Tag: information security
Cyber (In)Securities – Issue 144
News Quantum computer threat spurring quiet overhaul of internet securityCyberscoop – Greg Otto Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacksBleepingComputer – Bill Toulas Dems look to close the barn door after top DOGE dog has boltedThe Register – Brandon Vigliarolo Canadian Electric Utility …
Cyber (In)Securities – Issue 143
News
-
Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn
The Register – Brandon Vigliarolo -
Cybersecurity experts issue response to Trump order targeting Chris Krebs, SentinelOne
Cyberscoop – Greg Otto -
Marks & Spencer breach linked to Scattered Spider ransomware attack
BleepingComputer – Lawrence Abrams -
House passes bill to study routers’ national security risks
Cyberscoop – Matt Braken -
Hitachi Vantara takes servers offline after Akira ransomware attack
BleepingComputer – Sergiu Gatlan -
Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw
BleepingComputer – Bill Toulas -
Cybersecurity vendors are themselves under attack by hackers, SentinelOne says
Cyberscoop – Tim Starks -
VeriSource now says February data breach impacts 4 million people
BleepingComputer – Bill Toulas -
DragonForce expands ransomware model with white-label branding scheme
BleepingComputer – Ionut Ilascu -
WooCommerce admins targeted by fake security patches that hijack sites
BleepingComputer – Bill Toulas -
Amid CVE funding fumble, ‘we were mushrooms, kept in the dark,’ says board member
The Register – Jessica Lyons -
More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans
The Register – Connor Jones -
Mobile provider MTN says cyberattack compromised customer data
BleepingComputer – Bill Toulas -
Vehicles Face 45% More Attacks, 4 Times More Hackers
Dark Reading – Nate Nelson -
Gig-Work Platforms at Risk for Data Breaches, Fraud, Account Takeovers
Dark Reading – Tatiana Walk-Morris -
All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack
SecurityWeek – Ionut Arghire -
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
The Hacker News – Ravie Lakshmanan -
Anthropic finds alarming ’emerging trends’ in Claude misuse report
ZDNet – Radhika Rajkumar -
Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry
The Register – Jessica Lyons -
‘SessionShark’ ToolKit Evades Microsoft Office 365 MFA
Dark Reading – Kristina Beek -
Assassin’s Creed maker faces GDPR complaint for forcing single-player gamers online
The Register – Brandon Vigliarolo -
Interlock ransomware claims DaVita attack, leaks stolen data
BleepingComputer – Bill Toulas -
Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances
SecurityWeek – Ryan Naraine -
‘Warning sign’: Espionage driving APAC cyber surge
InnovationAus – Trish Everingham
Analysis
-
The Trouble with AI in Cybersecurity – Part 5: Ethics on Autopilot
PrivID (Substack) -
Mobile Applications: A Cesspool of Security Issues
Dark Reading – Robert Lemos -
M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat
Dark Reading – Kevin Townsend -
Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy
SecurityWeek – Danelle Au -
Why NHIs Are Security’s Most Dangerous Blind Spot
The Hacker News -
Navigating Regulatory Shifts & AI Risks
Dark Reading – Arnaud Treps
CyAN Members: News
-
Comment instaurer une relation de confiance entre le DPO et le Hacker Éthique ?
Cybersecurity Advisors Network -
CyAN Global Vice President Kim Chandler McDonald judges Australian Space Awards
Space Connect -
Michael do Rozario Named Finalist for Lawyers Weekly Partner of the Year Awards 2025
Lawyers Weekly
🗓️ Upcoming CyAN (and CyAN Partner) Global Events:
🎉 Celebration
CyAN 10th Anniversary
(Details TBA)
🌐 Online
CyAN Q2 Call (APAC + Gulf)
June 11 – 12:00 GST / 16:00 SGT / 18:00 AEST
🌐 Online
CyAN Q2 Call (EMEA + Americas)
June 11 – 20:00 GST / 18:00 CET / 17:00 UTC / 12:00 EDT
Cyber (In)Securities – Issue 139
Information Security News Autonomous, GenAI-Driven Attacker Platform Enters the ChatDark Reading – Elizabeth Montalbano EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcherBleepingComputer – Bill Toulas Voluntary ‘Pall Mall Process’ seeks to curb spyware abusesCyberscoop – Tim Starks That massive GitHub supply chain attack? It all …
Cyber (In)Securities – Issue 138
Information Security News Disclosure Drama Clouds CrushFTP Vulnerability ExploitationDark Reading – Rob Wright CISA warns of Fast Flux DNS evasion used by cybercrime gangsBleepingComputer – Bill Toulas Google Quick Share Bug Bypasses Allow Zero-Click File TransferDark Reading – Tara Seals China-Linked Threat Group Exploits Ivanti …
Cyber (In)Securities – Issue 136

Information Security News
Italian government approved use of spyware on members of refugee NGO, MPs told
The Guardian by Angela Giuffrida & Stephanie Kirchgaessner
Italian lawmakers have been informed that spyware was authorised against members of a refugee NGO, sparking fierce backlash over potential human rights violations. Critics argue this blurs the line between national security and the criminalisation of humanitarian work. The use of surveillance tools on aid workers raises serious concerns about transparency, oversight, and democratic accountability. It also reignites broader debates on the unchecked proliferation of spyware in democratic societies and its chilling effect on civil society, dissent, and freedom of expression.
Read more
How CISA Cuts Impact Election Security
Dark Reading by Alexander Culafi
Budget cuts to CISA are raising alarms ahead of the U.S. election season, with experts warning that downsizing critical cyber defences could leave electoral infrastructure vulnerable. The agency plays a vital role in helping states defend against disinformation, phishing campaigns, and nation-state meddling — all of which are expected to escalate. Reducing CISA’s capacity now not only limits real-time response capabilities but also undermines public trust. With threats evolving, the need for robust, well-funded cyber readiness has never been more urgent — especially when democratic legitimacy is on the line.
Read more
Mozilla warns Windows users of critical Firefox sandbox escape flaw
BleepingComputer by Sergiu Gatlan
A newly disclosed Firefox vulnerability allows attackers to bypass the browser’s sandbox protections on Windows, exposing users to significant risk. The flaw could let malicious code execute with elevated privileges, opening the door to full system compromise when paired with other exploits. Mozilla has issued patches and urges users to update immediately. This incident underscores how even widely trusted tools can harbour critical flaws—and how attackers continue to target popular software used by millions. Regular patching and layered defences remain essential in mitigating zero-day threats.
Read more
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records
The Hacker News by Ravie Lakshmanan
A sophisticated phishing kit dubbed “Morphing Meerkat” has been spotted in the wild, leveraging victims’ own DNS email records to convincingly impersonate more than 100 well-known brands. This dynamic attack method enables real-time spoofing, tricking recipients into trusting fraudulent emails with alarming accuracy. By tailoring each message to align with the recipient’s existing email infrastructure, the kit bypasses traditional detection methods and increases the likelihood of successful compromise. Organisations are urged to review DNS configurations, implement strict email authentication protocols like DMARC, and educate users to spot red flags in even the most convincing emails.
Read more
Security shop pwns ransomware gang, passes insider info to authorities
The Register by Connor Jones
In a bold counteroffensive, cybersecurity firm Halcyon turned the tables on a ransomware gang by infiltrating their operations and relaying critical intel to law enforcement. The gang in question, involved in high-profile attacks under various aliases like Arcus Media and Volcano Demon, has been using advanced ransomware variants to target enterprises globally. Halcyon’s efforts exposed tools, payment structures, and infrastructure used by the criminals, aiding investigations. This proactive move not only disrupted ongoing campaigns but also highlighted the growing role private sector defenders play in hunting threat actors. It’s a rare but powerful win for the good guys.
Read more
UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach
SecurityWeek by Eduard Kovacs
A UK software company has been hit with a £3 million fine after a ransomware attack led to a significant data breach, exposing personal and sensitive information. Regulators found the firm failed to implement adequate cybersecurity measures, including proper access controls and regular risk assessments—despite having previously identified critical vulnerabilities. The fine underscores how regulatory bodies are tightening scrutiny around ransomware readiness and response. It also sends a clear message: neglecting basic cyber hygiene can lead to financial and reputational fallout far beyond the ransom demand. Prevention, not just reaction, is key.
Read more
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
The Hacker News by Ravie Lakshmanan
Cybercriminals have adapted RansomHub’s EDRKillShifter tool for use in high-profile ransomware campaigns by Medusa, BianLian, and Play. This repurposed tool is designed to neutralise endpoint detection and response (EDR) systems, making it easier for attackers to encrypt data and evade detection. Its modular design allows threat actors to target a wide range of systems, suggesting a growing level of collaboration or shared tooling among ransomware groups. The trend highlights how the ransomware ecosystem is evolving, with advanced techniques being recycled and rebranded for new campaigns—escalating the cat-and-mouse game between attackers and defenders.
Read more
SignalGate Isn’t About Signal
Wired by Andy Greenberg & Lily Hay Newman
Despite headlines suggesting otherwise, the so-called “SignalGate” controversy has little to do with the Signal messaging app itself. At the heart of the story is a national security blunder: high-ranking U.S. officials shared classified military intelligence via Signal—but the issue wasn’t the app’s encryption. It was the human error and poor judgement in using any messaging platform to share sensitive content in the first place. The coverage serves as a potent reminder that even the most secure tools can’t compensate for bad operational security. In this case, the real breach wasn’t in technology—it was in trust and protocol.
Read more
Fake DeepSeek Ads Spread Malware to Google Users
Dark Reading by Rob Wright
A malicious ad campaign is impersonating legitimate DeepSeek content to target Google users, distributing malware through carefully crafted phishing lures. Victims are enticed by ads that appear genuine, only to be redirected to sites hosting malware that can steal data or compromise systems. This attack highlights how even trusted ad networks can be manipulated by threat actors and underscores the risks associated with search engine advertising. As attackers continue to blend social engineering with technical deception, users are urged to verify URLs and avoid downloading content from unfamiliar sources—no matter how legitimate it looks on the surface.
Read more
Threat actor in Oracle Cloud breach may have gained access to production environments
Cybersecurity Dive by David Jones
A threat actor behind a recent Oracle Cloud breach may have infiltrated production environments, raising serious concerns about the extent of access and potential data exposure. Investigators are still piecing together the timeline, but evidence suggests that compromised credentials allowed lateral movement within the environment. The incident illustrates the dangers of credential misuse in cloud ecosystems and the critical need for layered defences, robust access controls, and continuous monitoring. As cloud dependencies grow, so does the risk—making it essential for organisations to reassess their cloud security posture before attackers find their way in.
Read more
New Atlantis AIO platform automates credential stuffing on 140 services
BleepingComputer by Bill Toulas
The Atlantis AIO platform represents a major shift in cybercrime, offering an automated solution for credential stuffing across a vast range of 140 services, including banks, email providers, and VPNs. This tool dramatically simplifies the process for cybercriminals to test and exploit stolen credentials efficiently, with advanced evasion techniques that minimise detection. It continuously updates to adapt to new security measures, making it a persistent threat. The rise of Atlantis AIO underscores the urgent need for enhanced defensive strategies across all digital platforms to counteract the growing ease of conducting large-scale fraud operations.
Read more
OpenAI Offering $100K Bounties for Critical Vulnerabilities
SecurityWeek by Ryan Naraine
OpenAI is offering bounties of up to $100,000 for critical vulnerabilities, reinforcing the vital role of responsible disclosure in safeguarding AI systems. As generative models become more embedded in sensitive operations, the stakes for security have never been higher. This initiative rewards researchers for identifying flaws that could lead to data leaks, prompt injection attacks, or unauthorised model manipulation. It also signals growing awareness that AI products, like any tech, require continuous testing, ethical oversight, and community involvement to remain secure at scale.
Read more
New Readerupdate Malware Variants Target MacOS Users
Security Affairs by Pierluigi Paganini
New ReaderUpdate malware variants are targeting macOS users with heightened stealth and persistence. These strains masquerade as legitimate software updates, tricking victims into granting access that enables full system compromise. Once installed, the malware can monitor activity, steal credentials, and evade detection through rootkit-like behaviour. Security researchers warn that this marks a worrying escalation in macOS-targeted campaigns, reinforcing the need for vigilant patching, strict download practices, and robust endpoint protection—even in ecosystems traditionally seen as safer.
Read more
INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust
The Hacker News by Ravie Lakshmanan
INTERPOL’s latest operation has led to the arrest of 306 individuals and the seizure of nearly 2,000 devices in a sweeping international crackdown on cybercrime. Coordinated across 55 countries, the operation targeted a wide range of digital threats, including ransomware, phishing, and online fraud. Authorities also identified over 1,300 suspicious IP addresses and dismantled numerous criminal infrastructure networks. This effort highlights the growing success of international law enforcement collaboration in tracking and disrupting cybercriminal operations, reinforcing the importance of cross-border threat intelligence and resource sharing.
Read more
Private Data and Passwords of Senior U.S. Security Officials Found Online
Spiegel International by Patrick Beuth, Jörg Diehl, Roman Höfner, Roman Lehberger, Friederike Röhreke & Fidelius Schmid
An alarming investigation has revealed that the personal data and passwords of high-ranking U.S. security officials—some still in office—were freely available on the dark web. The compromised credentials, including those from official government platforms, were traced back to widespread data leaks and poor credential hygiene. The findings underscore the persistent risks of credential stuffing, the failure of password reuse policies, and the absence of strong multi-factor authentication. This incident is a stark reminder that even national security leaders are vulnerable if basic cybersecurity practices aren’t rigorously enforced and continuously monitored.
Read more
DOGE staffer ‘Big Balls’ provided tech support to cybercrime ring
itNews by Raphael Sagger
New revelations suggest that a DOGE-affiliated staffer, known only by the handle “Big Balls,” provided hands-on technical support to a notorious cybercrime ring. This staffer allegedly assisted in developing and troubleshooting the systems used to distribute malware and conduct illicit online activities. The involvement of someone from a federally linked entity raises critical questions about internal oversight, trust, and the porous boundaries between official platforms and malicious operations. This case highlights the urgent need for rigorous vetting, continuous monitoring, and transparent accountability for those operating within or adjacent to sensitive digital ecosystems.
Read more
Files stolen from NSW court system, including restraining orders for violence
The Register by Connor Jones
A data breach within the NSW court system has led to the exposure of sensitive legal documents, including restraining orders tied to domestic violence cases. The breach has alarmed privacy advocates and legal professionals, given the highly personal nature of the leaked information and the potential for real-world harm to victims. Authorities are investigating how the breach occurred and whether security failings enabled unauthorised access. This incident underscores the critical importance of securing judicial data, especially where the safety of vulnerable individuals may be directly compromised.
Read more
Trump signs executive order that will upend US voter registration processes
The Guardian by Joseph Gedeon & Sam Levine
A sweeping executive order signed by Donald Trump threatens to dramatically reshape how voter registration is handled across the United States. The order includes provisions that critics argue could suppress voter turnout, particularly among marginalised communities, by tightening verification requirements and limiting digital registration options. Civil liberties groups have voiced concern over the implications for election accessibility and integrity. As the US heads into another contentious election cycle, the move is expected to prompt legal challenges and intensify debates over democratic participation and electoral security.
Read more
Secretive Chinese network tries to lure fired US gov workers
itNews by AJ Vicens
A covert influence campaign linked to China is targeting recently dismissed U.S. government employees, aiming to exploit their insider knowledge and access. The campaign uses job offers and recruitment outreach as a front, hoping to gather sensitive information or sway opinion in Beijing’s favour. National security experts warn that such operations highlight the risks posed by abrupt personnel changes, especially in critical sectors like defence and cybersecurity. This development underscores the need for robust post-employment protocols and greater awareness of foreign interference tactics.
Read more
Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT
Wired by Lily Hay Newman
Concerns are mounting over the potential use of Starlink Wi-Fi within sensitive U.S. government settings like the White House. While the satellite service offers reliable internet, its proprietary infrastructure and lack of transparency raise red flags about data sovereignty, control, and vulnerability to surveillance or disruption. Security experts caution that relying on non-government-managed networks—especially those linked to powerful private entities—introduces significant risks to national cybersecurity. The situation calls for clearer federal policies around external tech integration and digital autonomy.
Read more
OTF, which backs Tor, Let’s Encrypt and more, sues to save funding from Trump cuts
The Register by Thomas Claburn
The Open Technology Fund (OTF)—a key supporter of privacy-enhancing tools like Tor and Let’s Encrypt—has launched legal action to protect its funding, which is threatened by proposed Trump-era budget cuts. OTF argues the cuts would weaken digital rights efforts globally and endanger activists, journalists, and at-risk communities who rely on secure communication platforms. The lawsuit underscores the essential role of publicly funded, open-source technologies in defending internet freedom. As global threats to online privacy grow, the outcome of this legal battle could have far-reaching implications for the future of secure digital infrastructure.
Read more
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
The Hacker News by Ravie Lakshmanan
A newly disclosed vulnerability in the NGINX Ingress Controller for Kubernetes could allow remote code execution without authentication—posing a significant threat to cloud-native environments. The flaw, dubbed “IngressNightmare,” stems from improper handling of annotations and affects multiple versions widely deployed in production. If exploited, it could let attackers execute arbitrary code, compromise workloads, and escalate privileges within clusters. Security teams are urged to apply patches immediately and review ingress configurations for exposure. As Kubernetes adoption grows, securing its control planes becomes essential to maintaining resilience in increasingly containerised infrastructure.
Read more
Top Trump officials text classified Yemen airstrike plans to journo in Signal SNAFU
The Register by Iain Thomson
A major operational security lapse has come to light involving former Trump officials, who reportedly shared classified details of Yemen airstrikes via Signal with a journalist. The messages—containing sensitive military plans—were part of a broader communication exchange that raises serious questions about mishandling of classified information and the misuse of encrypted messaging apps. While Signal itself remains secure, the incident underscores how poor operational judgment—not just technical flaws—can lead to critical breaches. Experts warn that trust in encryption tools can’t compensate for user behaviour that disregards basic security protocols, especially in government and defence circles.
Read more
New VanHelsing ransomware targets Windows, ARM, ESXi systems
BleepingComputer by Bill Toulas
A newly identified ransomware strain, VanHelsing, is making waves by targeting a diverse array of systems—including Windows, Linux on ARM, and VMware ESXi. This multi-platform approach allows attackers to cast a wider net, increasing their ability to disrupt operations across hybrid environments. Researchers say the ransomware uses a variety of obfuscation techniques and custom scripts to evade detection and escalate privileges before encrypting files. Its wide compatibility highlights a growing trend among cybercriminals to design attacks that can bypass traditional defences and strike where visibility is weakest. As hybrid infrastructure becomes the norm, organisations are urged to revisit their endpoint security, backup policies, and threat detection capabilities.
Read more
Critical ‘IngressNightmare’ Vulns Imperil Kubernetes Environments
Dark Reading by Jai Vijayan
“IngressNightmare”—is sending shockwaves through the Kubernetes community. These flaws affect the NGINX Ingress Controller, a widely used component in Kubernetes clusters, and allow remote code execution without authentication under certain configurations. With widespread usage across production environments, the exposure risk is significant, especially for organisations that have not implemented strict access controls. The discovery has prompted urgent calls for patching, configuration reviews, and broader Kubernetes security hygiene. As container orchestration grows in popularity, so too does its attractiveness to attackers, highlighting the need for continuous monitoring, rapid patch deployment, and a deeper focus on securing the cloud-native stack.
Read more
Cyberattack takes down Ukrainian state railway’s online services
BleepingComputer by Bill Toulas
A cyberattack has disrupted the online services of Ukrainian state railway operator Ukrzaliznytsia, affecting ticket purchasing and passenger information systems. While operations on the ground continue, the digital shutdown poses a serious inconvenience to travellers and reflects broader cyber risks targeting critical infrastructure in conflict zones. Ukrainian authorities suspect state-aligned threat actors, consistent with past patterns of cyber aggression amid the ongoing war. The incident highlights the vulnerability of national transport systems to digital sabotage and underscores the importance of investing in resilient infrastructure and contingency planning. As geopolitical tensions continue, public services must prioritise cybersecurity as a frontline defence.
Read more
Canadian citizen allegedly involved in Snowflake attacks consents to extradition to US
Cyberscoop by Matt Kapko
A Canadian national accused of involvement in the high-profile Snowflake data theft campaign has agreed to extradition to the United States. Authorities believe the individual was linked to cyberattacks that compromised multiple companies by exploiting misused credentials and cloud services. The decision marks a step forward in cross-border cooperation to hold cybercriminals accountable. As breaches grow in scale and complexity, this case underscores the global nature of cybercrime and the mounting pressure on legal systems to keep pace with threats exploiting cloud infrastructure and identity-based vulnerabilities.
Read more
Enhancing Threat Intelligence and Threat Detection in Australian Central Government Organisations
IT Wire by Cyrille Badeau
Australian central government agencies are under increasing pressure to modernise their cybersecurity practices, with real-time threat detection and AI-driven intelligence now essential for identifying and countering sophisticated attacks. Traditional perimeter defences are no longer sufficient—agencies must embrace advanced analytics, automation, and behavioural insights to stay resilient. Visibility across complex IT environments is critical, along with a proactive, intelligence-led approach that aligns security strategies with today’s evolving threat landscape and heightened policy expectations.
Read more
How to delete your 23andMe data and why you should do it now
ZDNet by Steven Vaughan-Nichols
Following last year’s breach that exposed the genetic data of millions, 23andMe is again under fire for its data handling practices. Users are now being urged to permanently delete their personal and genetic information, with clear steps provided for doing so. With sensitive DNA profiles potentially accessed by law enforcement or third parties via platform loopholes, the risks of leaving data behind are mounting. While deletion can’t guarantee total erasure, it significantly limits future exposure and prompts a critical re-evaluation of trust in consumer genetics services.
Read more
Amazon ends little-used privacy feature that let Echo users opt out of sending recordings to company
The Associated Press
Amazon has quietly discontinued a privacy option that allowed Echo users to opt out of having their voice recordings reviewed by the company. The feature, introduced after backlash over human review of Alexa interactions, is no longer available—raising fresh concerns about transparency and user control. While Amazon claims it still limits how recordings are used, privacy advocates argue the move erodes trust and limits meaningful consent. As voice assistants become more embedded in everyday life, users may want to rethink how much they’re willing to share with their smart devices.
Read more
ANALYSIS
Explain Signal, cybersecurity, and how a journalist was sent high-level military intelligence
Virginia Tech News with France Bélanger, Aaron Brantly, Jimmy Ivory & Anthony Vance
When Atlantic editor-in-chief Jeffrey Goldberg unexpectedly received classified military plans via Signal, it exposed how encrypted messaging can be both a shield and a sword. The incident raises critical questions about digital trust, secure communications, and insider threats. While apps like Signal are essential for privacy, they also complicate traditional information controls. This analysis explores how governments and media must rethink cybersecurity training and access protocols, ensuring that encryption empowers democracy without unintentionally bypassing national security safeguards.
Read more
Improving cybersecurity to protect against online hate
Harvard School of Public Health by Jay Lay
Online hate is on the rise, yet cybersecurity strategies often overlook its role in fuelling real-world violence. This fascinating piece explores how hate-fuelled digital abuse transcends mere content moderation, requiring stronger security protocols to shield targets from harassment, doxxing, and coordinated attacks. It highlights the need for an interdisciplinary approach—combining tech, policy, and public health—to build safer platforms. Addressing online hate isn’t just about protecting reputations; it’s about safeguarding mental health, social cohesion, and democratic discourse from digital weaponisation.
Read more
Cybersecurity Gaps Leave Doors Wide Open
Dark Reading by Jai Vijayan
Despite growing investment in cybersecurity, many organisations remain exposed due to fundamental oversights—such as misconfigured systems, weak identity management, and neglected patching routines. These gaps are routinely exploited in ransomware, phishing, and supply chain attacks. Security leaders are being urged to refocus on core cyber hygiene, ensuring that basic controls are prioritised alongside advanced tools. In a threat environment where attackers thrive on preventable mistakes, resilience depends not on having the flashiest defences, but on the reliability of the essentials.
Read more
Global Data Privacy Minefield
PrivID (Substack)
Navigating global data privacy laws has become a regulatory tightrope walk. With divergent standards between the EU, U.S., and emerging markets, organisations must juggle compliance obligations while maintaining operational efficiency. This analysis explores the growing friction between localisation mandates and cross-border data flows, warning that inconsistent regulation threatens innovation and business continuity. Without harmonised frameworks or updated treaties, companies face legal uncertainty and escalating costs. Clearer global alignment is essential to create a digital ecosystem where privacy rights are upheld without stifling economic growth.
Read more
Australia’s government agencies use encrypted messaging apps such as Signal. But should they?
The Guardian by Josh Taylor & Josh Butler
The increasing reliance on encrypted messaging apps like Signal by Australian government agencies has sparked debate over security, transparency, and public accountability. While these tools provide robust privacy and are vital for protecting sensitive communications, they also raise concerns about record-keeping obligations and public access to government decisions. This piece explores the tension between national security needs and democratic oversight, questioning whether these apps are being used appropriately or risk circumventing proper governance. Striking the right balance is critical to maintaining trust and compliance in the digital age.
Read more
When Cybersecurity Measures Backfire
PrivID (Substack)
Not all security controls improve security—some can actually increase risk. Overly complex authentication, intrusive surveillance, or rigid access restrictions can frustrate users, encouraging risky workarounds or disengagement. In high-stakes environments, such counterproductive measures undermine trust and resilience, making systems more fragile, not less. This piece explores the paradox of protection, arguing that effective cybersecurity must be user-centred, context-aware, and flexible enough to adapt without compromising core defences. Security isn’t about more controls—it’s about smarter, more human-focused ones.
Read more
How to Enter the US With Your Digital Privacy Intact
Wired by Andy Greenberg
Crossing the U.S. border with your digital devices can feel like navigating a surveillance minefield. Authorities may search phones, demand passwords, or access cloud data—raising major privacy concerns for travellers, especially journalists and activists. This guide outlines how to protect your digital footprint, from using burner devices and disabling biometric locks to limiting stored sensitive data and backing up securely beforehand. Maintaining digital privacy at international borders isn’t just about evasion—it’s about preparation, precaution, and understanding your rights in a data-driven world.
Read more
Is nation-state hacking becomes ‘more in your face,’ are supply chains secure?
The Register by Jessica Lyons
The gloves are off—nation-state hacking is no longer covert, it’s confrontational. As geopolitical tensions rise, adversaries are escalating cyber operations, targeting supply chains with brazen attacks that aim to destabilise critical infrastructure and erode trust. With the SolarWinds and Microsoft Exchange attacks still casting long shadows, experts warn that many organisations remain underprepared for these sophisticated threats. The piece calls for improved vendor scrutiny, real-time threat intelligence, and resilient architecture to withstand increasingly direct cyber onslaughts from well-resourced state actors.
Read more
CyAN Members: Op Eds, Articles, etc:
CyAN Members: NEWS


STATISTICS & INSIGHTS
powered by evisec
Highlights from this week’s cybersecurity research by evisec – CRD #19
CyAN Member and evisec CEO Henry Röigas
Highlights from the latest cybersecurity research sources by evisec: Read more
• Ransomware hits record high: February 2025 saw 962 victims—more than double the monthly average—with Cl0p behind one-third of cases.
• Credential compromise leads access: Nearly half of ransomware cases in 2024 began with compromised credentials, often via brute-force or weak MFA.
• Infostealers drive initial access market: 3.2 billion credentials were leaked in 2024, 75% linked to infostealers.
• Machine identities under attack: Half of surveyed firms faced breaches via exposed API keys or certificates; usage is rising fast.
• LLMs linked to secret leaks: GitHub repos using Copilot saw 40% more hardcoded secrets, highlighting AI-related security risks.
Upcoming CyAN (and CyAN Partner) Global Events:
- Trust & Safety Forum at Forum INCYBER Europe (FIC), Lille, France: April 1–2 Read more
- Supply Chain Cyber Security Summit (SCCS), Lisbon, Portugal: April 9–11 Read more
- GITEX AFRICA, Marrakesh, Morocco: April 14–16 Read more
- GITEX ASIA, Singapore (Marina Bay Sands): April 23–25 Read more
- GISEC, Dubai World Trade Centre, UAE: May 6–8 Read more
- The Cyber Outstanding Security Performance Awards (Cyber OSPAs), London, UK: May 8 Read more
- CSG Awards 2025, Dubai: May 7 Read more
- World AI Technology Expo, Dubai, UAE: May 14–15 Read more
- CyAN 10th Anniversary Celebrations!
- GITEX Europe Messe, Berlin, Germany: May 21–23 Read more
- MaTeCC, Rabat, Morocco (The third annual North Africa cybersecurity event, hosted by CyAN partner École High-Tech): June 7–9, 2025 Read more
- CyAN Q2 Community Call (APAC and the Gulf): June 11, 12:00 GST / 16:00 SGT / 18:00 AEST
- CyAN Q2 Community Call (EMEA and the Americas): June 11, 20:00 GST / 18:00 CET / 17:00 UTC / 12:00 EDT
Cyber (In)Securities – Issue 135
Information Security News US Weakens Disinformation Defenses, as Russia & China Ramp Up Dark Reading by Robert LemosAs geopolitical tensions escalate, the US has notably reduced its efforts to combat disinformation, especially from key adversaries like Russia and China. This rollback occurs despite increasing efforts …
Cyber (In)Securities – Issue 132
Information Security News Elon Musk’s Starlink Could Be Used to Transmit Australian Election Voting Results The Guardian by Josh TaylorThe Guardian reports that Elon Musk’s satellite internet service, Starlink, is being considered as a potential method to transmit voting results in Australian elections. This proposal …
Cyber (In)Securities – Issue 131
Information Security News
EU Looks to Tech Sovereignty with EuroStack Amid Trade War
Biometric Update by Masha Borak
The European Union is making significant strides towards tech sovereignty with the development of EuroStack, a comprehensive technology initiative aimed at reducing dependence on foreign tech giants amid ongoing trade tensions. This ambitious project seeks to bolster the EU’s capabilities in digital services and infrastructure, promoting a self-reliant approach to technology that aligns with its strategic economic and security interests.
EuroStack is poised to enhance data protection, cloud computing, and overall digital autonomy for the EU, marking a pivotal shift in the global tech landscape as Europe navigates the complexities of international trade and tech dominance.
Read more
Trump Coins Used as Lure in Malware Campaign
SecurityWeek by Kevin Townsend
In a novel cyberattack, malicious actors are exploiting the popularity of Trump-themed commemorative coins to distribute malware. This campaign targets supporters through phishing emails that offer a chance to purchase these coins, only to infect their systems with malicious software when they attempt to engage.
The deceptive emails are crafted with convincing details and a call to action that redirects users to compromised websites. This strategy highlights a growing trend of using political memorabilia and current events as bait, reflecting an evolution in social engineering tactics aimed at specific demographic groups.
Read more
Experts Warn of Mass Exploitation of Critical PHP Flaw CVE-2024-4577
Security Affairs by Pierluigi Paganini
Cybersecurity experts are raising alarms about a critical vulnerability in PHP, identified as CVE-2024-4577, which is being exploited on a massive scale. This severe flaw allows attackers to execute arbitrary code on servers running vulnerable versions of PHP, potentially compromising millions of websites and web applications.
The widespread use of PHP in server-side scripting for web development makes this vulnerability particularly dangerous. Security professionals urge immediate patching and updates, as exploiting this flaw can give attackers control over web servers, leading to data theft, site defacement, and further network compromise.
Read more
‘SideWinder’ Intensifies Attacks on Maritime Sector
Dark Reading by Jai Vijayan
The cyber threat group known as SideWinder is intensifying its targeted attacks on the maritime sector, deploying sophisticated tactics to infiltrate networks and steal sensitive information. This group’s activities have raised significant security concerns within the maritime industry, which is crucial for global trade and logistics.
SideWinder’s methods include using advanced malware and phishing attacks to gain access to ship management systems and port authority databases, aiming to disrupt operations and gather strategic data. The escalation of these attacks underscores the need for enhanced cybersecurity measures in critical infrastructure sectors to protect against increasingly adept and persistent threat actors.
Read more
X Outages Reportedly Caused by Massive Cyberattack
ZDNet by Lance Whitney
A significant cyberattack is reported to be the cause behind recent widespread outages of the social media platform X. This attack highlights the vulnerabilities in digital platforms that are increasingly becoming targets for sophisticated cyber threats.
The cyberattack not only disrupted service for millions of users worldwide but also raised concerns about data security and the robustness of infrastructure against such incursions. The incident has prompted urgent calls for stronger cybersecurity protocols and resilience strategies to shield against future disruptions and potential data breaches.
Read more
Multiple Vulnerabilities Found in ICONICS Industrial SCADA Software
Cyberscoop by Derek B. Johnson
Recent findings have revealed multiple vulnerabilities in ICONICS industrial SCADA software, posing significant risks to critical infrastructure systems that depend on this technology for operational control and monitoring. These vulnerabilities could allow cyber attackers to manipulate controls, alter configurations, or even shut down operations, potentially leading to severe consequences in sectors like energy, manufacturing, and water treatment.
The discovery underscores the critical need for continuous vulnerability assessments and prompt patching within industrial systems to safeguard them from potential cyber threats and ensure the continuity of essential services.
Read more
Swiss Critical Sector Faces New 24-Hour Cyberattack Reporting Rule
BleepingComputer by Bill Toulas
Switzerland has introduced a stringent new regulation requiring critical sector organizations to report cyberattacks within 24 hours of detection. This rule aims to enhance national cybersecurity resilience by ensuring swift and coordinated response efforts to digital threats.
The legislation covers entities in essential services such as healthcare, transportation, finance, and utilities, emphasizing the importance of transparency and prompt communication in mitigating the impacts of cyber incidents. The move reflects a growing global trend toward tighter cyber regulations as governments seek to fortify defenses against the increasing frequency and sophistication of cyberattacks.
Read more
Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials
The Hacker News by Ravie Lakshmanan
Security researchers have uncovered a new polymorphic attack technique that clones legitimate browser extensions to stealthily steal user credentials. This sophisticated method involves altering the code of popular extensions, turning them into trojans that can capture sensitive information such as passwords and banking details without alerting users or security systems.
The findings highlight a significant escalation in browser-based threats, emphasizing the need for users to verify the authenticity of extensions and maintain updated anti-malware solutions. The report calls for heightened awareness and stricter security practices to counteract these deceptive strategies that exploit the trust in commonly used digital tools.
Read more
Rhysida Pwns Two US Healthcare Orgs, Extracts Over 300K Patients’ Data
The Register by Connor Jones
The cyber threat group Rhysida has successfully breached two US healthcare organizations, compromising the personal and medical information of over 300,000 patients. This sophisticated attack highlights the increasing vulnerability of the healthcare sector to cyber incursions, which can have devastating consequences for patient privacy and institutional integrity.
The hackers utilized advanced tactics to infiltrate network defenses and exfiltrate a significant amount of sensitive data, underscoring the critical need for healthcare entities to enhance their cybersecurity measures. This incident serves as a stark reminder of the importance of robust security protocols and continuous monitoring to protect patient information against such malicious activities.
Read more
Former NSA Cyber Director Warns Drastic Job Cuts Threaten National Security
Cybersecurity Dive by David Jones
The former director of NSA’s cyber division has issued a stark warning that significant job cuts within the agency pose a serious threat to national security. These reductions in cybersecurity personnel come at a time when cyber threats are becoming more frequent and sophisticated.
The former director emphasizes that decreasing the number of skilled cybersecurity professionals undermines the country’s ability to defend against and respond to cyber incidents effectively. This alert calls for urgent reconsideration of budget and staffing decisions to ensure the NSA and other critical security agencies are well-equipped to safeguard national interests in the digital age.
Read more
SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools
The Hacker News by Ravie Lakshmanan
A new malware known as SilentCryptoMiner is targeting Russian users by masquerading as legitimate VPN and DPI (Deep Packet Inspection) bypass tools. The malware has already infected approximately 2,000 individuals, covertly mining cryptocurrency using the resources of compromised systems.
This campaign highlights the dangers of downloading software from unverified sources, as attackers capitalize on the demand for privacy tools in regions with strict internet regulations. The incident underscores the need for heightened vigilance and the importance of using trusted channels for software downloads to prevent such deceptive and harmful intrusions.
Read more
US Cities Warn of Wave of Unpaid Parking Phishing Texts
BleepingComputer by Lawrence Abrams
Several US cities are issuing warnings about a new phishing scam involving unpaid parking tickets. The scam sends text messages to individuals, falsely claiming they have unpaid parking fines and directing them to a fraudulent website.
Once on the site, victims are prompted to enter personal information, which the scammers can then use for identity theft or financial fraud. This wave of phishing attacks highlights the increasingly cunning tactics used by cybercriminals to exploit everyday situations. Authorities are urging the public to verify any such claims through official municipal channels and to be cautious about providing personal information online.
Read more
NCSA Ordered to Step Up Preparations Against Cyber Warfare
The Nation
The Thai National Cyber Security Authority (NCSA) has been ordered to intensify its preparations against potential cyber warfare threats. This directive comes in response to escalating global cyber tensions and the increasing sophistication of potential cyber-attacks that could target critical national infrastructure.
The NCSA’s enhanced focus aims to bolster the country’s defenses by developing more advanced cyber response strategies, conducting regular security drills, and strengthening collaborations with international cybersecurity entities. This proactive approach is designed to ensure the nation remains resilient in the face of growing cyber threats and can effectively mitigate the impact of any cyber-attacks.
Read more
Internet Shutdowns at Record High in Africa as Access ‘Weaponized’
The Guardian by Eromo Egbejule
Internet shutdowns have reached a record high across Africa, with governments increasingly ‘weaponizing’ access to control information and suppress dissent. This trend is alarming advocates for freedom of expression and digital rights, as shutdowns not only curtail civil liberties but also impact economies and disrupt everyday life.
The use of internet blackouts as a political tool is particularly prevalent during protests, elections, and civil unrest, raising serious concerns about the erosion of democratic norms. This pattern underscores the urgent need for international dialogue and policy interventions to protect internet access as a fundamental right and to prevent its use as a tool for political manipulation.
Read more
Stalked: How a Relentless Campaign of Online Abuse Derailed One Woman’s Life
The Observer by Carole Cadwalladr
This in-depth article chronicles the harrowing experience of a woman whose life was dramatically affected by a relentless campaign of online abuse. It explores the devastating impact of cyberstalking, which included constant harassment, the spreading of personal information, and threats that extended beyond the digital realm into her physical life.
The case study sheds light on the psychological and social repercussions of such targeted attacks, highlighting the insufficient legal protections and the often inadequate response from law enforcement agencies. This story calls for stronger regulatory measures and more robust support systems to protect individuals from cyber harassment and to hold perpetrators accountable.
Read more
White House Cyber Director’s Office Set for More Power Under Trump, Experts Say
The Record by Suzanne Smalley
According to experts, the office of the White House cyber director is poised to receive expanded powers under the Trump administration. This move aims to enhance the national cybersecurity strategy by centralizing authority and improving coordination among various federal agencies involved in cyber defense.
The bolstering of the cyber director’s office reflects an acknowledgment of the growing cyber threats facing the United States and the need for a more unified government response. Experts suggest that this restructuring will enable more effective policy-making and operational decisions in cybersecurity, potentially leading to stronger protections against cyberattacks on national infrastructure.
Read more
Undocumented Commands Found in Bluetooth Chip Used by a Billion Devices
BleepingComputer by Bill Toulas
Recent discoveries have revealed undocumented commands in a widely used Bluetooth chip, present in over a billion devices, raising significant security concerns. These hidden commands, if exploited, could potentially allow attackers to execute arbitrary actions on affected devices without the user’s knowledge.
This vulnerability underscores the critical importance of hardware security and the potential risks associated with overlooked or hidden functionalities in common technology components. The exposure of such commands highlights the need for manufacturers to conduct thorough security audits and for users to ensure their devices are regularly updated to mitigate any potential threats arising from such vulnerabilities.
Read more
Japanese Telecom Giant NTT Suffered a Data Breach That Impacted 18,000 Companies
Security Affairs by Pierluigi Paganini
The Japanese telecommunications giant NTT disclosed a significant data breach impacting approximately 18,000 corporate clients. This breach involved unauthorized access to a wide range of sensitive data, potentially exposing business secrets and personal information.
The incident highlights vulnerabilities in telecommunications networks that can have far-reaching consequences for both the service provider and its extensive client base. NTT has initiated a comprehensive security overhaul and is collaborating with law enforcement to investigate the breach. This event underscores the need for enhanced cybersecurity measures and continuous vigilance to protect against sophisticated cyber threats in an increasingly interconnected world.
Read more
Cyberattacks Targeting IT Vendors Intensify, Causing Bigger Losses
Cybersecurity Dive by Alexei Alexis
The frequency and severity of cyberattacks targeting IT vendors have dramatically intensified, resulting in substantial financial and operational losses. This trend is particularly alarming as IT vendors often serve as gateways to broader networks, making them attractive targets for cybercriminals looking to exploit multiple victims through a single entry point.
These attacks not only disrupt IT operations but also compromise the security of their clients’ data and systems. The article highlights the growing need for IT vendors to implement robust cybersecurity strategies, including multi-factor authentication, regular security audits, and employee training, to mitigate the risks and protect both their assets and those of their clients.
Read more
YouTubers Extorted via Copyright Strikes to Spread Malware
BleepingComputer by Bill Toulas
An emerging cyber threat involves extortion of YouTubers through the manipulation of copyright strike processes to distribute malware. Cybercriminals are targeting content creators by threatening them with copyright strikes, which can severely impact their channel and revenue unless they comply with demands that often include downloading malware-laden software.
This strategy not only exploits the legal copyright mechanisms but also turns them into a tool for cyber extortion. The practice highlights a new form of cybercrime that blends traditional copyright abuse with digital extortion, significantly complicating the security landscape for online content creators. It underscores the importance of vigilance and legal awareness among YouTubers to protect against such sophisticated and damaging attacks.
Read more
Developer Sabotaged Ex-Employer with Kill Switch Activated When He Was Let Go
The Register by Iain Thomson
A developer orchestrated a sabotage attack against his former employer by implementing a kill switch that activated upon his dismissal. This deliberate act caused significant disruption to the company’s operations, as critical systems were disabled, leading to downtime and financial losses.
The incident underscores the potential risks associated with insider threats and the importance of maintaining stringent security protocols, especially regarding access control and monitoring of sensitive systems. The company has since taken steps to bolster its security measures and review its policies to prevent such occurrences in the future, highlighting the need for continuous vigilance and robust security practices in the workplace.
Read more
ANALYSIS
Cybersecurity is a ‘Continual Battle,’ but Industry Can’t Be ‘Complacent,’ Experts Say
Security Systems News by Cory Harris
Experts in cybersecurity are emphasizing that the fight against cyber threats is an ongoing battle that requires constant vigilance and adaptation. This article discusses the ever-evolving nature of cyber threats and the critical importance of staying proactive in cybersecurity practices.
Industry leaders warn against complacency, highlighting that as technology advances, so do the tactics of cybercriminals. Harris, editor of Security Systems News, advocates for continuous investment in cybersecurity infrastructure, regular updates to defensive strategies, and ongoing training for all staff. The message is clear: the cybersecurity landscape is dynamic and requires perpetual effort and innovation to keep data and systems safe.
Read more
Rapid7’s Chief Scientist Warns Australian Businesses to Prioritize Their Ransomware Policies
itWire by Grant Titmus
Rapid7’s Chief Scientist, Raj Samani, has issued a stark warning to Australian businesses regarding the escalating threat of ransomware attacks. Samani is urging companies to prioritize their ransomware response policies and strengthen their cybersecurity defenses to combat this pervasive threat.
His call to action comes amid rising incidents of ransomware across Australia, which are increasingly sophisticated and disruptive. The article highlights the necessity for businesses to implement comprehensive security measures, including regular data backups, employee training on phishing awareness, and robust incident response plans. The emphasis is on preparation and resilience, aiming to mitigate potential impacts and ensure business continuity in the face of these cyber challenges.
Read more
CyAN Members: Op Eds, Articles, etc:
Copy of FY2024 IT and Cybersecurity Spending Analysis (Selected ASX 200 Companies)
CyAN Member Nick Kelly
CyAN Member Nick Kelly provides a detailed analysis of the FY2024 IT and cybersecurity spending across selected ASX 200 companies, revealing significant trends and investment patterns. This report underscores the growing emphasis on cybersecurity in the corporate sector, reflecting increased allocations toward enhancing digital defenses.
Kelly’s analysis points out that despite economic pressures, companies are prioritizing investments in cybersecurity to address the escalating threat landscape. The document serves as a crucial resource for understanding how top Australian companies are strategically positioning their resources to combat cyber threats, offering valuable insights into the prioritization of IT and cybersecurity expenditures in response to evolving challenges.
Read more
Upcoming CyAN (and CyAN Partner) Global Events:
CyAN APAC: The Geopolitical Impacts of Cyber Threats: From Espionage to Influence
Keynote by Dan Elliot
📅 Date: March 12
📍 Location: Peoplebank, Sydney
🔗 Event details
Trust & Safety Forum at Forum INCYBER Europe (FIC)
📅 Date: April 1-2
📍 Location: Lille, France
🔗 Event details
CyAN Quarterly Online Members Meeting (CyAN Members Only)
📅 Date: March 19
📍 Location: Online
📩 See emails for details
GITEX AFRICA 2025
📅 Date: April 14-16
📍 Location: Marrakesh, Morocco
🔗 Event details
GITEX ASIA 2025
📅 Date: April 23-25
📍 Location: Marina Bay Sands, Singapore
🔗 Event details
GISEC Global 2025
📅 Date: May 6-8
📍 Location: Dubai World Trade Center, UAE
🔗 Event details
The Cyber Outstanding Security Performance Awards (Cyber OSPAs)
📅 Date: May 8
📍 Location: London, UK
🔗 Event details
World AI Technology Expo UAE
📅 Date: May 14-15, 2025
📍 Location: Dubai, UAE
🔗 Event details
MaTeCC: North Africa Cybersecurity Event
📅 Date: June 7-9, 2025
📍 Location: Rabat, Morocco
🔗 Event details
Cyber (In)Securities – Issue 129
Information Security News Latin American Orgs Face 40% More Attacks Than Global Average Dark Reading by Nate NelsonOrganisations in Latin America are experiencing a surge in cyberattacks, facing 40% more incidents than the global average. This alarming trend underscores the unique cybersecurity challenges in the …