23174
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
📔 Verizon's DBIR Reveals 34% Jump in Vulnerability Exploitation 📔After a 180 rise in last years report, the exploitation of vulnerabilities continues to grow, now accounting for 20 of all breaches.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems 🖋️Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below nodetelegramutils 132 downloads nodetelegrambotsapi 82 downloads nodetelegramutil 73 downloads According to supply chain.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ If Boards Don't Fix OT Security, Regulators Will 🕵️♂️Around the world, governments are setting higherbar regulations with clear corporate accountability for breaches on the belief organizations won't drive up security maturity for operational technology unless they're made to.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🌊 How Full-Spectrum Security with SIEM and SOC Helped Avoid a Potential $650K Loss 🌊Our clients company issues business licenses and hosts events. Before reaching out to us, they... The post How FullSpectrum Security with SIEM and SOC Helped Avoid a Potential 650K Loss appeared first on UnderDefense.
📖 Read more.
🔗 Via "UnderDefense"
----------
👁️ Seen on @cibsecurity
🌊 Rapid7 Pricing 2025: Ultimate Guide for Security Products 🌊Rapid7 delivers a full suite of security solutions to help organizations detect, manage, and respond to cyber threats. As of 2025, Rapid7s productssuch as InsightVM, InsightIDR, and Managed Threat Completestart at around 2,000 to 5,000 per year for smaller environments, while enterprise deployments can range from 30,000 to over 150,000 annually, depending on the size, The post Rapid7 Pricing 2025 Ultimate Guide for Security Products appeared first on UnderDefense.
📖 Read more.
🔗 Via "UnderDefense"
----------
👁️ Seen on @cibsecurity
📔 Senators Urge Cyber-Threat Sharing Law Extension Before Deadline 📔Bipartisan support grows in Congress to extend Cybersecurity Information Sharing Act for 10 years.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure 📔Russian state actor Midnight Blizzard is using fake wine tasting events as a lure to spread malware for espionage purposes, according to Check Point.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns 🖋️Multiple statesponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a threemonth period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 aka Kimsuky, TA450 aka MuddyWater,.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download 🖋️The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a mediumseverity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE202524054 CVSS score 6.5, is a Windows New Technology LAN Manager NTLM hash disclosure.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ [Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach 🖋️Your employees didnt mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AIenhanced tool. Integrated a chatbot into Salesforce. No big dealuntil it is. If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks 🦿Find out the specifics of these iOS and macOS vulnerabilities, as well as which Apple devices were impacted.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📔 Network Edge Devices the Biggest Entry Point for Attacks on SMBs 📔Sophos found that compromise of network edge devices, such as VPN appliances, accounted for 30 of incidents impacted SMBs in 2024.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🕵️♂️ GPS Spoofing Attacks Spike in Middle East, Southeast Asia 🕵️♂️An Indian disasterrelief flight delivering aid is the latest airtraffic incident, as attacks increase in the Middle East and Myanmar and along the IndiaPakistan border.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🖋️ Blockchain Offers Security Benefits – But Don't Neglect Your Passwords 🖋️Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchainbased security tools, could the technology one day replace passwords? How blockchain works Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Cybersecurity by Design: When Humans Meet Technology 🕵️♂️If security tools are challenging to use, people will look for workarounds to get around the restrictions.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🖋️ APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures 🖋️The Russian statesponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initialstage tool.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures 🖋️The Russian statesponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initialstage tool.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader 🖋️A new multistage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical writeup of the campaign. The.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🌊 Social Engineering Exposes Flaws in Ransomware Response Plan — Time for an Update 🌊Lets be frankno one wakes up thinking, Todays the day I get phished. But thats exactly what keeps happeningand groups like BlackBasta ransomware group operating as ransomwareasaservice RaaS know how to pull it off. Slow, sneaky, and painfully effective if your ransomware response plan isnt ready. At UnderDefense, we see this play out far too The post Social Engineering Exposes Flaws in Ransomware Response Plan Time for an Update appeared first on UnderDefense.
📖 Read more.
🔗 Via "UnderDefense"
----------
👁️ Seen on @cibsecurity
🌊 Veracode Pricing 2025: Ultimate Guide for Security Products 🌊Veracode offers a full suite of application security tools to help businesses protect their software from cyber threats. In 2025, Veracodes pricing starts around 15,000 per year for basic packages and can exceed 100,000 annually for full enterprise solutions. With flexible plans for small businesses and large enterprises alike, Veracode makes it easier to secure The post Veracode Pricing 2025 Ultimate Guide for Security Products appeared first on UnderDefense.
📖 Read more.
🔗 Via "UnderDefense"
----------
👁️ Seen on @cibsecurity
📔 NTLM Hash Exploit Targets Poland and Romania Days After Patch 📔An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Artificial Intelligence – What's all the fuss? 🖋️Talking about AI Definitions Artificial Intelligence AI AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decisionmaking and problemsolving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning ML and Deep Learning. Machine.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates 🖋️The Chinalinked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT 🖋️Cybersecurity researchers are warning of continued risks posed by a distributed denialofservice DDoS malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis. .
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 Network Security at the Edge for AI-ready Enterprise 🦿The widespread use of AI, particularly generative AI, in modern businesses creates new network security risks for complex enterprise workloads across various locations.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🦿 ‘No AI Agents are Allowed.’ EU Bans Use of AI Assistants in Virtual Meetings 🦿In a presentation delivered this month by the European Commission, a meeting etiquette slide stated No AI Agents are allowed.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📔 Network Edge Devices the Biggest Entry Point for Attacks on SMBs 📔Sophos found that compromise of network edge devices, such as VPN appliances, accounted for 30 of incidents impacted SMBs in 2024.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🕵️♂️ GPS Spoofing Attacks Spike in Middle East, Southeast Asia 🕵️♂️An Indian disasterrelief flight delivering aid is the latest airtraffic incident, as attacks increase in the Middle East and Myanmar and along the IndiaPakistan border.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Middle East, North Africa Security Spending to Top $3B 🕵️♂️Gartner projects IT security spending in the MENA region will continue to increase in 2025, with security services accounting for the most growth.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ Middle East, North Africa Security Spending to Top $3B 🕵️♂️Gartner projects IT security spending in the MENA region will continue to increase in 2025, with security services accounting for the most growth.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity