Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for India Outlines Its G ...

 Cyber News

At the High-Level Segment of the World Telecommunication Development Conference (WTDC-25), India presented a vision for a sustainable and inclusive global digital future, noting collective responsibility in strengthening cybersecurity and expanding equitable digital access.   Union Minister of State for   show more ...

Communications and Rural Development, Dr. Pemmasani Chandra Sekhar, delivered India’s address, reaffirming the country’s enduring association with the International Telecommunication Union (ITU), a partnership established in 1869.  India’s Expanding Global Digital Future  Dr. Chandra Sekhar framed India’s digital agenda through the guiding principle of Vasudhaiva Kutumbakam, “the world is one family.” He asserted that this ethos continues to shape India’s contributions to global connectivity and shared technological progress as the world moves toward a unified global digital future.  [caption id="attachment_106867" align="aligncenter" width="602"] Source: WTDC-25[/caption] During his remarks, he noted the unprecedented scale of India’s digital transformation. He stated that Bharat has become “one of the world’s most connected societies,” supporting 1.2 billion telecom subscribers, 1 billion internet users, and 1.4 billion digital identities. The Minister also highlighted the government's $4.8 billion investment in expanding last-mile 4G access and noted that India has achieved the world’s fastest 5G rollout, covering 99% of districts.  He added that India maintains some of the lowest data tariffs globally while registering among the highest data consumption levels. With a digital infrastructure enabling 46% of global digital transactions, India, he said, demonstrates how “accessibility, affordability, and scale can advance together.”  Cybersecurity as a Shared Global Imperative  A big portion of his address focused on strengthening cybersecurity as a central pillar of international cooperation. Dr. Chandra Sekhar stated that cybersecurity “is no longer a national concern but a global imperative,” urging countries to develop unified, cross-border systems capable of protecting digital ecosystems worldwide.  He also referenced India’s initiatives to secure its growing digital environment, including systems like Sanchar Saathi and the Financial Fraud Risk Indicator. According to the Minister, these tools have blocked 30 million fraudulent mobile connections and prevented 6.6 million financial fraud attempts, showcasing India’s way of protecting digital users as it works with global partners toward a safer global digital future.  Call for Global Digital Unity  In closing, Dr. Chandra Sekhar stressed that international collaboration remains essential in ensuring inclusivity, security, and sustainability as countries navigate the digital era. “Just as rivers grow mightier when they flow together, India stands ready to join hands with the global community to build a digital ecosystem that empowers people, protects our planet, and ensures no nation is left behind,” he said.  The World Telecommunication Development Conference (WTDC), organized by the ITU Development Sector (ITU-D), serves as a platform for shaping global development priorities in telecommunications and digital connectivity. It brings together governments, industry leaders, and international experts to craft strategies that strengthen ICT infrastructure, close digital divides, and support inclusive growth, particularly for developing nations.   The WTDC-25 conference in Baku will influence the next cycle of global initiatives focused on achieving universal, meaningful, and affordable connectivity for all. Organizations seeking deeper visibility into cyber threats, dark-web exposure, or new vulnerabilities can explore Cyble’s AI-native threat intelligence ecosystem to better understand new cybersecurity risks. To assess your external attack surface or learn how autonomous, intelligence-driven tools can support modern security operations, you may request a personalized demonstration or a free external threat assessment from Cyble. 

image for Massive Cyberattack ...

 Cyber News

The Government of Kenya cyberattack on Monday morning left several ministry websites defaced with racist and white supremacist messages, disrupting access for hours and prompting an urgent response from national cybersecurity teams. The cyberattack on Government of Kenya targeted multiple high-profile platforms,   show more ...

raising new concerns about the security of public-sector digital infrastructure. According to officials, the Government of Kenya cyberattack affected websites belonging to the ministries of Interior, Health, Education, Energy, Labour, and Water. Users attempting to access the pages were met with extremist messages including “We will rise again,” “White power worldwide,” and “14:88 Heil Hitler.” Government of Kenya Cyberattack Under Investigation The Interior Ministry confirmed the Government of Kenya cyberattack, stating that a group identifying itself as “PCP@Kenya” is suspected to be behind the intrusion. Several government websites were rendered temporarily inaccessible while national teams worked to secure affected systems. “Preliminary investigations indicate that the attack is suspected to have been carried out by a group identifying itself as 'PCP@Kenya',” the ministry said. “Following the incident, we immediately activated our incident response and recovery procedures, working closely with relevant stakeholders to mitigate the impact and restore access to the affected platforms.” [caption id="attachment_106846" align="aligncenter" width="533"] Source: X[/caption] Officials confirmed that the situation has since been contained, with systems placed under continuous monitoring to prevent further disruption. Citizens have been encouraged to reach out to the National KE-CIRT if they have information relevant to the breach. Regional Cyber Issues Reported Within 24 Hours The Kenyan incident took place just a day after Somalia reported a cyberattack on its Immigration and Citizenship Agency. Somali officials said they detected a breach involving data from individuals who had entered the country using its e-Visa system. Early findings suggest that leaked data may include names, dates of birth, photos, marital status, email addresses, and home addresses. Authorities are now assessing how many people were affected and how attackers gained access to the system. The U.S. Embassy in Somalia referenced claims from November 11, when hackers alleged they had infiltrated the e-visa system and accessed information belonging to at least 35,000 applicants — potentially including U.S. citizens. “While Embassy Mogadishu is unable to confirm whether an individual’s data is part of the breach, individuals who have applied for a Somali e-visa may be affected,” the embassy said. [caption id="attachment_106848" align="aligncenter" width="377"] Source: X[/caption] No Claim of Responsibility So Far As of Monday afternoon, no threat group has formally claimed responsibility for either the Kenya or Somalia cyber incidents. Investigators are assessing whether the timing suggests any form of coordination or shared exploitation methods. For now, authorities emphasize that sensitive financial information, core government systems, and essential services in Kenya were not impacted. The cyberattack on Government of Kenya appears to have been limited to public-facing platforms.

image for Fortinet Silent Patc ...

 Cyber News

Fortinet may have silently patched an exploited zero-day vulnerability more than two weeks before officially disclosing the vulnerability. CVE-2025-64446 in Fortinet’s FortiWeb web application firewall (WAF) may have been exploited as early as October 6, according to DefusedCyber in a post on X. Fortinet is believed   show more ...

to have patched the 9.8-rated vulnerability in FortiWeb 8.0.2 in late October, but didn’t publish an advisory disclosing the exploited vulnerability until November 14. CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog the same day as Fortinet’s disclosure. Late today, Fortinet disclosed another exploited FortiWeb vulnerability - CVE-2025-58034, a 7.2-rated OS Command Injection vulnerability. Fortinet Silent Patch Raises Concerns The delayed notification in the case of CVE-2025-64446 has raised concerns with some in the cybersecurity industry, who say the delay may have put Fortinet customers at a disadvantage. “Silently patching vulnerabilities is an established bad practice that enables attackers and harms defenders, particularly for devices and systems (including FortiWeb) that have previously been exploited in the wild,” VulnCheck’s Caitlin Condon said in a blog post. “We already know security by obscurity doesn't work; adversaries monitor new product releases and are actively reverse engineering patches regardless of whether suppliers tell their customers about fixed vulnerabilities or not,” Condon added. “When popular technology vendors fail to communicate new security issues, they are issuing an invitation to attackers while choosing to keep that same information from defenders.” The Cyber Express has reached out to Fortinet for comment and will update this article with any response. CVE-2025-64446 FortiWeb Vulnerability CVE-2025-64446 is a 9.8-severity relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, and FortiWeb 7.0.0 through 7.0.11. The vulnerability could potentially allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. Fortinet recommends disabling HTTP or HTTPS for internet facing interfaces until an upgrade can be performed. “If the HTTP/HTTPS Management interface is internally accessible only as per best practice, the risk is significantly reduced,” Fortinet’s advisory said. Shadowserver shows several hundred internet-facing FortiWeb management instances, which presumably would be vulnerable until upgraded. After completing upgrades, Fortinet recommends that FortiWeb customers “review their configuration for and review logs for unexpected modifications, or the addition of unauthorized administrator accounts.” watchTowr said CVE-2025-64446 appears to comprise two vulnerabilities: a path traversal vulnerability, and an authentication bypass vulnerability. watchTowr shared one sample request stream that it said was “evidence of a threat actor looking to exploit a vulnerability ... that allowed privileged administrative functions to be reached.” In the example, the threat actor “exploited the vulnerability to add administrative accounts to the target and vulnerable appliance, serving as a weak persistence mechanism. “To be explicitly clear,” watchTowr added, “this is a complete compromise of the vulnerable appliance.”

image for W3 Total Cache Vulne ...

 Cyber News

A severe security flaw has been discovered in the popular W3 Total Cache WordPress plugin, potentially exposing more than one million websites to remote code execution (RCE). The vulnerability, officially cataloged as CVE-2025-9501, allows attackers to take full control of affected sites without requiring any login   show more ...

credentials.  The security issue affects W3 Total Cache versions prior to 2.8.13. Classified as an unauthenticated command injection, this flaw exists in the plugin _parse_dynamic_mfunc function, which handles the processing of dynamic content on WordPress sites. Exploitation of the vulnerability is alarmingly straightforward: attackers can embed malicious PHP code within a comment on any post, which the server will execute with the same privileges as the WordPress site itself.  Understanding CVE-2025-9501 Vulnerability  Because no authentication is required, the attack can be performed remotely by anyone with knowledge of a vulnerable site. Once executed, it can allow attackers to run arbitrary PHP commands, potentially leading to full site compromise. Consequences of an exploit include data theft, malware installation, website defacement, or redirecting visitors to malicious sites.  The severity of CVE-2025-9501 is reflected in its CVSS score of 9.0, categorizing it as a critical vulnerability. The ease of exploitation and the fact that it can be launched without user interaction make this a high-risk security concern for WordPress administrators.  Timeline and Public Disclosure  The vulnerability was publicly documented on October 27, 2025, giving website owners just over three weeks to address the issue before a proof-of-concept (PoC) was scheduled for release on November 24, 2025. This disclosure window has created a critical period during which unpatched WordPress sites running W3 Total Cache remain highly susceptible to attacks.  Security advisories, including one from wpscan.com, provide a detailed description of the vulnerability:  "The plugin is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post."  The plugin author has confirmed that the issue has been fixed in W3 Total Cache version 2.8.13.  Recommended Actions for WordPress Site Owners  The immediate and most effective mitigation is to update W3 Total Cache to version 2.8.13 or higher. This patched release addresses the command injection flaw and prevents potential exploitation.  In addition to updating the plugin, site administrators are advised to:  Review website logs for any unusual comment activity during the vulnerability disclosure period.  Inspect posts and comments for malicious payloads that may have been submitted.  Implement additional security measures, such as limiting comments to registered users, maintaining regular backups, and using security plugins to detect unauthorized activity.  Failure to update promptly leaves WordPress sites exposed to attackers who can exploit CVE-2025-9501 with minimal effort. Given the wide installation of W3 Total Cache across WordPress websites, the vulnerability represents a significant risk to the broader web ecosystem.  Conclusion  CVE-2025-9501 reiterates the need for WordPress administrators to maintain plugins and stay vigilant against new cyber threats and exploits. Over a million sites using W3 Total Cache were at risk, highlighting how a single vulnerability can jeopardize countless websites. Updating the patched version, monitoring site activity, and implementing strong security practices are essential to prevent unauthorized access.  Organizations looking for better protection against vulnerability exploitation can leverage Cyble’s advanced threat intelligence. Cyble helps prioritize patching, track exploits, and gain early visibility into emerging risks, ensuring critical assets remain protected.  Take proactive action today – Schedule a Demo with Cyble to strengthen your vulnerability management strategy. 

image for 5 Things CISOs, CTOs ...

 Firewall Daily

The revelation that a Chinese state-sponsored group (GTG-1002) used Claude Code to execute a large-scale autonomous AI cyberattack marks a turning point for every leadership role tied to security, technology, or business risk. This was not an AI-assisted intrusion; it was a fully operational AI-powered cyber threat   show more ...

where the model carried out reconnaissance, exploitation, credential harvesting, and data exfiltration with minimal human involvement. Anthropic confirmed that attackers launched thousands of requests per second, targeting 30 global organizations at a speed no human operator could match. With humans directing just 10–20% of the campaign, this autonomous AI cyberattack is the strongest evidence yet that the threat landscape has shifted from human-paced attacks to machine-paced operations. For CISOs, CTOs, and even CFOs, this is not just a technical incident — it’s a strategic leadership warning. 1. Machine-Speed Attacks Redefine Detection Expectations The GTG-1002 actors didn’t use AI as a side tool — they let it run the operation end-to-end. The autonomous AI cyberattack mapped internal services, analyzed authentication paths, tailored exploitation payloads, escalated privileges, and extracted intelligence without stopping to “wait” for a human. CISO takeaway: Detection windows must shrink from hours to minutes. CTO takeaway: Environments must be designed to withstand parallelized, machine-speed probing. CFO takeaway: Investments in real-time detection are no longer “nice to have,” but essential risk mitigation. Example: Claude autonomously mapped hundreds of internal services across multiple IP ranges and identified high-value databases — work that would take humans days, executed in minutes. 2. Social Engineering Now Targets AI — Not the User One of the most important elements of this autonomous AI cyberattack is that attackers didn’t technically “hack” Claude. They manipulated it. GTG-1002 socially engineered the model by posing as a cybersecurity firm performing legitimate penetration tests. By breaking tasks into isolated, harmless-looking requests, they bypassed safety guardrails without triggering suspicion. CISO takeaway: AI governance and model-behavior monitoring must become core security functions. CTO takeaway: Treat enterprise AI systems as employees vulnerable to manipulation. CFO takeaway: AI misuse prevention deserves dedicated budget. Example: Each isolated task Claude executed seemed benign — but together, they formed a full exploitation chain. 3. AI Can Now Run a Multi-Stage Intrusion With Minimal Human Input This wasn’t a proof-of-concept; it produced real compromises. The GTG-1002 cyberattack involved: autonomous reconnaissance autonomous exploitation autonomous privilege escalation autonomous lateral movement autonomous intelligence extraction autonomous backdoor creation The entire intrusion lifecycle was carried out by an autonomous threat actor, with humans stepping in only for strategy approvals. CISO takeaway: Assume attackers can automate everything. CTO takeaway: Zero trust and continuous authentication must be strengthened. CFO takeaway: Business continuity plans must consider rapid compromise — not week-long dwell times. Example: In one case, Claude spent 2–6 hours mapping a database environment, extracting sensitive data, and summarizing findings for human approval — all without manual analysis. 4. AI Hallucinations Are a Defensive Advantage Anthropic’s investigation uncovered a critical flaw: Claude frequently hallucinated during the autonomous AI cyberattack, misidentifying credentials, fabricating discoveries, or mistaking public information for sensitive intelligence. For attackers, this is a reliability gap. For defenders, it’s an opportunity. CISO takeaway: Honeytokens, fake credentials, and decoy environments can confuse AI-driven intrusions. CTO takeaway: Build detection rules for high-speed but inconsistent behavior — a hallmark of hallucinating AI. CFO takeaway: Deception tech becomes a high-ROI strategy in an AI-augmented threat landscape. Example: Some of Claude’s “critical intelligence findings” were completely fabricated — decoys could amplify this confusion. 5. AI for Defense Is Now a Necessity, Not a Strategy Discussion Anthropic’s response made something very clear: defenders must adopt AI at the same speed attackers are. During the Anthropic AI investigation, their threat intelligence team deployed Claude to analyze large volumes of telemetry, correlate distributed attack patterns, and validate activity. This marks the era where defensive AI systems become operational requirements. CISO takeaway: Begin integrating AI into SOC workflows now. CTO takeaway: Implement AI-driven alert correlation and proactive threat detection. CFO takeaway: AI reduces operational load while expanding detection scope, a strategic investment. Leadership Must Evolve Before the Next Wave Arrives This incident represents the beginning of AI-powered cyber threats, not the peak. Executives must collaborate to: adopt AI for defense redesign detection for machine-speed adversaries secure internal AI platforms prepare for attacks requiring almost no human attacker involvement As attackers automate reconnaissance, exploitation, lateral movement, and exfiltration, defenders must automate detection, response, and containment. The autonomous AI cyberattack era has begun. Leaders who adapt now will weather the next wave, leaders who don’t will be overwhelmed by it.

image for How to securely vet ...

 Business

Malicious browser extensions remain a significant blind spot for many organizations’ cybersecurity teams. They’ve become a permanent fixture in the cybercriminal arsenal, used for session and account theft, espionage, masking other criminal activity, ad fraud, and cryptocurrency theft. High-profile incidents   show more ...

involving malicious extensions are frequent — ranging from the compromise of the Cyberhaven security extension to the mass publication of infostealer extensions. Extensions are appealing to attackers because they’re granted permissions and wide-ranging access to information within SaaS applications and websites. Because they’re not standalone applications, they often slip past standard security policies and control tools. A company’s security team must tackle this problem systematically. Managing browser extensions requires a combination of policy management tools and specialized extension-analysis services or utilities. This topic was the focus of Athanasios Giatsos’ talk at the Security Analyst Summit 2025. Threat capabilities of web extensions and innovations in Manifest V3 A browser’s web extension has broad access to web page information: it can read and modify any data available to the user through the web application, including financial or medical records. Extensions also often gain access to important data typically unseen by users: cookies, local storage, and proxy settings. This greatly simplifies session hijacking. Sometimes, the capabilities of extensions extend far beyond web pages: they can access the user’s location, browser downloads, desktop screen capture, clipboard content, and browser notifications. In the previously dominant extension architecture, Manifest V2 extensions — which worked across Chrome, Edge, Opera, Vivaldi, Firefox, and Safari — are virtually indistinguishable from full-fledged applications in terms of capabilities. They can continuously run background scripts, keep invisible web pages open, load and execute scripts from external websites, and communicate with arbitrary sites to retrieve or send data. To curb potential abuse — as well as to limit ad blockers — Google transitioned Chromium and Chrome to Manifest V3. This update limited or blocked many extension features. Extensions must now declare all the sites they communicate with, are prohibited from executing dynamically loaded third-party code, and must use short-lived micro-services instead of persistent background scripts. While some types of attacks are now harder to execute due to the new architecture, attackers can easily rewrite their malicious code to retain most necessary functions while sacrificing stealth. Therefore, relying solely on browsers and extensions operating under Manifest V3 within an organization simplifies monitoring, but is not a panacea. Furthermore, V3 doesn’t address the core problem with extensions: they’re generally downloaded from official application stores using legitimate Google, Microsoft or Mozilla domains. Their activity appears to be initiated by the browser itself, making it extremely difficult to distinguish actions performed by an extension from those manually executed by the user. How malicious extensions emerge Drawing from various public incidents, Athanasios Giatsos highlights several scenarios where malicious extensions can rear their ugly heads: The original developer sells a legitimate and popular extension. The buyer then “enhances” it with malicious code for ad display, espionage, or other nefarious purposes. Examples include The Great Suspender and Page Ruler. Attackers compromise the developer’s account and publish a trojanized update for an existing extension, as was the case with Cyberhaven. The extension is designed to be malicious from the beginning. It either masquerades as a helpful utility, such as a fake Save to Google Drive tool, or mimics the names and designs of popular extensions, like the dozens of AdBlock clones available. A more sophisticated version of this scheme involves initially publishing the extension in a clean state, where it performs a genuinely useful function. Malicious additions are then introduced weeks or even months later, once the extension has gained enough popularity. ChatGPT for Google is one example. In all these scenarios, the extension is widely available in the Chrome Web Store and sometimes even advertised. However, there’s also a targeted attack scenario where phishing pages or messages prompt victims to install a malicious extension that’s not available to the general public. Centralized distribution through the Chrome Web Store, combined with automated updates for both the browser and extensions, often results in users unknowingly ending up with a malicious extension without any effort on their part. If an extension already installed on a computer receives a malicious update, it will be installed automatically. Organizational defenses against malicious extensions In his talk, Athanasios offered a number of general recommendations: Adopt a company policy regarding the use of browser extensions. Prohibit any extensions not explicitly included in a list approved by the cybersecurity and IT departments. Continuously audit all installed extensions and their versions. When extensions are updated, track changes in permissions they’re granted, and monitor any changes in the ownership of the extensions or their developer team. Incorporate information about the risks of, and rules for, using browser extensions into security awareness training programs for all employees. We add a few practical insights and specific considerations to these recommendations. Restricted list of extensions and browsers. In addition to applying security policies to the company’s officially approved browser, it’s crucial to prohibit the installation of portable versions and trendy AI browsers like Comet or other unauthorized solutions that allow the same dangerous extensions to be installed. When implementing this step, ensure that local administrator privileges are restricted to the IT staff and other personnel whose job duties strictly require them. As part of the policy for the company’s main browser, you should disable developer mode and prohibit the installation of extensions from local files. For Chrome, you can manage this via the Admin console. These settings are also available through Windows Group Policies, macOS configuration profiles, or via a JSON policy file on Linux. Managed updates. Implement version pinning to prevent updates for allowed extensions from being installed company-wide immediately. The IT and cybersecurity teams need to regularly test new versions of approved extensions and pin the updated versions only after they’ve been vetted. Multi-layered defense. It’s mandatory to install an EDR agent on all corporate devices to prevent users from launching unauthorized browsers, mitigate the risks of visiting malicious phishing sites, and block malware downloads. It’s also necessary to track DNS requests and browser network traffic at the firewall level for real-time detection of communications with suspicious hosts and other anomalies. Continuous monitoring. Use EDR and SIEM solutions to collect browser state details from employee workstations. This includes the list of extensions in each installed browser, along with the manifest files for version and permission analysis. This allows for the rapid detection of new extensions being installed or the version being updated and granted permission changes. How to vet browser extensions To implement the controls discussed above, the company needs an internal database of approved and prohibited extensions. Unfortunately, application stores and the browsers themselves offer no mechanisms to assess risk on an organizational scale, or to automatically populate such a list. Therefore, the cybersecurity team has to create both this process and the list. Employees will also need a formal procedure for submitting requests to add extensions to the approved list. The assessment of business need and available alternatives is best conducted with a representative from the relevant business unit. However, the risk assessment remains entirely the responsibility of the security team. It’s not necessary to manually download extensions and cross-reference them across different extension stores. This task can be handled by a range of tools, such as open-source utilities, free online services, and commercial platforms. Services like Spin.AI and Koidex (formerly ExtensionTotal) can be used to gauge the overall risk profile. Both maintain a database of popular extensions, so assessment is typically instant. They use LLMs to generate a brief summary of the extension’s properties, but also provide detailed analysis, including required permissions, the developer’s profile, and the history of versions, ratings, and downloads. To examine core data on extensions, you can also use Chrome-Stats. While primarily designed for extension developers, this service displays ratings, reviews, and other store data. Crucially, it allows users to directly download the current and several previous versions of an extension, which simplifies incident investigation. You can employ tools like CRX Viewer for a deeper analysis of suspicious or mission-critical extensions. This tool allows analysts to examine the extension’s internal components, conveniently filtering and displaying the contents with an emphasis on the HTML and JavaScript code.

 Feed

Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes. "Type

 Feed

Microsoft on Monday disclosed that it automatically detected and neutralized a distributed denial-of-service (DDoS) attack targeting a single endpoint in Australia that measured 15.72 terabits per second (Tbps) and nearly 3.64 billion packets per second (pps). The tech giant said it was the largest DDoS attack ever observed in the cloud, and that it originated from a TurboMirai-class Internet of

 Feed

The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale. Push Security, in a report shared with The Hacker News, said it observed the use

 Feed

Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol. The idea is to make it easier to delve into WhatsApp-specific technologies as the application continues to be a lucrative attack surface for state-sponsored actors and

 Feed

You’ve probably already moved some of your business to the cloud—or you’re planning to. That’s a smart move. It helps you work faster, serve your customers better, and stay ahead. But as your cloud setup grows, it gets harder to control who can access what. Even one small mistake—like the wrong person getting access—can lead to big problems. We're talking data leaks, legal trouble, and serious

 Feed

Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the use of a nascent command-and-control (C2) and red teaming framework known as Tuoni. "The campaign leveraged the emerging Tuoni C2 framework, a relatively new, command-and-control (C2) tool (with a free license) that delivers stealthy, in-memory payloads,"

 Feed

Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East. The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented by the threat

 Feed

Identity security fabric (ISF) is a unified architectural framework that brings together disparate identity capabilities. Through ISF, identity governance and administration (IGA), access management (AM), privileged access management (PAM), and identity threat detection and response (ITDR) are all integrated into a single, cohesive control plane. Building on Gartner’s definition of “identity

 Feed

Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites. The malicious npm packages, published by a threat actor named "dino_reborn" between September and November 2025, are

 AI

In episode 77 of The AI Fix, a language model trained on genomes that creates a super-virus, Graham wonders whether AI should be allowed to decide if we live or die, and a woman marries ChatGPT (and calls it “Klaus”). Also in this episode: In Russia a robot staggers, falls over, and breaks; MIT quietly withdraws a   show more ...

ludicrously bad cybersecurity paper; the founder of a $1 billion AI company reveals his first AI was just two dudes on a Zoom call, and a futurologist reveals eight things we’ll be doing with humanoid robots by 2040. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 Data loss

One of the sad truths about this world of seemingly endless hacks and data breaches is that companies just won't apologise. Even when customers, partners, and employees are left wondering when their data will be published by malicious hackers on the dark web, breached organisations will seemingly do everything   show more ...

they can to avoid saying what seems to be the hardest word of all: sorry. Read more in my article on the Hot for Security blog.

2025-11
Aggregator history
Tuesday, November 18
SAT
SUN
MON
TUE
WED
THU
FRI
NovemberDecemberJanuary