Author: Greg Otto

President Donald Trump signed an executive order Friday that the White House says promotes developing secure software, adopting the latest encryption protocols, securing internet routing and rolling back parts of two executive orders from the Biden and Obama administrations. “Cybersecurity is too important to be reduced to a mere political football,” a fact sheet on … Read More “Trump cyber executive order takes aim at prior orders, secure software, more  – CyberScoop” »

President Donald Trump signed an executive order Friday that the White House says promotes developing secure software, adopting the latest encryption protocols, securing internet routing and rolling back parts of two executive orders from the Biden and Obama administrations. “Cybersecurity is too important to be reduced to a mere political football,” a fact sheet on … Read More “Trump cyber executive order takes aim at prior orders, secure software, more  – CyberScoop” »

Popular Chrome extensions exposed user data by sending it over unencrypted HTTP, raising privacy concerns. Symantec urges caution for users.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems. The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum. “macOS users are … Read More “New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users  – The Hacker News” »

Over Easter, retail giant Marks & Spencer (M&S) discovered that it had suffered a highly damaging ransomware attack that left some shop shelves empty, shut down online ordering, some staff unable to clock in and out, and caused some of its major suppliers to resort to pen and paper. In a gloating abuse-filled email to … Read More “Marks & Spencer’s ransomware nightmare – more details emerge  – Graham Cluley” »

iVerify’s NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU high-value individuals…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

India’s Central Bureau of Investigation (CBI) has revealed that it has arrested four individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens. The law enforcement agency said it conducted coordinated searches at 19 locations across Delhi, Haryana, and Uttar Pradesh on … Read More “Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam  – The Hacker News” »

When generative AI tools became widely available in late 2022, it wasn’t just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it—file sharing, cloud storage and collaboration platforms—AI landed in  – … Read More “Empower Users and Protect Against GenAI Data Loss  – The Hacker News” »

How would you like to earn yourself millions of dollars? Well, it may just be possible – if you have information which could help expose the identities of cybercriminals involved with the notorious RedLine information-stealing malware. Read more in my article on the Tripwire State of Security blog.  – Read More  – Graham Cluley 

Cybersecurity involves both playing the good guy and the bad guy. Diving deep into advanced technologies and yet also going rogue in the Dark Web. Defining technical policies and also profiling attacker behavior. Security teams cannot be focused on just ticking boxes, they need to inhabit the attacker’s mindset. This is where AEV comes in. … Read More “Inside the Mind of the Adversary: Why More Security Leaders Are Selecting AEV  – The Hacker News” »

A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. “The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy … Read More “New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack  – The Hacker News” »

Federal authorities on Thursday said they seized $7.74 million from North Korean nationals as they attempted to launder cryptocurrency obtained by IT workers who gained illegal employment and funneled the wages to the North Korean regime. The allegedly illegally obtained funds were linked to Sim Hyon Sop, a representative of North Korean Foreign Trade Bank, … Read More “DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme  – CyberScoop” »

A massive data leak has put the personal information of over 3.6 million app creators, influencers, and entrepreneurs…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Sean Cairncross laid out his vision to senators Thursday for the Office of the National Cyber Director if he is confirmed to lead it. “A goal of mine is to make sure this office sits at the place that this committee and I believe Congress intended in the statute, and that is to lead cyber … Read More “Sean Cairncross has policy coordination in mind if confirmed as national cyber director  – CyberScoop” »

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. “Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response  … Read More “Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials  – The Hacker News” »

Cybersecurity experts warn of widespread data exposure as a recent investigation reveals a staggering number of internet cookies…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The threat actor known as Bitter has been assessed to be a state-backed hacking group that’s tasked with gathering intelligence that aligns with the interests of the Indian government. That’s according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis. “Their diverse toolset shows consistent coding patterns across malware families, … Read More “Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands  – The Hacker News” »

Security technology company Cellebrite has announced plans to acquire Florida-based mobile testing startup Corellium for $170 million in cash, with an additional $20 million converted to equity at closing and the potential for $30 million more based on performance milestones. The Israel-headquartered Cellebrite, known for its forensic equipment that unlocks smartphones, said the acquisition would … Read More “Cellebrite to acquire mobile testing firm Corellium in $200 million deal  – CyberScoop” »

The chairman of the House Homeland Security subcommittee on cybersecurity is apprehensive about the Department of Homeland Security’s plans to end a program that vets mobile apps for federal agencies. Rep. Andrew Garbarino, R-N.Y., sent a letter to DHS Secretary Kristi Noem on Thursday saying that especially in light of the massive Salt Typhoon telecommunications … Read More “Rep. Garbarino: Ending CISA mobile app security program for feds sends ‘wrong signal’  – CyberScoop” »

Cofense Intelligence uncovers a surge in ClickFix email scams impersonating Booking.com, delivering RATs and info-stealers. Learn how these…  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to a threat group ESET tracks as BladedFeline, which is assessed with medium confidence to be a sub-cluster within OilRig, a known Iranian nation-state cyber actor. It’s said … Read More “Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware  – The Hacker News” »

Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts – but executives want to understand risk in terms of financial exposure, operational … Read More “Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation  – The Hacker News” »

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet and dark web domains associated with an illicit carding marketplace called BidenCash. “The operators of the BidenCash marketplace use the platform to simplify the process of buying and selling stolen credit cards and associated personal information,” the … Read More “DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown  – The Hacker News” »

Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems. The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static … Read More “Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI  – The Hacker News” »

University spokesperson says Genevieve Bell’s account had ‘liked’ posts she had never seen before about Julie Bishop and Gaza Get our breaking news email, free app or daily news podcast The Australian National University (ANU) has contacted authorities about a possible hacking incident after its vice-chancellor’s account liked a number of “highly offensive” LinkedIn posts … Read More “ANU investigates possible hack after vice-chancellor’s account liked ‘highly offensive’ LinkedIn posts  – Data and computer security | The Guardian” »

After three years of peddling stolen data, BidenCash, one of the web’s most brazen cybercrime hubs is offline, and authorities say they’re just getting started.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Federal authorities on Wednesday announced the seizure of about 145 domains and cryptocurrency funds linked to BidenCash, a cybercrime marketplace for stolen credit cards, compromised credentials and other personal information.  BidenCash was used by more than 117,000 customers, resulting in the trafficking of more than 15 million credit card numbers and personally identifiable information, the … Read More “Feds seize 145 domains associated with BidenCash cybercrime platform  – CyberScoop” »

Software powers the world, and soon, the bulk of the work making it may be done by machines. As generative AI tools have gotten more proficient at coding, their use in software development has exploded. Proponents say the tools have made it dramatically easier for individual entrepreneurs or companies to create the kind of slick, … Read More “Vibe coding is here to stay. Can it ever be secure?   – CyberScoop” »

Hackers leak data of 88 million AT&T customers with decrypted SSNs; latest breach raises questions about links to earlier Snowflake-related attack.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A financially motivated threat group posing as IT support has intruded the systems of about 20 organizations by duping employees into installing a malicious, illegitimate version of Salesforce’s Data Loader and granting broader access to cloud-based environments, Google Threat Intelligence Group said in a threat report released Wednesday. The attacks, which Google attributes to UNC6040, … Read More “Salesforce customers duped by series of social-engineering attacks  – CyberScoop” »