Cyber Security Headlines

Hackers are now leveraging Windows Hyper-V to slip past detection systems seamlessly. A critical flaw in Cisco's UCCX allows attackers to execute commands as root, raising serious security concerns. In a surprising twist, it's revealed that The Louvre's video security systems were compromised due to a weak password and outdated software. Meanwhile, recent cyberattacks in Poland target key infrastructures, highlighting the evolving threat landscape. A look ahead shows projections for the most common passwords of 2025 will still be shockingly simplistic.

Google reveals its discovery of PromptFlux, an AI-driven malware using Gemini to evade detection. CISA issues a crucial alert regarding a remote code execution flaw in CentOS WebPanel that is being actively exploited. A new threat group is targeting academics by impersonating think-tank figures to steal credentials. Meanwhile, recent incidents highlight ongoing OT security challenges in manufacturing. Additionally, AMD releases a microcode patch for a significant bug that threatens cryptography.

A trio of hacker groups, Scattered Spider, LAPSUS$, and ShinyHunters, has unified into a powerful collective. A significant data breach at Nikkei affects 17,000 individuals, exposing sensitive information. Additionally, a serious flaw in React Native's NPM leaves users vulnerable to remote code execution attacks. Meanwhile, data theft incidents are soaring, with millions of records compromised across various institutions. Cybersecurity remains a pressing concern, as threats evolve and impact organizations globally.

Explore the rising threat of the 'SleepyDuck' VS Code extension that utilizes Ethereum for nefarious command server updates. Dive into the alarming misuse of OpenAI’s API for espionage by SesameOp. Discover how cybercriminals are colluding with organized crime to hijack physical cargo shipments. Learn about new Windows vulnerabilities that can lead to remote code execution. The world of cyber threats is evolving, and the stakes have never been higher!

Join Davi Ottenheimer, VP of Digital Trust and Ethics at Inrupt, and Rob Teel, Field CTO at GigaOm, as they dive into critical cybersecurity insights. They explore the implications of the recent F5 breach, question the value of Microsoft’s new memory scan feature, and discuss the controversial use of LinkedIn data for AI training. The conversation also highlights how retailer cyberattacks can inadvertently boost competitors' sales and looks at Azure’s delay in making private subnets default. It’s a jam-packed dialogue on the future of technology and security!

Australia is sounding the alarm on BADCANDY attacks targeting unpatched Cisco devices. The podcast details how Storm 1849, linked to Chinese hackers, exploits Cisco ASA firewalls used globally. In a groundbreaking development, OpenAI's Aardvark GPT-5 agent automates the detection and fixing of code flaws. Other highlights include discussions on the FCC's controversial plans to roll back cybersecurity mandates for telecoms, and rising NFC relay malware incidents in Europe targeting payment card data.

LinkedIn is requiring users to opt out of its data for AI training by Monday. Rumors swirl around potential leaders for the NSA amidst organizational shake-ups. The Python Software Foundation steps back from a U.S. grant over diversity and inclusion concerns. In a twist, retail giant Next sees a sales spike after a rival's cyberattack. Plus, WhatsApp introduces a new passkey feature for encrypted backups, enhancing user security. And don't miss the latest phishing tactics targeting agricultural forums.

A confirmed data breach at LG Uplus raises concerns over possible ties to Chinese or North Korean hackers. The Conduent incident exposes over 10 million records, significantly impacting Medicaid data. Meanwhile, Russian hackers are exploiting legitimate tools to target Ukraine, while Koi Security uncovers a malware campaign that steals critical data via hidden dependencies. Innovations in security include a new photonic encryption system to shield data from interception. In other news, an ex-executive faces charges for selling government zero-day exploits.

Discover the latest in cyber threats, including Herodotus, an Android banking malware that mimics human typing to dodge detection. Learn how sanctions are complicating nation-state cyber operations without stopping attacks. Dive into a fascinating side-channel attack that reveals secrets from Intel and AMD's DDR5 technology. Plus, hear about the Atroposia RAT, designed for low-skilled attackers, and the FCC's new rules to combat robocalls. Stay informed on growing cybersecurity risks in the trucking industry!

Researchers uncovered a serious security risk with the Atlas browser, allowing malicious URL prompts to compromise data. AI is spotlighted for its potential in diagnosing software vulnerabilities, while X (formerly Twitter) mandates re-registration of security keys as they phase out the old domain. Kaspersky links Italian Dante spyware to trolls targeting Eastern Europe. Major attacks are exploiting vulnerabilities in popular WordPress plugins, and a data breach exposes student information from an Iranian academy.