Author: Staff Writer

Fast Facts Effective management of Non-Human Identities (NHIs) through comprehensive lifecycle oversight—discovery, monitoring, and remediation—is crucial for reducing security risks, ensuring compliance, and boosting operational efficiency in cloud environments. Automating secrets rotation and decommissioning minimizes vulnerabilities, prevents human errors, and enhances security posture, making automation a vital component in managing complex machine identities at scale. Robust NHI management supports cloud agility without compromising security, enabling seamless application deployment and transaction integrity through real-time monitoring and secure identity handling. Building a resilient cybersecurity ecosystem requires proactive incident response plans, collaboration across security teams, and engagement with broader security communities to adapt…

Essential Insights The researchers analyzed 380,000 posts across 90 Facebook groups involved in illicit Indian call centers sharing “Crime-as-a-Service,” highlighting prevalent scam activities like tech support and phishing. Despite reporting numerous groups to Meta, only a few have been removed; hundreds remain active, illustrating challenges in content moderation. Examples include groups selling fake tech support calls, phishing kits, and services like email blasting and money laundering facilitation, with some admins operating across multiple groups. Advanced tech developed by academic partners enables large-scale analysis of these scam posts, crucial for understanding evolving cybercrime trends and informing countermeasures. The Core Issue Raghavendra…

Fast Facts Oracle Alert: A new high-severity vulnerability (CVE-2025-61884) in Oracle E-Business Suite (versions 12.2.3 to 12.2.14) allows unauthenticated remote access via HTTP, risking sensitive data exposure. The flaw, rated 7.5 on CVSS, enables attackers to compromise Oracle Configurator and potentially access all associated data, emphasizing urgent patching. Recent threat reports link this vulnerability to breaches involving malware like GOLDVEIN, SAGEGIFT, SAGELEAF, and SAGEWAVE, possibly orchestrated by groups tied to Cl0p ransomware. Oracle warns that while exploitation in the wild is not confirmed, the flaw’s exploitable nature makes immediate updates critical for affected deployments. Underlying Problem Recently, Oracle issued a…

Top Highlights Spanish Guardia Civil dismantled the "GXC Team," a cybercrime group led by Brazilian “GoogleXcoder,” responsible for phishing, malware, and voice-scam tools targeting multiple countries. The group operated a high-level crime-as-a-service platform offering AI-powered phishing kits, Android malware, and campaign support, creating over 250 phishing sites and intercepting OTPs. Police raids across several Spanish cities recovered devices, source code, communications, and financial records, seizing cryptocurrency and shutting down scam-promoting Telegram channels. Ongoing investigations, aided by forensic analysis and transaction tracking of the arrested leader, could lead to more arrests and reveal a broader criminal network. What’s the Problem? The…

Summary Points Recent cyber incidents highlight critical vulnerabilities—including a Discord breach exposing user data, a Red Hat leak compromising enterprise credentials, and critical flaws in 7-Zip and SonicWall firewalls—underscoring the need for proactive patching and monitoring. Threat actors are advancing tactics with stealthy backdoors like WARMCOOKIE, abusing legitimate remote access tools, weaponizing AI (ChatGPT and GPT-4) for malware and phishing, and exploiting cloud and open-source tools like Velociraptor for persistent, evasive attacks. Major vulnerabilities such as Oracle E-Business Suite CVE-2025-61882, Windows privilege escalations, zero-day Cisco VPN and Palo Alto firewall flaws, and Linux kernel exploits are actively being exploited or…

Top Highlights Enterprise Security Management (ESM) is a holistic, proactive approach to safeguarding an organization’s assets, encompassing policies, procedures, and technologies beyond just IT tools. Key components of ESM include risk management, Identity and Access Management (IAM), Security Information and Event Management (SIEM), and incident response, all working together to identify, assess, and mitigate threats. Integrating ESM with Enterprise SSO and CIAM enhances security through centralized control, improved visibility, and easier compliance management across user access and activity. Effective ESM implementation requires strong, adaptable policies, continuous monitoring, regular audits, and staying informed through industry updates, emphasizing ongoing vigilance and improvement.…

Quick Takeaways Non-Human Identities (NHIs) are critical for secure machine-to-machine communication in cloud environments, but their secrets and credentials must be carefully managed and monitored to prevent vulnerabilities. A holistic NHI management approach covering discovery, classification, threat detection, and remediation enhances security, compliance, operational efficiency, and cost savings across industries. Challenges include limited visibility into machine identities, siloed security processes, and rapid deployment needs; addressing these requires collaboration and advanced technologies like AI, automation, and blockchain. Proactive strategies—such as continuous monitoring, regular audits, and leveraging emerging tech—are essential for adapting to evolving cyber threats and ensuring the integrity of non-human…

Top Highlights ICS cybersecurity awareness must shift from compliance to a safety-first, culture-building approach that integrates security into daily operations, emphasizing safety, reliability, and organizational resilience. Tailored, ICS-specific training—focused on technological, physical, and human threat factors—and involving leadership foster a security mindset that supports operational safety and mitigates risks from nation-state and AI-driven threats. Combating AI-driven deception requires expanding awareness to psychological resilience, emphasizing verification, skepticism, and human-to-human authentication, especially to prevent manipulation via deepfakes and social engineering. Measuring success relies on real-world indicators such as reduced cyber incidents, faster incident response, proactive risk reporting, and operational resilience, moving beyond…

Top Highlights Cybersecurity firm Huntress reports widespread compromise of SonicWall SSL VPNs, affecting over 100 accounts across 16 clients, indicating highly automated and credential-based attacks since October 4, 2025. Attackers are exploiting valid credentials rather than brute-force, with some devices showing limited activity while others are engaged in network scanning and attempting to access local Windows accounts. SonicWall’s recent breach involved unauthorized access to firewall configuration backups stored in MySonicWall accounts, risking exposure of sensitive network and user information, prompting recommendations for credential resets, restricted access, and MFA implementation. The surge in SonicWall device breaches is closely linked to a…

Fast Facts Threat actors are exploiting Velociraptor, an open-source DFIR tool, during ransomware campaigns linked to Storm-2603, which deploys Warlock, LockBit, and Babuk ransomware. They initially gain access via SharePoint vulnerabilities, then escalate privileges and move laterally, modifying AD Group Policies and disabling defenses to evade detection. Storm-2603 exhibits sophisticated, nation-state-level tactics, including operational security measures, rapid development cycles, and infrastructure linked to Chinese actors. The group’s evolution from LockBit to multi-ransomware deployment, combined with advanced development practices, underscores a highly organized, flexible threat actor with military-grade capabilities. The Core Issue In 2025, a sophisticated threat actor identified as Storm-2603,…