"We don’t just want payment; we want accountability." The malicious hackers behind the Interlock ransomware try to justify their attacks.

Learn more about what you need to know about Interlock in my article on the Tripwire blog.

https://www.tripwire.com/state-of-security/interlock-ransomware-what-you-need-know

#cybersecurity #ransomware #clickfix

#X hits pause on its encrypted DMs feature

https://techcrunch.com/2025/05/29/x-hits-pause-on-its-encrypted-dms-feature/

#cybersecurity #Twitter

#Microsoft is opening #WindowsUpdate to third-party apps

https://www.theregister.com/2025/05/28/microsoft_update_backup/

#cybersecurity #Windows

#VictoriasSecret hit by outages as it battles security incident

https://techcrunch.com/2025/05/28/victorias-secret-hit-by-outages-as-it-battles-security-incident/

#cybersecurity

New #PumaBot #botnet brute forces #SSH credentials to breach devices

https://www.bleepingcomputer.com/news/security/new-pumabot-botnet-brute-forces-ssh-credentials-to-breach-devices/

#cybersecurity

#Pakistan Arrests 21 in ‘#Heartsender’ #Malware Service

https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/

#cybercrime #cybersecurity

#Interlock #ransomware gang deploys new #NodeSnake #RAT on universities

https://www.bleepingcomputer.com/news/security/interlock-ransomware-gang-deploys-new-nodesnake-rat-on-universities/

#cybersecurity #education

#Botnet hacks 9,000+ #ASUS routers to add persistent #SSH #backdoor

https://www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/

#cybersecurity

#Cyberattack Surge Creates Opportunity for Insurers, Prompts Rethink on Premiums

https://www.bloomberg.com/news/articles/2025-05-28/cyberattack-surge-creates-opportunity-for-insurers-prompts-rethink-on-premiums

#cybersecurity

#DragonForce #ransomware abuses #SimpleHelp in #MSP #SupplyChain attack

https://www.bleepingcomputer.com/news/security/dragonforce-ransomware-abuses-simplehelp-in-msp-supply-chain-attack/

#cybersecurity #cybercrime

1. Hacker News, a #CyberSecurity newsletter, is sent from a domain where DMARC policy is p=none, which tells email providers, like gmail, to deliver all email that is screaming, "I am a Hacker News spoof email sent by a POS scammer" to the intended recipient anyway. p=none means take no action, even if you know it's a scam. Spam folder optional. Email services and clients will oblige. WTF Hacker News?

2. Hacker News is also using an insecure signature algorithm for signing their newsletter.

3. An extremely well-known Cybersecurity expert is sending the newsletter from a domain that has no DMARC record at all, so all spoof emails claiming to be from them will be delivered. And likely this is being constantly exploited. A DMARC policy of p="reject" would have those spoof emails trashed and not delivered. But no DMARC policy means "whatever, and I don't want to know". So, spoof emails go through unstopped and no reports of abuse are being sent to this person either. And it's their job to tell us how to stay secure and not be fooled by spoof emails. WTF?

Sometimes I don't understand how things work in the world.

#HackerNews #spoofing #EmailSecurity

Iranian pleads guilty to #RobbinHood #ransomware attacks, faces 30 years

https://www.bleepingcomputer.com/news/security/iranian-pleads-guilty-to-robbinhood-ransomware-attacks-faces-30-years/

#Iran #cybersecurity #cybercrime

#CISA loses nearly all top officials as purge continues

https://www.cybersecuritydive.com/news/cisa-senior-official-departures/748992/

#cybersecurity #politics

#MATLAB dev confirms #ransomware attack behind service outage

https://www.bleepingcomputer.com/news/security/mathworks-blames-ransomware-attack-for-ongoing-outages/

#MathWorks #cybersecurity

Russian #LaundryBear cyberspies linked to #Dutch Police hack

https://www.bleepingcomputer.com/news/security/russian-void-blizzard-cyberspies-linked-to-dutch-police-breach/

#cybersecurity #Russia #politics #Netherlands #VoidBlizzard

How a #Spyware App Compromised #Assad’s Army

https://newlinesmag.com/reportage/how-a-spyware-app-compromised-assads-army/

#Syria #cybersecurity #politics

When disaster hits your company, will you or your boss be left napping like Heathrow’s boss?

Make sure there’s a way to rouse critical staff when a genuine emergency happens.

https://www.bbc.co.uk/news/articles/c62n0y3nepzo

#cybersecurity

"With President Donald Trump’s return to the White House and the US government’s digital surveillance machine more powerful than ever, digital privacy should be top of mind. But the digital security world can be confusing—and there’s the larger question of why. You may think, if I’m just a regular person, why is my digital privacy important?

Then there are the practical questions. What’s the best password manager? How can you keep your digital life under wraps at the border? And what kind of VPN should you be using? Is AI scraping my data?

WIRED senior writer and security expert Matt Burgess spoke with readers in a Reddit AMA this month about the basics of keeping your digital footprint locked down. Here’s what to know and why it’s important."

https://www.wired.com/story/guide-protect-data-from-hackers-corporations/

#CyberSecurity #Privacy #Hacking #VPNs #DataProtection #Surveillance

Cybersecurity firm Kapersky reports that over 7 million accounts from streaming services have been compromised, including Netflix, Prime Video, Disney+, HBO Max, and Apple TV+. Read more at @TechRadar. #Cybersecurity #Streaming #Kapersky #Netflix #Tech #Technology. https://flip.it/yoNT3n

"The curse of prompt injection continues to be that we’ve known about the issue for more than two and a half years and we still don’t have convincing mitigations for handling it.

I’m still excited about tool usage—it’s the next big feature I plan to add to my own LLM project—but I have no idea how to make it universally safe.

If you’re using or building on top of MCP, please think very carefully about these issues:

Clients: consider that malicious instructions may try to trigger unwanted tool calls. Make sure users have the interfaces they need to understand what’s going on—don’t hide horizontal scrollbars for example!

Servers: ask yourself how much damage a malicious instruction could do. Be very careful with things like calls to os.system(). As with clients, make sure your users have a fighting chance of preventing unwanted actions that could cause real harm to them.

Users: be thoughtful about what you install, and watch out for dangerous combinations of tools."

https://simonwillison.net/2025/Apr/9/mcp-prompt-injection/

#AI #GenerativeAI #LLMs #Chatbots #CyberSecurity #MCP #PromptInjection

Adidas customers' personal information at risk after third-party data breach.

Once again, a third-party's cybersecurity has damaged the brand reputation of a world-renowned brand, and endangered consumers.

Read more in my article on the Bitdefender blog:
https://www.bitdefender.com/en-us/blog/hotforsecurity/adidas-customers-personal-information-at-risk-after-data-breach

#cybersecurity #databreach

#CRA & #NIS2 are here. Is your #opensource project ready for #EU regulations? 📜 Stay compliant. Find out more at the #open4business at this year's #openSUSE Conference. https://events.opensuse.org/ #CyberSecurity

A Starter #Guide to Protecting Your Data From Hackers and Corporations

https://www.wired.com/story/guide-protect-data-from-hackers-corporations/

#cybersecurity

Why the #iPhone's Messages App Refuses Audio Messages That Mention 'Dave & Buster's'

https://apple.slashdot.org/story/25/05/26/0159210/why-the-iphones-messages-app-refuses-audio-messages-that-mention-dave-busters

#cybersecurity #Apple

Fake #Zenmap. #WinMRT sites target IT staff with #Bumblebee #malware

https://www.bleepingcomputer.com/news/security/bumblebee-malware-distributed-via-zenmap-winmrt-seo-poisoning/

#cybersecurity