well...
news
latest news about cyber-security
news
>
@cyber-security
↑
HOT:
@ukraine
,
@russia
,
@israel
,
@palestine
zdroje:
#bleepingcomputer.com
#blog.google-TAG
#csirt.cz
#cyberscoop.com
#cybersecuritynews.com
#darkreading.com
#googleprojectzero.blogspot.com
#kratkespravy.sk
#krebsonsecurity.com
#linuxsecurity.com
#nakedsecurity.sophos.com
#nukib.cz
#scmagazine.com
#security.googleblog.com
#securityaffairs.co
#securityweek.com
#thehackernews.com
#therecord.media
#threatpost.com
#tripwire.com-state-of-security
bleepingcomputer.com
Microsoft unveils new AI agents that can modify Windows settings
Linux wiper malware hidden in malicious Go modules on GitHub
Microsoft pushes fix for Windows 11 24H2 update failures
Luna Moth extortion hackers pose as IT help desks to breach US firms
New "Bring Your Own Installer" EDR bypass used in ransomware attack
Microsoft finds default Kubernetes Helm charts can expose data
Unofficial Signal app used by Trump officials investigates hack
Darcula PhaaS steals 884,000 credit cards via phishing texts
Microsoft is killing Skype today, pushes users to Teams
UK shares security tips after major retail cyberattacks
Microsoft silently fixes Start menu bug affecting Windows 10 PCs
Microsoft: Windows 11 24H2 now ready to rollout to everyone
blog.google-TAG
TAG Bulletin: Q4 2024
TAG Bulletin: Q3 2024
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
Iranian backed group steps up phishing campaigns against Israel, U.S.
Google disrupted over 10,000 instances of DRAGONBRIDGE activity in Q1 2024
TAG Bulletin: Q2 2024
A review of zero-day in-the-wild exploits in 2023
TAG Bulletin: Q1 2024
Tool of First Resort: Israel-Hamas War in Cyber
Buying Spying: How the commercial surveillance industry works and what can be done about it
TAG Bulletin: Q4 2023
Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware
csirt.cz
Postřehy z bezpečnosti: rootkit Curing ukazuje slabiny detekce
Zranitelnosti v protokolu AirPlay umožňují vzdálené spuštění kódu přes Wi-Fi
Nová verze ransomwaru WormLocker
Distribuovaný FTP bruteforcer
Oracle potvrdil únik dat, útočník nabízí 6 milionů záznamů
Postřehy z bezpečnosti: operace Red Card vyústila v zatčení tří set lidí
NÚKIB spustil novou verzi Portálu
Botnet Eleven11bot infikoval desítky tisíc zařízení a sloužit má k DDoS útokům
Desítky podvodných stránek napodobujících DeepSeek jsou využívány k šíření malware
Postřehy z bezpečnosti: starý dobrý miner ukrytý v herních instalátorech
cyberscoop.com
After Signal controversy, do private conversations online exist anymore?
Google addresses 1 actively exploited vulnerability in May’s Android security update
Federal prosecutors indict alleged head of Black Kingdom ransomware
Amazon, CrowdStrike, Google and Palo Alto Networks claim no change to threat intel sharing under Trump
Trump administration proposes cutting $491M from CISA budget
Ukrainian extradited to US for alleged Nefilim ransomware attack spree
National Security Council cyber lead wants to ‘normalize’ offensive operations
Quantum computer threat spurring quiet overhaul of internet security
Leaders of 764, global child sextortion group, arrested and charged
North Korean operatives have infiltrated hundreds of Fortune 500 companies
cybersecuritynews.com
private
Hackers Using Fake Chrome Error Pages to Attack Windows Users With Malicious Scripts
Android Security Update – Critical Patch Released for Actively Exploited Vulnerability
Microsoft Reminds of Windows 10 To Reach End of Support – No More Security Updates
Samsung MagicINFO 9 Server Vulnerability Exploited in the Wild
Microsoft Fixes Group Policy Bug That Prevents Installation of Windows 11 24H2
New ClickFix Attack Mimics Ministry of Defense Website to Attack Windows & Linux Machines
New GPOHound Tool To Analyze Group Policy in Active Directory For Privilege Escalation Paths
CISA Warns of Langflow Missing Authentication Vulnerability Exploited in Attacks
Darcula (PhaaS) Stolen 884,000 Credit Card Details on 13 Million Clicks from Users Worldwide
Beyond DDoS: The New Breed Of Layer 7 Attacks And How SMEs Can Outmaneuver Them
darkreading.com
AI Domination: RSAC 2025 Social Media Roundup
'Venom Spider' Targets Hiring Managers in Phishing Scheme
Ongoing Passkey Usability Challenges Require 'Problem Solving'
The Dark Side of Digital: Breaking the Silence on Youth Mental Health
Phony Hacktivist Pleads Guilty to Disney Data Leak
How to Prevent AI Agents From Becoming the Bad Guys
UK Retailers Reeling From Likely Ransomware Attacks
What NY's New Security Rules Mean for Finance Firms
Attackers Ramp Up Efforts Targeting Developer Secrets
Despite Arrests, Scattered Spider Continues High-Profile Hacking
Cut CISA and Everyone Pays for It
SANS Top 5: Cyber Has Busted Out of the SOC
googleprojectzero.blogspot.com
The Windows Registry Adventure #6: Kernel-mode objects
Blasting Past Webp
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
The Windows Registry Adventure #5: The regf file format
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
Windows Tooling Updates: OleView.NET
Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
The Windows Registry Adventure #4: Hives and the registry layout
Effective Fuzzing: A Dav1d Case Study
The Windows Registry Adventure #3: Learning resources
kratkespravy.sk
Zo sveta IT bezpečnosti, 4/2025
Zo sveta IT bezpečnosti, 3/2025
Zo sveta IT bezpečnosti, 2/2025
Zo sveta IT bezpečnosti, 1/2025
Zo sveta IT bezpečnosti, 12/2024
Zo sveta IT bezpečnosti, 11/2024
Zo sveta IT bezpečnosti, 10/2024
Zo sveta IT bezpečnosti, 9/2024
Oslo: Návod na použitie
Zo sveta IT bezpečnosti, 8/2024
krebsonsecurity.com
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
Alleged ‘Scattered Spider’ Member Extradited to U.S.
DOGE Worker’s Code Supports NLRB Whistleblower
Whistleblower: DOGE Siphoned NLRB Case Data
Funding Expires for Key Cyber Vulnerability Database
Trump Revenge Tour Targets Cyber Leaders, Elections
China-based SMS Phishing Triad Pivots to Banks
Patch Tuesday, April 2025 Edition
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
How Each Pillar of the 1st Amendment is Under Attack
linuxsecurity.com
Overcoming SaaS Security Risks with Open-Source Tools
Understanding the Linux Filesystem Case Sensitivity Debate
Strengthening Privacy & Security with Tails 6.15
20-Year Browser History Privacy Flaw Prompts Chrome 136 Release
Ubuntu 25.04 & 24.10: USN-7484-1 Critical: OpenJDK 24 Issues Fixed
Ubuntu 24.04 LTS: 7483-1 critical: OpenJDK 21 Denial of Service
Ubuntu 25.04 Advisory USN-7482-1: OpenJDK 17 multiple threats fixed
Ubuntu 25.04: USN-7481-1 critical: OpenJDK 11 Denial of Service
Ubuntu 25.04: USN-7480-1 critical: openjdk denial of service
Fedora 41: FEDORA-2025-8fbc37e703 critical: chromium issues
nakedsecurity.sophos.com
[kanál neteče]
nukib.cz
Ředitel NÚKIB Lukáš Kintr jednal v USA o pokračování spolupráce v kybernetické bezpečnosti s administrativou prezidenta Trumpa
Vydali jsme Čtvrtletní přehled hrozeb pohledem NÚKIB Q1/2025
Další ročník kyberbezpečnostní konference CYBER_CON se blíží, zapojte se do tvorby programu
Návrh nového zákona o kybernetické bezpečnosti schválila Poslanecká sněmovna
Upozorňujeme na metodu „harvest now, decrypt later“
Vydali jsme přehled kybernetických incidentů za březen 2025
Upozornění na možnou zvýšenou aktivitu kyberútočníků v souvislosti s EXPO 2025
Upozorňujeme na zneužívání identit Amazon, Microsoft a státních institucí
Upozornění na zvýšené riziko DDoS útoků během voleb do Evropského parlamentu
Upozornění na kompromitaci routerů Ubiquity Edge OS aktérem sponzorovaným ruským státem
Doporučení v oblasti kryptografických prostředků verze 3.0
Doporučení k používání protokolu TLP ke sdílení chráněných informací
scmagazine.com
[kanál neteče]
security.googleblog.com
[kanál neteče]
securityaffairs.co
Google fixed actively exploited Android flaw CVE-2025-27363
New ‘Bring Your Own Installer (BYOI)’ technique allows to bypass EDR
Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate
Kelly Benefits December data breach impacted over 400,000 individuals
A hacker stole data from TeleMessage, the firm that sells modified versions of Signal to the U.S. gov
Experts shared up-to-date C2 domains and other artifacts related to recent MintsLoader attacks
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
US authorities have indicted Black Kingdom ransomware admin
Malicious Go Modules designed to wipe Linux systems
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 44
securityweek.com
Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks
Industry Moves for the week of April 14, 2025 - SecurityWeek
Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers
Kidney Dialysis Services Provider DaVita Hit by Ransomware
Conduent Says Names, Social Security Numbers Stolen in Cyberattack
2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games
Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats
NetRise Raises $10 Million to Grow Software Supply Chain Security Platform
Hertz Discloses Data Breach Linked to Cleo Hack
CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security Officer at Adobe
thehackernews.com
Third Parties and Machine Credentials: The Silent Drivers Behind 2025's Worst Breaches
Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks
Entra ID Data Protection: Essential or Overkill?
Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi
Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed
Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors
Perfection is a Myth. Leverage Isn't: How Small Teams Can Secure Their Google Workspace
Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware
therecord.media
Multiple iHeartRadio stations breached in December
Peru denies it was hit by ransomware attack following Rhysida claims
Hackers launch ‘serious’ attacks against Georgia school district, New Mexico university
Myanmar militia leader sanctioned by US over cyber scam connections
Ukraine detains alleged FSB agent recruited via TikTok for spying on military
threatpost.com
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
tripwire.com-state-of-security
As Vishing Gains Momentum, It’s Time to Fight Back
PIVOTT Act Revived to Tackle Growing Cybersecurity Workforce Shortages
Strengthening Cybersecurity Incident Response Part 2: From Detection to Recovery
Getting Email Security Right
The Growing Threat of Ransomware-as-a-Service (RaaS) on Healthcare Infrastructure
Ransomware Attacks on Critical Infrastructure Surge, Reports FBI
The Growing Threat of Ransomware to the Manufacturing Sector
New Bill Mandates Cybersecurity Overhaul for Federal Contractors
Scams 2.0: How Technology Is Powering the Next Generation of Fraud
Smart Africa Unveils 5-Year Cybersecurity Plan to Strengthen Digital Resilience