Aggregator

A new malicious campaign is targeting macOS users via a novel attack that exploits ChatGPT’s official website. The attackers are using a technique called ClickFix to spread the AMOS infostealer by posting fake installation guides on the legitimate chatgpt.com domain. This campaign leverages ChatGPT’s chat-sharing feature, where any user can create a public conversation and […]

The post New ClickFix Attacks as macOS Infostealer Leverages Official ChatGPT Website by Piggybacking appeared first on Cyber Security News.

Tenable is expanding its partnership with the U.S. federal government by supporting the U.S. General Services Administration OneGov initiative. Through this collaboration, federal agencies can now purchase Tenable Cloud Security FedRAMP moderate at a 65% discount.

1. The partnership supports GSA’s OneGov Strategy and offers federal agencies an easily accessible, cost-effective way to secure their cloud infrastructure.
    
2. Recent CISA alerts reveal unique vulnerabilities in cloud and hybrid environments that adversaries continue to exploit.
    
3. Tenable’s goal is to help agencies proactively manage cloud risks, close security gaps and defend federal infrastructure.

As federal agencies accelerate cloud adoption to modernize their operations, they face growing challenges in managing these complex environments and protecting against sophisticated cloud threats. Our goal is to make cloud adoption secure and effective by helping agencies reduce risk while safeguarding critical data and enabling mission success.

That's why today we are announcing an exciting new partnership with the U.S. General Services Administration (GSA) OneGov to provide Tenable Cloud Security FedRAMP to all U.S. federal agencies at a 65% discount.

This new partnership supports GSA’s OneGov Strategy, which leverages the federal government’s collective purchasing power to secure unprecedented discounts while ensuring consistent security standards and simplified access. It offers federal agencies a cost-effective way to secure their cloud infrastructure, advance modernization initiatives securely, and comply with federal cybersecurity standards and regulations.

Federal agencies face a distinct set of challenges in securing the cloud — including visibility gaps and complex identity and entitlement management.

— Robert Huber, Tenable CSO, Securing Federal Cloud Environments: Overcoming 5 Key Challenges with Tenable Cloud Security

As agencies advance cloud-first initiatives, this agreement makes securing the cloud more affordable and achievable than ever, equipping agencies with the insight and resilience to safeguard mission-critical systems, ensure operational continuity, and maintain public trust.

We’re excited to offer Tenable Cloud Security FedRAMP moderate to federal agencies at a 65% discount from the list price through March 2027. This offer is available through Carahsoft’s GSA schedule No. 47QSWA18D008F. Tenable Cloud Security is our industry-leading cloud-native application protection platform (CNAPP), which provides agencies with continuous visibility, automated vulnerability detection, and identity-first protections to secure cloud workloads and reduce risk.

Agencies interested in learning more about this offer should visit our GSA OneGov page or email [email protected].

This partnership provides federal agencies with a cost-effective way to stay secure as they expand their footprint across hybrid and cloud environments. Recent CISA alerts, such as its Emergency Directive 25-02 about the Microsoft Exchange Server vulnerability CVE-2025-53786, demonstrate the unique vulnerabilities in cloud and hybrid environments that adversaries continue to exploit as they recognize the strategic advantage of disrupting federal operations and accessing sensitive data. Our goal is to help agencies proactively manage cloud risks, close security gaps and defend federal infrastructure in support of national security.

We are excited to partner with federal agencies as they take the next steps towards a more secure, efficient and resilient cloud.

• Attend the webinar: Cloud Security for Federal Agencies: Threats, Best Practices and the GSA OneGov Advantage
• Read the blog: Securing Federal Cloud Environments: Overcoming 5 Key Challenges with Tenable Cloud Security
• Reach out to: [email protected] 

U.S. government agencies face unique challenges as they adopt cloud technologies to meet digital modernization initiatives and adhere to a cloud-first policy. Here’s how Tenable Cloud Security FedRAMP can help. 

1. Government cloud environments are attractive targets for nation-state adversaries and other threat actors.
    
2. Agencies face five unique challenges: limited visibility; complex identity and access environments; tool sprawl; rapidly evolving threats; and stringent compliance requirements.
    
3. Tenable’s partnership with the U.S. General Services Administration’s OneGov program to deliver Tenable Cloud Security FedRAMP at a substantial discount removes cost barriers and streamlines procurement for federal agencies.

As part of digital modernization initiatives and the U.S. government’s cloud-first policy, federal agencies are rapidly adopting cloud technologies to improve operational effectiveness and increase mission agility. Yet, as agencies expand their footprint across hybrid and cloud environments, nation-state adversaries and other threat actors are exploiting vulnerabilities unique to these environments. The high-value target of federal systems — where disrupting operations or accessing sensitive data can yield strategic advantage — makes cloud security essential to mission success.

That’s why Tenable has partnered with the U.S. General Services Administration’s OneGov program to deliver Tenable Cloud Security FedRAMP at a substantial discount. This partnership removes cost barriers and streamlines procurement, enabling agencies to accelerate zero trust adoption, strengthen cloud defenses, and meet compliance requirements faster.

"Our goal is to make cloud adoption secure and effective by helping agencies reduce risk while safeguarding critical data and enabling mission success."

— Mark Thurmond, Tenable Co-CEO, Tenable Partners with GSA OneGov To Help Federal Government Boost Its Cloud Security

Federal agencies face a distinct set of challenges in securing the cloud — including visibility gaps and complex identity and entitlement management. The following sections outline these challenges and show how Tenable Cloud Security helps agencies close them.

The challenge: Federal agencies often operate across multiple cloud providers, hybrid environments, and legacy on-premises systems. This complexity makes it difficult to maintain a clear picture of where sensitive workloads, data, and assets reside, as well as how threats can move laterally through the hybrid attack surface. This lack of visibility all too often results in high-risk misconfigurations going unnoticed, vulnerabilities remaining unaddressed, and unauthorized access being exploited by adversaries. Shadow IT further compounds the challenge, creating additional blind spots, leading to a constant exercise of Whac-A-Mole®.

• Provides continuous, unified visibility across multi-cloud and hybrid environments, including infrastructure, workloads, identities, and data
• Detects misconfigurations, vulnerabilities, and risky identities in real time
• Finds toxic combinations of issues and provides actionable guidance to speed time to remediation
• Prioritizes threats based on exploitability and mission impact
• Consolidates visibility from fragmented point tools into a single platform 

The challenge: As agencies expand their cloud usage, the number of users, non-human identities, and permissions to manage grows exponentially. Without proper oversight, excessive permissions and inconsistent identity policies can lead to insider threats, privilege creep, and unauthorized access to sensitive systems. In dynamic cloud environments, roles change, temporary accounts are created, and new applications are deployed frequently, making the consistent enforcement of least privilege principals a real challenge. 

• Supports zero trust initiatives by managing cloud identities and privileges and enforcing least privilege access across users and workloads
• Continuously monitors identity-related risks, detecting anomalous access patterns or excessive permissions in real time.
• Correlates identity data with runtime behavior, asset sensitivity, and known misconfigurations to uncover toxic combinations — risk scenarios where users or services have dangerous levels of access to vulnerable systems.
• Leverages just-in-time (JIT) access to grant temporary, time-limited permissions only when needed, reducing standing privileges and the attack surface
• Provides actionable insights and remediation guidance for security teams to remediate risky identities quickly and maintain compliance

For more information check out: Identity-First Security: Mitigating the Cloud’s Greatest Risk Vector.

The challenge: Federal agencies often rely on a patchwork of security tools to monitor and protect their hybrid and multi-cloud environments. Agencies struggle to chase myriad alerts, struggling to piece together a coherent picture of their ever-expanding attack surface. The result? Inefficiencies, redundant costs, and blind spots, along with overwhelmed security teams and slowed response times. Dynamic cloud workloads make it even harder to maintain consistent security policies and ensure compliance with federal mandates. 

• Consolidates multiple cloud security tools into a single, unified platform, simplifying operations and alert overload
• Provides centralized visibility across workloads, identities, and cloud infrastructure, eliminating blind spots
• Streamlines security operations, automating vulnerability detection, prioritization, and compliance reporting
• Reduces redundant licensing costs and minimizes manual monitoring efforts, improving operational efficiency
• Supports faster, more informed decision-making so security teams can focus on high-priority risks and mission-critical tasks

For a great overview, check out: Your Map for the Cloud Security Maze: An Integrated Cloud Security Solution That’s Part of an Exposure Management Approach.

The challenge: Cloud native attacks — such as API abuse, container exploits, compromised accounts, and misconfigured cloud services — are used to compromise cloud infrastructure. Traditional perimeter tools and legacy security tools often fail to detect these attacks quickly, leaving mission-critical workloads exposed and making it increasingly difficult to maintain real-time situational awareness and prioritize the most critical risks. 

• Detects anomalous activity and emerging attack vectors in real time, so security teams can proactively patch high-risk vulnerabilities
• Continuously analyzes cloud resources to find the most important risks, spot unknown threats, and highlight toxic combinations of security issues
• Integrates with incident response workflows to reduce dwell time
• Prioritizes vulnerabilities based on exploitability and mission impact
• Incorporates threat intelligence from the Tenable Research team to help inform risk decisions and prioritizations 

For more insight into cloud risk, check out the Tenable Cloud Security Risk Report 2025

The Challenge: Dynamic cloud environments aren’t only a challenge when it comes to identities. Constantly changing workloads, applications, and permissions make it easy for misconfigurations — such as overly permissive storage, unsecured APIs, or incorrect network settings — to slip through the cracks. Even small missteps can expose sensitive data, create vulnerabilities or lead to service disruptions. At the same time, federal agencies must comply with a complex web of mandates and guidelines, and ensure all systems remain compliant.

• Automates compliance and monitoring across cloud workloads with continuous scanning to detect misconfigurations, vulnerabilities, and identity risks.
• Provides built-in and custom policies, dynamically assessing risk to achieve compliance with standards such as NIST, CIS, and PCI.
• Enforces identity-first protections, mapping permissions and entitlements to ensure least privilege and quickly remediate risky access.
• Delivers continuous visibility and unified exposure scoring so agencies can prioritize what matters most for mission success and national security.
• Simplifies audit readiness with automated compliance evidence and reporting, reducing manual effort and ensuring agencies can prove adherence at any time.

Securing federal cloud environments is critical to mission success, operational efficiency, and national security. By providing continuous visibility, automated vulnerability detection, identity-first protections, and compliance automation, Tenable Cloud Security FedRAMP empowers federal agencies to confidently modernize their IT environments, mitigate risk, and protect critical workloads from evolving threats.

Whac-A-Mole® is a registered trademark of Mattel, Inc.

• Read the blog: Tenable Partners with GSA OneGov To Help Federal Government Boost Its Cloud Security
• Attend the webinar: Cloud Security for Federal Agencies: Threats, Best Practices and the GSA OneGov Advantage
• Visit the Tenable and GSA OneGov webpage to learn more about how Tenable Cloud Security can help boost your cloud security.

Fresh leaks from the Iranian state‑backed group Charming Kitten, also tracked as APT35, have exposed key personnel, front companies, and thousands of compromised systems spread across five continents. The internal files show that Iran’s Department 40, within the IRGC Intelligence Organization, runs long‑term intrusion campaigns that combine cyber‑espionage with surveillance and targeting operations. Stolen dashboards […]

The post Charming Kitten Leak Exposes Key Personnel, Front Companies, and Thousands of Compromised Systems appeared first on Cyber Security News.

You must login to view this content

A new malware campaign has emerged that exploits legitimate AI platforms to deliver malicious code directly to unsuspecting users. Threat actors are using sponsored Google search results to redirect users searching for common macOS troubleshooting tips, such as “how to clear storage on Mac,” to fake ChatGPT and DeepSeek shared chat links. These shared chats […]

The post Hackers Leveraging LLM Shared Chats to Steal Your Passwords and Crypto appeared first on Cyber Security News.

You must login to view this content

You must login to view this content