Schneier on Security

APRIL 16, 2025

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled , as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from.

CSO 266

CSO Government Software Cybersecurity 266

The Last Watchdog

APRIL 16, 2025

Palo Alto, Calif, Apr. 16, 2025, CyberNewswire — SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out , the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data Loss Protection (DLP) vendors listed by Gartner by ex

Architecture 147

Architecture Ransomware Data breaches Education 147

Krebs on Security

APRIL 10, 2025

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “ Smishing Triad ” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff.

Phishing 216

Phishing Banking Mobile Retail 216

The Last Watchdog

APRIL 10, 2025

SAN FRANCISCO If large language AI models are shaping our digital reality, then whoexactlyis shaping those models? And how the heck are they doing it? Related: What exactly is GenAI? Those are the questions Dr. Hidenori Tanaka wants to answer in an effort to put GenAI on solid scientific footing. And its the guiding ethos behind NTT Researchs launch of its newly spun-out Physics of Artificial Intelligence Group , which Tanaka will lead as founding director.

Artificial Intelligence 162

Artificial Intelligence Architecture Media Internet 162

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Javvad Malik

APRIL 15, 2025

You’re so busy climbing the corporate ladder that you can’t spare five minutes to ring mum and dad. But fear not! For a mere 24.90 a month, you can now hire a silicon-based impersonator to pretend it cares about your parents’ day. Welcome to inTouch Family, the service that lets you tick “filial piety” off your to-do list without all that pesky human interaction.

Technology 165

Technology Media Authentication 165

Adam Shostack

APRIL 15, 2025

CVE funding is apparently not being renewed. I havent been operationally involved for a long time and Im sorry for what the team is going through. Im not alone in having strong feelings, and I want to talk about some of the original use cases that informed us as we set up the system. (You might also enjoy my thoughts on 25 Years of CVE for some context.

Government 164

Government Malware 164

Security Affairs

APRIL 13, 2025

China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports. China reportedly admitted in a secret meeting with U.S. officials that it carried out cyberattacks on U.S. infrastructure, linked to the Volt Typhoon campaign. According to the Wall Street Journal, at a December Geneva summit, Chinese officials indirectly admitted to Volt Typhoon cyberattacks on U.S. infrastructure, reportedly linked to U.S.

Hacking 126

Hacking Manufacturing Education Government 126

Jane Frankland

APRIL 10, 2025

Small businesses make up 90% of the global business population. They’re not just the soul of local economiesthey’re essential links in global supply chains and the heartbeat of innovation. Yet in todays AI-driven, connected digital world, many of them are facing a threat theyre reluctant to see, hear, or acknowledge. Just like the three wise monkeys , some small business owners are unintentionally following a philosophy of see no risk, hear no warning, speak no threat when it comes t

Small Business 130

Small Business Risk Cybersecurity Cyber Risk 130

Adam Shostack

APRIL 10, 2025

What's wrong with this process? Appsec leaders come to me all the time, looking for feedback on their threat modeling approach. When we do it for a customer, the request and response are private, and when they're not, sometimes they end up in the blog. A recent request exemplified a couple of the problems that we see over and over: The system model provides a framework for identifying and analyzing potential threats by thoroughly describing the assets, attributes, and their interactions with

Software 130

Software 130

Schneier on Security

APRIL 14, 2025

The Wall Street Journal has the story : Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate. The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwa

Hacking 235

Hacking 235

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

APRIL 16, 2025

Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping. These clippers swap copied wallet addresses with the attackers own. The campaign targeted low-end phones mimicking famous models, using altered system info to trick users.

Malware 116

Malware Manufacturing Mobile Spyware 116

The Last Watchdog

APRIL 15, 2025

Last Friday morning, April 11, I was making my way home from NTT Researchs Upgrade 2025 innovation conference in San Francisco, when it struck me that were at a watershed moment. I was reflecting on NTTs newly launched Physics of Artificial Intelligence Lab when a GeekWire article crossed my LinkedIn feed, touting a seemingly parallel initiative by Amazon.

Artificial Intelligence 147

Artificial Intelligence Engineering Retail Government 147

Penetration Testing

APRIL 11, 2025

A severe security vulnerability has been identified in the InstaWP Connect WordPress plugin, posing a significant risk to websites using this tool. The vulnerability, tracked as CVE-2025-2636, is an unauthenticated Local PHP File Inclusion flaw that could allow attackers to gain complete control over affected websites. InstaWP Connect is a WordPress plugin developed by the […] The post InstaWP Connect Plugin Exposes WordPress Sites to Critical File Inclusion Vulnerability appeared first on

Risk 113

Risk Cybersecurity 113

Jane Frankland

APRIL 15, 2025

One of my friends, Greg van der Gaast tells this great story that perfectly illustrates one of the biggest challenges we face in cybersecurity today. It goes something like this… “Imagine someone who loves coffee. They have a fantastic coffee shop just steps from their home, serving the best lattes and espressos in town. But instead of strolling over to enjoy this local gem, they hop in their car and drive miles away for an average cup from a chain caf.

Risk 100

Risk Technology Cybersecurity Security Awareness 100

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

SecureWorld News

APRIL 16, 2025

Big AI runs on big hardware. And right now, that hardware is GPUsrented, stacked, and spinning 24/7 across cloud infrastructure nobody double-checks until something breaks. Everyone's focused on what LLMs say and dobut not where they live or how they're trained. That backend? It's a mess. And it's wide open. This is the blind spot in modern cybersecurity, as not many of us are aware of how important GPUs are for AI.

Architecture 96

Architecture Artificial Intelligence Passwords Risk 96

Security Affairs

APRIL 13, 2025

Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell C is the fourth-largest mobile network operator in South Africa, , after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and international calling, SIM-only plans and device deals.

Data breaches 124

Data breaches Unstructured Data Identity Theft Healthcare 124

The Last Watchdog

APRIL 16, 2025

Just hours before it was set to expire on April 16, the federal contract funding MITREs stewardship of the CVE (Common Vulnerabilities and Exposures) program was given a temporary extension by CISA. Related: Brian Krebs’ take on MITRE funding expiring This averted an immediate shutdown, but it didnt solve the underlying problem. Far from it. The system that underpins vulnerability disclosurethe nervous system of cybersecurity risk managementis showing signs of structural fatigue.

Architecture 130

Architecture Risk Cybersecurity Internet 130

Penetration Testing

APRIL 10, 2025

The cyber threat landscape is in constant flux, with threat actors continuously refining their techniques to breach defenses and achieve their malicious objectives. A recent report by Seqrite Labs’ APT team sheds light on the evolving tactics of the Pakistan-linked SideCopy APT group, revealing a significant expansion in their targeting and a shift in their […] The post SideCopy APT Group Evolves Tactics, Targets Critical Indian Infrastructure appeared first on Daily CyberSecurity.

Cyber threats 122

Cyber threats Cybersecurity Phishing Malware 122

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Malwarebytes

APRIL 14, 2025

In a new update for the guide concerning CVE-2025-21204 Microsoft told users they need the new inetpub folder for protection. As part of Aprils patch Tuesday updates, Microsoft released a patch to a link following flaw in the Windows Update Stack. Applying the patch creates a new %systemdrive%inetpub folder on the device. Users who noticed the new folder asked questions because they were concerned about its origin and purpose.

Internet 103

Internet Internet Authentication Accountability 103

Tech Republic Security

APRIL 15, 2025

A Gartner distinguished VP analyst offers TechRepublic readers advice about which early-stage technologies that will define the future of business systems to prioritize.

Technology 117

Technology Artificial Intelligence Big data Marketing 117

Security Affairs

APRIL 10, 2025

AkiraBot, a CAPTCHA-evading Python framework, has spammed over 80,000 websites with AI-generated messages, targeting small and medium-sized businesses. SentinelOnes SentinelLabs researchers warn that AkiraBot, a spam framework, targets websites’ chats and contact forms to promote low-quality SEO services, AkiraBot has already targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September 2024.

eCommerce 125

eCommerce Technology DNS Business Services 125

The Last Watchdog

APRIL 10, 2025

TOKYO, Apr. 10, 2025 Today, NTT Corporation ( NTT ) announced a new, large-scale integration (LSI) for the real-time AI inference processing of ultra-high-definition video up to 4K resolution and 30 frames per second (fps). This low-power technology is designed for edge and power-constrained terminal deployments in which conventional AI inferencing requires the compression of ultra-high-definition video for real-time processing.

Technology 130

Technology Wireless Engineering Encryption 130

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

APRIL 12, 2025

AhnLab Security intelligence Center (ASEC) has revealed a cyberattack campaign where Arabic-speaking attackers are distributing ViperSoftX malware, targeting The post ViperSoftX Malware: Arabic-Speaking Attackers Exploit PowerShell in New Cyberattack Campaign appeared first on Daily CyberSecurity.

Malware 117

Malware Security Intelligence Cybersecurity Software 117

Security Boulevard

APRIL 15, 2025

MITREs CVE program has been an important pillar in cybersecurity for over two decades. The lack of certainty surrounding the future of the CVE program creates great uncertainty about how newly discovered vulnerabilities will be cataloged. Background On April 15, reports circulated that the contract for funding the Common Vulnerabilities and Exposures (CVE) program along with other related programs, such as Common Weakness Enumeration (CWE), would be expiring on April 16.

Cybersecurity 98

Cybersecurity Media Technology Risk 98

SecureWorld News

APRIL 10, 2025

Recent reports indicate that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is bracing for significant workforce reductions. These cuts, which come amid budgetary pressures and evolving threat landscapes, have far-reaching implications across multiple levels of the cybersecurity ecosystem. Here's a breakdown. CISA, known as "America's Cyber Defense Agency," is facing massive layoffs that could impact its ability to safeguard the nation's critical infrastructure.

Energy and Utilities 89

Energy and Utilities Backups Healthcare Cybersecurity 89

Security Affairs

APRIL 12, 2025

Fortinet warns attackers can keep read-only access to FortiGate devices even after the original vulnerability is patched. Fortinet warns that threat actors can retain read-only access to FortiGate devices even after the original vulnerability used for the breach has been patched. The cybersecurity firm revealed that attackers exploited known FortiGate flaws like CVE-2022-42475 , CVE-2023-27997 , and CVE-2024-21762 to gain persistent read-only access via a symlink in SSL-VPN language folders. 

VPN 103

VPN Engineering Hacking Cybersecurity 103

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

The Last Watchdog

APRIL 11, 2025

Cary, NC, Apr. 11, 2025, CyberNewswire — Defense contractors are facing increased pressure to meet the Department of Defense’s stringent Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements ahead of 2025 compliance deadlines. INE Security , a leading global provider of cybersecurity training and certifications, is highlighting how hands-on cybersecurity labs are proving critical for organizations seeking to achieve compliance efficiently and effectively.

CISO 130

CISO Cybersecurity Media Technology 130

Penetration Testing

APRIL 15, 2025

Google has released a critical security update for its Chrome browser, pushing version 135.0.7049.95/.96 to the Stable channel The post Critical Chrome Security Update: Patch CVE-2025-3619 & CVE-2025-3620 Now! appeared first on Daily CyberSecurity.

Cybersecurity 110

Cybersecurity 110

Security Boulevard

APRIL 10, 2025

In today's rapidly evolving digital landscape, taking control of your cybersecurity strategy is more crucial than ever. The post Embracing the Future: Mastering Your Cybersecurity Strategy With an Identity Driven Security Approach appeared first on Security Boulevard.

Cybersecurity 114

Cybersecurity Digital transformation Security Awareness 114

Malwarebytes

APRIL 10, 2025

Senator Cassidy, the chair of the US Senate Health, Education, Labor, and Pensions Committee has expressed concerns about foreign adversaries, including the Chinese Communist Party, acquiring the sensitive genetic data of millions of Americans through 23andMe. The risk is considered real because of the impending takeover of the genetic database that belongs to 23andMe.

Accountability 113

Accountability Risk Data breaches Education 113

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity