Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by…
Category: EN
Business Continuity in a Digital World – CISO Perspectives
In today’s interconnected business environment, digital disruptions can quickly escalate from minor technical incidents to major organizational crises. The role of Chief Information Security Officers (CISOs) has become increasingly central to business continuity planning, as organizations face sophisticated cyber threats,…
Akira Ransomware Using Compromised Credentials and Public Tools in New Wave of Cyberattacks
The cybersecurity landscape faces a mounting threat as the Akira ransomware group intensifies operations, marking a significant evolution since its emergence in March 2023. This sophisticated threat actor specializes in leveraging compromised credentials to access vulnerable VPN services lacking multi-factor…
Cybersecurity Metrics That Matter for Board-Level Reporting
In today’s digital-first business environment, cyber threats are not just an IT problem they’re a core business risk. Board members are increasingly expected to oversee cybersecurity strategy, but they often lack the technical background to interpret traditional security reports. This…
Protecting Against Insider Threats – Strategies for CISOs
In the modern enterprise, cybersecurity is no longer just a technical concern it is a boardroom priority. The frequency and impact of cyber incidents have escalated, placing organizational resilience, regulatory compliance, and business reputation at risk. Board members, however, often…
New Phishing Attack Appending Weaponized HTML Files Inside SVG Files
Cybersecurity experts have identified a sophisticated new phishing technique that exploits the SVG (Scalable Vector Graphics) file format to deliver malicious HTML content to unsuspecting victims. This emerging threat, first observed at the beginning of 2025, represents a notable evolution…
This ChatGPT trick can reveal where your photo was taken – and it’s unsettling
ChatGPT can ‘read’ your photos for location clues – even without embedded GPS or EXIF data. Here’s why that could be a problem. This article has been indexed from Latest stories for ZDNET in Security Read the original article: This…
50,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in Greenshift WordPress Plugin
On April 14th, 2025, we received a submission for an Arbitrary File Upload vulnerability in Greenshift, a WordPress plugin with more than 50,000 active installations. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to upload…
New Rust Botnet “RustoBot” is Routed via Routers
FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Learn more about this malware targeting these devices. This article has been indexed from Fortinet Threat Research Blog Read the original article: New Rust Botnet “RustoBot” is Routed…
North Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature
North Korean cryptocurrency thieves abusing Zoom Remote collaboration feature to target cryptocurrency traders with malware. The post North Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative
The Microsoft Secure Future Initiative (SFI) stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft. Now, we are sharing the second SFI progress report, which highlights progress made in our multi-year…
SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to…
Ransomware Attacks on Financial Institutions: A Rising Threat with Multi-Layered Consequences
In 2024, financial institutions around the globe suffered an average loss of $6.08 million due to ransomware attacks. This marked a 10% increase compared to the previous year, signaling a disturbing trend of rising cybercrime targeting the financial sector. The…
Native Language Phishing Spreads ResolverRAT to Healthcare
Morphisec discovers a new malware threat ResolverRAT, that combines advanced methods for running code directly in computer memory,… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Native Language…
Security Awareness Metrics That Matter to the CISO
In today’s rapidly evolving threat landscape, Chief Information Security Officers (CISOs) are tasked with more than just deploying the latest security technologies; they must also foster a culture of security awareness across their organizations. While technical controls are essential, the…
Cyber Hygiene Best Practices for Modern Enterprises
Cyber hygiene refers to the routine practices and fundamental security measures organizations implement to maintain system health and improve security posture. In today’s rapidly evolving digital landscape, the attack surface for cyber threats expands continuously, making robust cyber hygiene essential…
Cloud Security Challenges Every CISO Must Address in Hybrid Environments
Hybrid cloud environments, which blend on-premises infrastructure with public and private cloud services, have become the backbone of modern enterprises. While they offer flexibility and scalability, they introduce complex security challenges that demand strategic oversight. Chief Information Security Officers (CISOs)…
What is a brute-force attack?
A brute-force attack is a trial-and-error hacking method cybercriminals use to decode login information and encryption keys to gain unauthorized access to systems. This article has been indexed from Search Security Resources and Information from TechTarget Read the original article:…
Upwind Adds Ability to Detect API Threats to Cloud Security Platform
Upwind has added an ability to detect threats to application programming interfaces (APIs) in real time to its cloud application detection and response (CADR) platform, based on machine learning algorithms. The post Upwind Adds Ability to Detect API Threats to…
Black Basta: Exposing the Ransomware Outfit Through Leaked Chat Logs
The cybersecurity sector experienced an extraordinary breach in February 2025 that revealed the inner workings of the well-known ransomware gang Black Basta. Trustwave SpiderLabs researchers have now taken an in-depth look at the disclosed contents, which explain how the…