Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Massive NPM Supply C ...

 Cyber News

A massive NPM supply chain attack that hit about 10% of all cloud environments yielded little for the hackers who engineered the compromise. That’s the conclusion of a pair of reports that looked at the compromise that hit popular NPM packages like ansi-styles, debug and chalk that are downloaded more than 2 billion   show more ...

times a week. Project maintainer Josh Junon – aka “qix” – said on GitHub that he was fooled by a “2FA reset email that looked shockingly authentic,” and DuckDB-related packages were also compromised in a separate attack. Organizations that depend on the packages got lucky that the attackers were apparently only interested in cryptojacking, cybersecurity observers concluded. “Imagine if they had done reverse shells instead, or automated lateral movement to ransomware deployment NotPetya style,” said security researcher Kevin Beaumont. “The thing that saved companies here was the threat actor was [an] incompetent crypto boy, nothing more.” NPM Attack Shows 'How Fast Malicious Code Can Propagate' According to the Open Security Alliance, the attacks on packages published by “qix” netted only about $20, while Socket determined that the attack on DuckDB-related packages yielded about $600. Both attacks used the “exact same” wallet-drainer payload, according to Socket. “These low totals suggest that while the campaign was highly disruptive, its financial impact has been limited so far,” Socket said. The Security Alliance said it appears that “the biggest financial impact of this entire incident will be the collective thousands of hours spent by engineering and security teams around the world working to clean compromised environments.” Wiz reported that at least one instance of the affected packages are present in 99% of cloud environments, and the malicious code quickly spread to at least 10% of cloud environments. “From this we can conclude that during the short 2-hour timeframe in which the malicious versions were available on npm, the malicious code successfully reached 1 in 10 cloud environments,” Wiz said. “This serves to demonstrate how fast malicious code can propagate in supply chain attacks like this one.” How the NPM Supply Chain Attack Happened Junon said the phishing email came from support at npmjs[.]help, impersonating the official npmjs.com site. Other maintainers reported having received the same email, which threatened to lock accounts if two-factor authentication wasn’t updated. The phishing emails read: "As part of our ongoing commitment to account security, we are requesting that all users update their Two-Factor Authentication (2FA) credentials,” the email said. “Our records indicate that it has been over 12 months since your last 2FA update. "To maintain the security and integrity of your account, we kindly ask that you complete this update at your earliest convenience. Please note that accounts with outdated 2FA credentials will be temporarily locked starting September 10, 2025, to prevent unauthorized access." The compromised packages were then updated “to contain a piece of code that would be executed on the client of a website, which silently intercepts crypto and web3 activity in the browser, manipulates wallet interactions, and rewrites payment destinations so that funds and approvals are redirected to attacker-controlled accounts without any obvious signs to the user,” Aikido said. The massive supply chain attack comes amid reports that supply chain attacks have doubled in recent months, as attackers have been able to successfully exploit IT vulnerabilities at massive scale. The NPM attacks used a much simpler – but well-crafted – phishing email to achieve mass exploitation.  

image for FTC Urged to Investi ...

 Cyber News

A fresh firestorm has erupted over Microsoft’s handling of cybersecurity risks, with U.S. Senator Ron Wyden (D-OR) calling on the Federal Trade Commission (FTC) to investigate the company for what he described as “gross cybersecurity negligence” that enabled ransomware attacks on critical infrastructure,   show more ...

including healthcare providers. In a letter sent to FTC Chair Andrew Ferguson on Wednesday, Wyden accused Microsoft of shipping insecure software defaults that leave hospitals, government agencies and corporations vulnerable to hacking techniques like Kerberoasting. He pointed to the 2024 ransomware attack against Ascension, one of the largest nonprofit health systems in the United States, as a prime example. According to Wyden’s office, the Ascension breach began when a contractor clicked on a malicious link in Bing search results while using Microsoft’s Edge browser. The incident quickly escalated as attackers leveraged Microsoft Active Directory, a core identity system, to gain administrative privileges, deploy ransomware across thousands of machines and exfiltrate data from 5.6 million patients. Also read: Single Click, Big Disruption: Employee Download Triggers Ascension Cyberattack “The hackers exploited a technique called Kerberoasting,” Wyden wrote, describing how attackers abused Microsoft’s continued default support for RC4, a decades-old and widely discredited encryption algorithm. Despite warnings from federal agencies and its own experts, Microsoft still has not disabled RC4 by default. Instead, the company requires administrators to manually enforce stronger standards such as AES encryption and long passwords. A Known Threat, Little Action Kerberoasting works by cracking weakly encrypted service account credentials in Active Directory, allowing attackers to escalate privileges rapidly. Agencies including CISA, the FBI, and NSA have repeatedly urged organizations to disable RC4, with guidance published as recently as late 2024. But Wyden says Microsoft has dragged its feet: His staff asked Microsoft in mid-2024 to issue clear warnings and provide an update disabling RC4. Microsoft eventually posted a blog in October 2024 with mitigation steps, but it was buried in a technical corner of the website and received little visibility. Nearly a year later, the promised patch has yet to arrive. “Because of dangerous software engineering decisions by Microsoft, which the company has largely hidden from its corporate and government customers, a single individual clicking on the wrong link can result in an organization-wide ransomware infection,” Wyden wrote. Also read: Microsoft’s Very Bad Day: Congress Members Express ‘Shock’ at Lax Security A Pattern of Security Failures The letter also referenced a series of high-profile Microsoft-linked security lapses. In 2023, Chinese state-backed hackers exploited Microsoft cloud vulnerabilities to breach U.S. government email accounts, leading the Cyber Safety Review Board to declare the company’s “security culture inadequate.” Just months ago, another flaw in Microsoft’s SharePoint software was reportedly abused by Beijing-linked groups. Read: Chinese Hackers Now Exploiting SharePoint Zero-Days to Deploy Warlock Ransomware: MSFT Wyden framed Microsoft’s approach as a business model problem. The company profits not by delivering secure software, but by upselling customers on premium security add-ons after they’ve been exposed. “Microsoft has become like an arsonist selling firefighting services to their victims,” he remarked. A Monopoly Problem Meets National Security Wyden’s argument is rooted in Microsoft’s dominance. With Windows and Active Directory entrenched in enterprises worldwide, customers have little choice but to rely on Microsoft’s defaults—even if those defaults expose them to ransomware. The senator urged the FTC to step in, citing its mandate to curb unfair business practices and deceptive conduct. National security agencies have echoed his concerns. A September 2024 joint guide from CISA, NSA, and Australian security authorities devoted significant focus to defending against Active Directory exploitation, naming Kerberoasting as the top threat. Yet despite the mounting warnings, Wyden argues Microsoft has resisted meaningful fixes. The 2024 attack disrupted hospital operations across multiple states, delaying treatments and threatening lives. Read: Ascension Healthcare Hit by Cyberattack: Patients Wait Hours, Chaos Ensues Ransomware attacks in the U.S. rose 15% last year, with healthcare and critical infrastructure repeatedly in the crosshairs. By continuing to support outdated encryption defaults, Wyden argued, Microsoft is amplifying systemic risk. “Without timely action, Microsoft’s culture of negligent cybersecurity … poses a serious national security threat and makes additional hacks inevitable,” he warned.

image for SAP Issues Critical ...

 Firewall Daily

SAP has released a new security update addressing a broad range of vulnerabilities across its product ecosystem. Among the most alarming is a critical vulnerability identified in SAP NetWeaver, tracked as CVE-2025-42944, which has received the highest possible severity rating of CVSS 10.0.   This particular flaw   show more ...

allows unauthenticated attackers to execute arbitrary commands remotely, posing a significant threat to enterprise systems running the affected software.  Decoding SAP CVE-2025-42944 Vulnerability  According to SAP's September 2025 Security Patch Day bulletin, CVE-2025-42944 stems from an insecure deserialization vulnerability within the Remote Method Invocation Protocol (RMI-P4) of SAP NetWeaver SERVERCORE version 7.50.   This vulnerability enables threat actors to deliver specially crafted payloads through an open port, which the system then deserializes and executes, potentially giving attackers full control over the targeted system.  Deserialization is the process of converting data back into an object after it has been serialized for storage or transmission. Improper validation during this process can open the door for serious exploits, such as remote code execution.  Additional High-Severity Vulnerabilities in SAP NetWeaver  In addition to CVE-2025-42944, SAP disclosed three more high-severity flaws in the same platform:  CVE-2025-42922: An insecure file operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service), rated CVSS 9.9.  CVE-2023-27500: A directory traversal issue previously identified and updated in the March 2023 Patch Day, affecting SAP NetWeaver AS for ABAP and ABAP Platform, with a CVSS score of 9.6.  CVE-2025-42958: A missing authentication check in various SAP NetWeaver kernel versions, rated CVSS 9.1.  SAP Security Patch Day The September 2025 patch release includes 21 new Security Notes and 5 updates to previously released notes. SAP has urged all customers to prioritize the installation of these patches to mitigate the risk of exploitation. The updates address vulnerabilities in several major SAP products, including SAP S/4HANA, SAP Business One, SAP Commerce Cloud, and SAP HCM, among others.  Other Notable Vulnerabilities Patched  CVE-2025-42933: A flaw related to the insecure storage of sensitive data in SAP Business One (SLD), rated CVSS 8.8.  CVE-2025-42929 & CVE-2025-42916: Missing input validation vulnerabilities in the SAP Landscape Transformation Replication Server and SAP S/4HANA, both scored at 8.1.  CVE-2025-27428: A directory traversal issue in SAP NetWeaver and ABAP Platform, updated from the April 2025 Patch Day, rated CVSS 7.7.  CVE-2025-22228: A security misconfiguration in SAP Commerce Cloud and SAP Datahub involving Spring security, with a CVSS score of 6.6.  CVE-2025-42930: A denial-of-service (DoS) vulnerability in SAP Business Planning and Consolidation, scored 6.5.  CVE-2025-42912 to CVE-2025-42914: Multiple missing authorization checks in the SAP HCM My Timesheet Fiori 2.0 application, each rated CVSS 6.5.  CVE-2025-42920 & CVE-2025-42938: Cross-site scripting (XSS) vulnerabilities in SAP Supplier Relationship Management and NetWeaver ABAP Platform, both scored 6.1.  Medium and Low-Risk Issues Also Addressed  While the most attention-grabbing flaws were rated critical or high, SAP also resolved several medium- and low-severity vulnerabilities:  CVE-2025-42961: An update addressing a missing authorization check in SAP NetWeaver Application Server for ABAP, rated 4.9.  CVE-2025-42941: A reverse tabnabbing vulnerability in SAP Fiori Launchpad, scored 3.5.  CVE-2025-42927: An information disclosure flaw due to outdated OpenSSL versions in SAP NetWeaver AS Java (Adobe Document Service), rated 3.4.  CVE-2024-13009: A potential resource release issue in SAP Commerce Cloud.  SAP strongly recommends that all customers log into the SAP Support Portal and apply the necessary security patches immediately to protect their systems. Unpatched vulnerabilities, especially those like CVE-2025-42944, pose a serious risk and can lead to system compromise, data theft, or service disruption. 

image for Cybersecurity and pr ...

 Tips

Whether superintelligent AI arrives by 2027 is anyones guess. However, the forecast for 2026 is already clear: the year will be defined by easily accessible AI agents — large multimodal models capable of building and executing a chain of actions based on user commands. Agentic features are already available on the   show more ...

ChatGPT website and from other providers, but achieving maximum performance requires these agents to execute actions directly on the users computer rather than in the cloud. The ideal solution would probably be an AI-powered OS, but creating a new operating system is a challenge. Because of this, all minds are focused on a user-friendly and effective alternative: the AI browser. And by that we mean a regular web-browsing application with a deeply integrated LLM. The AI model can view all open web pages, process information from them, and issue the same commands a user typically would, such as opening, clicking, entering data, saving, and downloading. The market leaders all see the value of this solution. For instance, Perplexity has released its own Comet Browser and recently made a multi-billion-dollar bid to buy Chrome, while OpenAI has started developing its own browser. Google and Microsoft are in a better position, integrating Gemini and Copilot into their existing Chrome and Edge browsers, respectively. Meanwhile, Mozilla is approaching the same goal from a different angle: gradually integrating AI features deeply into its Firefox browser. As a result, youre already seeing ads encouraging you to upgrade your browser by either downloading the latest version, or activating smart features in your current one. Next year, theyll be wall to wall. The only thing left to decide will be why you need all this, and whether the benefits are worth the emerging risks. Why you might need an AI browser An AI assistant perfectly integrated into your browser can free you from many tedious tasks. With the press of a button, you can get a quick summary of a long article or a two-hour video; or instead of reading a lengthy document, you can ask a question about its content. All of this happens quickly and naturally, without the need to copy and paste links or text into a chatbot tab. But the real breakthrough will come with agentic features: the ability to perform specific actions rather than just process data. For example, you could open your favorite marketplace and tell the assistant to add everything you need for a three-day backpacking trip in August to your cart. Unlike similar features already available on AI provider websites, this agentic activity takes place directly on your computer. Online services recognize you since youre already logged in, and operations occur much faster than they would on a cloud virtual machine — though better results arent guaranteed. Information retrieval features can also provide more relevant results in an AI browser running on your device because bots like ChatGPT, Claude, and Perplexity are blocked from many websites. This prevents LLMs from considering many up-to-date sources in their answers. With these features running from within the browser, the problem will be significantly alleviated as the AI assistant will access websites on your behalf. Additionally, if youre subscribed to any restricted data sources, such as scientific journals or stock market reports, the AI agent will be able to use them as needed. Why AI companies need such a browser Some AI solution providers motivations they state themselves, while others require educated guesses based on the business models of Big Tech. Billions of users. Successful entry into the browser market is a ticket to the largest possible user base. Sure, acquiring Chrome, or at least Firefox, would be ideal, but failing that, tech players can always push their own browser high up the popularity ladder. Stickiness. A service thats built directly into the browser will see more frequent use because its always within easy reach. Besides, its harder to switch from a familiar browser: it takes significant effort to migrate bookmarks and extensions to another browser and set it up. This is way more than simply closing one chat tab and opening another. More information. If there are many users, and they access the service frequently, they feed the AI provider more information, allowing new versions of language models to be trained faster, helping to improve the product. A browser has access to all user web traffic, so training can be done on any website data — not just on conversations with the model. New training methods. The provider gains a gold mine of behavioral data. Currently, AI agents work by looking at web pages and figuring out what button to press. This is similar to how humans think out loud: its a slow and not very efficient process. Training on mouse movements and clicks will allow for a completely new layer in the model, resembling motor memory which, just like in humans, will be faster and more efficient. Sufficiently bold providers could even utilize user files on the computer for training. Newer versions of Facebook are already doing something similar by sending unpublished photos from the users phone gallery to the cloud. Lower costs. AI providers enormous server costs would decrease because some of the work would be done directly on the users computer instead of on a virtual machine in the cloud. Bypassing blocks and paywalls. AI model training is already facing a shortage of new information, with the problem exacerbated by many websites blocking access to AI agents. Cloudflare, which protects one in five websites, including the vast majority of larger ones, has enabled this policy by default. Sending data requests from the users computer addresses these challenges: the AI agents activity is indistinguishable from the computer owners. A distributed network of browsers makes it possible to access websites for things like model training, without running into restrictions. In principle, this also allows downloading publicly unavailable data, such as articles in subscription-based journals. Impact on privacy and confidentiality All of this means that an AI browser creates significant, poorly controlled threats to your privacy. AI companies get access to all of your traffic, your entire web history, the full content of those websites, and all the files on your computer. As a result, you might unintentionally feed deeply personal or restricted data — like books you purchased, or unpublished scientific papers — into a publicly available AI system. You could also accidentally leak highly confidential information from work websites, such as draft financial reports, in-progress designs, or other trade secrets. This isnt some sci-fi scenario: in 2023, ChatGPT mistakenly revealed snippets of users chats, and the share chat feature — available to ChatGPT users until July 31, 2025 — resulted in tens of thousands of user conversations being indexed by search engines and made available to anyone. What makes AI-powered browsers a security risk Incidents involving AI applications are becoming commonplace, and paint a worrying picture. In a recent experiment, researchers successfully tricked an AI agent within the Comet browser into downloading malware onto its owners computer. They did this by sending a fake email to the victims account, which the agent could access, stating falsely that it contained blood test results. To download them, the user had to click a link and complete a CAPTCHA. When the AI agent tried to download the results and encountered a CAPTCHA, it was prompted to complete a special task, which the agent successfully handled by downloading a malicious file. In another experiment by the same team, an AI assistant was persuaded to buy products from a scam site. Considering that passwords and payment information are often saved in browsers, deceiving an AI agent could lead to real financial losses. The researchers noted that AI is highly susceptible to social engineering, and tried-and-true human deception tricks work well on it. While the tests were conducted in the Comet browser, the same thing would happen in any browser with AI agent capabilities. Another risk is that a browser is a fully featured application with broad access to files on the computer. By obeying a prompt injection on a malicious site, a browser assistant can delete the users files, or upload them to fraudulent websites without permission. A recent example involving the hack of the Nx application demonstrated this: the malicious code didnt search for crypto wallets or passwords on infected developers computers itself; instead, it simply instructed previously installed AI assistants to find the files it needed. A third, still hypothetical, risk is related to the fact that more and more countries are passing laws against accessing illegal information online. The list of whats forbidden differs from country to country, from child sexual abuse and terrorism to unlicensed books and cryptographic technology. If some players in the AI browser market decide to use their browser as a crawler (search bot) to train new LLMs, or if an AI agent is attacked with a prompt injection, the AI assistant could start searching for such information without the users request. How the user would prove that it was the AI looking for the data is an open question. We also shouldnt forget about traditional software vulnerabilities. Hundreds of dangerous defects are found in browsers every year because browser security is a complex engineering task. Even with the Chromium team doing the lions share of the work, theres still plenty for wrapper developers to do. Will enough attention be paid to testing and fixing vulnerabilities in AI-powered browsers? Its not a given. Finally, sloppy implementation of AI features can lead to excessive memory and CPU consumption, as demonstrated by the recent release of Firefox 141. While this doesnt directly threaten security, the lags and glitches annoy users and increase the chance of human error. What makes for an ideal AI browser To enjoy the benefits of AI without creating unnecessary risks, you should choose a browser that: Allows you to enable and disable AI processing with a single click for individual sites and groups of sites, while isolating AI models and their conversation context between different sites. Guarantees that the AI only downloads and sends information based on specific user requests. Lets you choose the AI model, including a fully local one. Performs self-checks, and isnt afraid to double-check with the user in questionable situations. Asks for confirmation before entering sensitive data or making purchases. Has built-in, OS-level restrictions on access to files and data. No such browser with these specific features currently exists on the market. Also, all of these measures wont suffice to protect you from phishing and scam sites and the risks associated with landing on them. So, in addition to a smart browser, itll be even more imperative to have an external system in place to deliver full-fledged protection of your computer and smartphone from cyberthreats. Read about other AI-related risks: Should you disable Microsoft Recall in 2025? Is a Gemini AI update about to kill privacy on your Android device? Trojans masquerading as DeepSeek and Grok clients Google forcing Android System SafetyCore on users to scan for nudes Three approaches to workplace "shadow AI" from the cybersecurity standpoint

image for Bulletproof Host Sta ...

 A Little Sunshine

In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new findings show those   show more ...

sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers. Image: Shutterstock. Materializing just two weeks before Russia invaded Ukraine in 2022, Stark Industries Solutions became a frequent source of massive DDoS attacks, Russian-language proxy and VPN services, malware tied to Russia-backed hacking groups, and fake news. ISPs like Stark are called “bulletproof” providers when they cultivate a reputation for ignoring any abuse complaints or police inquiries about activity on their networks. In May 2025, the European Union sanctioned one of Stark’s two main conduits to the larger Internet — Moldova-based PQ Hosting — as well as the company’s Moldovan owners Yuri and Ivan Neculiti. The EU Commission said the Neculiti brothers and PQ Hosting were linked to Russia’s hybrid warfare efforts. But a new report from Recorded Future finds that just prior to the sanctions being announced, Stark rebranded to the[.]hosting, under control of the Dutch entity WorkTitans BV (AS209847) on June 24, 2025. The Neculiti brothers reportedly got a heads up roughly 12 days before the sanctions were announced, when Moldovan and EU media reported on the forthcoming inclusion of the Neculiti brothers in the sanctions package. In response, the Neculiti brothers moved much of Stark’s considerable address space and other resources over to a new company in Moldova called PQ Hosting Plus S.R.L., an entity reportedly connected to the Neculiti brothers thanks to the re-use of a phone number from the original PQ Hosting. “Although the majority of associated infrastructure remains attributable to Stark Industries, these changes likely reflect an attempt to obfuscate ownership and sustain hosting services under new legal and network entities,” Recorded Future observed. Neither the Recorded Future report nor the May 2025 sanctions from the EU mentioned a second critical pillar of Stark’s network that KrebsOnSecurity identified in a May 2024 profile on the notorious bulletproof hoster: The Netherlands-based hosting provider MIRhosting. MIRhosting is operated by 38-year old Andrey Nesterenko, whose personal website says he is an accomplished concert pianist who began performing publicly at a young age. DomainTools says mirhosting[.]com is registered to Mr. Nesterenko and to Innovation IT Solutions Corp, which lists addresses in London and in Nesterenko’s stated hometown of Nizhny Novgorod, Russia. Image credit: correctiv.org. According to the book Inside Cyber Warfare by Jeffrey Carr, Innovation IT Solutions Corp. was responsible for hosting StopGeorgia[.]ru, a hacktivist website for organizing cyberattacks against Georgia that appeared at the same time Russian forces invaded the former Soviet nation in 2008. That conflict was thought to be the first war ever fought in which a notable cyberattack and an actual military engagement happened simultaneously. Mr. Nesterenko did not respond to requests for comment. In May 2024, Mr. Nesterenko said he couldn’t verify whether StopGeorgia was ever a customer because they didn’t keep records going back that far. But he maintained that Stark Industries Solutions was merely one client of many, and claimed MIRhosting had not received any actionable complaints about abuse on Stark. However, it appears that MIRhosting is once again the new home of Stark Industries, and that MIRhosting employees are managing both the[.]hosting and WorkTitans — the primary beneficiaries of Stark’s assets. A copy of the incorporation documents for WorkTitans BV obtained from the Dutch Chamber of Commerce shows WorkTitans also does business under the names Misfits Media and and WT Hosting (considering Stark’s historical connection to Russian disinformation websites, “Misfits Media” is a bit on the nose). An incorporation document for WorkTitans B.V. from the Netherlands Chamber of Commerce. The incorporation document says the company was formed in 2019 by a y.zinad@worktitans.nl. That email address corresponds to a LinkedIn account for a Youssef Zinad, who says their personal websites are worktitans[.]nl and custom-solution[.]nl. The profile also links to a website (etripleasims dot nl) that LinkedIn currently blocks as malicious. All of these websites are or were hosted at MIRhosting. Although Mr. Zinad’s LinkedIn profile does not mention any employment at MIRhosting, virtually all of his LinkedIn posts over the past year have been reposts of advertisements for MIRhosting’s services. Mr. Zinad’s LinkedIn profile is full of posts for MIRhosting’s services. A Google search for Youssef Zinad reveals multiple startup-tracking websites that list him as the founder of the[.]hosting, which censys.io finds is hosted by PQ Hosting Plus S.R.L. The Dutch Chamber of Commerce document says WorkTitans’ sole shareholder is a company in Almere, Netherlands called Fezzy B.V. Who runs Fezzy? The phone number listed in a Google search for Fezzy B.V. — 31651079755 — also was used to register a Facebook profile for a Youssef Zinad from the same town, according to the breach tracking service Constella Intelligence. In a series of email exchanges leading up to KrebsOnSecurity’s May 2024 deep dive on Stark, Mr. Nesterenko included Mr. Zinad in the message thread (youssef@mirhosting.com), referring to him as part of the company’s legal team. The Dutch website stagemarkt[.]nl lists Youssef Zinad as an official contact for MIRhosting’s offices in Almere. Mr. Zinad did not respond to requests for comment. Given the above, it is difficult to argue with the Recorded Future report on Stark’s rebranding, which concluded that “the EU’s sanctioning of Stark Industries was largely ineffective, as affiliated infrastructure remained operational and services were rapidly re-established under new branding, with no significant or lasting disruption.”

 Cybercrime

The privacy regulator said it identified “a worrying pattern” in the 215 insider threat breach reports from the education sector between January 2022 and August 2024, with 57% of incidents caused by students who were likely motivated by “dares, notoriety, financial gain, revenge and rivalries.”

 Feed

Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management (RMM) software, to deliver a fleshless loader that drops a remote access trojan (RAT) called AsyncRAT to steal sensitive data from compromised hosts. "The attacker used ScreenConnect to gain remote access, then executed a layered VBScript and

 Feed

Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data. The malvertising campaign, per Bitdefender, is designed to push fake "Meta Verified" browser extensions named SocialMetrics Pro that claim to unlock the blue check badge for Facebook and Instagram profiles. At least 37 malicious ads

 Feed

CISOs know their field. They understand the threat landscape. They understand how to build a strong and cost-effective security stack. They understand how to staff out their organization. They understand the intricacies of compliance. They understand what it takes to reduce risk. Yet one question comes up again and again in our conversations with these security leaders: how do I make the impact

 Feed

Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. Cybersecurity firm Rapid7 said it observed a spike in intrusions involving SonicWall appliances over the past month, particularly following reports about renewed Akira ransomware activity since late July 2025. SonicWall subsequently revealed the SSL VPN activity aimed at its

 Feed

Google on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of digital content. To that end, support for C2PA's Content Credentials has been added to Pixel Camera and Google Photos apps for Android. The move, Google said, is designed to further digital media

 Feed

U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to probe Microsoft and hold it responsible for what he called "gross cybersecurity negligence" that enabled ransomware attacks on U.S. critical infrastructure, including against healthcare networks. "Without timely action, Microsoft's culture of negligent cybersecurity, combined with its de facto monopolization of the

 AI

Ever wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did - and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon. Meanwhile, over in Silicon Valley, one AI wunderkind managed to turn a $7   show more ...

million payday into a career-ending lawsuit by allegedly walking trade secrets straight out the door as he jumped ship for a rival. All this and much more is discussed in episode 434 of the award-winning “Smashing Security” podcast with computer security veteran Graham Cluley, joined this week by special guest Lianne Potter.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco IOS XR ARP Broadcast Storm Denial of Service Vulnerability High CVE-2025-20340 CWE-400 Download CSAF Email Summary A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker   show more ...

to trigger a broadcast storm, leading to a denial of service (DoS) condition […] La entrada Cisco IOS XR ARP Broadcast Storm Denial of Service Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco IOS XR Software Image Verification Bypass Vulnerability High CVE-2025-20248 CWE-347 Download CSAF Email Summary A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software   show more ...

image signature verification and load unsigned software on an affected device. To […] La entrada Cisco IOS XR Software Image Verification Bypass Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CVE

Source: news.sophos.com – Author: Angela Gunn .Microsoft on Tuesday announced 81 patches affecting 15 product families. Nine of the addressed issues are considered by Microsoft to be of Critical severity, and nine have a CVSS base score of 8.0 or higher — though, to be clear, they’re not the same nine   show more ...

issues. None are known to […] La entrada September Patch Tuesday handles 81 CVEs – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Application Security

Source: www.securityweek.com – Author: Ionut Arghire Threat actors injected malicious code into multiple highly popular NPM packages after their maintainers fell for a well-crafted phishing email. The attack targeted several NPM package maintainers with messages asking them to update their two-factor   show more ...

authentication (2FA) information. The emails were sent from the email address support[at]npmjs[dot]help. The messages […] La entrada Highly Popular NPM Packages Poisoned in New Supply Chain Attack – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Waqas. Bitdefender uncovers EggStreme, a fileless malware by a China-based APT targeting the Philippine military and APAC organisations. Cybersecurity researchers at Bitdefender have identified a new malware framework called EggStreme, currently used by a China-based APT group to   show more ...

spy on military organisations in the Asia-Pacific region. The finding came after an […] La entrada Chinese APT Hits Philippine Military Firm with New EggStreme Fileless Malware – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 2FA

Source: securityboulevard.com – Author: Steven J. Vaughan-Nichols Billions (No, that’s not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the JavaScript runtime environment Node.js‘s default package manager, had finally stopped having   show more ...

serious security problems, you thought wrong. This time, a two-factor authentication (2FA) phishing […] La entrada How npm Security Collapsed Thanks To a 2FA Exploit – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISO

Source: securityboulevard.com – Author: Matthew Rosenquist   Knowing when to hire a CISO is a challenging proposition – one which most organizations will eventually need to answer. The need to hire a CISO depends on a combination of factors, including but not limited to: Relevance of regulatory requirements   show more ...

Size of the organization Complexity of operations […] La entrada When is the Right Time to Hire a CISO? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Application Security

Source: securityboulevard.com – Author: Amrit Talapatra An in-depth analysis of common JSON Web Token (JWT) mistakes, basic auth, long-lived tokens, and quick, high-impact fixes to secure your APIs. Introduction APIs are the backbone of modern digital services—from mobile apps and e-commerce to banking and   show more ...

IoT. That scale and utility also make them prime targets. In […] La entrada Imperva API Security: Authentication Risk Report—Key Findings & Fixes – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman via the geologic humor & dry-as-the-taiga wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Coastline Similarity’ appeared first on Security Boulevard. Original Post URL: https://securityboulevard.   show more ...

com/2025/09/randall-munroes-xkcd-coastline-similarity/?utm_source=rss&utm_medium=rss&utm_campaign=randall-munroes-xkcd-coastline-similarity Category & Tags: Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD – Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD Views: 0 La entrada Randall Munroe’s XKCD ‘Coastline Similarity’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: securityboulevard.com – Author: Jeffrey Burt Security investigators from Google said UNC6395 hackers spent several months running through Salesloft and Drift systems before launching a data breach campaign that some security researchers say has targeted hundreds of technology and other companies. The   show more ...

post UNC6395 Hackers Accessed Systems via a GitHub Account, Salesloft Says appeared first […] La entrada UNC6395 Hackers Accessed Systems via a GitHub Account, Salesloft Says – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISO Suite

Source: securityboulevard.com – Author: Dragos Josanu In total, including third-party CVEs, in this Patch Tuesday edition, Microsoft published 86 CVEs, including 5 republished CVEs. Overall, Microsoft announced 2 Zero-Day, 9 Critical, and 73 Important vulnerabilities. From an Impact perspective, Escalation of   show more ...

Privilege vulnerabilities accounted for 44%, while Remove Code Execution for 27% and Information Disclosure […] La entrada Patch Tuesday Update – September 2025 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: security.googleblog.com – Author: Edward Fernandez. Security Blog The latest news and insights from Google on security and safety on the Internet Original Post url: http://security.googleblog.com/2025/09/pixel-android-trusted-images-c2pa-content-credentials.html Category & Tags: android   show more ...

security,pixel – android security,pixel Views: 2 La entrada How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials – Source:security.googleblog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco IOS XR Software Management Interface ACL Bypass Vulnerability Medium CVE-2025-20159 CWE-284 Download CSAF Email Summary A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an   show more ...

unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. […] La entrada Cisco IOS XR Software Management Interface ACL Bypass Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: levelblue.com – Author: hello@alienvault.com. LevelBlue’s Security & Compliance Team is aware of the Salesloft vulnerability affecting Drift chatbot integrations. LevelBlue, and its affiliated entities, do not utilize Drift, and Salesforce has confirmed the incident did not impact clients without   show more ...

this integration.  Based on current information, we confirm there has been no exposure or impact […] La entrada Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses – Source:levelblue.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. US Senator Ron Wyden urges the FTC to investigate Microsoft after its software contributed to a major ransomware attack on Ascension Hospital, exposing 5.6 million patient records. A US senator is pushing for a formal investigation into Microsoft, claiming the   show more ...

company’s software enabled a massive ransomware attack on a […] La entrada Senator Urges FTC Probe Into Microsoft After Ascension Ransomware Attack – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. A phishing scam is exploiting Google’s trusted AppSheet platform to bypass email filters. Learn how hackers are using legitimate tools to trick Google Workspace users. A new phishing campaign is tricking Google Workspace users by sending them emails that look like   show more ...

they’re from AppSheet, a trusted Google service. A […] La entrada New Google AppSheet Phishing Scam Deliver Fake Trademark Notices – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-09
Aggregator history
Thursday, September 11
MON
TUE
WED
THU
FRI
SAT
SUN
September