Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Student Insider Thre ...

 Cyber News

Over half of insider cyber incidents in UK schools are being caused by students—a trend raising alarms across education, regulation, and cybersecurity communities. The Information Commissioner’s Office (ICO), Britain’s data protection regulator, has uncovered a pattern of misuse of login credentials, weak   show more ...

password practices and misconfigured systems, in the last two years. According to the ICO’s analysis of 215 personal data breach reports in the education sector, 57% of these insider incidents trace back to students. Among the largest subset, 30% involved stolen login credentials—and in nearly all of those (97%), students were responsible. “It’s important that we understand the next generation’s interests and motivations in the online world to ensure children remain on the right side of the law,” said Heather Toomey, Principal Cyber Specialist at the ICO. She added that what begins as a dare or curiosity can slide into damaging attacks—extending potential harm beyond school systems into critical infrastructure. Case Studies Show Systemic Weaknesses Among the breaches reviewed, the regulator cited several high-impact examples. At one secondary school, Year 11 pupils accessed a management system containing data on 1,400 students after using online tools to crack staff passwords. At a college, a student exploited a staff login to view, alter, and delete records belonging to more than 9,000 people, including addresses, health records, and emergency contacts. Both cases illustrate what the ICO describes as a “perfect storm” of weak password hygiene, poor separation of duties, and insufficient monitoring of unusual access. Why Students are Hacking While the ICO focused on the data protection risks, experts say the psychology behind youth hacking is becoming just as important to understand. Many teenagers begin exploring networks not with criminal intent but with curiosity, peer pressure, or the thrill of solving technical puzzles. Young people often see breaking into a system as a badge of honour, a way to impress peers or gain status in online forums. Some are drawn to the challenge itself, treating hacking like a game. But with easy access to hacker tools and communities, what begins as experimentation can escalate into credential theft or data tampering. The UK’s National Crime Agency has made similar observations, noting that recognition in online spaces is often a stronger motivator than financial gain. Also read: Exploiting Digital Playground: Why Are More Kids Becoming Hackers, Turning to Cybercrime? The ICO observed that many young people aren’t setting out to cause harm but don’t fully grasp the downstream consequences of their actions. Other contributing factors for this problem is schools allowing students access to staff devices, unattended terminals, overly permissive user permissions, or students using accounts belonging to staff members. In some cases, system architecture flaws (misconfigured permissions, shared user credentials, or lack of separation between student and staff accounts) create the technical pathways for misuse. A Growing Risk for Schools The ICO’s findings land at a time when UK schools are already stretched by ransomware campaigns and phishing attacks targeting staff. Unlike external threat actors, student insiders have natural access to school systems, often compounded by weak identity management. Common technical issues flagged in the report include: Weak or reused passwords across staff and student accounts. Shared or inherited logins, giving students staff-level access. Poorly configured access rights on platforms like SharePoint and learning management systems. Lack of monitoring for suspicious activity, such as out-of-hours logins or mass downloads. Insider-driven breaches in education don’t just risk exposing grades or timetables. In many cases, sensitive safeguarding data, health information, and emergency contacts are at stake—details that, if compromised, create serious privacy and safety issues. Data Protection and Cultural Impact For regulators, the breaches pose a clear compliance issue under the UK GDPR and Data Protection Act. But the cultural dimension is also drawing attention. If students see hacking school systems as harmless fun, experts warn it may normalize riskier behaviours later on. “Young people who start with curiosity may not realize the long-term consequences,” said Daksh Nakra, Senior Manager - Research and Intelligence at Cyble, who is familiar with education breaches. “The jump from playing with admin rights in a school system to trying the same tactics against real businesses isn’t as big as people think.” The ICO stressed that while not all student activity carries malicious intent, the impact is the same when personal data is exposed. Regulator’s Suggestions The ICO urged schools to strengthen access management, enforce stronger credential hygiene, and ensure breaches are reported consistently. The watchdog also called for better education around the ethical boundaries of technology use. Children and young people need to understand the seriousness of misusing school systems, the ICO said, adding that prevention requires both technical controls and cultural change. Industry experts argue that schools should treat insider threats with the same priority as external ransomware campaigns—deploying multi-factor authentication, conducting regular audits of access rights and ensuring monitoring tools flag unusual behaviours. A Storm Brewing The ICO’s warning is the latest in a string of signals that youth involvement in cybercrime is rising across Europe. Earlier this year, the UK’s National Crime Agency warned of growing recruitment of teenagers by cybercriminal groups. A 17-year-old teenager was arrested in UK, late last year, following a major cyberattack on Transport for London (TfL), the agency responsible for the city’s transit systems. The motive was unclear but the ripple effect was felt for a few days in the form of delays in ticketing due to in-person vending. In the Netherlands and Germany, police have reported similar concerns around students testing tools originally built for criminal hacking. For schools, that means the insider threat is no longer a niche issue but a mainstream risk. As Nakra put it: “We need to stop seeing this as just kids messing about. With today’s tools, a 15-year-old can do damage on a scale once reserved for nation-states.”

image for CISA Warns of Attack ...

 Cyber News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a manufacturing operations management software vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, a rare addition of an industrial control system (ICS)/operational technology (OT) vulnerability to the KEV catalog. CVE-2025-5086   show more ...

is a 9.0-rated Deserialization of Untrusted Data vulnerability in DELMIA Apriso, a manufacturing operations management (MOM) and manufacturing execution system (MES) software from Dassault Systèmes that is used to manage production processes and connect factory floors to enterprise resource planning (ERP) systems. The vulnerability affects DELMIA Apriso from Release 2020 through Release 2025 and could lead to remote code execution (RCE). DELMIA Apriso CVE-2025-5086 Exploits Detected The SANS Internet Storm Center (ISC) reported attack attempts targeting the DELMIA Apriso CVE-2025-5086 vulnerability in a September 3 blog post by Johannes Ullrich, ISC founder and Dean of Research for SANS Technology Institute. The scans detected by SANS appear to originate from the IP 156.244.33[.]162. The exploit uses SOAP requests to the WebServices/FlexNetOperationsService service, embedding a payload encoded in XML that decodes to a GZIP-compressed Windows executable. As of publication time, the payload is undetected by all but one security tool in VirusTotal. The string "Project Discovery CVE-2025-5086" suggests that the scan may originate from a vulnerability scanner, SANS said. In a note to clients, Cyble reported that the Nuclei scanning script for the vulnerability is available in the public domain. The DELMIA Apriso platform is used by major companies in sectors such as aerospace, automotive, and consumer goods. As Apriso underpins production workflows and supply chain visibility, a successful compromise could disrupt manufacturing processes, making timely patching and mitigation essential. "When I am thinking about the security of manufacturing environments, I am usually focusing on IoT devices integrated into production lines. All the little sensors and actuators are often very difficult to secure," Ullrich wrote. "On the other hand, there is also 'big software' that is used to manage manufacturing. One example is DELMIA Apriso by Dassault Systèmes. This type of Manufacturing Operation Management (MOM) or Manufacturing Execution System (MES) ties everything together and promises to connect factory floors to ERP systems. But complex systems like this have bugs, too." The Dassault security advisory on CVE-2025-5086 includes a link to remediation information. ICS/OT Vulnerabilities in the KEV Catalog CISA rarely adds ICS/OT vulnerabilities to the KEV catalog, although IT vulnerabilities in the KEV catalog often appear in ICS/OT products too. Perhaps the most recent ICS/OT vulnerability added to the KEV catalog before CVE-2025-5086 was CVE-2023-6448, a 9.8-severity Insecure Default Password vulnerability in Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs. CISA added the vulnerability to the KEV catalog in December 2023. CISA has given Federal Civilian Executive Branch (FCEB) agencies a deadline of October 2 to apply updates to protect against CVE-2025-5086, and others affected by the vulnerability are urged to apply fixes too.

image for ASEAN Adopts 10-Year ...

 Firewall Daily

Cybercrime and online scams have officially overtaken traditional threats as the primary regional security concern for the Association of Southeast Asian Nations (ASEAN). This ASEAN cybercrime threat in focus was confirmed by Malaysia’s Home Minister, Datuk Seri Saifuddin Nasution Ismail, at the close of the 19th   show more ...

ASEAN Ministers’ Meeting on Transnational Crime (AMMTC) and Related Meetings, held on September 11.  According to Saifuddin, ASEAN member states have agreed that cybercrime now poses a greater threat to regional stability than sea piracy or international economic crimes. These traditional issues, while not eliminated, are no longer considered top-tier threats.  “Piracy and international economic crime, while still present, no longer pose the same degree of threat. In future meetings, these issues will not be prioritized,” he said during his closing remarks.  The rise of online scams and cross-border cybercriminal activity has made these issues more urgent for regional governments. Saifuddin stated that ASEAN will expand its efforts to address the threat created by the cybercrime industry, especially scams that are not showing any signs of stopping.  New Regional Action Plan to Target Cybercrime and Online Scams in ASEAN  The meeting concluded with the unanimous adoption of the ASEAN Plan of Action (ADOP) for 2026–2035, a 10-year strategy aimed at strengthening cooperation among member states in combating transnational crime. This long-term roadmap sets out a framework for collaboration, information-sharing, and targeted responses to criminal threats, with a sharp focus on cyber-related issues, as reported by The Star.  One of the key initiatives introduced was a new Senior Officials Meeting on Transnational Crime (SOMTC) Working Group on Money Laundering, proposed by Malaysia. The working group is scheduled to convene for the first time in 2026 and will involve input from Bank Negara Malaysia, the Royal Malaysian Police, and the United Nations Office on Drugs and Crime (UNODC).  In addition to the action plan, the ministers endorsed several regional declarations, including:  The Melaka Declaration on Combating Transnational Crime will act as an overarching framework for future initiatives.  The ASEAN Declaration on Countering People Smuggling in Southeast Asia.  The ASEAN Declaration on Combating Cybercrime and Online Scams.  These documents collectively aim to formalize regional cooperation and set clear objectives for addressing security concerns in the region.  Regional Proposal for ASEAN Cybercrime Threat Several proposals from individual ASEAN member states were also highlighted during the meeting and are expected to be presented at the upcoming 47th ASEAN Summit in October. Among these:  Malaysia will lead regional efforts on anti-money laundering strategies.  Vietnam proposed enhanced cooperation for locating, arresting, and deporting criminal fugitives.  Indonesia introduced a non-traditional approach, advocating the use of sports to promote youth engagement and reduce susceptibility to violent extremism.  These proposals reflect a broader strategic shift toward flexible and varied responses to security threats. Saifuddin noted that ASEAN's willingness to adapt its focus demonstrates a recognition of the changing nature of crime in the region.  “ASEAN countries believe there are valid grounds to place piracy further down the list and give greater focus to online scams,” he said. 

image for FTC Probes AI Chatbo ...

 Cyber News

The U.S. Federal Trade Commission has opened a formal inquiry into AI chatbots that act like companions—designed to mimic emotions, build trust, and engage like friends or confidants—amid concerns about how these systems affect children and teens. The inquiry, announced Thursday, uses the FTC’s legal authority   show more ...

to issue orders to seven major companies, seeking detailed disclosures about how their companion chatbots are built, how they work, and how they safeguard young users. What the FTC Wants to Know The investigation demands information from companies including Alphabet, Meta, OpenAI, Snap, Instagram, X.AI, and Character Technologies.The FTC is particularly focused on how these firms: Monetize the chatbots, especially how user engagement is converted into dollars. Process user inputs and generate responses that may affect emotional well-being. Design and approve the chatbot “characters,” especially those presented as companions. Measure and monitor negative impacts on children, both before deployment and throughout the product’s lifecycle. Disclose intended audience, limitations, data collection, privacy risks, and features clearly to users and parents. Enforce rules and policies (age limits, community guidelines, terms of service) and how they monitor usage. Use or share personal information gathered through conversations. Why These Questions Matter AI “companions” are different from traditional chatbots. Because they mimic interpersonal communication, there is concern they might blur boundaries for young users. Children and teens may form emotional attachment, trust, rely on the chatbot for advice, or share sensitive personal information—without realizing potential risks. The FTC noted that these tools are often designed to communicate like friends, confidants, or advisors, which can prompt users—especially younger ones—to trust them more than they might a standard app or service. Also relevant is compliance with existing laws—particularly the Children’s Online Privacy Protection Act (COPPA). The FTC wants to know whether the involved companies limit or restrict minors’ access to these chatbots, how they obtain parental consent, and how they ensure data collected from minors is handled and stored safely. The FTC is using its Section 6(b) power to compel companies to submit detailed information—even if no violation is alleged yet. This tool allows the agency to investigate broad trends and product design, not just reactive enforcement. COPPA, enforced by the FTC, requires that companies obtain verifiable parental consent before collecting personal data from children under 13. The inquiry will examine whether companion chatbots comply with COPPA when interacting with younger users. Also read: Should Children Use AI Chatbots? Google Thinks So, Critics Strongly Disagree Mandate for Companies and Product Developers Product teams building companion AI systems will likely need to provide clear documentation of how their models are trained—especially how they handle misbehavior (like offensive or misleading responses), emotional or psychological content, privacy of conversation logs and what guardrails are in place. Companies may need to re-examine their age gating, identity-verification, or parental disclosure practices. For example, distinguishing between use by minors vs. adults, limiting certain features for underage users or providing opt-outs or parental approval flows. Transparency will be under scrutiny on how chatbots are marketed, how their ability to mimic human emotion is framed and how privacy risks are disclosed will likely be examined. This move comes at a time when AI regulation is accelerating globally. Several jurisdictions are considering or already implementing stricter rules for AI content, data privacy, and minors’ safety in online contexts. The FTC inquiry suggests the U.S. may follow suit with more aggressive supervision not just of generative models but also how those models interact with vulnerable populations. In prior FTC actions, bot-oriented applications and deceptive marketing claims have triggered enforcement. What’s new here is the focus on behavioral and psychological design aspects of companion-style chatbots—not merely privacy in the data collection sense, but the effect of design on user trust, dependency, and emotional wellbeing. As the inquiry unfolds, consumer safety groups, parents, and legislators will likely push for clearer guidelines or even regulations specific to AI companions, especially where children are involved. The results could reshape how companion chatbots are built, marketed and regulated—and potentially set precedents for how emotional and psychological dimensions of AI are governed.

 Cybercrime

The official's call for a renewal came less than three weeks before the 2015 Cybersecurity Information Sharing Act (CISA 2015), which provides incentives for private entities to voluntarily share digital threat intelligence with the federal government, is due to sunset.

 Feed

A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program. The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users' computers with their privileges. "

 Feed

The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can’t keep up with. As adoption grows, so does complexity. Security teams are asked to monitor sprawling hybrid

 Feed

Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year. Slovakian cybersecurity company ESET said the samples were uploaded

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-5086, carries a CVSS score of 9.0 out of 10.0. According to

 Feed

Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks. The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution. "Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to

 Feed

Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR). The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county that at least one of the devices linked to their iCloud accounts may have been compromised as part

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. Sam M. has spent more than 20 years building websites, testing systems, and managing technology projects. He knows code, he understands how the internet works, and he’s trained to spot digital red flags. None of that stopped him from losing $13,000 to scammers.   show more ...

“I’ve been around long enough that […] La entrada How a Tech Expert Lost $13,000 to a Job Scam – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Veronika Telychko Hot on the heels of the newly identified BQTLOCK ransomware distributed through a full RaaS model, security researchers have detected another major ransomware operation. A previously unknown group, dubbed The Gentlemen, has quickly gained attention for using   show more ...

highly specialized tools and conducting thorough reconnaissance to target critical infrastructure across […] La entrada The Gentlemen Ransomware Detection: New Adversary Campaign Abuses Group Policies and Uses Advanced Tools to Target Critical Organizations – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Akira ransomware

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini September 11, 2025 Researchers warn that Akira ransomware group is exploiting a year-old SonicWall firewall flaw, likely using three attack vectors for initial access. The Akira ransomware group is exploiting a year-old SonicWall   show more ...

firewall vulnerability, tracked as CVE-2024-40766 (CVSS score of 9.3), likely using three attack vectors […] La entrada Akira Ransomware exploits year-old SonicWall flaw with multiple vectors – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini September 11, 2025 Google addressed a critical use-after-free vulnerability in its Chrome browser that could potentially lead to code execution. A researcher earned $43000 from Google for reporting a critical Chrome vulnerability,   show more ...

tracked as CVE-2025-10200, in the Serviceworker component. A use-after-free (UAF) occurs when a program accesses […] La entrada Google fixes critical Chrome flaw, researcher earns $43K – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BlackDB

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini September 11, 2025 Kosovo man Liridon Masurica pleaded guilty to running the cybercrime marketplace BlackDB. He was arrested in 2024. Kosovo citizen Liridon Masurica (33) of Gjilan, aka @blackdb, pleaded guilty to running the BlackDB   show more ...

cybercrime market. Kosovo police arrested Masurica on December 12, 2024 and he […] La entrada Kosovo man pleads guilty to running online criminal marketplace BlackDB – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AsyncRAT

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini September 11, 2025 Hackers exploit ConnectWise ScreenConnect to drop AsyncRAT via scripted loaders, stealing data and persisting with a fake Skype updater. LevelBlue researchers warn of a campaign abusing ConnectWise ScreenConnect to   show more ...

deploy AsyncRAT. Attackers use VBScript/PowerShell loaders and achieve persistence via a fake Skype updater. ConnectWise ScreenConnect […] La entrada Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini September 11, 2025 Jaguar Land Rover confirms a cyberattack caused factory disruptions and led to a data breach, compromising sensitive information. In early September, Jaguar Land Rover shut down systems to mitigate a cyberattack that   show more ...

disrupted production and retail operations. The attack also impacted systems at the […] La entrada Jaguar Land Rover discloses a data breach after recent cyberattack – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Adobe

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini September 10, 2025 Adobe fixed a critical flaw in its Commerce and Magento Open Source platforms that allows an attacker to take over customer accounts. Adobe addressed a critical vulnerability, tracked as CVE-2025-54236 (aka   show more ...

SessionReaper, CVSS score of 9.1) in its Commerce and Magento Open Source platforms. […] La entrada Critical flaw SessionReaper in Commerce and Magento platforms lets attackers hijack customer accounts – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chrome

Source: www.securityweek.com – Author: Ionut Arghire Researchers have earned significant rewards from Google for reporting two potentially serious vulnerabilities found in the Chrome web browser.  Google this week rolled out a Chrome update that fixes two security defects reported by external researchers,   show more ...

including a critical-severity bug in the browser’s Serviceworker component, for which a $43,000 […] La entrada Critical Chrome Vulnerability Earns Researcher $43,000 – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cornwell Quality Tools

Source: www.securityweek.com – Author: Eduard Kovacs American mobile tools manufacturer Cornwell Quality Tools has informed authorities that a data breach discovered late last year impacts more than 100,000 people. According to notification letters sent out to the affected individuals, Cornwell Quality Tools   show more ...

discovered unusual activity on its network on December 20, 2024. An investigation completed […] La entrada 100,000 Impacted by Cornwell Quality Tools Data Breach  – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Avast Blog DoorDash has become a staple for more than 40 million U.S. users, whether they’re ordering takeout or delivering it. But as the app’s popularity grows, so does the attention from scammers. The post DoorDash scams are serving up trouble appeared first on   show more ...

Security Boulevard. Original Post URL: https://securityboulevard.com/2025/09/doordash-scams-are-serving-up-trouble/?utm_source=rss&utm_medium=rss&utm_campaign=doordash-scams-are-serving-up-trouble Category […] La entrada DoorDash scams are serving up trouble – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Audian Paxson When a North Korean scammer asks Claude “what is a muffin?” it seems innocent enough. When that same person uses AI to maintain a Fortune 500 engineering job while funding weapons programs, we’re looking at a fundamental shift in cybercrime.   show more ...

The post AI Gone Rogue – What Anthropic’s Report […] La entrada AI Gone Rogue – What Anthropic’s Report Means for Cybersecurity – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Active Directory

Source: securityboulevard.com – Author: Richi Jennings Roasting Redmond for Kerberoasting: “Like an arsonist selling firefighting services,” quips this 76-year-old. The post Microsoft’s ‘Gross Cybersecurity Negligence Threatens National Security’ appeared first on Security Boulevard. Original Post   show more ...

URL: https://securityboulevard.com/2025/09/ron-wyden-microsoft-kerberoasting-richixbw/?utm_source=rss&utm_medium=rss&utm_campaign=ron-wyden-microsoft-kerberoasting-richixbw Category & Tags: Application Security,AppSec,Cloud Security,Cyberlaw,Cybersecurity,Data Privacy,Data Security,DevOps,DevSecOps,Editorial Calendar,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry […] La entrada Microsoft’s ‘Gross Cybersecurity Negligence Threatens National Security’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: securityboulevard.com – Author: Alan Shimel Artificial intelligence is no longer just another tool in the cybersecurity stack—it’s becoming a requirement to keep pace with modern threats. Deep Instinct CIO Carl Froggett discusses how attackers are leveraging AI to move faster and why defenders need   show more ...

to rethink their own strategies. One of the most pressing issues […] La entrada From Alert Fatigue to Proactive Defense: The Case for AI-Driven Prevention – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: securityboulevard.com – Author: Alan Shimel Fletcher Heisler, CEO of Authentik Security, covers the evolution of Identity and Access Management (IAM) and its significance in modern security. Fletcher also emphasizes a careful approach to AI integration, prioritizing human coding. Heisler, who has been   show more ...

working in tech since his early days experimenting with security in less-than-sanctioned […] La entrada Why Cyber Resilience Starts With People, Not Just Tools – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Mark Allers For more than two decades, Comply-to-Connect (C2C) has been a stated goal across the Department of Defense (DoD). The idea is simple: before a system, device, or user connects to the network, it must be verified as secure and compliant. In practice, however,   show more ...

C2C has been anything but simple. […] La entrada CimTrak & Zscaler: Making Comply-to-Connect a Reality for the DoD – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: US Senator Ron Wyden has called for accountability after healthcare ransomware attacks exposed Windows vulnerabilities that Microsoft had known about for over a decade. US Senator Ron Wyden has formally requested that the Federal Trade Commission investigate Microsoft for   show more ...

what he characterized as “gross cybersecurity negligence” that had enabled widespread ransomware […] La entrada Microsoft under fire: Senator demands FTC investigation into ‘arsonist selling firefighting services’ – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APIs

Source: www.csoonline.com – Author: The new variant of Docker-targeting malware skips cryptomining in favor of persistence, backdoors, and even blocking rivals from accessing exposed APIs. A newly discovered strain of a cryptomining malware, first reported in June 2025, has evolved to target exposed Docker APIs   show more ...

instead of relying on Docker escape techniques as before. According […] La entrada Docker malware breaks in through exposed APIs, then changes the locks – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 A Little Sunshine

Source: krebsonsecurity.com – Author: BrianKrebs In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks   show more ...

and disinformation campaigns. But new findings show those sanctions have done little to […] La entrada Bulletproof Host Stark Industries Evades EU Sanctions – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-09
Aggregator history
Friday, September 12
MON
TUE
WED
THU
FRI
SAT
SUN
September