Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Salesforce Warns tha ...

 Cyber News

Salesforce is investigating potential unauthorized access to customers’ Salesforce data that may have occurred through the Gainsight customer success platform. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection,”   show more ...

Salesforce said in an advisory today. The Salesforce advisory was short on detail, but the incident appears to share similarities with a recent OAuth-based breach of the Salesloft Drift platform that compromised the Salesforce environments of dozens, if not hundreds, of organizations. That breach was linked to the Scattered LAPSUS$ Hunters threat group. In an email exchange with The Cyber Express, Scattered LAPSUS$ Hunters also claimed responsibility for the current Gainsight incident. “Yes, we are responsible for it,” the group told The Cyber Express. “Nearly 300 organisations are affected by it.” The group named four large organizations allegedly hit in the latest incident, but it is The Cyber Express’ policy not to name unconfirmed cyberattack victims. Salesforce Detects ‘Unusual Activity’ Involving Gainsight App Salesforce said in the advisory that it has identified “unusual activity involving Gainsight-published applications connected to Salesforce.” Those apps are installed and managed directly by customers. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the app’s connection,” the CRM vendor said. “Upon detecting the activity, Salesforce revoked all active access and refresh tokens associated with Gainsight-published applications connected to Salesforce and temporarily removed those applications from the AppExchange while our investigation continues.” Salesforce said there is “no indication” that the incident resulted from a vulnerability in the Salesforce platform. “The activity appears to be related to the app’s external connection to Salesforce,” the company said. Salesforce said it has notified known affected customers directly and will continue to provide updates. The CRM vendor said customers who need assistance can reach the company through Salesforce Help. Salesloft Drift Breach Affected Gainsight Too It will be some time before the extent of the current incident is known, but the Salesloft Drift incident affected the CRM environments of scores of well-known companies, among them Google, Cloudflare, Palo Alto Networks, and many more prominent names. The Scattered LAPSUS$ threat group launched social engineering attacks on Salesforce environments too. Scattered LAPSUS$ Hunters claims 760 organizations were hit in the Salesloft Drift incident, one of which was Gainsight’s own Salesforce environment. The Cyber Express has reached out to Gainsight for comment and will update this story as new information emerges.

image for Stolen VPN Credentia ...

 Cyber News

Compromised VPN credentials are the most common initial access vector for ransomware attacks, according to a new report. Nearly half of ransomware attacks in the third quarter abused compromised VPN credentials as the initial access point, according to research from Beazley Security, the cybersecurity arm of Beazley   show more ...

Insurance. Nearly a quarter of initial access attacks came from external service exploitation, while remote desktop service (RDS) credential compromises, supply chain attacks and social engineering accounted for 6% each (chart below). [caption id="attachment_106993" align="aligncenter" width="480"] Initial access vectors in ransomware attacks (Beazley Security)[/caption] “This trend underscores the importance of ensuring that multifactor authentication (MFA) is configured and protecting remote access solutions and that security teams maintain awareness and compensating controls for any accounts where MFA exceptions have been put in place,” the report said. In addition to the critical need for MFA, the report also underscores the importance of dark web monitoring for leaked credentials, which are often a precursor to much bigger cyberattacks. SonicWall Compromises Led Attacks on VPN Credentials A “prolonged campaign” targeting SonicWall devices by the Akira ransomware group was responsible for some of the 10-point increase in the percentage of VPN attacks. “Adding to SonicWall’s misery this quarter was a significant breach of their cloud service, including sensitive configuration backups of client SonicWall devices,” the report added. Akira, Qilin and INC were by far the most active ransomware groups in the third quarter, Beazley said – and all three exploit VPN and remote desktop credentials. Akira “typically gains initial access by exploiting weaknesses in VPN appliances and remote services,” the report said. In the third quarter, they used credential stuffing and brute force attacks to target unpatched systems and weak credentials. Akira accounted for 39% of Beazley Security incident response cases in the third quarter. Akira “consistently gained access by using valid credentials in credential stuffing attacks against SonicWall SSLVPN services, exploiting weak access controls such as absent MFA and insufficient lockout policies on the device,” the report said. Qilin’s initial access techniques include phishing emails, malicious attachments, and brute forcing weak credentials or stolen credentials in remote desktop protocol (RDP) and VPN services. INC Ransomware uses a combination of phishing, credential theft, and exploitation of exposed enterprise appliances for initial access. “Beazley Security responders observed the group leverage valid, compromised credentials to access victim environments via VPN and Remote Desktop,” the report said. Cisco, Citrix Vulnerabilities, SEO Poisoning Also Exploited Critical vulnerabilities in Cisco and Citrix NetScaler were also targeted by attackers in the third quarter. In one campaign, a sophisticated threat actor leveraged CVE-2025-20333 and CVE-2025-20363 in Cisco ASA VPN components to gain unauthorized access into environments, Beazley said. Another campaign targeted a critical SNMP flaw (CVE-2025-20352) in Cisco IOS.‍ Threat actors also targeted Citrix NetScaler vulnerabilities CVE-2025-7775 and CVE-2025-5777. The latter has been dubbed “Citrix Bleed 2” because of similarities to 2023’s “Citrix Bleed” vulnerability (CVE-2023-4966). A “smaller yet noteworthy subset” of ransomware attacks gained access via search engine optimization (SEO) poisoning attacks and malicious advertisements, used for initial access in some Rhysida ransomware attacks. “This technique places threat actor-controlled websites at the top of otherwise trusted search results, tricking users into downloading fake productivity and administrative tools such as PDF editors,” the report said. “These tools can be trojanized with various malware payloads, depending on threat actor objectives, and can potentially give threat actors a foothold directly on the endpoint in a network. The attack is effective because it bypasses other traditional social engineering protections like email filters that prevent phishing attacks.”

image for Who Is Dark Storm? T ...

 Firewall Daily

Threat Actor Dark Storm has emerged as one of the most active pro-Russian hacktivist groups this year, escalating disruptive cyberattacks against several government agencies across Europe and Russia.   Known primarily for aggressive Distributed Denial-of-Service (DDoS) operations, the group is widening its targets,   show more ...

deepening alliances, and promoting DDoS-as-a-Service offerings to other threat actors across the underground ecosystem.  Who Is Dark Storm? A Pro-Russian Collective Expanding Its Reach  The threat actor Dark Storm, also known as Dark Storm Team, TeamDarkStorm, and MRHELL112, has built a reputation for hitting critical infrastructure, particularly airports and transportation networks. While DDoS has remained its signature method, the group has recently broadened its campaigns to include political, opportunistic, and retaliatory attacks.  Dark Storm is part of the pro-Russian alliance Matryoshka 424, connecting it to other hacktivist clusters that coordinate messaging, tools, and attack timing.   The group’s alignment with wider pro-Russian cyber movements has amplified its operational impact, especially during geopolitical flashpoints.  Growing Web of Alliances Boosts Their Disruptive Capabilities  The threat actor’s tactic frequently overlaps with those of linked groups such as OverFlame, Server Killers, Z-Pentest, and Team BD Cyber Ninja, all of which share DDoS infrastructure and ideological motivations.  OverFlame focuses on attacks connected to Ukraine and its allies.  Server Killers routinely targets entities perceived as opposing Russian interests.  Z-Pentest, a newer group, has been seen exploiting unauthorized access to ICS panels and performing website defacements.  These joined alliances provide Dark Storm with broader botnet access, shared reconnaissance intelligence, and a coordinated amplification strategy, leading to larger and more sustained disruptions.  How Dark Storm Executes Its Attacks 1. Exploiting Public-Facing Applications Dark Storm’s operations often begin with exploiting weaknesses in internet-facing applications, including misconfigured servers, outdated services, and vulnerable web components. By leveraging Initial Access techniques such as exploiting public-facing apps (T1190), the group aims to identify high-value entry points.  This includes:  Web servers and cloud-hosted applications  Administrative interfaces  Exposed databases or misconfigured network devices  The group has also been observed gathering victim identity information (T1589) and host configuration data (T1592) through reconnaissance activities, using scanning and metadata harvesting to tailor their next move. 2. Coordinated DDoS and Endpoint Denial-of-Service Attacks The core of Dark Storm’s activity lies in complicated Network Denial-of-Service (T1498) and Endpoint Denial-of-Service (T1499) campaigns.  These attacks typically rely on:  Voluminous traffic generation using botnets  IP spoofing to hide origin  Reflective amplification techniques  Multi-layer targeting of network and application endpoints  By vast bandwidth, saturating hosting infrastructure, or crashing service layers, Dark Storm aims to cause maximum disruption with minimal operational cost. 3. Escalating Focus on Government Agencies While past activity was largely centered on transportation and logistics, the recent surge of attacks against government agencies in Europe and Russia marks a notable escalation. The group appears to be leveraging political tension, upcoming elections, and diplomatic shifts to justify their campaigns.  These government-focused attacks include:  Flooding official portals  Disrupting public-facing service websites  Interrupting online citizen services  Targeting digital communication channels  Although largely disruptive rather than destructive, these incidents highlight the fragility of national digital services under sustained political hacktivism.  How Organizations Can Defend Against Dark Storm’s Tactics  The tactics used by Threat Actor Dark Storm, particularly large-scale DDoS attacks and exploitation of exposed applications, stress on the importance of continuous threat visibility. Organizations dependent on online services remains especially vulnerable during periods of geopolitical tension or heightened hacktivist activity.  Solutions like Cyble’s Cyber Threat Intelligence Platform provide early detection of adversary behavior, monitoring of emerging campaigns, and insights into developing threats that groups like Dark Storm rely on.  With holistic visibility, automation, and advanced analytics, security teams can prioritize high-risk exposures, detect reconnaissance activity sooner, and prepare defenses before attacks escalate.  Stay ahead of threat actor groups like Dark Storm.  Explore deeper threat insights with Cyble’s Cyber Threat Intelligence Platform- Get Your FREE Demo Now 

image for Cyble and BOCRA Sign ...

 Firewall Daily

Cyble and the Botswana Communications Regulatory Authority (BOCRA) have announced a strategic Memorandum of Understanding (MoU). The Cyble and BOCRA MoU is designed to provide stronger defenses, improved detection capabilities, and faster incident response for critical sectors across Botswana.  The agreement, formed   show more ...

in collaboration with the Botswana National CSIRT, marks an important step toward enhancing the country’s national cybersecurity posture at a time when global cyber threats continue to escalate.   Strengthening National Cybersecurity Capabilities  Under the Cyble and BOCRA MoU, both organizations will work closely to advance Botswana’s cybersecurity ecosystem. The collaboration will focus on building stronger cyber defense mechanisms, improving incident response readiness, and equipping national cybersecurity teams with access to Cyble threat intelligence technologies.  Cyble will provide BOCRA with real-time intelligence on emerging threats, leveraging its proprietary AI-native platforms that monitor malicious activity across the open, deep, and dark web. This advanced situational awareness will help Botswana’s security teams quickly identify risk indicators, detect suspicious activity, and mitigate threats before they escalate. The partnership aims to reduce the impact of cyber incidents on citizens, enterprises, and critical national infrastructure.  Expanding Cyber Skills and Knowledge Transfer  Another essential focus area of the Cyble and BOCRA MoU is capacity building. The agreement includes initiatives to enhance cybersecurity skills, support workforce development, and promote knowledge transfer. This is expected to help Botswana establish a sustainable talent pipeline capable of addressing modern cyber risks.  According to Cyble, strengthening human expertise is as crucial as deploying technical solutions. Training programs, workshops, and shared intelligence efforts will support BOCRA and the Botswana National CSIRT in their mandate to safeguard the country’s digital landscape.  Manish Chachada, Co-founder and COO of Cyble, emphasized the importance of this collaboration. “This partnership reflects our continued commitment to supporting national cybersecurity priorities across Africa. By combining Cyble’s threat intelligence expertise with BOCRA’s regulatory leadership, we are confident in our ability to strengthen Botswana’s cyber resilience and help the nation navigate the rapidly evolving threat landscape,” he said.  About BOCRA  The Botswana Communications Regulatory Authority serves as the national body responsible for regulating the communications sector, advancing cybersecurity programs, enhancing digital infrastructure resilience, and promoting cyber awareness across the country. As cyber threats grow more complex, BOCRA’s role in coordinating national cyber readiness becomes increasingly critical.  About Cyble  Cyble, an AI-first cybersecurity company, is recognized globally for its expertise in dark web intelligence, digital risk protection, and predictive cyber defense. Its platforms process more than 50TB of threat data daily, helping organizations detect, measure, and mitigate risks in real time. Cyble works with Fortune 500 enterprises and government entities worldwide, supporting the shift toward intelligent, autonomous cybersecurity solutions.  The Cyble and BOCRA MoU reinforces the shared vision of both organizations to ensure a safer, more secure digital future for Botswana.  Explore how Cyble’s AI-powered threat intelligence and digital risk protection solutions can help your business stay ahead of emerging risks.  Visit www.cyble.com to learn more. 

image for Europe Strengthens C ...

 Firewall Daily

The European Union Agency for Cybersecurity (ENISA) has taken a major step forward in advancing vulnerability management across Europe by becoming a CVE Root within the global Common Vulnerabilities and Exposures (CVE) Program. This designation makes ENISA a central point of contact for national and EU authorities,   show more ...

members of the EU CSIRTs Network, and other partners under its mandate.  Previously acting as a Common Vulnerability and Exposure (CVE) Numbering Authority (CNA), ENISA has been authorized since January 2024 to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities discovered by or reported to EU CSIRTs. The move to CVE Root status expands the agency’s responsibilities and strengthens the coordination of vulnerability management efforts throughout the EU.  ENISA’s Executive Director, Juhan Lepassaar, emphasized the importance of this milestone: “By becoming a Root, ENISA moves a step further to improve the development and capacity of the Agency to support vulnerability management in the EU. With the new responsibilities, ENISA extends its support to the CSIRTs network and to all its partners to further enhance the EU's ability to manage and coordinate cybersecurity vulnerabilities and improve digital security across the Union.”  This development aligns with wider EU investments in coordinated vulnerability disclosure, the European Vulnerability Database (EUVD), and responsibilities outlined in the Cyber Resilience Act (CRA). Under the CRA, ENISA will guide manufacturers on compliance, assist in applying the new cybersecurity framework, and contribute to the development of the Single Reporting Platform for vulnerability notifications.  Understanding the CVE Program and ENISA’s Expanded Mandate  Founded in 1999, the CVE Program serves as a global system for identifying and cataloging publicly disclosed vulnerabilities. CVE IDs and accompanying records allow developers, organizations, and cybersecurity professionals to understand and address security flaws quickly. As a key figure in this ecosystem, ENISA now plays an expanded role in supporting the identification, onboarding, and oversight of CNAs that fall within its scope.  As a CVE Root, ENISA will help enforce CVE Program guidelines, refine procedures for assigning and managing CVE IDs, and maintain its registry services to support the vulnerability coordination work of EU CSIRTs. It will also act as a central contact point for cooperative partners under its mandate.  ENISA will join the CVE Program Council of Roots, the coordinating body responsible for overseeing operational alignment among Root organizations. Internationally, Roots include MITRE, CISA, Google, Red Hat, and Japan’s JPCERT/CC. Within the EU, INCIBE-CERT, Thales Group, and CERT@VDE are existing Roots, now accompanied by ENISA.  Transition Plans for Existing CNAs  ENISA’s new Root scope applies to organizations within its mandate, and eligible CNAs interested in transitioning under ENISA’s Root may do so voluntarily. The CVE Program will collaborate closely with each organization to support a smooth and phased transition. This approach ensures that CNAs can align the change with their operational requirements while maintaining continuity in their vulnerability management processes.  By becoming a CVE Root, ENISA deepens its involvement in coordinated vulnerability management across the EU. The agency’s expanded duties will help enhance the accuracy and timeliness of CVE Records, improve cross-border coordination, and support responsible vulnerability disclosure practices. These advances contribute directly to reducing fragmentation across Member States and creating a more unified European cybersecurity ecosystem.  ENISA also plays a pivotal role in several strategic EU cybersecurity initiatives. It operates the European Vulnerability Database (EUVD), developed under the NIS2 Directive and now fully operational. Additionally, the agency is developing the Single Reporting Platform (SRP) under the Cyber Resilience Act to facilitate mandatory reporting of actively exploited vulnerabilities by manufacturers starting in September 2026.  Conclusion   As secretariat of the EU CSIRTs Network, ENISA plays a key role in coordinating vulnerability disclosure across Member States and guiding CVD policies, reinforcing Europe’s cybersecurity resilience. Its new CVE Root status further strengthens its capacity in vulnerability management and cross-border coordination.  Complementing these efforts, Cyble offers AI-driven threat intelligence and real-time monitoring, enabling European enterprises to detect, investigate, and mitigate emerging cyber threats. Request a personalized demo from Cyble today to enhance your organization’s cyber resilience. 

image for Critical 7-Zip Vulne ...

 Firewall Daily

A newly discovered security flaw, identified as CVE-2025-11001, is targeting users across both public and private sectors. The vulnerability, affecting all versions of 7-Zip before 25.00, allows attackers to execute malicious code remotely, potentially compromising critical systems. NHS Digital issued a cyber alert   show more ...

urging organizations and users to take immediate action.  Details of the CVE-2025-11001 Vulnerability CVE-2025-11001 is classified as a file-parsing directory traversal remote code execution vulnerability. With a CVSS score of 7.0, the flaw is considered high severity. Exploitation occurs through 7-Zip’s handling of symbolic links during the extraction of archive files. By crafting malicious archives, attackers can manipulate 7-Zip to write files outside the intended extraction directory. This misbehavior enables the placement of executable files in sensitive system locations, which can then be triggered to execute arbitrary code.  Security researchers have released a proof-of-concept (PoC) exploit demonstrating how CVE-2025-11001 can be leveraged. While the PoC does not constitute a fully weaponized attack, it lowers the barrier for cybercriminals, making unpatched systems increasingly vulnerable.  Impact and Threat Assessment All 7-Zip versions before 25.00 are at risk, which includes a vast number of enterprise systems, government agencies, and personal computers. The NHS Digital cybersecurity team has classified this issue as Threat ID CC-4719 with medium severity, highlighting the urgent need for patching.  Although initial reports suggested active exploitation in the wild, a subsequent update on November 20, 2025, clarified that no confirmed exploitation of CVE-2025-11001 has been observed by NHS England’s National Cyber Security Operations Centre (CSOC). The National CSOC did confirm the existence of the public PoC exploit and indicated that potential exploitation remains likely in the future if systems are left unpatched.  Given the deployment of 7-Zip across multiple environments, the potential attack surface is significant. A successful attack could allow unauthorized access to sensitive systems and facilitate the deployment of additional malware payloads.  Remediation and Recommendations In response to CVE-2025-11001, 7-Zip released version 25.00, which addresses the vulnerability and mitigates the risk of remote code execution via malicious archive files. Organizations and individual users are strongly advised to upgrade immediately. Delaying the update leaves systems exposed to potential threats that could be exploited once more attacks emerge.  System administrators should prioritize updating all endpoints and servers running vulnerable 7-Zip versions. Implementing this patch eliminates the directory traversal flaw, effectively neutralizing the possibility of arbitrary code execution through symbolic link abuse.  Conclusion CVE-2025-11001 is a high-severity 7-Zip vulnerability. While NHS systems haven’t seen confirmed exploitation, the public proof-of-concept raises the risk. Organizations should update to 7-Zip 25.00 or later and report incidents to NHS Digital.  To stay protected from threats like CVE-2025-11001, Cyble provides AI-driven vulnerability intelligence, helping organizations prioritize and patch critical risks before they are exploited. Schedule a personalized demo with Cyble to protect your systems today. 

image for Fake Deals, Fake Sto ...

 Features

As Black Friday sale scams continue to rise, shoppers across Europe and the US are being urged to stay vigilant this festive season. With promotions kicking off earlier than ever, some starting as early as October 30 in Romania, cybercriminals have had an extended window to target bargain hunters, exploiting their   show more ...

search for deals with fraudulent schemes. Black Friday 2025, this year, scammers have been impersonating top brands such as Amazon, MediaMarkt, TEMU, IKEA, Kaufland, Grohe, Oral-B, Binance, Louis Vuitton, Jack Daniel’s, Reese’s, and United Healthcare. Among them, Amazon remains the most frequently abused brand, appearing in phishing messages, fake coupon offers, and mobile scams promising massive discounts. Amid these ongoing threats, many shoppers are also expressing frustration with deceptive pricing tactics seen during the Black Friday period. One Reddit user described the experience as increasingly misleading: “I'm officially over the Black Friday hype. It used to feel like a sale, now it feels like a prank. I was tracking a coffee machine at $129. When the ‘Black Friday early deal’ showed up, it became ‘$159 now $139 LIMITED TIME.’ I saw $129 two weeks ago. The kids’ tablet went from $79 to $89 with a Holiday Deal tag — paying extra for a yellow label. I've been doing Black Friday hunting for 10+ years and it's only gotten worse. Fake doorbusters, fake urgency, fake ‘original’ prices. Feels like they're A/B testing how cooked our brains are as long as the button screams ‘53% OFF.’ Now I only buy when needed and let a Chrome extension track my Amazon orders. It clawed back $72 last month from so-called ‘preview pricing’ after prices dropped again.” This sentiment reflects a growing concern: while scam campaigns imitate trusted brands, the pressure-driven marketing tactics surrounding Black Friday can also make consumers more vulnerable to fraud. Moreover, a recent campaign even spoofed United Healthcare, offering a fake “Black Friday Smile Upgrade” with Oral-B dental kits, aiming to collect sensitive personal data. According to data from the City of London Police, shoppers lost around £11.8 million to online shopping fraud during last year’s festive season, from 1 November 2024 to 31 January 2025. Fraudsters often pressure victims with claims that deals are limited or products are scarce, forcing hurried decisions that can result in stolen funds or sensitive information. A Month-Long Shopping Season Means More Risk With strong discounts across electronics, toys, apparel, and home goods, consumers are drawn to higher-ticket items. This year, electronics saw discounts up to 30.1%, toys 28%, apparel 23.2%, and furniture 19%, while televisions, appliances, and sporting goods hit record lows in price, prompting significant e-commerce growth. Adobe reported that for every 1% decrease in price, demand increased by 1.029% compared to the previous year, driving an additional $2.25 billion in online spending, a part of the overall $241.4 billion spent online. The combination of high consumer demand and deep discounts makes the Black Friday shopping period especially attractive to cybercriminals, as the increased volume of online transactions offers more opportunities for scams. How to Protect Yourself from Black Friday Sale Scams Ahead of Black Friday on November 28, shoppers are being encouraged to follow advice from the Stop! Think Fraud campaign, run by the Home Office and the National Cyber Security Centre (NCSC). Key precautions include: Check the shop is legitimate: Always verify reviews on trusted websites before making a purchase. Secure your accounts: Enable two-step verification (2SV) for important accounts to add an extra layer of security. Pay securely: Use credit cards or verified payment services like PayPal, Apple Pay, or Google Pay. Avoid storing card details on websites and never pay by direct bank transfer. Beware of delivery scams: Avoid clicking links in unexpected messages or calls and confirm any delivery claims with the organization directly. Individuals are also urged to report suspicious emails, texts, or fake websites to the NCSC, which collaborates with partners to investigate and remove malicious content. For businesses and security-conscious shoppers, leveraging tools like Cyble’s Cyber Threat Intelligence Platform can help monitor brand impersonation, detect scams, and protect sensitive data in real-time during Black Friday sale scams. With the rise of cyber threats during high-demand shopping periods, proactive intelligence is key to staying safe. Stay alert this Black Friday, your bargains are only valuable if your personal data stays safe. Learn more about how Cyble can protect you and your business here.

image for Mozilla Says It’s ...

 A Little Sunshine

In March 2024, Mozilla said it was winding down its collaboration with Onerep — an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites — after KrebsOnSecurity revealed Onerep’s founder had created dozens of people-search   show more ...

services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced its partnership with Onerep will officially end next month. Mozilla Monitor. Image Mozilla Monitor Plus video on Youtube. In a statement published Tuesday, Mozilla said it will soon discontinue Monitor Plus, which offered data broker site scans and automated personal data removal from Onerep. “We will continue to offer our free Monitor data breach service, which is integrated into Firefox’s credential manager, and we are focused on integrating more of our privacy and security experiences in Firefox, including our VPN, for free,” the advisory reads. Mozilla said current Monitor Plus subscribers will retain full access through the wind-down period, which ends on Dec. 17, 2025. After that, those subscribers will automatically receive a prorated refund for the unused portion of their subscription. “We explored several options to keep Monitor Plus going, but our high standards for vendors, and the realities of the data broker ecosystem made it challenging to consistently deliver the level of value and reliability we expect for our users,” Mozilla statement reads. On March 14, 2024, KrebsOnSecurity published an investigation showing that Onerep’s Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search services since 2010, including a still-active data broker called Nuwber that sells background reports on people. Shelest released a lengthy statement wherein he acknowledged maintaining an ownership stake in Nuwber, a data broker he founded in 2015 — around the same time he launched Onerep.

image for CISOs Get Real About ...

 Feed

Dark Reading Confidential Episode 12: Experts help cyber job seekers get noticed, make an argument for a need to return to the hacker ethos of a bygone era, and have a stark conversation about keeping AI from breaking the sector's talent pipeline for years to come.

 Feed

Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote access and control, per a new report from Acronis Threat Research Unit (TRU). The campaign, per the

 Feed

Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting. The development is a sign that the lines between state-sponsored cyber attacks and kinetic warfare are increasingly blurring, necessitating the need for a new category of warfare, the tech giant's

 Feed

This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadgets are being used to attack people. Every day, there's a new story that shows how quickly things are

 Feed

CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp’s familiar web interface, using social engineering tactics to trick users into compromising their accounts. Investigators identified thousands of malicious URLs

 Feed

Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. "A key differentiator is its ability to bypass encrypted messaging," ThreatFabric said in a report shared with The Hacker News. "By capturing content directly from the device screen after decryption, Sturnus can monitor

 Feed

Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0, is an evolution of a prior wave that was observed between September 2023 and March 2024. The attack, at its core,

 Feed

Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control (C2) server, Kaspersky researcher Lisandro Ubiedo said in an analysis published today. There are currently no details on how the botnet malware is propagated;

 Data loss

Stop the press - a company has actually said "sorry" after a data breach, and hotels are helping hackers phish their own guests. We examine a refreshingly honest breach response (and why legacy systems are still going to ruin your week), dig into a nasty hotel-booking malware campaign that abuses trust in apps   show more ...

and CAPTCHAs, and chat about autonomous pen testing, AI-turbocharged cybercrime, and what CISOs should really be asking on Monday morning. And lost Doctor Who is brought back to life by one very dedicated animator, and we take a look at Eddie Murphy’s career. All this and more is discussed in episode 444 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard. Plus - don't miss our featured interview with Snehal Antani from Horizon3.ai!

2025-11
Aggregator history
Thursday, November 20
SAT
SUN
MON
TUE
WED
THU
FRI
NovemberDecemberJanuary