-
US government shutdown affecting CISA hampers threat-intelligence sharing
The recent lapse in critical information sharing at the Cybersecurity and Infrastructure Security Agency (CISA) has raised significant concerns among stakeholders. This breakdown in communication hampers the agency’s ability to effectively respond to emerging threats and protect vital infrastructure. As cyber threats continue to evolve, the need for timely and accurate information sharing becomes increasingly…
-
New self-replicating WhatsApp malware called SORVEPOTEL
Brazilian users have become the primary target of a new self-propagating malware campaign, codenamed SORVEPOTEL by Trend Micro. This malware exploits the trust associated with the popular messaging app WhatsApp to extend its reach across Windows systems. Researchers, including Jeffrey Francis Bonaobra, Maristel Policarpio, Sophia Nilette Robles, Cj Arsley Mateo, Jacob Santos, and Paul John…
-
Ransomware-As-A-Service (RAAS) malware changing tactics – again
Threat analysts at the cyber security firm Barracuda have noted a shift in tactics employed by the Akira ransomware-as-a-service operation. This shift involves moving away from custom malware tools to utilising living-off-the-land techniques. Barracuda’s Managed XDR team recently mitigated an Akira ransomware attack that attempted to evade detection by exploiting existing tools within the target’s…
-
When loading a machine learning model means loading an assailant
Organisations often underestimate the risks associated with downloading and loading machine learning models, similar to the caution exercised when opening unfamiliar email attachments or downloading random apps. A recent study by Researchers from Politecnico Di Milano revealed that loading a shared model can pose risks comparable to executing untrusted code. Their tests identified six previously…
-
Android spyware masquerading as Signal encryption plugins
Cybersecurity researchers have identified two Android spyware campaigns, named ProSpy and ToSpy, which impersonate popular applications like Signal and ToTok to target users in the United Arab Emirates (U.A.E.). Slovak cybersecurity firm ESET reported that these malicious apps are distributed through deceptive websites and social engineering tactics, tricking unsuspecting users into downloading them. Once installed,…
-
KillSec and Yurei execute successful ransomware attacks
Ransomware gangs continue to evolve, with some reemerging stronger than ever. The BlackCat ransomware gang, for instance, ceased operations in March 2024 following an exit scam, while LockBit quickly revived itself after law enforcement actions. Variants like LockBit have shown resilience, evolving into LockBit 5.0, which features faster encryption, enhanced evasion techniques, and a revamped…
-
OneLogin vulnerability allows API key exploits to obtain OIDC secrets and impersonate applications
A high-severity security flaw has been identified in the One Identity OneLogin Identity and Access Management (IAM) solution, which could potentially expose sensitive OpenID Connect (OIDC) application client secrets if exploited. This vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It is classified as a case of incorrect…
-
Increasing concerns about AI cybersecurity
As the final quarter of 2025 approaches, Artificial Intelligence (AI) remains a focal point in enterprise technology discussions. A global survey by McKinsey & Company indicates that 78% of organisations are now utilising AI in at least one business function. In the realm of cybersecurity, some experts express optimism that defensive AI could provide enterprises…
-
Windows 10 EOL threatens enterprise security networks
Windows 10 is set to reach its end-of-life on October 14, 2025, marking a significant turning point for enterprise systems worldwide. This transition will result in a threefold increase in the number of vulnerable systems, as organisations that continue to rely on Windows 10 will no longer receive critical security updates or support. Cybercriminals are…
-
UNE Armidale to provide artificial intelligence tools to all students
The University of New England (UNE) is set to launch an innovative AI platform called Madgwick next month, designed to empower students in building their own AI assistants as study aids. Named after the university’s first vice-chancellor, the Madgwick platform is developed in collaboration with Newcastle, NSW startup Simtheory. This integrated AI workspace allows students…
