Mar 15, 2025Ravie Lakshmanan Malware / Supply Chain Security Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm … [Read more...] about Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
Security
Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
Mar 14, 2025Ravie LakshmananCybercrime / Ransomware A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme. Rostislav Panev was previously arrested in Israel in August 2024. He is said to … [Read more...] about Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging
Mar 14, 2025Ravie LakshmananMobile Security / Encryption The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new GSMA … [Read more...] about GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging
NHS Matures Healthcare Cybersecurity with NCSC’s CAF Assurance Model
The UK’s National Health Service (NHS) has transformed its approach to validating its level of cybersecurity maturity across healthcare by adopting the National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF). This shift is key to achieving the NHS’s broader goals: protecting patient data, ensuring uninterrupted healthcare delivery, and building the … [Read more...] about NHS Matures Healthcare Cybersecurity with NCSC’s CAF Assurance Model
4 Key Steps to Prevent Subdomain Takeovers
Adversaries don’t need to force their way in when they can slip through an organization’s overlooked assets. Subdomain takeovers are a prime example of how attackers exploit misconfigured or abandoned DNS records to gain access, launch phishing campaigns, distribute malware, or take other malicious actions — all while operating under the guise of a legitimate corporate … [Read more...] about 4 Key Steps to Prevent Subdomain Takeovers
Update your VMware ESXi products now
On March 4, Broadcom released emergency updates to address three vulnerabilities — CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226 — that affect several VMware products, including ESXi, Workstation, and Fusion. A note in the Broadcom advisory stated that at least one of these — CVE-2025-22224 — has been exploited in real-world attacks. The vulnerabilities allow for virtual … [Read more...] about Update your VMware ESXi products now
Redefining Incident Response in the Modern Era
CrowdStrike Incident Response (IR) services sees firsthand why organizations facing today’s evolving threat landscape require advanced capabilities to detect, respond, and remediate cyberattacks in near real time. These observations continue to shape our approach to delivering unparalleled incident response. In this blog, we detail how CrowdStrike IR has evolved to … [Read more...] about Redefining Incident Response in the Modern Era
Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant said, started in December 2024 and operates with the end goal of conducting financial fraud … [Read more...] about Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
Build Smarter Threat Detection with Next-Gen SIEM
SOC teams across businesses, industries, and geographies share the same goal: Stop cyberattacks before damage is done. But for those with legacy SIEMs, this goal is nearly impossible to achieve. While powerful, legacy SIEMs demand an overwhelming investment of time, resources, and expertise to set up and maintain. Legacy SIEMs force SOC teams to manually define every … [Read more...] about Build Smarter Threat Detection with Next-Gen SIEM
Understanding the Quantum Threat to Network Security
Confidentiality is a fundamental pillar of information security. In sensitive deployments, such as those involving federal governments, military and defense agencies, and large financial institutions, the demand for confidentiality extends well beyond the typical 5 to 10 years, often reaching 20 years or more. The same also applies to telecom operators and … [Read more...] about Understanding the Quantum Threat to Network Security