Author: Staff Writer

Becky BrackenHello and welcome to Dark Reading Confidential. I’m your host and Dark Reading editor, Becky Bracken. And once again, I’m joined by Dark Reading’s editor-in-chief, Kelly Jackson-Higgins, and managing editor of content operations, Jim Donahue. Welcome back Kelly and Jim. It’s nice to see you again.Today we are going to focus on the slimmed down profile of the Cybersecurity and Infrastructure Security Agency (CISA) under the new administration.We want to know what that means practically to cybersecurity teams. We want to explore the cost of having less coming out of CISA, and any opportunities the federal government shakeup might…

Fast Facts Active Exploitation: Citrix warns that CVE-2025-6543, a critical vulnerability in NetScaler appliances, is being actively exploited, causing devices to enter a denial of service condition. Affected Versions: The flaw impacts specific versions of NetScaler ADC and Gateway (14.1 before 14.1-47.46; 13.1 before 13.1-59.19; 13.1-FIPS and NDcPP before 13.1-37.236) configured as Gateways or AAA virtual servers. Mitigation Available: Citrix has released patches for affected versions, urging administrators to apply the latest updates immediately to prevent exploitation. Monitoring Recommended: In addition to patching, organizations should monitor NetScaler instances for unusual user activity and review access controls due to the simultaneous…

Quick Takeaways Citrix Vulnerability Alert: The "CitrixBleed 2" vulnerability, associated with CVE-2025-5777, allows unauthenticated attackers to access sensitive data from vulnerable Citrix NetScaler ADC and Gateway devices, mirroring the risks posed by the earlier ‘CitrixBleed’ flaw (CVE-2023-4966). Critical and High-Severity Flaws: CVE-2025-5777 involves an out-of-bounds memory read, while CVE-2025-5349, an improper access control issue, requires the attacker to access specific management IPs. Both flaws affect multiple vulnerable versions of the software. Immediate Action Required: Citrix recommends upgrading to secure versions (14.1-43.56 and later) and emphasizes terminating all active ICA and PCoIP sessions post-update to safeguard against session hijacking. Widespread Exposure…

Fast Facts The Trump administration’s restructuring has weakened critical public-private partnerships essential for protecting U.S. infrastructure from cyberattacks, leading to an erosion of trust and collaboration between sectors. The dissolution of the Critical Infrastructure Partnership Advisory Council (CIPAC) has significantly hampered the ability of infrastructure operators to share sensitive cybersecurity information with the government, resulting in reduced dialog and preparedness. Workforce cuts and a leadership void in federal agencies like CISA have disrupted cybersecurity operations, leading to diminished engagement and support for critical infrastructure sectors like healthcare, energy, and telecommunications. Industry leaders express deep concern about their capacity to respond…

Top Highlights Arrests of Cybercriminals: French police arrested five BreachForum operators, including notable individuals "ShinyHunters" and "IntelBroker," involved in leaking and selling stolen data affecting millions. Criminal Operations: The arrests follow simultaneous raids in multiple regions and target key figures associated with the newly launched BreachForums v2, which operated after the original site’s closure due to the arrest of its operator. High-Profile Breaches: The arrested individuals are linked to significant data breaches against French entities, including France Travail, compromising sensitive information of around 43 million individuals. Legacy of BreachForums: BreachForums has evolved over time, with the latest iteration going offline…

Summary Points End of Support: Windows 10 will reach end of support on October 14, 2025, meaning no free updates, technical support, or security fixes will be provided after this date. Extended Security Updates (ESU): Microsoft offers an ESU program allowing users to receive vital security updates for a year beyond EOS, with enrollment options available that include free methods, such as using Microsoft Rewards points. Cost for Enrollment: Individual users can enroll for approximately $30 per device or 1,000 Microsoft Rewards points, while commercial organizations are charged $61 per device annually, with potential cost increases in subsequent years. Transition…

Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of SQL database dumps, characterizing it as an information operation “carried out by Iran and its proxies.” “The actors gained unauthorized access to phpMyAdmin (backend) and exfiltrated stored records,” Resecurity said. “This is an example of Iran using data breaches as part of a larger anti-U.S., anti-Israel, and anti-Saudi propaganda activity in cyberspace, targeting major sports and…

Essential Insights Vulnerability Scope: Researchers at Rapid7 discovered eight serious vulnerabilities in 689 models of Brother printers, impacting millions of devices, including models from Fujifilm, Ricoh, Konica Minolta, and Toshiba. Critical Flaw: The most severe vulnerability, CVE-2024-51978, allows remote attackers to bypass authentication using a device’s default administrator password, putting the security of these devices at risk. Exploitation Potential: Six out of eight vulnerabilities can be exploited without authentication, facilitating attacks like Denial of Service, unauthorized access, and disclosure of sensitive information. Mitigation Efforts: While Brother has issued patches for most vulnerabilities, CVE-2024-51978 cannot be fully resolved in existing devices,…

Summary Points Data Breaches: Mainline Health Systems and Select Medical Holdings reported data breaches affecting over 220,000 individuals combined, with Mainline Health impacting over 101,000 after a network breach attributed to the Inc Ransom group. Mainline Health Attack: The healthcare provider from Arkansas detected the network breach in April 2024, but confirmed the data theft only recently, revealing sensitive personal information was compromised. Select Medical Holdings Incident: Almost 120,000 individuals were affected when sensitive data was exposed due to a security breach involving its former debt collection vendor, Nationwide Recovery Services (NRS), which could be linked to cybercriminal activity. Healthcare…

Fast Facts Malware Deployment: A Russian state-sponsored hacking group, APT28, has infected Ukrainian government entities with new malware, BeardShell and SlimAgent, after using malicious documents sent via Signal for initial access. Infection Mechanism: The malware was delivered through an Office document with macro code, showcasing the attackers’ specific knowledge of both the individual target and the organization. Malware Functionality: BeardShell functions as a backdoor enabling script execution and persistence through COM-hijacking, while SlimAgent captures and encrypts screenshots for potential future exfiltration. Strategic Intent: The use of these malware families suggests a long-term setup for intelligence gathering, as APT28 continues to…