23Articles
8Categories
2025-04-23Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
23 AprCybersecurity Today: Virtual Employees, AI Security Agents, and CVE Program UpdatesIn this episode of 'Cybersecurity Today,' host Jim Love discusses various pressing topics in the realm of cybersecurity. Highlights include Anthropic's prediction on AI-powered virtual employees and their potential security risks, Microsoft’s introduction of AI security agents to…CYBERSECURITYTODAY.LIBSYN.COM
23 AprChinese hackers undertaking global infiltration campaign across 12 countries and 20 industriessubmitted by randomname to cybersecurity 26 points | 1 comments https://teamt5.org/en/posts/china-nexus-apt-exploits-ivanti-connect-secure-vpn-vulnerability-to-infiltrate-multiple-entities cross-posted from: scribe.disroot.org/post/2539529 Archived version Here is also a report .…INFOSEC.PUB
23 AprASUS releases fix for AMI bug that lets hackers brick serverssubmitted by BrikoX to cybersecurity 5 points | 0 comments https://www.bleepingcomputer.com/news/security/asus-releases-fix-for-ami-bug-that-lets-hackers-brick-servers/ ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attacker…SH.ITJUST.WORKS
⚠️ VULNERABILITY DISCLOSURE 5[−]
23 AprRegulating AI Behavior with a HypervisorInteresting research: “ Guillotine: Hypervisors for Isolating Malicious AIs .” Abstract :As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this …SCHNEIER.COM
23 AprThree Reasons Why the Browser is Best for Stopping Phishing AttacksPhishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before.  Attackers are increasingly leveraging identity-bas…THEHACKERNEWS.COM
23 AprRussian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsAppMultiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operati…THEHACKERNEWS.COM
23 AprUnderstanding the threat landscape for Kubernetes and containerized assetsThe dynamic nature of containers can make it challenging for security teams to detect runtime anomalies or pinpoint the source of a security incident, presenting an opportunity for attackers to stay undetected. Microsoft Threat Intelligence has observed threat actors taking advan…MICROSOFT.COM
23 AprWhat is slopsquatting, and how to protect your organizationHow to protect your IT developers from attacks exploiting AI-hallucinated packagesKASPERSKY.COM
📢 SECURITY ADVISORIES 1[−]
🔥 INCIDENT REPORTING 1[−]
23 AprCynomi cinches $37M for its AI-based ‘virtual CISO’ for SMB cybersecuritySmall and medium businesses are the latest targets for cybersecurity attacks, with one in three small businesses experiencing a data breach last year. SMBs are becoming more proactive in detecting and stopping these threats, and today a startup called Cynomi is announcing $37 mil…TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 5[−]
23 AprDPRK Hackers Steal $137M from TRON Users in Single-Day Phishing AttackMultiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily f…THEHACKERNEWS.COM
23 AprIran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job CampaignThe Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024. Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in…THEHACKERNEWS.COM
23 AprAmerica's cyber defenses are being dismantled from the insidesubmitted by cm0002 to cybersecurity 52 points | 0 comments https://www.theregister.com/2025/04/23/trump_us_security/INFOSEC.PUB
23 AprWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 3 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
23 AprRussian Infrastructure Plays Crucial Role in North Korean Cybercrime OperationsIn this blog entry, we discuss how North Korea's significant role in cybercrime – including campaigns attributed to Void Dokkaebi – is facilitated by extensive use of anonymization networks and the use of Russian IP ranges.TRENDMICRO.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
23 AprAndroid Spyware Disguised as Alpine Quest App Targets Russian Military DevicesCybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software …THEHACKERNEWS.COM
23 AprEndor Labs, which builds tools to scan AI-generated code for vulnerabilities, lands $93MAI-generated code is no doubt changing how software is built, but it’s also introducing new security challenges. More than 50% of organizations encounter security issues with AI-produced code sometimes or frequently, according to a late 2023 survey by developer security platform …TECHCRUNCH.COM
23 AprHow fraudsters abuse Google Forms to spread scamsThe form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe.WELIVESECURITY.COM
🎙️ PODCASTS 1[−]
23 AprSmashing Security podcast #414: Zoom.. just one click and your data goes boom!Graham explores how the Elusive Comet cybercrime gang are using a sneaky trick of stealing your cryptocurrency via an innocent-appearing Zoom call, and Carole goes under the covers to explore the extraordinary lengths bio-hacking millionaire Bryan Johnson is attempting to extend …GRAHAMCLULEY.COM
📡 INFOSEC NEWS 4[−]
23 AprDOGE Worker’s Code Supports NLRB WhistleblowerA whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for DOG…KREBSONSECURITY.COM
23 AprBlue Shield of California shared the private health data of millions with Google for yearsThe health insurance giant is notifying at least 4.7 million patients of the security lapse.TECHCRUNCH.COM
23 AprTech resilience, breakout startups, and banking reinvented: The big conversations at StrictlyVC London in MayStrictlyVC is heading to London on May 13, uniting top investors and entrepreneurs to spark meaningful connections and drive forward innovation. We’re thrilled to welcome industry leaders like Nazo Moosa, general partner at Paladin Capital Group; Sonali De Rycker, partner at Acce…TECHCRUNCH.COM