Category: Privacy/Governance Feed

FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices – Read More  –  

The National Cyber Security Centre has shared an update of its resilience-building efforts for the NHS – Read More  –  

Coordinated action by FBI, Europol and others seizes infrastructure, makes arrests – and sends warning letters to known DDoS service users – Read More  –  

AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds – Read More  –  

APK malformation tactic now appears in over 3000 Android malware samples evading static analysis – Read More  –  

US authorities jail two Americans for aiding North Korean laptop farm scams that infiltrated over 100 firms – Read More  –  

Tennessee’s CRMC notifies over 337,000 patients of Rhysida ransomware breach exposing sensitive data – Read More  –  

NIST’s National Vulnerability Database will now prioritize enriching new and exploited flaws to address the record growth of reported CVEs – Read More  –  

Ox Security claims as many as 200,000 servers are exposed by newly discovered MCP vulnerability – Read More  –  

Halcyon says ransomware now accounts for more than two-fifths of cyber-attacks targeting carmakers – Read More  –  

Triad Nexus scales $200m scams, uses infrastructure laundering, localized fraud and US-access blocks – Read More  –  

OpenAI’s new frontier model focused on cybersecurity comes following Anthropic’s launch of Claude Mythos Preview and Project Glasswing – Read More  –  

108 malicious Chrome extensions steal sessions, Google data, inject ads via single C2 infrastructure – Read More  –  

Huntress uncovers adware deploying AV-killing payloads via signed updates across 23,000 endpoints – Read More  –  

The EU cybersecurity agency looks to become the third Top-Level Root CVE Numbering Authority, alongside CISA and MITRE – Read More  –  

Critical nginx-ui MCP authentication bypass CVE-2026-33032 actively exploited with CVSS 9.8 – Read More  –  

Barracuda says 88% of brute-force attempts in Q1 were from the region – Read More  –  

At VulnCon, Lindsey Cerkovnik, head of vulnerability management at CISA, said AI companies should play a bigger role in vulnerability disclosures in the future – Read More  –  

The PCI DSS 4.0 embodies a paradigm shift on payment data security- that of compliance checklists to on-going, risk-based… The post PCI DSS 4.0 roadmap for DPOs using vault appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

A new IANS report claims just 34% of cybersecurity professionals plan to stay put in the next 12 months – Read More  –  

The AISI has issued its judgement on Anthropic’s Mythos Preview model – Read More  –  

The healthcare industry is facing a new age of cybersecurity threat, one that is not predetermined by the current… The post Quantum Threats to PHI: Why Vault Now? appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

Security researchers warn of Mirax, an emerging Android banking trojan using MaaS, remote access and residential proxies to target European users – Read More  –  

Attackers are abusing Microsoft 365 mailbox rules to hide activity, exfiltrate data and retain access after account compromise, researchers warn – Read More  –  

The W3LL phishing kit has been associated with fraud attempts totaling $20m – Read More  –  

UK, US and Canadian authorities have identified over 20,000 victims of approval phishing scams that trick users into handing over full crypto wallet access – Read More  –  

Bitcoin Depot has disclosed a cyber-attack that led to the theft of more than 50 Bitcoin, worth $3.66m, after hackers accessed its internal systems – Read More  –  

STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods – Read More  –  

A spear-phishing campaign which spread across the Middle East between 2023 and 2024 has now been linked to Bitter APT group – Read More  –  

macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead – Read More  –  

GPUBreach uses GPU Rowhammer on GDDR6 to flip bits, corrupt page tables and escalate to system root – Read More  –  

Google’s threat intel team warns UNC6783, a new extortion group possibly linked to the “Raccoon” persona, is targeting BPOs and enterprises – Read More  –  

Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately – Read More  –  

Google API key flaw exposes mobile apps to Gemini AI access, private files and billing risks – Read More  –  

Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software – Read More  –  

Anthropic’s Claude AI has helped researchers find a vulnerability in Apache ActiveMQ Classic – Read More  –  

The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network – Read More  –  

CISA has revealed Iranian attacks causing disruption and financial loss at US critical infrastructure firms – Read More  –  

Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers – Read More  –  

GrafanaGhost chains AI prompt injection and URL flaws to exfiltrate sensitive Grafana data – Read More  –  

Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI – Read More  –  

Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware – Read More  –  

Artificial Intelligence (AI) is as reliable as the data that it ingests. With enterprises broadening their use of AI… The post Building secure AI data pipelines with CryptoBind appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

Fortinet has updated its FortiClient EMS product after zero-day attacks surfaced – Read More  –  

A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom – Read More  –