Recent Posts

Week 18 – SAP NetWeaver’s Visual Composer component
02/05/2025

Week 18 – SAP NetWeaver’s Visual Composer component

White Hat IT Security’s CVE Of The Week, CVE-2025-31324, is a critical zero-day vulnerability affecting SAP NetWeaver’s Visual Composer component

CVE of the Week
-
by test user
02/05/2025

Cyber (In)Securities – Issue 144

News Quantum computer threat spurring quiet overhaul of internet securityCyberscoop – Greg Otto Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacksBleepingComputer – Bill Toulas Dems look to close the barn door after top DOGE dog has boltedThe Register – Brandon Vigliarolo Canadian Electric Utility 

Recent Digests
-
by Cyan Staff
Cyber (In)Securities – Issue 143
29/04/2025

Cyber (In)Securities – Issue 143

News

  1. Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn
    The Register – Brandon Vigliarolo
  2. Cybersecurity experts issue response to Trump order targeting Chris Krebs, SentinelOne
    Cyberscoop – Greg Otto
  3. Marks & Spencer breach linked to Scattered Spider ransomware attack
    BleepingComputer – Lawrence Abrams
  4. House passes bill to study routers’ national security risks
    Cyberscoop – Matt Braken
  5. Hitachi Vantara takes servers offline after Akira ransomware attack
    BleepingComputer – Sergiu Gatlan
  6. Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw
    BleepingComputer – Bill Toulas
  7. Cybersecurity vendors are themselves under attack by hackers, SentinelOne says
    Cyberscoop – Tim Starks
  8. VeriSource now says February data breach impacts 4 million people
    BleepingComputer – Bill Toulas
  9. DragonForce expands ransomware model with white-label branding scheme
    BleepingComputer – Ionut Ilascu
  10. WooCommerce admins targeted by fake security patches that hijack sites
    BleepingComputer – Bill Toulas
  11. Amid CVE funding fumble, ‘we were mushrooms, kept in the dark,’ says board member
    The Register – Jessica Lyons
  12. More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans
    The Register – Connor Jones
  13. Mobile provider MTN says cyberattack compromised customer data
    BleepingComputer – Bill Toulas
  14. Vehicles Face 45% More Attacks, 4 Times More Hackers
    Dark Reading – Nate Nelson
  15. Gig-Work Platforms at Risk for Data Breaches, Fraud, Account Takeovers
    Dark Reading – Tatiana Walk-Morris
  16. All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack
    SecurityWeek – Ionut Arghire
  17. Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
    The Hacker News – Ravie Lakshmanan
  18. Anthropic finds alarming ’emerging trends’ in Claude misuse report
    ZDNet – Radhika Rajkumar
  19. Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry
    The Register – Jessica Lyons
  20. ‘SessionShark’ ToolKit Evades Microsoft Office 365 MFA
    Dark Reading – Kristina Beek
  21. Assassin’s Creed maker faces GDPR complaint for forcing single-player gamers online
    The Register – Brandon Vigliarolo
  22. Interlock ransomware claims DaVita attack, leaks stolen data
    BleepingComputer – Bill Toulas
  23. Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances
    SecurityWeek – Ryan Naraine
  24. ‘Warning sign’: Espionage driving APAC cyber surge
    InnovationAus – Trish Everingham

Analysis

  1. The Trouble with AI in Cybersecurity – Part 5: Ethics on Autopilot
    PrivID (Substack)
  2. Mobile Applications: A Cesspool of Security Issues
    Dark Reading – Robert Lemos
  3. M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat
    Dark Reading – Kevin Townsend
  4. Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy
    SecurityWeek – Danelle Au
  5. Why NHIs Are Security’s Most Dangerous Blind Spot
    The Hacker News
  6. Navigating Regulatory Shifts & AI Risks
    Dark Reading – Arnaud Treps

CyAN Members: News

  1. Comment instaurer une relation de confiance entre le DPO et le Hacker Éthique ?
    Cybersecurity Advisors Network
  2. CyAN Global Vice President Kim Chandler McDonald judges Australian Space Awards
    Space Connect
  3. Michael do Rozario Named Finalist for Lawyers Weekly Partner of the Year Awards 2025
    Lawyers Weekly

🗓️ Upcoming CyAN (and CyAN Partner) Global Events:

GISEC Logo

📍 Dubai, UAE

GISEC
May 6–8

Read more
Cyber OSPAs Logo

📍 London, UK

Cyber OSPAs
May 8

Read more
CSG Awards Logo

📍 Dubai, UAE

CSG Awards 2025
May 7

Read more
World AI Expo Logo

📍 Dubai, UAE

World AI Technology Expo
May 14–15

Read more

🎉 Celebration

CyAN 10th Anniversary
(Details TBA)

GITEX Europe Logo

📍 Berlin, Germany

GITEX Europe Messe
May 21–23

Read more
MaTeCC Logo

📍 Rabat, Morocco

MaTeCC
June 7–9

Read more

🌐 Online

CyAN Q2 Call (APAC + Gulf)
June 11 – 12:00 GST / 16:00 SGT / 18:00 AEST

🌐 Online

CyAN Q2 Call (EMEA + Americas)
June 11 – 20:00 GST / 18:00 CET / 17:00 UTC / 12:00 EDT

Recent Digests
-
by Cyan Staff
DPO & Hacker Éthique : Une synergie stratégique au cœur de la cybersécurité
28/04/2025

DPO & Hacker Éthique : Une synergie stratégique au cœur de la cybersécurité

Retour sur le webinaire organisé par l’initiative Black Is Ethical – 26 mars 2025

The CyAN Blog
-
by Cyan Staff
Welcome New Member – Norman King from Australia
28/04/2025

Welcome New Member – Norman King from Australia

Please welcome our newest member from Australia, Norman King! Norman has 25+ years of experience working as a technology professional. As CTO, he has been part of the leadership team at iPartners since the company began operations in 2017. He has overseen the development of 

CyAN News
-
by Cyan Staff
Cyber (In)Securities – Issue 142
24/04/2025

Cyber (In)Securities – Issue 142

News

  1. Ransomware Gangs Innovate With New Affiliate Models
    Dark Reading – Alexander Culafi
  2. FBI: US lost record $16.6 billion to cybercrime in 2024
    BleepingComputer – Sergiu Gatlan
  3. Attackers hit security device defects hard in 2024
    Cyberscoop – Matt Kapko
  4. Ripple NPM supply chain attack hunts for private keys
    The Register – Connor Jones
  5. DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
    The Hacker News – Ravie Lakshmanan
  6. Blue Shield of California leaked health data of 4.7 million members to Google
    BleepingComputer – Bill Toulas
  7. ‘Cookie Bite’ Entra ID Attack Exposes Microsoft 365
    Dark Reading – Elizabeth Montalbano
  8. RIP, Google Privacy Sandbox
    The Register – Thomas Claburn
  9. Microsoft Purges Millions of Cloud Tenants in Wake of Storm-0558
    Dark Reading – Jai Vijayan
  10. Millions of SK Telecom customers are potentially at risk following USIM data compromise
    Security Affairs – Pierluigi Paganini
  11. Fog ransomware channels Musk with demands for work recaps or a trillion bucks
    The Register – Connor Jones
  12. Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
    The Hacker News – Ravie Lakshmanan
  13. Ripple’s recommended XRP library xrpl.js hacked to steal wallets
    BleepingComputer – Lawrence Abrams
  14. DeepSeek Breach Opens Floodgates to Dark Web
    Dark Reading – Emma Zaballos
  15. SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks
    The Hacker News – Ravie Lakshmanan
  16. Billion-dollar cyberscam industry spreading globally, warns UN
    itNews
  17. Researchers warn of critical flaw found in Erlang OTP SSH
    Cybersecurity Dive – David Jones
  18. The FBI Can’t Find ‘Missing’ Records of Its Hacking Tools
    404 Media – Joseph Cox
  19. Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days
    The Register – Iain Thomson
  20. Multiple top CISA officials behind ‘Secure by Design’ resign
    Cyberscoop – Derek B. Johnson
  21. North Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature
    SecurityWeek – Ryan Naraine
  22. Phishers abuse Google OAuth to spoof Google in DKIM replay attack
    BleepingComputer – Ionut Ilascu
  23. Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare
    SecurityWeek / Associated Press
  24. Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
    The Hacker News – Ravie Lakshmanan
  25. FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE
    Trend Micro – Nathaniel Morales & Sarah Pearl Camiling
  26. APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
    The Hacker News – Ravie Lakshmanan
  27. New Android malware steals your credit cards for NFC relay attacks
    BleepingComputer – Bill Toulas
  28. Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
    The Hacker News – Ravie Lakshmanan
  29. Hacking US crosswalks to talk like Zuck is as easy as 1234
    The Register – Iain Thomson

Analysis

  1. The Foundations of a Resilient Cyber Workforce
    Dark Reading – Mohan Loo
  2. Nation-State Threats Put SMBs in Their Sights
    Dark Reading – Robert Lemos
  3. Why AI Cyber Defences Are Lagging Behind the Offence
    PrivID (Substack)
  4. Can Cybersecurity Weather the Current Economic Chaos
    Dark Reading – Robert Lemos
  5. Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation
    SecurityWeek – Kevin Townsend
  6. 5 Reasons Device Management Isn’t Device Trust
    The Hacker News

CyAN Members

  1. The Elephant in the Server Room: Why Nation-State Hackers Love Small Businesses
    CyAN Global VP – Kim Chandler McDonald
  2. CyAN’s Position on Germany’s 2025 Coalition Agreement
    CyAN Position Paper
  3. Fortune 500 CEOs on Cybersecurity (2019–2024)
    CyAN Member – Nick Kelly
  4. La Liga: Blocking of Cloudflare IPs in Spain
    CyAN Communications Director – John Salomon
  1. CyAN Members Lead 11th International TPRM Virtual Summit
    International TPRM Alliance – Featuring CyAN Board Member Bharat Raigangar and Member Yedhu Krishna Menon

🗓️ Upcoming CyAN (and CyAN Partner) Global Events:

GITEX AFRICA Logo

📍 Marrakesh, Morocco

GITEX AFRICA
April 14–16

Read more
GITEX ASIA Logo

📍 Singapore

GITEX ASIA
April 23–25

Read more
GISEC Logo

📍 Dubai, UAE

GISEC
May 6–8

Read more
Cyber OSPAs Logo

📍 London, UK

Cyber OSPAs
May 8

Read more
CSG Awards Logo

📍 Dubai, UAE

CSG Awards 2025
May 7

Read more
World AI Expo Logo

📍 Dubai, UAE

World AI Technology Expo
May 14–15

Read more

🎉 Celebration

CyAN 10th Anniversary
(Details TBA)

GITEX Europe Logo

📍 Berlin, Germany

GITEX Europe Messe
May 21–23

Read more
MaTeCC Logo

📍 Rabat, Morocco

MaTeCC
June 7–9

Read more

🌐 Online

CyAN Q2 Call (APAC + Gulf)
June 11 – 12:00 GST / 16:00 SGT / 18:00 AEST

🌐 Online

CyAN Q2 Call (EMEA + Americas)
June 11 – 20:00 GST / 18:00 CET / 17:00 UTC / 12:00 EDT

Recent Digests
-
by Cyan Staff
🐘 The Elephant in the Server Room: Why Nation-State Hackers Love Small Businesses
23/04/2025

🐘 The Elephant in the Server Room: Why Nation-State Hackers Love Small Businesses

You’d think nation-state cyber attackers would be too busy targeting military secrets, critical infrastructure, or global financial systems to bother with your local optometrist, small engineering firm, or boutique consultancy. But you’d be wrong. As Rob Lemos in his recent Dark Reading article “Nation-State Threats 

The CyAN Blog
-
by Kim McDonald
CyAN’s Position on Germany’s 2025 Coalition Agreement
22/04/2025

CyAN’s Position on Germany’s 2025 Coalition Agreement

CyAN’s position on the digital elements of the 2025 German CDU/CSU – SPD coalition agreement

The CyAN Blog
-
by Cyan Staff
17/04/2025

Cyber (In)Securities – Issue 141

News

  1. Former cyber official targeted by Trump quits company over move
    NBC News – Kevin Collier
  2. MITRE’s CVE program given last-minute reprieve
    itNews – Raphael Satter
  3. Whistle Blower: Russian Breach of US Data Through DOGE
    Narativ – Zev Shalev
  4. Midnight Blizzard deploys GrapeLoader malware
    BleepingComputer – Bill Toulas
  5. 4chan taken down following major hack
    BleepingComputer – Sergiu Gatlan
  6. China places NSA operatives on wanted list
    Cyberscoop – Tim Starks
  7. RansomHouse Ransomware: What You Need To Know
    Fortra – Graham Cluley
  8. Wine-Inspired Phishing Targets EU Diplomats
    Dark Reading – Elizabeth Montalbano
  9. Chinese group uses open-source tools
    Cyberscoop – Derek B. Johnson
  10. Apache Roller Flaw enables persistent access
    Security Affairs – Pierluigi Paganini
  11. Chinese Hackers Use SNOWLIGHT on Linux
    The Hacker News – Ravie Lakshmanan
  12. 2.6M impacted in Landmark/Young breaches
    SecurityWeek – Ionut Arghire
  13. UNC5174 Leveraging Open Source for Espionage
    Dark Reading – Alexander Culafi
  14. DOGE may have exposed sensitive labor data
    NPR – Jenna McLaughlin
  15. Conduent confirms client data stolen
    BleepingComputer – Lawrence Abrams
  16. Firm buys hacker forum accounts
    BleepingComputer – Bill Toulas
  17. Cyber Congressman demands CISA answers
    The Register – Jessica Lyons
  18. Gladinet vulnerabilities exploited
    SecurityWeek – Ryan Naraine
  19. Chinese APTs exploit EDR blind spots
    Dark Reading – Becky Bracken
  20. Cyber risks in aviation sector
    Cybersecurity Dive – David Jones
  21. Phishing uses real-time email validation
    The Hacker News – Ravie Lakshmanan
  1. SSL/TLS cert lifespan shrinking
    BleepingComputer – Bill Toulas
  2. Malicious NPM packages target PayPal
    Security Affairs – Pierluigi Paganini
  3. Roblox poses risks to children
    The Guardian – Libby Brooks & Jedidajah Otte
  4. Fortinet Zero-Day Enables Remote Code Execution
    Dark Reading – Kristina Beek
  5. Hertz data breach confirmed
    itNews
  6. NIST Updates Privacy Framework
    NIST
  7. China accuses US of cyberattacks
    itNews – Laurie Chen
  8. China using ships to target undersea cables
    The Guardian – Angela Dewan
  9. US private prison firm fuels surveillance
    Middle East Eye
  10. ResolverRAT phishing targets healthcare
    The Hacker News – Ravie Lakshmanan
  11. Unknown Storm: Stealthiest hackers uncovered
    Wired
  12. Hacktivism likely state-sponsored
    The Register – Jessica Lyons
  13. AI hallucinated code dependencies
    BleepingComputer – Bill Toulas
  14. Microsoft recalls Recall feature
    The Register – Iain Thomson
  15. Lab breach exposes 1.6M records
    Security Affairs – Pierluigi Paganini
  16. Paper Werewolf spreads via USB
    Dark Reading – Kristina Beek
  17. Meta loses DEI group support
    The Guardian – Adria R Walker
  18. Third-party fraud leads cyber claims
    Dark Reading – Robert Lemos
  19. Western Sydney Uni breach
    BleepingComputer – Bill Toulas
  20. Trump attacks SentinelOne
    InnovationAus – Raphael Satter
  21. China admits Volt Typhoon cyberattacks
    SecurityWeek – Eduard Kovacs

Analysis

  1. DOGE’s tech takeover threatens the safety and stability of our critical data
    MIT Technology Review
  2. Are We Prioritizing the Wrong Security Metrics?
    Dark Reading – Swati Babbar
  3. Businesses bleed $100m a year due to cybersecurity failures, study shows
    IBS Intelligence – Gloria Methri
  1. Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind
    The Hacker News
  2. 5 warning signs that your phone’s been hacked – and how to fight back
    ZDNet – Lance Whitney
  3. AI-Driven Disinformation Campaigns: The Digital Fog of War
    PrivID (Substack)

CyAN Op-Eds & Articles

  1. No Time for Antics with Semantics: Why CVEs Are Cybersecurity’s Lifeline
    Kim Chandler McDonald
  2. Vulnerability Scanning Essentials: What Every Cyber Beginner Must Try
  1. “What happens to Heroes?” EPISODE #4: The Unsung Heroes of the digital world
    Didier Annet
  2. Information Gathering Tools Explained: From Nmap to Maltego
    Fel Gayanilo

CyAN Spotlights & Insights

  1. Highlights from this week’s cybersecurity research by evisec – CRD #20
    CyAN Member and evisec CEO Henry Röigas
  1. Online Safety for Kids and Teens – Biweekly Brief
    CyAN Member and Vyanams Strategies Founder Vaishnavi J

CyAN Member News

• Congratulations to CyAN Member Fatema Fardan, who has spent the past six months as a mentor with the QODWA program, initiated by the CFA Society Bahrain! We at CyAN are massive supporters of mentorship programs within the industry, knowing that they not only build professional confidence and capability, but also create lasting networks of support and inspiration. Fatema’s contribution to the next generation of cybersecurity and finance professionals reflects the heart of what makes our community so special—sharing knowledge, lifting others, and leading by example. Well done, Fatema! 👏💙

• Huge congrats to CyAN Member Will Rivera for representing MyOwn Image at two standout events on public service and responsible tech. On March 27, he spoke at Hartwick College’s Gender & Public Service event, honouring Judith “Judy” Day’s legacy. Then on April 5, he joined All Tech Is Human and NYIT to spotlight MyOwn Image’s advocacy against tech-facilitated violence. From campus panels to national policy—Will is leading with purpose. 👏💙

• CyAN thrives because of the incredible talent, leadership, and dedication of our members, and we are proud to see them shaping the future of cybersecurity on a global stage! 🚀💙

• CyAN Board Member Bharat Raigangar has been particularly busy recently! April 9–11 found him in Lisbon speaking at the Third Party and Supply Chain Cyber Security Summit (SCCS), and this week, while in NYC, he caught up with fellow CyAN members Gilles Chevillon and Vaishnavi J!

🗓️ Upcoming CyAN (and CyAN Partner) Global Events:

GITEX AFRICA Logo

📍 Marrakesh, Morocco

GITEX AFRICA
April 14–16

Read more
GITEX ASIA Logo

📍 Singapore

GITEX ASIA
April 23–25

Read more
GISEC Logo

📍 Dubai, UAE

GISEC
May 6–8

Read more
Cyber OSPAs Logo

📍 London, UK

Cyber OSPAs
May 8

Read more
CSG Awards Logo

📍 Dubai, UAE

CSG Awards 2025
May 7

Read more
World AI Expo Logo

📍 Dubai, UAE

World AI Technology Expo
May 14–15

Read more

🎉 Celebration

CyAN 10th Anniversary
(Details TBA)

GITEX Europe Logo

📍 Berlin, Germany

GITEX Europe Messe
May 21–23

Read more
MaTeCC Logo

📍 Rabat, Morocco

MaTeCC
June 7–9

Read more

🌐 Online

CyAN Q2 Call (APAC + Gulf)
June 11 – 12:00 GST / 16:00 SGT / 18:00 AEST

🌐 Online

CyAN Q2 Call (EMEA + Americas)
June 11 – 20:00 GST / 18:00 CET / 17:00 UTC / 12:00 EDT

Recent Digests
-
by Cyan Staff
No Time for Antics with Semantics: Why CVEs Are Cybersecurity’s Lifeline
17/04/2025

No Time for Antics with Semantics: Why CVEs Are Cybersecurity’s Lifeline

The cybersecurity world runs on shared language. We don’t often talk about it in those terms—but that’s exactly what the CVE (Common Vulnerabilities and Exposures) system is. A global taxonomy of flaws. A universal index of weakness. The quiet backbone that lets defenders coordinate responses 

The CyAN Blog
-
by Kim McDonald