What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-01-29 22:10:29 | PrintNightmare Aftermath: Windows Print Spooler is Better. What\\'s Next? (lien direct) | While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore.
While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore. |
Vulnerability Threat | ★★★ | |
|
2025-01-29 21:39:00 | Researchers Uncover Lazarus Group Admin Layer for C2 Servers (lien direct) | The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command and control servers from Pyongyang.
The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command and control servers from Pyongyang. |
Threat | APT 38 | ★★★ |
|
2025-01-29 19:54:26 | Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers (lien direct) | VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.
VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats. |
Vulnerability Threat | ★★★ | |
|
2025-01-29 18:03:01 | Mirai Variant \\'Aquabot\\' Exploits Mitel Device Flaws (lien direct) | Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.
Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model. |
Vulnerability Threat | ★★★ | |
 |
2025-01-29 16:13:27 | New Zyxel Zero-Day Under Attack, No Patch Available (lien direct) | >GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available.
>GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available. |
Vulnerability Threat | ★★★ | |
 |
2025-01-29 14:00:00 | Threat Actors Exploit Government Websites for Phishing (lien direct) | Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections
Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections |
Threat | ★★★ | |
 |
2025-01-29 14:00:00 | Adversarial Misuse of Generative AI (lien direct) | Rapid advancements in artificial intelligence (AI) are unlocking new possibilities for the way we work and accelerating innovation in science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our collective security. Large language models (LLMs) open new possibilities for defenders, from sifting through complex telemetry to secure coding, vulnerability discovery, and streamlining operations. However, some of these same AI capabilities are also available to attackers, leading to understandable anxieties about the potential for AI to be misused for malicious purposes. Much of the current discourse around cyber threat actors\' misuse of AI is confined to theoretical research. While these studies demonstrate the potential for malicious exploitation of AI, they don\'t necessarily reflect the reality of how AI is currently being used by threat actors in the wild. To bridge this gap, we are sharing a comprehensive analysis of how threat actors interacted with Google\'s AI-powered assistant, Gemini. Our analysis was grounded by the expertise of Google\'s Threat Intelligence Group (GTIG), which combines decades of experience tracking threat actors on the front lines and protecting Google, our users, and our customers from government-backed attackers, targeted 0-day exploits, coordinated information operations (IO), and serious cyber crime networks. We believe the private sector, governments, educational institutions, and other stakeholders must work together to maximize AI\'s benefits while also reducing the risks of abuse. At Google, we are committed to developing responsible AI guided by our principles, and we share | Ransomware Malware Tool Vulnerability Threat Studies Legislation Mobile Industrial Cloud Technical Commercial | APT 41 APT 43 APT 42 | ★★★ |
 |
2025-01-29 13:39:07 | How we kept the Google Play & Android app ecosystems safe in 2024 (lien direct) | Posted by Bethel Otuteye and Khawaja Shams (Android Security and Privacy Team), and Ron Aquino (Play Trust and Safety)
Android and Google Play comprise a vibrant ecosystem with billions of users around the globe and millions of helpful apps. Keeping this ecosystem safe for users and developers remains our top priority. However, like any flourishing ecosystem, it also attracts its share of bad actors. That\'s why every year, we continue to invest in more ways to protect our community and fight bad actors, so users can trust the apps they download from Google Play and developers can build thriving businesses.
Last year, those investments included AI-powered threat detection, stronger privacy policies, supercharged developer tools, new industry-wide alliances, and more. As a result, we prevented 2.36 million policy-violating apps from being published on Google Play and banned more than 158,000 bad developer accounts that attempted to publish harmful apps.
But that was just the start. For more, take a look at our recent highlights from 2024:
Google\'s advanced AI: helping make Google Play a safer placeTo keep out bad actors, we have always used a combination of human security experts and the latest threat-detection technology. In 2024, we used Google\'s advanced AI to improve our systems\' ability to proactively identify malware, enabling us to detect and block bad apps more effectively. It also helps us streamline review processes for developers with a proven track record of policy compliance. Today, over 92% of our human reviews for harmful apps are AI-assisted, allowing us to take quicker and more accurate action to help prevent harmful apps from becoming available on Google Play.
That\'s enabled us to stop more bad apps than ever from reaching users through the Play Store, protecting users from harmful or malicious apps before they can cause any damage.
Working with developers to enhance security and privacy on Google Play
To protect user privacy, we\'re working with developers to reduce unnecessary access to sensitive data. In 2024, we prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data. We also required apps to be more transparent about how they handle user information by launching new developer requirements and a new “Data deletion” option for apps that support user accounts and data collection. This helps users manage their app data and understand the app\'s deletion practices, making it easier for Play users to delete data collected from third-party apps.
We also worked to ensure that apps use the strongest and most up-to-date privacy and security capabilities Android has to offer. Every new version of Android introduces new security and privacy features, and we encourage developers to embrace these advancements as soon as possible. As a result of partnering closely with developers, over 91% of app install |
Malware Tool Threat Mobile Cloud | ★★★ | |
 |
2025-01-29 13:30:01 | Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns (lien direct) | >Employees in most organizations receive countless communications daily-emails, Slack messages, or ticket updates, for example. Hidden among these routine interactions are phishing scams designed to exploit trust and compromise security. Imagine an employee receiving a text that appears to be from their bank: “Suspicious activity detected on your account. Click here to secure your account.” […]
The post Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns first appeared on SlashNext.
>Employees in most organizations receive countless communications daily-emails, Slack messages, or ticket updates, for example. Hidden among these routine interactions are phishing scams designed to exploit trust and compromise security. Imagine an employee receiving a text that appears to be from their bank: “Suspicious activity detected on your account. Click here to secure your account.” […] The post Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns first appeared on SlashNext. |
Threat | ★★ | |
 |
2025-01-29 13:01:36 | New ICS Vulnerabilities Discovered in Schneider Electric and B&R Automation Systems (lien direct) | 
Overview
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued two urgent advisories regarding serious ICS vulnerabilities in industrial control systems (ICS) products. These ICS vulnerabilities, identified in Schneider Electric\'s RemoteConnect and SCADAPack x70 Utilities, as well as B&R Automation\'s Runtime software, pose online risks to critical infrastructure systems worldwide. The ICS vulnerabilities, if exploited, could lead to potentially devastating impacts on the integrity, confidentiality, and availability of systems within energy, critical manufacturing, and other essential sectors.
Schneider Electric\'s Vulnerability in RemoteConnect and SCADAPack x70 Utilities
The ICS vulnerability in Schneider Electric\'s RemoteConnect and SCADAPack x70 Utilities arises from the deserialization of untrusted data, identified as CWE-502. This flaw could allow attackers to execute remote code on affected workstations, leading to several security risks, including the loss of confidentiality and integrity. The issue is triggered when a non-admin authenticated user opens a malicious project file, which could potentially be introduced through email, file sharing, or other methods.
Schneider Electric has assigned the CVE identifier CVE-2024-12703 to this vulnerability, with a base CVSS v3 score of 7.8 and a CVSS v4 score of 8.5. Both versions highlight the severity of the issue, with potential consequences including unauthorized remote code execution.
This vulnerability affects all versions of both RemoteConnect and SCADAPack x70 Utilities, products widely deployed in sectors such as energy and critical manufacturing across the globe. Although Schneider Electric is working on a remediation plan for future product versions, there are interim steps that organizations can take to mitigate the risk. These include:
Only opening project files from trusted sources
Verifying file integrity by computing and checking hashes regularly
Encrypting project files and restricting access to trusted users
Using secure communication protocols when exchanging files over the network
Following established SCADAPack Security Guidelines for added protection
CISA recommends minimizing the network exposure of control system devices, ensuring they are not directly accessible from the internet, and placing control system networks behind firewalls to isolate them from business networks. When remote access is necessary, using secure methods like Virtual Private Networks (VPNs) is strongly advised. However, organizations should ens |
Vulnerability Threat Patching Industrial | ★★★★ | |
 |
2025-01-29 11:22:00 | UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents (lien direct) | The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.
"This research focuses on completing the picture of UAC-0063\'s operations, particularly documenting their expansion beyond their initial focus on Central Asia,
The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. "This research focuses on completing the picture of UAC-0063\'s operations, particularly documenting their expansion beyond their initial focus on Central Asia, |
Malware Threat | ★★★ | |
|
2025-01-29 10:41:00 | Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability (lien direct) | Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild.
"Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration," GreyNoise researcher Glenn Thorpe said in an alert
Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. "Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration," GreyNoise researcher Glenn Thorpe said in an alert |
Vulnerability Threat | ★★ | |
|
2025-01-29 10:38:59 | Australia\\'s Health Sector Receives $6.4 Million Cybersecurity Boost with New Threat Information-Sharing Network (lien direct) | >
The Australian Government has awarded a $6.4 million grant to CI-ISAC Australia, enabling the establishment of a new Health Cyber Sharing Network (HCSN). This initiative is designed to facilitate the rapid exchange of critical cyber threat information within Australia\'s healthcare industry, which has become a target for cyberattacks.
The recent surge in cyberattacks on Australian healthcare organizations, including hospitals and health insurance providers, has highlighted the pressing need for enhanced cybersecurity measures. In response, the Australian Government has made healthcare the priority sector for its formal funding efforts.
This grant is part of a broader strategy to address the vulnerabilities in the nation\'s health sector and ensure it is better equipped to handle the cyber threats faced by the industry.
A Growing Threat: The Cost of Cybersecurity Breaches
The healthcare industry globally has been facing increasing cybersecurity challenges, and Australia is no exception. According to reports from 2023, the global healthcare sector continues to experience the most expensive data breaches across industries for the 13th consecutive year. The average cost of a healthcare data breach was a staggering AUD$10.93 million, nearly double that of the financial industry, which recorded an average cost of $5.9 million.
Australia\'s health sector, which encompasses a diverse range of organizations, from public and private hospitals to medical clinics and insurance providers, is increasingly vulnerable to cyber threats. This sector includes approximately 750 government hospitals, 650 private hospitals, and over 6,500 general practitioner clinics, along with numerous third-party suppliers and vendors.
The creation of the HCSN aims to address these risks by providing a secure, collaborative platform for information sharing. The network will enable health sector organizations to work together more effectively, breaking down silos and improving the speed and quality of cybersecurity threat information exchange.
The Role of CI-ISAC and the Health Cyber-Sharing Network
CI-ISAC Australia, the recipient of the $6.4 million Australian Government grant, will spearhead the creation and management of the Health Cyber Sharing Network. The HCSN will focus on fostering collaboration between Australian healthcare organizations, ensuring they can share relevant |
Data Breach Vulnerability Threat Medical Cloud | ★★★ | |
|
2025-01-29 10:30:00 | Breakout Time Accelerates 22% as Cyber-Attacks Speed Up (lien direct) | ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22% in 2024
ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22% in 2024 |
Threat | ★★★ | |
 |
2025-01-29 10:00:37 | Threat predictions for industrial enterprises 2025 (lien direct) | Kaspersky ICS CERT analyzes industrial threat trends and makes forecasts on how the industrial threat landscape will look in 2025.
Kaspersky ICS CERT analyzes industrial threat trends and makes forecasts on how the industrial threat landscape will look in 2025. |
Threat Industrial | ★★★★ | |
 |
2025-01-29 07:00:00 | Securing Your Digital Footprint While Traveling in 2025 (lien direct) | In an increasingly connected world, travel relies more on technology than ever. While digital tools enhance convenience, they also create new opportunities for cyber threats. Phishing attacks and malicious links targeting mobile devices are projected to triple compared to previous years as cybercriminals exploit public Wi-Fi networks and insecure booking platforms. To navigate these challenges, it’s essential to secure your digital footprint proactively. This article will highlight the risks travelers face and provide actionable strategies to protect your data, ensuring a safe and stress-free journey. Why Travelers Are Main Targets of Cyber Threats As travelers lean more heavily on mobile apps, online bookings, and cloud-based itineraries, the risks of data breaches, identity theft, and account compromise will grow significantly. Yet, reports suggest that nearly half of mobile users may still neglect basic security solutions, leaving their personal information at risk. Understanding these vulnerabilities is the first step toward protecting your data on the go. Increased Use of Public Wi-Fi Travelers continue to face challenges when using public Wi-Fi. While it offers convenience at airports, hotels, and cafes, these unsecured networks are a hotbed for cyber threats. Hackers can easily perform man-in-the-middle attacks, intercepting data transmitted over open networks. This means sensitive information, such as passwords and credit card details, can be stolen in real-time. Additionally, travelers may unknowingly connect to fake Wi-Fi networks, known as "honeypots," set up specifically to capture their data. Reliance on Digital Platforms Traveling in 2025 involves heavy dependence on digital tools for bookings, navigation, and payments. Mobile apps, cloud storage, and online platforms streamline trip planning but also expand the attack surface for cybercriminals. Every app or platform travelers use becomes a potential entry point for hackers. A single compromised account can give attackers access to travel itineraries, payment methods, and even personal identification details. Phishing and Fake Booking Scams As the travel industry digitizes further, phishing attacks are becoming increasingly sophisticated. Travelers are often targeted with fraudulent emails, texts, or ads that mimic legitimate booking platforms. Clicking these links can lead to fake hotel booking sites that steal credit card information or infect devices with malware. In many cases, travelers don’t realize they\'ve been scammed until it’s too late—either their trip is ruined or their financial data is compromised. Essential Cybersecurity Practices for Travelers While staying connected during travel has become a common practice, it also exposes you to potential cyber risks. By following a few key cybersecurity practices, you can protect your personal information and browse securely no matter where your journey takes you. Here are the most effective ways to safeguard your digital footprint: 1. Use a VPN A Virtual Private Network (VPN) is one of the most effective tools for securing your internet connection while traveling. VPNs encrypt your online activity, preventing hackers from intercepting sensitive information like passwords or payment details, even on public Wi-Fi networks. Popular options like NordVPN, ExpressVPN, and CyberGhost offer global servers, ensuring reliable and secure connectivity wherever you are. 2. Enable Two-Factor Authentication (2FA) Securing your accounts with two-factor authenti | Spam Malware Tool Vulnerability Threat Mobile Cloud | ★★★ | |
 |
2025-01-29 06:42:08 | A Guide for Insider Risk Teams: 10 Tips for Monitoring User Activity While Protecting Privacy (lien direct) | As security teams, we often face a tough dilemma: how can we monitor users for risky activity without compromising their privacy? It\'s a delicate balance. There\'s a fine line between ensuring security while also respecting the confidentiality of sensitive employee data. However, achieving this balance isn\'t only possible, it\'s essential. It must be part of any insider risk program for it to be both trustworthy and effective. In honor of Data Privacy Week, in this blog post I\'ll walk you through 10 best practices to help you build a robust insider risk program that meets both your data privacy and security needs. 1: Involve privacy and legal stakeholders early From the very beginning, you should invite the right people to the table. During the program\'s design phase, reach out to privacy councils or worker councils to get them involved. This will ensure that important privacy aspects are addressed right from the start. These councils can offer invaluable insights into the ethical and legal considerations that must be taken into account. Once involved, keep these stakeholders close throughout the journey. Regular updates about the program\'s goals, scope and processes will help foster trust between security teams and privacy advocates. In fact, demonstrating that privacy has been top of mind all along, the insider risk team will equally be the face of privacy advocacy. Example If you\'re rolling out an insider risk management program, involve your privacy officer in the planning stages. This will ensure that your program is compliant with GDPR and other data protection regulations. When privacy concerns are addressed proactively, personally identifiable information (PII) won\'t be used in ways that could lead to violations. 2: Define program scope and reporting thresholds One of the most critical components of any insider risk program is clear boundaries. Define what constitutes risky activity, which is typically aligned to existing conduct, compliance or security policies. It is also important to clearly define what behaviors result in a certain risk level as well as at which point risky behaviors require a deeper inquiry or investigation. Not only does this help reduce the likelihood of overreach, but it also ensures that monitoring stays proportionate to the risk. Keep in mind that although organizational policies are defined and shared broadly, thresholds and detection capabilities should only be shared with those with a need-to know. Example Let\'s say your program detects users downloading large amounts of sensitive data. Set a threshold that only triggers an alert when someone downloads more than their typical number of files. Other thresholds might be when they are considered a flight risk or when they are circumventing a security control. This keeps the scope narrow, and it provides a much lower possibility that an analyst will review innocuous behavior. There\'s never a complete guarantee that this won\'t happen in the world of risk mitigation. However, that is why implementing the next eight best practices is so critical. 3: Be transparent, but guide the message thoughtfully In many organizations, the insider risk program is often shrouded in mystery. Unfortunately, this can breed rumors and distrust. Avoid this issue by communicating transparently and proactively where you can. Doing so sends a clear message that the program aligns with your organization\'s goals and its core values. It\'s also crucial to share stores about your program\'s positive impact. And make sure to remind everyone about privacy mechanisms that are in place as well as the overall purpose of your program. Transparency helps demystify the process and reassures employees that their privacy is being respected. While transparency is important, so is discretion. The details about triggered alerts and investigation details should not be shared beyond designated groups. This will ensure that your program isn\'t undermined and prevent people from circumventing controls. Example When your program starts t | Tool Threat Studies Medical Technical | ★★★ | |
|
2025-01-29 05:00:10 | How we estimate the risk from prompt injection attacks on AI systems (lien direct) | Posted by the Agentic AI Security TeamModern AI systems, like Gemini, are more capable than ever, helping retrieve data and perform actions on behalf of users. However, data from external sources present new security challenges if untrusted sources are available to execute instructions on AI systems. Attackers can take advantage of this by hiding malicious instructions in data that are likely to be retrieved by the AI system, to manipulate its behavior. This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.To mitigate the risk posed by this class of attacks, we are actively deploying defenses within our AI systems along with measurement and monitoring tools. One of these tools is a robust evaluation framework we have developed to automatically red-team an AI system\'s vulnerability to indirect prompt injection attacks. We will take you through our threat model, before describing three attack techniques we have implemented in our evaluation framework.Threat model and evaluation framework Our threat model concentrates on an attacker using indirect prompt injection to exfiltrate sensitive information, as illustrated above. The evaluation framework tests this by creating a hypothetical scenario, in which an AI agent can send and retrieve emails on behalf of the user. The agent is presented with a fictitious conversation history in which the user references private information suc |
Tool Vulnerability Threat | ★★ | |
 |
2025-01-29 04:45:59 | API Supply Chain Attacks Surge, Exposing Critical Security Gaps (lien direct) | API attack traffic rose by 681% over a 12-month period, far outpacing the 321% increase in overall API call volume – a dramatic surge that highlights threat actors\' growing focus on APIs as attack vectors. This was one of the findings of Salt Security\'s State of API Security Report. According to the report, despite the [...]
API attack traffic rose by 681% over a 12-month period, far outpacing the 321% increase in overall API call volume – a dramatic surge that highlights threat actors\' growing focus on APIs as attack vectors. This was one of the findings of Salt Security\'s State of API Security Report. According to the report, despite the [...] |
Threat | ★★ | |
|
2025-01-29 03:03:50 | Proofpoint Partners with Intel to Deliver Leading-Edge AI-Powered Information Protection (lien direct) | Digital transformation has produced a tidal wave of data in recent years. At the same time, intellectual property and sensitive business information has become more vulnerable due to work-from-home policies as well as the proliferation of devices. SecOps and IT departments struggle to identify critical data on managed endpoints in an efficient and scalable way. Not only must they classify various types of intellectual property (IP), but they also need to understand and anticipate user intent across many data exfiltration scenarios. With Proofpoint, organizations can be sure their data stays safe. We recently partnered with Intel to deliver advanced information protection tools that work faster and more efficiently than ever. Here\'s a rundown of some of the ways that Proofpoint is using Intel\'s latest technology to accelerate some of our most advanced data loss prevention (DLP) use cases. New Intel processors are a game changer Launched at CES 2025, Intel\'s AI PCs are now running Core Ultra 200V series processors. These processors feature an integrated neural processing unit (NPU) for AI acceleration. As a result, they are set to revolutionize the industry with dramatic performance gains and enhanced efficiency. Proofpoint\'s suite of cybersecurity tools leverages AI PCs for user behavior analysis, data classification and threat contextualization. With AI PCs powered by Intel Core Ultra processors, Proofpoint Information Protection can offload key AI and security workloads to the NPU on the endpoint. This enables the solution to run more efficiently, manage complexity better and scale to whatever you need. Inline, live classification To protect sensitive data DLP systems need to know what data needs to be protected. That\'s why classifying data is so important. The challenge is that businesses create a massive amount of data every day which is spread across different systems. Proofpoint Information Protection features inline, live data classification. This enables it to automatically tag data as it moves through business networks, ensuring that DLP systems know which data to protect. We use large language models (LLMs) to analyze documents that are difficult to classify, such as intellectual property, that don\'t fit into obvious patterns. We also give you the tools so that you can gain visibility into the classification of the documents. Then, you can decide in real time whether to block their exfiltration. Classifying data in real time requires considerable computing power. With Intel AI PCs, Proofpoint DLP can now offload most of the LLM workloads to the endpoint. Intel\'s advanced processors enable Proofpoint to scan large amounts of data and classify it faster. GenAI protection with user intent controls As a productivity tool, generative AI (GenAI) opens the door to insider risks by careless, compromised or malicious users. Careless insiders. These users may input sensitive data-like customer data, proprietary algorithms or internal strategies-into GenAI tools. Or they may use them to create content that does not align with a company\'s legal or regulatory standards, like documents with discriminatory language or images with inappropriate visuals. Compromised insiders. Access to these tools can be compromised by threat actors. Attackers use this access to extract, generate or share sensitive data with external parties. Malicious insiders. Some insiders actively want to cause harm. So, they might intentionally leak sensitive data into public GenAI tools. Or, if they have access to proprietary models or datasets, they might use these tools to create competing products. They could also use GenAI to create or alter records to make it difficult for auditors to identify non-compliance. To mitigate these risks, companies need to be able to monitor AI usage and data access. Proofpoint has developed GenAI protection with user intent controls to help organizations address these risks. Proofpoint uses LLMs to monitor all the prompts that us | Tool Threat | ★★★ | |
 |
2025-01-28 23:15:27 | Bytesize Security: Insider Threats in Google Workspace (lien direct) | Insider threats pose significant risks due to access to internal systems. Darktrace detected a former employee attempting to steal data from the customer\'s Google Workspace platform. Learn about this threat here.
Insider threats pose significant risks due to access to internal systems. Darktrace detected a former employee attempting to steal data from the customer\'s Google Workspace platform. Learn about this threat here. |
Threat | ★★★ | |
|
2025-01-28 22:57:51 | CrowdStrike Highlights Magnitude of Insider Risk (lien direct) | The impetus for CrowdStrike\'s new professional services came from last year\'s Famous Chollima threat actors, which used fake IT workers to infiltrate organizations and steal data.
The impetus for CrowdStrike\'s new professional services came from last year\'s Famous Chollima threat actors, which used fake IT workers to infiltrate organizations and steal data. |
Threat | ★★★ | |
|
2025-01-28 22:04:00 | PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks (lien direct) | A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany.
The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that\'s delivered by means of PureCrypter. TorNet is so
A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that\'s delivered by means of PureCrypter. TorNet is so |
Threat | ★★★ | |
 |
2025-01-28 19:37:26 | Security Flaws Found In DeepSeek Leads To Jailbreak (lien direct) | DeepSeek R1, the AI model making all the buzz right now, has been found to have several vulnerabilities that allowed security researchers at the Cyber Threat Intelligence firm Kela to jailbreak it.
Kela tested these jailbreaks around known vulnerabilities and bypassed the restriction mechanism on the chatbot.
This allowed them to jailbreak it across a wide range of scenarios, enabling it to generate malicious outputs, such as ransomware development, fabrication of sensitive content, and detailed instructions for creating toxins and explosive devices.
For instance, the “Evil Jailbreak” method (Prompts the AI model to adopt an “evil” persona), which was able to trick the earlier models of ChatGPT and fixed long back, still works on DeepSeek.
The news comes in while DeepSeek investigates a cyberattack, not allowing new registrations.
“Due to large-scale malicious attacks on DeepSeek’s services, we are temporarily limiting registrations to ensure continued service. Existing users can log in as usual.” DeepSeek’s status page reads.
While it does not confirm what kind of cyberattack disrupts its service, it seems to be a DDoS attack.
DeepSeek is yet to comment on these vulnerabilities.
DeepSeek R1, the AI model making all the buzz right now, has been found to have several vulnerabilities that allowed security researchers at the Cyber Threat Intelligence firm Kela to jailbreak it. Kela tested these jailbreaks around known vulnerabilities and bypassed the restriction mechanism on the chatbot. This allowed them to jailbreak it across a wide range of scenarios, enabling it to generate malicious outputs, such as ransomware development, fabrication of sensitive content, and detailed instructions for creating toxins and explosive devices. For instance, the “Evil Jailbreak” method (Prompts the AI model to adopt an “evil” persona), which was able to trick the earlier models of ChatGPT and fixed long back, still works on DeepSeek. The news comes in while DeepSeek investigates a cyberattack, not allowing new registrations. “Due to large-scale malicious attacks on DeepSeek’s services, we are temporarily limiting registrations to ensure continued service. Existing users can log in as usual.” DeepSeek’s status page reads. While it does not confirm what kind of cyberattack disrupts its service, it seems to be a DDoS attack. DeepSeek is yet to comment on these vulnerabilities. |
Ransomware Vulnerability Threat | ChatGPT | ★★★ |
|
2025-01-28 17:00:00 | ENGlobal Cyber-Attack Exposes Sensitive Data (lien direct) | Energy contractor ENGlobal reported that sensitive personal data was stolen by threat actors, with the incident disrupting operations for six weeks
Energy contractor ENGlobal reported that sensitive personal data was stolen by threat actors, with the incident disrupting operations for six weeks |
Threat | ★★★ | |
 |
2025-01-28 16:53:39 | Read MoreJanuary 28, 2025Impact of Technogenic Risk on CRQExplore dollar-denominated technogenic risks, supply chain attacks, and Kovrr\\\'s advanced methodologies for forecasting and mitigating cyber vulnerabilities. (lien direct) | Impact of Technogenic Risk on CRQâSupply chain attacks, which target a third-party software dependency, hardware component, or service provider within a specific technologyâs value chain, have risen in both prevalence and severity over the past few years. The 2023 MOVEit incident, for instance, impacted thousands of organizations and has been estimated to cost upwards of $12.25 billion, which, if correct, makes it one of the top 5 most expensive cyber attacks in history. âIndeed, these types of attacks can be especially insidious as they are often hidden from the technologyâs users, difficult to track, and nearly impossible to contain. This catastrophic nature underscores the critical need to establish proactive, data-driven management approaches that specifically address technology-driven cybersecurity risks, minimizing both the likelihood of occurrence and the potential severity should such an event take place.âHowever, with the number of known vulnerabilities growing by roughly 20,000 on an annual basis since 2021, the rising adoption of cloud and SaaS solutions, and the increasing trend of organizations using a third-party service provider to manage devices and servers, patching all vulnerabilities within a technologically diverse environment is an insurmountable task. The solution for cybersecurity teams, instead, is to develop a prioritization strategy for vulnerability mitigation that will not only maximize risk reduction per unit effort but also align with business goals by focusing on the vulnerabilities that are most likely to be exploited by threat actors in the wild and cause material financial harm.Kovrrâs Technogenic Vulnerability Modeling MethodologyâWithin cyber risk quantification (CRQ), we need to move beyond simply ranking currently reported vulnerabilities. A risk forecast typically covers a period from today to 12 months, over which time new vulnerabilities will be identified and reported, with a range of severities (under CVSS and EPSS). âWe, therefore, produce a risk adjustment based on a forecast of the frequency and severity of future CVE occurrences. Our models can then adjust for the potential risk of individual technologies and assign numerical risk adjustments to the frequency of successful attacks originating from or propagating into said technology.Drivers of Technology Risk We have studied the historic CVE reports and severity indicators from CVSS and EPSS strategies and identified three main drivers that influence the risk presented by a technology or service:âOperation: What does each technology do? For example, operating systems, network software, and hardware have a high level of attention from both adversaries and security researchers looking for weaknesses.Vendor: Who made it? We found a high level of consistency between vendors with multiple products, indicating that a secure coding culture and business practices are good indicators.Attack Surface Breadth: How wide is the attack surface? How does the risk scale as the company grows? If there is one asset with the technology, or 10,000, this has become an indicator of the IT scale. A diverse software and hardware estate is much more challenging to maintain, patch, and track than a simple one. Operation To look at the operation of each technology, we categorize each of the reported CVEs into product types (e.g., DB, web server) and assign product type-related risk parameters. Figure 1 below shows the relative risk presented by different operational types of technology, as calculated using CVE and EPSS scores. For this example, we have considered CVEs, which are both exploitable and are likely to allow initial access to be gained (e.g., attack surface breach).âFigure 1: Relative Exploitation Frequency Scores by Operation TypeâBy comparing the exploitation scores in Figure 1, we can immediately conclude that exploitation risk stems primarily from certain product types within the organization, such as serv | Ransomware Malware Vulnerability Threat Patching Prediction Cloud Technical | Wannacry | ★★★ |
 |
2025-01-28 15:42:51 | Apple\\'s latest patch closes zero-day affecting wide swath of products (lien direct) | The zero-day impacts Apple\'s framework that manages audio and video playback.
The zero-day impacts Apple\'s framework that manages audio and video playback. |
Vulnerability Threat | ★★★ | |
 |
2025-01-28 15:16:45 | Phorpiex - Downloader Delivering Ransomware (lien direct) |
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.
|
Ransomware Threat | ★★★ | |
|
2025-01-28 14:12:52 | Security Brief: Threat Actors Take Taxes Into Account (lien direct) | What happened Proofpoint researchers have identified an uptick in campaigns and malicious domains impersonating tax agencies and related financial organizations. This activity aligns with the general increase in tax-related content our researchers typically observe every year from December through April, especially as tax deadlines in the United Kingdom and United States are top of mind for businesses. Generally, phishing lures leveraging tax themes impersonate government agencies or financial services organizations that users would engage with to file taxes or submit business relevant documentation. UK targeted phishing Proofpoint has observed multiple campaigns impersonating HM Revenue & Customs (HMRC). Attackers will use branding and language related to HMRC in phishing lures in an attempt to convince users the email is legitimate. In one campaign that began on 12 January 2025, the threat actor used “account update” lures impersonating HMRC. HMRC lure impersonating the agency and distributing credential phishing. These messages contained URLs leading to actor-controlled credential harvesting websites designed to capture usernames and passwords. HMRC impersonated website. The websites impersonated HMRC in an attempt to steal personal information that could be used for fraudulent activity. This campaign included a small number of messages impacting multiple organizations in the UK. HMRC maintains a list of common phishing and scam lures to educate users on the ways attackers abuse the brand for social engineering purposes. U.S. targeted phishing Proofpoint\'s Takedown team has observed hundreds of malicious tax-themed domains used in email campaigns in the first few weeks of January 2025. These domains impersonate legitimate companies, applications, and services that are related to accounting, tax filing, and payments. This infrastructure can be used in phishing and malware campaigns targeting organizations with lure content also impersonating these tax related companies. But not all campaigns leverage lookalike or impersonated domains. On 16 January 2025, Proofpoint identified a campaign impersonating Intuit, but the email sender and phishing infrastructure was generic, with only the path portion of the URL indicating it was a tax-themed campaign. For example, emails purported to be from Intuit: From: Intuit QuickBooks Subject: Your Tax file Form was rejected Email impersonating Intuit (left); credential phishing landing page (right). Emails contained URLs to a fake Intuit authentication page designed to harvest user credentials. In this case, the path portion of the phishing URL indicated brand abuse, in addition to the website impersonating the company (for example: hxxps://fotolap[.]com/.wp-admin/cgi-/intuit/inuit4//). This campaign included over 40,000 messages impacting over 2,000 organizations. Proofpoint regularly identifies activity impersonating U.S. tax agencies and related organizations, and this activity typically increases in the first quarter of the year. Swiss targeted fraud While tax seasons around the world are prime timely themes for threat actors, tax-related lures are often used by threat actors even outside of filing seasons. For example, on 18 December 2024, Proofpoint identified a fraud campaign targeting Swiss organizations. Messages purported to be federal tax payment reminders and impersonated the Federal Tax Administration. These messages contained URLs leading to a legitimate Revolut payment page, asking users to send a payment via credit card. Proofpoint researchers believe this was not an attack to harvest credit card details, but to get users to pay to an adversary-owned or controlled Revolut account. Email lure prompting users to pay into a suspected fraudulent/ | Malware Threat | ★★★ | |
|
2025-01-28 14:00:00 | ScatterBrain: Unmasking the Shadow of PoisonPlug\\'s Obfuscator (lien direct) | Written by: Nino Isakovic
Introduction Since 2022, Google Threat Intelligence Group (GTIG) has been tracking multiple cyber espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW. These operations employ a custom obfuscating compiler that we refer to as "ScatterBrain," facilitating attacks against various entities across Europe and the Asia Pacific (APAC) region. ScatterBrain appears to be a substantial evolution of ScatterBee, an obfuscating compiler previously analyzed by PWC. GTIG assesses that POISONPLUG is an advanced modular backdoor used by multiple distinct, but likely related threat groups based in the PRC, however we assess that POISONPLUG.SHADOW usage appears to be further restricted to clusters associated with APT41. GTIG currently tracks three known POISONPLUG variants: POISONPLUG POISONPLUG.DEED POISONPLUG.SHADOW 
POISONPLUG.SHADOW-often referred to as "Shadowpad," a malware family name first introduced by Kaspersky-stands out due to its use of a custom obfuscating compiler specifically designed to evade detection and analysis. Its complexity is compounded by not only the extensive obfuscation mechanisms employed but also by the attackers\' highly sophisticated threat tactics. These elements collectively make analysis exceptionally challenging and complicate efforts to identify, understand, and mitigate the associated threats it poses.
In addressing these challenges, GTIG collaborates closely with the FLARE team to dissect and analyze POISONPLUG.SHADOW. This partnership utilizes state-of-the-art reverse engineering techniques and comprehensive threat intelligence capabilities required to mitigate the sophisticated threats posed by this threat actor. We remain dedicated to advancing methodologies and fostering innovation to adapt to and counteract the ever-evolving tactics of threat actors, ensuring the security of Google and our customers against sophisticated cyber espionage operations.
Overview
In this blog post, we present our in-depth analysis of the ScatterBrain obfuscator, which has led to the development of a complete stand-alone static deobfuscator library independent of any binary analysis frameworks. Our analysis is based solel |
Malware Tool Threat Studies Patching Cloud | APT 41 | ★★ |
|
2025-01-28 13:47:13 | Apple Patches Zero-Day Exploit Affecting iPhones, Macs, iPads, Watches & TVs (lien direct) | On Monday, Apple rolled out critical security updates to address several vulnerabilities affecting iPhones, Macs, and other devices, including a zero-day vulnerability actively exploited in the wild to target iPhone users.
The zero-day vulnerability, identified as CVE-2025-24085 (no CVSS score assigned yet), is a use-after-free flaw in Apple\'s Core Media component that could allow a pre-installed malicious application to gain elevated privileges on vulnerable devices.
According to Apple, the Core Media is a foundational framework within the Apple operating system that offers the underlying structure for processing and managing media data like video and audio.
It is the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” the company wrote in the advisory ([1], [2], [3], [4], [5]) published on Monday.
The zero-day vulnerability affected a broad range of Apple devices, including:
iPhone XS and later
iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later)
Macs running macOS Sequoia 15.3
Apple Watch Series 6 and later
Apple TV HD and Apple TV 4K (all models)
Apple Vision Pro running visionOS 2.3
Apple has resolved the CVE-2025-24085 vulnerability by releasing software updates - iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3, and tvOS 18.3 - with improved memory management.
Meanwhile, the company has not provided any information on how the above vulnerability was exploited, by whom, or who may have been targeted.
It has also not attributed the discovery of the vulnerability to a researcher.
Users are urged to update their iPhone, iPad, Mac, Apple Watch, and Apple TV immediately with the latest security updates to stay protected against potential threats.
Enable automatic updates to ensure you receive future patches on your devices without delay.
Further, avoid clicking on suspicious links and only download apps from trusted sources to reduce the risk of vulnerabilities.
On Monday, Apple rolled out critical security updates to address several vulnerabilities affecting iPhones, Macs, and other devices, including a zero-day vulnerability actively exploited in the wild to target iPhone users. The zero-day vulnerability, identified as CVE-2025-24085 (no CVSS score assigned yet), is a use-after-free flaw in Apple\'s Core Media component that could allow a pre-installed malicious application to gain elevated privileges on vulnerable devices. According to Apple, the Core Media is a foundational framework within the Apple operating system that offers the underlying structure for processing and managing media data like video and audio. It is the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” the company wrote in the |
Vulnerability Threat Mobile | ★★★ | |
|
2025-01-28 12:00:59 | Critical Vulnerabilities in Node.js Expose Systems to Remote Attacks (lien direct) | >
Overview
A series of critical security vulnerabilities have been discovered in multiple versions of Node.js, a popular open-source JavaScript runtime used to build scalable network applications. These vulnerabilities, outlined in CERT-In Vulnerability Note CIVN-2025-0011, have been classified as high severity, with the potential to compromise sensitive information, disrupt services, and even execute arbitrary code. Users of Node.js, including developers and organizations relying on this platform, are urged to take immediate action to secure their systems.
The vulnerabilities affect several versions of Node.js, including both long-term support (LTS) and current releases. Affected versions include Node.js v18.x, v20.x, v22.x, and the latest v23.x. The flaws stem from various issues, including memory leaks, path traversal vulnerabilities, and worker permission bypasses, which could result in denial of service (DoS) conditions, data theft, and potential system compromises.
The vulnerabilities present a high risk of unauthorized access to sensitive data, denial of service, or even complete system compromise. These flaws can be exploited remotely, allowing attackers to gain control over affected systems. The potential impacts are significant, especially in production environments where Node.js applications are running in high-traffic scenarios.
Key Vulnerabilities in Node.js
CVE-2025-23087 (Node.js v17.x and prior): This critical vulnerability affects older versions of Node.js (v17.x or earlier), with an attacker potentially gaining unauthorized access due to insufficient security controls. The severity of the flaw demands immediate attention from users of these older versions.
CVE-2025-23088 (Node.js v19.x): A critical flaw affecting Node.js v19.x, which could allow an attacker to bypass security measures and execute arbitrary code. It\'s essential for users of v19.x to update to the latest release to mitigate the risk.
CVE-2025-23089 (Node.js v21.x): Similar to CVE-2025-23088, this vulnerability impacts Node.js v21.x, allowing for potential exploitation due to a lack of proper access control and security features. Users should upgrade to patched versions of Node.js immediately.
CVE-2025-23083 (Worker Permission Bypass): A high-severity vulnerability discovered in Node.js v20.x, v22.x, and v23.x, where an attacker could exploit the internal worker leak mechanism via the diagnostics_channel utility. This flaw could enable unauthorized access to worker threads, which are typically restricted, potentially leading to privilege escalation.
|
Tool Vulnerability Threat | ★★★ | |
|
2025-01-28 11:46:57 | Actively Exploited Fortinet Zero-Day Gives Attackers Super-Admin Privileges (lien direct) | The firewall specialist has patched the security flaw, which was responsible for a series of attacks reported earlier this month that compromised FortiOS and FortiProxy products exposed to the public Internet.
The firewall specialist has patched the security flaw, which was responsible for a series of attacks reported earlier this month that compromised FortiOS and FortiProxy products exposed to the public Internet. |
Vulnerability Threat | ★★★ | |
 |
2025-01-28 11:31:57 | Forescout 2024 Threat Report warns of intensifying cyber threats in 2025, as OT protocols increasingly targeted (lien direct) | Data released by Forescout Technologies disclosed that cybersecurity will be a primary concern for both enterprise and government...
Data released by Forescout Technologies disclosed that cybersecurity will be a primary concern for both enterprise and government... |
Threat Industrial | ★★★★ | |
|
2025-01-28 09:37:55 | phpMyAdmin 5.2.2 Addresses Critical XSS and Library Vulnerabilities (lien direct) | >
Overview
phpMyAdmin, a popular web-based tool for managing MySQL and MariaDB databases, has recently released version 5.2.2, addressing multiple vulnerabilities that posed a medium severity risk. This widely-used tool is a basis for database administrators, offering strong features and ease of use. However, the vulnerabilities discovered could potentially expose users to risks such as unauthorized actions, session hijacking, and data theft.
The update resolves two cross-site scripting (XSS) vulnerabilities (CVE-2025-24530 and CVE-2025-24529) and a potential issue in the glibc/iconv library (CVE-2024-2961). These vulnerabilities underline the importance of staying up to date with security patches to safeguard sensitive data and ensure secure database management.
According to the advisory:
Reported By: The vulnerability was reported by a security researcher identified as "bluebird."
Severity: Moderate.
Solution: Users are encouraged to upgrade to version 5.2.2 or apply the patch.
Vulnerability Details
Three significant vulnerabilities were identified in phpMyAdmin versions prior to 5.2.2:
1. CVE-2025-24530: XSS in “Check Tables”
Description: This XSS vulnerability allows an attacker to exploit the "Check Tables" feature by crafting a malicious table name. This could result in injecting malicious scripts into the application.
Impact: Successful exploitation could lead to session hijacking, data theft, and unauthorized actions.
CWE ID: CWE-661 (Improper Neutralization of Input During Web Page Generation).
Fix: This issue was resolved through commit a45efd0eb9415240480adeefc587158c766bc4a0.
2. CVE-2025-24529: XSS in “Insert”
Description: This vulnerability involves the "Insert" functionality, which could be manipulated to execute malicious scripts.
Impact: Exploitation could compromise user accounts and sensitive data by injecting malicious code into user |
Tool Vulnerability Threat Medical | ★★★ | |
|
2025-01-28 08:53:00 | Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (lien direct) | Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild.
The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges.
"Apple is
Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges. "Apple is |
Vulnerability Threat | ★★★ | |
|
2025-01-28 06:33:22 | Attackers Exploit PDFs in Sophisticated Mishing Attack (lien direct) | In a newly discovered phishing campaign, malicious actors are using malicious PDF files to target mobile device users in potentially more than 50 countries. Dubbed the “PDF Mishing Attack,” the campaign exploits the widespread trust in PDFs as a secure file format, revealing new vulnerabilities in mobile platforms. The phishing operation masquerades as the United [...]
In a newly discovered phishing campaign, malicious actors are using malicious PDF files to target mobile device users in potentially more than 50 countries. Dubbed the “PDF Mishing Attack,” the campaign exploits the widespread trust in PDFs as a secure file format, revealing new vulnerabilities in mobile platforms. The phishing operation masquerades as the United [...] |
Vulnerability Threat Mobile | ★★★ | |
|
2025-01-27 22:30:27 | Apple Patches Actively Exploited Zero-Day Vulnerability (lien direct) | The Apple iOS 18.3 update fixes 28 other vulnerabilities identified by the tech company, though there is little information on them.
The Apple iOS 18.3 update fixes 28 other vulnerabilities identified by the tech company, though there is little information on them. |
Vulnerability Threat | ★★ | |
|
2025-01-27 21:53:32 | USPS Impersonators Tap Trust in PDFs in Smishing Attack Wave (lien direct) | Attackers aim to steal people\'s personal and payment-card data in the campaign, which dangles the threat of an undelivered package and has the potential to reach organizations in more than 50 countries.
Attackers aim to steal people\'s personal and payment-card data in the campaign, which dangles the threat of an undelivered package and has the potential to reach organizations in more than 50 countries. |
Threat | ★★★ | |
 |
2025-01-27 21:13:34 | Zimperium Reveals New Advanced PDF-Based Cyber Threat Exploiting Mobile Devices (lien direct) | Zimperium Reveals New Advanced PDF-Based Cyber Threat Exploiting Mobile Devices
Sophisticated Mishing Campaign Leveraging Malicious PDFs Poses a Significant Threat to Organizations Across 50+ Countries
-
Malware Update
Zimperium Reveals New Advanced PDF-Based Cyber Threat Exploiting Mobile Devices Sophisticated Mishing Campaign Leveraging Malicious PDFs Poses a Significant Threat to Organizations Across 50+ Countries - Malware Update |
Threat Mobile | ★★★ | |
|
2025-01-27 16:50:26 | TalkTalk Confirms Data Breach, Downplays Impact (lien direct) | >UK telecoms firm TalkTalk has confirmed falling victim to a data breach after a threat actor boasted about hacking it.
>UK telecoms firm TalkTalk has confirmed falling victim to a data breach after a threat actor boasted about hacking it. |
Data Breach Threat | ★★★ | |
|
2025-01-27 15:02:33 | IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble (lien direct) | >
Overview
Cyble\'s vulnerability intelligence report to clients last week examined high-risk flaws in 7-Zip, Microsoft Windows, and Fortinet, among other products. It also examined dark web claims of a zero-day vulnerability in Apple iOS.
In all, the report from Cyble Research and Intelligence Labs (CRIL) looked at 14 vulnerabilities and dark web exploits, including one vulnerability with a maximum CVSS severity score of 10.0 and another with more than 276,000 web exposures.
Here are some of the vulnerabilities highlighted by Cyble\'s vulnerability intelligence unit as meriting high-priority attention by security teams.
The Top IT Vulnerabilities
CVE-2024-50603 is a 10.0-severity OS Command Injection vulnerability in the Aviatrix Controller that could allow an unauthenticated user to execute arbitrary commands against the cloud networking platform controller, due to improper neutralization of special elements used in an OS command. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
CVE-2025-0411 is a critical vulnerability in the 7-Zip file archiving software that allows attackers to bypass the Mark-of-the-Web (MOTW) protection mechanism, which is intended to warn users about potentially dangerous files downloaded from the internet. An attacker could use the vulnerability to craft an archive file so that the files do not inherit the MOTW mark when they are extracted by 7-Zip. The vulnerability was just announced, but a patch has been available since November 30. As 7-Zip lacks an auto-update function, users must download the update directly.
CVE-2024-12084 is a 9.8-severity Heap-Based Buffer Overflow vulnerability in the Rsync file synchronization tool. The vulnerability arises from improper handling of checksum lengths that exceed the fixed limit of 16 bytes (SUM_LENGTH) during the processing of user-controlled data. An attacker could manipulate checksum lengths, leading to out-of-bounds memory writes in the sum2 buffer. This could enable remote code execution (RCE) on systems running the Rsync server. Cyble detected more than 276,000 vulnerable web-facing Rsync exposures (image below).
Dark Web Exploits and Zero Days
The |
Tool Vulnerability Threat Patching Cloud | ★★★ | |
|
2025-01-27 14:00:00 | SaaS Breaches Skyrocket 300% as Traditional Defenses Fall Short (lien direct) | Obsidian found that threat actors are focusing on SaaS applications to steal sensitive data, with most organizations\' security measures not set up to deal with these attacks
Obsidian found that threat actors are focusing on SaaS applications to steal sensitive data, with most organizations\' security measures not set up to deal with these attacks |
Threat Cloud | ★★★★ | |
|
2025-01-27 13:29:00 | GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities (lien direct) | A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities.
The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.
A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon. |
Threat | ★★★ | |
 |
2025-01-27 13:27:37 | 27th January – Threat Intelligence Report (lien direct) | >For the latest discoveries in cyber research for the week of 27th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Stark Aerospace, a US-based manufacturer specializing in missile systems and UAVs, contractor of the US Military and the Department of Defense (DoD), has been targeted by the INC ransomware group. The attackers […]
>For the latest discoveries in cyber research for the week of 27th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Stark Aerospace, a US-based manufacturer specializing in missile systems and UAVs, contractor of the US Military and the Department of Defense (DoD), has been targeted by the INC ransomware group. The attackers […] |
Ransomware Threat | ★★ | |
 |
2025-01-27 13:03:02 | Hackers steal $85 million worth of cryptocurrency from Phemex (lien direct) | The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency. [...]
The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency. [...] |
Threat | ★★★ | |
|
2025-01-27 12:46:00 | MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (lien direct) | Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC.
"MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"
Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file," |
Spam Malware Threat | ★★★ | |
|
2025-01-27 12:16:17 | United Against Cybercrime: ASEAN Ministers Forge New Security Pathways (lien direct) | >
Overview
The digital world in Southeast Asia is evolving rapidly, with nations striving to balance innovation, inclusivity, and security. The recently held 5th ASEAN Digital Ministers\' Meeting (ADGMIN) in Bangkok, Thailand, marked a significant milestone in this journey. The meeting highlighted the importance of cybersecurity in shaping a resilient digital future for the region. The ASEAN Digital Masterplan 2025 (ADM 2025) continues to serve as a guiding framework for fostering collaboration, enabling trust in digital services, and promoting the safe and inclusive use of technology.
From addressing online scams to operationalizing the ASEAN Regional Computer Emergency Response Team (CERT) and advancing AI governance, the event showcased ASEAN\'s commitment to fortifying its digital ecosystem against cyber threats. With an emphasis on collaboration and proactive measures, the meeting highlighted the pressing need to enhance cybersecurity frameworks, strengthen cross-border data governance, and address emerging challenges posed by technologies like generative AI.
Key Cybersecurity Highlights
ASEAN Regional CERT Operationalization: One of the significant milestones discussed was the operationalization of the ASEAN Regional Computer Emergency Response Team (CERT). This initiative aims to enhance collaboration among member states, facilitate real-time information sharing, and strengthen the region\'s preparedness against cyberattacks. CERT\'s operationalization highlights ASEAN\'s focus on collective resilience in cyberspace.
Tackling Online Scams: Online scams remain a pressing issue across ASEAN. The ASEAN Working Group on Anti-Online Scams (WG-AS) released its Report on Online Scams Activities in ASEAN (2023–2024), offering insights into the threat landscape. The report outlines key recommendations for regional collaboration to combat scams effectively. The ASEAN Recommendations on Anti-Online Scams provide a framework for governments to develop policies aimed at mitigating online fraud, with a focus on cross-border scams and fraudulent activities exploiting digital platforms.
Promoting Responsible State Behavior in Cyberspace: ASEAN adopted the Checklist for Responsible State Behavior in Cyberspace, aligning with global norms to promote peace and security online. This initiative focuses on fostering cooperation and ensuring responsible use of digital tools while mitigating risks.
Strengthening Cross-Border Data Governance: Data governance was another key topi |
Ransomware Tool Vulnerability Threat Technical | ★★★ | |
 |
2025-01-27 12:02:44 | New VPN Backdoor (lien direct) | A newly discovered VPN backdoor uses some interesting tactics to avoid detection:
When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives what’s known in the business as a “magic packet.” On Thursday, researchers revealed that a never-before-seen backdoor that quietly took hold of dozens of enterprise VPNs running Juniper Network’s Junos OS has been doing just that...
A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives what’s known in the business as a “magic packet.” On Thursday, researchers revealed that a never-before-seen backdoor that quietly took hold of dozens of enterprise VPNs running Juniper Network’s Junos OS has been doing just that... |
Malware Threat | ★★★ | |
|
2025-01-27 11:36:38 | Clone2Leak attacks exploit Git flaws to steal credentials (lien direct) | A set of three distinct but related attacks, dubbed \'Clone2Leak,\' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...]
A set of three distinct but related attacks, dubbed \'Clone2Leak,\' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...] |
Threat | ★★★ |
To see everything:
Our RSS (filtrered)
