https://securelist.com/ghostcontainer/116953/

Latest CyberSec News by @thecyberpicker
Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code
Cisco's CVE-2025-20337 flaw exposes ISE to root access via API exploit. Affects releases 3.3 & 3.4.
Co-op confirms data of 6.5 million members stolen in cyberattack
UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores.
House hearing will use Stuxnet to search for novel ways to confront OT cyberthreats | CyberScoop
The House Homeland Committee will revisit the malware to use the knowledge from the spy effort to explore the domestic threats facing the U.S. in 2025.
Ryuk ransomware operator extradited to US, faces five years in federal prison | CyberScoop
Karen Vardanyan and his co-conspirators allegedly deployed ransomware on hundreds of machines in 2019 and 2020, extorting more than $15 million from victims at the time.
U.S. Army soldier pleads guilty to extorting 10 tech, telecom firms
A 21-year old former U.S. Army soldier pleaded guilty to charges of hacking and extorting at least ten telecommunications and technology companies in the country.
Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)
International law enforcement operation disrupted the activities of the pro-Russia hacking group NoName057(16).
Louis Vuitton says regional data breaches tied to same cyberattack
Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group.
Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
We are honored to be recognized once again as a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms—our sixth consecutive year.
SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices | CyberScoop
Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers.
Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms
Matanbuchus 3.0 malware loader evolves with advanced stealth techniques, targeting companies via social engineering tactics.
Hacking Trains - Schneier on Security
Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device (FRED), also known as an End-of-Train (EOT) device, is attached to the back of a train and sends data via radio signals to a corresponding device in the locomotive called the Head-of-Train (HOT). Commands can also be sent to the FRED to apply the brakes at the rear of the train. These devices were first installed in the 1980s as a replacement for caboose cars, and unfortunately, they lack encryption and authentication protocols. Instead, the current system uses data packets sent between the front and back of a train that include a simple BCH checksum to detect errors or interference. But now, the CISA is warning that someone using a software-defined radio could potentially send fake data packets and interfere with train operations...
Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack
To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration.
« Des milliers de drones n'arriveront pas au front » : des hackers ukrainiens auraient volé les plans d'un fabricant russe - Numerama
Les services de renseignement ukrainiens et des groupes de hackers alliés déclarent avoir mené une cyberattaque d'envergure contre l’un des principaux fabricants russes de drones militaires. Près de 50 téraoctets de données auraient été dérobés, notamment les plans de modèles de drones militaires en cours de
Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild
Google patches six security flaws in Chrome, including zero-day CVE-2025-6558, exploited in the wild.
Amid border dispute, Thailand goes after Cambodian tycoon over alleged cyber scam ties
A prominent Cambodian tycoon was the subject of multiple raids conducted Tuesday by Thai police, who accused him of being involved in cyber scams.
International operation disrupts pro-Russian hacker group NoName057(16)
European and U.S. law enforcement have disrupted the operations of a pro-Russian hacker group known for launching distributed denial-of-service attacks against Ukraine and its allies.
Protecting customers from Octo Tempest attacks across multiple industries
To help protect and inform customers, Microsoft highlights protection coverage across the Microsoft Defender security ecosystem. Learn more.
Threat actor targets end-of-life SonicWall SMA 100 appliances in ongoing campaign
The hacker has deployed a backdoor to modify the boot process and has exploited several different vulnerabilities during the attack spree.
UNFI expects cyberattack to cost it at least $350 million in sales
Operations at the grocery distributor, whose customers include Whole Foods, have largely returned to normal, the company said.
Pro-Russian DDoS group NoName057(16) disrupted by international law enforcement operation | CyberScoop
An international law enforcement operation conducted this week targeted the members of and infrastructure used by NoName057(16), a pro-Russian hacktivist group that has conducted distributed denial-of-service (DDoS) attacks across Europe since early 2022.
Senate Democrats seek answers on Trump overhaul of immigrant database to find noncitizen voters | CyberScoop
As DHS seeks to transform a federal database for immigrant benefits into a supercharged database to search for noncitizen voters, a trio of senators are pressing for more information.
Scattered Spider expands its roster of tactics in recent hacks
Microsoft researchers warn they are seeing changing patterns as the cybercrime group has started trying to hack airlines and other industries after targeting retailers and insurers.
SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware
A threat actor has been deploying a previously unseen malware called OVERSTEP that modifies the boot process of fully-patched but no longer supported SonicWall Secure Mobile Access appliances.
Google spots tailored backdoor malware aimed at SonicWall appliances
Google researchers reported on a malware campaign against end-of-life SonicWall appliances, noting that the attackers were good at covering their tracks.
SquidLoader Malware Campaign Targets Hong Kong Financial Sector
A new malware campaign targeting Hong Kong finance has been identified, featuring SquidLoader to deploy Cobalt Strike Beacon
New Fortinet FortiWeb hacks likely linked to public RCE exploits
Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked as CVE-2025-25257.
Over 5.4 Million Affected in Healthcare Data Breach at Episource
A data breach at Episource has exposed the personal information of 5.4 million individuals after attackers accessed systems for 10 days
Pro-Russian Cybercrime Network Demolished in Operation Eastwood
A Europol coordinated operation has taken down key infrastructure used by pro-Russian hacktivist group NoName057(16), as well as a number of arrests
Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies
The group, known as “Diskstation,” is accused of encrypting victims’ systems and demanding large cryptocurrency ransoms to restore access to their data, Italy’s Postal and Cybersecurity Police said in a statement.