Cybersecurity Center

Cybersecurity News

  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications (Friday May 16, 2025)
    Modern apps move fast—faster than most security teams can keep up. As businesses rush to build in the cloud, security often lags behind. Teams scan code in isolation, react late to cloud threats, and monitor SOC alerts only after damage is done. Attackers don’t wait. They exploit vulnerabilities within hours. Yet most organizations take days to respond to critical cloud alerts. That delay isn’t (HackerNews)
  • Breachforums Boss to Pay $700k in Healthcare Breach (Thursday May 15, 2025)
    In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. "Pompompurin," is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM). (KrebsOnSecurity)
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit (Thursday May 15, 2025)
    Austrian privacy non-profit noyb (none of your business) has sent Meta's Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users' data for training its artificial intelligence (AI) models without an explicit opt-in. The move comes weeks after the social media behemoth announced its plans to train its AI models (HackerNews)
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails (Thursday May 15, 2025)
    Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. "Criminals targeted our customer support agents overseas," the company said in a statement. "They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly (HackerNews)
  • Pen Testing for Compliance Only? It's Time to Change Your Approach (Thursday May 15, 2025)
    Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected. This situation isn't theoretical: it (HackerNews)
  • New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy (Thursday May 15, 2025)
    Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. "Insufficient policy enforcement in Loader in Google (HackerNews)
  • 5 BCDR Essentials for Effective Ransomware Defense (Thursday May 15, 2025)
    Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently disclosed how threat actors misused its Quick Assist remote assistance tool to deploy the destructive (HackerNews)
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers (Thursday May 15, 2025)
    A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET. The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It has (HackerNews)
  • Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper (Thursday May 15, 2025)
    Cybersecurity researchers have discovered a malicious package named "os-info-checker-es6" that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. "This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final (HackerNews)
  • Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit (Wednesday May 14, 2025)
    Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw. "Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to (HackerNews)
  • BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan (Wednesday May 14, 2025)
    At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver tracked as CVE-2025-31324, indicating that multiple threat actors are taking advantage of the bug. Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and (HackerNews)
  • Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering (Wednesday May 14, 2025)
    A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee. According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering (HackerNews)
  • CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users (Wednesday May 14, 2025)
    A new global phishing threat called "Meta Mirage" has been uncovered, targeting businesses using Meta's Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages. Cybersecurity researchers at CTM360 revealed that attackers behind Meta Mirage impersonate official Meta communications, tricking users into handing (HackerNews)
  • Patch Tuesday, May 2025 Edition (Wednesday May 14, 2025)
    Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available. (KrebsOnSecurity)
  • Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns (Wednesday May 14, 2025)
    A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers, while (HackerNews)
  • Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team (Wednesday May 14, 2025)
    Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with the exploitation of vulnerabilities as an initial access step growing by 34%.  As attacks rise (HackerNews)
  • Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails (Wednesday May 14, 2025)
    Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina. The campaign is "using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email (HackerNews)
  • Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server (Wednesday May 14, 2025)
    Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them (HackerNews)
  • Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems (Wednesday May 14, 2025)
    Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. "A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to (HackerNews)
  • Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks (Wednesday May 14, 2025)
    Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below - CVE-2025-4427 (CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials (HackerNews)
  • China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide (Tuesday May 13, 2025)
    A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. "Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda Büyükkaya said in an analysis published today. Targets of the campaign (HackerNews)
  • Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads (Tuesday May 13, 2025)
    Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first (HackerNews)
  • Deepfake Defense in the Age of AI (Tuesday May 13, 2025)
    The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale.  Let’s review the status of these rising attacks, what’s fueling them, and how to actually prevent, not detect, them.  The Most Powerful Person on the (HackerNews)
  • North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress (Tuesday May 13, 2025)
    The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the "trajectory of the Russian invasion." "The group's interest in Ukraine follows historical targeting (HackerNews)
  • Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency (Tuesday May 13, 2025)
    Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. "He is wanted internationally for committing several cybercrimes (ransomware attacks, blackmail, and money laundering) against companies based in the Netherlands," officials said in a statement Monday. In conjunction with the (HackerNews)
  • Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers (Tuesday May 13, 2025)
    A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the Microsoft Threat Intelligence team said. "The targets of the attack are associated with the Kurdish (HackerNews)
  • ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files (Monday May 12, 2025)
    ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that's designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a (HackerNews)
  • ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (Monday May 12, 2025)
    What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks—because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It's not just clever—it’s (HackerNews)
  • The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That (Monday May 12, 2025)
    Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian's State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack (HackerNews)
  • Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures (Monday May 12, 2025)
    Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. "Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns," (HackerNews)
  • Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection (Saturday May 10, 2025)
    Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users' personal location and maintaining their facial recognition data without consent. The $1.375 billion payment dwarfs the fines the tech giant has paid to settle similar lawsuits brought by other U.S. states. In November 2022, it paid $391 million to a group of 40 (HackerNews)
  • Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data (Saturday May 10, 2025)
    Germany's Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and shutdown linked to the eXch cryptocurrency exchange over allegations of money laundering and operating a criminal trading platform. The operation was carried out on April 30, 2025, authorities said, adding they also confiscated 8 terabytes worth of data and cryptocurrency assets (HackerNews)
  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation (Friday May 09, 2025)
    A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that's powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors. In conjunction with the domain seizure, Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich (HackerNews)
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities (Friday May 09, 2025)
    The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security Holdings, which detailed the new findings, said the attackers have "actively and continuously" updated the malware, introducing versions v3 and v4 in (HackerNews)
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials (Friday May 09, 2025)
    Cybersecurity researchers are warning of a new campaign that's targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025. "The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox," Cisco Talos (HackerNews)
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business (Friday May 09, 2025)
    AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks — like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI agents, you need to ask: Are they secure? AI agents work with sensitive data and make real-time decisions. If they’re not (HackerNews)
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials (Friday May 09, 2025)
    Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor. "Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's (HackerNews)
  • Beyond Vulnerability Management – Can You CVE What I CVE? (Friday May 09, 2025)
    The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center (VOC) dataset analysis identified 1,337,797 unique findings (security issues) across 68,500 unique customer assets. 32,585 of them were distinct (HackerNews)
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android (Friday May 09, 2025)
    Google on Thursday announced it's rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops. "The on-device approach provides instant insight on risky websites and allows us to offer (HackerNews)
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (Friday May 09, 2025)
    A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw (HackerNews)
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases (Thursday May 08, 2025)
    Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin. "FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io (HackerNews)
  • Security Tools Alone Don't Protect You — Control Effectiveness Does (Thursday May 08, 2025)
    61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of security failure is clearly not a security investment problem. It is a configuration problem. Organizations are beginning to understand that a security control installed or deployed is not (HackerNews)
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root (Thursday May 08, 2025)
    SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution. The vulnerabilities are listed below - CVE-2025-32819 (CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an (HackerNews)
  • Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures (Thursday May 08, 2025)
    Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. "NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks," Trend Micro researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl (HackerNews)
  • MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware (Thursday May 08, 2025)
    The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan. The activity, detected by Trend Micro in March 2025, involved the use of spear-phishing lures to deliver an updated version of a backdoor called ANEL. "The ANEL file from (HackerNews)
  • Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (Thursday May 08, 2025)
    The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. "LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker," the Google Threat (HackerNews)
  • Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT (Thursday May 08, 2025)
    Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. "This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an (HackerNews)
  • Pakistani Firm Shipped Fentanyl Analogs, Scams to US (Wednesday May 07, 2025)
    A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals. (KrebsOnSecurity)
  • Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks (Wednesday May 07, 2025)
    Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation, Polish authorities have arrested four individuals aged between 19 and 22 and the United States has seized nine domains that are associated with the now-defunct platforms. "The suspects are believed to (HackerNews)
  • OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws (Wednesday May 07, 2025)
    A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.  "This is due to the create_wp_connection() function missing a capability check and (HackerNews)
  • SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version (Wednesday May 07, 2025)
    Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is (HackerNews)
  • Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection (Wednesday May 07, 2025)
    Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there's a problem: they stop short of where the most sensitive user activity actually happens—the browser. This isn’t a small omission. It’s a structural (HackerNews)
  • Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization (Wednesday May 07, 2025)
    Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by (HackerNews)
  • xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs (Friday May 02, 2025)
    A employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk's companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned. (KrebsOnSecurity)
  • Alleged ‘Scattered Spider’ Member Extradited to U.S. (Wednesday April 30, 2025)
    A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims. (KrebsOnSecurity)
  • DOGE Worker’s Code Supports NLRB Whistleblower (Wednesday April 23, 2025)
    A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code bundles shows it is remarkably similar to a program published in January 2025 by Marko Elez, a 25-year-old DOGE employee who has worked at a number of Musk's companies. (KrebsOnSecurity)
  • Whistleblower: DOGE Siphoned NLRB Case Data (Tuesday April 22, 2025)
    A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account. (KrebsOnSecurity)
  • Funding Expires for Key Cyber Vulnerability Database (Wednesday April 16, 2025)
    A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program -- which is traditionally funded each year by the Department of Homeland Security -- expires on April 16. (KrebsOnSecurity)
  • Trump Revenge Tour Targets Cyber Leaders, Elections (Tuesday April 15, 2025)
    President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs's employer SentinelOne, comes as CISA is facing huge funding and staffing cuts. (KrebsOnSecurity)
  • China-based SMS Phishing Triad Pivots to Banks (Thursday April 10, 2025)
    China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.