Aggregator

Hoxhunt Predicts Phishing-as-a-Service Will Adopt AI Spear Phishing Agents
AI surpassed human red teams in crafting phishing attacks, at scale and with alarming success, asserts research from cybersecurity training firm Hoxhunt. The company's proprietary AI spear phishing agent, outperformed human counterparts by 24%, a turnaround from a31% deficit in 2023.

Analysts Praise FedRAMP's Speed Goals, but Worry About Unclear Execution Details
The General Services Administration is aiming to speed up cloud approvals by automating security assessments for FedRAMP, but experts tell Information Security Media Group that key questions remain on its execution, with concerns over vague directives and the impact on existing processes.

Hackers Use Credential Stuffing to Steal AU$500,000, Breach 20,000 Member Accounts
Australia's largest pension funds faced coordinated credential attacks last week that compromised thousands of user accounts and led to the theft of at least AU$500,000 from four superannuation accounts. The affected funds included AustralianSuper, Rest and Australian Retirement Trust.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-30406 Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability
• CVE-2025-29824 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

The explosive growth in the use of generative artificial intelligence (gen AI) has overwhelmed enterprise IT teams. To keep up with the demand for new AI-based features in software — and to deliver software faster in general — development teams have embraced machine learning-based AI coding tools.

The post The race to secure the AI/ML supply chain is on — get out front appeared first on Security Boulevard.

Armis survey reveals that the growing threat of nation-state cyber-attacks is disrupting digital transformation

This article was originally published in Newswire on 04/03/25. Introduction of Classroom Manager comes during a pivotal moment for educators balancing effective classroom learning with decreasing student engagement ManagedMethods, the leading provider of Google Workspace and Microsoft 365 cybersecurity, student safety, and compliance for K-12 school districts, today announces the launch of Classroom Manager, a ...

The post In The News | ManagedMethods Launches Classroom Manager to Protect Students from Online Harm, Put Control Back in the Hands of Educators appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post In The News | ManagedMethods Launches Classroom Manager to Protect Students from Online Harm, Put Control Back in the Hands of Educators appeared first on Security Boulevard.

Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog

4月9日-4月11日 FVIP超值会员活动等你来！

justDeserialize 绕过黑名单挖掘利用链

Java中的XMLDecoder是java.beans包提供的一个用于将XML数据反序列化为Java对象的工具类，它常被用于将符合Java Beans规范的类与XML格式数据进行转换，但其设计特性也导致了严重的安全漏洞

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought:

In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that must implement and protect it has changed radically. This has greatly expanded the “attack surface” that must be defended to prevent unauthorized wiretaps, especially at scale. The job of the illegal eavesdropper has gotten significantly easier, with many more options and opportunities for them to exploit. Compromising our telecommunications infrastructure is now little different from performing any other kind of computer intrusion or data breach, a well-known and endemic cybersecurity problem. To put it bluntly, something like Salt Typhoon was inevitable, and will likely happen again unless significant changes are made...

The post Arguing Against CALEA appeared first on Security Boulevard.

Ни один элемент не вызывал подозрений, но в связке они обошли все уровни защиты.