CrowdStrike is launching Charlotte AI Detection Triage, saving SOC teams over 40 hours a week and delivering over 98% accuracy. This article has been indexed from Security News | VentureBeat Read the original article: CrowdStrike just killed 40 hours of…
Sarcoma ransomware gang claims the theft of sensitive data from PCB maker Unimicron
The Sarcoma ransomware group announced a breach of the Taiwanese printed circuit board (PCB) manufacturing giant Unimicron. The Sarcoma ransomware group claims to have breached Taiwanese PCB manufacturer Unimicron, leaked sample files, and threatened a full data release if no…
Doxbin (TOoDA) – 136,461 breached accounts
In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly. Included in the breach were 336k unique email addresses alongside usernames. The data was provided to HIBP by a source…
IT Security News Hourly Summary 2025-02-13 09h : 6 posts
6 posts were published in the last hour 7:32 : Sekoia.io achieves ISO 27001 compliance 7:32 : Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications 7:32 : Mysterious Palo Alto firewall reboots? You’re not alone 7:14 : heise-Angebot: iX-Workshop:…
Sekoia.io achieves ISO 27001 compliance
This article is also available in French here. Today, we are pleased to celebrate a major achievement for Sekoia.io with the attainment of the ISO/IEC 27001:2022 certification. In this blog post, we’ll explain the journey to this high-end certification. What…
Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications
Hackers have been leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Pyramid, first released on GitHub in 2023, is a Python-based post-exploitation framework designed to evade endpoint detection and response (EDR) tools. Its lightweight HTTP/S server…
Mysterious Palo Alto firewall reboots? You’re not alone
Limited-edition hotfix to get wider release before end of month Administrators of Palo Alto Networks’ firewalls have complained the equipment falls over unexpectedly, and while a fix has bee prepared, it’s not yet generally available.… This article has been indexed…
heise-Angebot: iX-Workshop: AWS-Sicherheit – Angriffe erkennen und abwehren
Erfahren Sie, wie Angreifer Fehlkonfigurationen und mangelnde Härtung der Amazon Cloud ausnutzen und wie Sie AWS-Dienste und Cloud-Identitäten dagegen schützen. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: heise-Angebot: iX-Workshop: AWS-Sicherheit – Angriffe erkennen und abwehren
How CIOs can lead the charge on AI, data, and business innovation
The growing momentum behind business innovation, particularly in the realm of AI and data, is increasingly driving how businesses operate, invest, and deliver value. Whilst this may not appear different from previous years, the proliferation of new technologies and tools…
BadPilot Attacking Network Devices To Expand Russian Seashell Blizzard’s Attacks
Microsoft Threat Intelligence has exposed a subgroup within the Russian state actor Seashell Blizzard, known as the “BadPilot campaign.” This subgroup has been conducting a multiyear operation to compromise Internet-facing infrastructure globally, expanding Seashell Blizzard’s reach beyond Eastern Europe. The…
Critical Chrome Flaw Allows Attackers to Remotely Execute Code
Google has released an urgent update for its Chrome browser to address a critical security vulnerability that could allow attackers to remotely execute malicious code on vulnerable systems. The flaw, identified as CVE-2025-0995, is categorized as a “Use-After-Free” vulnerability in…
Russia-Linked Seashell Blizzard Intensifies Cyber Operations Against Critical Sectors
The Russia-linked threat actor known as Seashell Blizzard has assigned one of its subgroups to gain initial access to internet-facing infrastructure and establish long-term persistence within targeted entity, a Microsoft report has revealed. Also dubbed APT44, BlackEnergy Lite, Sandworm, Telebots,…
Global IoT Data Leak Exposes 2.7 Billion Records and Wi-Fi Passwords Worldwide
A massive security lapse has exposed over 2.7 billion records, including sensitive Wi-Fi credentials, device information, and user details, raising global concerns over IoT (Internet of Things) security. Cybersecurity researcher Jeremiah Fowler uncovered this unprotected database, linked to Mars Hydro,…
CISA, FBI Warn of Threats Exploiting Buffer Overflow Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a new Secure by Design Alert warning about the risks posed by buffer overflow vulnerabilities in software. The alert, titled “Eliminating Buffer Overflow Vulnerabilities,”…
Palo Alto PAN-OS Zero-Day Flaw Allows Attackers to Bypass Web Interface Authentication
Palo Alto Networks has disclosed a zero-day vulnerability in its PAN-OS software (CVE-2025-0108), allowing attackers to bypass authentication on the management web interface. With a CVSS score of 7.8 (HIGH), the flaw has been flagged as a significant security issue…
China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers
Despite high-profile attention and even US sanctions, the group hasn’t stopped or even slowed its operation, including the breach of two more US telecoms. This article has been indexed from Security Latest Read the original article: China’s Salt Typhoon Spies…
CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack
CrowdStrike has disclosed a high-severity vulnerability in its Falcon Sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability, identified as CVE-2025-1146, originates from a validation logic error in the Transport Layer Security (TLS) connection routine. This…
Have I Been Pwned likely to ban resellers from buying subs, citing ‘sh*tty behavior’ and onerous support requests
‘What are customers actually getting from resellers other than massive price markups?’ asks Troy Hunt Troy Hunt, proprietor of data breach lookup site Have I Been Pwned, is likely to ban resellers from the service.… This article has been indexed…
Italian Government Denies It Spied on Journalists and Migrant Activists Using Paragon Spyware
The Italian government denied it hacked seven cellphones with military-grade surveillance technology from Paragon Solutions. The post Italian Government Denies It Spied on Journalists and Migrant Activists Using Paragon Spyware appeared first on SecurityWeek. This article has been indexed from…
Lines Between Nation-State and Cybercrime Groups Disappearing: Google
Threat researchers with Google are saying that the lines between nation-state actors and cybercrime groups are blurring, noting that gangs backed by China, Russia, and others are using financially motivated hackers and their tools while attacks by cybercriminals should be…
Over 3 million Fortune 500 employee accounts compromised since 2022
More than three million employee-linked corporate accounts were compromised between 2022 and 2024 across Fortune 500 companies, according to Enzoic. This surge is fueled by the widespread use of corporate email addresses for personal accounts and the growing threat of…
The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance
The United Kingdom government has secretly requested that Apple build a backdoor into its iCloud service, granting the government unrestricted access to users’ private data. This revelation deeply concerns me – it is a blatant overreach that threatens privacy, security…
Have I Been Pwned likely to ban resellers from buying subs, citing ‘shitty behavior’ and onerous support requests
‘What are customers actually getting from resellers other than massive price markups?’ asks Troy Hunt Troy Hunt, proprietor of data breach lookup site Have I Been Pwned, is likely to ban resellers from the service.… This article has been indexed…
IT Security News Hourly Summary 2025-02-13 06h : 4 posts
4 posts were published in the last hour 4:32 : Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords 4:32 : DEF CON 32 – ICS 101 4:32 : Making sense of database complexity 4:32 : CISOs and…