Latest Intelligence
France’s Antitrust Watchdog Fines Apple for Problems With App Tracking Transparency
France's antitrust watchdog has imposed a fine of 150 million euros on Apple due to issues related to its App Tracking Transparency feature, which is intended to protect user privacy. This ruling highlights the ongoing scrutiny of tech giants regarding their privacy practices and the enforcement of antitrust regulations in Europe.
Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices
Apple has been fined €150 million by France's competition authority for discriminatory practices related to its App Tracking Transparency framework, which is seen as an abuse of its dominant position in the mobile app distribution market. This ruling highlights ongoing scrutiny over tech giants' privacy policies and their impact on competition.
Oracle Cloud Users Urged to Take Action
Oracle has denied any breach of its cloud infrastructure services, yet security experts are advising customers to verify their security status and mitigate potential risks. This situation highlights the importance of proactive security measures in cloud environments.
CoffeeLoader Malware Is Stacked With Viscous Evasion Tricks
CoffeeLoader malware has introduced advanced evasion techniques designed to bypass modern security measures, including digital forensics tools and endpoint detection and response (EDR) systems. This evolution in malware poses significant challenges for cybersecurity professionals in mitigating threats.
Top 10 Most Used RDP Passwords Are Not Complex Enough
Research from Specops Software highlights that attackers are successfully breaching Remote Desktop Protocol (RDP) systems using weak and basic passwords. This issue underscores the importance of implementing strong password policies to enhance security against unauthorized access.
DoJ Seizes Over $8M from Sprawling Pig Butchering Scheme
The Department of Justice (DoJ) has seized over $8 million linked to a large-scale pig butchering scheme, a type of cryptocurrency scam. This operation highlights the ongoing challenges in tracing illicit funds within the cryptocurrency ecosystem.
CISA Warns of Resurge Malware Connected to Ivanti Vuln
CISA has issued a warning regarding the exploitation of a vulnerability in Ivanti Connect Secure, first disclosed by Ivanti in January. This vulnerability is being actively targeted by threat actors, highlighting the urgency for organizations to address the security flaw.
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
Russian hackers, identified as the Water Gamayun group, are exploiting a zero-day vulnerability (CVE-2025-26633) in Microsoft Windows to deploy two new backdoors, SilentPrism and DarkWisp. This highlights the ongoing threat posed by advanced persistent threats leveraging newly discovered vulnerabilities.
Trend Micro Open Sources AI Tool Cybertron
Trend Micro has open-sourced its AI tool named Cybertron, designed to enhance threat detection and incident response for organizations. This move signifies a commitment to improving cybersecurity practices through advanced technology.
Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory
Sucuri has identified various malware families being deployed in the WordPress mu-plugins directory, a tactic used by threat actors to bypass standard security measures. This highlights an ongoing issue with WordPress security that requires urgent attention from site administrators.
Zero to Hero – A “Measured” Approach to Building a World-Class Offensive Security Program
The article discusses the importance of developing a robust offensive security program, emphasizing that achieving this may require significant changes in organizational culture and increased costs. Such a program is crucial for effectively addressing evolving cybersecurity threats.
Bridging the Gap Between the CISO & the Board of Directors
The article emphasizes the need for Chief Information Security Officers (CISOs) to be viewed as business enablers rather than just risk managers. This shift in perception is crucial for integrating cybersecurity into the broader business strategy and ensuring that security leaders are valued members of the C-suite.
Qakbot Resurfaces in Fresh Wave of ClickFix Attacks
Qakbot has re-emerged in a new series of ClickFix attacks, leveraging fake CAPTCHA challenges on LinkedIn to distribute malware. This resurgence poses significant risks as it exploits social engineering tactics to compromise users.
Hacker Leaks Samsung Customer Data
A hacker has leaked 270,000 customer support tickets allegedly stolen from Samsung Germany, utilizing long-compromised credentials. This incident raises significant concerns about data security and the potential risks posed to affected customers.
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
Hackers are exploiting the mu-plugins directory in WordPress to inject malicious code, allowing them to maintain persistent remote access and redirect users to fraudulent sites. This vulnerability poses significant risks to website integrity and user security.