Mar 07, 2025The Hacker NewsPayment Security / Compliance Access on-demand webinar here Avoid a $100,000/month Compliance Disaster March 31, 2025: The Clock is Ticking. What if a single overlooked script could cost your business $100,000 per month in non-compliance fines?… Read More "What PCI DSS v4 Really Means – Lessons from A&F Compliance Journey"
Mar 07, 2025Ravie LakshmananThreat Intelligence /Vulnerability Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. “The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in… Read More "PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors"
Mar 07, 2025Ravie LakshmananSecurity Breach / Cryptocurrency Safe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a “highly sophisticated, state-sponsored attack,” stating the North Korean threat actors behind the hack took steps… Read More "Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist"
Mar 06, 2025Ravie LakshmananThreat Intelligence / Vulnerability The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In… Read More "Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom"
Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into… Read More "Outsmarting Cyber Threats with Attack Graphs"
Mar 06, 2025Ravie LakshmananMalware / Ransomware The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. “EncryptHub has been observed… Read More "EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing"
Mar 06, 2025Ravie LakshmananData Security / Software Security Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as… Read More "Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution"
Mar 06, 2025Ravie LakshmananData Breach / Website Security Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. “Creating four backdoors facilitates the attackers having multiple points of re-entry should one… Read More "Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access"
The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At… Read More "Identity: The New Cybersecurity Battleground"
The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People’s… Read More "U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations"
