Hackers are exploiting what’s known as “Dangling DNS” records to take over corporate subdomains, posing significant threats to organizations’ security frameworks. This attack vector has been increasingly noted by security teams, highlighting the need for constant vigilance in DNS configuration…
Tag: EN
Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware
Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the Google Play Store to distribute Android malware. These websites, hosted on newly registered domains, create a façade of credible application installation pages, enticing victims with…
Threat Actors Manipulate Search Results to Lure Users to Malicious Websites
Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate search engine results, pushing malicious websites to the top where unsuspecting users are likely to click. In recent years, this tactic, often known as SEO poisoning…
RansomHub Ransomware Group Hits 84 Organizations as New Threat Actors Emerge
The RansomHub ransomware group has emerged as a significant danger, targeting a wide array of industries across the globe. In March 2025, this group alone managed to compromise 84 organizations, while new groups like Arkana and CrazyHunter have introduced sophisticated…
HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments
Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty ransomware, signaling its resurgence with attacks targeting Windows, Linux, and ESXi environments. HelloKitty ransomware, initially appearing in October 2020 as a fork of DeathRansom, has evolved…
Sapphire Werewolf Enhances Toolkit With New Amethyst Stealer to Attack Energy Companies
Cybersecurity experts have detected a sophisticated campaign targeting energy sector companies, as the threat actor known as Sapphire Werewolf deploys an enhanced version of the Amethyst stealer malware. The campaign represents a significant evolution in the group’s capabilities, featuring advanced…
Insights from a Tech Leader: Interview with TD Bank’s Chief Architect Licenia Rojas
In this captivating interview, host Jim Love sits down with Licenia Rojas, Senior Vice President and Chief Architect at TD Bank. They discuss Licenia’s journey in the technology sector, the importance of mentorship, and the role of continuous learning in…
Hackers Exploiting Domain Controller to Deploy Ransomware Using RDP
Microsoft has recently uncovered a sharp rise in ransomware attacks exploiting domain controllers (DCs) through Remote Desktop Protocol (RDP), with the average attack costing organizations $9.36 million in 2024. These sophisticated campaigns aim to cripple enterprises by encrypting critical systems…
Active Directory Attack Kill Chain Checklist & Tools List- 2025
The “Active Directory Kill Chain Attack & Defense” concept is a structured approach to understanding the sequence of events or stages involved in an Active Directory (AD) attack and the corresponding defensive measures to counteract or prevent such attacks. Microsoft…
Hackers Actively Exploits Patched Fortinet FortiGate Devices to Gain Root Access Using Symbolic Link
Fortinet has uncovered a sophisticated post-exploitation technique used by a threat actor to maintain unauthorized access to FortiGate devices, even after initial vulnerabilities were patched. The discovery, detailed in a recent Fortinet investigation, highlights the persistent risks of unpatched systems…
Google Unveils A2A Protocol That Enable AI Agents Collaborate to Automate Workflows
Google has announced the launch of Agent2Agent Protocol (A2A), a groundbreaking open protocol designed to enable AI agents to communicate with each other, securely exchange information, and coordinate actions across enterprise platforms. Revealed on April 9, 2025, the protocol marks…
Ransomware Attack Prevention Checklist – 2025
Businesses face significant hazards from ransomware attacks, which are capable of causing severe damage in a brief period. Over the past few years, numerous well-known companies, including CNA Financial, JBS Foods, and Colonial Pipeline, have fallen victim to such attacks,…
Microsoft total recalls Recall totally to Copilot+ PCs
Redmond hopes you’ve forgotten or got over why everyone hated it the first time After temporarily shelving its controversial Windows Recall feature amid a wave of backlash, Microsoft is back at it – now quietly slipping the screenshotting app into…
Laboratory Services Cooperative data breach impacts 1.6 Million People
Laboratory Services Cooperative discloses a data breach from October 2024 that exposed personal and medical info of 1.6 million individuals. Laboratory Services Cooperative disclosed a data breach that impacted the personal and medical information of 1.6 million people. The Laboratory…
Ransomware negotiation: Does it work, and should you try it?
Negotiating with the criminals who are holding your data for ransom is a daunting and stressful endeavor. Experts weigh in on the risks and the potential outcomes. This article has been indexed from Search Security Resources and Information from TechTarget…
Is Your Kubernetes Infrastructure Resilient? Test It with a Chaos Day
We all know the feeling: the pit in your stomach when a critical application goes down (and you have no idea what went wrong). In today’s always-on world, downtime isn’t just inconvenient; it can be catastrophic to your reputation and…
Week in Review: Fake ChatGPT passport, Apple appeals UK encryption, Oracle’s obsolete servers
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Carla Sweeney, SVP, InfoSec, Red Ventures Thanks to our show sponsor, Nudge Security Are you struggling to secure your exploding…
News alert: INE Security highlights why hands-on labs can help accelerate CMMC 2.0 compliance
Cary, NC, Apr. 11, 2025, CyberNewswire — Defense contractors are facing increased pressure to meet the Department of Defense’s stringent Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements ahead of 2025 compliance deadlines. INE Security, a leading global provider … (more…)…
Florida’s New Social Media Bill Says the Quiet Part Out Loud and Demands an Encryption Backdoor
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> At least Florida’s SB 868/HB 763, “Social Media Use By Minors” bill isn’t beating around the bush when it states that it would require “social media platforms…
Cybersecurity Community Must Not Remain Silent On Executive Order Attacking Former CISA Director
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> Cybersecurity professionals and the infosec community have essential roles to play in protecting our democracy, securing our elections, and building, testing, and safeguarding government infrastructure. It is…