Silicon Valley security provider AppSOC has branded DeepSeek-R1, one of the latest highly advanced artificial intelligence (AI) models to emerge from China, a “high-risk model unsuitable for enterprise use.” They strongly recommend that enterprises not use the DeepSeek-R1 model provided on…
After Chrome patches zero-day used to target Russians, Firefox splats similar bug
Single click on a phishing link in Google browser blew up sandbox on Windows Google pushed out an emergency patch for Chrome on Windows this week to stop attackers exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target…
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been…
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. “Some of these packages have lived on npmjs.com for over 9 years, and provide…
Government Officials’ Data Leaks: Cyber Security Today for Friday, March 18, 2025
Exposing Security Flaws: Government Officials’ Data Leaks, Defense Contractor Fines, and Cyber Crime Involvement In this episode of Cybersecurity Today, host Jim Love highlights significant cybersecurity breaches affecting US security officials, a government defense contractor, and a Department of Government…
Mozilla Releases Urgent Patch for Windows After Chrome Zero-Day Exploit
Mozilla has released an urgent update for Firefox on Windows to address a critical vulnerability. This move comes after a similar exploit was identified in Google Chrome, highlighting the need for swift action to protect users. The latest update affects…
Oracle’s Data Breach Denial Unravels as Leaked Info Checks Out
Despite Oracle’s denial of a breach affecting its Oracle Cloud federated SSO login servers, Bleeping Computer has confirmed with multiple companies that data samples shared by the threat actor are authentic. Recently, a threat actor, “rose87168,” claimed to be selling…
Tor Browser 14.0.8 Released Emergency Update for Windows Users
The Tor Project has issued an emergency update for Windows users on March 27, 2025, releasing Tor Browser 14.0.8 with critical security patches. This Windows-only release addresses “very urgent” security vulnerabilities in Firefox, the browser framework underpinning Tor Browser, and…
Android financial threats: What businesses need to know to protect themselves and their customers
The rise of mobile banking has changed how businesses and customers interact. It brought about increased convenience and efficiency, but has also opened new doors for cybercriminals, particularly on the Android platform, which dominates the global smartphone market. According to…
BlackLock Ransomware gang infrastructure breached and info passed to law enforcement
For the first time, a team of security researchers has successfully infiltrated the network of a ransomware operation, exploiting a vulnerability to gather critical information and pass it on to law enforcement authorities. This unprecedented action has given law enforcement…
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn’t It
For a long time China has been operating in the grey area between cyber espionage and warfare. The US has been struggling to defend its networks from an onslaught of Chinese hackers, but a proposed increase in offensive cyber operations…
Cybersecurity spending set to jump 12.2% in 2025
Global cybersecurity spending is expected to grow by 12.2% in 2025, according to the latest forecast from the IDC Worldwide Security Spending Guide. The rise in cyber threats is pushing organizations to invest more in their defenses. AI tools are…
Kuala Lumpur Airport Hit by Cyberattack, Hackers Demand $10M Ransom
Kuala Lumpur International Airport (KLIA), one of Southeast Asia’s busiest airports, was hit by a major cyberattack over the weekend. The incident, which paralyzed some operations, has raised significant concerns about the airport’s cybersecurity and the safety of travelers. Hackers…
Healthcare’s alarming cybersecurity reality
89% of healthcare organizations have the top 1% of riskiest Internet of Medical Things (IoMT) devices – which contain known exploitable vulnerabilities (KEVs) linked to active ransomware campaigns as well as an insecure connection to the internet – on their…
Tor Browser 14.0.8 Emergency Release for Windows Users
The Tor Project has swiftly released an emergency update for the Tor Browser, 14.0.8, which is exclusively available for Windows users and can be downloaded directly from the Tor Browser download page and the Tor distribution directory. This urgent update incorporates critical security…
Infosec products of the month: March 2025
Here’s a look at the most interesting products from the past month, featuring releases from: 1Kosmos, Alloy, Cloudflare, Cytex, Detectify, GetReal Security, iProov, Keysight Technologies, Outpost24, Palo Alto Networks, Pondurance, Red Canary, SailPoint, SimSpace, Sonatype, Sumsub, and TXOne Networks. Outpost24…
Post-quantum cryptography and the future of online safety
In this Help Net Security video, Rebecca Krauthamer, CEO of QuSecure, explores the rising urgency of post-quantum cryptography (PQC) and what organizations must do to prepare. She breaks down the so-called “quantum threat” and explains why it’s not just theoretical.…
CISA Warns of Google Chrome Zero-day Vulnerability Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a critical zero-day vulnerability in Google Chrome that is actively being exploited in the wild. The vulnerability, identified as CVE-2025-2783, affects the Chromium-based browsers on Windows systems…
ISC Stormcast For Friday, March 28th, 2025 https://isc.sans.edu/podcastdetail/9384, (Fri, Mar 28th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, March 28th, 2025…
IT Security News Hourly Summary 2025-03-28 03h : 1 posts
1 posts were published in the last hour 1:34 : Cyber-crew claims it cracked American cableco, releases terrible music video to prove it
Cyber-crew claims it cracked American cableco, releases terrible music video to prove it
WOW! DID! SOMEONE! REALLY! STEAL! DATA! ON! 400K! USERS?! A cyber-crime ring calling itself Arkana has made a cringe music video to boast of an alleged theft of subscriber account data from Colorado-based cableco WideOpenWest (literally, WOW!)… This article has…
Von Gmail bis Dropbox: Diese Website zeigt dir die besten europäischen Alternativen
Egal, ob soziale Netzwerke, Cloud-Dienste oder E-Mail-Provider: Es ist gar nicht so einfach, Anbieter zu finden, die nicht nur Serverstandorte in Europa haben, sondern europäisch sind. Eine praktische Website schafft hier Abhilfe. Dieser Artikel wurde indexiert von t3n.de – Software…
How do I manage access controls for NHIs to meet compliance requirements?
How Can Non-Human Identities Improve Access Control Compliance? Is it possible that non-human identities (NHIs) could help elevate your organization’s security outlook? when businesses across various sectors like healthcare, finance, and travel increasingly shift to cloud computing, the strategic importance…
What training is necessary for staff regarding NHI compliance?
Why Should Staff Be Trained on Non-Human Identities Compliance? Imagine a business environment where machine identities seamlessly communicate with each other, ensuring the smooth running of essential processes. Wouldn’t it be wonderful if they could run securely, free from the…