#cybersecurity
#cybersecurity

9 hours ago

Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets

Discord's invitation system has a vulnerability allowing attackers to redirect trusted links to malicious servers.

The malware campaign targets users by exploiting expired or deleted invite links.

Growth hacking

FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware

Remote teams

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Remote teams

Pentesting tool exploited in large-scale attacks

Marketing tech

That DeepSeek installer you just clicked? It's malware

1 week ago

AI-Assisted Cyber Attack Methods That Could Cripple Your Business | HackerNoon

AI is transforming both cyber threats and security measures, increasing risks and capabilities of attackers.

Cryptocurrency

9 hours ago

Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets

Discord's invitation system has a vulnerability allowing attackers to redirect trusted links to malicious servers.

The malware campaign targets users by exploiting expired or deleted invite links.

Growth hacking

FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware

Remote teams

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Remote teams

Pentesting tool exploited in large-scale attacks

Intellectual property law

Marketing tech

That DeepSeek installer you just clicked? It's malware

Silicon Valley tech execs are joining the US Army Reserve | TechCrunch

CTOs from major tech companies are joining the U.S. Army Reserve to apply their expertise in cybersecurity and data.

RSAC Conference 2025: The front line of cyber innovation

The evolving cybersecurity landscape demands IT leaders to adapt to both new technologies and increasing threats, especially from state-backed actors.

fromAbove the Law

Beware: Don't Open That Email From L@tham - Above the Law

Fraudsters increasingly exploit Biglaw firm names for scams, highlighting a serious cybersecurity issue.

Ransomware disrupted utility services in SimpleHelp attacks

Ransomware groups exploited a vulnerability in SimpleHelp's software, causing service disruptions and extortion incidents.

Cryptocurrency

LockBit data dump reveals a treasure trove of intel on the notorious hacker group

fromwww.nytimes.com

2 weeks ago

Information security

Victoria's Secret Website Goes Dark After Security Breach

Cryptocurrency

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Intellectual property law

21 hours ago

RSAC Conference 2025: The front line of cyber innovation

The evolving cybersecurity landscape demands IT leaders to adapt to both new technologies and increasing threats, especially from state-backed actors.

fromAbove the Law

Beware: Don't Open That Email From L@tham - Above the Law

Fraudsters increasingly exploit Biglaw firm names for scams, highlighting a serious cybersecurity issue.

Ransomware disrupted utility services in SimpleHelp attacks

Ransomware groups exploited a vulnerability in SimpleHelp's software, causing service disruptions and extortion incidents.

Cryptocurrency

LockBit data dump reveals a treasure trove of intel on the notorious hacker group

fromwww.nytimes.com

2 weeks ago

Information security

Victoria's Secret Website Goes Dark After Security Breach

Cryptocurrency

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

CISA's executive director is leaving the agency

Bridget Bean retires as executive director of CISA after nearly three years, marking a significant leadership transition at the agency.

fromNextgov.com

21 hours ago

Information security

Secure by Design is just the start, CISA official says

Information security

CISA loses senior exec Bridget Bean, pre-budget cuts

fromNextgov.com

CISA's executive director is leaving the agency

Bridget Bean retires as executive director of CISA after nearly three years, marking a significant leadership transition at the agency.

fromNextgov.com

21 hours ago

Information security

Secure by Design is just the start, CISA official says

Information security

CISA loses senior exec Bridget Bean, pre-budget cuts

more#cisa

#apple

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Apple addressed a significant vulnerability in its Messages app that was exploited to target journalists with advanced spyware.

22 hours ago

Apple squashes zero-click bug used for spyware attacks

Apple's iOS/iPadOS 18.3.1 patch fixes a significant zero-click vulnerability exploited against journalists with Graphite spyware.

Apple

fromArs Technica

Coming to Apple OSes: A seamless, secure way to import and export passkeys

Apple's new feature aims to enhance passkeys' transferability across devices, addressing a significant limitation of current passkey systems.

Apple fixes new iPhone zero-day bug used in Paragon spyware hacks | TechCrunch

Apple fixed a crucial flaw exploited by Paragon spyware in iOS 18.3.1 after journalists' iPhones were hacked.

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Apple addressed a significant vulnerability in its Messages app that was exploited to target journalists with advanced spyware.

22 hours ago

Apple squashes zero-click bug used for spyware attacks

Apple's iOS/iPadOS 18.3.1 patch fixes a significant zero-click vulnerability exploited against journalists with Graphite spyware.

Apple

fromArs Technica

Coming to Apple OSes: A seamless, secure way to import and export passkeys

Apple's new feature aims to enhance passkeys' transferability across devices, addressing a significant limitation of current passkey systems.

Apple fixes new iPhone zero-day bug used in Paragon spyware hacks | TechCrunch

Apple fixed a crucial flaw exploited by Paragon spyware in iOS 18.3.1 after journalists' iPhones were hacked.

Marketing tech

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

Growth hacking

CISO who helped unmask Badbox warns: Version 3 is coming

Marketing tech

WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network

Artificial intelligence

How Cisco plans to stop rogue AI agent attacks inside your network

Information security

INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure

Node JS

Developers beware: Malware has been found in a dozen popular NPM packages - here's what you need to know

Marketing tech

23 hours ago

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

A large-scale cybersecurity campaign is compromising legitimate websites through malicious JavaScript injections utilizing an obfuscation technique known as JSFireTruck.

Growth hacking

CISO who helped unmask Badbox warns: Version 3 is coming

Badbox 2.0, a sophisticated botnet targeting smart devices, may launch new attacks despite efforts from security teams to disrupt its operations.

Marketing tech

WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network

VexTrio is a sophisticated cybercriminal organization linked to multiple traffic distribution services, specializing in spreading malware and scams.

How Cisco plans to stop rogue AI agent attacks inside your network

AI is challenging traditional cybersecurity defenses by exponentially enhancing the threat landscape.

INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure

INTERPOL dismantled over 20,000 malicious IPs linked to information-stealing malware in a global operation involving 26 countries.

Node JS

Developers beware: Malware has been found in a dozen popular NPM packages - here's what you need to know

Over a dozen NPM packages have been compromised, delivering malware that allows attackers to control infected machines.

Rinki Sethi Hired as Chief Security Officer at Upwind

Rinki Sethi joins Upwind as Chief Security Officer, leveraging her extensive cybersecurity experience.

Tech industry

Employers are demanding too much from junior cyber recruits

Women in technology

Rinki Sethi Hired as Chief Security Officer at Upwind

Rinki Sethi joins Upwind as Chief Security Officer, leveraging her extensive cybersecurity experience.

Tech industry

Employers are demanding too much from junior cyber recruits

more#career-development

#ai

Zero-click attack reveals new AI vulnerability

Echoleak exposes vulnerabilities in AI assistants like Microsoft 365 Copilot through subtle prompt manipulation, representing a shift in cybersecurity attack vectors.

fromBusiness Matters

Artificial intelligence

House of Lords AI summit at London Tech Week warns of 'skills cliff edge' threatening UK's competitive future

Artificial intelligence

CIO wants to clone top techies as digital twin and AI agents

Zero-click attack reveals new AI vulnerability

Echoleak exposes vulnerabilities in AI assistants like Microsoft 365 Copilot through subtle prompt manipulation, representing a shift in cybersecurity attack vectors.

fromBusiness Matters

Artificial intelligence

House of Lords AI summit at London Tech Week warns of 'skills cliff edge' threatening UK's competitive future

Artificial intelligence

CIO wants to clone top techies as digital twin and AI agents

Privacy technologies

6 Google Chrome Extensions Expose User Information

Some popular Google Chrome extensions expose user data over unencrypted HTTP, increasing vulnerability to MITM attacks.

Information security

40,000 IoT Security Cameras Are Exposed Online

Exposed IoT cameras worldwide pose significant security risks, potentially enabling espionage and cyberattacks.

Privacy technologies

6 Google Chrome Extensions Expose User Information

Some popular Google Chrome extensions expose user data over unencrypted HTTP, increasing vulnerability to MITM attacks.

40,000 IoT Security Cameras Are Exposed Online

Exposed IoT cameras worldwide pose significant security risks, potentially enabling espionage and cyberattacks.

Artificial intelligence

AI security blunders have cyber professionals scrambling

5 months ago

Startup companies

Bedrock Security Cofounder and CEO on Why Security Must Start with Data Visibility | HackerNoon

fromLondon On The Inside

Privacy technologies

Brits Are Flocking to Online Casinos | But What Are They Doing to Protect Their Data?

AI security blunders have cyber professionals scrambling

Generative AI has become essential for businesses but poses significant cybersecurity risks.

5 months ago

Startup companies

Bedrock Security Cofounder and CEO on Why Security Must Start with Data Visibility | HackerNoon

fromLondon On The Inside

Privacy technologies

Brits Are Flocking to Online Casinos | But What Are They Doing to Protect Their Data?

Data breach victims: Here's how your personal information is sold to criminals

Data breaches expose vast amounts of personal information, leading to identity theft and fraud.

Criminals often sell stolen data in markets to maximize their profits.

Marketing tech

Critical Wazuh bug exploited in Mirai botnet expansion drive

Marketing tech

DNS analysis reveals links between VexTrio and WordPress hackers

Digital life

fromFast Company

Data breach victims: Here's how your personal information is sold to criminals

Data breaches expose vast amounts of personal information, leading to identity theft and fraud.

Criminals often sell stolen data in markets to maximize their profits.

Marketing tech

Critical Wazuh bug exploited in Mirai botnet expansion drive

Marketing tech

DNS analysis reveals links between VexTrio and WordPress hackers

more#cybercrime

CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk

The security landscape is overwhelmed with alerts, leading to fatigue among analysts and often significant risks slipping through the cracks.

Information security

How a fake cybersecurity firm became a real threat

Cybercriminals orchestrated a sophisticated job scam using a fake cybersecurity company to exploit trust in the digital world.

Application security risk: How leaders can protect their businesses

Application security is increasingly challenging due to software complexity and pressure for rapid feature rollout.

#china

US news

China Wants Our Hearts. Literally.

European startups

Chinese Industrial Espionage: What Happens in the Netherlands Doesn't Stay in the Netherlands

2 months ago

Tech industry

Salt Typhoon: The Hidden Hand Behind the Telecom Gift Card Scam? | HackerNoon

US news

China Wants Our Hearts. Literally.

China poses a significant threat to U.S. networks and critical infrastructure via cyberattacks and data theft.

European startups

Chinese Industrial Espionage: What Happens in the Netherlands Doesn't Stay in the Netherlands

China's intelligence operations in the Netherlands threaten national security and global supply chains.

Strengthened U.S.-Dutch cooperation is essential to counter Chinese espionage.

2 months ago

Tech industry

Salt Typhoon: The Hidden Hand Behind the Telecom Gift Card Scam? | HackerNoon

Sitting U.S. Senators Aren't Safe From Arrest - See Also - Above the Law

Senator Padilla's arrest raises concerns about law enforcement ethics during a political duty.

Criticism of state bar actions reflects broader issues of accountability in the legal profession.

Online marketing

fromTechRadar

No, those amazing deals on Facebook aren't real - it's a scam, and here's how to spot it

Scammers exploit Facebook Marketplace with fake domains to promote luxury products at unrealistic prices, resulting in financial loss for victims.

Pentagon IT projects have lots of things to to fix, says GAO

US government auditors have been attempting to improve the Pentagon's IT programs for years, but reports indicate it remains a challenging task.

DevOps

'Major compromise' at NHS temping arm never disclosed

Cybercriminals breached NHS Professionals, stealing their Active Directory database; incident was not publicly disclosed.

1 week ago

How to Tackle New Cybersecurity Threats and Data Breaches | HackerNoon

Cybersecurity threats are escalating, emphasized by a significant increase in cyberattacks and high-profile data breaches in 2024.

'Major compromise' at NHS temping arm never disclosed

Cybercriminals breached NHS Professionals, stealing their Active Directory database; incident was not publicly disclosed.

1 week ago

How to Tackle New Cybersecurity Threats and Data Breaches | HackerNoon

Cybersecurity threats are escalating, emphasized by a significant increase in cyberattacks and high-profile data breaches in 2024.

more#data-breach

#ai-security

Cisco eyes network security gains for agentic AI

Cisco is enhancing its security solutions to tackle AI-related security challenges and complexity for enterprises.

New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes

A new attack technique called TokenBreak can bypass LLM safety measures using a single character change.

Cisco eyes network security gains for agentic AI

Cisco is enhancing its security solutions to tackle AI-related security challenges and complexity for enterprises.

New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes

A new attack technique called TokenBreak can bypass LLM safety measures using a single character change.

Artificial intelligence

First-ever zero-click attack targets Microsoft 365 Copilot

Artificial intelligence

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

fromCSO Online

First-ever zero-click attack targets Microsoft 365 Copilot

EchoLeak is a zero-click vulnerability in Microsoft 365 Copilot that allows hackers to exfiltrate sensitive corporate data via a single email.

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

The EchoLeak vulnerability in Microsoft 365 Copilot is a severe zero-click AI attack, allowing data exfiltration without user interaction.

more#ai-vulnerability

EU data protection

Apple encryption row: Does law enforcement need to use Technical Capability Notices? | Computer Weekly

End-to-end encryption presents challenges for law enforcement, but traditional investigative techniques can still lead to successful prosecutions.

#supply-chain

SF food

Whole Foods tells staff cyberattack at its primary distributor UNFI will affect product availability | TechCrunch

Information security

Security Leaders Discuss the Whole Foods Distributor Cyberattack

SF food

Whole Foods tells staff cyberattack at its primary distributor UNFI will affect product availability | TechCrunch

Information security

Security Leaders Discuss the Whole Foods Distributor Cyberattack

Public sector organizations are drowning in security debt

Public sector struggles with security vulnerabilities, needing nearly a year to address software flaws, highlighting significant security debt.

Growth hacking

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

The UNK_SneakyStrike campaign poses a significant threat to Microsoft Entra ID accounts through sophisticated attacks.

TeamFiltration tool enables attackers to perform account takeovers efficiently.

Cybersecurity experts discover 20 apps skimming your digital wallet

Millions at risk of losing cryptocurrency due to malicious apps on Google Play Store.

Trump EO axes digital IDs, blames 'illegal aliens' for fraud

Trump's executive order dismantles Biden's digital ID protections aimed at combating cybercrime.

The move faces criticism for potentially increasing fraud and undermining cybersecurity efforts.

fromPinkNews | Latest lesbian, gay, bi and trans news | LGBTQ+ news

Grindr users should watch out for this 'red flag' to stay safe, expert warns

Online dating apps carry risks of cybercrime and users should take precautions to stay safe.

fromForbes

Online marketing

Chrome, Safari And Edge Warning-Do Not Use Any Website On This List

fromABC7 Chicago

Artificial intelligence

'Grey's Anatomy' star Chris Carmack, wife fall victim to online AI scam, now raising awareness

Cryptocurrency

fromMail Online

Cybersecurity experts discover 20 apps skimming your digital wallet

Millions at risk of losing cryptocurrency due to malicious apps on Google Play Store.

Trump EO axes digital IDs, blames 'illegal aliens' for fraud

Trump's executive order dismantles Biden's digital ID protections aimed at combating cybercrime.

The move faces criticism for potentially increasing fraud and undermining cybersecurity efforts.

fromPinkNews | Latest lesbian, gay, bi and trans news | LGBTQ+ news

Grindr users should watch out for this 'red flag' to stay safe, expert warns

Online dating apps carry risks of cybercrime and users should take precautions to stay safe.

fromForbes

Online marketing

Chrome, Safari And Edge Warning-Do Not Use Any Website On This List

fromABC7 Chicago

Artificial intelligence

'Grey's Anatomy' star Chris Carmack, wife fall victim to online AI scam, now raising awareness

more#fraud-prevention

US government's vaccine website defaced with AI-generated content | TechCrunch

A U.S. government vaccine website has been defaced, now displaying AI-generated spam, reflecting a troubling trend in website security breaches and misinformation.

US news

Security Firm Targeted by China-Linked Hackers

SentinelLABS successfully defended against reconnaissance operations linked to China-nexus threat actors targeting various organizations across different sectors.

Privacy technologies

295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager

Security Firm Targeted by China-Linked Hackers

SentinelLABS successfully defended against reconnaissance operations linked to China-nexus threat actors targeting various organizations across different sectors.

Privacy technologies

295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager

more#threat-intelligence

Social media marketing

fromFox News

When clicks turn into scams on Facebook ads

Scam ads on Facebook have become more sophisticated, leveraging AI and deepfake technology to mislead users effectively.

Germany news

fromwww.dw.com

Germany updates: Russian imports fell 95% since Ukraine war DW 06/11/2025

Germany has drastically reduced its trade with Russia since the Ukraine war, with a 95% decrease in imports.

Gunther Uecker, famed nail artist, has passed away at 95, marking a significant loss to the art community.

Cyberattacks are affecting a segment of German businesses, although most report minimal damage.

#privacy

Privacy technologies

How to turn on Android's Private DNS Mode - and why your security depends on it

Privacy technologies

40,000 cameras expose feeds to datacenters, health clinics

Privacy technologies

How to turn on Android's Private DNS Mode - and why your security depends on it

Privacy technologies

40,000 cameras expose feeds to datacenters, health clinics

more#privacy

Investor behaviour in the wake of cyber's 'black swan' moment | Computer Weekly

The UK is experiencing a significant cybersecurity crisis, marked by unprecedented simultaneous breaches that challenge assumed forecasts of risk.

Why DNS Security Is Your First Defense Against Cyber Attacks?

Securing the Domain Name System (DNS) is essential to prevent significant cybersecurity vulnerabilities.

How to Build a Lean Security Model: 5 Lessons from River Island

Lean security models can be highly effective even in resource-constrained environments.

#zero-trust

Information security

Research shows the financial benefits of implementing zero trust

fromSiliconANGLE

Digital life

Exploring Zscaler's "zero trust everywhere" approach - SiliconANGLE

Information security

Research shows the financial benefits of implementing zero trust

fromSiliconANGLE

Digital life

Exploring Zscaler's "zero trust everywhere" approach - SiliconANGLE

Microsoft warns of 66 flaws to fix for this Patch Tuesday

Microsoft's latest Patch Tuesday addresses critical flaws, including two actively exploited bugs, highlighting urgent security measures necessary for various platforms.

Bootstrapping

Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild

Microsoft patched 67 security flaws, including a critical zero-day vulnerability in WEBDAV exploited in active attacks.

Information security

June Patch Tuesday brings a lighter load for defenders | Computer Weekly

Tech industry

Microsoft warns of 66 flaws to fix for this Patch Tuesday

Microsoft's latest Patch Tuesday addresses critical flaws, including two actively exploited bugs, highlighting urgent security measures necessary for various platforms.

Bootstrapping

Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild

Microsoft patched 67 security flaws, including a critical zero-day vulnerability in WEBDAV exploited in active attacks.

fromYanko Design - Modern Industrial Design News

Information security

June Patch Tuesday brings a lighter load for defenders | Computer Weekly

Most Americans Choose Convenience Over Password Security

One in three Americans choose convenience over security in authentication, especially Gen Z.

Gadgets

fromwww.independent.co.uk

This Rugged Mini PC Is Built for Hackers, Tinkerers, and Total Geeks - Yanko Design

The GPD MicroPC 2 is a powerful handheld PC designed for technical professionals, featuring improved performance and increased utility compared to its predecessor.

Inside the DragonForce and Scattered Spider hacker groups linked to M&S cyberattack

At such a critical moment in US history, we need reporters on the ground.

UK news

fromDevOps.com

Datadog Adds Raft of Additional AI Agents and Tools to Portfolio - DevOps.com

Datadog launches AI agents for task automation, enhancing operations and application performance.

Your Android phone is getting new security protections - and it's a big deal for enterprises

Google's Android Enterprise platform enhances mobile security for organizations, addressing vulnerabilities in unmanaged devices.

Information security

Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

Mobile UX

Your Android phone is getting new security protections - and it's a big deal for enterprises

Google's Android Enterprise platform enhances mobile security for organizations, addressing vulnerabilities in unmanaged devices.

Information security

Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

Judge: OPM likely broke privacy law with DOGE access

The US federal government's HR department illegally granted access to sensitive personnel records, violating privacy laws and cybersecurity safeguards.

Trump Administration Executive Order Changes Cybersecurity Policy

The new executive order by the Trump Administration amends cybersecurity policies, reversing key elements of previous administrations' strategies.

fromEntrepreneur

TSA Warns Air Travelers About Airport 'Juice Jacking' Scam | Entrepreneur

In a Facebook post, the TSA warns that those stations are prime hunting spots for data and identity thieves, thanks to a practice called 'juice jacking.'

Growth hacking

UK defence scheme invests in future cyber tech Cheri | Computer Weekly

This project is directly focused on ensuring communication systems and active control systems are more robust, higher integrity, and are inherently secured against broad-based cyber attacks.

Tech industry

Privacy technologies

Google brute-force attack exposes phone numbers in minutes

A flaw in Google's authentication systems leaves users' phone numbers vulnerable to brute-force attacks.