NVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute malicious code, trigger denial-of-service attacks, and compromise sensitive data on Linux systems. The security bulletin, published…
Tag: EN
New VolkLocker Ransomware Variant Targets Both Linux and Windows Systems
CyberVolk, a pro-Russia hacktivist group first documented in late 2024, has resurfaced with a sophisticated ransomware-as-a-service (RaaS) offering called VolkLocker after months of dormancy caused by Telegram enforcement actions. The group returned in August 2025 with version 2.x, featuring advanced…
Storm-0249: EDR Process Sideloading to Conceal Malicious Activity
Initial access broker Storm-0249 has evolved from a mass phishing operation into a sophisticated threat actor weaponizing legitimate Endpoint Detection and Response (EDR) processes through sideloading techniques to conceal malicious activity as routine security operations. This represents a significant escalation…
Bugcrowd Puts Defenders on the Offensive With AI Triage Assistant
Bugcrowd unveils AI Triage Assistant and AI Analytics to help security teams proactively defend against AI-driven cyberattacks by accelerating vulnerability analysis, reducing MTTR, and enabling preemptive security decisions. The post Bugcrowd Puts Defenders on the Offensive With AI Triage Assistant appeared…
Frogblight threatens you with a court case: a new Android banker targets Turkish users
Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.…
How researchers are teaching AI agents to ask for permission the right way
People are starting to hand more decisions to AI agents, from booking trips to sorting digital files. The idea sounds simple. Tell the agent what you want, then let it work through the steps. The hard part is what the…
VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee. According to SentinelOne,…
Prometheus: Open-source metrics and monitoring systems and services
Prometheus is an open-source monitoring and alerting system built for environments where services change often and failures can spread fast. For security teams and DevOps engineers, it has become a common way to track system behavior, spot early warning signs,…
What types of compliance should your password manager support?
Lost credentials and weak authentication controls still sit at the center of many security incidents. IT leaders and CISOs know this problem well. They also know that regulators watch how organizations protect passwords, track access, and document security decisions. That…
Europe’s DMA raises new security worries for mobile ecosystems
Mobile security has long depended on tight control over how apps and services interact with a device. A new paper from the Center for Cybersecurity Policy and Law warns that this control may weaken as the European Union’s Digital Markets…
Cybersecurity Today: Apple Security Updates, AI Search Engine Scams, Torrent Malware, and Stanford’s AI Penetration Testing
In this episode of Cybersecurity Today, host David Shipley discusses significant developments in the cybersecurity landscape. Apple releases security updates to address two actively exploited WebKit vulnerabilities. Scammers manipulate AI-powered search tools to recommend fake support numbers, reflecting a growing…
CISA Releases Guidance for Managing UEFI Secure Boot on Enterprise Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), has issued new guidance urging enterprises to verify and manage UEFI Secure Boot configurations to counter bootkit threats. Released in December 2025 as a…
Manufacturing is becoming a test bed for ransomware shifts
Manufacturing leaders may feel that ransomware risk has settled, but new data shows the threat is shifting in ways that require attention, according to a Sophos report. A global survey of 332 IT and security leaders outlines how attackers are…
CIAM vs IAM: Comparing Customer Identity and Identity Access Management
Understand the key differences between CIAM and IAM. Learn which identity management solution is right for your business for customer and employee access. The post CIAM vs IAM: Comparing Customer Identity and Identity Access Management appeared first on Security Boulevard.…
Starlink claims Chinese launch came within 200 meters of broadband satellite
PLUS: Drugs found in ink cartridges; Chinse censorship fighters criticize Vultr; Coupang CEO resigns; And more! Asia In Brief A SpaceX executive has claimed that a Chinese satellite launch came within 200 meters of hitting a Starlink satellite.… This article…
ISC Stormcast For Monday, December 15th, 2025 https://isc.sans.edu/podcastdetail/9738, (Mon, Dec 15th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, December 15th, 2025…
Infosecurity.US Wishes All A Happy Hanukkah!
United States of America’s NASA Astronaut Jessica Meir’s Hanukkah Wishes from the International Space Station: Happy Hanukkah to all those who celebrate it on Earth! (Originally Published in 2019) United States of America’s NASA Astronaut Jessica Meir Permalink The post…
Honeypots can help defenders, or damn them if implemented badly
PLUS: Crims could burn your AI budgets thanks to weak defaults; CISA’s top 25 vulns for 2025; And more Infosec In Brief The UK’s National Cyber Security Centre (NCSC) has found that cyber-deception tactics such as honeypots and decoy accounts…
How can Agentic AI enhance our cybersecurity measures
What Role Do Non-Human Identities Play in Securing Our Digital Ecosystems? Where more organizations migrate to the cloud, the concept of securing Non-Human Identities (NHIs) is becoming increasingly crucial. NHIs, essentially machine identities, are pivotal in maintaining robust cybersecurity frameworks.…
What are the best practices for managing NHIs
What Challenges Do Organizations Face When Managing NHIs? Organizations often face unique challenges when managing Non-Human Identities (NHIs). A critical aspect that enterprises must navigate is the delicate balance between security and innovation. NHIs, essentially machine identities, require meticulous attention…