the attack as a protest against Russia’s war. Cyberattack After Russia’s Invasion Caused Millions in Damages The financial impact of the Rosneft cyberattack was severe. Prosecutors said Rosneft Deutschland was forced to shut down its IT systems entirely, launch a forensic investigation, and initiate emergency recovery operations. These actions alone cost the company around €9.76 million ($11.39 million). In addition, delivery logistics and business operations were severely disrupted, leaving the company unable to negotiate short-term energy contracts or respond to volatile market conditions. The disruptions caused an additional €2.59 million ($2.84 million) in losses, bringing total damages to well over €12 million. While the cyberattack on critical infrastructure disrupted internal communications and caused temporary delivery issues, prosecutors noted it did not lead to a major interruption in oil supply for the Berlin-Brandenburg region. 20 Terabytes of Data Stolen in Rosneft Cyberattack Investigators allege the hacker stole approximately 20 terabytes of data during the March 2022 intrusion. The files were later published on a website reportedly run by the accused and two other members of Anonymous. The website, which displayed lists of stolen files and documents, was active until mid-2023 but has since been taken offline. According to prosecutors, the Rosneft cyberattack compromised not only corporate data but also threatened the stability of operations at a time when Europe was facing a major energy crisis. Berlin Prosecutor Pursues Computer Sabotage Charges The Berlin Public Prosecutor’s Office has filed charges with the Tiergarten District Court, which will now decide whether to proceed with a full trial. If convicted of computer sabotage and data espionage, the suspect could face a lengthy prison sentence under Germany’s cybercrime laws. The case is notable not only for the scale of the data theft but also because it highlights the role of hacktivist groups like Anonymous Germany in blending political motives with digital sabotage. Germany’s Federal Office for Information Security (BSI) said at the time that the attack highlighted vulnerabilities in the country’s critical infrastructure cyber defense. Officials warned that even though Rosneft was able to avoid a full supply crisis, the case showed how cyberattacks on critical infrastructure could ripple through energy markets and disrupt essential services. A Broader Conflict in Cyberspace The Rosneft cyberattack is one example of how the war in Ukraine extended beyond physical battlefields into cyberspace. While governments, militaries, and corporations have dealt with conventional attacks and sanctions, hacktivist collectives like Anonymous have waged their own campaigns online. For Rosneft Deutschland, the incident remains a costly reminder of how vulnerable critical energy companies can be. For German prosecutors, the upcoming trial could set an important precedent in holding individuals accountable for politically motivated cyberattacks on critical infrastructure.

image for Ransomware Attack Hi ...

 Cyber News

The State of Nevada is contending with the fallout of a major cyberattack that struck government systems early Sunday morning, disrupting critical public services and flashing a round-the-clock recovery effort involving state, local, and federal agencies. Governor Joe Lombardo and state officials confirmed this week   show more ...

that while some systems have begun to come back online, key agencies, including the Department of Motor Vehicles (DMV) and the Nevada Health Authority, remain heavily impacted. The scope of the Nevada cyberattack, described as a ransomware attack, is still being investigated, and officials have not yet determined what kind of data was compromised. The Nevada Cyberattack and Initial Response The cyberattack on Nevada was detected in the early hours of Sunday, when security teams flagged unusual activity on state networks. In response, Nevada’s Office of the Governor and the Governor’s Technology Office (GTO) activated an emergency protocol, immediately isolating affected systems to contain the attack and launching 24/7 recovery operations. Because the breach remains the subject of an active criminal investigation, state officials said they cannot disclose technical details, citing Nevada Revised Statute 242.105. However, they acknowledged that “some data has been extricated,” though the content of that data remains unclear. “If we eventually find out it contains personal identifiers, we will make that public as soon as possible,” Gov. Lombardo told reporters at a press conference in Las Vegas, the second briefing held in as many days. Impact on Nevadans The Nevada cyberattack has forced temporary closures of state offices and disrupted access to websites and phone lines across agencies. While emergency services remain intact, including 911 call-taking and law enforcement access to the FBI’s National Crime Information Center — the public has been advised to expect intermittent outages when accessing non-emergency government resources. The DMV has been hit particularly hard. Director Tonya Laney announced that all in-person and online services remain suspended indefinitely. In an effort to ease public frustration, the state has pledged to waive expirations, late fees, and penalties that fall within the outage window. Canceled appointments will be honored as walk-ins for at least two weeks after services resume. “We hear the community when you’re telling us this feels like post-COVID times, where people might use this as an excuse to drive unregistered,” Laney said. “We are paying attention to that and this leniency only applies to the outage period.” At the Nevada Health Authority, paper applications are being accepted for Medicaid benefits while digital systems remain down. Director Stacie Weeks expressed optimism that online portals could be restored in the coming days. Meanwhile, state payroll and pension systems remain unaffected. Officials also confirmed that the monthly per-pupil funding for Nevada’s public schools was successfully transmitted to districts on time, ensuring education budgets were not disrupted. Protecting the Public With uncertainty over the extent of the data breach, the state has urged Nevadans to remain vigilant against potential scams. Officials warned residents to be cautious of unsolicited calls, emails, or texts asking for personal information or payments. “The State will never ask for your password or bank details over phone or email,” a statement from the GTO noted. Residents are encouraged to verify information on official government channels and report suspicious contacts to their agency security officer. Government in Recovery Mode Gov. Lombardo emphasized that his administration has prioritized restoring the most critical services first. Temporary routing and operational workarounds have been implemented to maintain public access where possible. Systems are being validated before returning to full operation, a process officials say is essential to avoid further risk. “There’s no absolute policy when it comes to ransomware,” Lombardo said, noting that Nevada is still evaluating whether to rebuild systems entirely or consider paying a ransom. He declined to disclose the ransom amount or speculate on the attackers’ motives. Despite the challenges, Lombardo sought to reassure residents that government agencies acted quickly. “While this incident has posed challenges, I want Nevadans to know one thing clearly: Our government and our partners acted quickly and effectively to secure the critical services our communities rely on.” Politics and Presence The governor also faced questions over his absence from a Wednesday press conference in Carson City. His office confirmed he was in rural northern Nevada attending long-scheduled events, including a temple celebration and meetings on wildfire recovery and local economic issues. Critics, including state Democrats, questioned the optics of his absence during a high-profile crisis. Lombardo defended his decision, saying he was receiving hourly updates and remained fully engaged with his directors and response teams. “I want everybody to be aware, I am fully engaged. I have never lost contact with any of my directors,” he said. “As constant as 24 hours a day, there’s been conversation. I have never been unavailable as your governor during this crisis.” For now, Nevadans are being asked for patience as services gradually come back online. “We know this has disrupted daily life, but our focus is on restoring systems safely,” Lombardo said. With critical operations like payroll, pensions, and school funding safeguarded, the state is striving to minimize the fallout. Yet for thousands of residents waiting to renew a driver’s license, file Medicaid paperwork, or access other routine services, the cyberattack is a reminder of just how vulnerable modern governance can be in the digital age.

image for SEBI Clarifies Scope ...

 Firewall Daily

The Securities and Exchange Board of India (SEBI) issued a clarification on Thursday regarding the scope and applicability of its Cybersecurity and Cyber Resilience Framework (CSCRF). According to the markets regulator, the framework applies strictly to systems used exclusively for SEBI-regulated activities,   show more ...

alleviating concerns around overlapping responsibilities with other regulatory bodies.  SEBI emphasized that shared infrastructure, if not already overseen by the Reserve Bank of India (RBI) or another competent authority, will still fall under the CSCRF audit requirements. This ensures a consistent cybersecurity standard across all system types, especially as institutions increasingly rely on common digital platforms.  Importantly, SEBI acknowledged that regulated entities (REs) already complying with cybersecurity norms issued by the RBI or any equivalent regulator will not need to duplicate efforts. Such existing compliance will be accepted under SEBI’s framework, reducing operational burdens on dual-regulated entities, as reported by The Economic Times. Critical Systems, Zero Trust, and Disaster Recovery Guidelines The CSCRF circular expanded on what constitutes a “critical system,” identifying it as any system that affects core operations, stores or transmits regulatory data, hosts client-facing or internet-facing applications, or resides on the same network as such systems. To strengthen resilience, SEBI urged REs to implement zero-trust principles, like network segmentation, high availability, and eliminating single points of failure, with oversight from their IT Committees.  In terms of mobile applications, the framework’s guidelines are considered recommendatory rather than mandatory. Meanwhile, for cyber crises, REs must act based on their internal Cyber Crisis Management Plan, avoiding the issuance of press releases during such events.  While tools such as threat simulations, vulnerability assessments, and decoy systems are encouraged, SEBI clarified that their use is not compulsory. However, entities must actively assess cybersecurity risks arising from third-party vendors in coordination with their IT Committees.  SEBI also stressed the importance of protecting cyber audit reports. “While receiving and handling cyber audit reports submitted by their members, stock exchanges and depositories shall ensure that adequate safeguards are in place to maintain the confidentiality and integrity of such reports,” the regulator said.  For disaster recovery, regulated entities must be able to resume critical operations within two hours (Recovery Time Objective – RTO) and ensure data recovery within 15 minutes (Recovery Point Objective – RPO). Entities must also plan for contingencies in cases where these benchmarks cannot be achieved.  Revised CSCRF Categorization for Portfolio Managers and Merchant Bankers SEBI has revised the classification thresholds for regulated entities under the CSCRF. Portfolio Managers with Assets Under Management (AUM) of ₹10,000 crore and above will now be categorized as Qualified REs.   Those managing between ₹3,000 crore and ₹10,000 crore will be tagged as Mid-size REs, while those below ₹3,000 crores fall into the small-size RE category. Portfolio Managers under the minimum threshold may be recognized as Self-certification REs, benefiting from simpler compliance requirements.  In the case of Merchant Bankers (MBs), SEBI clarified that all active MBs—defined as those carrying out merchant banking functions during the relevant period—will be treated as Small-size REs for compliance purposes. Inactive MBs, however, will be exempt from CSCRF obligations. 

image for WordPress: vulnerabi ...

 Business

The WordPress content management system (CMS) has been popping up frequently on cybersecurity news sites lately. Most of this coverage was driven by vulnerabilities in plugins and themes. However, our colleagues have also observed a case where attackers used poorly secured WordPress sites to distribute trojans. This   show more ...

in itself isnt surprising — WordPress remains one of the most popular CMS platforms in the business. But the sheer number of discovered plugin vulnerabilities and related incidents shows that attackers are watching the WordPress ecosystem just as closely as its defenders. WordPress incidents Just this summer, several serious WordPress-related security incidents have come to light. Gravity Forms plugin: site compromise and code infection In early July, attackers gained access to a site running Gravity Forms — a popular form-building plugin — and injected malicious code into versions 2.9.11.1 and 2.9.12. Sites where these plugin versions were installed manually by administrators, or via the PHP dependency manager, Composer, were infected between July 9 and 10. The malware blocked further updates, downloaded and installed additional malicious code, and created new administrator accounts. This gave the attackers full control of the site, which they then used for malicious purposes. The Gravity Forms team urges all users to check if theyre running a potentially vulnerable version. Instructions on how to do this are available in the incident notice on the official plugin website. The notice also explains how to remove the malware. And of course, the plugin should be updated to version 2.9.13. Alone theme: active exploitation of CVE-2025-5394 Also in July, researchers reported that attackers were actively exploiting a critical vulnerability in the unauthenticated file upload validation process (CVE-2025-5394) affecting all versions of the Alone theme for WordPress — up to and including 7.8.3. The flaw enables remote code execution (RCE), giving attackers full control over affected sites. Notably, attacks began several days before the vulnerability was officially disclosed. According to Wordfence, already by June 12 over 120 000 attempts to exploit CVE-2025-5394 had been made. Threat actors used the flaw to upload ZIP archives containing webshells, install password-protected PHP backdoors for remote HTTP access, and create hidden administrator accounts. In some cases, they even installed full-featured file managers on the compromised WordPress site, giving them complete control over the sites database. The developers of the Alone theme have since released version 7.8.5, which patches the vulnerability. All users are strongly advised to update to this version immediately. Additional guidance on how to protect against this bug can be found in the Wordfence report. Motors theme: exploitation of CVE-2025-4322 In June, attackers also targeted WordPress sites using another premium theme called Motors. In this case, attackers exploited CVE-2025-4322 — a weakness in the user validation process affecting all versions up to 5.6.67. Exploiting it allowed attackers to hijack administrator accounts. The theme creators, StylemixThemes, released a patched version (5.6.68) on May 14, 2025. That was followed by a Wordfence statement five days later urging users to update without delay. However, not all users updated in time — attacks began the very next day, May 20, and by June 7 Wordfence had recorded 23 100 exploitation attempts. Successful exploitation of CVE-2025-4322 grants attackers administrator rights, enabling them to create new accounts and reset passwords. Efimer malware: spread through compromised WordPress sites And finally, a case in which cybercriminals have not exploited vulnerabilities in plugins and themes, but that nevertheless demonstrates the interest of attackers in WordPress-based sites. In early August, our colleagues investigated an attack involving the Efimer malware — designed primarily to steal cryptocurrency. Attackers spread it via email and malicious torrents, but some infections also originated from compromised WordPress sites. Careful analysis revealed that Efimer also included a WordPress password cracker. Essentially, each time the malware ran, it launched a brute-force attack on the WordPress admin panel using a set of standard passwords hard-coded in the script. Any successfully cracked passwords were sent back to the attackers command server. Potentially dangerous vulnerabilities Beyond the above incidents, several other vulnerabilities have been reported — though theyve not yet been observed in real-world attacks. However, as the Motors case demonstrates, attackers could start exploiting them real soon, so they should be monitored closely. GiveWP: a vulnerability in WordPress donation plugin In late July, the team behind the open-source Pi-hole project discovered a vulnerability in the GiveWP plugin, which they were using on their own WordPress site. This plugin allows websites to accept online donations, manage fundraising campaigns, and more. The developers found that the plugin inadvertently exposed donor data by displaying it in the page source, making names and email addresses accessible without authentication. GiveWPs developers released a patch just hours after the issue was reported on GitHub. However, since the data had already been exposed, the Have I Been Pwned service added the incident to its leak database, estimating that nearly 30 000 peoples data had been compromised. Administrators of sites using GiveWP are advised to update the plugin to version 4.6.1 or later. Post SMTP: vulnerability CVE-2025-24000 enables administrator account takeover The CVE-2025-24000 vulnerability — rated 8.8 on the CVSS scale — was recently discovered in the Post SMTP plugin. This extension provides more reliable and user-friendly delivery of outgoing emails from a WordPress site than the built-in wp_mail function. CVE-2025-24000, which affects all Post SMTP versions up to and including 3.2.0, stems from a broken access control mechanism in the plugins REST API. The issue is that this API checks only whether a user is authenticated — not their access level. As a result, even a low-privileged user can view logs containing sent emails along with their full contents. This makes it possible to hijack an administrator account. An attacker only needs to initiate a password reset for the admin account, then inspect the email logs to retrieve the reset message and follow the link inside, thereby gaining administrator access. The developer released a patched version — Post SMTP 3.3.0 — on June 11. However, download statistics on WordPress.org at the time of writing show that only about half of the plugins users (51.2%) have updated to the fixed version. That leaves more than 200 000 sites still exposed. Moreover, nearly a quarter of all sites (23.4%, or around 100 000) are still running the outdated 2.x branch, which contains this and other unpatched vulnerabilities. To make matters worse, proof-of-concept (PoC) exploit code for CVE-2025-24000 has already been published online, though we havent verified its functionality. How to protect your WordPress site Plugins and themes make WordPress highly flexible and user-friendly, but they also significantly expand the attack surface. While avoiding them entirely isnt realistic, you can ensure the security of your site by following these best practices: Minimize the number of plugins and themes. Install only those that are truly necessary. The fewer you use, the lower the risk that one of them will contain a vulnerability. Thoroughly test plugins in an isolated environment and analyze their code for backdoors before installing. Give preference to widely used plugins. Although not immune to flaws, issues in such projects are typically discovered and patched quicker. Avoid abandoned components — vulnerabilities in them may remain forever. Monitor for anomalies. Regularly review the list of administrator accounts for unknown users, and monitor existing accounts for sudden password failures. Strengthen password policies. Require users to set strong passwords, and make two-factor authentication mandatory. Respond properly to incidents. If you suspect your site has been hacked, react to the incident immediately and restore the sites security. If you lack the expertise, contact external specialists — swift action can greatly reduce the attack's impact.

 Cybercrime

In a post mortem of the incident, Baltimore Inspector General Isabel Mercedes Cumming said the city’s accounts payable department had failed to implement corrective measures after previous incidents of fraud and did not have proper protections in place to verify supplier details.

 Feed

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution.  The flaws, per watchTowr Labs, are listed below - CVE-2025-53693 - HTML cache poisoning through unsafe reflections CVE-2025-53691 - Remote code execution (RCE) through insecure deserialization CVE-2025-53694 -

 Feed

Picture this: Your team rolls out some new code, thinking everything's fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your company is dealing with a mess that costs millions. Scary, right? In 2025, the average data breach hits businesses with a whopping $4.44 million bill globally. And guess what? A big

 Feed

Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts. The campaign used "compromised websites to redirect visitors to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft's device code

 Feed

An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, including C6DOOR and GTELAM, in attacks primarily targeting users across Eastern Asia. "Attackers employed sophisticated infection chains, such as hijacked software updates and fake cloud storage or login

 Feed

Generative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While these solutions improve efficiency across tasks, they also present new data leak prevention for generative AI challenges. Sensitive information may be shared through chat prompts, files uploaded for AI-driven summarization, or browser plugins that bypass familiar security controls.

 Feed

Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication bypass vulnerability in its software. The high-severity issue, which is yet to be assigned a CVE identifier, has been addressed in Passwordstate 9.9 (Build 9972), released August 28, 2025. The Australian company said it fixed a "

 Feed

The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control panel (ACP) exposed to the public internet. FreePBX is an open-source private branch exchange (PBX) platform widely used by businesses, call centers, and service providers to manage voice communications. It's built on top

 Feed

Authorities from the Netherlands and the United States have announced the dismantling of an illicit marketplace called VerifTools that peddled fraudulent identity documents to cybercriminals across the world. To that end, two marketplace domains (verif[.]tools and veriftools[.]net) and one blog have been taken down, redirecting site visitors to a splash page stating the action was undertaken by

 Feed

Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously thought, stating it impacts all integrations. "We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised," Google Threat Intelligence Group (GTIG) and

 Feed

Cybersecurity researchers have discovered a cybercrime campaign that's using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called TamperedChef. "The objective is to lure victims into downloading and installing a trojanized PDF editor, which includes an information-stealing malware dubbed TamperedChef," Truesec researchers Mattias Wåhlén, Nicklas

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions. Software supply chain security outfit ReversingLabs said it made the discovery after it identified a   show more ...

malicious extension named “ahbanC.shiba” that functioned similarly to two other extensions – […] La entrada Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors.   show more ...

“While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) […] La entrada Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Picture this: Your team rolls out some new code, thinking everything’s fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your company is dealing with a mess that costs millions.   show more ...

Scary, […] La entrada Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate and manage tasks. But what happens when that trust is broken? According to a recent report by Statista, the average cost of a data breach worldwide was about $4.88   show more ...

million. Also, in 2024, the private […] La entrada Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Them – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chinese

Source: www.darkreading.com – Author: Alexander Culafi Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security   show more ...

solution. There are several actions that could trigger this […] La entrada CISA, FBI, NSA Warn of Chinese ‘Global Espionage System’ – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Kristina Beek Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution.   show more ...

There are several actions that could trigger this […] La entrada Hackers Steal 4M+ TransUnion Customers’ Data – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Akira

Source: www.darkreading.com – Author: Arielle Waldman Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security   show more ...

solution. There are several actions that could trigger this […] La entrada Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the   show more ...

security solution. There are several actions that could […] La entrada 1,000+ Devs Lose Their Secrets to an AI-Powered Stealer – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security   show more ...

solution. There are several actions that could trigger […] La entrada Dark Reading Confidential: A Guided Tour of Today’s Dark Web – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISA's

Source: www.darkreading.com – Author: Becky Bracken Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution.   show more ...

There are several actions that could trigger this […] La entrada CISA’s New SBOM Guidelines Get Mixed Reviews – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 California

Source: www.darkreading.com – Author: Stephen Lawton Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution.   show more ...

There are several actions that could trigger this […] La entrada Gaps in California Privacy Law: Half of Data Brokers Ignore Requests – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI in Cybercrime

Source: securityboulevard.com – Author: Teri Robinson If you’re an industrious, persistent, English-speaking bad actor with a documented expertise in AI and a penchant for wreaking havoc on business, government and infrastructure, please apply within. Or so it goes on the dark web, where the “economy” is   show more ...

apparently booming and recruiters are pulling out all the […] La entrada Help Wanted: Dark Web Job Recruitment is Up – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Teri Robinson Move over, Michael Corleone and Tony Soprano, there’s a new godfather or two — or 200 — in town. Ransomware is up by 49% this year in part because gangs are operating — and successfully so — like organized criminal enterprises, according to new   show more ...

data from NordStellar.  The research […] La entrada Organized and Criminal, Ransomware Gangs Run Up Profits  – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: cybernewswire Miami, Aug. 28, 2025, CyberNewswire — Halo Security, a leading provider of external risk management solutions, today announced significant platform enhancements designed to give security teams greater flexibility and control within the platform. The new   show more ...

features include custom dashboards, configurable reports, and improved automation capabilities that give organizations better control […] La entrada News alert: Halo Security’s custom dashboards give security teams control while streamlining workflows – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Click

Source: thehackernews.com – Author: . Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication bypass vulnerability in its software. The issue, which is yet to be assigned a CVE identifier, has been   show more ...

addressed in Passwordstate 9.9 (Build 9972), released August 28, 2025. The Australian […] La entrada Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control panel (ACP) exposed to the public internet. FreePBX is an open-source private branch exchange (PBX)   show more ...

platform widely used by businesses, call centers, and service providers to […] La entrada FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Authorities from the Netherlands and the United States have announced the dismantling of an illicit marketplace called VerifTools that peddled fraudulent identity documents to cybercriminals across the world. To that end, two marketplace domains (verif[.]tools and   show more ...

veriftools[.]net) and one blog have been taken down, redirecting site visitors to a splash […] La entrada Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously thought, stating it impacts all integrations. “We now advise all Salesloft Drift customers to treat any and all   show more ...

authentication tokens stored in or connected to the Drift platform […] La entrada Google Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All Integrations – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have discovered a cybercrime campaign that’s using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called TamperedChef. “The objective is to lure victims into downloading and installing a   show more ...

trojanized PDF editor, which includes an information-stealing malware dubbed TamperedChef,” Truesec researchers Mattias Wåhlén, […] La entrada TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco UCS Manager Software Command Injection Vulnerabilities Medium CVE-2025-20294 CVE-2025-20295 CWE-78 Download CSAF Email Summary Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated   show more ...

attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to […] La entrada Cisco UCS Manager Software Command Injection Vulnerabilities – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco Integrated Management Controller Virtual Keyboard Video Monitor Open Redirect Vulnerability High CVE-2025-20317 CWE-601 Download CSAF Email Summary A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management   show more ...

Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This […] La entrada Cisco Integrated Management Controller Virtual Keyboard Video Monitor Open Redirect Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: davinciforensics.co.za – Author: cyberpro. The UN Reveals Widespread Trafficking into Online Scam Operations Every day, thousands of lives are torn apart in the shadows of Southeast Asia. A harrowing UN Human Rights Office (OHCHR) report from 29 August 2023 reveals that hundreds of thousands of   show more ...

individuals have been trafficked and forced into online scam […] La entrada Southeast Asia’s Hidden Crisis – Source:davinciforensics.co.za se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 A Little Sunshine

Source: krebsonsecurity.com – Author: BrianKrebs Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We’ve since learned that these   show more ...

scam gambling sites have proliferated thanks to a new Russian affiliate program called […] La entrada Affiliates Flock to ‘Soulless’ Scam Gambling Machine – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini Dutch intelligence reports Chinese cyber spies (Salt Typhoon, RedMike) targeted the Netherlands, hitting critical infrastructure. The Dutch intelligence and security services MIVD and AIVD say Chinese cyber spies linked to Salt Typhoon (RedMike) targeted   show more ...

the Netherlands in a campaign hitting global critical infrastructure. In late 2024, a large-scale Chinese […] La entrada Dutch intelligence warn that China-linked APT Salt Typhoon targeted local critical infrastructure – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-08
Aggregator history
Friday, August 29
FRI
SAT
SUN
MON
TUE
WED
THU
AugustSeptember