Check out expert recommendations for protecting your AI system data. Plus, boost your IT department’s cybersecurity skills with a new interactive framework. In addition, learn about a malware campaign targeting critical infrastructure orgs. And get the latest on Russian cyber espionage and on a NIST effort to enhance vulnerability prioritization.
Dive into five things that are top of mind for the week ending May 23.
1 - Cyber agencies offer AI data security best practicesWith organizations gleefully deploying artificial intelligence (AI) tools to enhance their operations, cybersecurity teams face the critical task of securing AI data.
If your organization is looking for guidance on how to protect the data used in AI systems, check out new best practices released this week by cyber agencies from Australia, New Zealand, the U.K. and the U.S.
“This guidance is intended primarily for organizations using AI systems in their operations, with a focus on protecting sensitive, proprietary or mission-critical data,” reads the document titled “AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems.”
“The principles outlined in this information sheet provide a robust foundation for securing AI data and ensuring the reliability and accuracy of AI-driven outcomes,” it adds.
By drafting this guidance, the authoring agencies seek to accomplish three goals:
Here’s a small sampling of recommended best practices in the 22-page document:
For more information about AI data security, check out these Tenable resources:
Security skills must extend beyond an organization’s cyber team and across your IT department – but how?
It’s a question that the Linux Foundation and the Open Source Security Foundation have tried to answer with a new reference framework that maps required cyber skills across 14 IT department roles.
The new “Cybersecurity Skills Framework,” available via an interactive web interface, is meant to be a “starting point” for organizations to then adjust the framework’s guidance based on their specific needs and requirements.
“The framework provides leaders with an easy way to understand the cybersecurity skills needed, quickly identify knowledge gaps, and incorporate critical skills into all of their IT roles,” the Linux Foundation and OpenSSF said in a statement.
“By establishing a shared language for cybersecurity readiness, the framework prepares everyone who touches a system to take responsibility for security, not just the cybersecurity specialists,” the organizations added.
The required cyber skills are organized into three categories for each IT role: basic, intermediate and advanced. For example, for a web developer the framework lists nine basic cybersecurity skills, seven intermediate ones and five advanced ones.
Cybersecurity skills for a web developer include:
For more information about cybersecurity skills enterprises need today:
Cyber attackers are deploying the LummaC2 malware in an attempt to breach the networks of U.S. critical infrastructure organizations and steal sensitive data.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued the warning this week in a joint advisory that outlines attackers’ TTPs and indicators of compromise, along with recommended mitigations.
“LummaC2 malware is able to infiltrate victim computer networks and exfiltrate sensitive information, threatening vulnerable individuals’ and organizations’ computer networks across multiple U.S. critical infrastructure sectors,” the advisory reads.
Cyber attackers use spearphishing methods to trick victims into downloading legit-looking apps that contain the LummaC2 malware, which has been available in cybercriminal forums since 2022. The malware’s obfuscation methods allow it to bypass standard cyber controls.
“Once a victim’s computer system is infected, the malware can exfiltrate sensitive user information, including personally identifiable information, financial credentials, cryptocurrency wallets, browser extensions, and multifactor authentication (MFA) details without immediate detection,” the advisory reads.
Mitigation recommendations include:
For more information about OT systems cybersecurity, check out these Tenable resources:
Cyber attackers backed by Russia’s GRU military intelligence unit have unleashed an aggressive cyber espionage campaign targeting U.S. and European technology companies and logistics providers involved in delivering aid to Ukraine.
That’s according to the joint advisory “Russian GRU Targeting Western Logistics Entities and Technology Companies” published this week by cybersecurity and law enforcement agencies from 11 countries, including Australia, Canada, France, Germany, the U.K. and the U.S.
“This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide-scale targeting of IP cameras in Ukraine and bordering NATO nations,” the 33-page document reads.
The group carrying out the cyber espionage campaign, known by various names, including APT28 and Fancy Bear, uses multiple tactics, techniques and procedures (TTPs) to gain initial access to victims’ networks, including:
The advisory’s mitigation recommendations include:
For more information about APT28 / Fancy Bear:
Knowing which vulnerabilities have been exploited in the wild is priceless information for a security team as it prioritizes which ones to patch first.
Now, the U.S. National Institute of Standards and Technology has come up with a set of calculations designed to determine a vulnerability’s exploitation chances.
“Only a small fraction of the tens of thousands of software and hardware vulnerabilities that are published every year will be exploited. Predicting which ones is important for the efficiency and cost effectiveness of enterprise vulnerability remediation efforts,” reads NIST’s white paper “Likely Exploited Vulnerabilities: A Proposed Metric for Vulnerability Exploitation Probability,” published this week.
NIST calls the metric LEV, which stands for “likely exploited vulnerabilities.” LEV, NIST says, may help augment both the Known Exploited Vulnerabilities Catalog (KEV) database and the
Exploit Prediction Scoring System (EPSS) by adding entries to the former and enhancing the latter’s accuracy.
The LEV equation, which has been implemented using Python and uses data from the National Vulnerability Database (NVD), KEV and EPSS, is “mathematically sound” but its error margin is unknown, so it needs to be rigorously tested, according to NIST.
For more information about NIST’s LEV:
Deep Instinct’s GenAI-powered assistant, DIANNA, has identified a sophisticated new malware strain dubbed BypassERWDirectSyscallShellcodeLoader. This malware, reportedly crafted with the assistance of large language models (LLMs) such as ChatGPT and DeepSeek, underscores a chilling trend in cybercrime: the rise of AI-generated threats. Unlike traditional hand-coded malware, this strain is engineered with unprecedented speed, complexity, and […]
The post GenAI Assistant DIANNA Uncovers New Obfuscated Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
A survey of 1,042 senior cybersecurity managers in the U.S., the United Kingdom and Australia finds only 5% have implemented quantum-safe encryption, even though 69% recognize the risk quantum computing poses to legacy encryption technologies.
The post Survey Surfaces Limited Amount of Post Quantum Cryptography Progress appeared first on Security Boulevard.
Malware peddlers are using TikTok videos and the ClickFix tactic to trick users into installing infostealer malware on their computers, Trend Micro researchers have warned. The videos are getting published by a number of TikTok user accounts, seem AI-made, and are apparently attracting a large audience. “The videos [verbally] instruct viewers to run a sequence of commands to purportedly activate legitimate software, such as Windows OS, Microsoft Office, CapCut, and Spotify,” the researchers noted. “The … More →
The post TikTok videos + ClickFix tactic = Malware infection appeared first on Help Net Security.
A major cybersecurity incident has come to light after researcher Jeremiah Fowler discovered a publicly accessible database containing 184,162,718 unique logins and passwords—totaling 47.42 GB of raw credential data. The exposed records included sensitive information such as emails, usernames, passwords, and direct URLs to login pages for a wide variety of services. These ranged from […]
The post Hackers Expose 184 Million User Passwords via Open Directory appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
A disturbing new formjacking malware has emerged, specifically targeting WooCommerce-based e-commerce sites to steal sensitive credit card information, as recently uncovered by the Wordfence Threat Intelligence team. Unlike conventional card skimmers that overlay fake forms on checkout pages, this malware seamlessly integrates into the legitimate payment workflow of WooCommerce sites, mimicking their design and functionality […]
The post New Formjacking Malware Targets E-Commerce Sites to Steal Credit Card Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
A security vulnerability was recently discovered in GitLab Duo, the AI-powered coding assistant integrated into GitLab and based on Anthropic’s Claude models. Security researchers from Legit Security revealed that attackers could exploit an indirect prompt injection flaw to exfiltrate private source code, manipulate AI-generated code suggestions, and even leak confidential zero-day vulnerabilities—all through seemingly innocuous […]
The post GitLab Duo Vulnerability Exploited to Inject Malicious Links and Steal Source Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Elastic Security Labs has recently exposed a sophisticated new malware family dubbed DOUBLELOADER, observed in conjunction with the RHADAMANTHYS infostealer. This discovery sheds light on the evolving tactics, techniques, and procedures (TTPs) of cybercriminals who leverage advanced obfuscation tools to hinder analysis. Notably, DOUBLELOADER is protected by ALCATRAZ, an open-source obfuscator first released in 2023, […]
The post Researchers Uncover Infrastructure and TTPs Behind ALCATRAZ Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
At RSAC 2025, Cato Networks delivered a presentation that SOC teams and CISOs will want to pay attention to: “Suspicious Minds — Hunting Threats That Don’t Trigger Security Alerts.” The session showcased ransomware campaigns that bypassed traditional detection. In some cases, this was not because security solutions malfunctioned, but because there was no visibility into key attack vectors. Among the examples highlighted, the Hunters International operation stood out to me due to how seamlessly it exploited the browser to gain access to an enterprise.
Likely emerging from the remains of the Hive ransomware gang, Hunters International has rapidly grown into a prolific and disruptive ransomware syndicate. They use multiple methods to gain initial access, but the one that Cato Networks highlighted in its presentation leveraged legitimate IT management tools and strategic abuse of the browser environment — which is a growing blind spot that enables many modern security stacks.
Let’s unpack this particular case study on Hunter International — and review how Browser Detection and Response (BDR) could have stopped it before any damage occurred.
From a Sponsored Link to Systemwide InfectionCato’s researchers traced the origin of the breach to a malvertising campaign embedded in Google Ads. Threat actors bought ads for widely searched utilities like Angry IP Scanner, redirecting unsuspecting users to typosquatted sites such as angryipo[.]org. These sites, masked behind reputable-looking CDNs and cloud services, appeared legitimate. In fact, buying ads that direct visitors to malicious sites has become a popular method for attackers, as most paid ads don’t go through the same security scrutiny as a phishing email would these days.
In the Cato case study, users who downloaded what they believed was the actual utility were instead given the WorkersDevBackdoor malware, often hosted on platforms like Dropbox or Microsoft’s content delivery network.
The kill chain progressed in structured stages:
The failure wasn’t in detection engines per se — it was a matter of visibility gaps.
Most traditional tools are blind to what happens inside the browser.
By the time EDR or SASE/SSE detected any signs of malicious activity, the attackers had already spread laterally.
By the time EDR or SASE/SSE detected any signs of malicious activity, the attackers had already spread laterally.
Where BDR Would Have Changed the OutcomeWith a Browser Detection and Response (BDR) solution, this attack could have been interrupted at the very first step.
Here’s how BDR could have disrupted the campaign:
This layered visibility would have enabled early intervention, long before ransomware deployment or data exfiltration.
Don’t Wait for the Next Unseen AttackRansomware operators like Hunters International are increasingly targeting the spaces where your tools have the least insight. The browser is now the frontline attack surface — and attackers know it.
It’s time to deploy defenses that operate where the breach begins.
👉 Run a browser threat detection check now at https://scan.browser.security 👉 Or book a demo to explore how SquareX can secure your browser perimeter.
How Hunters International Used the Browser to Breach Enterprises — And Why They Didn’t See It… was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.
The post How Hunters International Used the Browser to Breach Enterprises — And Why They Didn’t See It… appeared first on Security Boulevard.