Zero Trust: Strengths and Limitations in the AI Attack Era – Dark Reading
Zero Trust could help organizations fight back against attackers who use artificial intelligence, but new threats will require the architecture to evolve. – Read More
Cyber
‘ShadowLeak’ ChatGPT Attack Allows Hackers to Invisibly Steal Emails – Dark Reading
The loophole allows cyberattackers to exfiltrate company data via OpenAI’s infrastructure, leaving no trace at all on enterprise systems. – Read More
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware – The Hacker News
An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a…
SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers – The Hacker News
A proxy network known as REM Proxy is powered by malware known as SystemBC, offering about 80% of the botnet to its users, according to new findings from the Black…
Plastic People, Plastic Cards: Synthetic Identities Plague Finance & Lending Sector – Dark Reading
Following a pandemic-era respite, financial fraud linked to synthetic identities is rising again, with firms potentially facing $3.3 billion in damages from new accounts. – Read More
Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability – The Hacker News
Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, tracked as CVE-2025-10035,…
17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge – The Hacker News
The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries. “Phishing-as-a-Service (PhaaS) deployments have risen significantly…
Transforming Cyber Frameworks to Take Control of Cyber-Risk – Dark Reading
Frameworks may seem daunting to implement — especially for government IT teams that may not have an abundance of resources and expertise. But beginning implementation is better than never starting.…
Iranian State APT Blitzes Telcos & Satellite Companies – Dark Reading
A Charming Kitten subgroup is performing some of the most bespoke cyberattacks ever witnessed in the wild, to down select high-value targets. – Read More
Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues – Dark Reading
While the cloud vulnerability was fixed prior to disclosure, the researcher who discovered it says it could have led to catastrophic attacks, alarming some in the security community. – Read…
Ransomware-Attacke auf BMW Group? – CSO Online
Die BMW Group wird von einer Ransomware-Bande mit angeblich gestohlenen Daten erpresst. Boryana Manzurova – shutterstock.com Der Automobil- und Motorradhersteller BMW tauchte kürzlich auf der Darknet-Seite der Everest-Gruppe auf. In…
Entra ID vulnerability exposes gaps in cloud identity trust models, experts warn – CSO Online
Security researchers are warning about a max-severity vulnerability in Microsoft Entra ID (formerly Azure Active Directory) that could potentially allow attackers to impersonate any user in any tenant, including Global…
How To Automate Alert Triage With AI Agents and Confluence SOPs Using Tines – The Hacker News
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community – all free…
Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine – The Hacker News
Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak cybersecurity company ESET said it observed the Gamaredon…
HybridPetya ransomware bypasses Windows Secure Boot – CSO Online
Researchers from cybersecurity company ESET have detected a new ransomware called HybridPetya, which is similar to the infamous Petya and NotPetya malware. Like its predecessors, the malware targets the Master…