Oluwapelumi Adejumo@CryptoSlate
//
Cryptocurrency exchange Bybit has confirmed a record-breaking theft of approximately $1.46 billion in digital assets from one of its offline Ethereum wallets. The attack, which occurred on Friday, is believed to be the largest crypto heist on record. Bybit disclosed that a highly sophisticated attack resulted in the theft of more than Rs 11,972 crores in digital assets.
The theft targeted an Ethereum cold wallet, involving a manipulation of a transaction from the cold wallet to a warm wallet. This allowed the attacker to gain control and transfer the funds to an unidentified address. The incident highlights the rising trend of cryptocurrency heists, driven by the allure of profits and challenges in tracing such crimes.
Recommended read:
References :
- www.techmeme.com: ZachXBT: crypto exchange Bybit has experienced $1.46B worth of "suspicious outflows"; Bybit CEO confirms hacker took control of cold ETH wallet
- CryptoSlate: The crypto exchange ByBit has been hacked, and roughly $1.5 billion in Ethereum (ETH) has been stolen — making this one of the biggest hacks in history.
- infosec.exchange: NEW: Crypto exchange Bybit said it was hacked and suffered a loss of around $1.4 billion (~401,346 ETH) at the time of the hack.
- PCMag UK security: The Bybit exchange lost 400,000 in ETH, or about $1.4 billion, before the price began to slide, making it the biggest crypto-related hack in history.
- techcrunch.com: TechCrunch reports on the Bybit hack, disclosing a loss of approximately $1.4 billion in Ethereum.
- ciso2ciso.com: In a major cybersecurity incident, Bybit, the world’s 2nd-largest crypto exchange suffered a $1.4 billion ETH hack from a cold wallet breach.
- ciso2ciso.com: Bybit Hack: $1.4B Stolen from World’s 2nd Largest Crypto Exchange – Source:hackread.com
- cryptoslate.com: ByBit suffers $1.5 billion Ethereum heist in cold wallet breach
- www.coindesk.com: Bybit experiences USD1.46B in suspicious outflows
- BleepingComputer: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- The Cryptonomist: 3 Best Bybit Alternatives As Top CEX Is Hacked
- Gulf Business: ‘Worst hack in history’: Dubai crypto exchange Bybit suffers $1.5bn ether heist
- Anonymous ???????? :af:: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- www.bleepingcomputer.com: Hacker steals record $1.46 billion in ETH from Bybit cold wallet
- Techmeme: Bybit Loses $1.5B in Hack but Can Cover Loss, CEO Confirms (Oliver Knight/CoinDesk)
- Report Boom: Report on the Bybit crypto heist, detailing the incident and security recommendations.
- thehackernews.com: Report on the Bybit hack, highlighting the scale of the theft and its implications.
- reportboom.com: Reportboom article about Bybit's $1.46B Crypto Heist.
- www.it-daily.net: Bybit hacked: record theft of 1.5 billion US dollars
- Protos: News about the Bybit cryptocurrency exchange being hacked for over \$1.4 billion.
- The420.in: On Friday, cryptocurrency exchange Bybit disclosed that a highly sophisticated attack resulted in the theft of more than Rs 11,972 crores in digital assets from one of its offline Ethereum wallets—the largest crypto heist on record.
- TechSpot: The hackers stole the crypto from Bybit's cold wallet, an offline storage system.
- Talkback Resources: Crypto exchange Bybit was targeted in a $1.46 billion theft by the Lazarus Group, highlighting the rising trend of cryptocurrency heists driven by the allure of profits and challenges in tracing such crimes.
- www.bleepingcomputer.com: Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- www.the420.in: The420.in: Biggest Crypto Heist Ever: Bybit Loses Rs 12,000+ Crore in Sophisticated Ethereum Wallet Attack!
- www.cnbc.com: This report discusses the Bybit hack, detailing the amount stolen and the potential impact on the crypto market.
- www.engadget.com: This news piece reports on the massive crypto heist from Bybit, highlighting the scale of the incident and the impact on the crypto market.
- Techmeme: Arkham says ZachXBT submitted proof that North Korea's Lazarus Group is behind Bybit's $1.5B hack, which is the largest single theft in crypto history
- BrianKrebs: Infosec exchange post describing Bybit breach.
- Talkback Resources: Bybit cryptocurrency exchange suffered a cyberattack resulting in the theft of $1.5 billion worth of digital currency, including over 400,000 ETH and stETH, with potential vulnerabilities in the Safe.global platform's user interface exploited.
- securityaffairs.com: SecurityAffairs reports Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever.
- gulfbusiness.com: ‘Worst hack in history’: Dubai crypto exchange Bybit suffers $1.5bn ether heist
- techcrunch.com: Crypto exchange Bybit says it was hacked and lost around $1.4B
- Tekedia: The cryptocurrency industry has been rocked by what is now considered the largest digital asset theft in history, as Bybit, a leading crypto exchange, confirmed on Friday that hackers stole approximately $1.4 billion worth of Ethereum (ETH) from one of its offline wallets.
- blog.checkpoint.com: What the Bybit Hack Means for Crypto Security and the Future of Multisig Protection
- Dan Goodin: Crypto exchange Bybit said it was hacked and suffered a loss of around $1.4 billion (~401,346 ETH) at the time of the hack.
- BleepingComputer: Crypto exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- Security Boulevard: North Korea’s Lazarus Group Hacks Bybit, Steals $1.5 Billion in Crypto
- bsky.app: Elliptic is following the money on this ByBit hack - the biggest theft ot all time. “Within 2 hours of the theft, the stolen funds were sent to 50 different wallets, each holding approximately 10,000 ETH. These are now being systematically emptied�.
- Talkback Resources: Talkback Post about the $1.5B Bybit Hack: The Era of Operational Security Failures Has Arrived
- infosec.exchange: Reports that North Korean hackers stole $1.4 billion in crypto from Bybit.
- securityboulevard.com: North Korea's notorious Lazarus Group reportedly stole $1.5 billion in cryptocurrency from the Bybit exchange in what is being called the largest hack in the controversial market's history.
- billatnapier.medium.com: One of the Largest Hacks Ever? But Will The Hackers Be Able To Launder The Gains?
- thecyberexpress.com: thecyberexpress.com - Details on Bybit Cyberattack.
- Matthew Rosenquist: This may turn out to be the biggest hack in history! $1.5 BILLION.
- PCMag UK security: The $1.4 billion at Bybit—the largest known cryptocurrency heist in history—has been traced to the notorious Lazarus North Korean hacking group.
- www.nbcnews.com: Hackers steal $1.5 billion from exchange Bybit in biggest-ever crypto heist: Blockchain analysis firm Elliptic later linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking collective
- www.pcmag.com: Researchers spot the $1.4 billion stolen from Bybit moving through cryptocurrency wallets that were used in earlier heists attributed to North Korea's Lazarus hacking group.
- siliconangle.com: $1.5B in cryptocurrency stolen from Bybit in attack linked to North Korean hackers
- www.americanbanker.com: Nearly $1.5 billion in tokens lost in Bybit crypto exchange hack
- SiliconANGLE: SiliconAngle reports on the details of the Bybit hack and links it to North Korean hackers.
- techcrunch.com: TechCrunch reports on the massive crypto heist, citing research that points to North Korean hackers as perpetrators.
- OODAloop: Reports that North Korea’s Lazarus Group APT is Behind Largest Crypto Heist Ever
- : Looming Shadows: $1.5 Billion Crypto Heist Shakes Confidence in Security Measures
- Schneier on Security: Schneier on Security covers the North Korean Hackers Stealing $1.5B in Cryptocurrency.
- Dataconomy: How the Bybit hack shook the crypto world: $1.5B gone overnight
- be3.sk: Looming Shadows: $1.5 Billion Crypto Heist Shakes Confidence in Security Measures
- Risky Business Media: Risky Business #781 -- How Bybit oopsied $1.4bn
- cyberriskleaders.com: Bybit, a leading exchange, was hacked for USD1.4 billion in Ethereum and staked Ethereum, sending shockwaves through the digital asset community.
- www.csoonline.com: Independent investigation finds connections to the Lazarus Group.
- Cybercrime Magazine: Bybit suffers the largest crypto hack in history
- www.theguardian.com: Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit.
- bsky.app: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- Sergiu Gatlan: Forensic investigators have discovered that North Korean Lazarus hackers stole $1.5 billion from Bybit after first breaching a Safe{Wallet} developer machine. The multisig wallet platform has also confirmed these findings in a statement issued today.
- SecureWorld News: SecureWorld reports on the Bybit hack, attributing it to the Lazarus Group.
- OODAloop: The Largest Theft in History – Following the Money Trail from the Bybit Hack
- gbhackers.com: Researchers Uncover $1.4B in Sensitive Data Tied to ByBit Hack by Lazarus Group
- Secure Bulletin: Lazarus group’s Billion-Dollar Bybit heist: a cyber forensics analysis
- Talkback Resources: "
THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma [mal]
- infosec.exchange: NEW: Hacked crypto exchange Bybit is offering $140 million in bounties to anyone who can help locate and freeze the stolen ethereum.
- CyberInsider: Record $1.5 billion Bybit hack undermines trust in crypto security
- The Register - Security: Cryptocurrency exchange Bybit, just days after suspected North Korean operatives stole $1.5 billion in Ethereum from it, has launched a bounty program to help recover its funds.
- PCMag UK security: The malicious Javascript code used in the attack could secretly modify transactions for Safe{Wallet}, a cryptocurrency wallet provider. The suspected North Korean hackers who $1.4 billion in cryptocurrency from Bybit pulled off the heist by infiltrating a digital wallet provider and tampering with its software.
- techcrunch.com: Last week, hackers stole around $1.4 billion in Ethereum cryptocurrency from crypto exchange Bybit, believed to be the largest crypto heist in history. Now the company is offering a total of $140 million in bounties for anyone who can help trace and freeze the stolen funds. Bybit’s CEO and
- securityaffairs.com: The FBI confirmed that North Korea is responsible for the record-breaking cyber heist at the crypto exchange Bybit.
- The Register - Security: The FBI has officially accused North Korea's Lazarus Group of stealing $1.5 billion in Ethereum from crypto-exchange Bybit earlier this month, and asked for help tracking down the stolen funds.
- techcrunch.com: The FBI has said the North Korean government is “responsible� for the hack at crypto exchange Bybit, which resulted in the theft of more than $1.4 billion in Ethereum cryptocurrency.
- Talkback Resources: FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge [net] [mal]
- PCMag UK security: FBI Blames North Korea for Massive $1.4 Billion Cryptocurrency Heist
- The420.in: Rs 1.27 trillion Stolen: Bybit Joins the Ranks of Crypto’s Largest Thefts – Full List Inside
- Talkback Resources: Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers [mal]
- Tekedia: Bybit Declares War on “Notorious� Lazarus Group After $1.4B Hack, Offers $140m Reward
- SecureWorld News: The FBI officially attributed the massive to North Korea's state-sponsored hacking group, TraderTraitor, more commonly known as the infamous Lazarus Group.
- ChinaTechNews.com: North Korea was behind the theft of approximately $1.5bn in virtual assets from a cryptocurrency exchange, the FBI has said, in what is being described as the biggest heist in history.
- Wallarm: API Armor: How Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
Vasu Jakkal@Microsoft Security Blog
//
Microsoft has unveiled a significant expansion of its Security Copilot platform, integrating AI agents designed to automate security operations tasks and alleviate the workload on cybersecurity professionals. This move aims to address the increasing volume and complexity of cyberattacks, which are overwhelming security teams that rely on manual processes. The AI-powered agents will handle routine tasks, freeing up IT and security staff to tackle more complex issues and proactive security measures. Microsoft detected over 30 billion phishing emails targeting customers between January and December 2024 highlighting the urgent need for automated solutions.
The expansion includes eleven AI agents, six developed by Microsoft and five by security partners, set for preview in April 2025. Microsoft's agents include the Phishing Triage Agent in Microsoft Defender, Alert Triage Agents in Microsoft Purview, Conditional Access Optimization Agent in Microsoft Entra, Vulnerability Remediation Agent in Microsoft Intune, and Threat Intelligence Briefing Agent in Security Copilot. These agents are purpose-built for security, designed to learn from feedback, adapt to workflows, and operate securely within Microsoft’s Zero Trust framework, ensuring that security teams retain full control over their actions and responses.
Recommended read:
References :
- The Register - Software: AI agents swarm Microsoft Security Copilot
- Microsoft Security Blog: Microsoft unveils Microsoft Security Copilot agents and new protections for AI
- .NET Blog: Learn how the Xbox services team leveraged .NET Aspire to boost their team's productivity.
- Ken Yeung: Microsoft’s First CTO Says AI Is ‘Three to Five Miracles’ Away From Human-Level Intelligence
- SecureWorld News: Microsoft Expands Security Copilot with AI Agents
- www.zdnet.com: Microsoft's new AI agents aim to help security pros combat the latest threats
- www.itpro.com: Microsoft launches new security AI agents to help overworked cyber professionals
- www.techrepublic.com: After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot
- eSecurity Planet: esecurityplanet.com covers Fortifying Cybersecurity: Agentic Solutions by Microsoft and Partners
- Microsoft Security Blog: AI innovation requires AI security: Hear what’s new at Microsoft Secure
- www.csoonline.com: Microsoft has introduced a new set of AI agents for its Security Copilot platform, designed to automate key cybersecurity functions as organizations face increasingly complex and fast-moving digital threats.
- SiliconANGLE: Microsoft introduces AI agents for Security Copilot
- SiliconANGLE: Microsoft Corp. is enhancing the capabilities of its popular artificial intelligence-powered Copilot tool with the launch late today of its first “deep reasoning” agents, which can solve complex problems in the way a highly skilled professional might do.
- Ken Yeung: Microsoft is introducing a new way for developers to create smarter Copilots.
- Source Asia: Microsoft Security Copilot agents and more security innovations
- www.computerworld.com: Microsoft’s Newest AI Agents Can Detail How They Reason
Shira Landau@Email Security - Blog
//
The FBI has issued a warning regarding a new data extortion scam where criminals are impersonating the BianLian ransomware group. These fraudsters are sending physical letters through the United States Postal Service to corporate executives, claiming their networks have been breached. The letters demand Bitcoin payments in exchange for preventing the release of sensitive company data.
Analysis suggests these letters are fraudulent, and organizations, particularly within the US healthcare sector, are advised to report such incidents to the FBI. Security vendors, including Arctic Wolf and Guidepoint Security, have studied these letters and believe the campaign is a ruse by someone pretending to be BianLian. The letters mimic conventional ransom notes, demanding payments of between $250,000 to $350,000 within 10 days.
This activity highlights the evolving tactics of cybercriminals who are now employing postal mail to target high-profile individuals in an attempt to extort money under false pretenses. The FBI urges companies to implement internal protocols for verifying ransom demands and to remain vigilant against these deceptive practices. It’s crucial for organizations to discern fake attacks from real ones amidst the increasing complexity of cybercrime.
Recommended read:
References :
- Arctic Wolf: Self-Proclaimed “BianLian Group� Uses Physical Mail to Extort Organizations
- CyberInsider: Fake BianLian Ransom Notes Delivered to Executives via Post Mail
- DataBreaches.Net: Bogus ‘BianLian’ Gang Sends Snail-Mail Extortion Letters
- www.csoonline.com: Ransomware goes postal: US healthcare firms receive fake extortion letters
- PCMag UK security: Businesses Are Receiving Snail Mail Ransomware Threats, But It's a Scam
- BrianKrebs: Someone has been snail mailing letters to various businesses pretending to be the BianLian ransomware group.
- Cyber Security News: FBI Warns of Data Extortion Scam Targeting Corporate Executives
- gbhackers.com: FBI Warns: Threat Actors Impersonating BianLian Group to Target Corporate Executives
- techcrunch.com: There is no confirmed link between the campaign and the actual BianLian ransomware group, making this an elaborate impersonation.
- thecyberexpress.com: FBI Issues Urgent Warning About Data Extortion Scam Targeting Corporate Executives
- Email Security - Blog: The U.S. Federal Bureau of Investigation (FBI) has recently released an urgent advisory pertaining to a sophisticated email-based extortion campaign.
- Threats | CyberScoop: The FBI is warning business leaders about the scam perpetrated by an unidentified threat group.
- gbhackers.com: The novel approach highlights a shift in extortion tactics.
- Vulnerable U: Executives Receive Fake Snail Mail BianLian Ransomware Notes
- Malwarebytes: Ransomware threat mailed in letters to business owners
- www.scworld.com: The FBI is warning of a ransomware operation targeting C-suite executives via the US Postal Service.
- Cyber Security News: Fake BianLian Ransom Scams Target U.S. Firms Through Mailed Letters
- borncity.com: CISA warning: Cyber criminals (BianLian Groupe) attempt to blackmail executives
- Jon Greig: The FBI warned executives of a new scam where people claiming to be part of the BianLian ransomware gang are mailing physical letters with threats Arctic Wolf said it is aware of at least 20 organizations or executives who have received these letters
- Kali Linux Tutorials: Cyber Threat Group Sends Paper-Based Extortion Letters
- The DefendOps Diaries: Cybercriminals exploit YouTube's copyright system to extort creators, spreading malware and demanding ransoms.
- www.bleepingcomputer.com: Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency miners on their videos.
MalBot@malware.news
//
The US Treasury Department has sanctioned a Chinese cybersecurity firm, Sichuan Juxinhe Network Technology Co., and a Shanghai-based hacker, Yin Kecheng, for their involvement in significant cyberattacks. These attacks compromised sensitive systems at the Treasury Department and major US telecommunication companies and ISPs. Sichuan Juxinhe is linked to the Salt Typhoon hacking group, which has infiltrated numerous US telecom companies and ISPs intercepting sensitive data from high-value political officials and communication platforms. Yin Kecheng, connected to the Chinese Ministry of State Security (MSS), is associated with the recent breach of the Treasury's network, impacting systems involved in sanctions and foreign investment reviews.
The Treasury's systems, including those used by Secretary Janet Yellen, were accessed during the breach resulting in the theft of over 3,000 files. The stolen data included policy documents, organizational charts, and information on sanctions and foreign investment. The cyber activity has been attributed to the Salt Typhoon group, alongside a related group known as Silk Typhoon (formerly Hafnium), which exploited vulnerabilities in Microsoft Exchange Server and used compromised APIs. The Treasury Department stated that it will continue using its authority to hold accountable malicious actors that target American people and the US government.
Recommended read:
References :
- malware.news: US Sanctions Chinese firm behind sweeping Salt Typhoon telecom hacks
- The Hacker News: U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon
- BleepingComputer: US sanctions Chinese firm, hacker behind telecom and Treasury hacks
- ciso2ciso.com: US Sanctions Chinese Hacker & Firm for Treasury, Critical Infrastructure Breaches – Source: www.darkreading.com
- ciso2ciso.com: US sanctions Chinese hacker & firm for Treasury, critical infrastructure breaches
- : U.S. Treasury : Treasury's OFAC is sanctioning Yin Kecheng, a Shanghai-based cyber actor who was involved with the recent Department of the Treasury network compromise.
- ciso2ciso.com: U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon – Source:thehackernews.com
- www.bleepingcomputer.com: US sanctions Chinese firm, hacker behind telecom and Treasury hacks
- securityaffairs.com: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
- ciso2ciso.com: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – Source: www.securityweek.com
- Pyrzout :vm:: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – Source: www.securityweek.com
- ciso2ciso.com: The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach.
- www.tomshardware.com: News report on Chinese hackers infiltrating US Treasury Secretary's PC and gaining access to over 400 PCs.
- ciso2ciso.com: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
- www.nextgov.com: US Treasury Department sanctions imposed for Salt Typhoon's involvement.
- www.nextgov.com: The Treasury Department's sanctions follow a major hack targeting telecommunications companies and potentially impacting high-value political officials.
- Threats | CyberScoop: Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks.
- cyberscoop.com: Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks
- thecyberexpress.com: U.S. Treasury sanctions Salt Typhoon hackers
- www.csoonline.com: The US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.
- Security Affairs: The US Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD.
- Security Boulevard: U.S. Treasury Sanctions Chinese Individual, Company for Data Breaches
Amar Ćemanović@CyberInsider
//
Japanese telecom giant NTT Communications has confirmed a data breach impacting nearly 18,000 corporate customers. The company discovered unauthorized access to its internal systems on February 5, 2025. Hackers are reported to have accessed details of these organizations, potentially compromising sensitive data.
The stolen data includes customer names, contract numbers, phone numbers, email addresses, physical addresses, and information on service usage belonging to 17,891 organizations, according to NTT Com. While NTT Com has restricted access to compromised devices and disconnected another compromised device, the specific nature of the cyberattack and the identity of the perpetrators remain unknown. It’s not yet known how many individuals had personal data stolen.
Recommended read:
References :
- Carly Page: Japanese telecom giant NTT Communications says hackers stole the data of almost 18,000 corporate customers during a February cyberattack. It’s not yet known how many individuals had personal data stolen or who was behind the NTT breach
- CyberInsider: NTT Communications Suffers Data Breach Impacting 18,000 Companies
- BleepingComputer: Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident.
- techcrunch.com: Unidentified hackers breached NTT Com’s network to steal personal information of employees at thousands of corporate customers
- bsky.app: Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident.
- The DefendOps Diaries: Lessons from the NTT Data Breach: A 2025 Perspective
- bsky.app: Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident.
- www.scworld.com: NTT Communications says hackers stole the data of almost 18,000 corporate customers during a February cyberattack
- securityaffairs.com: Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies
- The420.in: Japanese Telecom Giant NTT Suffers Data Breach, Impacting 18,000 Companies
- www.it-daily.net: The Japanese ICT provider NTT Communications (NTT Com) has admitted to a serious security breach that resulted in the loss of information on a total of 17,891 corporate customers.
- www.scworld.com: Nearly 18K orgs' data compromised in NTT Communications hack
@cyberscoop.com
//
The Chinese nation-state hacking group Salt Typhoon, despite facing US sanctions, continues to actively target telecommunications providers. Between December 2024 and January 2025, Recorded Future observed Salt Typhoon breaching five telecom firms, including a US-based affiliate of a UK telecom provider, a US internet service provider, and companies in Italy, South Africa, and Thailand. The group also performed reconnaissance on a Myanmar-based telecom provider.
Salt Typhoon exploited vulnerabilities in Cisco IOS XE software, specifically CVE-2023-20198 and CVE-2023-20273, to compromise unpatched Cisco devices. They attempted to compromise over 1,000 Cisco routers globally, focusing on those within telecom networks. Additionally, Salt Typhoon targeted universities, including the University of California and Utah Tech, potentially seeking access to research related to telecommunications and engineering.
Recommended read:
References :
- cyberscoop.com: Salt Typhoon remains active, hits more telecom networks via Cisco routers
- The Register - Security: More victims of China's Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs
- Carly Page: The China-backed Salt Typhoon group is still hacking telecommunications providers, despite government sanctions. Recorded Future says Salt Typhoon breached five firms between December and January, including a US affiliate of a prominent UK provider and a US-based ISP
- techcrunch.com: The China-backed Salt Typhoon group is still hacking telecommunications providers, despite government sanctions.
- www.wired.com: Wired's coverage of Salt Typhoon's ongoing hacking activities.
- Threats | CyberScoop: Salt Typhoon remains active, hits more telecom networks via Cisco routers
- cyberinsider.com: Chinese Hackers Breach Cisco Devices in Global Telecom Attacks
- securebulletin.com: RedMike (Salt Typhoon) continues global Telecom attacks
- CyberInsider: Chinese Hackers Breach Cisco Devices in Global Telecom Attacks
- Secure Bulletin: Report on RedMike's continued attacks on telecom providers.
- Talkback Resources: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks [exp] [net]
- Talkback Resources: Chinese state-sponsored APT group Salt Typhoon targets telecommunications providers and universities by exploiting Cisco vulnerabilities, creating privileged accounts, bypassing firewalls, and exfiltrating data using GRE tunnels, prompting organizations to patch devices, enforce access controls, and monitor for unauthorized changes.
- Talkback Resources: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
- PCMag UK security: China's Salt Typhoon Spies Are Still Eavesdropping on Global Networks
- ciso2ciso.com: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
- ciso2ciso.com: Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks – Source: www.securityweek.com
- securityaffairs.com: China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
- securityaffairs.com: China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
- BleepingComputer: China's Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices.
- industrialcyber.co: Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities
- securityonline.info: Cybersecurity researchers at Insikt Group have identified an ongoing cyber espionage campaign by RedMike (also tracked as Salt Typhoon).
- Industrial Cyber: Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities
- SecureWorld News: Salt Typhoon Expands Espionage Campaign, Targets Cisco Routers
- Cisco Talos Blog: Weathering the storm: In the midst of a Typhoon
- cyberscoop.com: Cisco Talos observed the campaign targeting major U.S. telecommunication companies and observed the attackers primarily used legitimate login credentials to gain initial access, making detection and prevention difficult.
- cyberscoop.com: Salt Typhoon gained initial access to telecoms through Cisco devices
- securityaffairs.com: Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
@cyberscoop.com
//
Concerns are mounting over potential cybersecurity failures within the Department of Government Efficiency (DOGE), as experts express alarm over Elon Musk's takeover of key Treasury systems. The situation involves a 25-year-old DOGE team member allegedly writing backdoors into the Treasury’s $6 trillion payment system, raising serious national security concerns. These backdoors could compromise sensitive financial data, including information related to government payroll, tax records, and financial transactions, potentially leading to espionage and financial manipulation.
The alleged security failures are compounded by reports that the DOGE team member had full administrator privileges to sensitive systems, going beyond the initially claimed "read-only" access. Sensitive veterans' data, including information about Department of Veterans Affairs benefits, are among the Treasury Department records Elon Musk's so-called Department of Government Efficiency now has access to. The lack of transparency and oversight surrounding DOGE's access to these systems has prompted Senator Elizabeth Warren to demand answers from the Treasury Secretary regarding the "security and management failure."
Recommended read:
References :
- ciso2ciso.com: Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
- Pyrzout :vm:: Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
- The Register - On-Prem: Musk’s DOGE ship gets ‘full’ access to Treasury payment system, sinks USAID
- The Verge: Elon Musk is staging a takeover of the federal budget
- www.techdirt.com: A 25-Year-Old Is Writing Backdoors Into The Treasury’s $6 Trillion Payment System. What Could Possibly Go Wrong?
- cyberscoop.com: Cybersecurity, government experts are aghast at security failures in DOGE takeover
- ciso2ciso.com: Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
- PCMag UK security: Judge Blocks DOGE's Access to Treasury Systems
- The Verge: Federal judge blocks DOGE from accessing sensitive Treasury records
- techxplore.com: TechXplore article questioning if the DOGE initiative is a cybersecurity threat.
Shaun Nichols@scmagazine.com
//
North Korea is reportedly launching a new cybersecurity research unit called Research Center 227, which will be housed within the intelligence agency Reconnaissance General Bureau (RGB). The unit will focus on AI-based hacking and stealing digital assets. This strategic move aims to enhance the regime’s capabilities in cyber warfare, particularly in offensive hacking technologies and programs. It is reported that the new facility is located in Pyongyang and at least 90 cybersecurity professionals have been assigned to the unit.
The "Research Center 227" is reportedly focused on using AI for cyberattacks. North Korean hackers are also known to masquerade as remote IT workers, recruiters, and even venture capitalists to steal cryptocurrency and sensitive information. This tactic allows them to gain employment at unsuspecting companies around the world, steal money, or intellectual property valuable to the totalitarian state.
Recommended read:
References :
- infosec.exchange: North Korea is reportedly launching a new cybersecurity research unit called Research Center 227, which will be housed within the intelligence agency Reconnaissance General Bureau (RGB), and will focus on AI-based hacking and stealing digital assets.
- techcrunch.com: North Korea launches new unit with a focus on AI hacking, per report
- Data loss ? Graham Cluley: North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets
- www.scworld.com: North Korea launches hacking hub focused on artificial intelligence
- www.techradar.com: North Korea unveils new military unit targeting AI attacks
- bsky.app: bsky.app post about North Korea's new AI hacking unit
Ameer Owda@socradar.io
//
Cisco has released patches to address two critical remote code execution vulnerabilities in its Identity Services Engine (ISE). The flaws, tracked as CVE-2025-20124 (CVSS score 9.9) and CVE-2025-20125 (CVSS score 9.1), could allow a remote attacker with read-only administrative privileges to execute arbitrary commands on affected devices. The vulnerabilities could prevent privilege escalation and system configuration changes.
The first vulnerability, CVE-2025-20124, is due to insecure deserialization of user-supplied Java byte streams, allowing attackers to execute arbitrary commands and elevate privileges by sending a crafted serialized Java object to an affected API. The second, CVE-2025-20125, is an authorization bypass issue that could allow attackers to obtain sensitive information, modify system configurations, and restart the node by sending a crafted HTTP request to a specific API. Cisco warns that there are no workarounds, advising customers to migrate to a fixed software release as soon as possible.
Recommended read:
References :
- securityaffairs.com: Cisco addressed critical flaws in Identity Services Engine, preventing privilege escalation and system configuration changes.
- securityonline.info: CVE-2025-20124 (CVSS 9.9) & CVE-2025-20125 (CVSS 9.1): Cisco Patches Critical Flaws in Identity Services Engine
- ciso2ciso.com: Cisco addressed two critical flaws in its Identity Services Engine (ISE) – Source: securityaffairs.com
- ciso2ciso.com: Cisco addressed two critical flaws in its Identity Services Engine (ISE) – Source: securityaffairs.com
- securityonline.info: Cisco has issued a security advisory addressing two critical vulnerabilities in its Identity Services Engine (ISE), a network
- Pyrzout :vm:: Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities – Source:sec.cloudapps.cisco.com #'Cyber
- BleepingComputer: Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root.
- socradar.io: Critical Cisco ISE Vulnerabilities Patched: CVE-2025-20124 & CVE-2025-20125
- The Hacker News: Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
- www.csoonline.com: Cisco’s ISE bugs could allow root-level command execution
- www.bleepingcomputer.com: Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root.
- ciso2ciso.com: Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc – Source:thehackernews.com
- ciso2ciso.com: Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc – Source:thehackernews.com
- ciso2ciso.com: Cisco’s ISE bugs could allow root-level command execution – Source: www.csoonline.com
Pierluigi Paganini@Security Affairs
//
The LockBit ransomware group, known for impacting numerous organizations globally, has faced a significant development with the extradition of Rostislav Panev to the United States. Panev, a dual Russian-Israeli national, is suspected of being a key developer for the LockBit ransomware operation. He was apprehended in Israel last August, where authorities discovered incriminating evidence on his laptop, including credentials for LockBit's internal control panel and source code for LockBit encryptors and the gang's StealBit data theft tool.
Panev is accused by the U.S. Department of Justice of developing LockBit's ransomware encryptors and StealBit, with activities spanning from June 2022 to February 2024. The LockBit ransomware group has been active since 2019, impacting over 2,500 victims across 120 countries. The extradition signifies a major step in holding individuals accountable for their roles in facilitating the widespread damage caused by LockBit ransomware.
Recommended read:
References :
- securityaffairs.com: The LockBit ransomware group has impacted over 2,500 victims in 120 countries.
- BleepingComputer: LockBit ransomware operator Rostislav Panev was extradited to the US, admitting to development and maintenance of the malware and providing technical guidance to the group.
- www.scworld.com: The LockBit ransomware group has been active since 2019 and has impacted over 2,500 victims in 120 countries, causing significant financial damage.
@securityboulevard.com
//
Intruder, a leader in attack surface management, has enhanced its free vulnerability intelligence platform, Intel, by launching AI-generated descriptions for Common Vulnerabilities and Exposures (CVEs). This enhancement helps security teams assess risk faster. The new feature addresses a common pain point among cybersecurity professionals: the often vague and technical descriptions provided by the National Vulnerability Database (NVD).
With thousands of vulnerabilities published every year, security teams rely on NVD as a key resource for researching CVEs. However, NVD descriptions frequently lack clarity or context, making it difficult to determine potential impact quickly. Intruder's AI summaries transform NVD descriptions into clear, concise, and actionable insights, helping teams assess and respond to risks faster. According to Chris Wallis, CEO & Founder of Intruder, this makes it easier for security professionals to quickly gauge what a vulnerability is and decide what action to take.
Recommended read:
References :
- gbhackers.com: Intel by Intruder now uses AI to contextualize NVD descriptions, helping security teams assess risk faster.
- hackernoon.com: Intruder has launched AI-generated descriptions for Common Vulnerabilities and Exposures (CVEs) within its free vulnerability intelligence platform, __Intel.
- Security Boulevard: London, United Kingdom, 18th February 2025, CyberNewsWire The post appeared first on .
- www.cybersecurity-insiders.com: London, United Kingdom, 18th February 2025, CyberNewsWire The post appeared first on .
- gbhackers.com: Intel by Intruder now uses AI to contextualize NVD descriptions, helping security teams assess risk faster.
- securityaffairs.com: Intruder Enhances Free Vulnerability Intelligence Platform ‘Intel’ with AI-Generated CVE Descriptions
do son@Daily CyberSecurity
//
A server-side request forgery (SSRF) vulnerability, identified as CVE-2024-27564, is being actively exploited within OpenAI's ChatGPT infrastructure. Cybersecurity firm Veriti has uncovered over 10,000 attack attempts in a single week originating from a single malicious IP address. The vulnerability allows attackers to inject malicious URLs into input parameters, forcing the application to make unintended requests. Despite being classified as a medium-severity issue, this flaw poses significant risks to organizations.
Veriti's research indicates that financial institutions are primary targets due to their reliance on AI-driven services and API integrations, making them susceptible to SSRF attacks that can compromise internal resources and sensitive data. Government organizations in the U.S. have also been targeted. Alarmingly, 35% of organizations are inadequately protected due to misconfigurations in their Intrusion Prevention Systems (IPS), Web Application Firewalls (WAF), and traditional firewalls, highlighting the importance of vigilance against all threats, regardless of severity.
Recommended read:
References :
- hackread.com: Hackers Exploit ChatGPT with CVE-2024-27564, 10,000+ Attacks in a Week
- securityaffairs.com: ChatGPT SSRF bug quickly becomes a favorite attack vector
- securityonline.info: CVE-2024-27564: Attackers Exploit OpenAI Vulnerability in the Wild
- Rescana: Global Alert: CVE-2024-27564 Vulnerability in OpenAI ChatGPT Threatens Critical Sectors
Louis Columbus@AI News | VentureBeat
//
Cloudflare is addressing the growing need for robust cyber security in the face of emerging technologies and cyber threats, particularly concerning quantum computing. They've announced that organizations can now protect their sensitive corporate network traffic against potential quantum threats through their Zero Trust platform. This allows customers to tunnel corporate network traffic through Cloudflare's Zero Trust platform using post-quantum cryptography, effectively upgrading network security without requiring customers to manage the complex cryptographic updates themselves.
Recent breakthroughs in quantum computing highlight the vulnerability of conventional cryptography, and Cloudflare has been at the forefront of developing and implementing post-quantum cryptography since 2017. The National Institute of Standards and Technology (NIST) has also set a timeline to phase out RSA and Elliptic Curve Cryptography (ECC) by 2035, emphasizing the urgency of this transition. Cloudflare reports that over 35% of the non-bot HTTPS traffic that touches Cloudflare today is post-quantum secure, and users of major browsers like Chrome, Edge, and Firefox already benefit from this enhanced security.
Recommended read:
References :
- The Cloudflare Blog: Conventional cryptography is under threat. Upgrade to post-quantum cryptography with Cloudflare Zero Trust
- venturebeat.com: AI vs. AI: 6 ways enterprises are automating cybersecurity to counter AI-powered attacks
@blogs.microsoft.com
//
Microsoft is taking legal action against a foreign-based hacking group accused of operating a "hacking-as-a-service" infrastructure. This group exploited stolen Azure API keys and customer Entra ID credentials to bypass the safety controls of Microsoft's generative AI services, particularly the Azure OpenAI Service. They are said to have developed sophisticated software to gain access, and then intentionally alter the capabilities of those services. This allowed them to generate offensive and harmful content, which was then distributed through tools sold to other malicious actors. This abuse was discovered by Microsoft in July 2024, leading to the lawsuit.
Microsoft's Digital Crimes Unit has stated that the threat actors actively scraped public websites to obtain exposed customer credentials. The group monetized their illicit access by selling custom tools, alongside detailed instructions on generating harmful content. The lawsuit seeks to dismantle the group’s operation, including seizing websites like "aitism[.]net" central to their criminal activity. Microsoft has since revoked the threat-actor's access, put in place countermeasures and strengthened their safeguards to prevent future incidents. The threat actor group is believed to have targeted not only Microsoft but other AI platforms and U.S. based companies, including those in Pennsylvania and New Jersey.
Recommended read:
References :
- ciso2ciso.com: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation – Source:thehackernews.com
- osint10x.com: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
- The Hacker News: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
- Pyrzout :vm:: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation – Source:thehackernews.com
- www.the420.in: Microsoft Sues Hackers for Exploiting AI Services with Stolen Azure Credentials
- Schneier on Security: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
- arstechnica.com: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
- Osint10x: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
- blogs.microsoft.com: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
Divya@gbhackers.com
//
Researchers from Duke University and Carnegie Mellon University have successfully jailbroken several leading AI language models, including OpenAI’s o1/o3, DeepSeek-R1, and Google’s Gemini 2.0 Flash. The team developed a novel attack method called Hijacking Chain-of-Thought (H-CoT), which exploits the reasoning processes of these models to bypass safety mechanisms designed to prevent harmful outputs. This research highlights significant security vulnerabilities in advanced AI systems and raises concerns about their potential misuse.
The researchers introduced the Malicious-Educator benchmark, which utilizes seemingly harmless educational prompts to mask dangerous requests. They found that all tested models failed to consistently recognize these contextual deceptions. For example, DeepSeek-R1 proved particularly susceptible to financial crime queries, providing actionable money laundering steps in a high percentage of test cases. The team has shared mitigation strategies with affected vendors.
Recommended read:
References :
- gbhackers.com: Researchers Jailbreak OpenAI o1/o3, DeepSeek-R1, and Gemini 2.0 Flash Models
- Talkback Resources: GitHub - dukeceicenter/jailbreak-reasoning-openai-o1o3-deepseek-r1 [mal]
- The Register - Software: How nice that state-of-the-art LLMs reveal their reasoning ... for miscreants to exploit
Pierluigi Paganini@Security Affairs
//
Microsoft has issued updates to address a critical vulnerability, CVE-2025-24989, impacting its Power Pages platform. This flaw, a high-severity issue, is already being actively exploited in the wild, allowing unauthorized access to websites. Threat actors can leverage the vulnerability to achieve privilege escalation within targeted networks and evade user registration controls, granting them unauthorized access to sites.
Microsoft reports that the vulnerability, CVE-2025-24989, only impacts certain Power Pages users. The company urges users to examine their websites for possible compromise. The U.S. CISA has added the Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog.
Recommended read:
References :
- securityaffairs.com: U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog
- socradar.io: Microsoft Patches Power Pages Zero-Day (CVE-2025-24989) & Recent PAN-OS Flaw (CVE-2025-0111) Joins CISA KEV
- www.scworld.com: Actively exploited Microsoft Power Pages flaw patched
- Report Boom: Microsoft has addressed a high-severity issue in Power Pages, CVE-2025-24989...
Fred Oh@NVIDIA Newsroom
//
NVIDIA's CUDA libraries are increasingly vital in modern cybersecurity, bolstering defenses against emerging cyber threats like malware, ransomware, and phishing. Traditional cybersecurity measures struggle to keep pace with these evolving threats, especially with the looming risk of quantum computers potentially decrypting today's data through "harvest now, decrypt later" strategies. NVIDIA's accelerated computing and high-speed networking technologies are transforming how organizations protect their data, systems, and operations, enhancing both security and operational efficiency.
CUDA libraries are crucial for accelerating AI-powered cybersecurity. NVIDIA GPUs are essential for training and deploying AI models, offering faster AI model training, enabling real-time inference for identifying vulnerabilities, and automating repetitive security tasks. For example, AI-driven intrusion detection systems, powered by NVIDIA GPUs, can analyze billions of events per second to detect anomalies that traditional systems might miss. This real-time threat detection and response capability minimizes downtime and allows businesses to respond proactively to potential cyberattacks.
Recommended read:
References :
- NVIDIA Newsroom: CUDA Accelerated: How CUDA Libraries Bolster Cybersecurity With AI
- TechPowerUp: NVIDIA Explains How CUDA Libraries Bolster Cybersecurity With AI
@www.ghacks.net
//
Recent security analyses have revealed that the iOS version of DeepSeek, a widely-used AI chatbot developed by a Chinese company, transmits user data unencrypted to servers controlled by ByteDance. This practice exposes users to potential data interception and raises significant privacy concerns. The unencrypted data includes sensitive information such as organization identifiers, software development kit versions, operating system versions, and user-selected languages. Apple's App Transport Security (ATS), designed to enforce secure data transmission, has been globally disabled in the DeepSeek app, further compromising user data security.
Security experts from NowSecure recommend that organizations remove the DeepSeek iOS app from managed and personal devices to mitigate privacy and security risks, noting that the Android version of the app exhibits even less secure behavior. Several U.S. lawmakers are advocating for a ban on the DeepSeek app on government devices, citing concerns over potential data sharing with the Chinese government. This mirrors previous actions against other Chinese-developed apps due to national security considerations. New York State has already banned government employees from using the DeepSeek AI app amid these concerns.
Recommended read:
References :
- cset.georgetown.edu: China’s ability to launch DeepSeek’s popular chatbot draws US government panel’s scrutiny
- PCMag Middle East ai: House Bill Proposes Ban on Using DeepSeek on Government-Issued Devices
- Information Security Buzz: Recent security analyses have found that the iOS version of DeepSeek transmits user data unencrypted.
- www.ghacks.net: Security analyses revealed unencrypted data transmission by DeepSeek's iOS app.
- iHLS: Article about New York State banning the DeepSeek AI app.
@csoonline.com
//
Three critical zero-day vulnerabilities have been discovered in VMware products, leading to active exploitation in the wild. The vulnerabilities affect VMware ESXi, Workstation, and Fusion, potentially allowing attackers to execute arbitrary code and escalate privileges. Microsoft's Threat Intelligence Center (MSTIC) uncovered the vulnerabilities, and they have since been added to CISA's Known Exploited Vulnerabilities Catalog.
Affected VMware products include ESXi versions 8.0 and 7.0, Workstation 17.x, Fusion 13.x, Cloud Foundation 5.x and 4.5.x, and Telco Cloud Platform 5.x, 4.x, 3.x, and 2.x. The vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, carry CVSSv3 scores of 9.3, 8.2, and 7.1 respectively. Organizations using these VMware products are strongly advised to apply the available patches immediately to mitigate the risks associated with these flaws.
Recommended read:
References :
- cyble.com: Three critical zero-day vulnerabilities in VMware products, affecting VMware ESXi, Workstation, and Fusion, were reported as exploited in the wild.
- research.kudelskisecurity.com: Three critical zero-day vulnerabilities found in VMware products were actively being exploited in the wild.
- MSSP feed for Latest: Multiple zero-day vulnerabilities in VMware's ESXi, Workstation, and Fusion products were identified and confirmed by VMware, with evidence of active exploitation.
@securityboulevard.com
//
CyTwist has launched a new security solution featuring a patented detection engine designed to combat the growing threat of AI-driven cyberattacks. The company, a leader in next-generation threat detection, is aiming to address the increasing sophistication of malware and cyber threats generated through artificial intelligence. This new engine promises to identify AI-driven malware in minutes, offering a defense against the rapidly evolving tactics used by cybercriminals. The solution was unveiled on January 7th, 2025, and comes in response to the challenges posed by AI-enhanced attacks which can bypass traditional security systems.
The rise of AI-generated threats, including sophisticated phishing emails, adaptive botnets, and automated reconnaissance tools, is creating a more complex cybersecurity landscape. CyTwist’s new engine employs advanced behavioral analysis to identify stealthy AI-driven campaigns and malware, which can evade leading EDR and XDR solutions. A recent attack on French organizations highlighted the capability of AI-engineered malware to exploit advanced techniques to remain undetected, making CyTwist's technology a needed development in the security sector.
Recommended read:
References :
- ciso2ciso.com: CyTwist Launches Advanced Security Solution to identify AI-Driven Cyber Threats in minutes – Source:hackread.com
- gbhackers.com: CyTwist Launches Advanced Security Solution to Identify AI-Driven Cyber Threats in Minutes
- securityboulevard.com: News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes
- www.lastwatchdog.com: News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes
- ciso2ciso.com: CyTwist Launches Advanced Security Solution to identify AI-Driven Cyber Threats in minutes – Source: www.csoonline.com
- Security Boulevard: News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes
- ciso2ciso.com: CyTwist Launches Advanced Security Solution to identify AI-Driven Cyber Threats in minutes – Source: www.csoonline.com
|
|
DeeperML - #cybersecurity