Category: Privacy/Governance Feed

iOS 18.3.2 patches actively exploited WebKit flaw, addressing critical security risks for users – Read More  –  

In a new round of cuts since Donald Trump became president, 100 people working with the US Cybersecurity and Infrastructure Agency saw their contracts terminated – Read More  –  

Surging machine identities, faster threat detection and fewer vulnerabilities are shaping cloud security according to a new report – Read More  –  

Mandiant revealed that Chinese espionage actor UNC3886 has deployed modified versions of the TinyShell backdoor across multiple Juniper OS routers – Read More  –  

Microsoft has fixed seven zero-days this Patch Tuesday, including one not currently being actively exploited – Read More  –  

The UK’s cybersecurity sector added thousands of workers and over £1bn in revenue in 2024 – Read More  –  

Blind Eagle has been running campaigns targeting the Colombian government with malicious .url files and phishing attacks – Read More  –  

New York sues Allstate over data breach, alleging security failures that exposed the driver’s license numbers of nearly 200,000 individuals – Read More  –  

Mimecast found that insider threats, credential misuse and user-driven errors were involved in most security incidents last year – Read More  –  

The US Cybersecurity and Infrastructure Security Agency (CISA) has added five new flaws in Ivanti and VeraCore products to its Known Exploited Vulnerabilities catalog – Read More  –  

More than 14,500 girls from across the UK took part in this year’s CyberFirst Girls competition – Read More  –  

SIM swapping fraud surges in the Middle East as cybercriminals exploit websites mimicking legitimate services to steal personal data – Read More  –  

A new report by Fortinet reveals techniques used by attackers to evade detection and compromise systems – Read More  –  

The Alan Turing institute urged government and academia to address systemic cultural and structural security barriers in UK AI research – Read More  –  

Starting April 2025, Swiss critical infrastructure organizations will have to report cyber-attacks to the country’s authorities within 24 hours of discovery – Read More  –  

Software developer Davis Lu cost his employer hundreds of thousands after deploying malware that caused crashes and failed logins – Read More  –  

Fortra claims the number of unauthorized Cobalt Strike licenses in the wild fell 80% over two years – Read More  –  

Travelers found that ransomware groups are focusing on targeting weak credentials on VPN and gateway accounts for initial access, marking a shift from 2023 – Read More  –  

AI-driven cyberattacks are rapidly escalating, with a vast majority of security professionals reporting encounters and anticipating a surge, while struggling with detection – Read More  –  

Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m – Read More  –  

An arbitrary file upload vulnerability in the Chaty Pro plugin has been identified, affecting 18,000 WordPress sites – Read More  –  

Attackers are actively exploiting an RCE flaw in Windows PHP-CGI implementations to target Japanese firms, deploying Cobalt Strike for persistence – Read More  –  

Layoffs and cutbacks have been cited as major factors in a significant drop in job satisfaction among women working in cybersecurity, according to ISC2 – Read More  –  

Enisa identifies six sectors that it says must improve on NIS2 compliance – Read More  –  

The DoJ has charged Chinese government and i-Soon employees for a series of for-profit data theft campaigns – Read More  –  

Chinese espionage group Silk Typhoon is increasingly exploiting common IT solutions to infiltrate networks and exfiltrate data – Read More  –  

Nonprofits are facing a surge in cyber-attacks as email threats rise 35%, targeting donor data and transactions – Read More  –  

With Android Scam Detection for messages and calls, Google wants to push scam detection further than traditional spam detection – Read More  –  

ISACA identified factors such as heavy workload and long hours as the primary causes of stress, while there has been high turnover of IT professionals in the past two years – Read More  –  

GuidePoint Security has received reports of multiple organizations receiving ransom letters in the mail – Read More  –  

A cyber-espionage campaign targeting UAE aviation and transport has been identified by researchers, using customized lures to deploy Sosano malware – Read More  –  

Private 5G networks face security risks amid AI adoption and a lack of specialized expertise – Read More  –  

Cloud software firm VMware has issued a critical security advisory, detailing three zero-day vulnerabilities being actively exploited in the wild – Read More  –  

Nisos has found six personas leveraging new and existing GitHub accounts to get developer jobs in Japan and the US – Read More  –  

Fastly found that organizations have introduced changes such as increasing CISO participation in strategic decisions in response to growing personal liability risks – Read More  –  

CISA has added five more CVEs into its known exploited vulnerabilities catalog – Read More  –  

Sumsub research finds European iGaming market is losing billions to fraud each year – Read More  –  

Artificial Intelligence (AI) is transforming the digital landscape, powering applications that are smarter, faster, and more intuitive than ever… The post Protecting AI-powered Applications: The Critical Role of Encryption and Data Masking  appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

Phishing attack exploits social engineering techniques alongside Microsoft Teams and remote access software to deploy BackConnect malware – Read More  –  

The US Cybersecurity and Infrastructure Security Agency confirmed it will keep defending against Russian cyber threats to US critical infrastructure – Read More  –  

A new phishing campaign has been identified using Havoc to control infected systems, leveraging SharePoint and Microsoft Graph API – Read More  –  

Telecoms provider Vodafone has developed the new proof of concept with IBM, as it seeks to implement post-quantum cryptography ahead of anticipated quantum-based attacks – Read More  –  

The Information Commissioner’s Office is now investigating how TikTok uses 13–17-year-olds’ personal information – Read More  –  

Threat actors are exploiting a zero-day bug in Paragon Partition Manager’s BioNTdrv.sys driver during ransomware attacks – Read More  –  

The Digital Personal Data Protection (DPDP) Act, 2023, is a landmark legislation aimed at regulating the processing of digital… The post DPDP Act Compliance Checklist for Businesses appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

Data from Resilience found that third-party attacks made up 23% of material cyber insurance claims in 2024, with ransomware attacks targeting vendors a major driver – Read More  –  

In February 2025, Sophos completed the Secureworks deal and SolarWinds went private – Read More  –  

Four in ten flaws exploited by threat actors in 2024 were from 2020 or earlier, with some dating back to the 1990s, according to a GreyNoise report – Read More  –