Aggregator

The November 10th deadline for Cybersecurity Maturity Model Certification (CMMC) compliance is approaching fast. For CISOs, risk managers, and compliance leaders across the defense industrial base, this date represents more than a regulatory milestone;  it’s a make-or-break moment for securing and maintaining DoD contracts.

Don't let manual compliance processes slow down your ability to meet this deadline. Compliance shouldn't cost your organization the risk of losing contracts. Keep reading to learn what you must do before the November 10th deadline and recommendations for streamlining compliance. 

The post CMMC Compliance: What Your Need to Know Ahead of November 10 appeared first on Security Boulevard.

A newly discovered zero-click remote code execution (RCE) vulnerability in WhatsApp is putting millions of Apple users at risk. Researchers from DarkNavyOrg have demonstrated a proof-of-concept (PoC) exploit that leverages two distinct flaws to compromise iOS, macOS, and iPadOS devices without any user interaction. The attack chain begins with CVE-2025-55177, a critical logic error in WhatsApp’s message […]

The post WhatsApp 0-Click Flaw Abused via Malicious DNG Image File appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In recent months, cybersecurity teams have observed an alarming trend in which malicious actors exploit Facebook and Google advertising channels to masquerade as legitimate financial services. By promoting free or premium access to well-known trading platforms, these threat actors have successfully lured unsuspecting users into downloading trojanized applications. The campaign’s social engineering tactics leverage familiar […]

The post Threat Actors Weaponizing Facebook and Google Ads as Financial Platforms to Steal Sensitive Data appeared first on Cyber Security News.

Acreed, a novel infostealer first observed in February 2025, has rapidly gained traction among threat actors seeking discreet credential and cryptocurrency data harvesting. Leveraging a unique command-and-control (C2) mechanism via the Steam platform’s community profiles, Acreed exhibits advanced OPSEC measures and versatility that distinguish it from established stealers such as Lumma. Acreed noted on Russian […]

The post Acreed Infostealer Gaining Popularity Among Cybercriminals for C2 via Steam Platform appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

You must login to view this content

In today's digital landscape, organizations face an unprecedented volume of cybersecurity alerts on a daily basis. While these alerts are crucial for maintaining security, their sheer volume can overwhelm security teams, a phenomenon known as alert fatigue. This issue not only hampers the effectiveness of cybersecurity measures but also poses significant risks to business operations, financial performance, and organizational reputation. As CEOs and CFOs, understanding and addressing this challenge is imperative to safeguard your organization's assets and ensure sustained growth.​

The post Cybersecurity Alert Overload is a CEO’s Problem; Here’s How to Fix It appeared first on Security Boulevard.

The Cybersecurity and Infrastructure Security Agency (CISA) announced that it has transitioned to a new model to better equip state, local, tribal, and territorial (SLTT) governments to strengthen shared responsibility nationwide. CISA is supporting our SLTT partners with access to grant funding, no-cost tools, and cybersecurity expertise to be resilient and lead at the local level. 

CISA’s cooperative agreement with the Center for Internet Security (CIS) will reach its planned end on September 30, 2025. This transition reflects CISA’s mission to strengthen accountability, maximize impact, and empower SLTT partners to defend today and secure tomorrow.

Support for SLTTs includes:

• Access to Grant Funding from the Department of Homeland Security (DHS), available through CISA in coordination with the Federal Emergency Management Agency (FEMA). This funding is provided via the State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP).
• No-cost services and tools such as Cyber Hygiene scanning and vulnerability management
• Cybersecurity Performance Goals and the Cyber Security Evaluation Tool to prioritize and measure progress
• Regional Cybersecurity Advisors and Cybersecurity Coordinators delivering hands-on, local and virtual expertise
• Professional services including vulnerability assessments and incident response coordination
• Bi-monthly SLTT Security Operations Center calls providing timely cyber defense updates

This initiative reinforces CISA’s role as the nation’s leading cyber defense agency, protecting critical infrastructure, enabling secure communications, and empowering partners on the front lines of America’s cybersecurity.

For more information about CISA’s Cybersecurity Services for SLTT partners, visit:  CISA Cybersecurity Resources for State, Local, Tribal, and Territorial

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2021-21311 Adminer Server-Side Request Forgery Vulnerability
• CVE-2025-20352 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
• CVE-2025-10035 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
• CVE-2025-59689 Libraesva Email Security Gateway Command Injection Vulnerability
• CVE-2025-32463 Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability

These types of vulnerabilities are frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners has released new joint cybersecurity guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture.

Building on the recent Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators, this guidance explains how organizations can leverage data sources, such as asset inventories and manufacturer-provided resources like software bill of materials to establish and maintain an accurate, up-to-date view of their OT systems.

A definitive OT record enables organizations to conduct more comprehensive risk assessments, prioritize critical and exposed systems, and implement appropriate security controls. The guidance also addresses managing third-party risks, securing OT information, and designing effective architectural controls.

Key recommendations include:

• Collaborating Across Teams: Foster coordination between OT and IT teams;
• Aligning with Standards: Follow international standards such as IEC 62443 and ISO/IEC 27001.

Organizations are encouraged to use this guidance to strengthen their OT security posture and reduce risks. For additional details, review the full guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture