Author: CybersecurityNews

Government IT contractor Conduent says ‘third-party compromise’ caused outages
Summary: A cyberattack on Conduent, a government technology contractor, led to significant operational disruptions affecting various state services. The company confirmed a third-party compromise of its operating systems, resulting in delays in processing payments for programs like Medicaid and child support. Although the incident was contained, the extent of the attack and whether data was stolen remains unclear.…
Read More
Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack
Summary: The largest DDoS attack recorded peaked at 5.6 Tbps, utilizing a Mirai-based botnet with 13,000 compromised devices, targeting an ISP in Eastern Asia. Cloudflare reports a significant rise in hyper-volumetric DDoS attacks, with a notable increase in short-lived attacks that complicate human response efforts. The trend indicates a growing threat landscape, particularly during peak usage periods, leading to an increase in ransom DDoS attacks.…
Read More
TSA chief behind cyber directives for aviation, pipelines and rail ousted by Trump team
Summary: The Transportation Security Administration (TSA) administrator David Pekoske was removed from his position by the Trump administration, despite having been appointed during Trump’s first term and later renewed by President Biden. Pekoske played a significant role in enhancing cybersecurity measures across transportation sectors, particularly following the Colonial Pipeline ransomware attack.…
Read More
Microsoft previews Game Assist in-game browser in Edge Stable
Summary: Microsoft has launched Game Assist, a new in-game browser feature for Edge Stable users, designed to enhance the gaming experience by providing tips and guides while playing. This overlay can be accessed through the Game Bar and is optimized for various popular games. The feature is now available without needing to switch from the default Edge browser, making it more accessible for gamers.…
Read More
Fake Homebrew Google ads target Mac users with malware
Summary: Hackers are exploiting Google ads to distribute malware through a counterfeit Homebrew website, targeting Mac and Linux users with an infostealer known as AmosStealer. This malware is designed to extract sensitive information, including credentials and cryptocurrency wallets. Security experts warn users to be cautious of sponsored ads and to verify the legitimacy of websites before downloading software.…
Read More
7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now
Summary: A critical vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) security feature, enabling code execution on users’ systems when extracting malicious files from nested archives. This flaw, tracked as CVE-2025-0411, has been patched, but many users may still be vulnerable due to the lack of an auto-update feature.…
Read More
Bitbucket services “hard down” due to major worldwide outage
Summary: Atlassian Bitbucket is currently experiencing a significant outage affecting its cloud services, leaving customers unable to access various functionalities. The incident, which has been reported by numerous users, is attributed to a saturated database impacting all operations. Bitbucket is actively investigating the issue and working towards a resolution.…
Read More
Criminal IP Teams Up with OnTheHub for Digital Education Cybersecurity
Summary: AI SPERA has partnered with OnTheHub to offer its Criminal IP cybersecurity solution to students and educational institutions at affordable prices. This initiative aims to enhance cybersecurity awareness and protection in the education sector, providing globally compliant solutions. The partnership will facilitate access to high-quality threat intelligence data for academic purposes, thereby reinforcing the cybersecurity infrastructure in educational organizations worldwide.…
Read More
Hackers impersonate Ukraine’s CERT to trick people into allowing computer access
Summary: Ukrainian researchers have uncovered a cyber campaign where attackers impersonate tech support from CERT-UA to gain unauthorized access to victims’ devices. Utilizing AnyDesk, a legitimate remote desktop software, the intruders claim to conduct “security audits” to exploit trust and authority. The campaign highlights the growing number of cyberattacks targeting Ukraine, with a significant increase in incidents reported over the past year.…
Read More
Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties
Summary: A former CIA analyst, Asif William Rahman, pleaded guilty to transmitting top secret National Defense Information to unauthorized individuals and attempted to conceal his actions. Meanwhile, the Philippines arrested a Chinese national and two Filipinos for conducting espionage activities related to critical infrastructure. Both incidents highlight ongoing security threats and breaches involving sensitive information and national defense.…
Read More
Russian ransomware hackers increasingly posing as tech support on Microsoft Teams
Summary: Russian cybercriminals are executing a new scam by impersonating tech support on Microsoft Teams to install ransomware on victims’ networks. British cybersecurity firm Sophos reported over 15 incidents involving two groups leveraging Microsoft Office 365 settings for social engineering attacks. The report highlights connections between one group and Storm-1811, while the other may have ties to the FIN7 cybercrime group.…
Read More
HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects
Summary: The article discusses the common challenges faced in penetration testing, such as lack of visibility, dependence on final reports, and coordination issues among remote teams. It introduces HackGATE, a managed gateway solution designed to enhance transparency and control in pentesting projects. By addressing these challenges, HackGATE aims to improve the quality and thoroughness of penetration tests in the cybersecurity industry.…
Read More
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
Summary: The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about ongoing social engineering attempts by unknown threat actors impersonating the agency through AnyDesk connection requests. These requests aim to exploit user trust under the guise of conducting security audits, highlighting the need for vigilance and proper communication protocols.…
Read More
PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
Summary: Cybersecurity researchers have identified a series of cyber attacks targeting Chinese-speaking regions using a malware known as ValleyRAT. These attacks utilize a multi-stage loader called PNGPlug to deliver the malware through a phishing scheme disguised as legitimate software. The campaign highlights the attackers’ sophisticated methods, including the use of benign applications to conceal malicious activities.…
Read More
Rising Threat: Surge in Infostealer Malware Compromises Philippine Institutions
Summary: The Philippines is experiencing a significant rise in infostealer malware attacks, particularly targeting educational institutions and government agencies. This malware is designed to extract sensitive data, leading to serious security breaches and risks for both institutions and individuals. Enhanced cybersecurity measures and proactive defenses are urgently needed to combat this growing threat.…
Read More
Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes
Summary: Marco Raquan Honesty, a 28-year-old from Washington, has pleaded guilty to multiple fraud schemes resulting in over $600,000 in losses. His criminal activities included COVID relief fraud, smishing scams, and bank account takeovers, among others. Investigators seized numerous devices and materials related to his fraudulent operations during a search of his residence.…
Read More