The strength of the ICS COI is the team – NCSC Feed
Join the Industrial Control System Community of Interest (ICS COI), and help build CNI expertise across the UK. – Read More – NCSC Feed
AttackFeed Cybersecurity News
WordPress Plugin Vulnerability Exposes 90,000 Sites to Attack –
A flaw in the Jupiter X Core plugin has been identified, allowing upload of malicious SVG files and remote code execution on vulnerable servers – Read More –
INE Security’s Cybersecurity and IT Training Enhances Career Stability in Tech – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Cary, North Carolina, 19th February 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Finastra Notifies Customers of Data Breach –
Finastra notifies customers of data breach that took place more than three months ago, impacting sensitive financial information – Read More –
The cyber threat to Universities – NCSC Feed
Assessing the cyber security threat to UK Universities – Read More – NCSC Feed
Organisational use of Enterprise Connected Devices – NCSC Feed
Assessing the cyber security threat to UK organisations using Enterprise Connected Devices. – Read More – NCSC Feed
An RFC on IoCs – playing our part in international standards – NCSC Feed
The NCSC has published a new RFC on Indicators of Compromise to support cyber security in protocol design – and hopes to encourage more cyber defenders to engage with international standards. – Read More – NCSC Feed
What exactly should we be logging? – NCSC Feed
A structured look at what data to collect for security purposes and when to collect it. – Read More – NCSC Feed
Firmware updates on Linux, and using data to influence procurement decisions – NCSC Feed
Focused on automating UEFI firmware updates on Windows devices. – Read More – NCSC Feed
Erasing data from donated devices – NCSC Feed
How charities can erase personal data from donated laptops, phones and tablets, before passing them on. – Read More – NCSC Feed
Drawing good architecture diagrams – NCSC Feed
Some tips on good diagram drafting and pitfalls to avoid when trying to understand a system in order to secure it. – Read More – NCSC Feed
Studies in secure system design – NCSC Feed
Worked examples for Operational Technology and Virtualised systems, using the NCSC’s secure design principles – Read More – NCSC Feed
Australian IVF Clinic Suffers Data Breach Following Cyber Incident –
Australia-based Genea said it is investigating the cyber incident to determine whether any personal data was accessed by an unauthorized third party – Read More –
Pattern: Safely Importing Data – NCSC Feed
An architecture pattern for safely importing data into a system from an external source. – Read More – NCSC Feed
Asset management – NCSC Feed
Implementing asset management for good cyber security. – Read More – NCSC Feed
New ‘Connected Places’ infographic published – NCSC Feed
A new visual guide to the cyber security principles that are essential when developing and managing ‘smart cities’. – Read More – NCSC Feed
Effective steps to cyber exercise creation – NCSC Feed
The following tips can help organisations create their own cyber incident response exercises. – Read More – NCSC Feed
GDPR security outcomes – NCSC Feed
This guidance describes a set of technical security outcomes that are considered to represent appropriate measures under the GDPR. – Read More – NCSC Feed
Building and operating a secure online service – NCSC Feed
Guidance for organisations that use, own, or operate an online service who are looking to start securing it. – Read More – NCSC Feed
10 Best LMS SaaS Platforms for Scalable Online Learning – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
The education sector is changing quickly as it adopts digital tools for better learning experiences. These days, learning… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
How Blockchain Games Ensure Transparency and Fairness – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
The advancement of technology has also impacted sectors like gaming. Blockchain technology has surfaced as an asset that… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Spies Eye AUKUS Nuclear Submarine Secrets, Australia’s Intelligence Chief Warns –
The head of the Australian Security Intelligence Organisation gave his Annual Threat Assessment for the year ahead – Read More –
Design Pattern: Safely Exporting Data – NCSC Feed
How to implement a secure end-to-end data export solution – Read More – NCSC Feed
Design Pattern: Safely Exporting Data – NCSC Feed
How to implement a secure end-to-end data export solution – Read More – NCSC Feed
Zero trust: building a mixed estate – NCSC Feed
Two ways organisations can enable access and maintain the security benefits of zero trust even when parts of the infrastructure can’t implement the zero trust principles. – Read More – NCSC Feed
Transaction Monitoring for online services – NCSC Feed
This guidance is aimed at service owners and security specialists involved in the provision of online services. – Read More – NCSC Feed
Early Years practitioners: using cyber security to protect your settings – NCSC Feed
How to protect sensitive information about your setting and the children in your care from accidental damage and online criminals. – Read More – NCSC Feed
Macro Security for Microsoft Office – NCSC Feed
Why macros are a threat, and the approaches you can take to protect your systems. – Read More – NCSC Feed
Reducing data exfiltration by malicious insiders – NCSC Feed
Advice and recommendations for mitigating this type of insider behaviour. – Read More – NCSC Feed
MIKEY-SAKKE frequently asked questions – NCSC Feed
A brief guide to MIKEY-SAKKE, a protocol that allows organisations to provide secure communications with end-to-end encryption. – Read More – NCSC Feed
Reducing data exfiltration by malicious insiders – NCSC Feed
Advice and recommendations for mitigating this type of insider behaviour. – Read More – NCSC Feed
New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection – The Hacker News
A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year. “Typically delivered through phishing emails containing malicious attachments or links, ...
Edge device vulnerabilities fueled attack sprees in 2024 – CyberScoop
Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday. Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo Alto Networks. Cybersecurity vendors shipped...
The Ultimate MSP Guide to Structuring and Selling vCISO Services – The Hacker News
The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services—delivering high-level cybersecurity leadership without the cost of a full-time hire. However, transitioning to vCISO services is not without its challenges – Read More – The Hacker News
Xerox Versalink Printers Vulnerabilities Could Let Hackers Steal Credentials – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Xerox Versalink printers are vulnerable to pass-back attacks. Rapid7 discovers LDAP & SMB flaws (CVE-2024-12510 & CVE-2024-12511). Update… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Cyber Investor Insight Partners Suffers Security Breach –
Venture capital firm Insight Partners, which counts Recorded Future, SentinelOne and Wiz in its portfolio, confirmed an intrusion into its systems via a social engineering attack – Read More –
Java security: If you ain’t cheatin,’ you ain’t tryin’ – CyberScoop
Most industries have rules of engagement. In sports, there are referees. In business, there are regulations. In government, there are Robert’s Rules of Order. Cybersecurity is different. There are regulations, but they don’t limit how much we can defend ourselves. They focus on compliance, breach reporting, and risk management, not on dictating the strategies we use to stop attackers. Meanwhile,...
Russian State Hackers Target Signal to Spy on Ukrainians –
Google has warned that Russian state-backed hackers are targeting Signal to eavesdrop on persons of interest in Ukraine – Read More –
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack – The Hacker News
Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts. The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month. Targets of the campaign include individuals and ...
Hundreds of US Military and Defense Credentials Compromised –
Hudson Rock has found evidence that infostealers have compromised hundreds of US military and defense contractor credentials – Read More –
CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List – The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The flaws are listed below – CVE-2025-0108 (CVSS score: 7.8) – An authentication bypass vulnerability in the Palo Alto Networks PAN-OS – Read More ...
$10 Infostealers Are Breaching Critical US Security: Military and Even the FBI Hit – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
A new report reveals how cheap Infostealer malware is exposing US military and defense data, putting national security at risk. Hackers exploit human error to gain access. – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Two critical OpenSSH vulnerabilities discovered! Qualys TRU finds client and server flaws (CVE-2025-26465 & CVE-2025-26466) enabling MITM and… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
CISA Adds Two Known Exploited Vulnerabilities to Catalog – All CISA Advisories
CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of...
How Phished Data Turns into Apple & Google Wallets – Krebs on Security
Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry,...
New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now – The Hacker News
Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below – CVE-2025-26465 – The OpenSSH client – Read More – The Hacker News
Siemens SCALANCE W700 – All CISA Advisories
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE...
CISA Releases Two Industrial Control Systems Advisories – All CISA Advisories
CISA released two Industrial Control Systems (ICS) advisories on February 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-191-01 Delta Electronics CNCSoft-G2 (Update A) ICSA-25-035-02 Rockwell Automation GuardLogix 5380 and 5580 (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. – Read More –...
Snake Keylogger Variant Hits Windows, Steals Data via Telegram Bots – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
The New Snake Keylogger variant targets Windows users via phishing emails, using AutoIt for stealth. Learn how it… – Read More – Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News
OpenSSH Flaws Expose Systems to Critical Attacks –
Significant OpenSSH flaws are exposing systems to man-in-the-middle and denial-of service attacks – Read More –
