A cybersecurity researcher has successfully broken the encryption used by the Linux/ESXI variant of the Akira ransomware, enabling data recovery without paying the ransom demand. The breakthrough exploits a critical weakness in the ransomware’s encryption methodology. According to the researcher,…
U.S. Charges LockBit Ransomware Developer in Cybercrime Crackdown
The U.S. Department of Justice has charged Rostislav Panev, a dual Russian and Israeli national, for his role as a developer of the notorious LockBit ransomware group. Panev, 51, was arrested in Israel in August following a U.S. provisional arrest…
IT Security News Hourly Summary 2025-03-14 09h : 4 posts
4 posts were published in the last hour 7:35 : CISA Releases Security Advisory on 13 Industrial Control System Threats 7:34 : New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions 7:34 : Medusa ransoms infrastructure, Google breakup sought, more…
CISA Releases Security Advisory on 13 Industrial Control System Threats
CISA issued thirteen Industrial Control Systems (ICS) advisories, highlighting current security issues and vulnerabilities in various systems. These advisories are crucial for maintaining the security and integrity of industrial operations. The affected products primarily include several Siemens systems, along with…
New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions
Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware (as coined by Microsoft) that’s designed…
Medusa ransoms infrastructure, Google breakup sought, more Booking.com phishing
Medusa ransomware continues to attack infrastructure DoJ seeks to break up Google Another phishing campaign hits Booking.com Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time…
Cyber Security Madness In The US Government: Cyber Security Today for March 14, 2025
Cybersecurity Madness: Halting Operations, Google Gemini, and Fake Captchas In this episode, host Jim Love delves into controversial cybersecurity decisions and the latest trends. The US government’s directive to halt offensive cyber operations against Russia sparks debate about national security.…
Anzeige: Effektives IT-Störungsmanagement bei Cybervorfällen
Die Auswirkungen von Cyberattacken lassen sich durch ein gezieltes Erstreaktionsmanagement erheblich mindern. Ein Intensiv-Workshop vermittelt, wie IT-Forensik, Schadensanalysen und Risikobewertung eingesetzt werden. (Golem Karrierewelt, Sicherheitslücke) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Anzeige: Effektives…
New Microsoft 365 Attack Leverages OAuth Redirection for Credential Theft
Threat researchers at Proofpoint are currently tracking two sophisticated and highly targeted cyber-attack campaigns that are utilizing OAuth redirection mechanisms to compromise user credentials. These attacks combine advanced brand impersonation techniques with malware proliferation, focusing on Microsoft 365-themed credential phishing…
DeepSeek Can Be Abused to Create Malware
In a recent investigation, Tenable researchers explored how DeepSeek, a large language model (LLM) built by a Chinese company, can be exploited to generate malware, including keyloggers and ransomware, despite its initial refusal to engage in harmful activities. Unlike popular…
Microsoft Uncovers New XCSSET macOS Malware Variant Targeting Xcode Projects
Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated modular macOS malware that targets Xcode projects. The malware was found in the wild during routine threat hunting and is the first known XCSSET variant to surface since…
SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware
Between late January and early March 2025, cybersecurity researchers at Forescout’s Vedere Labs uncovered a series of sophisticated intrusions leveraging critical Fortinet vulnerabilities. The attacks, attributed to a newly identified threat actor tracked as “Mora_001,” culminated in the deployment of…
No, there isn’t a world ending Apache Camel vulnerability
Posts have been circulating publicly on the internet for several days about a “critical”, end of the world “zero day” in Apache Camel, CVE-2025–27636. Many of the posts explained in specific detail about how to exploit the vulnerability — despite the fact…
FBI alerts Gmail users over Medusa Ransomware
The FBI, America’s federal law enforcement agency, has issued an urgent warning to all Gmail users about an ongoing hacking campaign carried out by the operators of Medusa Ransomware. According to the FBI, this cybercriminal group is notorious for encrypting…
Decrypting Akira Ransomware on Linux/ESXi Without Paying Hackers
A team successfully decrypted an instance of the Akira ransomware on Linux/ESXi systems without succumbing to the hackers’ demands. This achievement not only underscores the ingenuity of cybersecurity experts but also serves as a powerful message to those who rely…
Volt Typhoon Found Inside Massachusetts Electric Utility for Nearly a Year
Industrial cybersecurity firm Dragos has revealed that a small electric and water utility in Massachusetts was breached by a sophisticated Chinese Advanced Persistent Threat (APT) group for over 300 days. The attack targeted Littleton Electric Light and Water Departments (LELWD),…
OpenAI Pushes for Federal-Only AI Regulation
OpenAI has officially called on US lawmakers to exempt it from complying with state-level AI regulations, instead urging a unified approach under federal AI rules. It argues that a consistent, nationwide framework is critical to maintain US leadership in AI…
Top 5 threats keeping CISOs up at night in 2025
Cyber threats in 2025 require a proactive, adaptive approach. To stay ahead, CISOs must balance technical defenses, regulatory expectations, and human factors. By prioritizing AI-driven security, ransomware resilience, supply chain risk management, insider threat mitigation, and compliance preparedness, CISOs can…
OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection
A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77. The activity, condemned OBSCURE#BAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It’s currently not known…
Guardz Reveals Details of an Ongoing Phishing Campaign Exploiting Microsoft 365 Infrastructure
The cybersecurity company empowering MSPs to secure small businesses identified a highly sophisticated Microsoft 365 tenant brand manipulation and disrupted its use against their customers. Guardz, the cybersecurity company empowering MSPs and IT professionals to deliver comprehensive, AI-native cyber protection…
New Cyber Attack Targets PyPI Users to Steal Cloud Tokens and Sensitive Data
A recent discovery by ReversingLabs researchers has unveiled a malicious cyber attack targeting the Python Package Index (PyPI) users, a popular platform for Python developers. This sophisticated campaign involves malicious packages masquerading as time-related utilities, but are designed to steal…
NHS Investigates Alleged API Flaw That May Have Exposed Patient Data
The NHS is investigating claims made by a whistleblower regarding a security flaw at Medefer, an online healthcare provider working with the NHS. The whistleblower alleged that a flaw in the company’s application programming interface (API) exposed NHS patient data.…
Top 10 Best Cyber Attack Simulation Tools – 2025
Cyber attack simulation tools help organizations identify vulnerabilities, test security defenses, and improve their cybersecurity posture by simulating real-world attacks. These tools range from breach and attack simulation (BAS) platforms to adversary emulation frameworks. Here are some of the top…
One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild
A devastating new remote code execution (RCE) vulnerability, CVE-2025-24813, is now actively exploited in the wild. Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers. The exploit, originally published by a Chinese forum user iSee857,…