As the cyber threat landscape evolves and the digital landscape changes, regulatory frameworks continue to emerge, aiming to bolster the security posture of organisations, particularly in the financial sector. One such regulation is the Digital Operational Resilience Act (DORA), effective…
Category: EN
Cisco Alerts Users to Critical ISE Vulnerability Exposing Sensitive Data
Cisco has issued a critical security advisory (Advisory ID: cisco-sa-ise-aws-static-cred-FPMjUcm7) for its Identity Services Engine (ISE) when deployed on major cloud platforms—Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). The vulnerability, tracked as CVE-2025-20286 and classified under…
#Infosec2025: Securing Endpoints is Still Vital Amid Changing Threats
Endpoint and network security is still essential, even as malicious actors turn to supply chains, identities and AI This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Securing Endpoints is Still Vital Amid Changing Threats
U.S. Authorities Shut Down Major Dark Web Marketplace with 117,000 Users
In a blow to the cybercrime underworld, the U.S. Attorney’s Office for the Eastern District of Virginia announced the seizure of approximately 145 domains, spanning both darknet and traditional internet spaces, associated with the notorious BidenCash marketplace. This coordinated operation,…
Authorities Seized 145 Dark Web Marketplace Having 117,000 Registered Customers
Federal authorities have successfully dismantled BidenCash, one of the largest criminal marketplaces operating on both the dark web and the traditional internet. In a coordinated law enforcement operation, approximately 145 domains associated with the platform were seized. The BidenCash marketplace…
Outlook Users Targeted by New HTML-Based Phishing Scheme
A recent phishing campaign has revealed a sophisticated technique that exploits Microsoft Outlook’s unique handling of HTML emails to conceal malicious links from corporate users. The attack, initially appearing as a standard phishing attempt impersonating a Czech bank, leverages conditional…
Russian bomber maker popped, vishing targets Salesforce, MS helps out governments
Ukraine claims cyberattack on Russian bomber maker Vishing campaign targets Salesforce Microsoft lends a hand to European governments Huge thanks to our sponsor, Conveyor Ever wish you had a teammate that could handle the most annoying parts of customer security…
Be Careful With Fake Zoom Client Downloads, (Thu, Jun 5th)
Collaborative tools are really popular these days. Since the COVID-19 pandemic, many people switched to remote work positions and we need to collaborate with our colleagues or customers every day. Tools like Microsoft Teams, Zoom, WebEx, (name your best solution),…
ColoCrossing – 7,183 breached accounts
In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were…
AI kept 15-year-old zombie vuln alive, but its time is drawing near
Researchers have come up with a fix for a path traversal bug first spotted in 2010 A security bug that surfaced fifteen years ago in a public post on GitHub has survived developers’ attempts on its life.… This article has…
Vodafone Germany Fined $51 Million Over Privacy, Security Failures
Germany fined Vodafone $51 million for failing to protect user data from partners and unauthorized third-parties. The post Vodafone Germany Fined $51 Million Over Privacy, Security Failures appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Addressing API Security with NIST SP 800-228
According to the Wallarm Q1 2025 ThreatStats report, 70% of all application attacks target APIs. The industry can no longer treat API security as a sidenote; it’s time to treat it as the main event. NIST seems to be on…
35,000 Solar Power Systems Exposed To Internet Are Vulnerable To Cyberattacks
A comprehensive cybersecurity investigation has revealed alarming vulnerabilities in the rapidly expanding solar energy infrastructure, with nearly 35,000 solar power devices found exposed to internet-based attacks across 42 vendors worldwide. The discovery underscores growing security concerns as renewable energy systems…
Meta open-sources AI tool to automatically classify sensitive documents
Meta has released an open source AI tool called Automated Sensitive Document Classification. It was originally built for internal use and is designed to find sensitive information in documents and apply security labels automatically. The tool uses customizable classification rules…
FortiMail Workspace Security expands protection beyond email to web and collaboration tools
Fortinet has enhanced its data and productivity security portfolio, expanding FortiMail with the launch of the FortiMail Workspace Security suite. These new capabilities extend protection not only to email but also to browser and collaboration security. These advancements, combined with new…
Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems. The security defect, tracked as CVE-2025-20286, carries…
Law enforcement seized the carding marketplace BidenCash
U.S. and Dutch authorities took down 145 domains tied to the BidenCash cybercrime marketplace in a coordinated law enforcement operation. The US DoJ announced the seizure of approximately 145 darknet and clear web domains, and cryptocurrency funds associated with the…
The cloud security crisis no one’s talking about
Security teams are overwhelmed by a flood of alerts, most of which lack the context needed to accurately assess and espond to threats, according to ARMO. Respondents report receiving an average of 4,080 security alerts per month – or 136…
APT37 Hackers Mimic Academic Forum Invites To Deliver Malicious LNK Files Via Dropbox Platform
The North Korea-linked APT37 threat group has launched a sophisticated spear phishing campaign targeting South Korean activists and researchers focused on North Korean affairs, employing deceptive academic forum invitations to distribute malicious shortcut files through cloud-based infrastructure. The campaign, which…
China accuses Taiwan of running five feeble APT gangs, with US help
The authors who claimed America hacked itself to discredit Beijing are back with another report Beijing complains it’s under relentless attack by the equivalent of an ant trying to shake a tree China’s National Computer Virus Emergency Response Center on…