CISA: Russia’s Fancy Bear Targeting Logistics, IT Firms – Dark Reading
The mission is to gather information that could help Russia in its war against Ukraine. – Read More
May 2025
Blurring Lines Between Scattered Spider and Russian Cybercrime – Dark Reading
The loosely affiliated hacking group has shifted closer to ransomware gangs, raising questions about Scattered Spider’s ties to the Russian cybercrime underground. – Read More
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks – The Hacker News
A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. “UAT-6382 successfully exploited…
Security Threats of Open Source AI Exposed by DeepSeek – Dark Reading
DeepSeek’s risks must be carefully considered, and ultimately mitigated, in order to enjoy the many benefits of generative AI in a manner that is safe and secure for all organizations…
Keeping LLMs on the Rails Poses Design, Engineering Challenges – Dark Reading
Despite adding alignment training, guardrails, and filters, large language models continue to jump their imposed rails and give up secrets, make unfiltered statements, and provide dangerous information. – Read More
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise – The Hacker News
A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD). “The attack exploits the delegated…
Feds and Microsoft crush Lumma Stealer that stole millions of passwords – CSO Online
Microsoft and the US Department of Justice have dismantled one of the world’s largest cybercrime operations, seizing over 2,300 malicious domains and shutting down the Lumma Stealer malware that infected…
Experts Chart Path to Creating Safer Online Spaces for Women – Dark Reading
Gaps in laws, technology, and corporate accountability continue to put women’s safety and privacy online at risk. – Read More
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks – The Hacker News
A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across…
New ETSI standard protects AI systems from evolving cyber threats – NCSC Blog
The NCSC and DSIT work with ETSI to ‘set a benchmark for securing AI’. – Read More
Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program – The Hacker News
It’s not enough to be secure. In today’s legal climate, you need to prove it. Whether you’re protecting a small company or managing compliance across a global enterprise, one thing…
Samlify bug lets attackers bypass single sign-on – CSO Online
A critical vulnerability in the popular samlify library could potentially allow attackers to bypass Single Sign-On (SSO) protections and gain unauthorized access to systems relying on SAML for authentication. Tracked…
Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host – The Hacker News
Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform that could be exploited to take control of susceptible instances. It’s worth…
TikTok lawyer charged with money laundering – Legal Cheek
Akhmed Yakoob boasts over 200k social media followers A solicitor who shot to fame on TikTok has been charged with money laundering offences, the National Crime Agency (NCA) has said.…
Identity Security Has an Automation Problem—And It’s Bigger Than You Think – The Hacker News
For many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders,…