Schneier on Security
APRIL 1, 2025
I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it still recoverable?
Troy Hunt
MARCH 30, 2025
Well, this certainly isn't what I expected to be talking about this week! But I think the fact it was someone most people didn't expect to be on the receiving end of an attack like this makes it all the more consumable. I saw a lot of "if it can happen to Troy, it can happen to anyone" sort of commentary and whilst it feels a bit of obnoxious for me to be saying it that way, I appreciate the sentiment and the awareness it drives.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
APRIL 1, 2025
Tax season is in full force, and with the filing deadline fast approaching on April 15, scammers are happy to use that sense of urgency to coax us into handing them our cash. In one example, one of our customers recently received an email with an attachment titled “Urgent reminder. The attachment was a PDF file with a QR code in it. Tax Services Department Important Tax Review and Update Required by 2025-03-16!
eSecurity Planet
APRIL 2, 2025
In a troubling security breach, a hacker exposed the personal data of over 270,000 Samsung customers in Germany, freely dumping it on the internet. The hack, attributed to a cybercriminal operating under the alias GHNA, occurred when the attacker accessed a system used by Samsungs German customer service. According to cybersecurity firm Hudson Rock, the hack was made possible by a set of stolen credentials compromised in 2021.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
APRIL 3, 2025
If you’ve ever taken a computer security class, you’ve probably learned about thethree legs of computer security—confidentiality, integrity, and availability—known as the CIA triad. When we talk about a system being secure, that’s what we’re referring to. All are important, but to different degrees in different contexts.
Adam Shostack
APRIL 2, 2025
Big news for LLMs in threat modeling! Threat Modeling Matthew Adams introduced TM-Bench The World's First LLM Threat Modeling Benchmark. Im glad to see this, testing and evaluation is important. Tony Lee has released DeepTM , a tool for chaining threat models. (Tony was nice enough to help me find the core code for the agents.) As a general comment on these systems, LLMs are tremendously reactive to very small wording changes.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Google Security
APRIL 4, 2025
Posted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini team Today, were announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers. As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability.
Schneier on Security
APRIL 2, 2025
John Kelsey and I wrote a short paper for the Rossfest Festschrift : “ Rational Astrologies and Security “: There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identified by Randy Steve Waldman [Wal12], the term refers to something people treat as though it works, generally for social or institutional reasons, even when theres little e
Security Affairs
MARCH 30, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware called RESURGE. The malicious code has been used in attacks targeting the flaw CVE-2025-0282 in Ivanti Connect Secure (ICS) appliances.
Malwarebytes
APRIL 3, 2025
Up to one in five of the most popular mobile VPNs for iOS last year are owned by Chinese companies that do their best to hide the fact. In at least one case, the owner is on a US blacklist. That’s according to a report from the non-profit Tech Transparency Project (TTP), who investigated the top 100 mobile VPN apps downloaded from Apple’s App Store as documented by mobile intelligence company AppMagic.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Last Watchdog
APRIL 4, 2025
New York, NY, Apr. 3, 2025 YRIKKA has released the first publicly available API for agentic red teaming of Visual AI assets. This release comes at the heels of YRIKKA successfully raising its pre-seed funding round of $1.5M led by Focal and Garuda Ventures. The company was founded by Dr. Kia Khezeli (CEO) and Dr. John Kalantari (CTO), both of whom previously led machine learning projects with the Mayo Clinic, NASA, Intel, and Google.
Security Boulevard
APRIL 3, 2025
Bad Apple: Chinese firm banned by the U.S. is the shady entity behind a clutch of free VPN appswith over a million downloads. The post App Stores OKed VPNs Run by China PLA appeared first on Security Boulevard.
Security Affairs
APRIL 2, 2025
A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking popular smartphone models.
Malwarebytes
APRIL 3, 2025
Recently weve been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. There are several reasons why cybercriminals might want to use QR codes: The QR code is likely to be scanned with a phone, which are often less well protected against malicious websites or even completely unprotected.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
eSecurity Planet
MARCH 31, 2025
Streaming giant Netflix is at the center of a rising wave of online scams, cybersecurity experts warn. Fraudsters use increasingly sophisticated tactics from fake texts to deceptive emails and websites to steal Netflix users personal and financial information. With over 230 million subscribers worldwide, Netflix has become one of the most impersonated brands by cybercriminals.
Krebs on Security
APRIL 4, 2025
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI).
Security Affairs
APRIL 2, 2025
FIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access to compromised Windows systems. The threat actor FIN7 , also known as Savage Ladybug, has developed a new Python-based malware, named Anubis Backdoor, which allows attackers to gain full remote control over infected Windows systems. It executes shell commands and system operations while using obfuscation to evade detection.
Tech Republic Security
APRIL 2, 2025
Amid a sharp spike in ransomware attacks disrupting essential services and critical infrastructure, the U.K. government has set out the scope of its upcoming Cyber Security and Resilience Bill for the first time. It aims to patch the holes in the countrys existing cyber regulations and protect critical infrastructure from ransomware and other attack types.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
eSecurity Planet
APRIL 3, 2025
The European Commission is making a massive 1.3 billion ($1.4 billion) bet on Europes digital future, with a strong focus on shoring up cybersecurity defenses, boosting artificial intelligence, and closing the digital skills gap. The funding, part of the Digital Europe Programme (DIGITAL) for 2025-2027, aims to strengthen Europes tech sovereignty and protect critical infrastructure from growing cyber threats.
SecureWorld News
MARCH 31, 2025
Each year on March 31st, just before April Fool's Day, cybersecurity professionals, IT teams, and business leaders alike are reminded of a simple truth: data loss isn't a matter of if, but when. World Backup Day is more than a calendar curiosityit's a call to action. In a digital world defined by ransomware, cloud sprawl, and hybrid infrastructures, the ability to recover data quickly and securely is one of the most important indicators of an organization's cyber resilience.
Security Affairs
APRIL 1, 2025
Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code. Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825 , in the CrushFTP file transfer software. Attackers are using exploits based on publicly available proof-of-concept exploit code.
Security Boulevard
APRIL 4, 2025
CISA, the FBI, and NSA issued an advisory about the national security threat posed by "fast flux," a technique used by threat actors to evade detection of their C2 infrastructures that has been around for two decades but has seen a resurgence in use by ransomware gangs and nation-state bad actors. The post Longtime Fast Flux Evasion Technique Now a National Security Threat appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
APRIL 4, 2025
Security researcher Evan Connelly discovered an enormous flaw affecting one of the largest telecommunications companies in the world that could allow any single person to view the recent incoming call log for potentially any Verizon phone number. “In short, anyone could lookup data for anyone,” Connelly said. A vulnerability in the Verizon Call Filter iOS app allowed anyone to request the call logs of millions of US Verizon customers.
SecureList
APRIL 2, 2025
In early March, we published a study detailing several malicious campaigns that exploited the popular DeepSeek LLM as a lure. Subsequent telemetry analysis indicated that the TookPS downloader , a malware strain detailed in the article, was not limited to mimicking neural networks. We identified fraudulent websites mimic official sources for remote desktop and 3D modeling software, alongside pages offering these applications as free downloads.
Security Affairs
APRIL 1, 2025
Microsofts offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers. Researchers at Microsofts Offensive Research and Security Engineering (MORSE) team have discovered a critical code execution vulnerability, tracked as CVE-2025-1268 (CVSS score of 9.4), impacting Canon printer drivers. The vulnerability is an out-of-bounds issue that resides in certain printer drivers for production printers, office/small office multifunction printers and laser
Security Boulevard
MARCH 31, 2025
The question is no longer whether AI-driven scams will target your business, but how prepared you are to counter them. The post Online Scams in the Age of AI appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Malwarebytes
APRIL 3, 2025
Not one but several worried parents that tracked their children by using T-Mobile tracking devices suddenly found that they were looking at the location of random other children. And could not locate their own. T-Mobile sells a small GPS tracker called SyncUP , which can be used to track, among others, the locations of young children who dont have cell phones yet.
SecureWorld News
APRIL 2, 2025
The latest wave of privacy litigation doesn't involve data breaches, AI models, or spyware. It involves tracking pixelsand legal theories pulled from a time when Blockbuster Video was still a thing. Companies across industries are being sued for using widely available web technologies: session replay tools, analytics platforms, and advertising trackers.
Security Affairs
APRIL 2, 2025
Hackers are scanning for vulnerabilities in Palo Alto Networks GlobalProtect portals, likely preparing for targeted attacks. Researchers at the threat intelligence firm GreyNoise warn of hackers that are scanning for vulnerabilities in Palo Alto Networks GlobalProtect portals, likely preparing for targeted attacks, warns threat intelligence firm GreyNoise.
Security Boulevard
APRIL 4, 2025
Hunters International, the RaaS group that some believe evolved from Hive, appears to be rebranding and shifting operations, moving away from an unprofitable and risky ransomware business and focusing solely on exfiltrating data and extorting victims, say Group-IB researchers. The post Hunters International Dumps Ransomware, Goes Full-on Extortion appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
255 
Let's personalize your content