Information security

Information security

The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control. What's notable about the attacks targeting Android devices is also the destructive ability of the threat actors to exploit Google's asset tracking services Find Hub (formerly Find My Device) to remotely reset victim devices, thereby leading to the unauthorized deletion of personal data. The activity was detected in early September 2025.

"Some of these leaks could have exposed organizational structures, training data, or even private models," said Wiz threat researchers Shay Berkovich and Rami McCarthy in a blog post. The secrets consist of API keys, tokens, and other digital credentials that are supposed to be kept out of code commits to git repos. But as the security biz noted last month, developers of VS Code extensions keep making their secrets known, a problem that McCarthy has attributed in part to vibe coding.

It's really important to go back to just the cybersecurity basics. Are you using multi-factor authentication? Are you training your staff and employees at all levels to not click that link? Are you patching your systems? Do you have good monitoring software and applications that are monitoring your network even when you're sleeping?

Small and medium-sized businesses (SMBs) across the UK are struggling to get cybersecurity strategy plans up and running, according to new research. Analysis from Kaspersky shows more than two-thirds (67%) of SMBs lack "fully actionable" cybersecurity strategies. This means that while many have developed theoretical plans for how to tackle growing security threats, real-world implementation is falling flat. These shortcomings are leaving a concerning number of businesses at higher risk of attacks amidst an escalating cyber threat landscape, the company warned.

When thieves stole more than $80 million in jewels from the Louvre in Paris, they didn't exploit a total absence of security but rather gaps in the museum's broader security program, encompassing both aging systems and situational awareness, according to early reports. The museum's director later confirmed that the balcony used in the break-in wasn't covered by a functioning external camera; the only camera nearby faced the wrong direction.

The defense industry has had nearly a decade of warnings, but today (Monday, Nov. 10) marks the day that companies need to start complying with the government's standards around how they protect controlled unclassified information. Of course, they should have been complying with the National Institute of Standards & Technology's SP 800-171 standard for the last eight years. But now the Cybersecurity Maturity Model Certification program begins in earnest.

Exploiting the so-called "RediShell" remote code execution vulnerability, an authenticated user can use a specially crafted script to manipulate the garbage collector, trigger a use-after-free, and potentially execute arbitrary code remotely. The vulnerability exploits a 13-year-old UAF memory corruption bug in Redis, allowing a post-auth attacker to send a crafted Lua script to escape the default Lua sandbox and execute arbitrary native code.

A random "can you hear me?" question should be your first red flag that this unsolicited call could be a scam, said Kelly Richmond Pope, a professor of forensic accounting at DePaul University and the author of Fool Me Once: Scams, Stories, and Secrets From the Trillion-Dollar Fraud Industry. A conversation with a random number that starts with "can you hear me?" is suspicious "because it's so outside of the typical conversational cycle," Pope said.

A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues. The organization, according to a report from Broadcom's Symantec and Carbon Black teams, is "active in attempting to influence U.S. government policy on international issues." The attackers managed to gain access to the network for several weeks in April 2025.

Last month, Google said that the ransomware gang Clop was targeting companies after exploiting multiple vulnerabilities in Oracle's E-Business Suite software, which companies use for their business operations, storing their human resources files, and other sensitive data. The exploits allowed the hackers to steal their customer's business data and employee records from more than 100 companies, per Google.

A previously unknown Android spyware family called LANDFALL exploited a zero-day in Samsung Galaxy devices for nearly a year, installing surveillance code capable of recording calls, tracking locations, and harvesting photos and logs before Samsung finally patched it in April. The surveillance campaign likely began in July 2024 and abused CVE-2025-21042, a critical bug in Samsung's image-processing library that affects Galaxy devices running Android versions 13, 14, 15, and 16,

CISOs often operate in environments where security is underfunded, under prioritised, or misunderstood at the board and C-suite level. A lack of senior-level buy-in trickles down into: Budget constraints that limit the scope and impact of the CISO function, including resources for tooling and automation. Skills shortages and restrictive operating models that prevent effective delegation. Strategic misalignment, where short-term delivery is prioritised over long-term business resilience and customer outcomes.

Martin had apparently seen how this system worked in practice through his job, and he approached a pair of other people to help him make some easy cash. One of these people was allegedly Ryan Goldberg of Watkinsville, Georgia, who worked as an incident manager at the cybersecurity firm Sygnia. Goldberg told the FBI that Martin had recruited him to "try and ransom some companies."

implemented additional monitoring and new security controls to further protect the agency's systems

Last year almost a dozen major U.S. ISPs were the victim of a massive, historic intrusion by Chinese hackers who managed to spy on public U.S. officials for more than a year. The "Salt Typhoon" hack was so severe, the intruders spent much of the last year rooting around the ISP networks even after discovery. AT&T and Verizon, two of the compromised companies, apparently didn't think it was worth informing subscribers any of this happened.

In April, the group targeted a Ukrainian university with two wipers, a form of malware that aims to permanently destroy sensitive data and often the infrastructure storing it. One wiper, tracked under the name Sting, targeted fleets of Windows computers by scheduling a task named DavaniGulyashaSdeshka, a phrase derived from Russian slang that loosely translates to "eat some goulash," researchers from ESET said. The other wiper is tracked as Zerlot.

SonicWall has blamed an unnamed, state-sponsored collective for the September break-in that saw cybercriminals rifle through a cache of firewall configuration backups. The network security vendor said it spotted "suspicious activity" in early September involving the unauthorized downloading of backup firewall configuration files from "a specific cloud environment." The company initially said that "fewer than 5 percent" of its firewall installed base had files accessed,

Cybersecurity is as much about communication as it is about code. When leadership sends mixed signals - one message in a company memo, another in marketing materials - the inconsistency confuses employees and customers alike. A StratusPoint IT report found that 74% of data breaches involved a human element, including social engineering and error. These incidents often begin with misunderstanding rather than malice.

Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) - marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few meet the criteria to appear in the Market Guide. While inclusion is not a ranking or comparative assessment, we believe it underscores Bitdefender's human-driven approach to MDR and our continued alignment with Gartner's rigorous inclusion standards.

I think the big cyber incidents happening in the Middle East and Europe in recent months, particularly ransomware as a service, so big names like Jaguar Land Rover and others, have kind of given this meeting an extra buzz just before we met. Quite a few people flew in from that have been affected by the supply chain attack on baggage handling software. So it was very relevant and topical.

Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in several regions, including DORA (Digital Operational Resilience Act) in the EU; CPS230 / CORIE (Cyber Operational Resilience Intelligence-led Exercises) in Australia;

Zoom in: Google's team found PromptFlux while scanning uploads to VirusTotal, a popular malware-scanning tool, for any code that called back to Gemini. The malware appears to be in active development: Researchers observed the author uploading updated versions to VirusTotal, likely to test how good it is at evading detection. It uses Gemini to rewrite its own source code, disguise activity and attempt to move laterally to other connected systems.

Have I Been Pwned (HIBP) is a data breach "search engine" that allows anyone to submit their email address to see if any links to a data breach are publicly known. HIBP is a free service that can give you an overview of whether or not it is likely your online accounts have been "pwned," or compromised, in a data breach.

The ADF outage, triggered by a faulty control-plane configuration change, brought Microsoft 365, Xbox Live, the Azure Portal, and thousands of customer websites to a crawl before a staged recovery returned services to normal. Moreover, the outage's blast radius was broad, demonstrating the profound dependency of the entire Microsoft ecosystem and its customers on AFD as a centralized edge fabric.

Although many enterprise IT teams are probably not hugely aware of MDAG, there could still be hidden work caused by its removal. Microsoft, for its part, recommends that administrators do the following: Enable Microsoft Defender for Endpoint ASR rules to block risky Office file behaviors. Enable Windows Defender Application Control (WDAC) to ensure only trusted, signed code runs on devices. Review internal documentation and helpdesk guidance if your organization previously relied on Application Guard for Office.