well...
news
latest news about cyber-security
news
>
@cyber-security
↑
HOT:
@ukraine
,
@russia
,
@israel
,
@palestine
zdroje:
#bleepingcomputer.com
#blog.google-TAG
#csirt.cz
#cyberscoop.com
#cybersecuritynews.com
#darkreading.com
#googleprojectzero.blogspot.com
#kratkespravy.sk
#krebsonsecurity.com
#linuxsecurity.com
#nakedsecurity.sophos.com
#nukib.cz
#scmagazine.com
#security.googleblog.com
#securityaffairs.co
#securityweek.com
#thehackernews.com
#therecord.media
#threatpost.com
#tripwire.com-state-of-security
bleepingcomputer.com
Police takes down AVCheck site used by cybercriminals to scan malware
Germany doxxes Conti ransomware and TrickBot ring leader
Getting Exposure Management Right: Insights from 500 CISOs
Mozilla releases Firefox 139.0.1 update to fix artifacts on Nvidia GPUs
Microsoft Authenticator now warns to export passwords before July cutoff
ConnectWise breached in cyberattack linked to nation-state hackers
Threat actors abuse Google Apps Script in evasive phishing attacks
Apple Safari exposes users to fullscreen browser-in-the-middle attacks
US sanctions firm linked to cyber scams behind $200 million in losses
Cybercriminals exploit AI hype to spread ransomware, malware
Attackers are mapping your attack surface—are you?
Victoria’s Secret takes down website after security incident
blog.google-TAG
TAG Bulletin: Q1 2025
TAG Bulletin: Q4 2024
TAG Bulletin: Q3 2024
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
Iranian backed group steps up phishing campaigns against Israel, U.S.
Google disrupted over 10,000 instances of DRAGONBRIDGE activity in Q1 2024
TAG Bulletin: Q2 2024
A review of zero-day in-the-wild exploits in 2023
TAG Bulletin: Q1 2024
Tool of First Resort: Israel-Hamas War in Cyber
Buying Spying: How the commercial surveillance industry works and what can be done about it
TAG Bulletin: Q4 2023
csirt.cz
Pozor na nový phishing cílící na uživatele Microsoft Planneru
Závažná zranitelnost v Google Chrome
Výzkumníci odhalili tisíce zneužitelných zařízení jsou mezi nimi i České
Postřehy z bezpečnosti: rootkit Curing ukazuje slabiny detekce
Zranitelnosti v protokolu AirPlay umožňují vzdálené spuštění kódu přes Wi-Fi
Nová verze ransomwaru WormLocker
Distribuovaný FTP bruteforcer
Oracle potvrdil únik dat, útočník nabízí 6 milionů záznamů
Postřehy z bezpečnosti: operace Red Card vyústila v zatčení tří set lidí
NÚKIB spustil novou verzi Portálu
cyberscoop.com
Four Senate Democrats call on DHS to reinstate Cyber Safety Review Board membership
Parties behind 2024 Biden AI robocall reach deal in lawsuit
Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims
Questions mount as Ivanti tackles another round of zero-days
Chinese hackers used Google Calendar to aid attacks on government entities
Iranian man pleads guilty in Robbinhood ransomware scheme
ZScaler acquires Red Canary for boost in AI-driven security operations
Mandiant flags fake AI video generators laced with malware
New Russian state-sponsored APT quickly gains global reach, hitting expansive targets
Senators take another swing at vulnerability disclosure policy bill for federal contractors
cybersecuritynews.com
private
Detecting Evolving Phishing Campaigns in 2025 Cyber Environments
Detecting Deepfake Threats in Authentication and Verification Systems
Deloitte Data Breach: Alleged Leak of Source Code & GitHub Credentials
Implementing Post-Quantum Cryptography for Future-Proof Security
Critical Icinga 2 Vulnerability Allows Attackers to Bypass Validation and Obtain Certificates
New Malware Compromise Microsoft Windows Without PE Header
Zero Trust Architecture Adoption for Enterprise Security in 2025
Quantum Computing Threats to Traditional Cryptographic Systems
Windows 11 Security Update for Version 22H2 & 23H2 May Lead to Recovery Error
New BitM Attack Exploits Safari Vulnerability to Steal Login Credentials
darkreading.com
Vibe Coding Changed the Development Process
Tenable to Acquire AI Security Startup Apex
CISO Stature Rises, but Security Budgets Remain Tight
ConnectWise Breached, ScreenConnect Customers Targeted
'Everest Group' Extorts Global Orgs via SAP's HR Tool
From Code Red to Rust: Microsoft's Security Journey
NSA, CISA Urge Organizations to Secure Data Used in AI Models
Victoria's Secret Goes Offline After 'Incident' Claims
New Botnet Plants Persistent Backdoors in ASUS Routers
SentinelOne Reports Services Are Back Online After Global Outage
Zscaler's Buyout of Red Canary Shows Telemetry's Value
APT41 Uses Google Calendar Events for C2
googleprojectzero.blogspot.com
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
The Windows Registry Adventure #7: Attack surface analysis
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
The Windows Registry Adventure #6: Kernel-mode objects
Blasting Past Webp
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
The Windows Registry Adventure #5: The regf file format
kratkespravy.sk
Zo sveta IT bezpečnosti, 4/2025
Zo sveta IT bezpečnosti, 3/2025
Zo sveta IT bezpečnosti, 2/2025
Zo sveta IT bezpečnosti, 1/2025
Zo sveta IT bezpečnosti, 12/2024
Zo sveta IT bezpečnosti, 11/2024
Zo sveta IT bezpečnosti, 10/2024
Zo sveta IT bezpečnosti, 9/2024
Oslo: Návod na použitie
Zo sveta IT bezpečnosti, 8/2024
krebsonsecurity.com
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
Pakistan Arrests 21 in ‘Heartsender’ Malware Service
Oops: DanaBot Malware Devs Infected Their Own PCs
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
Breachforums Boss to Pay $700k in Healthcare Breach
Patch Tuesday, May 2025 Edition
Pakistani Firm Shipped Fentanyl Analogs, Scams to US
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
Alleged ‘Scattered Spider’ Member Extradited to U.S.
DOGE Worker’s Code Supports NLRB Whistleblower
linuxsecurity.com
Tails and Tor: A New Alliance for Digital Security
Revive Your Old PC & Fortify Your System with FunOS
Linux Kernel Gains Hardware-Wrapped Encryption Keys
AlmaLinux OS 10 Released as Free & Secure Alternative to RHEL 10
SUSE Linux Micro 5.1: 2025:01762-1 moderate: brotli integer overflow
SUSE Linux Enterprise Micro: 2025:01763-1 low: augeas security fix
SUSE 12 SP5: 2025:01765-1 moderate: Fix for PostgreSQL Encoding Issue
SUSE: 2025:01766-1 moderate: postgresql16 encoding issue
openSUSE Leap 15.6: 2025:01766-1 moderate: postgresql16 security update
SUSE: 2025:01767-1 moderate: postgresql16 security update
nakedsecurity.sophos.com
[kanál neteče]
nukib.cz
Česká vláda provedla veřejnou atribuci kybernetických útoků Číny: APT31 napojená na čínskou zpravodajskou službu dlouhodobě cílila na infrastrukturu M[...]
NÚKIB se zahraničními partnery spolupodepsal dokumenty zaměřené na platformy SIEM a SOAR
Zástupci českého a slovenského Národního koordinačního centra jednali v Brně a podepsali memorandum o spolupráci
Vydali jsme přehled kybernetických incidentů za duben 2025
NÚKIB a české zpravodajské služby spolu s NSA a FBI upozorňují na ruskou kybernetickou kampaň proti subjektům podporujícím Ukrajinu
Upozorňujeme na metodu „harvest now, decrypt later“
Upozornění na možnou zvýšenou aktivitu kyberútočníků v souvislosti s EXPO 2025
Upozorňujeme na zneužívání identit Amazon, Microsoft a státních institucí
Upozornění na zvýšené riziko DDoS útoků během voleb do Evropského parlamentu
Upozornění na kompromitaci routerů Ubiquity Edge OS aktérem sponzorovaným ruským státem
Doporučení v oblasti kryptografických prostředků verze 3.0
Doporučení k používání protokolu TLP ke sdílení chráněných informací
scmagazine.com
[kanál neteče]
security.googleblog.com
[kanál neteče]
securityaffairs.co
US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator
ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor
Victoria’s Secret ‘s website offline following a cyberattack
China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware
New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.
Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry
New PumaBot targets Linux IoT surveillance devices
App Store Security: Apple stops $2B in fraud in 2024 alone, $9B over 5 years
Crooks use a fake antivirus site to spread Venom RAT and a mix of malware
Iranian Man pleaded guilty to role in Robbinhood Ransomware attacks
securityweek.com
Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks
Industry Moves for the week of April 14, 2025 - SecurityWeek
Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers
Kidney Dialysis Services Provider DaVita Hit by Ransomware
Conduent Says Names, Social Security Numbers Stolen in Cyberattack
2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games
Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats
NetRise Raises $10 Million to Grow Software Supply Chain Security Platform
Hertz Discloses Data Breach Linked to Cleo Hack
CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security Officer at Adobe
thehackernews.com
New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data
China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil
From the "Department of No" to a "Culture of Yes": A Healthcare CISO's Journey to Enabling Modern Care
U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud
ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas
Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools
New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers
DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints
Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations
Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin
Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore
therecord.media
Senators call on Trump admin to reinstate cyber review board for Salt Typhoon investigation
US military IT specialist arrested for allegedly trying to leak secrets to foreign government
Meta says it disrupted influence operations linked to China, Iran, Romania
DDoS incident disrupts internet for thousands in Moscow
Australian ransomware victims now must tell the government if they pay up
threatpost.com
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
tripwire.com-state-of-security
Interlock ransomware: what you need to know
NIST’s Responsibilities Under the January 2025 Executive Order
Proposed HIPAA Update Makes Yearly Pen Testing Mandatory
The Unique Cybersecurity Risks in the Manufacturing Sector
What the UK’s New Cyber Resilience Bill Means for Businesses—and How to Stay Ahead
3AM Ransomware Attackers Pose as IT Support to Compromise Networks
Health-ISAC 2025 Report: Ransomware Still Reigns as #1 Threat to Healthcare
Key Takeaways from the IBM X-Force 2025 Threat Intelligence Index
Government Organizations Lose Nearly a Month in Downtime for Every Ransomware Attack
How IoT Security Cameras Are Susceptible to Cyber Attacks