Tag: cyber
-
OysterLoader Evasion Tactics Exposed: Advanced Obfuscation and Rhysida Ransomware Ties Uncovered
OysterLoader, also tracked as Broomstick and CleanUp, is a multi”‘stage loader malware written in C++ and actively leveraged in campaigns linked to the Rhysida ransomware group. First highlighted in mid”‘2024 during malvertising and SEO”‘poisoning campaigns abusing trojanized installers for popular IT tools such as PuTTY, WinSCP, and Google Authenticator, OysterLoader masquerades as legitimate software download…
-
CISA Issues Urgent Warning on Microsoft Configuration Manager SQL Injection Vulnerability Under Active Exploitation
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, risk, sql, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SQL injection vulnerability in Microsoft Configuration Manager to its Known Exploited Vulnerabilities (KEV) catalogue. The threat actors are actively exploiting the flaw in the wild. The addition signals immediate risk to organisations using the enterprise management platform. SQL Injection Enables Command Execution Tracked as…
-
Bis 2028 wird fehlkonfigurierte KI die kritische Infrastruktur eines G20-Staates lahmlegen
Ein sicherer Übersteuerungsmechanismus in KI-Systemen, die nationale kritische Infrastrukturen unterstützen, ist unerlässlich, um die letztendliche Kontrolle durch den Menschen sicherzustellen. Gartner, Inc., ein Unternehmen für Geschäfts- und Technologieanalysen, prognostiziert, dass bis 2028 eine fehlkonfigurierte KI in cyber-physischen Systemen (CPS) die kritische Infrastruktur eines G20-Landes zum Erliegen bringen wird. Gartner definiert cyber-physische Systeme (CPS)… First seen…
-
5 key trends reshaping the SIEM market
Tags: ai, api, attack, automation, business, cloud, compliance, crowdstrike, cyber, cybersecurity, data, detection, edr, google, guide, Hardware, ibm, identity, incident response, intelligence, jobs, monitoring, msp, network, nis-2, saas, service, siem, soar, startup, technology, threat, tool, vulnerability, vulnerability-managementMarket split as midrange sales offset SME slump: A year on, Context’s data shows that this ongoing convergence of SIEM with security tools such as XDR and SOAR has triggered a structural split in the market.”Large midmarket firms are doubling down on unified platforms for compliance, while smaller organizations are investing less in SIEM entirely…
-
next-mdx-remote Vulnerability Allows Arbitrary Code Execution in React SSR
A security vulnerability has been discovered in next-mdx-remote, a popular TypeScript library used for rendering MDX content in React applications. The flaw, tracked as CVE-2026-0969 and identified by researchers at Sejong University, enables attackers to execute arbitrary code on servers when untrusted MDX content is processed. The vulnerability affects the serialize function in next-mdx-remote versions…
-
Cyber risk is becoming a hold-period problem for private equity firms
Private equity firms have spent years treating cybersecurity as an IT hygiene issue inside portfolio companies. That approach is getting harder to sustain as ransomware, data … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/13/private-equity-cyber-risk-problem/
-
New ClickFix Attack Wave Targets Windows Systems to Deploy StealC Stealer
A new wave of ClickFix attacks is targeting Windows users with fake Cloudflare-style CAPTCHA verification pages that trick victims into executing malicious PowerShell commands. This campaign delivers a multi-stage, fileless infection chain that ends with StealC, a powerful information stealer capable of harvesting credentials, cryptocurrency wallets, gaming accounts, emails, and detailed system fingerprints. The operation…
-
BeyondTrust RCE Vulnerability Under Active Exploitation Urgent Patch Released
BeyondTrust has urgently released security updates to address a critical remote code execution (RCE) vulnerability affecting its widely used Remote Support (RS) and Privileged Remote Access (PRA) products. Designated as CVE-2026-1731, this severe flaw carries a near-maximum CVSS v4 score of 9.9. The vulnerability creates a dangerous opening for unauthenticated remote attackers to execute arbitrary…
-
BADIIS Malware Targets Over 1,800 Windows Servers in Massive SEO Poisoning Attack
Over 1,800 Windows IIS servers worldwide have been compromised in a large-scale search engine optimization (SEO) poisoning campaign driven by the BADIIS malware, a malicious IIS module used to hijack legitimate web traffic. The operation, tracked by Elastic Security Labs as REF4033, is attributed to a Chinese-speaking cybercrime group that monetizes these compromised servers by…
-
Zimbra Issues Security Update to Address XSS, XXE, and LDAP Injection Flaws
Zimbra has officially released a critical security update, version 10.1.16, addressing multiple high-severity vulnerabilities that could compromise email infrastructure and user data. The company has classified this patch with a >>High<< security severity rating, urging administrators to prioritize the upgrade to mitigate risks associated with web-based attacks. The update primarily focuses on closing gaps related…
-
Why identity recovery is now central to cyber resilience
Tags: access, ai, authentication, backup, business, cloud, compliance, cyber, data, email, identity, infrastructure, least-privilege, radius, ransomware, resilience, risk, service, strategyIdentity resilience: Implement immutable backups and automated recovery for identity systems such as Active Directory.Zero-trust architecture: Apply least-privilege access and continuous authentication to reduce the blast radius of an attack.Automated orchestration: Limit manual steps in recovery workflows so teams can respond faster under pressure.Regulatory readiness: Make audit-ready reporting and compliance validation part of resilience planning, not an afterthought.AI-ready protection: Account…
-
Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle
The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology. First seen on cyberscoop.com Jump to article: cyberscoop.com/state-hackers-using-gemini-google-ai/
-
Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle
The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology. First seen on cyberscoop.com Jump to article: cyberscoop.com/state-hackers-using-gemini-google-ai/
-
Advanced Threat Detection Proactive Cyber Defense Capabilities
In today’s rapidly evolving threat landscape, organizations must maintain continuous visibility, strong detection mechanisms, and rapid response capabilities to defend against increasingly sophisticated cyber adversaries. Our Security Operations framework demonstrates proven effectiveness in identifying, analyzing, and mitigating high-risk network threats in real time. Below are two recent case studies that highlight our proactive detection, investigative…
-
Neue Warn-App für Cybervorfälle gestartet
Die neue CYROS-App verknüpft Sicherheitswarnungen von Behörden und Fachquellen, um über Cybersicherheitsvorfälle zu informieren.Ransomware-Attacken, Phishing und digitale Sabotage: Vor dem Hintergrund der zunehmenden Cyberbedrohungslage hat das Frankfurter Cyberintelligence Institute (CII) ein digitales Warnsystem namens Cyber Risk”¯Observation”¯Service (CYROS) für Smartphones entwickelt.Die CYROS-App bündelt alle sicherheitsrelevanten Informationen aus behördlichen Warnmeldungen. Zu den Quellen zählen unter anderem das…
-
Hacker linked to Epstein removed from Black Hat cyber conference website
Emails published by the Justice Department revealed cybersecurity veteran Vincenzo Iozzo emailed, and arranged to meet, Jeffrey Epstein multiple times between 2014 and 2018. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/12/hacker-linked-to-epstein-removed-from-black-hat-cyber-conference-website/
-
Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support
Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction…
-
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks.The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability could…
-
Constella Intelligence Unveils 2026 Identity Breach Report: The Industrialization of Identity
New research reveals a 1-trillion-attribute threat landscape driven by machine speed and scale, and high-density credential consolidation. LOS ALTOS, CA, February 12, 2026 “, Constella, the leader in Identity Risk Intelligence, today announced the release of its flagship 2026 Identity Breach Report. The report details a fundamental shift in the cyber threat landscape, moving from the… First…
-
A hard truth in Munich: Cyber defense runs through Silicon Valley
The next arena of political conflict won’t be defined by borders or territory. It will be written in code. And much of that code isn’t controlled by governments at all, it belongs to American companies. First seen on therecord.media Jump to article: therecord.media/munich-silicon-valley-cyber-defense
-
A hard truth in Munich: Cyber defense runs through Silicon Valley
The next arena of political conflict won’t be defined by borders or territory. It will be written in code. And much of that code isn’t controlled by governments at all, it belongs to American companies. First seen on therecord.media Jump to article: therecord.media/munich-silicon-valley-cyber-defense
-
CISA to host industry feedback sessions on cyber incident reporting regulation
One industry official told CyberScoop the town halls are probably not what CIRCIA needs right now. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-circia-town-halls-cyber-incident-reporting-rule/
-
US wants cyber partnerships to send ‘coordinated, strategic message’ to adversaries
National Cyber Director Sean Cairncross told attendees of the Munich Cyber Security Conference that Washington is looking to deepen cooperation with partners rather than act alone. First seen on therecord.media Jump to article: therecord.media/us-wants-cyber-partnerships-to-send-message-to-adversaries
-
Check Point setzt beim Schutz von KI-Transformationen auf neuen Vier-Säulen-Ansatz
Künstliche Intelligenz verändert nicht nur rapide die Unternehmensabläufe, von Tools zur Steigerung der Mitarbeiterproduktivität bis hin zu autonomen Systemen, sondern auch die Landschaft der Cyber-Bedrohungen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-setzt-beim-schutz-von-ki-transformationen-auf-neuen-vier-saeulen-ansatz/a43712/
-
Gartner® Names Tenable as the Current Company to Beat for AI-Powered Exposure Assessment in a 2025 Report
Tags: access, ai, api, attack, automation, business, cloud, container, cyber, cybersecurity, data, exploit, finance, flaw, gartner, governance, identity, intelligence, iot, leak, network, risk, service, technology, threat, tool, update, vulnerability“Tenable’s asset and attack surface coverage, its application of AI and its reputation for vulnerability assessment makes it the front-runner in AI-powered exposure assessment,” Gartner writes in “AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Assessment.” Key Takeaways from Tenable: This is the latest among a recent string of recognitions Tenable…
-
Check Point setzt beim Schutz von KI-Transformationen auf neuen Vier-Säulen-Ansatz
Künstliche Intelligenz verändert nicht nur rapide die Unternehmensabläufe, von Tools zur Steigerung der Mitarbeiterproduktivität bis hin zu autonomen Systemen, sondern auch die Landschaft der Cyber-Bedrohungen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-setzt-beim-schutz-von-ki-transformationen-auf-neuen-vier-saeulen-ansatz/a43712/
-
ORB Networks Leverages Compromised IoT Devices and SOHO Routers to Mask Cyberattacks
Operational Relay Box (ORB) networks are covert, mesh-based infrastructures used by advanced threat actors to hide the true origin of their cyberattacks. Built from compromised Internet-of-Things (IoT) devices, Small Office/Home Office (SOHO) routers, and rented Virtual Private Servers (VPS), these networks act like private residential proxy systems that blend malicious traffic with legitimate user activity.…
-
287 Malicious Chrome Extensions Steal Browsing Data from 37.4 Million Users
A new security investigation has uncovered 287 Chrome extensions that appear to secretly send users’ browsing data to remote servers, impacting an estimated 37.4 million installs. That is roughly 1%1% of the global Chrome user base, based on the researchers’ estimate. The researchers built an automated testing pipeline to catch “spying” behavior at scale. They ran Chrome inside a…
-
DragonForce Ransomware Group Targets 363 Companies, Expands Cartel-Like Operations Since 2023
DragonForce is a ransomware group that has rapidly evolved into a cartel-style operation, extending its reach across the cybercrime ecosystem since late 2023. Operating under a Ransomware-as-a-Service (RaaS) model, the group now positions itself not just as a single gang, but as a platform for other threat actors and affiliate crews. Over time, the group shifted from…