BOSTON, Aug. 21, 2025 (GLOBE NEWSWIRE) — Thrive, a prominent global provider of technology outsourcing specializing in cybersecurity, cloud services, and traditional managed services, has unveiled a new Network Detection and Response (NDR) service aimed at bolstering cybersecurity for businesses. This service will continuously monitor networks for potential security incidents,…
Date: June 11, 2025
Category: Network Security / Threat Intelligence
Threat intelligence firm GreyNoise has issued a warning about a “coordinated brute-force activity” aimed at Apache Tomcat Manager interfaces. On June 5, 2025, a significant uptick in brute-force and login attempts was observed, suggesting an organized effort to “identify and access exposed Tomcat services at scale.” A total of 295 unique malicious IP addresses were detected executing brute-force attempts against Tomcat Manager. In the last 24 hours alone, 188 unique IPs have been recorded, predominantly from the United States, the United Kingdom, Germany, the Netherlands, and Singapore. Furthermore, 298 IPs were noted conducting login attempts against Tomcat Manager instances, with all 246 flagged IPs in the past day classified as malicious and hailing from the same locations.
295 Malicious IPs Initiate Coordinated Brute-Force Attacks on Apache Tomcat Manager June 11, 2025 Network Security / Threat Intelligence GreyNoise, a prominent threat intelligence organization, has issued an alert regarding significant coordinated brute-force attacks aimed at Apache Tomcat Manager interfaces. On June 5, 2025, the firm detected a sharp increase…
Date: June 11, 2025
Category: Network Security / Threat Intelligence
Threat intelligence firm GreyNoise has issued a warning about a “coordinated brute-force activity” aimed at Apache Tomcat Manager interfaces. On June 5, 2025, a significant uptick in brute-force and login attempts was observed, suggesting an organized effort to “identify and access exposed Tomcat services at scale.” A total of 295 unique malicious IP addresses were detected executing brute-force attempts against Tomcat Manager. In the last 24 hours alone, 188 unique IPs have been recorded, predominantly from the United States, the United Kingdom, Germany, the Netherlands, and Singapore. Furthermore, 298 IPs were noted conducting login attempts against Tomcat Manager instances, with all 246 flagged IPs in the past day classified as malicious and hailing from the same locations.
Date: July 7, 2023
In its latest security update, Google has addressed 46 new vulnerabilities in the Android operating system, highlighting three that are actively exploited in targeted attacks. Notably, CVE-2023-26083 pertains to a memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall architectures. This vulnerability was previously exploited in December 2022, allowing spyware to infiltrate Samsung devices. Its severity prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching directive for federal agencies in April 2023. Additionally, CVE-2021-29256 represents a high-severity flaw affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers, enabling an unprivileged user to access sensitive data and escalate privileges to the root level.
Google Addresses Critical Vulnerabilities in Latest Android Update On July 7, 2023, Google rolled out its monthly security updates for the Android operating system, patching a total of 46 newly identified vulnerabilities. Notably, three of these vulnerabilities have been confirmed as actively exploited in specific targeted attacks, raising concerns among…
Date: July 7, 2023
In its latest security update, Google has addressed 46 new vulnerabilities in the Android operating system, highlighting three that are actively exploited in targeted attacks. Notably, CVE-2023-26083 pertains to a memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall architectures. This vulnerability was previously exploited in December 2022, allowing spyware to infiltrate Samsung devices. Its severity prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching directive for federal agencies in April 2023. Additionally, CVE-2021-29256 represents a high-severity flaw affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers, enabling an unprivileged user to access sensitive data and escalate privileges to the root level.
Data Privacy, Data Security, Fraud Management & Cybercrime Inotiv Inc. Reports Disruptions Due to Cyberattack Marianne Kolbasuk McGee (HealthInfoSec) • August 20, 2025 Inotiv has informed the SEC that a cyberattack on August 8 has compromised its IT systems. (Image: Inotiv) Inotiv, a contract research organization based in Indiana, disclosed…
May 12, 2025
Secrets Management / DevSecOps
Detecting leaked credentials is only part of the solution. The real challenge—and often the overlooked aspect—is the follow-up after detection. New insights from GitGuardian’s State of Secrets Sprawl 2025 report highlight a concerning trend: a significant number of exposed company secrets found in public repositories remain active for years post-discovery, expanding the attack surface that many organizations neglect. GitGuardian’s analysis of public GitHub repositories reveals that a worrisome percentage of credentials identified as far back as 2022 are still valid today. “Detecting a leaked secret is just the beginning,” notes GitGuardian’s research team. “The true test is prompt remediation.”
This ongoing validity raises two alarming possibilities: either organizations are oblivious to their exposed credentials (indicating a security visibility issue)…
The Persistence Problem: The Ongoing Risk of Exposed Credentials and Strategies for Mitigation May 12, 2025 In the realm of cybersecurity, identifying leaked credentials marks only the initial phase of a much larger challenge. The critical follow-up—how organizations manage and remediate these vulnerabilities—often remains neglected. Recent findings published in GitGuardian’s…
May 12, 2025
Secrets Management / DevSecOps
Detecting leaked credentials is only part of the solution. The real challenge—and often the overlooked aspect—is the follow-up after detection. New insights from GitGuardian’s State of Secrets Sprawl 2025 report highlight a concerning trend: a significant number of exposed company secrets found in public repositories remain active for years post-discovery, expanding the attack surface that many organizations neglect. GitGuardian’s analysis of public GitHub repositories reveals that a worrisome percentage of credentials identified as far back as 2022 are still valid today. “Detecting a leaked secret is just the beginning,” notes GitGuardian’s research team. “The true test is prompt remediation.”
This ongoing validity raises two alarming possibilities: either organizations are oblivious to their exposed credentials (indicating a security visibility issue)…
A recent data breach at iiNet, one of Australia’s largest internet service providers, has spotlighted the ongoing security vulnerabilities in the nation’s digital infrastructure. This incident, which compromised personal information of over 280,000 customers, highlights the escalating challenge of safeguarding consumer data in an environment where cyber threats are both…
June 11, 2025
Ransomware / Cybersecurity
Former affiliates of the Black Basta ransomware group are reportedly sticking to familiar tactics, utilizing email bombing and Microsoft Teams phishing to gain sustained access to targeted networks. Recent reports from ReliaQuest, shared with The Hacker News, reveal that attackers have begun incorporating Python script execution along with these methods, using cURL requests to retrieve and deploy malicious payloads. This evolution indicates that threat actors are adapting and reorganizing despite challenges faced by the Black Basta identity following the public leak of its internal communications earlier this February. The cybersecurity firm found that 50% of Teams phishing incidents recorded between February and May 2025 originated from onmicrosoft[.]com domains, with breached domains contributing to 42% of all attacks during that timeframe. This approach proves particularly stealthy, enabling attackers to masquerade as legitimate traffic.
Former Black Basta Operatives Leverage Microsoft Teams and Python in 2025 Cyber Attacks June 11, 2025 A resurgence of cybercrime tactics has emerged from erstwhile operations linked to the Black Basta ransomware group, with recent attacks revealing a continued reliance on traditional methods like email bombing and phishing through Microsoft…
June 11, 2025
Ransomware / Cybersecurity
Former affiliates of the Black Basta ransomware group are reportedly sticking to familiar tactics, utilizing email bombing and Microsoft Teams phishing to gain sustained access to targeted networks. Recent reports from ReliaQuest, shared with The Hacker News, reveal that attackers have begun incorporating Python script execution along with these methods, using cURL requests to retrieve and deploy malicious payloads. This evolution indicates that threat actors are adapting and reorganizing despite challenges faced by the Black Basta identity following the public leak of its internal communications earlier this February. The cybersecurity firm found that 50% of Teams phishing incidents recorded between February and May 2025 originated from onmicrosoft[.]com domains, with breached domains contributing to 42% of all attacks during that timeframe. This approach proves particularly stealthy, enabling attackers to masquerade as legitimate traffic.
Published: Jul 07, 2023
Category: Endpoint Security / Ransomware
Ransomware attacks pose a severe challenge for organizations globally, and the threat level continues to escalate. Recently, Microsoft’s Incident Response team delved into the BlackByte 2.0 ransomware attacks, revealing the alarming speed and destructive impact of these cyber assaults. Their findings underscore that cybercriminals can execute a complete attack—from initial infiltration to inflicting considerable damage—in just five days. Hackers swiftly breach systems, encrypt critical data, and demand ransom for its release. This drastically reduced timeline presents significant hurdles for organizations striving to bolster their defenses against such threats. BlackByte ransomware operates in the final phase of the attack, employing an 8-digit key to encrypt files. The investigation highlighted that attackers leverage a potent mix of tactics, particularly exploiting unpatched Microsoft Exchange Servers.
BlackByte 2.0 Ransomware: A Rapid Assault on Organizations On July 7, 2023, Microsoft’s Incident Response team released findings highlighting the alarming speed and impact of BlackByte 2.0 ransomware attacks, which are proving to be an escalating threat for organizations worldwide. The investigations revealed that cybercriminals can orchestrate a complete attack—from…
Published: Jul 07, 2023
Category: Endpoint Security / Ransomware
Ransomware attacks pose a severe challenge for organizations globally, and the threat level continues to escalate. Recently, Microsoft’s Incident Response team delved into the BlackByte 2.0 ransomware attacks, revealing the alarming speed and destructive impact of these cyber assaults. Their findings underscore that cybercriminals can execute a complete attack—from initial infiltration to inflicting considerable damage—in just five days. Hackers swiftly breach systems, encrypt critical data, and demand ransom for its release. This drastically reduced timeline presents significant hurdles for organizations striving to bolster their defenses against such threats. BlackByte ransomware operates in the final phase of the attack, employing an 8-digit key to encrypt files. The investigation highlighted that attackers leverage a potent mix of tactics, particularly exploiting unpatched Microsoft Exchange Servers.
Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development Claude Models May Terminate Unsafe Conversations in Certain Scenarios Rashmi Ramesh (rashmiramesh_) • August 20, 2025 Image: Shutterstock Recently, Anthropic unveiled a safeguard feature for its Claude AI platform, enabling specific models to terminate conversations deemed persistently…
