Recent searches
Search options
#Cyberthreats
Oh look, another thrilling tale of how #Microsoft bravely "uncovered" a password spray #attack with all the subtlety of a slow-motion car crash. 
Apparently, logging in successfully is now a criminal offense—let's all panic! 
https://petrasecurity.substack.com/p/unmasking-a-slow-and-steady-password #Security #PasswordSpray #CyberThreats #TechNews #PanicAlert #HackerNews #ngated
Our latest summary is out, looking at an emerging Crypto-theft Trojan and a promising new recovery tool.
Stay ahead of the curve and read the full post here: https://opalsec.io/daily-news-update-sunday-march-31-2025-australia-melbourne/🔗
Key Takeaways:
* 
Steals crypto wallet seed phrases using Accessibility Logger.
* 
Bypasses Android 13 security and Play Protect.
* 
Employs 23 bot commands, including call forwarding and RAT functionality.
* 
Hides activities with black screen overlays and muting.
Microsoft's Quick Machine Recovery Tool: Microsoft is testing a new tool for Windows 11 that could be a game-changer for dealing with boot crashes caused by buggy drivers and configurations. Imagine remotely fixing those dreaded BSODs! 
Here's the lowdown:
* 
Remotely fixes boot crashes caused by bad drivers/configs.
* 
Connects to Microsoft's servers to apply fixes.
* 
Could have made life much easier when recovering from the worldwide CrowdStrike outage from July last year.
* 
Customizable for enterprise users via RemoteRemedation CSP.
Don't forget to sign up for Opalsec to get actionable insights delivered straight to your inbox! 
https://opalsec.io/daily-news-update-sunday-march-31-2025-australia-melbourne/#/portal/signup
Let me know your thoughts in the comments below! 
#QuantumComputing: A Game-Changer for Security – Is Your Business Prepared?
Quantum technology is evolving fast, bringing both innovation and new cyber risks. Neuronus Computing offers free cybersecurity resources and expert penetration testing.
Read our latest blog to learn how Neuronus Computing can help protect your digital assets
with cutting-edge solutions!
https://neuronus.net/en/blog/ai-in-financial-services-reducing-risks-maximizing-profits
malicious npm packages (again) targeting cryptocurrency projects, CEOs cranky over CVEs, and BlackLock gets pantsed - here's your Friday wrap up in Infosec News
https://opalsec.io/daily-news-update-friday-march-28-2025-australia-melbourne/
Here's a quick rundown of what's inside:
npm Package Nightmare: 10 packages compromised by an infostealer campaign targeting developer environments. Sensitive data was siphoned off to a remote host. Most of the packages are still available on npm, so be careful!
Firefox Flaw: A critical sandbox escape vulnerability (CVE-2025-2857) patched in Firefox 136.0.4. Windows users, update ASAP! This one's similar to a Chrome zero-day used in espionage campaigns.
Ransomware Reckoning: Advanced, a UK healthcare IT provider, slapped with a £3.1 million fine after a LockBit ransomware attack. Lack of vulnerability scanning and poor patch management were key factors. Extension Exploitation: Browser extensions can be bought and repurposed, posing a sneaky threat to enterprises. An extension was bought for $50 and was quickly repurposed to redirect traffic.
Solar Scare: Dozens of vulnerabilities in solar inverters could let attackers disrupt power grids. Remote code execution, device takeover, and more are possible.
CrushFTP Clash: CEO responds aggressively to VulnCheck after critical unauthenticated access vulnerability (CVE-2025-2825) is released. Vulnerability disclosure and patching processes need to be improved!
Pegasus in Serbia: Journalists targeted with Pegasus spyware, marking the third time in two years that Amnesty has found Pegasus deployed against Serbian civil society. Mamont Malware: Russian authorities arrest three for developing the Mamont Android banking trojan. This malware steals financial data and spreads through Telegram.
Ransomware Reverse: Resecurity infiltrates the BlackLock ransomware gang, gathering intel to help victims. LFI vulnerability exploited, and data shared with authorities.
Stay vigilant out there, folks!
A recent paper describes an experimental attack against large language model (LLM) agents that underscores the importance of assessing risk when employing AI. The authors explain how they employed a memory injection attack to “produce harmful outputs when the past records retrieved for demonstration are malicious”.
I began thinking about the many malicious actors who might take advantage of this or other memory-poisoning attacks. I'm sure I've only identified a partial list.
https://interisle.substack.com/p/memory-injection-attacks-against
https://www.alojapan.com/1227639/rubrik-appoints-new-field-cto-for-asia-pacific-japan/ Rubrik appoints new field CTO for Asia Pacific & Japan #ArtificialIntelligence(AI) #AsiaPacific #BusinessContinuity #CloudSecurity #Cohesity #CyberResilience #CyberThreats #DataProtection #DataSecurity #EnterpriseSecurity #Japan #JapanNews #news #Rubrik Rubrik has announced the appointment of Sathish Murthy as Field Chief Technology Officer for the Asia Pacific and Japan regions. Sathish Murthy brings over 25 years of experience in data…
Oracle customers confirm threat actor's data samples as authentic after Oracle denied a breach of its Cloud servers. #OracleBreach #Cybersecurity #DataBreach #CloudSecurity #Infosec #Oracle #Hacking #ThreatActor #CyberThreats #SecurityNews #TechNews
Chinese hacking is becoming bigger, better and stealthier
https://www.economist.com/china/2025/03/25/chinese-hacking-is-becoming-bigger-better-and-stealthier
https://www.hhs.gov/sites/default/files/vidar-malware-analyst-note-tlpclear.pdf
#CyberSecurity #MalwareAlert
#VidarStealer #DataProtection #OnlineSafety #CyberThreats #DigitalSecurity #InfoStealer #CyberAwareness #MalwareAnalysis #CyberDefense #HackingTools #CyberCrime #DataBreach #CyberResilience #ThreatIntelligence #CyberProtection #OnlinePrivacy #MalwareDetection #CyberForensics #CyberSec
Africa: More Than 300 Arrests As African Countries Clamp Down on Cyber Threats: [Interpol] LYON -- Authorities in seven African countries have arrested 306 suspects and seized 1,842 devices in an international operation targeting cyber attacks and cyber-enabled scams. http://newsfeed.facilit8.network/TJkmRG #Africa #CyberSecurity #CyberThreats #Interpol #OnlineSafety
New VanHelsing Ransomware Expands Across Platforms, Targeting Enterprises with Lucrative Payouts
#Cybersecurity #VanHelsingRansomware #Ransomware #ThreatIntel #CyberThreats #Malware #EnterpriseSecurity #Cybercrime #CyberDefense #Infosec
New linux kernel Rust module unveiled to detect rootkits 
https://blog.thalium.re/posts/linux-kernel-rust-module-for-rootkit-detection/
Hybrid Threats and AI: Shaping the Future of EU’s Organized Threat Landscape in 2025 https://thecyberexpress.com/eu-socta-2025/ #ArtificialIntelligence #TheCyberExpressNews #TheCyberExpress #LawEnforcement #FirewallDaily #hybridthreats #CyberThreats #EU-SOCTA2025 #CyberNews
GitHub has removed a poisoned Action used in 23,000+ repos after it exfiltrated CI secrets, prompting concerns over supply chain security
#Cybersecurity #Microsoft #GitHub #CI_CD #DevSecOps #CyberThreats #GitHubActions #Malware #CodeSecurity #tjactions
Many industrial facilities now rely on interconnected systems to improve operations. 
However, when previously isolated Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) are connected to public internet-facing applications it creates new #cybersecurity risk. To protect ICS and SCADA systems from cyber threats, it's important to understand how these technologies fit into your environment and why #cybercriminals target them. 
Read this article to learn more about:
ICS SCADA The differences between OT, ICS, and SCADA How a SCADA system works The types of data SCADA systems collect How cybercriminals attack ICS and SCADA systems Best practices for securing ICS and SCADA systems Enabling Security Monitoring for ICS and SCADA
https://graylog.org/post/understanding-cybersecurity-for-scada/ #cyberthreats
A new phishing campaign tricks Mac users with fake security alerts, stealing Apple ID credentials
#Cybersecurity #macOS #Apple #Phishing #AppleSecurity #OnlineThreats #InfoSec #CyberThreats #SecurityAlert #MalwareAlert
https://winbuzzer.com/2025/03/20/sophisticated-phishing-campaign-targets-mac-users-xcxwbn/
HellCat Hackers Launch Global Assault on Jira: A Wake-Up Call for Cybersecurity
The notorious HellCat hacking group has intensified its attacks, compromising Jira servers worldwide and stealing sensitive data from major companies. This alarming trend highlights the vulnerabilitie...
DollyWay Malware Campaign Breaches 20,000 WordPress Sites: A Deep Dive into Cybersecurity Threats
The DollyWay malware campaign has compromised over 20,000 WordPress sites, evolving into a sophisticated redirection system that poses significant risks to both users and site administrators. As cyber...
Hundreds of malicious google play-hosted apps bypassed android 13 security with ease 
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
