Cyber Security News

In an era where digital identities have become the primary attack vector, CISOs face unprecedented pressure to secure access across increasingly complex ecosystems. Identity and Access Management (IAM) is no longer a siloed IT function but the cornerstone of organizational resilience. With 80% of breaches involving compromised credentials and non-human identities outnumbering humans 45-to-1, CISOs […]

The post Identity and Access Management (IAM) – The CISO’s Core Focus in Modern Cybersecurity appeared first on Cyber Security News.

In the ever-changing world of cybersecurity, organizations are constantly challenged to choose the right security operations model that best supports their penetration testing teams. The decision often comes down to selecting between traditional security operations and the more advanced Managed Detection and Response (MDR) solutions. Both approaches offer unique benefits and limitations, and understanding their […]

The post MDR vs. Traditional Security Operations: What’s Right For Your Penetration Testing Team? appeared first on Cyber Security News.

In an era of digital transformation and rising cyber threats, Building Trust Through Transparency has become a critical mission for the Chief Information Security Officer (CISO), who has evolved from a technical expert to a strategic leader responsible for protecting organizational trust. Transparency in cybersecurity practices is no longer optional but critical to effective leadership. […]

The post Building Trust Through Transparency – CISO Cybersecurity Practices appeared first on Cyber Security News.

Despite significant disruptions by international law enforcement operations targeting major ransomware schemes, cybercriminal groups continue demonstrating remarkable adaptability in 2025. Two noteworthy ransomware operations, DragonForce and Anubis, have introduced innovative affiliate models designed to expand their reach and increase profitability in the ever-evolving cybercrime landscape. DragonForce, which emerged in August 2023 as a traditional ransomware-as-a-service […]

The post DragonForce and Anubis Ransomware Operators Unveils New Affiliate Models appeared first on Cyber Security News.

A sophisticated phishing campaign dubbed “Power Parasites” has been actively targeting global energy giants and major brands since 2024, according to a comprehensive threat report released this week. The ongoing campaign primarily exploits the names and branding of prominent energy companies including Siemens Energy, Schneider Electric, EDF Energy, Repsol S.A., and Suncor Energy through elaborately […]

The post New Power Parasites Phishing Attack Targeting Energy Companies and Major Brands appeared first on Cyber Security News.

Social engineering has become the dominant attack vector in the modern cybersecurity landscape. As technical defenses evolve and strengthen, attackers have shifted their focus to the human element, exploiting psychological vulnerabilities to bypass even the most robust security systems. Studies indicate that social engineering is a factor in the vast majority of successful cyberattacks, with […]

The post Social Engineering Awareness: How CISOs And SOC Heads Can Protect The Organization appeared first on Cyber Security News.

Extended Detection and Response (XDR) has emerged as a transformative security technology that unifies visibility across multiple security layers. When applied to penetration testing methodologies, XDR offers unprecedented capabilities for identifying vulnerabilities that might otherwise remain hidden. This article explores how security professionals can leverage XDR capabilities during penetration testing to enhance vulnerability discovery, validate […]

The post XDR In Penetration Testing: Leveraging Advanced Detection To Find Vulnerabilities appeared first on Cyber Security News.

As the world becomes increasingly reliant on digital infrastructure, data centers have evolved into the backbone of business operations, cloud services, and critical government functions. With projections showing global data center capacity rising sharply over the next decade, the security of these facilities has never been more crucial. The complexity and scale of modern data […]

The post How To Build A Data Center Security Strategy For 2025 And Beyond appeared first on Cyber Security News.

As we navigate 2025, Chief Information Security Officers (CISOs) must prepare for the Top 5 Cybersecurity Risks emerging from a rapidly evolving threat landscape driven by technological advancements, geopolitical tensions, and increasingly sophisticated attacker tactics.” The role of CISOs has transformed significantly, shifting from purely technical guardians to strategic business leaders who must balance security […]

The post Top 5 Cybersecurity Risks CISOs Must Tackle in 2025 appeared first on Cyber Security News.

According to security researchers at CERT Orange Cyberdefense, a critical remote code execution (RCE) vulnerability in Craft CMS is actively being exploited to breach servers and steal data. The vulnerability, tracked as CVE-2025-32432 and assigned a maximum CVSS score of 10.0, affects all versions of Craft CMS prior to 3.9.15, 4.14.15, and 5.6.17. CMS RCE […]

The post Critical Craft CMS RCE 0-Day Vulnerability Exploited in Attacks to Steal Data appeared first on Cyber Security News.

ConnectWise has released an urgent security patch for its ScreenConnect remote access software to address a serious vulnerability that could allow attackers to execute malicious code on affected systems. The vulnerability, identified as CVE-2025-3935 and tracked under CWE-287 (Improper Authentication), affects all ScreenConnect versions up to and including 25.2.3. Security researchers discovered that ScreenConnect versions […]

The post Critical ScreenConnect Vulnerability Let Attackers Inject Malicious Code appeared first on Cyber Security News.

In a significant escalation of digital deception tactics, threat actors have registered over 26,000 domains in March 2025 alone, designed to impersonate legitimate brands and government services. These malicious domains serve as landing pages for sophisticated smishing (SMS phishing) campaigns, where unsuspecting users receive text messages containing links to what appear to be legitimate services. […]

The post Threat Actors Registered 26k+ Domains Mimic Brands to Trick Users appeared first on Cyber Security News.

A pair of newly discovered jailbreak techniques has exposed a systemic vulnerability in the safety guardrails of today’s most popular generative AI services, including OpenAI’s ChatGPT, Google’s Gemini, Microsoft’s Copilot, DeepSeek, Anthropic’s Claude, X’s Grok, MetaAI, and MistralAI. These jailbreaks, which can be executed with nearly identical prompts across platforms, allow attackers to bypass built-in […]

The post New Inception Jailbreak Attack Bypasses ChatGPT, DeepSeek, Gemini, Grok, & Copilot appeared first on Cyber Security News.

In a concerning development that marks a significant escalation in cyber warfare tactics, Russian hackers have been detected attempting to infiltrate and sabotage the digital control system of a critical Dutch public service. The attack, identified in 2024, represents the first known cyber sabotage attempt against Dutch infrastructure, setting a dangerous precedent for future operations. […]

The post Russian Hackers Attempting to Sabotage The Digital Control System of a Dutch Public Service appeared first on Cyber Security News.

Managed service providers (MSPs) are increasingly popular cyberattack targets. These entities often have numerous endpoints and distributed networks that create many opportunities for adversaries seeking weaknesses to exploit. Security awareness training is just one aspect of defense efforts, but it is important since attackers directly target unsuspecting humans. What are the most affordable security awareness […]

The post 6 Best Security Awareness Training Platforms For MSPs in 2025 appeared first on Cyber Security News.

Blue Shield of California has disclosed a significant data breach affecting 4.7 million members, representing the majority of its nearly 6 million customers.  The health insurance provider revealed that protected health information (PHI) was inadvertently shared with Google’s advertising platforms over a nearly three-year period due to a misconfiguration of Google Analytics on the company’s […]

The post Blue Shield Leaked Health Info of 4.7M patients with Google Ads appeared first on Cyber Security News.

Microsoft has launched an expanded bug bounty program offering rewards of up to $30,000 for researchers who identify critical vulnerabilities in AI systems within its Dynamics 365 and Power Platform products.  The initiative, announced by Microsoft Security Response, aims to strengthen security in enterprise AI by incentivizing ethical hackers to uncover potential weaknesses before malicious […]

The post Microsoft to Offer Rewards Up to $30,000 for AI Vulnerabilities appeared first on Cyber Security News.

A significant increase in suspicious scanning activity targeting Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN systems, signaling a potential coordinated reconnaissance effort by threat actors.  The spike, registering more than 230 unique IP addresses probing ICS/IPS endpoints in a single day, represents a ninefold increase over the typical daily baseline of fewer […]

The post 1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities appeared first on Cyber Security News.

In an era where cyber threats evolve faster than regulatory frameworks, Vice Presidents (VPs) of Security are redefining their roles from compliance enforcers to strategic business leaders. While adherence to standards like GDPR and HIPAA remains critical, forward-thinking security executives recognize that a checkbox mentality leaves organizations vulnerable. Today’s VPs prioritize initiatives that align cybersecurity […]

The post Beyond Compliance – How VPs of Security Drive Strategic Cybersecurity Initiatives appeared first on Cyber Security News.

A cyber-aware culture is the backbone of any resilient organization in today’s digital world. As cyber threats become more advanced and frequent, safeguarding sensitive data and systems can no longer rest solely with IT departments. Chief Information Security Officers (CISOs) are now tasked with embedding security awareness into the organization’s very fabric. This means transforming […]

The post Building a Cyber-Aware Culture – CISO’s Step-by-Step Plan appeared first on Cyber Security News.