YouTube vids explain digital tradecraft to reach spooks over Tor or VPN without blowing your cover The UK’s Secret Intelligence Service, aka MI6, has created a dark web portal called “Silent Courier” that it hopes would-be foreign informants will find…
Tag: EN
SystemBC Botnet Compromises 1,500 VPS Every Day to Rent Out for DDoS Attacks
SystemBC, a resilient socks5 malware network first spotted in 2019, has dramatically evolved its proxy infrastructure by compromising an average of 1,500 virtual private servers (VPS) each day. This shift from residential devices to large-scale VPS nodes grants threat actors…
LLMs can boost cybersecurity decisions, but not for everyone
LLMs are moving fast from experimentation to daily use in cybersecurity. Teams are starting to use them to sort through threat intelligence, guide incident response, and help analysts handle repetitive work. But adding AI into the decision-making process brings new…
New Loader “CountLoader” Uses PDFs to Launch Ransomware Attacks
Security researchers have uncovered a sophisticated new malware loader called “CountLoader” that leverages weaponized PDF files to deliver ransomware payloads to victims across multiple regions, with particular focus on Ukrainian targets. CountLoader represents a significant escalation in malware delivery techniques,…
Researchers believe Gamaredon and Turla threat groups are collaborating
ESET Research has discovered evidence of collaboration between the Gamaredon and Turla threat groups. Both groups are linked to Russia’s primary intelligence agency, the FSB, and were found working in tandem to target high-profile organizations in Ukraine. In these attacks,…
Cybersecurity Today – The Good News Edition
Cybersecurity Today: The Good News Edition In this episode, host Jim Love addresses a previous mistake regarding the location of Yellowknife and announces a special ‘good news’ edition. Key stories include Microsoft’s dismantling of a global phishing-as-a-service operation Raccoon 0365,…
SolarWinds Issues Advisory Following Salesloft Drift Security Breach
SolarWinds Corporation has released an official security advisory in response to a significant data breach involving Salesforce systems. This resulted in unauthorized access to sensitive customer information through compromised OAuth tokens linked to the Salesloft Drift integration. Understanding the Breach…
0-Click ChatGPT Agent Flaw Exposes Gmail Data to Attackers
Researchers have discovered a critical zero-click vulnerability in ChatGPT’s Deep Research agent that allows attackers to silently steal sensitive Gmail data without any user interaction. This sophisticated attack leverages service-side exfiltration techniques, making it invisible to traditional security defenses and representing a significant escalation…
Shifting supply chains and rules test CPS security strategies
Cyber-physical systems are getting harder to protect as the business landscape keeps shifting. Economic pressures, supply chain changes, and new regulations are creating more openings for attackers while complicating how organizations manage security. A new report from Claroty, based on…
SolarWinds Releases Advisory on Salesloft Drift Security Incident
SolarWinds has released an advisory regarding a security incident involving the Salesloft Drift integration for Salesforce, which led to unauthorized data access. The company confirmed that its own systems were not impacted by the breach, but is treating the matter…
News alert: Palo Alto flags threats that evade Secure Web Gateways — echoing SquareX research
Palo Alto, Calif., Sept. 18, 2025, CyberNewswire: SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON 32 last year, warning the security community of 20+ attacks that allow attackers to bypass all major SASE/SSE solutions and smuggle…
The unseen side of malware and how to find it
Security teams rely on threat reports to understand what’s out there and to keep their organizations safe. But a new report shows that these reports might only reveal part of the story. Hidden malware variants are quietly slipping past defenses,…
The real-world effects of EU’s DORA regulation on global businesses
In this Help Net Security video, Matt Cooper, Director of Governance, Risk, and Compliance at Vanta, discusses the EU’s Digital Operational Resilience Act (DORA) and its effects six months after it went into effect. DORA is the first EU-wide framework…
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization’s network following the exploitation of security flaws in Ivanti Endpoint Manager Mobile (EPMM). “Each set contains…
New infosec products of the week: September 19, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Absolute Security, Catchpoint, Nagomi Security, Neon Cyber, and QuSecure. Absolute Security Rehydrate restores compromised endpoints Rehydrate delivers business continuity endpoint restoration through a fully remote,…
ISC Stormcast For Friday, September 19th, 2025 https://isc.sans.edu/podcastdetail/9620, (Fri, Sep 19th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, September 19th, 2025…
ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT
Radware discovered a server-side data theft attack, dubbed ShadowLeak, targeting ChatGPT. OpenAI patched the zero-click vulnerability. Researchers at Radware uncovered a server-side data theft attack targeting ChatGPT, called ShadowLeak. The experts discovered a zero-click vulnerability in ChatGPT’s Deep Research agent when connected to Gmail…
These Are the 15 New York Officials ICE and NYPD Arrested in Manhattan
More than a dozen elected officials were arrested in or around 26 Federal Plaza in New York City, where ICE detains people in what courts have ruled are unsanitary conditions. This article has been indexed from Security Latest Read the…
Authorizing access to data with RAG implementations
Organizations are increasingly using large language models (LLMs) to provide new types of customer interactions through generative AI-powered chatbots, virtual assistants, and intelligent search capabilities. To enhance these interactions, organizations are using Retrieval-Augmented Generation (RAG) to incorporate proprietary data, industry-specific…
How Enterprise SEO Solutions Improve Brand Authority
Now, especially in a very competitive environment, it is essential to make your name shine. Enterprise SEO solutions… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: How Enterprise…