2 related articles · 99% similarity

The Cybersecurity and Infrastructure Security Agency (CISA) has ceased updating security advisories for Siemens SiPass vulnerabilities after January 10, 2023. This means users are responsible for managing any future vulnerabilities discovered in this product, relying on initial advisories for mitigation. CISA's decision highlights the need for organizations to proactively address ICS security.

2 related articles · 93% similarity

Victoria's Secret's website and some store services were shut down due to a significant security incident, likely a cyberattack. Experts warn of increasing threats against major retailers, highlighting the vulnerability of large companies to online attacks.

2 related articles · 96% similarity

Chinese state-sponsored hacking group APT41 employed the 'ToughProgress' malware to leverage Google Calendar for covert command-and-control communications, highlighting the increasing sophistication of cyberattacks targeting Google services. This method allows for stealthy malware operations, bypassing traditional security measures.

2 related articles · 95% similarity

Apple announced it blocked over $9 billion in fraudulent App Store transactions from 2018 to 2024, highlighting a significant effort to combat rising threats. This includes over $2 billion in blocked transactions in 2024 alone, demonstrating the ongoing scale of fraudulent activity.

2 related articles · 94% similarity

LexisNexis Risk Solutions confirmed a data breach in December 2024, compromising the personal information of over 364,000 individuals. The attackers remain unidentified, and the extent of the stolen data is still being investigated.

3 related articles · 89% similarity

The Czech government officially blamed the Chinese-linked APT31 hacking group for a series of cyberattacks in 2022, targeting critical infrastructure and the Ministry of Foreign Affairs. This condemnation marks a significant escalation in tensions between the two countries.

2 related articles · 87% similarity

Microsoft has released a new backup tool, \

3 related articles · 85% similarity

A new Linux botnet, PumaBot, is targeting IoT devices, brute-forcing SSH credentials to deploy malicious payloads and potentially mine cryptocurrency. The Go-based malware exhibits some automation in its attacks, raising concerns about its potential scale and impact.

2 related articles · 81% similarity

A sophisticated botnet, dubbed 'AyySSHush,' has compromised over 9,000 ASUS routers, and potentially others, installing persistent SSH backdoors that survive firmware updates and resets. This allows attackers persistent access, highlighting the need for robust router security practices.

2 related articles · 79% similarity

Google and Mozilla have released emergency updates for Chrome, Firefox, and Thunderbird to address multiple high-severity security vulnerabilities. These patches are crucial for protecting users from potential exploitation; users are urged to update their browsers immediately.

4 related articles · 77% similarity

A critical vulnerability in Microsoft OneDrive's file picker allows websites and apps to gain unauthorized access to users' entire cloud storage, not just the selected file, impacting numerous applications like ChatGPT and Zoom. Security researchers urge users to exercise caution and await Microsoft's patch.

2 related articles · 76% similarity

A critical vulnerability in Apple's Safari browser allows fullscreen browser-in-the-middle (BitM) attacks, enabling attackers to steal user credentials. These attacks trick users into unknowingly logging into malicious sites, compromising sensitive information within seconds.

2 related articles · 97% similarity

The Cybersecurity and Infrastructure Security Agency (CISA) released a total of six advisories in late May 2025, addressing critical vulnerabilities in Industrial Control Systems (ICS). These advisories highlight urgent security issues requiring immediate attention from organizations to mitigate potential risks.

3 related articles · 92% similarity

MathWorks, the creator of MATLAB, suffered a significant ransomware attack impacting its websites, online services, and licensing systems. While the responsible group remains unidentified, the company is working to restore full functionality. The attack caused widespread service disruptions for users.

2 related articles · 89% similarity

Zscaler is acquiring Red Canary, a managed detection and response (MDR) specialist, to bolster its security operations offerings and integrate Red Canary's extensive ecosystem with Zscaler's cloud data. The acquisition, expected to close in August, signifies Zscaler's significant expansion into the MDR market.

3 related articles · 89% similarity

Sina Gholinejad, an Iranian national, pleaded guilty to his involvement in the RobbinHood ransomware attacks, specifically targeting Baltimore, resulting in a $19 million loss. He faces up to 30 years in prison for his role in the international cybercrime scheme.

5 related articles · 85% similarity

A data breach at Adidas, stemming from a compromised third-party customer service provider, exposed customer information. While the extent of the breach is still unclear, Adidas confirmed the theft of some customer data, urging affected individuals to remain vigilant against phishing attacks. No financial information was reportedly affected.

2 related articles · 84% similarity

CISA, in collaboration with international partners, released new guidance on effectively implementing Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) systems. The guidance emphasizes thorough testing and cost management to ensure successful deployment and maximize the security benefits of these crucial platforms.

5 related articles · 82% similarity

The DragonForce ransomware group exploited vulnerabilities in the SimpleHelp RMM software used by a managed service provider (MSP), enabling a supply chain attack that encrypted customer endpoints. This highlights the dangers of unpatched software and the increasing sophistication of ransomware attacks targeting MSPs.

3 related articles · 75% similarity

A newly identified Russian APT group, known as both Void Blizzard and Laundry Bear, infiltrated the Dutch police and subsequently targeted NATO-associated organizations and EU entities, stealing sensitive data in a sophisticated cyberespionage campaign.

2 related articles · 79% similarity

Microsoft released emergency updates for Windows Server and Windows 10/11 to resolve critical Hyper-V virtual machine freezing and restart problems. These out-of-band updates address issues impacting BitLocker functionality as well.

2 related articles · 90% similarity

Chinese hackers exploited a critical zero-day vulnerability in Trimble Cityworks software, potentially compromising numerous US local government systems. The vulnerability, since patched, allowed access before discovery, raising concerns about the extent of data breaches.

4 related articles · 89% similarity

CISA issued warnings about a widespread campaign exploiting a Commvault vulnerability, allowing attackers to breach Microsoft 365 environments via Commvault's Metallic service. The attacks leverage compromised application secrets and cloud misconfigurations, highlighting a broader SaaS security threat.

3 related articles · 88% similarity

A coordinated international effort has disrupted the DanaBot botnet, resulting in the seizure of its infrastructure and the indictment of 16 suspects. The operation, costing victims over $50 million, highlights a successful public-private partnership in combating large-scale cybercrime.

2 related articles · 87% similarity

Hackers exploited a vulnerability in the Cetus Protocol, a decentralized exchange on the SUI blockchain, stealing approximately $223 million in cryptocurrency. The protocol has acknowledged the theft and is reportedly considering measures to mitigate further losses.

4 related articles · 83% similarity

The FBI issued warnings about the Silent Ransom Group (also known as Luna Moth), a hacking group using sophisticated vishing (voice phishing) campaigns to extort US law firms. These attacks leverage stolen data to pressure firms into paying, avoiding the typical ransomware encryption methods. The FBI urges law firms to heighten cybersecurity awareness and implement protective measures.

2 related articles · 83% similarity

Signal has implemented a default privacy feature on Windows 11 to prevent Microsoft's 'Windows Recall' program from capturing screenshots. This leverages existing copyright protection mechanisms to thwart the data collection, raising concerns about the security implications of Windows Recall.

5 related articles · 80% similarity

Over 60 malicious packages on the npm registry have been discovered, stealing sensitive host and network information from developers' machines. This coordinated attack leveraged compromised packages to exfiltrate data, potentially impacting numerous projects and organizations.

3 related articles · 79% similarity

International law enforcement agencies, including Europol and the BKA, launched Operation Endgame 2.0, seizing over 300 servers and issuing more than 20 arrest warrants in a major crackdown against ransomware networks. The operation targeted a significant supply chain of malware infrastructure, disrupting operations and leading to the seizure of €3.5 million in assets.

4 related articles · 76% similarity

The widespread adoption of AI in enterprises necessitates a shift towards secure-by-design principles. This involves integrating AI-driven security solutions, like zero-trust architectures and SASE, to mitigate risks associated with AI agents and ensure secure scalability. A defense-in-depth approach combining intelligent policies and AI insights is crucial for robust protection.

10 related articles · 75% similarity

Cybercriminals are leveraging TikTok videos and fake AI tools to distribute info-stealing malware via social engineering techniques like ClickFix. These campaigns target users with malicious links disguised as legitimate content, highlighting the growing threat of malware spread through popular platforms and AI-related tools.

2 related articles · 87% similarity

New technology from Picus helps organizations prioritize cybersecurity vulnerabilities by focusing on actually exploitable CVEs rather than reacting to every reported flaw, improving efficiency and resource allocation for patching and remediation efforts. This approach aims to reduce alert fatigue and allow security teams to focus on the most critical threats.

2 related articles · 85% similarity

Russia-aligned hackers, identified as TAG-110, launched a spear-phishing campaign against the Tajikistani government using weaponized Word documents. This cyberattack is part of a broader Russian strategy to maintain influence within the post-Soviet sphere, highlighting continued cyber aggression beyond Ukraine.