Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest DJ Schleen, Head of Security, Boats Group Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero…
Hackers Exploit Critical NodeJS Vulnerabilities to Hijack Jenkins Agents for RCE
Security researchers have identified critical vulnerabilities in the Node.js CI/CD infrastructure, exposing internal Jenkins agents to remote code execution and raising the risk of supply chain attacks. These flaws stemmed from the integration and communication gaps between multiple DevOps platforms-specifically…
Hackers Exploit New Eye Pyramid Offensive Tool With Python to Launch Cyber Attacks
Security researchers from Intrinsec have published a comprehensive analysis revealing significant overlaps in infrastructure between multiple ransomware operations and the open-source offensive tool, Eye Pyramid. Their investigation, which began by examining a Python backdoor used by the RansomHub ransomware group,…
IT Security News Hourly Summary 2025-05-02 21h : 3 posts
3 posts were published in the last hour 19:3 : DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door 19:3 : CISA Adds Two Known Exploited Vulnerabilities to Catalog 19:3 : Privacy for Agentic AI
New MCP-Based Attack Techniques and Their Application in Building Advanced Security Tools
MCP, developed by Anthropic, allows Large Language Models (LLMs) to interface seamlessly with external tools, enabling the creation of agentic AI systems that can autonomously perform complex tasks. As organizations increasingly integrate MCP, new attack techniques have emerged, highlighting the…
Mike Waltz Has Somehow Gotten Even Worse at Using Signal
A photo taken this week showed Mike Waltz using an app that looks like—but is not—Signal to communicate with top officials. “I don’t even know where to start with this,” says one expert. This article has been indexed from Security…
Why CISOs Are Adopting DevSecOps for Secure Software Development
CISOs adopting DevSecOps strategically enhance security measures while ensuring fast-paced software development, responding to the growing landscape of cyber threats. Integrating security practices throughout the entire development lifecycle is critical for organizations seeking to reduce vulnerabilities without sacrificing innovation speed.…
Nebulous Mantis hackers have Deployed the RomCom RAT globally, Targeting organizations.
Nebulous Mantis, also known as Cuba, STORM-0978, Tropical Scorpius, and UNC2596, is a Russian-speaking cyber espionage group that has been actively deploying the RomCom remote access trojan (RAT) in targeted campaigns since mid-2019. The group primarily focuses on critical infrastructure,…
Cyberattack Targets Iconic UK Retailer Harrods
Luxury department store Harrods has become the latest UK retailer to face a cyberattack, joining Marks & Spencer (M&S) and the Co-op in a wave of incidents exposing vulnerabilities across the retail sector. While Harrods’ flagship store and online platform…
BSidesLV24 – Proving Ground – You Can Be Neurodivergent And Succeed In InfoSec
Author/Presenter: Randall Wyatt Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink The post BSidesLV24…
DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door
The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry. I think it’s in the public interest to break down what is happening. The attacks on Marks and Spencer, Co-op and…
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-34028 Commvault Command Center Path Traversal Vulnerability CVE-2024-58136 Yiiframework Yii Improper Protection of Alternate Path Vulnerability These types of vulnerabilities are frequent attack…
Privacy for Agentic AI
Sooner or later, it’s going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it’s worth thinking about the security of that now, while its still a nascent…
Police Seize Dark Web Shop Pygmalion, Access User Data from 7K Orders
German police seized the dark web shop Pygmalion, gaining access to customer data linked to over 7,000 drug… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Police Seize…
Dating app Raw exposed users’ location data and personal information
The app claims it uses end-to-end encryption, but spilled its users’ dating preferences and granular location data to the open web. This article has been indexed from Security News | TechCrunch Read the original article: Dating app Raw exposed users’…
The CISO’s Guide to Securing AI and Machine Learning Systems
As AI and machine learning reshape business operations, they also introduce new security challenges—making Securing AI Systems for CISOs essential, as traditional frameworks often fall short. For Chief Information Security Officers (CISOs), securing AI/ML systems requires expanding security mindsets beyond…
AI‑Powered Security Transformation with Tactical Approach to Integration
In the evolving landscape of cybersecurity, artificial intelligence has transitioned from an experimental technology to a core component of security operations. According to recent Gartner research, security and risk management leaders are pivoting toward a more tactical approach to AI…
Threat Actors Attacking Critical National Infrastructure With New Malware and Infrastructure
A sophisticated cyber intrusion targeting critical national infrastructure (CNI) in the Middle East has been uncovered, revealing a long-term espionage operation attributed to an Iranian state-sponsored threat group. The attack, which persisted from May 2023 to February 2025, with potential…
Threat Actors Bypass MFA Using AiTM Attack via Reverse Proxies
Multi-factor authentication (MFA) has long been touted as a robust security measure against phishing attacks, but sophisticated threat actors have developed new techniques to circumvent these protections. A concerning trend has emerged where cybercriminals are successfully bypassing MFA through adversary-in-the-middle…
New MintsLoader Drops GhostWeaver via Phishing & ClickFix Attack
A sophisticated new malware loader dubbed “MintsLoader” has emerged in the cybersecurity landscape, serving as a delivery mechanism for a previously undocumented backdoor called “GhostWeaver.” Security researchers have observed a significant spike in targeted attacks against financial institutions and healthcare…
New Report Reveals Hackers Now Aim for Money, Not Chaos
Recent research from Mandiant revealed that financially motivated hackers are the new trend, with more than (55%) of criminal gangs active in 2024 aiming to steal or extort money from their targets, a sharp rise compared to previous years. About…
Think That Job Offer on LinkedIn Is Real? Not Without This Badge
LinkedIn has taken a major step toward improving online safety by extending its identity verification feature beyond its own platform. This update is part of the company’s ongoing efforts to help users avoid fake profiles and internet scams, especially…
IT Security News Hourly Summary 2025-05-02 18h : 4 posts
4 posts were published in the last hour 16:2 : Enhancing EHR Security: Best Practices for Protecting Patient Data 16:2 : Hacker Calls Pahalgam Incident “Inside Job” on Rajasthan Education Department Website 15:32 : Generative AI makes fraud fluent –…
Irish Regulator Fines TikTok €530m For GDPR Violation
TikTok fined €530m by Ireland’s privacy regulator for GDPR violation after transferring European data to China This article has been indexed from Silicon UK Read the original article: Irish Regulator Fines TikTok €530m For GDPR Violation
Microsoft To Host Elon Musk’s Grok AI Chatbot – Report
Surprise development? OpenAI’s long-term backer, Microsoft, is reportedly getting ready to host Elon Musk’s Grok AI model This article has been indexed from Silicon UK Read the original article: Microsoft To Host Elon Musk’s Grok AI Chatbot – Report
UK Luxury Retailer Harrods Hit by Cyber Attack After M&S, Co-op
Luxury retailer Harrods confirms a cyber attack attempt, restricting internet access but keeping its online store running. Learn… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: UK Luxury…
On world password day, Microsoft says fewer passwords, more passkeys
Passwords are becoming things of the past. Passkeys are more secure, easier to manage, and speed up the log in process This article has been indexed from Malwarebytes Read the original article: On world password day, Microsoft says fewer passwords,…