Tag: governance

Cyber (In)Securities – Issue 151 – Snapshot Edition

Cyber (In)Securities – Issue 151 – Snapshot Edition

You can download this edition using the download icon at the bottom. To enlarge the view, click the fullscreen icon on the bottom right. All article titles inside the flipbook are clickable links.

Cyber (In)Securities – Issue 137

Cyber (In)Securities – Issue 137

Information Security News 1. Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbedThe Register – Thomas ClaburnRead more 2. CoffeeLoader Malware Is Stacked With Viscous Evasion TricksDark Reading – Becky BrackenRead more 3. Phishing platform ‘Lucid’ behind wave of iOS, Android 

Cyber (In)Securities – Issue 136

Cyber (In)Securities – Issue 136

Information Security News

Italian government approved use of spyware on members of refugee NGO, MPs told

The Guardian by Angela Giuffrida & Stephanie Kirchgaessner
Italian lawmakers have been informed that spyware was authorised against members of a refugee NGO, sparking fierce backlash over potential human rights violations. Critics argue this blurs the line between national security and the criminalisation of humanitarian work. The use of surveillance tools on aid workers raises serious concerns about transparency, oversight, and democratic accountability. It also reignites broader debates on the unchecked proliferation of spyware in democratic societies and its chilling effect on civil society, dissent, and freedom of expression.
Read more

How CISA Cuts Impact Election Security

Dark Reading by Alexander Culafi
Budget cuts to CISA are raising alarms ahead of the U.S. election season, with experts warning that downsizing critical cyber defences could leave electoral infrastructure vulnerable. The agency plays a vital role in helping states defend against disinformation, phishing campaigns, and nation-state meddling — all of which are expected to escalate. Reducing CISA’s capacity now not only limits real-time response capabilities but also undermines public trust. With threats evolving, the need for robust, well-funded cyber readiness has never been more urgent — especially when democratic legitimacy is on the line.
Read more

Mozilla warns Windows users of critical Firefox sandbox escape flaw

BleepingComputer by Sergiu Gatlan
A newly disclosed Firefox vulnerability allows attackers to bypass the browser’s sandbox protections on Windows, exposing users to significant risk. The flaw could let malicious code execute with elevated privileges, opening the door to full system compromise when paired with other exploits. Mozilla has issued patches and urges users to update immediately. This incident underscores how even widely trusted tools can harbour critical flaws—and how attackers continue to target popular software used by millions. Regular patching and layered defences remain essential in mitigating zero-day threats.
Read more

New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records

The Hacker News by Ravie Lakshmanan
A sophisticated phishing kit dubbed “Morphing Meerkat” has been spotted in the wild, leveraging victims’ own DNS email records to convincingly impersonate more than 100 well-known brands. This dynamic attack method enables real-time spoofing, tricking recipients into trusting fraudulent emails with alarming accuracy. By tailoring each message to align with the recipient’s existing email infrastructure, the kit bypasses traditional detection methods and increases the likelihood of successful compromise. Organisations are urged to review DNS configurations, implement strict email authentication protocols like DMARC, and educate users to spot red flags in even the most convincing emails.
Read more

Security shop pwns ransomware gang, passes insider info to authorities

The Register by Connor Jones
In a bold counteroffensive, cybersecurity firm Halcyon turned the tables on a ransomware gang by infiltrating their operations and relaying critical intel to law enforcement. The gang in question, involved in high-profile attacks under various aliases like Arcus Media and Volcano Demon, has been using advanced ransomware variants to target enterprises globally. Halcyon’s efforts exposed tools, payment structures, and infrastructure used by the criminals, aiding investigations. This proactive move not only disrupted ongoing campaigns but also highlighted the growing role private sector defenders play in hunting threat actors. It’s a rare but powerful win for the good guys.
Read more

UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach

SecurityWeek by Eduard Kovacs
A UK software company has been hit with a £3 million fine after a ransomware attack led to a significant data breach, exposing personal and sensitive information. Regulators found the firm failed to implement adequate cybersecurity measures, including proper access controls and regular risk assessments—despite having previously identified critical vulnerabilities. The fine underscores how regulatory bodies are tightening scrutiny around ransomware readiness and response. It also sends a clear message: neglecting basic cyber hygiene can lead to financial and reputational fallout far beyond the ransom demand. Prevention, not just reaction, is key.
Read more

Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks

The Hacker News by Ravie Lakshmanan
Cybercriminals have adapted RansomHub’s EDRKillShifter tool for use in high-profile ransomware campaigns by Medusa, BianLian, and Play. This repurposed tool is designed to neutralise endpoint detection and response (EDR) systems, making it easier for attackers to encrypt data and evade detection. Its modular design allows threat actors to target a wide range of systems, suggesting a growing level of collaboration or shared tooling among ransomware groups. The trend highlights how the ransomware ecosystem is evolving, with advanced techniques being recycled and rebranded for new campaigns—escalating the cat-and-mouse game between attackers and defenders.
Read more

SignalGate Isn’t About Signal

Wired by Andy Greenberg & Lily Hay Newman
Despite headlines suggesting otherwise, the so-called “SignalGate” controversy has little to do with the Signal messaging app itself. At the heart of the story is a national security blunder: high-ranking U.S. officials shared classified military intelligence via Signal—but the issue wasn’t the app’s encryption. It was the human error and poor judgement in using any messaging platform to share sensitive content in the first place. The coverage serves as a potent reminder that even the most secure tools can’t compensate for bad operational security. In this case, the real breach wasn’t in technology—it was in trust and protocol.
Read more

Fake DeepSeek Ads Spread Malware to Google Users

Dark Reading by Rob Wright
A malicious ad campaign is impersonating legitimate DeepSeek content to target Google users, distributing malware through carefully crafted phishing lures. Victims are enticed by ads that appear genuine, only to be redirected to sites hosting malware that can steal data or compromise systems. This attack highlights how even trusted ad networks can be manipulated by threat actors and underscores the risks associated with search engine advertising. As attackers continue to blend social engineering with technical deception, users are urged to verify URLs and avoid downloading content from unfamiliar sources—no matter how legitimate it looks on the surface.
Read more

Threat actor in Oracle Cloud breach may have gained access to production environments

Cybersecurity Dive by David Jones
A threat actor behind a recent Oracle Cloud breach may have infiltrated production environments, raising serious concerns about the extent of access and potential data exposure. Investigators are still piecing together the timeline, but evidence suggests that compromised credentials allowed lateral movement within the environment. The incident illustrates the dangers of credential misuse in cloud ecosystems and the critical need for layered defences, robust access controls, and continuous monitoring. As cloud dependencies grow, so does the risk—making it essential for organisations to reassess their cloud security posture before attackers find their way in.
Read more

New Atlantis AIO platform automates credential stuffing on 140 services

BleepingComputer by Bill Toulas
The Atlantis AIO platform represents a major shift in cybercrime, offering an automated solution for credential stuffing across a vast range of 140 services, including banks, email providers, and VPNs. This tool dramatically simplifies the process for cybercriminals to test and exploit stolen credentials efficiently, with advanced evasion techniques that minimise detection. It continuously updates to adapt to new security measures, making it a persistent threat. The rise of Atlantis AIO underscores the urgent need for enhanced defensive strategies across all digital platforms to counteract the growing ease of conducting large-scale fraud operations.
Read more

OpenAI Offering $100K Bounties for Critical Vulnerabilities

SecurityWeek by Ryan Naraine
OpenAI is offering bounties of up to $100,000 for critical vulnerabilities, reinforcing the vital role of responsible disclosure in safeguarding AI systems. As generative models become more embedded in sensitive operations, the stakes for security have never been higher. This initiative rewards researchers for identifying flaws that could lead to data leaks, prompt injection attacks, or unauthorised model manipulation. It also signals growing awareness that AI products, like any tech, require continuous testing, ethical oversight, and community involvement to remain secure at scale.
Read more

New Readerupdate Malware Variants Target MacOS Users

Security Affairs by Pierluigi Paganini
New ReaderUpdate malware variants are targeting macOS users with heightened stealth and persistence. These strains masquerade as legitimate software updates, tricking victims into granting access that enables full system compromise. Once installed, the malware can monitor activity, steal credentials, and evade detection through rootkit-like behaviour. Security researchers warn that this marks a worrying escalation in macOS-targeted campaigns, reinforcing the need for vigilant patching, strict download practices, and robust endpoint protection—even in ecosystems traditionally seen as safer.
Read more

INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust

The Hacker News by Ravie Lakshmanan
INTERPOL’s latest operation has led to the arrest of 306 individuals and the seizure of nearly 2,000 devices in a sweeping international crackdown on cybercrime. Coordinated across 55 countries, the operation targeted a wide range of digital threats, including ransomware, phishing, and online fraud. Authorities also identified over 1,300 suspicious IP addresses and dismantled numerous criminal infrastructure networks. This effort highlights the growing success of international law enforcement collaboration in tracking and disrupting cybercriminal operations, reinforcing the importance of cross-border threat intelligence and resource sharing.
Read more

Private Data and Passwords of Senior U.S. Security Officials Found Online

Spiegel International by Patrick Beuth, Jörg Diehl, Roman Höfner, Roman Lehberger, Friederike Röhreke & Fidelius Schmid
An alarming investigation has revealed that the personal data and passwords of high-ranking U.S. security officials—some still in office—were freely available on the dark web. The compromised credentials, including those from official government platforms, were traced back to widespread data leaks and poor credential hygiene. The findings underscore the persistent risks of credential stuffing, the failure of password reuse policies, and the absence of strong multi-factor authentication. This incident is a stark reminder that even national security leaders are vulnerable if basic cybersecurity practices aren’t rigorously enforced and continuously monitored.
Read more

DOGE staffer ‘Big Balls’ provided tech support to cybercrime ring

itNews by Raphael Sagger
New revelations suggest that a DOGE-affiliated staffer, known only by the handle “Big Balls,” provided hands-on technical support to a notorious cybercrime ring. This staffer allegedly assisted in developing and troubleshooting the systems used to distribute malware and conduct illicit online activities. The involvement of someone from a federally linked entity raises critical questions about internal oversight, trust, and the porous boundaries between official platforms and malicious operations. This case highlights the urgent need for rigorous vetting, continuous monitoring, and transparent accountability for those operating within or adjacent to sensitive digital ecosystems.
Read more

Files stolen from NSW court system, including restraining orders for violence

The Register by Connor Jones
A data breach within the NSW court system has led to the exposure of sensitive legal documents, including restraining orders tied to domestic violence cases. The breach has alarmed privacy advocates and legal professionals, given the highly personal nature of the leaked information and the potential for real-world harm to victims. Authorities are investigating how the breach occurred and whether security failings enabled unauthorised access. This incident underscores the critical importance of securing judicial data, especially where the safety of vulnerable individuals may be directly compromised.
Read more

Trump signs executive order that will upend US voter registration processes

The Guardian by Joseph Gedeon & Sam Levine
A sweeping executive order signed by Donald Trump threatens to dramatically reshape how voter registration is handled across the United States. The order includes provisions that critics argue could suppress voter turnout, particularly among marginalised communities, by tightening verification requirements and limiting digital registration options. Civil liberties groups have voiced concern over the implications for election accessibility and integrity. As the US heads into another contentious election cycle, the move is expected to prompt legal challenges and intensify debates over democratic participation and electoral security.
Read more

Secretive Chinese network tries to lure fired US gov workers

itNews by AJ Vicens
A covert influence campaign linked to China is targeting recently dismissed U.S. government employees, aiming to exploit their insider knowledge and access. The campaign uses job offers and recruitment outreach as a front, hoping to gather sensitive information or sway opinion in Beijing’s favour. National security experts warn that such operations highlight the risks posed by abrupt personnel changes, especially in critical sectors like defence and cybersecurity. This development underscores the need for robust post-employment protocols and greater awareness of foreign interference tactics.
Read more

Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT

Wired by Lily Hay Newman
Concerns are mounting over the potential use of Starlink Wi-Fi within sensitive U.S. government settings like the White House. While the satellite service offers reliable internet, its proprietary infrastructure and lack of transparency raise red flags about data sovereignty, control, and vulnerability to surveillance or disruption. Security experts caution that relying on non-government-managed networks—especially those linked to powerful private entities—introduces significant risks to national cybersecurity. The situation calls for clearer federal policies around external tech integration and digital autonomy.
Read more

OTF, which backs Tor, Let’s Encrypt and more, sues to save funding from Trump cuts

The Register by Thomas Claburn
The Open Technology Fund (OTF)—a key supporter of privacy-enhancing tools like Tor and Let’s Encrypt—has launched legal action to protect its funding, which is threatened by proposed Trump-era budget cuts. OTF argues the cuts would weaken digital rights efforts globally and endanger activists, journalists, and at-risk communities who rely on secure communication platforms. The lawsuit underscores the essential role of publicly funded, open-source technologies in defending internet freedom. As global threats to online privacy grow, the outcome of this legal battle could have far-reaching implications for the future of secure digital infrastructure.
Read more

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

The Hacker News by Ravie Lakshmanan
A newly disclosed vulnerability in the NGINX Ingress Controller for Kubernetes could allow remote code execution without authentication—posing a significant threat to cloud-native environments. The flaw, dubbed “IngressNightmare,” stems from improper handling of annotations and affects multiple versions widely deployed in production. If exploited, it could let attackers execute arbitrary code, compromise workloads, and escalate privileges within clusters. Security teams are urged to apply patches immediately and review ingress configurations for exposure. As Kubernetes adoption grows, securing its control planes becomes essential to maintaining resilience in increasingly containerised infrastructure.
Read more

Top Trump officials text classified Yemen airstrike plans to journo in Signal SNAFU

The Register by Iain Thomson
A major operational security lapse has come to light involving former Trump officials, who reportedly shared classified details of Yemen airstrikes via Signal with a journalist. The messages—containing sensitive military plans—were part of a broader communication exchange that raises serious questions about mishandling of classified information and the misuse of encrypted messaging apps. While Signal itself remains secure, the incident underscores how poor operational judgment—not just technical flaws—can lead to critical breaches. Experts warn that trust in encryption tools can’t compensate for user behaviour that disregards basic security protocols, especially in government and defence circles.
Read more

New VanHelsing ransomware targets Windows, ARM, ESXi systems

BleepingComputer by Bill Toulas
A newly identified ransomware strain, VanHelsing, is making waves by targeting a diverse array of systems—including Windows, Linux on ARM, and VMware ESXi. This multi-platform approach allows attackers to cast a wider net, increasing their ability to disrupt operations across hybrid environments. Researchers say the ransomware uses a variety of obfuscation techniques and custom scripts to evade detection and escalate privileges before encrypting files. Its wide compatibility highlights a growing trend among cybercriminals to design attacks that can bypass traditional defences and strike where visibility is weakest. As hybrid infrastructure becomes the norm, organisations are urged to revisit their endpoint security, backup policies, and threat detection capabilities.
Read more

Critical ‘IngressNightmare’ Vulns Imperil Kubernetes Environments

Dark Reading by Jai Vijayan
“IngressNightmare”—is sending shockwaves through the Kubernetes community. These flaws affect the NGINX Ingress Controller, a widely used component in Kubernetes clusters, and allow remote code execution without authentication under certain configurations. With widespread usage across production environments, the exposure risk is significant, especially for organisations that have not implemented strict access controls. The discovery has prompted urgent calls for patching, configuration reviews, and broader Kubernetes security hygiene. As container orchestration grows in popularity, so too does its attractiveness to attackers, highlighting the need for continuous monitoring, rapid patch deployment, and a deeper focus on securing the cloud-native stack.
Read more

Cyberattack takes down Ukrainian state railway’s online services

BleepingComputer by Bill Toulas
A cyberattack has disrupted the online services of Ukrainian state railway operator Ukrzaliznytsia, affecting ticket purchasing and passenger information systems. While operations on the ground continue, the digital shutdown poses a serious inconvenience to travellers and reflects broader cyber risks targeting critical infrastructure in conflict zones. Ukrainian authorities suspect state-aligned threat actors, consistent with past patterns of cyber aggression amid the ongoing war. The incident highlights the vulnerability of national transport systems to digital sabotage and underscores the importance of investing in resilient infrastructure and contingency planning. As geopolitical tensions continue, public services must prioritise cybersecurity as a frontline defence.
Read more

Canadian citizen allegedly involved in Snowflake attacks consents to extradition to US

Cyberscoop by Matt Kapko
A Canadian national accused of involvement in the high-profile Snowflake data theft campaign has agreed to extradition to the United States. Authorities believe the individual was linked to cyberattacks that compromised multiple companies by exploiting misused credentials and cloud services. The decision marks a step forward in cross-border cooperation to hold cybercriminals accountable. As breaches grow in scale and complexity, this case underscores the global nature of cybercrime and the mounting pressure on legal systems to keep pace with threats exploiting cloud infrastructure and identity-based vulnerabilities.
Read more

Enhancing Threat Intelligence and Threat Detection in Australian Central Government Organisations

IT Wire by Cyrille Badeau
Australian central government agencies are under increasing pressure to modernise their cybersecurity practices, with real-time threat detection and AI-driven intelligence now essential for identifying and countering sophisticated attacks. Traditional perimeter defences are no longer sufficient—agencies must embrace advanced analytics, automation, and behavioural insights to stay resilient. Visibility across complex IT environments is critical, along with a proactive, intelligence-led approach that aligns security strategies with today’s evolving threat landscape and heightened policy expectations.
Read more

How to delete your 23andMe data and why you should do it now

ZDNet by Steven Vaughan-Nichols
Following last year’s breach that exposed the genetic data of millions, 23andMe is again under fire for its data handling practices. Users are now being urged to permanently delete their personal and genetic information, with clear steps provided for doing so. With sensitive DNA profiles potentially accessed by law enforcement or third parties via platform loopholes, the risks of leaving data behind are mounting. While deletion can’t guarantee total erasure, it significantly limits future exposure and prompts a critical re-evaluation of trust in consumer genetics services.
Read more

Amazon ends little-used privacy feature that let Echo users opt out of sending recordings to company

The Associated Press
Amazon has quietly discontinued a privacy option that allowed Echo users to opt out of having their voice recordings reviewed by the company. The feature, introduced after backlash over human review of Alexa interactions, is no longer available—raising fresh concerns about transparency and user control. While Amazon claims it still limits how recordings are used, privacy advocates argue the move erodes trust and limits meaningful consent. As voice assistants become more embedded in everyday life, users may want to rethink how much they’re willing to share with their smart devices.
Read more

ANALYSIS

Explain Signal, cybersecurity, and how a journalist was sent high-level military intelligence

Virginia Tech News with France Bélanger, Aaron Brantly, Jimmy Ivory & Anthony Vance
When Atlantic editor-in-chief Jeffrey Goldberg unexpectedly received classified military plans via Signal, it exposed how encrypted messaging can be both a shield and a sword. The incident raises critical questions about digital trust, secure communications, and insider threats. While apps like Signal are essential for privacy, they also complicate traditional information controls. This analysis explores how governments and media must rethink cybersecurity training and access protocols, ensuring that encryption empowers democracy without unintentionally bypassing national security safeguards.
Read more

Improving cybersecurity to protect against online hate

Harvard School of Public Health by Jay Lay
Online hate is on the rise, yet cybersecurity strategies often overlook its role in fuelling real-world violence. This fascinating piece explores how hate-fuelled digital abuse transcends mere content moderation, requiring stronger security protocols to shield targets from harassment, doxxing, and coordinated attacks. It highlights the need for an interdisciplinary approach—combining tech, policy, and public health—to build safer platforms. Addressing online hate isn’t just about protecting reputations; it’s about safeguarding mental health, social cohesion, and democratic discourse from digital weaponisation.
Read more

Cybersecurity Gaps Leave Doors Wide Open

Dark Reading by Jai Vijayan
Despite growing investment in cybersecurity, many organisations remain exposed due to fundamental oversights—such as misconfigured systems, weak identity management, and neglected patching routines. These gaps are routinely exploited in ransomware, phishing, and supply chain attacks. Security leaders are being urged to refocus on core cyber hygiene, ensuring that basic controls are prioritised alongside advanced tools. In a threat environment where attackers thrive on preventable mistakes, resilience depends not on having the flashiest defences, but on the reliability of the essentials.
Read more

Global Data Privacy Minefield

PrivID (Substack)
Navigating global data privacy laws has become a regulatory tightrope walk. With divergent standards between the EU, U.S., and emerging markets, organisations must juggle compliance obligations while maintaining operational efficiency. This analysis explores the growing friction between localisation mandates and cross-border data flows, warning that inconsistent regulation threatens innovation and business continuity. Without harmonised frameworks or updated treaties, companies face legal uncertainty and escalating costs. Clearer global alignment is essential to create a digital ecosystem where privacy rights are upheld without stifling economic growth.
Read more

Australia’s government agencies use encrypted messaging apps such as Signal. But should they?

The Guardian by Josh Taylor & Josh Butler
The increasing reliance on encrypted messaging apps like Signal by Australian government agencies has sparked debate over security, transparency, and public accountability. While these tools provide robust privacy and are vital for protecting sensitive communications, they also raise concerns about record-keeping obligations and public access to government decisions. This piece explores the tension between national security needs and democratic oversight, questioning whether these apps are being used appropriately or risk circumventing proper governance. Striking the right balance is critical to maintaining trust and compliance in the digital age.
Read more

When Cybersecurity Measures Backfire

PrivID (Substack)
Not all security controls improve security—some can actually increase risk. Overly complex authentication, intrusive surveillance, or rigid access restrictions can frustrate users, encouraging risky workarounds or disengagement. In high-stakes environments, such counterproductive measures undermine trust and resilience, making systems more fragile, not less. This piece explores the paradox of protection, arguing that effective cybersecurity must be user-centred, context-aware, and flexible enough to adapt without compromising core defences. Security isn’t about more controls—it’s about smarter, more human-focused ones.
Read more

How to Enter the US With Your Digital Privacy Intact

Wired by Andy Greenberg
Crossing the U.S. border with your digital devices can feel like navigating a surveillance minefield. Authorities may search phones, demand passwords, or access cloud data—raising major privacy concerns for travellers, especially journalists and activists. This guide outlines how to protect your digital footprint, from using burner devices and disabling biometric locks to limiting stored sensitive data and backing up securely beforehand. Maintaining digital privacy at international borders isn’t just about evasion—it’s about preparation, precaution, and understanding your rights in a data-driven world.
Read more

Is nation-state hacking becomes ‘more in your face,’ are supply chains secure?

The Register by Jessica Lyons
The gloves are off—nation-state hacking is no longer covert, it’s confrontational. As geopolitical tensions rise, adversaries are escalating cyber operations, targeting supply chains with brazen attacks that aim to destabilise critical infrastructure and erode trust. With the SolarWinds and Microsoft Exchange attacks still casting long shadows, experts warn that many organisations remain underprepared for these sophisticated threats. The piece calls for improved vendor scrutiny, real-time threat intelligence, and resilient architecture to withstand increasingly direct cyber onslaughts from well-resourced state actors.
Read more

CyAN Members: Op Eds, Articles, etc:

CyAN Members: NEWS

STATISTICS & INSIGHTS

powered by evisec

Highlights from this week’s cybersecurity research by evisec – CRD #19
CyAN Member and evisec CEO Henry Röigas
Highlights from the latest cybersecurity research sources by evisec: Read more
• Ransomware hits record high: February 2025 saw 962 victims—more than double the monthly average—with Cl0p behind one-third of cases.
• Credential compromise leads access: Nearly half of ransomware cases in 2024 began with compromised credentials, often via brute-force or weak MFA.
• Infostealers drive initial access market: 3.2 billion credentials were leaked in 2024, 75% linked to infostealers.
• Machine identities under attack: Half of surveyed firms faced breaches via exposed API keys or certificates; usage is rising fast.
• LLMs linked to secret leaks: GitHub repos using Copilot saw 40% more hardcoded secrets, highlighting AI-related security risks.

Upcoming CyAN (and CyAN Partner) Global Events:

  • Trust & Safety Forum at Forum INCYBER Europe (FIC), Lille, France: April 1–2 Read more
  • Supply Chain Cyber Security Summit (SCCS), Lisbon, Portugal: April 9–11 Read more
  • GITEX AFRICA, Marrakesh, Morocco: April 14–16 Read more
  • GITEX ASIA, Singapore (Marina Bay Sands): April 23–25 Read more
  • GISEC, Dubai World Trade Centre, UAE: May 6–8 Read more
  • The Cyber Outstanding Security Performance Awards (Cyber OSPAs), London, UK: May 8 Read more
  • CSG Awards 2025, Dubai: May 7 Read more
  • World AI Technology Expo, Dubai, UAE: May 14–15 Read more
  • CyAN 10th Anniversary Celebrations!
  • GITEX Europe Messe, Berlin, Germany: May 21–23 Read more
  • MaTeCC, Rabat, Morocco (The third annual North Africa cybersecurity event, hosted by CyAN partner École High-Tech): June 7–9, 2025 Read more
  • CyAN Q2 Community Call (APAC and the Gulf): June 11, 12:00 GST / 16:00 SGT / 18:00 AEST
  • CyAN Q2 Community Call (EMEA and the Americas): June 11, 20:00 GST / 18:00 CET / 17:00 UTC / 12:00 EDT

Welcome New Member – Abid Malik from Dubai

Welcome New Member – Abid Malik from Dubai

Please welcome our newest member from Dubai, Abid Malik! Abid Malik isn’t just a GRC and cybersecurity advisor—he’s a strategist who turns risk management into business opportunities. With 20+ years of experience across banking, fintech, and multinational sectors, he helps businesses strengthen security, navigate regulations, 

Cyber (In)Securities – Issue 130

Information Security News House Passes Bill Requiring Federal Contractors to Implement Vulnerability Disclosure Policies SecurityWeek by Eduard KovacsThe U.S. House of Representatives has recently passed a bill that mandates federal contractors to establish vulnerability disclosure policies. This legislative move aims to strengthen the security of 

Cyber (In)Securities – Issue 129

Information Security News

Latin American Orgs Face 40% More Attacks Than Global Average

Dark Reading by Nate Nelson
Organisations in Latin America are experiencing a surge in cyberattacks, facing 40% more incidents than the global average. This alarming trend underscores the unique cybersecurity challenges in the region, exacerbated by rapid digital transformation and targeted attacks by sophisticated cybercriminals.
Latin American businesses are urged to significantly enhance their cyber defenses and implement comprehensive security strategies. Emphasising the need for advanced threat detection systems and robust cybersecurity training, these measures are crucial to mitigate escalating threats and protect vital infrastructures.
Read more

Nearly 12,000 API Keys and Passwords Found in AI Training Dataset

BleepingComputer by Ionut Ilascu
A concerning discovery in an AI training dataset has surfaced nearly 12,000 API keys and passwords, highlighting significant security vulnerabilities. This incident demonstrates the risks associated with using real-world data in machine learning projects without stringent verification and cleansing processes.
The inadvertent exposure of sensitive credentials could lead to substantial security breaches, emphasising the urgent need for robust data sanitisation protocols and enhanced privacy protection measures in AI development. Organisations must prioritize tightening their data handling practices to prevent similar vulnerabilities and protect sensitive information from potential cyber threats.
Read more

DHS Says CISA Won’t Stop Looking at Russian Cyber Threats

Cyberscoop by Tim Starks
The Department of Homeland Security (DHS) has reaffirmed its commitment to monitoring Russian cyber threats, as stated by the Cybersecurity and Infrastructure Security Agency (CISA). This comes amid escalating global tensions and increasing cyber activities from state-sponsored groups.
CISA emphasises the continuous need for vigilance and proactive measures to counter these threats effectively. The agency’s ongoing focus on Russian cyber operations underscores the critical importance of national cyber defence strategies in protecting U.S. infrastructures and maintaining cybersecurity resilience.
Read more

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

The Hacker News by Ravie Lakshmanan
Hackers are exploiting misconfigurations in Amazon Web Services (AWS), specifically targeting SES and WorkMail, to launch sophisticated phishing attacks. This tactic allows cybercriminals to send seemingly legitimate emails from trusted domains, significantly increasing the likelihood of successful scams.
The incidents highlight the critical vulnerabilities associated with cloud services and the necessity for stringent security practices. Organisations using AWS are urged to conduct regular security audits and tighten configurations to thwart these phishing schemes and protect sensitive data from being compromised.
Read more

EU’s New Product Liability Directive & Its Cybersecurity Impact

Dark Reading by Jatin Mannepalli
The EU’s New Product Liability Directive introduces significant changes with profound implications for cybersecurity across member states. This legislation extends liability to include digital products, compelling manufacturers to ensure higher security standards to avoid legal repercussions.
It’s designed to protect consumers from potential harms caused by digital products and services, including those related to cybersecurity breaches. This directive not only aims to enhance consumer protection but also pushes companies to adopt more rigorous cybersecurity measures, thereby elevating the overall security posture within the digital marketplace.
Read more

Microsoft Unveils Finalized EU Data Boundary as European Doubt Over US Grows

The Register by Richard Speed
Microsoft has officially finalized the EU Data Boundary, responding to increasing European concerns about data privacy and the handling of information by U.S. entities. This strategic move ensures that all personal data from European customers will be stored and processed within EU borders, aligning with stringent EU data protection regulations.
The implementation of this boundary aims to mitigate legal risks, enhance data sovereignty, and strengthen trust among European users. It reflects Microsoft’s commitment to addressing privacy concerns and adapting to global demands for more localised and secure data management practices.
Read more

UK Watchdog to Investigate TikTok and Reddit Over Use of Children’s Data

The Guardian by Robyn Vinter
The UK watchdog is set to investigate TikTok and Reddit for their handling of children’s data, raising significant concerns about privacy and protection online. This inquiry highlights potential violations of data protection laws intended to safeguard minors from misuse of their personal information on these platforms.
The investigation aims to ensure that both social media giants adhere strictly to legal standards, emphasising the importance of robust age verification processes and transparent data usage policies. This action underscores the growing urgency to protect young users in the digital landscape, where personal data is often vulnerable to exploitation.
Read more

C++ Creator Calls for Help to Defend Programming Language from ‘Serious Attacks’

The Register by Thomas Claburn
Bjarne Stroustrup, the esteemed creator of C++, has urgently called for support to defend the programming language from what he terms as ‘serious attacks’. These attacks compromise the integrity and efficiency of C++, potentially undermining its reliability and performance for developers globally.
Stroustrup emphasises the critical importance of rallying the programming community to protect C++ and maintain its foundational role in software development, impacting a vast array of applications across various industries. He stresses the potential long-term implications for technological innovation and software integrity if these challenges are not addressed effectively.
Read more

LinkedIn Scam Emails Warning

ITWire by Gordon Peters
Amid rising cybersecurity concerns, LinkedIn users are increasingly targeted by sophisticated scam emails that mimic official communications. These phishing attempts are designed to steal personal data by convincing users to click on malicious links that appear to be legitimate LinkedIn updates.
Security experts are sounding the alarm, highlighting the growing prevalence and sophistication of these scams. They strongly urge users to be vigilant, to verify the authenticity of messages, and to understand the risks to their personal information online amid these evolving cyber threats, emphasising the need for enhanced digital literacy.
Read more

Extreme Online Violence May Be Linked to Rise of ‘0 to 100’ Killers, Experts Say

The Guardian by Rachel Hall
Experts are increasingly concerned about the link between extreme online violence and the emergence of ‘0 to 100’ killers, individuals who rapidly escalate from no criminal background to committing severe acts of violence. This phenomenon is being studied as part of broader efforts to understand how digital environments influence offline behaviour.
Researchers are examining patterns in online activity that may predict these sudden violent outbursts, suggesting that early intervention could prevent potential tragedies. The focus is on creating tools and strategies to identify and mitigate these risks before they manifest in real-world violence.
Read more

Ransomware Gangs Exploit Paragon Partition Manager Bug in BYOVD Attacks

BleepingComputer by Bill Toulas
Ransomware gangs are exploiting a vulnerability in Paragon Partition Manager to conduct BYOVD (Bring Your Own Vulnerable Driver) attacks. This technique allows attackers to bypass security measures by using legitimate but flawed drivers.
Security researchers warn that this vulnerability is particularly dangerous because it enables ransomware to gain deep system access without immediate detection. The exploit has been used in several high-profile ransomware campaigns, highlighting the critical need for updates and patches to protect against such sophisticated cyber threats. Efforts are underway to mitigate the risk by providing timely security updates and educating users on the importance of maintaining software integrity.
Read more

Tarlogic Discovers Security Flaw Allowing Eavesdropping on Private Conversations via Bluetooth Headset Microphone

IT Security Guru by Daniel Tannenbaum
Tarlogic Security has uncovered a significant flaw in Bluetooth technology that allows eavesdropping on private conversations via Bluetooth headset microphones. This vulnerability can be exploited without alerting the device owner, making it a serious privacy concern.
Researchers at Tarlogic warn that this flaw not only breaches individual privacy but also poses a risk to corporate security if sensitive business discussions are intercepted. The discovery has prompted calls for immediate updates to Bluetooth security protocols to prevent such vulnerabilities and protect users from potential espionage.
Read more

SolarWinds CISO Says Security Execs Are ‘Nervous’ About Individual Liability for Data Breaches

Cyberscoop by Derek B. Johnson
Tim Brown, the CISO of SolarWinds, has voiced concerns that security executives are becoming increasingly nervous about being held personally liable for data breaches. This anxiety is driven by the rising frequency and severity of cyber attacks, which are putting immense pressure on security frameworks.
Brown emphasises the need for robust security measures and proactive risk management strategies to protect against potential breaches. Additionally, there is a call for clearer regulations and support systems to help security professionals manage these challenges without the fear of personal repercussions.
Read more

Attackers Could Hack Smart Solar Systems and Cause Serious Damage

Security Affairs by Pierluigi Paganini
Security researchers have raised alarms over vulnerabilities in smart solar systems that could be exploited by hackers to cause serious damage. These systems, integral to renewable energy grids, can be remotely accessed if not properly secured, allowing attackers to manipulate energy production or disrupt power supplies.
The potential for such attacks underscores the need for stringent security measures in the burgeoning smart energy sector. This threat not only poses risks to energy stability but also highlights broader implications for national security as reliance on renewable technologies increases.
Read more

US Soldier Intends to Admit Hacking 15 Telecom Carriers

Dark Reading by Kristina Beek
A US soldier has signalled intentions to plead guilty to hacking into the systems of 15 telecom carriers, exposing significant vulnerabilities in telecommunications security. This case highlights the risk of insider threats where individuals exploit their technical skills and security clearances to access sensitive information, posing serious implications for national security.
The incident has prompted authorities to reevaluate and strengthen security protocols across the telecommunications industry, emphasising the need for rigorous access controls and ongoing surveillance to prevent future breaches.
Read more

Qilin Ransomware Claims Attack at Lee Enterprises, Leaks Stolen Data

BleepingComputer by Bill Toulas
Qilin ransomware has targeted Lee Enterprises, marking a significant breach in media cybersecurity. The group behind the attack has not only encrypted the company’s data but also begun leaking sensitive information to pressure for a ransom.
This incident highlights the increasing threat ransomware poses to the media sector, where disruptions can significantly impact operations and information integrity. Lee Enterprises is currently assessing the damage and coordinating with cybersecurity experts to mitigate the effects, reinforce their defenses, and prevent future attacks.
Read more

Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone

The Hacker News by Ravie Lakshmanan
Amnesty International has reported that a zero-day exploit in Cellebrite’s forensic technology was used to unlawfully access the Android phone of a Serbian activist. This breach underscores significant privacy concerns and the potential for misuse of surveillance tools.
The exploit enabled unauthorised access to sensitive personal data, exposing vulnerabilities in technologies that are commonly used by law enforcement worldwide. This incident has intensified calls for more stringent regulations on digital surveillance tools to prevent their use in political repression or other harmful activities, advocating for an international effort to protect digital rights and ensure privacy.
Read more

Meta Apologises Over Flood of Gore, Violence, and Dead Bodies on Instagram

The Guardian by Dan Milmo
Meta has issued an apology following a surge of disturbing content on Instagram, including graphic violence and images of deceased individuals. This influx has sparked widespread criticism and raised questions about the platform’s content moderation policies.
Meta has acknowledged the distress caused to users and is reviewing its algorithms and moderation practices to better detect and filter out such inappropriate content. The company has reiterated a commitment to improving its systems to ensure that Instagram remains a safe space for its community, emphasising the importance of safeguarding user experience against harmful content.
Read more

Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains

The Hacker News by Ravie Lakshmanan
Cybersecurity researchers have identified a new threat where fake CAPTCHA PDFs are being used to distribute Lumma Stealer malware across multiple domains, including Webflow and GoDaddy. This sophisticated scheme tricks users into downloading malware under the guise of verifying identity, exploiting trusted website functionalities.
The Lumma Stealer can extract a wide range of personal information, leading to significant privacy breaches. Experts are urging users to be cautious with downloads and to verify the authenticity of files and requests, especially when prompted by unexpected security checks.
Read more

Microsoft Disrupted a Global Cybercrime Ring Abusing Azure OpenAI Service

Security Affairs by Pierluigi Paganini
Microsoft has successfully disrupted a global cybercrime ring that was abusing its Azure OpenAI service. The operation involved cybercriminals using the service for malicious activities, including phishing and spreading malware.
Microsoft’s intervention highlights the ongoing battle against cyber threats exploiting cloud platforms. The company’s proactive measures have prevented further misuse, demonstrating the critical need for continuous monitoring and rapid response capabilities in cloud services. This event underscores the importance of vigilance and technological readiness in thwarting cybercriminal activities that leverage powerful cloud-based tools.
Read more

Farm and Food Cybersecurity Act Reintroduced to Protect Food Supply Chain from Cyber Threats

Industrial Cyber by Anna Ribeiro
The US Farm and Food Cybersecurity Act has been reintroduced to bolster cybersecurity across the food supply chain. This legislative push aims to protect critical infrastructure from cyber threats that could disrupt food production and distribution.
The act calls for enhanced security protocols, collaboration between government agencies and private sectors, and increased funding for cybersecurity measures. This initiative highlights the growing recognition of the vulnerability of the agricultural sector to cyber attacks, emphasising the importance of safeguarding this essential industry from potential disruptions.
Read more

Over 49,000 Misconfigured Building Access Systems Exposed Online

BleepingComputer by Bill Toulas
Over 49,000 building access control systems have been found exposed online due to misconfigurations, posing a significant security risk. These systems, which manage entry to facilities, could potentially allow unauthorised access if exploited by cybercriminals.
The exposure highlights a widespread issue in the security practices surrounding building management systems and underscores the need for stringent security audits and configurations. Cybersecurity experts are calling for immediate action to address these vulnerabilities to prevent potential breaches that could compromise both physical and data security.
Read more

ANALYSIS

Third-Party Risk Tops Cybersecurity Claims

Dark Reading by Robert Lemos
Recent findings reveal that third-party risks now lead as the primary cause of cybersecurity claims, underscoring the significant vulnerabilities associated with external collaborations. These risks stem from inadequate security measures among vendors and partners, potentially leading to data breaches and substantial financial losses.
The rise in such claims highlights the necessity for Organisations to enhance their third-party risk management protocols, ensuring rigorous security assessments and continuous monitoring of external entities. This proactive approach is essential to safeguard sensitive data and maintain robust cybersecurity defenses in an interconnected business environment.
Read more

Top 10 Most Probable Ways a Company Can Be Hacked

Dark Reading by Erich Kron
Cybersecurity expert Erich Kron has compiled a list of the top ten most probable ways companies can fall victim to hackers. This list serves as a crucial guide for businesses aiming to bolster their cyber defences.
The vulnerabilities range from phishing and malware to weak passwords and unsecured remote access. Kron emphasises the importance of awareness and proactive measures, such as regular updates, training employees, and implementing strong access controls. Highlighting these common vulnerabilities aims to empower companies to better protect themselves from increasingly sophisticated cyber threats.
Read more

This 5-Year Tech Industry Forecast Predicts Some Surprising Winners – and Losers

ZDNet by Joe McKendrick
A recent five-year forecast for the tech industry has identified potential winners and losers, shedding light on expected shifts in market dynamics. The report predicts that emerging technologies like artificial intelligence and blockchain will see significant growth, while traditional sectors may face challenges adapting to rapid technological changes.
Analysts stress the importance of innovation and flexibility for companies aiming to thrive in this evolving landscape. The forecast serves as a strategic guide for stakeholders to anticipate changes and strategically position themselves for success in the competitive tech arena.
Read more

3 Things to Know About AI Data Poisoning

Dark Reading by Arvind Nithrakashyap
AI data poisoning is emerging as a critical cybersecurity threat, allowing attackers to manipulate machine learning models by corrupting their training data. This technique can degrade AI performance, introduce biases, or even cause systems to make harmful decisions.
Security experts warn that as AI becomes more integrated into critical sectors like healthcare, finance, and cybersecurity, the risk of poisoned data grows. Organisations are urged to implement robust data validation, adversarial testing, and security protocols to safeguard AI integrity and prevent malicious exploitation of AI-driven technologies.
Read more

Fortifying Financial Services Cybersecurity with Threat Intelligence and Cybersecurity Automation

Financial IT by Chris Jacob
The financial sector is ramping up cybersecurity efforts by integrating threat intelligence and automation to combat increasingly sophisticated cyber threats. Experts highlight how automation enhances threat detection and response times, reducing reliance on manual processes that leave institutions vulnerable.
By leveraging AI-driven security measures, financial firms can better predict, prevent, and mitigate cyber attacks. As cybercriminal tactics evolve, industry leaders emphasise the necessity of real-time intelligence and automated defenses to protect sensitive financial data and maintain customer trust.
Read more

CyAN Members: Op Eds, Articles, etc:

The Cost of Silence: Enhancing Cyber Safety to Address Domestic Violence’s Impact on Women’s Employment and Education

Kim Chandler McDonald
CyAN Global VP Kim Chandler McDonald explores how technology-facilitated abuse disrupts women’s employment and education, limiting financial independence and career growth. She highlights the role of digital safety in preventing coercive control and ensuring that survivors can access opportunities without fear of online harassment.
The article advocates for stronger policies, employer awareness, and cybersecurity solutions that protect at-risk individuals. By addressing these challenges, Kim underscores the urgent need for systemic changes to create safer digital spaces and empower affected women.
Read more

Open Letter – Support for Responsible Cybersecurity Vulnerability Disclosure in Germany

CyAN Staff
CyAN staff have issued an open letter advocating for responsible cybersecurity vulnerability disclosure in Germany, emphasising the need for clear legal protections for security researchers. The letter highlights concerns that without proper safeguards, ethical hackers may face legal repercussions for exposing security flaws.
CyAN calls for legislation that encourages transparency, cooperation, and responsible reporting to strengthen Germany’s cybersecurity posture. The initiative aims to balance security needs with ethical considerations, ensuring researchers can contribute without fear of prosecution.
Read more

CyAN Member’s News

We at CyAN are ALWAYS overjoyed to celebrate our members’ successes and their contributions to the cybersecurity community!

We’re immensely proud to share that two esteemed members of the CyAN community, CyAN member Mohit Makhija and CyAN APAC Director Saba Bagheri, are finalists in the prestigious 2025 Australian Cyber Awards!

Mohit has been recognised in the Cyber Security Professional of the Year category, while Saba has earned accolades in both the Cyber Security Consultant of the Year – Enterprise and Cyber Security Professional of the Year – Government and Defence categories.

Their nominations are a testament to their outstanding contributions and dedication to the field of cybersecurity. Join us in congratulating Mohit and Saba—we are rooting for their success and celebrate their well-deserved recognition!

🔗 Mohit’s LinkedIn Post
🔗 Saba’s LinkedIn Post

And there’s more!

Please join us in celebrating our valued member Mohammed Shakil Khan, who has earned his Independent Director Certification from IICA and is now part of the Independent Director’s Databank of the Ministry of Corporate Affairs, Govt. of India.

Congratulations, Mohammed!

We’re excited to celebrate your achievement in earning the Independent Director Certification from the Indian Institute of Corporate Affairs (IICA) and becoming part of the Independent Director’s Databank under the Ministry of Corporate Affairs, Govt. of India.

This milestone reflects your dedication to corporate governance and leadership. Wishing you continued success in making an impact!

🔗 Mohammed’s LinkedIn Post

How MITRE ATT&CK Helps Us Understand and Stop Cyber Threats

Fel Gayanilo
CyAN General Secretary Fel Gayanilo explores how the MITRE ATT&CK framework enhances cybersecurity by providing a structured way to identify, analyse, and mitigate cyber threats. The framework helps security teams understand attacker tactics, techniques, and procedures, enabling more effective threat detection and response.
Gayanilo highlights its role in improving incident response, refining threat intelligence, and strengthening organisational security postures. As cyber threats evolve, he emphasises that leveraging frameworks like MITRE ATT&CK is crucial for staying ahead of adversaries and proactively defending critical systems.
Read more

Upcoming CyAN (and CyAN Partner) Global Events:

Breaking the Cycle: Combating Online IBSA for a Safer Digital Experience webinar, March 6th (EST 6AM, CET 12PM, AEST 10PM)
Register here

CyAN APAC: The Geopolitical Impacts of Cyber Threats: From Espionage to Influence keynote by Dan Elliot, March 12, Peoplebank, Sydney
More info

Trust & Safety Forum at Forum INCYBER Europe (FIC), Lille, France: April 1-2
More info

GITEX AFRICA, Marrakesh, Morocco: April 14-16
More info

GITEX ASIA, Singapore (Marina Bay Sands): April 23-25
More info

GISEC, Dubai World Trade Center, Dubai, UAE: May 6-8
More info

The Cyber Outstanding Security Performance Awards (Cyber OSPAs), May 8, London, UK
More info

World AI Technology Expo UAE, Dubai, UAE: May 14-15, 2025
More info

MaTeCC, Rabat, Morocco: June 7-9, 2025
(The third annual North Africa and beyond cybersecurity event, hosted by CyAN partner organisation École High-Tech.)
More info


📄 Download the full issue of CyAN Cyber (In)Securities Issue 12
Click here to view the PDF

Australia’s Digital Destiny: Leading the Charge for Online Freedom

Australia’s Digital Destiny: Leading the Charge for Online Freedom

Introduction In today’s interconnected world, the importance of digital rights cannot be overstated. While the European Union is making commendable strides in this arena, Australia stands at a pivotal juncture to assert its leadership in championing online freedom. The nation’s commitment to democratic values, coupled 

Beyond Data Protection Day: Safeguarding Our Digital Lives Every Day

Beyond Data Protection Day: Safeguarding Our Digital Lives Every Day

January 28th was Data Protection Day—a global reminder that privacy isn’t just a legal formality or an operational headache. It’s a fundamental pillar of trust. If your business handles client or customer data (and let’s be honest, that includes almost every business these days), you