@cyberalerts.io
//
Broadcom has issued emergency security patches for VMware ESXi, Workstation, and Fusion products, addressing three zero-day vulnerabilities actively exploited in the wild. These flaws can lead to virtual machine escape, allowing attackers to potentially gain control of the host systems. VMware products, including VMware vSphere, VMware Cloud Foundation, and VMware Telco Cloud Platform, are affected. Broadcom credited Microsoft's MSTIC security team with spotting and reporting the attacks.
The vulnerabilities were discovered by Microsoft and are actively being exploited. Patches are now available to address these critical security issues, and users of affected VMware products are strongly advised to apply the updates immediately to mitigate the risk of exploitation. Information on the patches can be found at the link provided by Broadcom (CVE-2025-22224: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390).
Recommended read:
References :
- bsky.app: Broadcom released security patches to patch an actively exploited zero-day in its VMware ESXi products. Broadcom credited Microsoft's MSTIC security team with spotting and reporting the attacks.
- The Hacker News: Broadcom Releases Urgent Patches
- The Register - Software: VMware splats guest-to-hypervisor escape bugs already exploited in wild
- www.csoonline.com: VMware ESXi gets critical patches for in-the-wild virtual machine escape attack.
- securityaffairs.com: VMware fixed three actively exploited zero-days in ESX products
- Arctic Wolf: Three VMware Zero-Days Exploited in the Wild Patched by Broadcom.
- bsky.app: BleepingComputer article on VMware zero-days.
- Vulnerability-Lookup: A new bundle, VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226), has been published on Vulnerability-Lookup:
- The Record: Three product lines from technology giant VMware — ESXI, Workstation and Fusion — have patches for vulnerabilities that the company and the federal government have said are being exploited by hackers
- securityaffairs.com: U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog
- borncity.com: 0-day vulnerabilities in VMWare ESXi, Workstation and Fusion
- socradar.io: VMware Security Alert: Active Exploitation of Zero-Day Vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226)
- Arctic Wolf: Three VMware Zero-Days Exploited in the Wild Patched by Broadcom
- Blog: Multiple zero-days in VMware products actively exploited
- gbhackers.com: CISA Issues Alert on Actively Exploited VMware Vulnerabilities
- www.tenable.com: CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
- Information Security Buzz: Broadcom warns VMware users of Critical Zero-Day Exploits
- www.cybersecuritydive.com: 37K+ VMware ESXi instances vulnerable to critical zero-day
- www.itpro.com: Broadcom issues urgent alert over three VMware zero-days
- Carly Page: Broadcom is warning that a trio of VMware vulnerabilities are being actively exploited by hackers to compromise the networks of its corporate customers
- techcrunch.com: Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape
- Security Risk Advisors: Three Critical VMware Vulnerabilities Exploited in Wild Targeting ESXi, Workstation, and Fusion
- www.cybersecuritydive.com: Broadcom urges customers to patch 3 zero-day VMware flaws
- MSSP feed for Latest: Broadcom: VMware Zero-Days Being Exploited in the Wild
- www.bleepingcomputer.com: Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild.
- research.kudelskisecurity.com: Critical VMware ESXi, Workstation, Fusion Vulnerabilities Seen Exploited in Wild
- Blog: Three Zero-Day Vulnerabilities Discovered in VMware Products
@World - CBSNews.com
//
The U.S. Justice Department has indicted 12 Chinese nationals for their alleged involvement in state-linked cyber operations. The individuals include employees of the Chinese technology firm i-Soon, members of the APT27 group (also known as Emissary Panda, TG-3390, Bronze Union, and Lucky Mouse), and two officers from China's Ministry of Public Security. These indictments shed light on the hacking tools and methods allegedly employed in a global hacking scandal. The Justice Department stated that the Ministry of State Security (MSS) and Ministry of Public Security (MPS) utilized an extensive network of private companies, including i-Soon, to conduct unauthorized computer intrusions in the U.S. and elsewhere.
The U.S. DoJ charges these individuals with data theft and suppressing dissent worldwide. i-Soon, identified as one of the private companies involved, allegedly provided tools and methods to customers and hacked for the PRC (People's Republic of China). These actions highlight a significant cybersecurity concern involving state-sponsored actors and their use of private firms to conduct cyber espionage.
Recommended read:
References :
- bsky.app: US Justice Department has charged Chinese state security officers and APT27 and i-Soon Chinese hackers linked to network breaches and cyberattacks targeting victims worldwide since 2011.
- CyberInsider: U.S. Charges 12 Chinese Nationals Over Decade-Long Cyber Espionage Campaign
- The Cyber Express: The United States Department of Justice (DOJ) has taken action against a major cyber threat, opening indictments against 12 Chinese nationals, including two officers from China’s Ministry of Public Security (MPS) and several employees of the Chinese technology firm i-Soon.
- bsky.app: USA accuses China's State of operating network of "hackers for hire". Accused 12 individuals, 2 officers of the PRC Ministry of Public Security (MPS), employees of a private company, Anxun Information Technology Co. Ltd, and members of APT27.
- The Hacker News: U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
- securityaffairs.com: US DOJ charges 12 Chinese nationals for state-linked cyber operations
- The Register - Security: Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox US government agencies announced Wednesday criminal charges against alleged members of China's Silk Typhoon gang, plus internet domain seizures linked to a long-term Chinese espionage campaign that saw Beijing hire miscreants to compromise US government agencies and other major orgs.…
- DataBreaches.Net: U.S. Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns
- bsky.app: The US Justice Department has charged Chinese state security officers and APT27 and i-Soon Chinese hackers linked to network breaches and cyberattacks targeting victims worldwide since 2011.
- cyble.com: U.S. Indictments Shed Light on i-Soon Hacking Tools, Methods
- Metacurity: US indicts twelve prolific Chinese hackers, including eight i-Soon staffers
- Carly Page: The Department of Justice has announced criminal charges against 12 Chinese government-linked hackers who are accused of hacking over 100 American organizations, including the U.S. Treasury, over the course of a decade
- Threats | CyberScoop: US indicts 12 Chinese nationals for vast espionage attack spree
- BleepingComputer: The U.S. Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011.
- hackread.com: US Charges 12 in Chinese Hacker-for-Hire Network, Offers $10M Reward
- Risky Business: US indicts the i-Soon and APT27 hackers, the BADBOX botnet gets disrupted again,authorities seize the Garantex crypto exchange, and the FBI arrests hackers who stole Taylor Swift concert tickets.
- Security | TechRepublic: Targets included the U.S. Treasury Department, journalists, and religious organisations, and the attacks intended to steal data and suppress free speech.
- techxplore.com: US indicts 12 Chinese nationals in hacking
- : US Charges Members of Chinese Hacker-for-Hire Group i-Soon
- Matthias Schulze: U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
Shira Landau@Email Security - Blog
//
The FBI has issued a warning regarding a new data extortion scam where criminals are impersonating the BianLian ransomware group. These fraudsters are sending physical letters through the United States Postal Service to corporate executives, claiming their networks have been breached. The letters demand Bitcoin payments in exchange for preventing the release of sensitive company data.
Analysis suggests these letters are fraudulent, and organizations, particularly within the US healthcare sector, are advised to report such incidents to the FBI. Security vendors, including Arctic Wolf and Guidepoint Security, have studied these letters and believe the campaign is a ruse by someone pretending to be BianLian. The letters mimic conventional ransom notes, demanding payments of between $250,000 to $350,000 within 10 days.
This activity highlights the evolving tactics of cybercriminals who are now employing postal mail to target high-profile individuals in an attempt to extort money under false pretenses. The FBI urges companies to implement internal protocols for verifying ransom demands and to remain vigilant against these deceptive practices. It’s crucial for organizations to discern fake attacks from real ones amidst the increasing complexity of cybercrime.
Recommended read:
References :
- Arctic Wolf: Self-Proclaimed “BianLian Group� Uses Physical Mail to Extort Organizations
- CyberInsider: Fake BianLian Ransom Notes Delivered to Executives via Post Mail
- DataBreaches.Net: Bogus ‘BianLian’ Gang Sends Snail-Mail Extortion Letters
- www.csoonline.com: Ransomware goes postal: US healthcare firms receive fake extortion letters
- PCMag UK security: Businesses Are Receiving Snail Mail Ransomware Threats, But It's a Scam
- BrianKrebs: Someone has been snail mailing letters to various businesses pretending to be the BianLian ransomware group.
- Cyber Security News: FBI Warns of Data Extortion Scam Targeting Corporate Executives
- gbhackers.com: FBI Warns: Threat Actors Impersonating BianLian Group to Target Corporate Executives
- techcrunch.com: There is no confirmed link between the campaign and the actual BianLian ransomware group, making this an elaborate impersonation.
- thecyberexpress.com: FBI Issues Urgent Warning About Data Extortion Scam Targeting Corporate Executives
- Email Security - Blog: The U.S. Federal Bureau of Investigation (FBI) has recently released an urgent advisory pertaining to a sophisticated email-based extortion campaign.
- Threats | CyberScoop: Ransomware poseurs are trying to extort businesses through physical letters
- gbhackers.com: The novel approach highlights a shift in extortion tactics.
- Vulnerable U: Executives Receive Fake Snail Mail BianLian Ransomware Notes
- Malwarebytes: Ransomware threat mailed in letters to business owners
- www.scworld.com: The FBI is warning of a ransomware operation targeting C-suite executives via the US Postal Service.
- Cyber Security News: Fake BianLian Ransom Scams Target U.S. Firms Through Mailed Letters
- borncity.com: CISA warning: Cyber criminals (BianLian Groupe) attempt to blackmail executives
- Jon Greig: The FBI warned executives of a new scam where people claiming to be part of the BianLian ransomware gang are mailing physical letters with threats Arctic Wolf said it is aware of at least 20 organizations or executives who have received these letters
Titiksha Srivastav@The420.in
//
Lee Enterprises, a major American media company with over 75 publications, has confirmed a ransomware attack that has disrupted operations across its network. The notorious Qilin ransomware gang has claimed responsibility for the February 3rd attack, alleging the theft of 350GB of sensitive data. This stolen data purportedly includes investor records, financial arrangements, payments to journalists and publishers, funding for tailored news stories, and even approaches to obtaining insider information. The cyberattack has resulted in widespread outages, significantly impacting the distribution of printed newspapers, subscription services, and internal business operations.
The attack has caused delays in the distribution of print publications and has partially limited online operations. Lee Enterprises anticipates a phased recovery over the next several weeks and has implemented temporary measures, including manual processing of transactions. The company has also launched a forensic investigation to determine the full extent of the breach. The Qilin ransomware group's actions have brought attention to the increasing threat facing media organizations and the importance of robust cybersecurity measures to protect sensitive information and maintain operational integrity.
Recommended read:
References :
- securityaffairs.com: SecurityAffairs: Qilin ransomware gang claimed responsibility for the Lee Enterprises attack
- www.cysecurity.news: CySecurity News: Lee Enterprises Faces Prolonged Ransomware Attack Disrupting Newspaper Operations
- The420.in: The420.in: American Media Group Hit by Cyber Attack, 75 Newspapers Disrupted & Informers’ Data Leaked
- bsky.app: The Qilin ransomware gang has claimed
responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company.
- bsky.app: The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the company.
- Information Security Buzz: Qilin Claims Lee Enterprises Ransomware Attack
- securityaffairs.com: The Qilin ransomware group claimed responsibility for the recent cyberattack on Lee Enterprises, which impacted dozens of local newspapers. Lee Enterprises, Inc. is a publicly traded American media company. It publishes 79 newspapers in 25 states, and more than
- CyberInsider: Reports that Qilin ransomware gang claimed responsibility for Lee Enterprises attack, threatens to leak stolen data
- www.cysecurity.news: reports on Ransomware
- Zack Whittaker: Lee Enterprises is still experiencing disruption and outages after a ransomware attack.
- Metacurity: UK ICO launches children's social media privacy probe, Qilin claims attack on Lee Enterprises, Polish Space Agency breached, Cellebrite zero days used to hack Serbian student's phone, Man sentenced to 24 years for putting CSAM on dark web, Canceled CFPB contracts threaten data security, much more
- Konstantin :C_H:: Qilin claims attack on Lee Enterprises,
- The420.in: Qilin ransomware group claimed responsibility for the Lee Enterprises attack.
- Kim Zetter: Reports Qilin claims attack on Lee Enterprises
- BleepingComputer: Qilin claiming responsibility for the cyberattack on Lee Enterprises.
- BleepingComputer: Qilin Ransomware Gang Claims Lee Enterprises Attack
- DataBreaches.Net: Japanese cancer hospital confirms breach; Qilin gang claims responsibility
- The Register - Security: Qilin ransomware gang claims attacks on cancer clinic, OB-GYN facility
- www.cysecurity.news: Qilin Ransomware Outfit Claims Credit for Lee Enterprises Breach
- www.scworld.com: The ransomware group Qilin has taken credit for the cyberattack on Lee Enterprises.
@csoonline.com
//
Recent reports have surfaced indicating that the US government ordered a temporary halt to offensive cyber operations against Russia, a decision that has stirred considerable debate and concern within the cybersecurity community. According to an exclusive report, Defense Secretary Pete Hegseth instructed U.S. Cyber Command (CYBERCOM) to suspend all planning against Moscow, including offensive digital actions. The directive, delivered to CYBERCOM chief Gen. Timothy Haugh, appears to be part of a broader effort by the White House to normalize relations with Russia amid ongoing negotiations regarding the war in Ukraine.
The decision to pause cyber operations has been met with skepticism and warnings from cybersecurity professionals, who fear the potential consequences of reducing vigilance against a known digital adversary. Concerns have been raised about potential increases in global cyber threats and a decrease in shared confidence in the U.S. as a defensive partner. However, the Cybersecurity and Infrastructure Security Agency (CISA) has denied these reports, labeling them as fake news and a danger to national security. CISA also noted that Russia has been at the center of numerous cybersecurity concerns for the U.S.
Recommended read:
References :
- bsky.app: DHS says CISA will not stop monitoring Russian cyber threats
- The Register - Security: US Cyber Command reportedly pauses cyberattacks on Russia
- Anonymous ???????? :af:: US Cybersecurity and Infrastructure Security Agency says that media reports about it being directed to no longer follow or report on Russian cyber activity are untrue, and its mission remains unchanged.
- securityboulevard.com: Security Pros Push Back as Trump Orders Halt to Cyber Ops vs. Russia
- www.bitdefender.com: Stop targeting Russian hackers, Trump administration orders US Cyber Command
- www.csoonline.com: US Cybercom, CISA retreat in fight against Russian cyber threats: reports
- Carly Page: The US has suspended its offensive cyber operations against Russia, according to reports, amid efforts by the Trump administration to grant Moscow concessions to end the war in Ukraine.
- Metacurity: US Cybercom, CISA are softening stances on Russia as a cyber foe: reports
- Zack Whittaker: The U.S. has reportedly suspended its offensive cyber operations against Russia, per multiple news outlets, amid efforts by the Trump administration to grant Moscow concessions to end the war in Ukraine.
- securityaffairs.com: CISA maintains stance on Russian cyber threats despite policy shift
- CyberInsider: CISA Denies Reports That It Has Halted Cyber Operations Against Russian Threats
- iHLS: U.S. Pauses Cyber Operations Against Russia
Amar Ćemanović@CyberInsider
//
Japanese telecom giant NTT Communications has confirmed a data breach impacting nearly 18,000 corporate customers. The company discovered unauthorized access to its internal systems on February 5, 2025. Hackers are reported to have accessed details of these organizations, potentially compromising sensitive data.
The stolen data includes customer names, contract numbers, phone numbers, email addresses, physical addresses, and information on service usage belonging to 17,891 organizations, according to NTT Com. While NTT Com has restricted access to compromised devices and disconnected another compromised device, the specific nature of the cyberattack and the identity of the perpetrators remain unknown. It’s not yet known how many individuals had personal data stolen.
Recommended read:
References :
- Carly Page: Japanese telecom giant NTT Communications says hackers stole the data of almost 18,000 corporate customers during a February cyberattack. It’s not yet known how many individuals had personal data stolen or who was behind the NTT breach
- CyberInsider: NTT Communications Suffers Data Breach Impacting 18,000 Companies
- BleepingComputer: Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident.
- techcrunch.com: Unidentified hackers breached NTT Com’s network to steal personal information of employees at thousands of corporate customers
- bsky.app: Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident.
- The DefendOps Diaries: Lessons from the NTT Data Breach: A 2025 Perspective
- bsky.app: Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident.
- www.scworld.com: NTT Communications says hackers stole the data of almost 18,000 corporate customers during a February cyberattack
- securityaffairs.com: Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies
- The420.in: Japanese Telecom Giant NTT Suffers Data Breach, Impacting 18,000 Companies
Ameer Owda@socradar.io
//
A critical security vulnerability, CVE-2025-25012, has been identified in Kibana, the data visualization platform used with Elasticsearch. This flaw stems from prototype pollution and could enable attackers to execute arbitrary code on affected systems. Given Kibana's widespread adoption across various industries, this vulnerability poses a significant risk to data security, integrity, and system stability. The vulnerability has a CVSS score of 9.9.
Versions 8.15.0 up to 8.17.3 are affected, where users with the Viewer role can be exploited, and versions 8.17.1 and 8.17.2 can be exploited through roles with elevated privileges. It is advised to update Kibana to version 8.17.3. Immediate action is crucial for organizations using vulnerable versions of Kibana to mitigate the potential for unauthorized access, data exfiltration, and service disruption.
Recommended read:
References :
- socradar.io: Critical Kibana Vulnerability (CVE-2025-25012) Exposes Systems to Code Execution, Patch Now
- securityaffairs.com: Security Affairs article on Elastic patching critical Kibana flaw.
- The Hacker News: The Hacker News article on Elastic releasing an urgent fix for a critical Kibana vulnerability.
- thecyberexpress.com: Elastic Issues Urgent Update for Critical Kibana Vulnerability Exposing Remote Code Execution Risk
- Rescana: Critical Kibana Vulnerability Report: Urgent Mitigation Needed for CVE-2025-25015
- securityonline.info: CVE-2025-25012 (CVSS 9.9): Critical Code Execution Vulnerability Patched in Elastic Kibana
- securityonline.info: CVE-2025-25015 (CVSS 9.9): Critical Code Execution Vulnerability Patched in Elastic Kibana
- research.kudelskisecurity.com: Critical Kibana Vulnerability Enabling Remote Code Execution (CVE-2025-25012)
- Tom Sellers: Elastic has published a security advisory for a CVSSv3 9.9 rated RCE in Kibana versions 8.15.0 to 8.17.2. The access required varies depending on the version, see the post below. Kibana version 8.17.3 has been released to address this vulnerability.
Thomas Brewster,@Thomas Fox-Brewster
//
Federal investigators have linked the 2022 LastPass data breach to a $150 million cryptocurrency theft from a Ripple XRP wallet in January 2024. Authorities believe the hackers exploited stolen master passwords to gain unauthorized access to the wallet. The stolen XRP, initially valued at $150 million, is now worth an estimated $716 million due to fluctuations in the cryptocurrency market.
U.S. law enforcement has seized over $23 million in cryptocurrency connected to the theft. The U.S. Secret Service and FBI are actively investigating the case and working to recover the remaining stolen funds. Security researchers had previously identified a pattern of similar crypto heists linked to the LastPass breach, suggesting a broader impact of the password manager vulnerability. The incident highlights the significant risks associated with compromised password management systems.
Recommended read:
References :
- bsky.app: US authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack.
- krebsonsecurity.com: KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022.
- The DefendOps Diaries: The Seizure of $23 Million in Cryptocurrency: A Detailed Analysis of the Ripple Wallet Hack Linked to LastPass Breach
- Thomas Fox-Brewster: Feds Suspect LastPass Hackers Stole $150 Million In Crypto From One Person
- www.bleepingcomputer.com: U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack.
Dhara Shrivastava@cysecurity.news
//
February witnessed a record-breaking surge in ransomware attacks, fueled by the prolific activity of groups like CL0P, known for exploiting MFT vulnerabilities. The ransomware landscape is also seeing significant activity from groups like Akira and RansomHub.
Recent analysis reveals a notable development with the Black Basta and CACTUS ransomware groups, uncovering a shared BackConnect module. This module, internally tracked as QBACKCONNECT, provides extensive remote control capabilities, including executing commands and exfiltrating sensitive data. The Qilin ransomware group has also claimed responsibility for attacks on the Utsunomiya Central Clinic (UCC), a cancer treatment center in Japan, and Rockhill Women's Care, a gynecology facility in Kansas City, stealing and leaking sensitive patient data.
Recommended read:
References :
- cyble.com: February Sees Record-Breaking Ransomware Attacks, New Data Shows
- The Register - Security: Qilin ransomware gang claims attacks on cancer clinic, OB-GYN facility
- iHLS: Ransomware Group Targets Cancer Clinic, Exposes Sensitive Health Data
- securityaffairs.com: Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024.
- thecyberexpress.com: Ransomware attacks set a single-month record in February that was well above previous highs.
- The DefendOps Diaries: Akira Ransomware: Unsecured Webcams and IoT Vulnerabilities
- blog.knowbe4.com: A new report from Arctic Wolf has found that 96% of attacks now involve data theft as criminals seek to force victims to pay up.
- DataBreaches.Net: The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim's network.
info@thehackernews.com (The@The Hacker News
//
Cybersecurity researchers have uncovered a large-scale phishing campaign distributing the Lumma Stealer malware. Attackers are using fake CAPTCHA images embedded in PDF documents hosted on Webflow's content delivery network (CDN) to redirect victims to malicious websites. These malicious actors are employing SEO tactics to trick users into downloading the PDFs through search engine results, ultimately leading to the deployment of the information-stealing malware. The Lumma stealer is designed to steal sensitive information stored in browsers and cryptocurrency wallets.
Netskope Threat Labs identified 260 unique domains hosting 5,000 phishing PDF files, affecting over 1,150 organizations and 7,000 users. The attacks primarily target users in North America, Asia, and Southern Europe, impacting the technology, financial services, and manufacturing sectors. Besides Webflow, attackers are also utilizing GoDaddy, Strikingly, Wix, and Fastly to host the fake PDFs. Some PDF files were uploaded to legitimate online libraries like PDFCOFFEE and Internet Archive to further propagate the malware.
Recommended read:
References :
- Infoblox Blog: DNS Early Detection – Fast Propagating Fake Captcha distributes LummaStealer
- Talkback Resources: Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains
- The Hacker News: Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains
- gbhackers.com: Netskope Threat Labs uncovered a sprawling phishing operation involving 260 domains hosting approximately 5,000 malicious PDF files.
- Talkback Resources: Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus [mal]
- gbhackers.com: Beware! Fake CAPTCHA Hidden LummaStealer Threat Installing Silently
- Cyber Security News: Beware! Fake CAPTCHA Scam That Silently Installs LummaStealer
- gbhackers.com: Lumma Stealer Using Fake Google Meet & Windows Update Sites to Launch “Click Fix� Style Attack
Pierluigi Paganini@Security Affairs
//
The Polish Space Agency (POLSA) has shut down its systems and disconnected from the internet following a major cyberattack detected over the weekend. The agency confirmed the unauthorized intrusion into its IT infrastructure, prompting an immediate response to secure sensitive data. Cybersecurity teams are actively working to restore operations, with the Polish Computer Security Incident Response Team (CSIRT NASK) and the Polish Military CSIRT (CSIRT MON) assisting POLSA in securing affected systems.
Poland's Minister of Digital Affairs, Krzysztof Gawkowski, stated that the systems under attack were secured and that intensive operational activities are underway to identify the perpetrators behind the cyberattack. While the exact nature of the breach remains undisclosed, sources suggest that POLSA’s internal email systems were compromised, forcing employees to communicate via phone. Amid escalating cyber threats, Poland is significantly ramping up its cybersecurity defenses, with suspicions pointing towards Russian involvement.
Recommended read:
References :
- Report Boom: Reportboom article on Polish Space Agency cyberattack.
- techcrunch.com: Details on the Polish Space Agency (POLSA) IT infrastructure breach
- thecyberexpress.com: Cyberattack on POLSA
- securityaffairs.com: Polish Space Agency POLSA disconnected its network following a cyberattack
- www.cysecurity.news: Poland’s space agency, POLSA, has reported a cyberattack on its systems, prompting an ongoing investigation.
@Talkback Resources
//
Google Cloud has launched quantum-safe digital signatures within its Cloud Key Management Service (Cloud KMS), now available in preview. This cybersecurity enhancement prepares users against future quantum threats by aligning with the National Institute of Standards and Technology’s (NIST) post-quantum cryptography (PQC) standards. The upgrade provides developers with the necessary tools to protect encryption.
Google's implementation integrates NIST-standardized algorithms FIPS 204 and FIPS 205, enabling signing and validation processes resilient to attacks from quantum computers. By incorporating these protocols into Cloud KMS, Google enables enterprises to future-proof authentication workflows, which is particularly important for systems requiring long-term security, such as critical infrastructure firmware or software update chains. This allows organizations to manage quantum-safe keys alongside classical ones, facilitating a phased migration.
Recommended read:
References :
- gbhackers.com: Google Introduces Quantum-Safe Digital Signatures in Cloud KMS
- BleepingComputer: Google Cloud has introduced quantum-safe digital signatures to its Cloud Key Management Service (Cloud KMS), making them available in preview.
- Talkback Resources: Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats [cloud] [crypto]
- gbhackers.com: Google Cloud has unveiled a critical cybersecurity upgrade: quantum-safe digital signatures via its Key Management Service (Cloud KMS), now available in preview.
- www.bleepingcomputer.com: BleepingComputer reports on Quantum-Safe Digital Signatures.
- The Quantum Insider: Google Expands Post-Quantum Cryptography Support with Quantum-Safe Digital Signatures
Chris Mellor@Blocks and Files
//
Rubrik has announced new AI-powered cyber resilience features designed to help organizations detect, repel, and recover from cyberattacks. These innovations aim to provide customers with an enhanced ability to anticipate breaches, detect potential threats, and recover with speed and efficiency, irrespective of where their data resides. The new capabilities, unveiled at Rubrik’s annual Cyber Resilience Summit, span across cloud, SaaS, and on-premises environments.
These new innovations include automated backups, granular recovery, extended retention, and compliance coverage. Rubrik Cloud Vault for AWS provides secure off-site archival location, with flexible policies and role-based access controls. Rubrik has also enhanced protection for Microsoft Dynamics 365 and sandbox seeding for Salesforce, planned for later this year. For on-premises environments, Identity Recovery across Entra ID and Active Directory is included, along with orchestrated Active Directory Forest Recovery.
Recommended read:
References :
- ai-techpark.com: Rubrik Unveils New Tools to Boost Cyber Resilience in Cloud & SaaS
- Blocks and Files: Cyber-resilience dominates the latest Rubrik features, with a dozen new protection points in its latest rollout that it says will help detect, repel, and recover from cyberattacks.
- CXO Insight Middle East: In its ongoing commitment to deliver comprehensive cyber resiliency, Rubrik announced significant innovations designed to enhance protection for cloud, SaaS, and on-premises environments.
|
|
FlagThis - #Cybersecurity