Ivanti customers are confronting another string of attacks linked to an actively exploited vulnerability in the company’s VPN products. Mandiant said a nation-state backed espionage group linked to China has been exploiting the critical vulnerability, CVE-2025-22457, since mid-March. The threat group, which Google Threat Intelligence Group tracks as UNC5221, has a knack for exploiting Ivanti…
Category: Threats
bulletproof hosting, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), fast flux, Global Security News, Government, National Security Agency (NSA), Threats
International intelligence agencies raise the alarm on fast flux
International intelligence and cybersecurity agencies jointly issued a warning Thursday about “fast flux,” an advanced technique used by cybercriminals and state-sponsored actors to evade detection and maintain resilient command and control infrastructure. Fast flux involves rapidly changing or swapping out IP addresses linked to a particular domain. These quick changes render malicious activity nearly invisible…
Cybersecurity, Geopolitics, Global Security News, Government, Threats
Cybercom discovered Chinese malware in South American nations — Joint Chiefs chairman nominee
The post Cybercom discovered Chinese malware in South American nations — Joint Chiefs chairman nominee appeared first on CyberScoop.
Andrew Garbarino, budget, CISA, Connecticut, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Eric Swalwell, Federal Emergency Management Agency, FEMA, Global Security News, Government, House Homeland Security Committee, Kentucky, Local Government, Money, MS-ISAC, Policy, State Government, Threats, Utah
Renew — but improve — billion-dollar cyber grant program to states and locals, House witnesses say
It’s vital that Congress renew the expiring $1 billion state and local cybersecurity grant program, witnesses testified before a House panel, but they added that it could benefit from some upgrades, too. New York Rep. Andrew Garbarino, chairman of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection that held the hearing Tuesday, said…
cisco, Cisco Talos, credential theft, Cybercrime, Cybersecurity, Global Security News, identity, identity authentication, Ransomware, Research, Threats
Identity lapses ensnared organizations at scale in 2024
Cybercriminals predominantly relied on weaknesses in identity controls to afflict organizations in 2024, with valid accounts being the main way they gained access for the second year in a row, Cisco Talos said in an annual report released Monday. Across the incident response cases Cisco Talos responded to last year, 60% involved an identity attack…
crowdstrike, Cybercrime, Cybersecurity, Dtex Systems, Global Security News, North Korea, North Korean IT workers, Palo Alto Networks, Research, Threats, Unit 42
The North Korea worker problem is bigger than you think
North Korean nationals have infiltrated businesses across the globe with a more expansive level of organization and deep-rooted access than previously thought, insider risk management firm DTEX told CyberScoop. This swarm of technical North Korean experts isn’t just intruding businesses as ad hoc freelance IT workers; they’ve gained full-time employment as engineers and specialists of…
Cybersecurity, extensions, Global Security News, Research, threat, Threats, Web Browsers
Browser extension sales, updates pose hidden threat to enterprises
Sometimes the simplest pieces of software can cause the most complex security headaches for organizations. Browser extensions, which can be bought, sold and repurposed without warning, are a blind spot for organizations — ignored and often left unrecognized as a hidden threat. John Tuckner, founder of the browser extension security company Secure Annex, recently demonstrated…
Cloud Security, Cybersecurity, Exploits, Global Security News, Kubernetes, Nginx, open source, open source software, Research, Threats
String of defects in popular Kubernetes component puts 40% of cloud environments at risk
More than 40% of cloud environments are at risk of an account takeover due to a series of five recently discovered vulnerabilities — one regarded critical — in the Ingress Ngnix Controller for Kubernetes, according to security research published this week. Upon discovering the string of vulnerabilities in one of most widely used ingress controllers…
Canada, Cybercrime, Cybersecurity, Department of Justice (DOJ), extradition, Global Security News, hacking, indictment, North America, Ransomware, Snowflake, Threats
Canadian citizen allegedly involved in Snowflake attacks consents to extradition to US
A Canadian citizen is one step closer to standing trial in the United States for his alleged involvement in a series of attacks targeting as many as 165 Snowflake customers, one of the most widespread and damaging attack sprees on record. Connor Moucka consented to extradition on Friday to face 20 federal charges, including conspiracy…
APT37, APT43, china, Cybercrime, Cybersecurity, Evil Corp, Exploits, Global Security News, Government, India, Iran, Microsoft, microsoft windows, nation state threats, nation-state hackers, North Korea, pakistan, Ransomware, Research, Russia, Stanford University, Threats, trend micro, vulnerability, Windows, Zero Day Initiative, zero days
Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day
Cybercriminals working on behalf of at least six nation-states are actively exploiting a zero-day vulnerability in Microsoft Windows to commit espionage, steal data and cryptocurrency, according to Trend Micro researchers. The vulnerability, which Trend Micro tracks as ZDI-CAN-25373, allows attackers to execute hidden malicious commands due to the way Windows displays the contents of shortcut…
cyberattacks, Cybersecurity, exploit, Exploits, Global Security News, Security Bloggers Network, Threats, vulnerability, zero day
Application Detection and Response Analysis: Why ADR? How ADR Works, and ADR Benefits
Two highly respected technology analysts from different cybersecurity disciplines are coming together to recommend that companies consider Application Detection and Response. Organizations face a constant barrage of cyber threats, including zero-day vulnerabilities that can exploit unknown weaknesses in software. Traditional security solutions often fall short in detecting and responding to these attacks, leaving organizations vulnerable.…
Amnesty International, Australia, Canada, Citizen Lab, Cyprus, Denmark, Europe, Global Security News, Israel, Italy, paragon, privacy, Singapore, Spyware, Threats
Six additional countries identified as suspected Paragon spyware customers
Researchers have identified suspected government customers of spyware company Paragon Solutions in six more countries that hadn’t previously been publicly identified, according to a report published Wednesday. The University of Toronto’s Citizen Lab said it mapped the infrastructure of Paragon’s Graphite tool after a tip from a collaborator, and found a subset of suspected Paragon…
AI, AI-powered solutions, Cybersecurity, cyberthreats, Exploits, Global Security News, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Threats, Threats & Breaches, vulnerabilities
The Future of Enterprise Security: AI-powered Lateral Defense in a Dynamic Threat Landscape
Attackers increasingly leverage AI-powered exploitation and can quickly identify vulnerable systems, infiltrate networks unnoticed and move laterally to compromise critical assets. The post The Future of Enterprise Security: AI-powered Lateral Defense in a Dynamic Threat Landscape appeared first on Security Boulevard.
Asia Pacific, Censys, Cybercrime, Cybersecurity, FCC, Federal Bureau of Investigation (FBI), FTC, Global Security News, imessage, Palo Alto Networks, Scam, Social Engineering, Threat Intelligence, Threats, Unit 42
Who is sending those scammy text messages about unpaid tolls?
It’s not just you. Seemingly everyone is getting those text messages that serve as a notification of an unpaid toll road violation. The past due is usually less than $25, but is often paired with threats of excessive penalties, suspended vehicle registrations and threats to report the fare to state motor vehicle agencies. None of…
Cybersecurity, Data Breaches, Data Security, Global Security News, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Threats
Reading the Data Breach Tea Leaves: Preventing Data Exfiltration Before it Happens
Data exfiltration has traditionally been the end goal among threat actors whether it’s for financial gain, political gain or to simply wreak havoc. The post Reading the Data Breach Tea Leaves: Preventing Data Exfiltration Before it Happens appeared first on Security Boulevard.
CryptoCurrency, Cybercrime, Cybersecurity, GitHub, Global Security News, Lazarus Group, malware, North Korea, npm, Research, Socket, software security, Threats
Lazarus Group deceives developers with 6 new malicious npm packages
Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post. The North Korea-linked threat group embedded BeaverTail malware into the npm packages to install backdoors and steal credentials and data…
Action1, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Microsoft, Patch Tuesday, Rapid7, Threats, vulnerabilities, zero days
Microsoft patches 57 vulnerabilities, including 6 zero-days
Microsoft patched 57 vulnerabilities affecting its foundational systems and core products, including six actively exploited zero-day vulnerabilities, the company said in its latest security update Tuesday. Four of the six zero-days, which were all added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog, are high-severity on the CVSS scale. The software defects…
Apple, Cybersecurity, Exploits, Global Security News, iOS, mac, patching, Safari, Technology, Threats, zero days
Apple discloses zero-day vulnerability, releases emergency patches
Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine. Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions. The sandbox is a security feature that isolates untrusted web content in order to prevent…
Check Point, Cybercrime, Cybersecurity, Dark Storm, DDoS, Elon Musk, F5, Global Security News, Threats, Twitter, X
X suffered a DDoS attack. Its CEO and security researchers can’t agree on who did it.
Social media service X was hit by a series of distributed denial-of-service attacks Monday, which rendered the platform formerly known as Twitter inaccessible at times for users with intermittent outages and errors, according to researchers. The cause of those attacks has been much harder to discern. Elon Musk, the site’s owner, described the incident as…
Cybercrime, Cybersecurity, Exploits, extortion, Federal Bureau of Investigation (FBI), Global Security News, Healthcare, Ransomware, Threats
Ransomware poseurs are trying to extort businesses through physical letters
The FBI and threat researchers are warning executives to be on the lookout for physical letters in the mail threatening to leak sensitive corporate data. The letters, which are stamped “time sensitive read immediately” and shipped directly to executives through the Postal Service, are part of a nationwide scam designed to extort victims into paying…
APT27, china, Cybercrime, Cybersecurity, Exploits, Global Security News, hacking, ivanti, Microsoft Threat Intelligence Center, Research, silk typhoon, Threats
Silk Typhoon shifted to specifically targeting IT management companies
The Chinese state-backed threat group Silk Typhoon shifted tactics in late 2024 to broaden access and enable follow-on attacks against downstream customers of its initial targets, Microsoft Threat Intelligence said in a blog released Wednesday. The Chinese espionage group, which is also known as APT27, has abused stolen API keys and credentials for privileged access…
Asia Pacific, china, Cybercrime, Cybersecurity, Department of Justice (DOJ), Federal Bureau of Investigation (FBI), Geopolitics, Global Security News, Government, indictment, Legal, Threats, Treasury Department
US indicts 12 Chinese nationals for vast espionage attack spree
The Justice Department on Wednesday indicted 12 Chinese nationals for their alleged involvement in an extensive nation-state-backed espionage campaign that included a spree of attacks on U.S. federal and state agencies, including the late 2024 attack targeting the Treasury Department. Officials accused the Chinese individuals, including two officers of China’s Ministry of Public Security, eight…
crowdstrike, Cybercrime, Cybersecurity, Global Security News, hacking, Palo Alto Networks, Ransomware, ReliaQuest, Research, Threat Intelligence, Threats, Unit 42
Cybercriminals picked up the pace on attacks last year
Threat actors became increasingly efficient last year, rapidly achieving lateral movement and swiftly stealing data at a faster clip than ever before, according to multiple threat intelligence firms. The reduced time frame is a clear indicator that cybercriminals are constantly improving their ability to be successful. With the abuse of legitimate system tools to help…
Cybersecurity, Global Security News, Metrics, performance, risk, Risk Management, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Threats, Threats & Breaches, vulnerabilities
Juggling Cyber Risk Without Dropping the Ball: Five Tips for Risk Committees to Regain Control of Threats
By dismantling silos and enabling continuous visibility, organizations can strengthen their cybersecurity posture and align risk management with long-term business success. The post Juggling Cyber Risk Without Dropping the Ball: Five Tips for Risk Committees to Regain Control of Threats appeared first on Security Boulevard.
Bennie Thompson, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS), Global Security News, House Homeland Security Committee, Jake Williams, Russia, Threats
DHS says CISA won’t stop looking at Russian cyber threats
The Department of Homeland Security said that its Cybersecurity and Infrastructure Security Agency will continue to pay attention to Russian cyber threats, contrary to media reports suggesting the opposite. The Guardian reported last week that a recent CISA memo setting out priorities for the agency didn’t list Russia among them, while including Chinese threats and…
cyber espionage, Cybercrime, Cybersecurity, data theft, Department of Justice (DOJ), Global Security News, Google Threat Intelligence Group, North America, Ransomware, Research, Russia, Snowflake, Threats, Unit 221B
Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies
U.S. authorities say a 21-year-old U.S. Army soldier attempted to sell stolen sensitive information to a foreign intelligence service as part of a broader effort to extort victims and leak call records of high-ranking public officials. In November while on active duty, Cameron Wagenius made multiple attempts to extort $500,000 from a major telecommunications company…
AppSec, Explainers, Global Security News, Legit, Security Bloggers Network, Threats
The 2025 State of Application Risk Report: Understanding Toxic Combinations in Application Security
Get details on the most common toxic combinations Legit unearthed in enterprises’ software factories. The post The 2025 State of Application Risk Report: Understanding Toxic Combinations in Application Security appeared first on Security Boulevard.
Asia Pacific, china, crowdstrike, Cybersecurity, Global Security News, nation state threats, Research, Salt Typhoon, Threats, Volt Typhoon
It’s not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills
Cyberattacks carried out by China-backed nation-state actors surged last year, showcasing technical advancements and specialized targeting in a broader escalation of the country’s ability to infiltrate global critical infrastructure, CrowdStrike said in an annual threat report released Thursday. “After decades of investment into China’s offensive capabilities, they’re now on par with other world powers,” Adam…
Cybercrime, Cybersecurity, data theft, encryption, extortion, Global Security News, Incident Response, Palo Alto Networks, Ransomware, Research, Threats, Uncategorized, Unit 42
Threat actors are increasingly trying to grind business to a halt
Cybercriminals intentionally disrupted operations at a growing rate last year, Palo Alto Networks’ threat intelligence firm Unit 42 said in an annual incident response report released Tuesday. Of the nearly 500 major cyberattacks Unit 42 responded to last year, 86% involved business disruption, including operational downtime, fraud-related losses, increased operating costs and negative reputational impacts. …
Artificial Intelligence, Artificial Intelligence (AI), china, Cyber Command, cyber workforce, cybersecurity workforce, DistrictCon, Gen. Paul Nakasone, Geopolitics, Global Security News, hunt forward operations, Iran, Joint Chiefs of Staff, National Security Agency, National Security Agency (NSA), North America, nsa, openai, Paul Nakasone, Pete Hegseth, Ransomware, Russia, Salt Typhoon, telecommunications, telecoms, Threats, Vanderbilt University, Workforce
Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace
The United States is falling “increasingly behind” its adversaries in cyberspace, a former Cyber Command and National Security Agency boss said Saturday. Speaking at the DistrictCon cybersecurity conference in Washington, D.C., retired Gen. Paul Nakasone said that “our adversaries are continuing to be able to broaden the spectrum of what they’re able to do to…
china, cisco, Cisco IOS XE, Cisco Talos, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Research, Salt Typhoon, telecommunications, Threat Intelligence, Threats
Salt Typhoon gained initial access to telecoms through Cisco devices
Salt Typhoon gained initial access to Cisco devices as part of the Chinese nation-state threat group’s sweeping attacks on U.S. telecom networks, the company confirmed Thursday in a threat intelligence report. Cisco Talos, the networking vendor’s threat intelligence unit, said it observed one instance where Salt Typhoon likely exploited a seven-year-old critical vulnerability in Cisco…
AI, Cybersecurity, DAR web, Global Security News, Scams, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Threats
AI is Making the Dark Web Even Darker
Dark web attacks have existed for years. What’s different now is the scale and sophistication that AI brings to them. The post AI is Making the Dark Web Even Darker appeared first on Security Boulevard.
Cybercrime, Cybersecurity, Global Security News, Google Threat Intelligence Group, GRU, messaging apps, phishing, Research, Russia, Sandworm, signal, Threats, Uncategorized
Russia-aligned threat groups dupe Ukrainian targets via Signal
Russian state threat groups have compromised Signal accounts used by Ukrainian military and government personnel to eavesdrop on real-time communications, Google Threat Intelligence Group said in a report released Wednesday. “This is a persistent, ongoing campaign being carried out by multiple different Russia-aligned threat actors,” Dan Black, principal analyst at Google Threat Intelligence Group, said…
Asia Pacific, children, china, Cybersecurity, Cynthia Kaiser, fbi, Federal Bureau of Investigation (FBI), Geopolitics, Global Security News, Salt Typhoon, sanctions, telecommunications, telecoms, Threats
Salt Typhoon telecom breach remarkable for its ‘indiscriminate’ targeting, FBI official says
One of the most notable elements of the monumental hack of major telecommunications companies is just how “indiscriminate” it was in its pursuit of data, a top FBI official said Wednesday. The FBI has been investigating the breach, which it has blamed on Chinese government hackers commonly known as Salt Typhoon. “What we found particularly…
Cybercrime, Cybersecurity, Darktrace, edge devices, Exploits, Fortinet, Global Security News, ivanti, Palo Alto Networks, Research, Threats, vulnerabilities, vulnerability
Edge device vulnerabilities fueled attack sprees in 2024
Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday. Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo…
Cybersecurity, Exploits, Global Security News, Microsoft, phishing, Research, Russia, Threat Intelligence, Threats, Volexity
Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts
Microsoft threat researchers discovered a series of what they are calling “device code” phishing attacks that allowed a suspected Russia-aligned threat group to gain access to and steal data from critical infrastructure organizations, the company said in research released Thursday. The group, which Microsoft tracks as Storm-2372, has targeted governments, IT services and organizations operating…
china, cisco, Cisco IOS XE, Cybersecurity, Exploits, Five Eyes, Global Security News, nation state threats, nation-state hackers, Recorded Future, Research, routers, Salt Typhoon, Threats, vulnerabilities
Salt Typhoon remains active, hits more telecom networks via Cisco routers
Salt Typhoon, the Chinese nation-state threat group linked to a spree of attacks on U.S. and global telecom providers, remains active in its intrusion and has hit multiple additional networks worldwide, including two in the United States, Recorded Future said in a report released Thursday. Recorded Future’s Insikt Group observed seven compromised Cisco network devices communicating…
CVE, Cybersecurity, Exploits, Global Security News, Microsoft, Microsoft Threat Intelligence Center, Research, Russia, Seashell Blizzard, Threats, Uncategorized, vulnerabilities
Russian state threat group shifts focus to US, UK targets
A subgroup of Seashell Blizzard has shifted its focus to targets in the U.S., Canada, Australia and the U.K. within the past year, expanding the scope of its malicious activity, Microsoft’s threat intelligence team said in a report released Wednesday. The initial-access operation, which Microsoft tracks as the “BadPilot campaign,” has allowed the Russian state…
bulletproof hosting, Cybercrime, Global Security News, LockBit, North America, Ransomware, Threats, Treasury Department, Zservers
U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure
A consortium of U.S., Australian and U.K. officials announced coordinated sanctions Tuesday against Zservers, a Russia-based bulletproof hosting provider. The action targets the company for its role in facilitating ransomware attacks, most notably those conducted by the LockBit ransomware-as-a-service (RaaS) group. Officials detailed that Zservers has long been linked to cybercriminal forums, where it has…
8base, Clop, Cybercrime, Cybersecurity, DoD Cyber Crime Center, Europe, Federal Bureau of Investigation (FBI), Global Security News, LockBit, Ransomware, Threats
Thai authorities detain four Europeans in ransomware crackdown
In a sweeping international law enforcement operation, Thai authorities arrested four Europeans in Phuket, accusing them of orchestrating ransomware attacks affecting Swiss companies worldwide. The suspects are allegedly tied to the 8Base ransomware-as-a-service (RaaS) gang, which extorted $16 million worth of Bitcoin from over 1,000 individuals. The operation, termed “Phobos Aetor,” reflected a tightly coordinated…
AI, Cybersecurity, Global Security News, ReversingLabs, Technology, Threat Intelligence, Threats, Uncategorized
Hugging Face platform continues to be plagued by vulnerable ‘pickles’
Researchers at ReversingLabs have identified at least two machine-learning models on Hugging Face, a popular platform for community AI development, that link to malicious web shells and managed to evade detection through the use of “pickling.” Pickle files are python-based modules that allow a developer to serialize and deserialize code. They’re commonly used by AI…
Akira, ALPHV, Chainalysis, Cybersecurity, Exploits, Federal Bureau of Investigation (FBI), Global Security News, INC, LockBit, Money, Ransomware, Threats, uk
Ransomware payments dropped 35% in 2024
Ransomware payments saw a dramatic 35% drop last year compared to 2023, even as the overall frequency of ransomware attacks increased, according to a new report released by blockchain analysis firm Chainalysis. The considerable decline in extortion payments is somewhat surprising, given that other cybersecurity firms have claimed that 2024 saw the most ransomware activity…
CVE, CVSS, Cybersecurity, Exploits, Global Security News, MITRE, National Vulnerability Database, NIST, Research, Threats, vulnerabilities
Infosec pros: We need CVSS, warts and all
A key pillar of a strong cybersecurity program is identifying vulnerabilities in the complex mix of software programs, packages, apps, and snippets driving all activities across an organization’s digital infrastructure. At the heart of spotting and fixing these flaws is the widely used Common Vulnerability Scoring System (CVSS), maintained by a nonprofit called the Forum…
Data Breaches, Donald Trump, Elon Musk, Exploits, FISMA, Global Security News, Government, OPM breach, Policy, Threats, Treasury Department
Cybersecurity, government experts are aghast at security failures in DOGE takeover
As the world’s richest man and his team from the Department of Government Efficiency continue their quest to dismantle federal agencies, cybersecurity experts, good government experts and Democrats are increasingly expressing outrage and alarm, in some cases likening the actions to an ongoing data breach. Elon Musk and employees from DOGE — which is, legally,…
Cybercrime, Cybersecurity, Exploits, Global Security News, intezer, Research, Solis Security, Threats, VeraCore, XE Group, zero days
From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts
A cybercriminal organization that has been operating for over a decade has moved from credit-card skimming to exploiting zero-day vulnerabilities, according to a joint investigation by cybersecurity firms Solis Security and Intezer. The group, tracked as XE Group, now poses heightened risks to global supply chains, particularly in manufacturing and distribution sectors, by leveraging stealthier…
Citizen Lab, Cybersecurity, Global Security News, ICE, NSO Group, paragon, privacy, Spyware, Technology, Threats, U.S. courts, WhatsApp
WhatsApp says it disrupted spyware campaign aimed at reporters, civil society
WhatsApp said Friday that it had disrupted a spyware campaign that targeted 90 people, including journalists and activists. The company tied to the campaign, according to WhatsApp, is Israeli firm Paragon, which last fall signed a $2 million contract with Immigration and Customs Enforcement and recently was purchased by U.S. private equity giant AE International.…
Cybercrime, Department of Justice (DOJ), Global Security News, HeartSender, phishing kit, Saim Raza, Threats
Department of Justice partners with Dutch police to break up HeartSender network
Authorities in the United States and the Netherlands have dismantled a sophisticated Pakistan-based cybercrime network known as Saim Raza. The operation, dubbed “Operation Heart Blocker,” culminated Wednesday with the coordinated seizure of 39 domains and servers. Also known as HeartSender, Saim Raza was responsible for developing and selling phishing kits, with the Department of Justice…
AI, Artificial Intelligence (AI), Cloud Security, Cybersecurity, deepseek, Global Security News, SQL query, Threats, Uncategorized, wiz
Wiz researchers find sensitive DeepSeek data exposed to internet
A security issue at Chinese artificial intelligence firm DeepSeek exposed over a million lines of sensitive internal data, including user chat histories, API secrets, and backend operational details, according to research published Wednesday by cloud security firm Wiz. The exposure, discovered earlier this month, stemmed from a publicly accessible ClickHouse database linked to DeepSeek’s systems.…
cracked, Cybercrime, Cybersecurity, Federal Bureau of Investigation (FBI), Global Security News, nulled, Threats
FBI seizes major cybercrime forums in coordinated domain takedown
The Federal Bureau of Investigation, along with several other international law enforcement departments, has seized control of several high-profile online platforms linked to cybercrime in a sweeping operation aimed at disrupting digital marketplaces for stolen credentials and hacking tools. The domains of forums Cracked[.]io and Nulled[.]to now redirect to FBI-controlled servers, signaling efforts to dismantle…
attacks, Cybersecurity, Featured, Global Security News, News, Ransomware, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight, survey, Threats
Survey Surfaces Extent of Financial Damage Caused by Ransomware Scourge
A global survey of 2,547 IT and cybersecurity practitioners finds 88% work for organizations that experienced one or more ransomware attacks in the past three months to more than 12 months, with well over half (58%) needing to, as a result, shut down operations and 40% reporting a significant loss of revenues. Conducted by the..…
Cloud Security, Cybersecurity, Featured, Global Security News, News, report, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight, Threats, Threats & Breaches, vulnerabilities
Google Issues Cloud Security Wake-Up Call as Threats Evolve
A report published by Google Cloud found nearly half (46%) of the observed security alerts involved a service account that was overprivileged. The post Google Issues Cloud Security Wake-Up Call as Threats Evolve appeared first on Security Boulevard.
backdoor, Black Lotus Labs, Cybersecurity, espionage, Europe, FreeBSD, Global Security News, Juniper Networks, Lumen Technologies, routers, Threats, virtual private network (VPN)
New backdoor discovered that specifically targets Juniper routers
Researchers at Black Lotus Labs have uncovered an operation where a back door is dropped onto enterprise-grade Juniper Networks routers and listens for specific network signals, known as “magic packets,” to execute malicious commands. The campaign, which researchers at the cybersecurity wing of Lumen Technologies refer to as “J-Magic,” was active between mid-2023 and mid-2024.…
Asia Pacific, BreachForums, Cybercrime, Department of Justice (DOJ), Global Security News, Pompompurin, Threats
BreachForums founder to be resentenced after court vacates previous punishment
A U.S. appeals court has vacated the initial sentence given to Conor Brian Fitzpatrick, who pleaded guilty in 2023 for charges related to his work as founder of the notorious BreachForums website. The appeal, filed by the U.S. government, signals that a new sentence could be much more harsh than the one initially issued last…
AI, ChatGPT, DDoS, Exploits, Global Security News, openai, Research, Technology, Threats
‘Severe’ bug in ChatGPT’s API could be used to DDoS websites
A vulnerability in ChatGPT’s API can generate DDoS attacks against targeted websites, but the security researcher who discovered it says the flaw has since been addressed by OpenAI. In a security advisory posted to the developer platform GitHub, German security researcher Benjamin Flesch detailed the bug, which occurs when the API is processing HTTP POST…
botnets, CloudFlare, Cybersecurity, DDoS, Global Security News, Internet of Things (IoT), Mirai, Qualys, Research, Threats
CloudFlare detected (and blocked) the biggest DDoS attack on record
Web infrastructure and security company Cloudflare says it detected the biggest Distributed Denial-of-Service (DDoS) attack ever recorded, a 5.6 terabits per second (Tbps) attack directed at an internet service provider (ISP) in Eastern Asia. Despite the staggering volume of the attack, Cloudflare successfully managed and mitigated it without human intervention. The company said in research…
credentials, Cybersecurity, data, Data Security, Featured, Global Security News, News, Social - Facebook, Social - LinkedIn, Social - X, Spotlight, Threats
Forescout Report Detail Hunters International Ransomware Gang Tactics
An analysis of the operations of Hunters International, the ransomware-as-a-service platform that has been used to compromise more than 200 organizations, conducted by Forescout Technologies reveals the cybercriminal syndicate that created it is employing a wide range of new and old tactics and techniques. The post Forescout Report Detail Hunters International Ransomware Gang Tactics appeared…
Department of Justice (DOJ), FSB, Geopolitics, Global Security News, Government, Microsoft, phishing, Russia, Star Blizzard, Threats, WhatsApp
Microsoft catches Russian state-sponsored hackers shifting tactics to WhatsApp
The cat-and-mouse game between state-sponsored Russian hackers and one of the world’s biggest technology companies has continued into 2025. Microsoft’s threat intelligence team published research Thursday examining how a state-sponsored Russian threat actor group, known as Star Blizzard, has altered its longstanding attack strategies to target WhatsApp accounts. This attack vector is a significant change…
Asia Pacific, china, Cybercrime, Department of Justice, Global Security News, Government, PlugX, Remote access trojan, Sekoia, Threats
Law enforcement action deletes PlugX malware from thousands of machines
U.S. and international law enforcement agencies have removed the PlugX malware from thousands of computers worldwide in a coordinated campaign to blunt the effectiveness of one of the most infamous pieces of malware used by malicious cyber actors. According to recently unsealed court documents from the Eastern District of Pennsylvania, the U.S. Department of Justice…
APT28, Europe, Fancy Bear, Global Security News, GRU, Kazakhstan, Russia, Sekoia, Threats
Fancy Bear spotted using real Kazak government documents in spearpishing campaign
A hacking group linked to Russian intelligence has been observed leveraging seemingly legitimate documents from the Kazakhstan government as phishing lures to infect and spy on government officials in Central Asia, according to researchers at Sekoia. The files, laced with malware, include draft versions of diplomatic statements, correspondence letters, internal administrative notes and other documents…
AI Tools, API security, Cybersecurity, Data Security, Featured, Global Security News, News, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, Spotlight, Threats
Exabeam Extends Scope and Reach of SIEM Platform
Exabeam today added a bevy of capabilities to its New-Scale Security Operations Platform, including support for open application programming interface (API) and an ability to search data stored in the LogRhythm security information event management (SIEM) platform it acquired last year. The post Exabeam Extends Scope and Reach of SIEM Platform appeared first on Security…
CVE, Cybersecurity, Exploits, Global Security News, industrial control systems (ICS), industrial IoT (IIoT), Moxa, Threats, vulnerabilities
Industrial networking manufacturer Moxa reports ‘critical’ router bugs
Firmware in cellular routers, secure routers and network security appliances made by Moxa are vulnerable to a pair of high severity bugs that can escalate privileges for an attacker, give root-level access or allow for unauthorized execution of commands. In a pair of CVEs published Jan. 3, Moxa called the flaws “critical” and warned they…
disinformation, election hacking, Geopolitics, Global Security News, Government, Iran, Russia, sanctions, Technology, Threats
US sanctions Russian, Iranian groups for election interference
The U.S. State Department has sanctioned two foreign organizations and one individual who it alleges worked on behalf of Russian and Iranian intelligence agencies to interfere in the 2024 U.S. general election. “These actors sought to stoke sociopolitical tensions and undermine our election institutions during the 2024 U.S. general election,” said State Department Press Secretary…
2 factor auth, 2-factor authentication, 2FA, AT&T, Best of 2024, Cloud MFA, Data leak, DUAL FACTOR AUTHENTICATION, Global Security News, MFA, mult-factor authentication, multi-factor authenication, multi-factor authentication, Multi-Factor Authentication (MFA), Multifactor Authentication, NYSE:SNOW, NYSE:T, privacy, SB Blogwatch, ShinyHunters, Snowflake, Social - Facebook, Social - LinkedIn, Social - X, Threats, two factor authentication, UNC5537
Best of 2024: AT&T Says 110M Customers’ Data Leaked — Yep, it’s Snowflake Again
Should’ve used MFA: $T loses yet more customer data—this time, from almost all of them. The post Best of 2024: AT&T Says 110M Customers’ Data Leaked — Yep, it’s Snowflake Again appeared first on Security Boulevard.
Asia Pacific, china, configuration managment, Cybersecurity, Federal Communications Commission, Global Security News, Government, hacking, information sharing, microsegmentation, Salt Typhoon, telecommunications, Threats, Vulnerability Management, White House
White House: Salt Typhoon hacks possible because telecoms lacked basic security measures
The White House said Friday that as the U.S. government continues to assess the damage caused by the Salt Typhoon hacks, the breach occurred in large part due to telecommunications companies failing to implement rudimentary cybersecurity measures across their IT infrastructure. Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technology,…
Asia Pacific, china, Commentary, critical infrastructure, Cybersecurity, cybersecurity harmonization, Federal Communications Commission, Geopolitics, Global Security News, Government, Salt Typhoon, Threats, White House
Feds lay blame while Chinese telecom attack continues
The United States’ telecommunications infrastructure has been infiltrated by actors affiliated with China. Some of our nation’s most powerful leaders have been targeted — including President-elect Donald Trump and Vice President-elect JD Vance. This is one of the most severe cybersecurity incidents against telecom the United States has ever been subject to, and — worse…
Cybercrime, Cybersecurity, Department of Justice (DOJ), Global Security News, Government, LockBit, Ransomware, Threats, Uncategorized
Justice Department unveils charges against alleged LockBit developer
The U.S. Department of Justice revealed charges Friday against Rostislav Panev, a dual Russian and Israeli national, for his alleged role as a developer in the notorious LockBit ransomware group. Panev was arrested in Israel following a U.S. provisional arrest request and is currently awaiting extradition. Authorities allege that Panev has been an instrumental figure…
Evil Corp, Global Security News, Government, Israel, National Crime Agency, operation cronos, Ransomware, Threats
Israeli court to hear U.S. extradition request for alleged LockBit developer
An Israeli Court is set to deliberate a significant extradition case involving Rostislav Panev, an Israeli citizen alleged to be involved with the notorious LockBit ransomware gang. According to Israeli news outlet Ynet, a U.S. extradition request was made public Thursday claiming that between 2019 and 2024, Panev served as a software developer for LockBit.…
AppSec, Best Practices, Global Security News, Legit, Security Bloggers Network, Threats
What Is Privilege Escalation? Types, Examples, and Prevention
Privilege escalation is a critical cybersecurity threat in which a user—usually a malicious actor—gains access to data beyond what their account permissions allow. Attackers can gain this access through human error, stolen credentials, or social engineering. The post What Is Privilege Escalation? Types, Examples, and Prevention appeared first on Security Boulevard.
Department of Justice (DOJ), Global Security News, Raccoon Infostealer, Threats
Ukrainian sentenced to five years in jail for work on Raccoon Stealer
Ukrainian national Mark Sokolovsky was sentenced Wednesday to five years in federal prison for his role in operating Raccoon Infostealer malware, which infiltrated millions of computers worldwide to steal personal data. According to court documents, Sokolovsky, 28, was integral to operations that allowed the leasing of Raccoon Infostealer for $200 per month, payable via cryptocurrency.…
Android, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), encrpytion, FIDO, Global Security News, Government, iPhone, Mobile Security, Multi-Factor Authentication (MFA), Salt Typhoon, signal, SIM Swapping, smartphone, Threats, Yubico
CISA pushes guide for high-value targets to secure mobile devices
The Cybersecurity and Infrastructure Security Agency unveiled a detailed set of guidelines Wednesday to safeguard the mobile communications of high-value government targets in the wake of the ongoing Salt Typhoon telecom breach. The guide aims to help both political and federal leadership harden their communications and avoid any data interception by the Chinese-linked espionage group.…
APT41, Asia Pacific, backdoor, china, Cybercrime, Geopolitics, Global Security News, Government, malware, nation-state hackers, php, QiAnXin, Threats, Winnti
PHP backdoor looks to be work of Chinese-linked APT group
Cybersecurity researchers at a China-based cybersecurity company have uncovered an advanced PHP backdoor that suggests a new asset in the arsenal of Chinese-linked Advanced Persistent Threat group Winnti. Researchers at QiAnXin’s XLab discovered the backdoor, which they titled Glutton, targeting China, the United States, Cambodia, Pakistan, and South Africa. After initially discovering the malware in…
Amnesty International, Amnesty Tech, Cellebrite, Donald Trump, Donncha Ó Cearbhaill, Geopolitics, Global Security News, Norway, NoviSpy, NSO Group, pegasus, privacy, Serbia, Spyware, surveillance, Threats
Amnesty International exposes Serbian police’s use of spyware on journalists, activists
Serbian police and intelligence authorities have combined phone-cracking technology with spyware to eavesdrop on activists and journalists there, Amnesty International revealed in a report Monday, in what the human rights group says could be a disturbing preview of a future era of digital surveillance. Amnesty International’s 87-page document surveys the broader picture of digital spying…
Explainers, Exploits, Global Security News, Security Bloggers Network, Threats
What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks
Zero-day vulnerabilities are serious threats. They’re completely unknown to both the vendor and the user. That gives attackers a significant advantage, allowing them to attack systems before patches are available. The post What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks appeared first on Security Boulevard.
booter and stresser services, Cybercrime, Cybersecurity, DDoS, Department of Justice (DOJ), Europe, Europol, Global Security News, Government, National Crime Agency, Threats
International crackdown disrupts DDoS-for-hire operations
In a sweeping international crackdown, law enforcement agencies from 15 countries, including the United States and multiple European nations, have dismantled 27 of the most popular platforms used for carrying out distributed denial-of-service (DDoS) attacks, Europol announced Wednesday. The operation, known as PowerOFF, has led to the arrest of three administrators in France and Germany…
Cybersecurity, Exploits, Geopolitics, Global Security News, Microsoft, Research, Threats, Turla
Turla living off other cybercriminals’ tools in order to attack Ukrainian targets
A Russian nation-state threat actor has been observed leveraging tools from other cybercriminal groups to compromise targets in Ukraine, a recent report by Microsoft Threat Intelligence disclosed. This clandestine approach, which is the second time in as many weeks that Microsoft has highlighted the group’s effort, shows how Turla uses a wide range of attack…
Clop, Exploits, Global Security News, LockBit, MITRE, Ransomware, Research, Technology, Threats
Latest round of MITRE ATT&CK evaluations put cybersecurity products through rigors of ransomware
MITRE Corporation released findings Wednesday from its latest round of ATT&CK evaluations, assessing the capabilities of enterprise cybersecurity solutions against some of the most prevalent ransomware tactics and North Korean malware. The sixth such evaluation from the nonprofit research organization measured 19 different vendors’ ability to protect enterprise systems by evaluating them against two prominent…