IT Security Guru

JANUARY 9, 2025

As we begin the New Year, it offers a chance for reflection on 2024 and to consider what we can do as security professionals and business leaders in 2025 that will keep us relevant and in the best position to counter cyber threats going forward. In the face of evolving cybersecurity threats, protecting privileged accounts is essential.

Cybersecurity 113

Cybersecurity Cyber threats Architecture Digital transformation 113

Malwarebytes

FEBRUARY 4, 2025

And yet, if artificial intelligence achieves what is called an agentic model in 2025, novel and boundless attacks could be within reach, as AI tools take on the roles of agents that independently discover vulnerabilities, steal logins, and pry into accounts. You can find the full 2025 State of Malware report here.

Artificial Intelligence 145

Artificial Intelligence Small Business Malware Technology 145

Penetration Testing

JUNE 1, 2025

Meta's Q1 2025 report details the takedown of covert influence campaigns from China, Iran, and Romania, utilizing AI and fake accounts to manipulate public discourse.

Accountability 96

Accountability Threat Reports Media 96

Krebs on Security

JANUARY 22, 2025

14, 2025 shows the mistyped domain name a22-65.akam.ne. From June 30, 2020 until January 14, 2025, one of the core Internet servers that MasterCard uses to direct traffic for portions of the mastercard.com network was misnamed. The Russian search giant Yandex reports this user account belongs to an “Ivan I.”

DNS 362

DNS Internet Internet Risk 362

SecureList

MAY 30, 2025

The first quarter of 2025 saw the continued publication of vulnerabilities discovered and fixed in 2024, as some researchers were previously unable to disclose the details. This partially shifted the focus away from vulnerabilities that received new CVE-2025-NNNNN identifiers. The data is taken from cve.org.

Software 104

Software Malware Authentication Accountability 104

Centraleyes

DECEMBER 16, 2024

As we approach 2025, the cybersecurity landscape is evolving rapidly, shaped by technological advancements, regulatory shifts, and emerging threats. Below is an exhaustive list of key cybersecurity trends to watch out for in 2025. Supply Chain Security on the Rise In 2025, the supply chain will remain a major cybersecurity risk.

Cybersecurity 98

Cybersecurity Insurance Cyber Insurance Technology 98

Security Boulevard

FEBRUARY 19, 2025

Cybercrime-as-a-Service (CaaS) now accounts for 57% of all cyberthreats, marking a 17% increase from the first half of 2024, according to Darktraces Annual Threat Report. The post CaaS Surges in 2025, Along With RATs, Ransomware appeared first on Security Boulevard.

Ransomware 104

Ransomware Cybercrime Threat Reports Accountability 104

Penetration Testing

JUNE 10, 2025

flaw (CVE-2025-49653) in Backend.AI allows account takeover via PoC, impacting all versions. A critical CVSS 9.8 Vendor has not issued a patch.

Accountability 65

Accountability Cybersecurity 65

SecureList

DECEMBER 16, 2024

Verdict: prediction not fulfilled Our predictions for 2025 Data breaches through contractors When abusing company-contractor relationships (trusted relationship attacks), threat actors first infiltrate a supplier’s systems and then gain access to the target organization’s infrastructure or data.

Marketing 106

Marketing Data breaches Cryptocurrency Malware 106

SecureWorld News

APRIL 23, 2025

In its 17th edition, Verizon's 2025 Data Breach Investigations Report (DBIR) continues to deliver one of the most comprehensive analyses of cyber incidents worldwide. Phishing accounted for nearly 25% of all breaches. And it's not slowing down." The median time to click was just 21 minutes. Your response must be equally fast."

Ransomware 101

Ransomware CISO Backups Risk 101

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. billion yen Typically, attackers hijack victim accounts, sell held stocks, and use the proceeds to buy assets like Chinese stocks, which remain in the account post-attack. When did it occur?

Financial Services 121

Financial Services Passwords Accountability Antivirus 121

Troy Hunt

FEBRUARY 25, 2025

It's those credentials that are then sold in the stealer logs and later used to access the victim's accounts, which is the second exploitation. Another path had "ve", so it was off to Caracas and the Venezuelan victim's account was confirmed. You get the idea.

Passwords 362

Passwords Accountability VPN Malware 362

Security Boulevard

JUNE 10, 2025

Microsoft addresses 65 CVEs in its June 2025 Patch Tuesday release, with nine rated critical, and 56 rated as important. Important CVE-2025-33053 | Web Distributed Authoring and Versioning (WebDAV) Remote Code Execution Vulnerability CVE-2025-33053 is a RCE in Web Distributed Authoring and Versioning (WebDAV).

Social Engineering 52

Social Engineering Media Engineering Authentication 52

Penetration Testing

JANUARY 20, 2025

A recently patched vulnerability in popular error tracking and performance monitoring platform Sentry could have allowed attackers to The post CVE-2025-22146 (CVSS 9.1): Critical Sentry Vulnerability Allowed Account Takeovers appeared first on Cybersecurity News.

Accountability 128

Accountability Cybersecurity 128

Security Affairs

JUNE 11, 2025

A vulnerability could allow recovery of the phone number associated with a Google account by carrying out a brute force attack. This flaw allowed potential abuse of the form to reveal recovery details linked to a Google account display name like “John Smith.” 2025-05-15 – Panel awards $1,337 + swag.

Accountability 74

Accountability Passwords Hacking Information Security 74

Security Affairs

MAY 16, 2025

Google released emergency security updates to fix a Chrome vulnerability that could lead to full account takeover. Google released emergency security updates to address a Chrome browser vulnerability, tracked as CVE-2025-4664, that could lead to full account takeover. reads the advisory published by Google.

Accountability 61

Accountability Hacking 61

Zero Day

JUNE 6, 2025

Written by Lance Whitney, Contributor June 6, 2025 at 5:42 a.m. Collectively, they could easily put affected customers at risk for account takeovers and identity theft. PT JuSun/Getty Images Hackers on the dark web are hawking a database of 86 million customer records that they claim were stolen in an AT&T breach last year.

Password Management 98

Password Management Passwords Artificial Intelligence Software 98

Penetration Testing

APRIL 9, 2025

A critical vulnerability in the popular WordPress automation plugin SureTriggers has exposed over 100,000 sites to the risk of unauthenticated administrative account creation, potentially allowing full site takeover. The vulnerability, tracked as CVE-2025-3102 with a CVSS score of 8.1,

Accountability 111

Accountability Risk Cybersecurity 111

The Hacker News

MAY 28, 2025

In 2025, it steals live sessionsand attackers are moving faster and more efficiently than ever. While many associate account takeovers with personal services, the real threat is unfolding in the enterprise. Stealer malware no longer just steals passwords.

Accountability 119

Accountability Passwords Malware 119

Security Affairs

APRIL 4, 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) reported three cyberattacks in March 2025 targeting Ukrainian agencies and infrastructure to steal sensitive data. ” Since fall 2024, threat actor used compromised accounts to send emails with links (e.g., This activity is tracked under the identifier UAC-0219.

Malware 74

Malware Cyber threats Government Hacking 74

Security Boulevard

APRIL 8, 2025

Microsoft patched 121 CVEs in its April 2025 Patch Tuesday release, with 11 rated critical and 110 rated as important. Important CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-29824 is an EoP vulnerability in the Windows Common Log File System (CLFS) Driver.

Media 59

Media Ransomware Accountability Mobile 59

Security Affairs

MARCH 30, 2025

The malicious code has been used in attacks targeting the flaw CVE-2025-0282 in Ivanti Connect Secure (ICS) appliances. RESURGE enables credential harvesting, account creation, and privilege escalation, copying web shells to Ivanti’s boot disk and manipulating the coreboot image for persistence. In January, the U.S.

Malware 122

Malware Authentication Encryption Cybersecurity 122

The Last Watchdog

MAY 30, 2025

Non-human service accounts have quietly become one of the biggest liabilities in enterprise security. Yet despite their scale, service accounts remain largely invisible to traditional IAM and PAM systems. Yet despite their scale, service accounts remain largely invisible to traditional IAM and PAM systems.

Risk 130

Risk Cyber Insurance Accountability Insurance 130

The Last Watchdog

JANUARY 15, 2025

15, 2025, CyberNewswire — Aembit , the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. Registration for NHIcon 2025 is free and open at NHIcon.com. Silver Spring, MD, Jan.

Accountability 130

Accountability Software Risk Media 130

Security Affairs

FEBRUARY 3, 2025

The February 2025 Android security updates addressed 48 vulnerabilities, including a kernel zero-day flaw exploited in the wild. The February 2025 Android security updates addressed 48 vulnerabilities, including a zero-day flaw, tracked as CVE-2024-53104 , which is actively exploited in attacks in the wild. ” reads the advisory.

Media 116

Media Authentication Hacking Accountability 116

BH Consulting

JANUARY 28, 2025

A key theme of Data Protection Day 2025 is the evolving mandate of data protection. For me, accountability is such a key principle of data protection rules. The post Data Protection Day 2025: three takeaways for embedding privacy principles appeared first on BH Consulting. But I would argue thats not the point.

Data breaches 91

Data breaches Risk Accountability Software 91

The Hacker News

MAY 29, 2025

Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We This included a network of 658 accounts on Facebook, 14 Pages, and

Threat Reports 114

Threat Reports Media Authentication Accountability 114

Thales Cloud Protection & Licensing

APRIL 22, 2025

The AI Bot Epidemic: The Imperva 2025 Bad Bot Report madhav Tue, 04/22/2025 - 17:10 The ubiquity of accessible AI tools has lowered the barrier to entry for threat actors, helping them create and deploy malicious bots at an unprecedented scale. The surge in AI-driven bot creation has serious implications for businesses worldwide.

Digital transformation 62

Digital transformation Accountability Risk Internet 62

Krebs on Security

MAY 7, 2025

The DOJ’s indictment includes no additional details about eWorldTrade’s business, origins or other activity, and at first glance the website might appear to be a legitimate e-commerce platform that also just happened to sell some restricted chemicals A screenshot of the eWorldTrade homepage on March 25, 2025. Image: archive.org.

Scams 274

Scams Marketing Advertising Technology 274

Security Affairs

MAY 17, 2025

CVE-2025-4664 (CVSS score of 4.3) Google Chromium Loader Insufficient Policy Enforcement Vulnerability – This week Google released emergency security updates to address a Chrome browser vulnerability, tracked as CVE-2025-4664, that could lead to full account takeover. CVE-2025-42999 (CVSS score of 9.1)

Risk 102

Risk Hacking Accountability Cybersecurity 102

Thales Cloud Protection & Licensing

DECEMBER 17, 2024

Application and API Security in 2025: What Will the New Year Bring? madhav Wed, 12/18/2024 - 05:24 As we step into 2025, the critical importance of application and API security has never been more evident. Compounding the challenge, 46% of Account Takeover (ATO) attacks focused on API endpoints, up from 35% in 2022.

Risk 71

Risk Digital transformation Software Technology 71

Thales Cloud Protection & Licensing

MARCH 18, 2025

Thales OneWelcome Identity Platform and HIPAA Compliance in 2025 madhav Wed, 03/19/2025 - 05:58 The Health Insurance Portability and Accountability Act (HIPAA) has undergone significant changes in 2025, introducing enhanced requirements to address growing cyber threats and ensure comprehensive data protection.

Healthcare 62

Healthcare Encryption Authentication Penetration Testing 62

Security Boulevard

MARCH 24, 2025

This is a news item roundup of privacy or privacy-related news items for 16 MAR 2025 - 22 MAR 2025. While MFA is primarily a security feature, its primary privacy benefit is adding another layer of security to prevent unauthorized access to information contained in particular important or sensitive accounts.

Surveillance 75

Surveillance Telecommunications Data breaches Malware 75

Krebs on Security

DECEMBER 29, 2024

In these attacks, the phishers abused at least four different Google services to trick targets into believing they were speaking with a Google representative, and into giving thieves control over their account with a single click. Here’s to a happy, healthy, wealthy and wary 2025. Hope to see you all again in the New Year!

Scams 244

Scams Cybercrime Cryptocurrency Social Engineering 244

Security Boulevard

APRIL 16, 2025

Oracle addresses 171 CVEs in its second quarterly update of 2025 with 378 patches, including 40 critical updates. Background On April 15, Oracle released its Critical Patch Update (CPU) for April 2025 , the second quarterly update of the year. of the total patches, followed by Oracle Hyperion at 43 patches, which accounted for 11.4%

Financial Services 59

Financial Services Retail Insurance Accountability 59

Krebs on Security

JANUARY 16, 2025

10, 2025 by a China-based SMS phishing service called “Lighthouse.” A notice from MassDOT cautions that “the targeted phone numbers seem to be chosen at random and are not uniquely associated with an account or usage of toll roads.”

Phishing 302

Phishing Scams Mobile Authentication 302

Security Affairs

APRIL 9, 2025

The US Office of the Comptroller of the Currency (OCC) disclosed a major email breach compromising 100 accounts, undetected for over a year. The cybersecurity incident involved unauthorized access to emails via a compromised admin account. 12, 2025, triggering incident response and reporting to CISA. ” reported Bloomberg.

Accountability 124

Accountability Banking Information Security Hacking 124