State-sponsored hackers from Russia, China, Iran, and North Korea are exploiting Windows shortcut files to execute malicious commands for cyber espionage.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
The malware that the researchers were able to coax out of DeepSeek was rudimentary and required some manual code editing to make it functional. But the incident demonstrates that the guardrails preventing malicious behavior in generative AI systems remain thin.
Japanese telecom giant NTT Communications Corporation, the world’s fourth-largest telecoms company, has suffered a data breach that exposed nearly 18,000 corporate customers.
The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory on the Medusa ransomware attacks impacting over 300 critical infrastructure organizations.
The "day-to-day" of organized crimes is increasingly being moved online and optimized with AI-powered tools: things like communication, payments to partners, and recruitment of new operatives.
New York Attorney General Letitia James has sued insurance giant Allstate over two data breaches that exposed the driver’s license numbers of nearly 200,000 people.
A compromise of the popular GitHub Actions tool turned into a massive supply chain attack, at this point thought to be responsible for the follow-on exposure of over 23,000 GitHub repositories.
New research from security firm Dragos finds that Volt Typhoon, one of the primary groups of state-sponsored Chinese hackers menacing the US as of late, was able to dwell in the Massachusetts electric grid for more than 300 days beginning in early 2023.
Microsoft Threat Intelligence warns that the Chinese state-linked threat actor Silk Typhoon is targeting the IT supply chain to compromise primary organizations and access their downstream customers.
Malicious actors are using deepfake videos impersonating YouTube’s CEO to steal users’ credentials in a multi-month phishing campaign. The attackers sent private videos to targeted users via legitimate-looking emails, warning them that YouTube was changing its monetization policies.










