Russia Pivots, Cracks Down on Resident Hackers – Dark Reading
Thanks to improving cybersecurity and law enforcement action from the West, Russia’s government is reevaluating which cybercriminals it wants to give safe haven from the law. – Read More
Cyber
MuddyWater Targets 100+ Gov Entities in MEA with Phoenix Backdoor – Dark Reading
The Iranian threat group is using a compromised mailbox accessed through NordVPN to send phishing emails that prompt recipients to enable macros. – Read More
Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft’s July Patch – The Hacker News
Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched…
Google ‘Careers’ scam lands job seekers in credential traps – CSO Online
Scammers have begun impersonating outreach from Google’s “Careers” division to trick targets into giving away their credentials. According to a Sublime Security finding, the attackers are sending messages that appear…
‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage tools – CSO Online
Russian state-backed hackers are using fake “I am not a robot” CAPTCHA pages to deliver new strains of espionage malware, according to Google Cloud’s Threat Intelligence Group (GTIG), marking a…
Bridging the Remediation Gap: Introducing Pentera Resolve – The Hacker News
From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner,…
Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys – The Hacker News
Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to steal victims’ cryptocurrency wallet…
Ransomware-Attacke auf Nickelhütte Aue – CSO Online
Cyberkriminelle haben die Büro-IT der Nickelhütte Aue lahmgelegt. Andrey_Popov – shutterstock.com Wie die Nickelhütte Aue auf ihrer Webseite mitteilt, haben Cyberkriminelle die Büro-IT angegriffen und Daten verschlüsselt. Infolgedessen komme es…
Verizon: Mobile Blindspot Leads to Needless Data Breaches – Dark Reading
People habitually ignore cybersecurity on their phones. Instead of compensating for that, organizations are falling into the very same trap, even though available security options could cut smishing success and…
Why You Should Swap Passwords for Passphrases – The Hacker News
The advice didn’t change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods.…
4 factors creating bottlenecks for enterprise GenAI adoption – CSO Online
There’s a significant gap between the potential value of AI and the measurable value that enterprises have only recently begun to experience. The launch of ChatGPT in 2022 triggered a…
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware – The Hacker News
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky. The cyber espionage activity…
Salesforce’s glaring Dreamforce omission: Vital security lessons from Salesloft Drift – CSO Online
Salesforce’s 2025 Dreamforce conference last week offered attendees a range of sessions on best practices for securing their Salesforce environments and AI agents, and about what Salesforce itself is doing…
TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution – The Hacker News
Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions.…
CAASM and EASM: Top 12 attack surface discovery and management tools – CSO Online
Cyber asset attack surface management (CAASM) or external attack surface management (EASM) solutions are designed to quantify the attack surface and minimize and harden it. The goal with CAASM tools…