Aggregator

МВД предупредило о новой схеме заражения через Telegram.

SpyCloud has introduced enhancements to its SaaS Investigations solution, integrating advanced AI-powered insights that mirror the tradecraft of SpyCloud’s seasoned investigators. Building on the foundation of its IDLink identity analytics, this new capability further automates and accelerates complex cybercrime investigations, empowering security operations, cyber threat intelligence, and fraud and risk prevention teams to uncover critical findings faster than ever to combat evolving identity threats, including employment fraud. SpyCloud Investigations with AI Insights marks a pivotal … More →

The post SpyCloud adds AI Insights to Investigations, speeds insider and identity threat detection appeared first on Help Net Security.

KLM confirms a data breach exposing customer info via a third-party system, affecting names, contact details and Flying Blue membership data.

Nacos 漏洞检测工具推荐

Now available in Tenable One, Tenable AI Exposure gives you visibility into how your teams use AI platforms and where that usage could put your data, users and defenses at risk.

Artificial Intelligence platforms like ChatGPT Enterprise and Microsoft Copilot are changing how people work. From writing code and creating content to analyzing data and influencing decisions, these tools help teams move faster and be more productive.

But they also raise a big question for security: Do you actually know how people are using AI platforms at your company? It’s not just about what AI platforms are approved. It’s about what data is going in, how those tools are being used and whether your current security setup can even catch something like a prompt injection or a risky third-party tool. Most security solutions weren’t built for this. Tenable AI Exposure is.

Introducing Tenable AI Exposure

Tenable AI Exposure is a new capability built into Tenable One, our exposure management platform. It helps you see, secure and manage how your teams use AI platforms like ChatGPT Enterprise and Microsoft Copilot.

With Tenable AI Exposure, you can:

• See who’s using AI platforms and what they’re doing with them
• Track what data is going in and out
• Identify misconfigurations in AI platforms
• Detect unsafe third-party tools and integrations
• Uncover and mitigate prompt injection and jailbreak attempts

AI usage is now part of your modern attack surface and with its integration into Tenable One, you can manage AI platform risk just like you already handle vulnerability, cloud, operational technology (OT) and identity exposures.

AI use is growing fast. So are the risks.

AI platforms are catching on fast, and in many companies they are already part of the daily workflow. But most security teams are still flying blind. Leaders often think only a small percentage of employees are actively using AI. In reality, usage is far more widespread, and growing quickly.

That’s where Tenable comes in. We’ve always focused on helping you reduce risk by managing exposures. Now, we’ve added AI platform exposures to that list.

What you can do with Tenable AI Exposure

Tenable AI Exposure is built into the Tenable One Exposure Management Platform. That means you get all the benefits of exposure management, now with AI platform usage included. And since Tenable AI Exposure is agentless, you can get it running in minutes. Here’s what it helps you do:

• See how people use AI platforms and AI agents. Understand how employees interact with ChatGPT Enterprise and Microsoft Copilot, including what data is involved, how assistants and agents behave and which workflows those interactions trigger across your environment.

Source: Tenable, August 2025

• Spot and protect against AI-specific threats. Identify and disable prompt manipulation techniques like direct and indirect prompt injection or jailbreaks. Use built-in guardrails to protect against malicious actions triggered by AI agents, whether accidental or attacker-driven.

Source: Tenable, August 2025

 

• Catch risky setups before they become problems. Uncover AI misconfigurations, unsafe workflows, or tools connected to risky external systems.

Source: Tenable, August 2025 AI Exposure: Part of the Tenable One platform

The Tenable One Exposure Management Platform helps you understand and reduce risk across your attack surface, whether that’s vulnerabilities, cloud, identity, OT/IoT and, now, AI platforms.

Together with Tenable AI Aware, which uncovers AI tools across your environment, Tenable now provides one of the first end-to-end solutions to both discover and secure AI platform usage as part of your exposure management program.

Tenable AI Exposure is currently available in private customer preview. Sign up for the preview or talk to your Tenable account team to learn more.

Learn more

See how you can discover and secure AI platform usage. Visit Tenable AI Exposure.

A sophisticated new malware campaign has emerged that weaponizes fake CAPTCHA verification pages to trick users into executing malicious PowerShell commands, marking a significant evolution in browser-based attack methodologies. The campaign, dubbed “ClickFix,” represents what cybersecurity experts are calling a next-generation mutation of traditional fake browser update scams that dominated the threat landscape throughout 2024. […]

The post CAPTCHAgeddon – New ClickFix Attack Leverages Fake Captcha to Deliver Malware Payload appeared first on Cyber Security News.

The National Cyber Security Centre stressed that Britain was underestimating the severity of the risk to critical infrastructure from cyberattacks and provided updated guidance for operators to protect themselves.

Один необдуманный шаг — и ваш ПК уже исполняет чужую команду.

无人机巨头，如何解决地面上的麻烦事？

Pandora, the world-renowned Danish jewelry retailer, recently suffered a major cybersecurity incident involving unauthorized access to customer information through a third-party vendor platform. The company confirmed the cyberattack was promptly identified and contained, with immediate security reinforcements implemented. Official communications sent to customers, particularly in Italy, revealed the breach involved unauthorized access to an external […]

The post Pandora Jewellery Hit by Cyberattack, Customer Data Compromised appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle "Toha." Here's a deep dive on what's knowable about Toha, and a short stab at who got nabbed.

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle "Toha." Here's a deep dive on what's knowable about Toha, and a short stab at who got nabbed.

GuidePoint Security uncovers a new Akira ransomware tactic targeting SonicWall VPNs. The group's use of drivers to disable defenses is a significant threat to businesses.

Austin, TX, USA, 6th August 2025, CyberNewsWire

CISA published a Malware Analysis Report (MAR) with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities:

• CVE-2025-49704 [CWE-94: Code Injection],
• CVE-2025-49706 [CWE-287: Improper Authentication],
• CVE-2025-53770 [CWE-502: Deserialization of Untrusted Data], and
• CVE-2025-53771 [CWE-287: Improper Authentication]

Cyber threat actors have chained CVE-2025-49704 and CVE-2025-49706 (in an exploit chain publicly known as “ToolShell”) to gain unauthorized access to on-premises SharePoint servers. CISA analyzed six files including two Dynamic Link-Library (.DLL), one cryptographic key stealer, and three web shells. Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint host system and exfiltrate data.  

CISA added CVE-2025-49704 and CVE-2025-49706 to its Known Exploited Vulnerabilities Catalog on July 22, 2025, and CVE-2025-53770 on July 20, 2025.

CISA encourages organizations to use the indicators of compromise (IOCs) and detection signatures in this MAR to identify malware.

Downloadable copy of IOCs associated with this malware:

MAR-251132.c1.v1.CLEAR_stix2 (JSON, 84.95 KB )

Downloadable copies of the SIGMA rule associated with this malware:

CMA SIGMA 251132 1 (YAML, 4.22 KB ) CMA SIGMA 251132 2 (YAML, 2.86 KB ) CMA SIGMA 251132 (YAML, 5.55 KB )

For more information on the malware files and YARA rules for detection, see MAR-251132.c1.v1 Exploitation of SharePoint Vulnerabilities.

Disclaimer:  

The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA. 

Update (08/12/2025): CISA has updated this alert to provide clarification on identifying Exchange Servers on an organization’s networks and provided further guidance on running the Microsoft Exchange Health Checker.

Update (08/07/2025): CISA issued Emergency Directive (ED) 25-02: Mitigate Microsoft Exchange Vulnerability in response to CVE-2025-53786.

CISA is aware of the newly disclosed high-severity vulnerability, CVE-2025-53786, that allows a cyber threat actor with administrative access to an on-premise Microsoft Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. This vulnerability, if not addressed, could impact the identity integrity of an organization’s Exchange Online service. 

While Microsoft has stated there is no observed exploitation as of the time of this alert’s publication, CISA strongly urges organizations to implement Microsoft’s Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability guidance outlined below, or risk leaving the organization vulnerable to a hybrid cloud and on-premises total domain compromise.  

1. Organizations should first inventory all Exchange Servers on their networks (organizations should leverage existing visibility tools or publicly available tools, such as NMAP or PowerShell scripts, to accomplish this task).
2. If using Exchange hybrid, review Microsoft’s guidance Exchange Server Security Changes for Hybrid Deployments to determine if your Microsoft hybrid deployments are potentially affected and available for a Cumulative Update (CU).
3. Install Microsoft’s April 2025 Exchange Server Hotfix Updates on the on-premise Exchange server and follow Microsoft’s configuration instructions Deploy dedicated Exchange hybrid app.
4. For organizations using Exchange hybrid (or have previously configured Exchange hybrid but no longer use it), review Microsoft's Service Principal Clean-Up Mode for guidance on resetting the service principal’s keyCredentials.
5. Upon completion, run the Microsoft Exchange Health Checker with appropriate permissions to identify the CU level of each Exchange Server identified and to determine if further steps are required.

CISA highly recommends entities disconnect public-facing versions of Exchange Server or SharePoint Server that have reached their end-of-life (EOL) or end-of-service from the internet. For example, SharePoint Server 2013 and earlier versions are EOL and should be discontinued if still in use.   

Organizations should review Microsoft’s blog Dedicated Hybrid App: temporary enforcements, new HCW and possible hybrid functionality disruptions for additional guidance as it becomes available. 

Disclaimer:   

The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.  

The public meetings will include updates on NIST’s investigations into the impacts of Hurricane Maria and the partial collapse of the Champlain Towers South.

ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls. [...]

The company will integrate Prompt Security's platform, which detects AI tools used in browsers and on desktops, into its Singularity platform.