France says the Russian state-sponsored group APT28 is responsible for targeting or compromising a dozen French entities. The post France Blames Russia for Cyberattacks on Dozen Entities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Category: EN
RansomHub Went Dark April 1; Affiliates Fled to Qilin, DragonForce Claimed Control
Cybersecurity researchers have revealed that RansomHub’s online infrastructure has “inexplicably” gone offline as of April 1, 2025, prompting concerns among affiliates of the ransomware-as-a-service (RaaS) operation. Singaporean cybersecurity company Group-IB said that this may have caused affiliates to migrate to…
Anthropic Report Reveals Growing Risks from Misuse of Generative AI Misuse
A recent threat report from Anthropic, titled “Detecting and Countering Malicious Uses of Claude: March 2025,” published on April 24, has shed light on the escalating misuse of generative AI models by threat actors. The report meticulously documents four distinct…
Ghost in the shell script: Boffins reckon they can catch bugs before programs run
Go ahead, please do Bash static analysis Shell scripting may finally get a proper bug-checker. A group of academics has proposed static analysis techniques aimed at improving the correctness and reliability of Unix shell programs.… This article has been indexed…
Frontegg releases identity management platform for AI agent builders
Frontegg launched Frontegg.ai, an identity management platform purpose-built for developers building AI agents. As AI agents move beyond experiments to becoming critical internal and market-facing enterprise products, secure, scalable identity infrastructure becomes essential to achieve market-readiness. While standards like Anthropic’s…
Legit leverages AI in ASPM platform to find, fix, and prevent vulnerabilities
Legit Security has unveiled new functionalities that leverage AI to help security teams more quickly shore up gaps in their AppSec programs. Specifically, Legit now leverages AI to drive advanced discovery for code-to-cloud correlation, increased precision in issues prioritization and…
JPMorgan CISO Urges SaaS Security Reset
JPMorgan’s CISO has argued that SaaS apps represent a growing risk to businesses, “quietly enabling cyber attackers” This article has been indexed from www.infosecurity-magazine.com Read the original article: JPMorgan CISO Urges SaaS Security Reset
Earth Kasha Updates TTPs in Latest Campaign Targeting Taiwan and Japan
This blog discusses the latest modifications observed in Earth Kasha’s TTPs from their latest campaign detected in March 2025 targeting Taiwan and Japan. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: Earth…
Link11 brings three brands together on one platform with new branding
Frankfurt am Main, Germany, 30th April 2025, CyberNewsWire The post Link11 brings three brands together on one platform with new branding first appeared on Cybersecurity Insiders. The post Link11 brings three brands together on one platform with new branding appeared…
AWS Defaults Open Stealthy Attack Paths Enabling Privilege Escalation and Account Compromise
A recent investigation by security researchers has exposed critical vulnerabilities in the default IAM roles of several Amazon Web Services (AWS) offerings, including SageMaker, Glue, and EMR, as well as open-source projects like Ray. These roles, often automatically created or…
Researchers Exploit OAuth Misconfigurations to Gain Unrestricted Access to Sensitive Data
A security researcher has uncovered a serious vulnerability resulting from incorrectly configured OAuth2 credentials in a startling discovery from a recent YesWeHack bug reward engagement. This discovery, made during an in-depth analysis of a target’s web application, highlights the severe…
Enhancing Security and Compliance With AI-Powered Monitoring in Billing Systems
AI-powered monitoring provides a proactive, intelligent and scalable way to secure modern billing systems, especially for any company leveraging a billing platform for subscription pricing model. The post Enhancing Security and Compliance With AI-Powered Monitoring in Billing Systems appeared first…
HPE strengthens hybrid cloud and connectivity with Aruba Networking and GreenLake security upgrades
Hewlett Packard Enterprise has announced expansions of HPE Aruba Networking and HPE GreenLake cloud to help enterprises modernize secure connectivity and hybrid cloud operations by blending multi-layered and zero trust approaches to protect against threats. These new expansions include: New…
BigID AI Data Lineage delivers transparency and control for AI
BigID launched AI Data Lineage, a new solution that provides organizations with visibility into how AI models access, process, and utilize data. As organizations increasingly integrate AI into their workflows, understanding the data lineage of AI interactions is critical for…
France Slams Russia’s APT28 for Four-Year Cyber-Espionage Campaign
The French government has criticized Russia’s APT28 group for attacking 12 entities in a long-running espionage campaign This article has been indexed from www.infosecurity-magazine.com Read the original article: France Slams Russia’s APT28 for Four-Year Cyber-Espionage Campaign
China-Linked Hackers Targeting Organizational Infrastructure and High-Value Clients
A leading U.S.-based cybersecurity firm, sophisticated cyber-espionage campaigns attributed to Chinese state-sponsored actors have come to light. Tracked as the PurpleHaze activity cluster, these adversaries have targeted SentinelOne’s infrastructure alongside high-value organizations associated with its business ecosystem. Uncovering the PurpleHaze…
CISA Warns SAP 0-day Vulnerability Exploited in the Wild
CISA has added a critical SAP NetWeaver vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on April 29, 2025. The zero-day flaw, tracked as CVE-2025-31324, carries a maximum CVSS score of 10.0 and has been actively exploited in the wild…
WhatsApp Introduces AI Tools With Promise of Full Message Secrecy
WhatsApp, the world’s largest messaging platform, has announced a major leap in privacy-preserving artificial intelligence (AI) with the introduction of its new “Private Processing” system. This technology enables users to access advanced AI features-such as message summarization and writing suggestions-while…
Hackers Leveraging GetShared to Deploy Malware Bypassing Defenses
Cybercriminals have discovered a new attack vector utilizing the legitimate file-sharing service GetShared to distribute malware and conduct phishing campaigns. This emerging threat allows attackers to circumvent traditional email security measures by exploiting the trusted status of notifications from recognized…
Cloud doesn’t mean secure: How Intruder finds what others miss
A cloud security platform that manages the attack surface and security vulnerabilities in AWS Sponsored post You’d be naïve to believe that the cloud is secure by default, and while most hosting services provide basic defenses, it’s not always clear…