Malaysia’s Prime Minister Anwar Ibrahim confirmed on Tuesday that hackers demanded a US$10 million ransom following a sophisticated cyberattack that disrupted critical systems at Kuala Lumpur International Airport (KLIA) over the weekend. The security breach, which occurred on March 23,…
Category: EN
Weaponized Google Ads Attacking DeepSeek Users to Deliver Malware
Cybercriminals have launched a sophisticated attack campaign leveraging Google’s sponsored search results to target users searching for DeepSeek, the increasingly popular AI platform. The attack uses convincingly crafted fake advertisements that appear at the top of Google search results, mimicking…
Mozilla Releases Urgent Patch for Windows Users Following Recently Exploited Chrome Zero-day
Mozilla has released an emergency security update for its Firefox browser on Windows systems to address a critical vulnerability that could allow attackers to escape browser sandboxes and potentially gain control of affected systems. The patch comes shortly after Google…
New Lucid PhAAS Platform Leveraging RCS & iMessage to Bypass Detections
A sophisticated new phishing platform named Lucid has emerged as a significant cybersecurity threat, targeting 169 entities across 88 countries globally. Developed by Chinese-speaking threat actors, this Phishing-as-a-Service (PhAAS) platform operates through 129 active instances and over 1,000 registered domains.…
New ‘Lucid’ Phishing Platform Abuses iMessage, Android RCS to Slip Past Defenses
A sophisticated cybercrime service known as “Lucid” is exploiting vulnerabilities in Apple’s iMessage and Android’s Rich Communication Services (RCS), allowing cyberthieves to conduct large-scale phishing attacks with alarming success. Operated by Chinese-speaking threat actors, this Phishing-as-a-Service (PhaaS) platform enables scammers…
Cyber Crisis Management Plan: Shield for Brand Reputation
Despite advances in security technology, cybersecurity attacks and data breaches are increasingly common as attackers keep discovering new vulnerabilities and infiltration methods. Organizations now understand that a cyberattack or data breach is often inevitable—it’s typically a question of when, not…
State of Cloud Security Report 2025
Key Insights and Strategies for Protecting Cloud Environments Introduction Cloud adoption is continuing to transform the IT infrastructure and security landscapes by delivering unmatched scalability and flexibility. Multi-cloud strategies further enhance these advantages but introduce unique challenges, prompting organizations to…
PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps
An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. “PJobRAT can steal SMS messages, phone contacts, device and app information,…
Meta AI Expands to 41 European Countries in New Rollout
Meta AI has announced its rollout across 41 European countries. This development marks a critical step in the company’s mission to make its intelligent and conversational AI assistant accessible to a wider audience. Since its launch in the U.S. in…
The rise of identity and access management: How IAM evolved to being the new perimeter of cybersecurity
The story of Identity and Access Management (IAM) could be made into a movie with all the drama. The industry and its players have gone from behind-the-scenes underdogs to starring roles. IAM, once just a part of IT, is now…
Thousands of Driver’s Licenses, Bank Records, and PII Exposed in Australian Fintech Data Leak
Cybersecurity analyst Jeremiah Fowler has discovered an unprotected Amazon S3 database that wasn’t encrypted or password protected and contained some 27,000 records. The records included highly personal information such as driver’s licenses, Medicaid cards, work statements, and bank statements that…
Cloudflare Introduces OpenPubkey SSH with Single Sign-On Integration
Cloudflare has contributed to the open-sourcing of OPKSSH, a tool that integrates single sign-on (SSO) technologies like OpenID Connect (OIDC) into SSH protocols. This integration simplifies SSH access by leveraging OpenPubkey, which embeds public keys into the SSO tokens issued…
The EU AI Act: A Critical Overview of a Necessary Act?
The EU AI Act represents a crucial step towards responsible AI development, deployment, and use of AI in the European Union. However, Lamprini Gyftokosta, Director of Artificial Intelligence and Human Rights at Homo Digitalis, raises serious questions about its effectiveness…
WoW! A Ransomware Gang Just Took Over One of America’s Largest ISPs
A new ransomware gang, Arkana Security, is claiming responsibility for an enormous breach at WideOpenWest (WoW), one of the largest cable operators and ISPs in the US. The malicious actors boasted they had full backend control and even put a…
JavaScript injection campaign, solar power vulnerabilities, SIM swap lawsuit
150,000 sites compromised by JavaScript injection Vulnerabilities in numerous solar power systems found T-Mobile pays $33 million in SIM swap lawsuit Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity…
AppSOC Research Labs Delivers Damning Verdict on DeepSeek-R1
Silicon Valley security provider AppSOC has branded DeepSeek-R1, one of the latest highly advanced artificial intelligence (AI) models to emerge from China, a “high-risk model unsuitable for enterprise use.” They strongly recommend that enterprises not use the DeepSeek-R1 model provided on…
After Chrome patches zero-day used to target Russians, Firefox splats similar bug
Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target…
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been…
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. “Some of these packages have lived on npmjs.com for over 9 years, and provide…
Government Officials’ Data Leaks: Cyber Security Today for Friday, March 18, 2025
Exposing Security Flaws: Government Officials’ Data Leaks, Defense Contractor Fines, and Cyber Crime Involvement In this episode of Cybersecurity Today, host Jim Love highlights significant cybersecurity breaches affecting US security officials, a government defense contractor, and a Department of Government…