Cary, NC, Apr. 11, 2025, CyberNewswire — Defense contractors are facing increased pressure to meet the Department of Defense’s stringent Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements ahead of 2025 compliance deadlines. INE Security, a leading global provider … (more…)…
IT Security News Hourly Summary 2025-04-11 21h : 12 posts
12 posts were published in the last hour 19:4 : Cybersecurity Community Must Not Remain Silent On Executive Order Attacking Former CISA Director 18:32 : Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing 18:32 : Tycoon 2FA…
Florida’s New Social Media Bill Says the Quiet Part Out Loud and Demands an Encryption Backdoor
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> At least Florida’s SB 868/HB 763, “Social Media Use By Minors” bill isn’t beating around the bush when it states that it would require “social media platforms…
Cybersecurity Community Must Not Remain Silent On Executive Order Attacking Former CISA Director
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> Cybersecurity professionals and the infosec community have essential roles to play in protecting our democracy, securing our elections, and building, testing, and safeguarding government infrastructure. It is…
Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing
Russian APT group Storm-2372 employs device code phishing to bypass Multi-Factor Authentication (MFA). Targets include government, technology, finance,… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Russia’s Storm-2372…
Tycoon 2FA Phishing Kit Uses Advanced Evasion Techniques to Bypass Endpoint Detection Systems
The notorious Tycoon 2FA phishing kit continues its evolution with new strategies designed to slip past endpoint detection systems. This development was highlighted in a recent analysis, showcasing several sophisticated techniques aimed at thwarting detection and analysis. Obfuscation with Invisible…
Threat Actors Exploit Legitimate Crypto Packages to Deliver Malicious Code
Threat actors are using open-source software (OSS) repositories to install malicious code into trusted applications, particularly targeting cryptocurrency software. The ReversingLabs (RL) research team has identified a pattern where attackers upload seemingly legitimate packages to repositories like npm, which then…
Hackers Exploit Router Flaws in Ongoing Attacks on Enterprise Networks
Enterprises are facing heightened cyber threats as attackers increasingly target network infrastructure, particularly routers, following a trend noted in Forescout Research Vedere Labs’ 2025 report on the riskiest connected devices. The Forescout report reveals a significant shift in the cybersecurity…
Threat Actors Launch Active Attacks on Semiconductor Firms Using Zero-Day Exploits
Semiconductor companies, pivotal in the tech industry for their role in producing components integral to everything from consumer electronics to critical defense systems, are under siege from sophisticated cyber threats. These firms design, manufacture, and sell semiconductors, crucial elements with…
Threat Actors Leverage Email Bombing to Evade Security Tools and Conceal Malicious Activity
Threat actors are increasingly using email bombing to bypass security protocols and facilitate further malicious endeavors. Email bombing, known also as a “spam bomb,” involves flooding a target’s email inbox with a massive volume of emails, overwhelming the recipient and…
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and…
Beware of Fake mParivahan App Attacking Mobile Users Via WhatsApp to Steal Sensitive Data
Cybercriminals have launched a sophisticated malware campaign targeting Android users through fake traffic violation messages on WhatsApp. The malware, disguised as “NextGen mParivahan,” mimics the official government application developed by the Ministry of Road Transport & Highways, which provides digital…
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle
The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices. The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek. This article has been…
Microsoft Moves Forward With Controversial Recall Feature
Microsoft a year ago was about to launch Recall, a Windows feature for Copilot+ PCs that takes regular screenshots of users’ systems and stores them so they can be searched for later. Privacy and security concerns forced the company to…
Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices
A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected read-only access to them after the original access vector was locked down, Fortinet…
BentoML Vulnerability Allows Remote Code Execution on AI Servers
TL;DR: A critical deserialization vulnerability (CVSS 9.8 – CVE-2025-27520) in BentoML (v1.3.8–1.4.2) lets attackers execute remote code without… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: BentoML Vulnerability…
APT32 Hackers Weaponizing GitHub to Attack Cybersecurity Professionals & Enterprises
The APT32 (OceanLotus) has launched a novel campaign weaponizing GitHub repositories to distribute malware to cybersecurity researchers and enterprises. This operation represents a strategic shift from the group’s historical focus on Southeast Asian government and corporate targets, instead exploiting the…
Overcoming The Skills Shortage in Cybersecurity Through A ‘Trusted’ Approach.
The scale of cyberattacks seen today is both unprecedented and harrowing. Crucial sectors including healthcare, finance, and education have found themselves increasingly under attack, with hackers leaving behind a trail… The post Overcoming The Skills Shortage in Cybersecurity Through A…
Can AI Be Your Trusted Partner in Securing Your Extended Business Ecosystem?
In today’s interconnected business world, organizations rely on a vast web of third-party vendors, suppliers, and partners. While these relationships are essential for growth and innovation, they also introduce significant… The post Can AI Be Your Trusted Partner in Securing…
The Role of AI In Cybersecurity: Enhancing Defense And Adapting To Threats
The cybersecurity landscape today feels like a constant game of cat and mouse. Every time we think we’ve outpaced the attackers; they find new ways to exploit vulnerabilities. Enter artificial… The post The Role of AI In Cybersecurity: Enhancing Defense…
Securing The AI Frontier: Addressing Emerging Threats In AI-Powered Software Development
AI in software development is no longer a glimpse into the future – it’s here, woven into daily workflows and it’s accelerating at a breakneck pace. According to PwC’s AI Predictions… The post Securing The AI Frontier: Addressing Emerging Threats In…
Smart Meter Security: Best Practices and Emerging Regulations
Smart meters are essential to smart grids, empowering utilities and smart grid managers to provide consumers and energy providers with real-time energy consumption data, transparent billing, and demand side management…. The post Smart Meter Security: Best Practices and Emerging Regulations…
IT Security News Hourly Summary 2025-04-11 18h : 8 posts
8 posts were published in the last hour 15:32 : Laboratory Services Cooperative Data Breach – 1.6 Million People Impacted 15:32 : CISA Releases 10 ICS Advisories Covering Vulnerabilities & Exploits 15:32 : The Rise of Cyber Warfare and Its…
BSidesLV24 – Breaking Ground – Redis Or Not: Argo CD & GitOps From An Attacker’s Perspective
Authors/Presenters: Oreen Livni Shein, Elad Pticha Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink…