Threat actors are increasing their focus on exploiting public-facing applications to achieve initial access, according to Cisco Talos’ Incident Response Trends in Q4 2024 report. The exploitation of public-facing applications was the most common method of gaining initial access in Q4 2024, making up 40% of incidents. The researchers said this marked a “notable shift”
Month: January 2025
Jan 31, 2025Ravie LakshmananVulnerability / Healthcare The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale
Google Play has blocked 2.36 million policy-violating apps from being published and banned 158,000 developer accounts associated with harmful activities in 2024. More than 92% of Google’s human reviews for harmful apps are now AI-assisted, the tech giant said in a new report released on Wednesday. This allows faster and more accurate detection, helping prevent malicious apps from reaching
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. “Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities,” Google Threat
AI-driven API vulnerabilities have skyrocketed by 1205% in the past year. The figures come from the 2025 API ThreatStats Report by Wallarm, which highlights how AI has become the biggest driver of API security threats, with nearly 99% of AI-related vulnerabilities tied to API flaws. The study also found that 57% of AI-powered APIs were accessible externally,
Jan 29, 2025Ravie LakshmananThreat Intelligence / Malware The North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. “Each C2 server hosted a web-based administrative platform, built with a
US energy contractor ENGlobal has revealed that sensitive personal data was stolen after it was hit by a cyber-attack in November 2024. In an updated filing to the Securities and Exchange Commission (SEC) dated January 27, 2025, the engineering firm said the threat actor gained access to a portion of its IT system that contained
Jan 28, 2025Ravie LakshmananPhishing Attack / Network Security A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and
A new report has revealed a surge in the use of so-called “hidden text salting” techniques to evade email security measures in the latter half of 2024. This method, also known as “poisoning,” allows cybercriminals to bypass spam filters, confuse email parsers and evade detection engines by embedding invisible elements in the HTML source code