Category: Uncategorized
-
The CISO evolution: From security gatekeeper to strategic leader
Amid accelerating digital transformation and growing regulatory pressure, leading CISOs have emerged from behind the scenes and taken the stage as influential business leaders.Read More
-
SBOM formats explained: Guide for enterprises
SBOMs inventory software components to help enhance security by tracking vulnerabilities. Teams have three standard SBOM formats to choose from: CycloneDX, SPDX and SWID tags.Read More
-
PUBLOAD and Pubshell Malware Used in Mustang Panda’s Tibet-Specific Attack [email protected] (The Hacker News)
A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians’ Convention on Tibet (WPCT), China’s education policy in the Tibet Autonomous Region (TAR), and a recently published book by…
-
What is a virtual CISO (vCISO)? Does your business need one?
The virtual chief information security officer (vCISO) is a C-suite-level security professional or service provider who offers CISO-level expertise on a part-time, remote or contractual basis.Read More
-
Business Case for Agentic AI SOC Analysts [email protected] (The Hacker News)
Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show…
-
Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit [email protected] (The Hacker News)
A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed…
-
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted [email protected] (The Hacker News)
Threat intelligence firm GreyNoise is warning of a “notable surge” in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive dataRead…
-
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors [email protected] (The Hacker News)
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft’s ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. “The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious,” Trellix researchers Nico PauloRead More
-
Citrix NetScaler ADC and NetScaler Gateway Vulnerabilities
What is the Vulnerability?Citrix has published security advisories addressing three critical vulnerabilities, CVE-2025-6543, CVE-2025-5349, and CVE-2025-5777, affecting the NetScaler ADC and NetScaler Gateway under specific pre-conditions.CVE-2025-6543: A memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN,…
-
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks [email protected] (The Hacker News)
Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. “This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full controlRead More