As security professionals, it’s easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren’t from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of… Read More "Key Findings from the Blue Report 2025"
Aug 21, 2025Ravie LakshmananData Breach / Cybercrime A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection with a series of major hacks and cryptocurrency… Read More "Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft"
Aug 21, 2025Ravie LakshmananVulnerability / Zero-Day Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300,… Read More "Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks"
Aug 20, 2025Ravie LakshmananCyber Espionage / Vulnerability A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent… Read More "FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage"
Aug 20, 2025Ravie LakshmananVulnerability / Browser Security Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain… Read More "DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft"
Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number of risks, along with an increase in their frequency, variety, complexity, severity, and potential business impact. The… Read More "Turning BIA Insights Into Resilient Recovery"
Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into carrying out intended actions by embedding the malicious instruction inside a fake CAPTCHA check on a web page. Described by… Read More "Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts"
Aug 20, 2025The Hacker NewsArtificial Intelligence / Enterprise Security Do you know how many AI agents are running inside your business right now? If the answer is “not sure,” you’re not alone—and that’s exactly the concern. Across industries, AI agents… Read More "Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do"
North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025. The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted… Read More "North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms"
Aug 20, 2025Ravie LakshmananBotnet / Cybercrime A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot. Ethan Foltz of Eugene, Oregon, has been identified as the… Read More "DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks"
