Aggregator

Attackers have discovered a way to exploit Google’s core services, Google Meet, YouTube, Chrome update servers and more using a technique called domain fronting. By making their malicious traffic appear as legitimate connections to high-trust domains, adversaries can tunnel data through Google’s backbone infrastructure without raising suspicion. This research builds on previous demonstrations of tunneling […]

The post Attackers Use Domain Fronting to Tunnel Malicious Traffic via Google Meet, YouTube and Chrome Update Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SolarWinds has fixed yet another unauthenticated remote code execution vulnerability (CVE-2025-26399) in Web Help Desk (WHD), its popular web-based IT ticketing and asset management solution. While the vulnerability is currently not being leveraged by attackers, they might soon reverse-engineer the hotfix and create a working exploit. As watchTowr researchers noted, “given SolarWinds’ past, in-the-wild exploitation is highly likely.” About CVE-2025-26399 “[CVE-2025-26399] exists within the AjaxProxy class. The issue results from the lack of proper validation … More →

The post SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399) appeared first on Help Net Security.

When Resultly’s bots started scraping QVC’s website, the retail giant felt the pain immediately. Server crashes, website downtime, angry customers—and an estimated $2 million worth in lost sales, according to QVC’s internal estimates.1 While the resulting lawsuit was eventually settled out of court, the damage was already done. QVC’s tale is a cautionary one for […]

The post Web Scraping: Hidden Threat to Retailers appeared first on Security Boulevard.

Chromium-based browsers, including Chrome, Edge, and Brave, manage installed extensions via JSON preference files stored under %AppData%\Google\User Data\Default\Preferences (for domain-joined machines) or Secure Preferences (for standalone systems).  Synacktiv research indicates that by directly altering these files, attackers can make the browser load any extensions without the user’s consent or involvement from the Chrome Web Store. A […]

The post Hackers Can Compromise Chromium Browsers in Windows by Loading Arbitrary Extensions appeared first on Cyber Security News.

A large-scale campaign targeting Mac users is leveraging fake GitHub pages to distribute information-stealing malware disguised as popular legitimate applications. Among the impersonated software are Malwarebytes for Mac, LastPass, Citibank, SentinelOne, and scores of other well-known brands. Although brand impersonation is nothing new, this campaign demonstrates the evolving tactics cybercriminals employ to entice users into […]

The post Weaponized Malware: GitHub Hosts Malware from Malwarebytes, LastPass, Citibank, SentinelOne, and More appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In my work at Tenable, I’ve had the opportunity to meet with many CIOs, CISOs and executives nationwide. I’ve seen firsthand how successful whole-of-state efforts can solve three key challenges and help agencies reduce their cyber risk. 

1. A whole-of-state approach empowers state, local and education agencies to overcome budget constraints, skill gaps and training challenges.
    
2. It transforms fragmented cybersecurity efforts into a unified, resilient and cost-effective defense that reduces cyber risk across every level of government.
    
3. A whole-of-state approach can help agencies make the most of Tenable services and capabilities.

Cyber threats to state, local and education (SLED) systems are real, costly and growing more dangerous every day. Too many breaches have already disrupted services, eroded trust and drained budgets. The time for incremental fixes has passed. What’s needed is a bold, coordinated defense that unites agencies across every level of government: a whole-of-state approach.

At Tenable we are committed to helping states turn that vision into reality. Having had the opportunity to meet with many CIOs, CISOs and executives nationwide, I’ve seen firsthand that successful whole-of-state efforts share three essential ingredients:

1. Leadership and vision: Every successful program starts with leaders who dare to think bigger — governors, county executives, state CIOs, CISO's cyber czars or local official champions who believe multiple, disparate agencies can be brought together to reduce cyber risk. Vision sets the tone, inspires collaboration and rallies stakeholders at all levels to align around reducing risk.
2. Communication: The most effective initiatives thrive on strong communication. Leaders create clear pathways for dialog where information can be shared and gathered, whether they do so through State and Local Cybersecurity Grant Program (SLCGP) committees, higher education campuses or K-12 consortia, performing standardized security assessments or using shared survey tools and structured forms. Communication ensures everyone receives consistent and clear information and builds trust, transparency and a foundation for collective action.
3. Actionable plan: Vision and communication need a roadmap to succeed. The most successful whole-of-state strategies are documented, detailed and actionable. They define clear goals, identify stakeholders, establish time frames and secure funding. Most importantly, they operationalize deployment and sustainability, ensuring plans don’t just live on paper but drive real, measurable progress.

While the whole-of-state model offers a clear path forward, it must be applied against the backdrop of real-world barriers facing SLED agencies every day as they purchase and deploy cybersecurity solutions. Limited budgets, uneven access to skilled talent and the difficulty of providing consistent training across diverse agencies remain significant obstacles. These challenges aren’t unique to one city or school district; they’re systemic across the SLG landscape.

A whole-of-state approach addresses these challenges head-on by turning fragmentation into collective strength and ensuring that cost, expertise and training gaps don’t hold back progress. Here’s a look at three core challenges facing SLED agencies, and how Tenable can help:

Lack of sufficient budget and funding to invest in modern cybersecurity protections is the biggest barrier facing many SLED agencies. Limited resources force difficult tradeoffs and can leave critical systems under-protected.

Solution: A whole-of-state approach helps close the funding gaps by consolidating demand and enabling states to negotiate from a position of strength. By pooling resources, states unlock economies of scale pricing that stretches tight budgets further, eliminates redundant spend and maximizes taxpayer value.

Many SLED agencies, especially smaller municipalities and schools, have limited IT teams that are often inundated with competing priorities, making it difficult to keep pace with today’s evolving threats and threat landscape.

Solution: A whole-of-state model allows agencies to share access to Tenable’s professional services and centralized expertise. Lessons learned in one agency benefit others, multiplying the impact of skilled guidance and raising the overall cyber maturity of the entire state.

Even with the right solutions in place, success depends on people. Without proper training, teams struggle to use tools effectively and sustain progress.

Solution: Through a whole-of-state approach, Tenable’s education programs can be delivered consistently across agencies. This creates a shared knowledge base, fosters collaboration and ensures staff at every level are equipped to protect their organization.

Whole-of-state isn’t just a strategy, it's a move towards a more resilient, efficient and collaborative future for state and local governments. By addressing cost, expertise and training head-on, states can transform fragmented defenses into unified strength. A whole-of-state approach provides the following additional benefits:

• Complete visibility into risk: A unified view of threats, vulnerabilities and exposures across all participating agencies
• Streamlined compliance and governance: Simplified adherence to federal and state regulations and industry requirements across multiple agencies
• Shared resources: Pooled funding and personnel across agencies maximize efficiency and reduce duplication
• Consistent policies: Unified cybersecurity standards and governance across all state, local and educational entities
• Faster implementation: Collective expertise accelerates deployment and reduces the time to secure critical systems
• Collaboration: Lessons learned in one agency can be applied across the entire state ecosystem
• Effective budget utilization: Optimized funding by coordinating spending across agencies to maximize impact

At Tenable, we’ve seen this model succeed. When states think holistically, act collaboratively and sustain their momentum they don’t just reduce cyber risk, they protect critical services, safeguard sensitive data and strengthen public confidence.

• Read Protecting Local Government Agencies with a Whole of State Cybersecurity Approach
• Learn more about Tenable One
• Learn more about how Tenable protects state and local government agencies

You must login to view this content

Teleport released AI Session Summaries, a new capability in Teleport Identity Security that enables customers to summarize insights from thousands of hours of session recordings in minutes. Teleport generates session recordings of SSH, Kubernetes, and database access events, capturing a granular record of who did what in infrastructure. Security and compliance teams often invest substantial time reviewing session logs in order to meet audit requirements, or to undertake forensic investigation when identifying suspicious or anomalous … More →

The post Teleport unveils AI-powered summaries for session recordings appeared first on Help Net Security.