🖋️ ⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. Theyre going after the everyday tools we trust most firewalls, browser addons, and even smart TVs turning small cracks into serious breaches. The real danger now isnt just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ How to Browse the Web More Sustainably With a Green Browser 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
As the internet becomes an essential part of daily life, its environmental footprint continues to grow. Data centers, constant connectivity, and resourceheavy browsing habits all contribute to energy consumption and digital waste. While individual users may not see this impact directly, the collective effect of everyday browsing is significant. Choosing a browser designed with.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan. "Previously, users received 'pure' Trojan APKs that acted as malware immediately upon installation," GroupIB said in an analysis published last week. "Now, adversaries increasingly deploy.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
❤2
📔 Monitoring Tool Nezha Abused For Stealthy Post-Exploitation Access 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Opensource server monitoring tool, Nezha, is being exploited by attackers for remote system control.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
Monitoring Tool Nezha Abused For Stealthy Post-Exploitation Access
Open-source server monitoring tool, Nezha, is being exploited by attackers for remote system control
📔 UK: NHS Supplier Confirms Cyber-Attack, Operations Unaffected 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
DXS International, an official partner of NHS England, said the breach has not affected its operations.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
UK: NHS Supplier Confirms Cyber-Attack, Operations Unaffected
DXS International, an official partner of NHS England, said the breach has not affected its operations
📔 Nefilim Ransomware Affiliate Pleads Guilty 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
A Ukrainian man has pleaded guilty to charges connecting him to Nefilim ransomware attacks.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
Nefilim Ransomware Affiliate Pleads Guilty
A Ukrainian man has pleaded guilty to charges connecting him to Nefilim ransomware attacks
📔 Scripted Sparrow Sends Millions of BEC Emails Each Month 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Fortra has uncovered a prolific BEC group dubbed Scripted Sparrow spanning three continents and at least five countries.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
Scripted Sparrow Sends Millions of BEC Emails Each Month
Fortra has uncovered a prolific BEC group dubbed “Scripted Sparrow” spanning three continents and at least five countries
📔 86% Surge in Fake Delivery Websites Hits Shoppers During Holiday Rush 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
NordVPN has warned that malicious postal service websites have surged by 86 over the past month, targeting holiday delivery tracking.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
86% Surge in Fake Delivery Websites Hits Shoppers During Holiday Rush
NordVPN has warned that malicious postal service websites have surged by 86% over the past month, targeting holiday delivery tracking
📢 How to MFA everywhere 📢
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
Identity online is not who you are it is what the system accepts as proof of you, and that gap is exactly what the attackers take advantage of.📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
ITPro
How to MFA everywhere
Identity online is not who you are; it is what the system accepts as proof of you, and that gap is exactly what the attackers take advantage of
❤1
📢 Amazon says Russian-backed threat groups were responsible for five-year-long attacks on edge devices – and it shows a ‘clear evolution in tactics’ 📢
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
Russianbacked hacker groups are exploiting misconfigured edge devices now preferring that tactic over hunting down traditional vulnerabilities to gain access to company networks.📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
IT Pro
Amazon says Russian-backed threat groups were responsible for five-year-long attacks on edge devices – and it shows a ‘clear evolution…
Amazon Threat Intelligence says state-backed actors are focusing on misconfigured devices, with a decline in vulnerability exploitation
🖋️ U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
The U.S. Justice Department DoJ on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of bank account takeover fraud. The domain in question, web3adspanels.org, was used as a backend web panel to host and manipulate illegally harvested bank login credentials. Users to the website are.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE202568613, carries a CVSS score of 9.9 out of a maximum of 10.0. The package has about 57,000 weekly downloads, according to statistics on npm. "Under certain.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
The U.S. Federal Communications Commission FCC on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns. To that end, the agency has added to its Covered List Uncrewed aircraft systems UAS and UAS critical components produced in a foreign country, and all communications and video surveillance equipment and services pursuant.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🚀 Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component 🚀
📖 Read more.
🔗 Via "ESET - WeLiveSecurity"
----------
👁️ Seen on @cibsecurity
A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation.📖 Read more.
🔗 Via "ESET - WeLiveSecurity"
----------
👁️ Seen on @cibsecurity
Welivesecurity
Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component
ESET researchers provide a comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation.
📔 Nissan: Thousands Impacted By Red Hat Breach 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Nissan has revealed that over 20,000 customers have had personal information compromised in a thirdparty data breach.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
Nissan: Thousands Impacted By Red Hat Breach
Nissan has revealed that over 20,000 customers have had personal information compromised in a third-party data breach
📔 Hundreds of Arrests as Operation Sentinel Recovers $3m 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Operational Sentinel helps to crack down on cybercrime across 19 African countries in a monthlong campaign.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
Hundreds of Arrests as Operation Sentinel Recovers $3m
Operational Sentinel helps to crack down on cybercrime across 19 African countries in a month-long campaign
🖋️ INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
A law enforcement operation coordinated by INTERPOL has led to the recovery of 3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa. The coordinated effort, named Operation Sentinel, took place between October 27 and November 27, 2025, and mainly focused on business email compromise BEC, digital extortion, and.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Passwd: A walkthrough of the Google Workspace Password Manager 🖋️
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and businessfocused secure credential storage, controlled sharing, and seamless Workspace integration. The platform emphasizes practicality over feature overload, aiming to provide a reliable system for teams that already rely.📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
❤1
🦅 The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge 🦅
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
Cyble Vulnerability Intelligence researchers tracked 2,415 vulnerabilities in the last week, a significant increase over even last weeks very high number of new vulnerabilities. The increase signals a heightened risk landscape and expanding attack surface in the current threat environment. Over 300 of the disclosed vulnerabilities already have a publicly available ProofofConcept PoC, significantly increasing the likelihood of realworld attacks. A total of 219 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 47 received a critical severity rating based on the newer CVSS v4.0 scoring system. Even after factoring out a high number of Linux kernel and Adobe vulnerabilities chart below, new vulnerabilities reported in the last week were still very ...📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
Cyble
IT Vulnerabilities Surge As ICS Flaws Push Weekly Record
IT vulnerabilities and ICS flaws surged past 2,000 in one week, with critical bugs, PoCs, and dark web activity raising risk for enterprises.
📔 Top Ransomware Trends of 2025 📔
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity has selected some of the key ransomware statistics for 2025.📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
Infosecurity Magazine
Top Ransomware Trends of 2025
Infosecurity has selected some of the key ransomware statistics for 2025
🦿 SEC Targets Crypto Platforms in Social Media Scam Crackdown 🦿
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
The Securities and Exchange Commission launched an enforcement wave targeting three purported cryptocurrency trading platforms and four investment clubs. The post SEC Targets Crypto Platforms in Social Media Scam Crackdown appeared first on TechRepublic.📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
TechRepublic
SEC Targets Crypto Platforms in Social Media Scam Crackdown
The Securities and Exchange Commission launched an enforcement wave targeting three purported cryptocurrency trading platforms and four investment clubs.
❤1