Tag cybersecurity

Mastering Hacking Skills: The Value of Offensive Security Training for Your Entire Security Team

May 14, 2025
Cybersecurity / Ethical Hacking

Organizations across various sectors are witnessing a sharp rise in cyberattacks, with critical infrastructure and cloud-based enterprises being particularly vulnerable. According to Verizon’s 2025 Data Breach Investigations Report, confirmed breaches surged by 18% year-over-year, and the exploitation of vulnerabilities for initial access grew by 34%. As the frequency and severity of attacks increase, many organizations rely on security tools and compliance standards as their primary defenses. While these elements are vital for reducing cyber risk, they are not foolproof solutions. Effective security hinges on the combination of people, processes, and technology, with the emphasis placed on skilled practitioners. Therefore, investing in offensive security training for all roles within the security team becomes crucial. Too often, the potential of offensive operations is underutilized…

Mastering Offensive Security: The Essential Training for Cybersecurity Teams As cyberattacks surge across various sectors, organizations are increasingly vulnerable to threats, especially those targeting critical infrastructure and cloud-based services. The recently published 2025 Data Breach Investigations Report by Verizon highlights a profound 18% year-over-year increase in confirmed breaches, with a…

Read More

Mastering Hacking Skills: The Value of Offensive Security Training for Your Entire Security Team

May 14, 2025
Cybersecurity / Ethical Hacking

Organizations across various sectors are witnessing a sharp rise in cyberattacks, with critical infrastructure and cloud-based enterprises being particularly vulnerable. According to Verizon’s 2025 Data Breach Investigations Report, confirmed breaches surged by 18% year-over-year, and the exploitation of vulnerabilities for initial access grew by 34%. As the frequency and severity of attacks increase, many organizations rely on security tools and compliance standards as their primary defenses. While these elements are vital for reducing cyber risk, they are not foolproof solutions. Effective security hinges on the combination of people, processes, and technology, with the emphasis placed on skilled practitioners. Therefore, investing in offensive security training for all roles within the security team becomes crucial. Too often, the potential of offensive operations is underutilized…

Coinbase Exposed: Agents Bribed, Data of ~1% of Users Compromised; $20M Extortion Bid Fails

May 15, 2025
Cryptocurrency / Threat Intelligence

Coinbase has reported a data breach involving a small fraction of its users after cybercriminals targeted its overseas customer support agents. The company revealed that these criminals offered cash incentives to a limited number of insiders, who then extracted data concerning less than 1% of Coinbase’s monthly active users. The attackers aimed to compile a list of customers to impersonate Coinbase and trick them into surrendering their cryptocurrency assets. On May 11, 2025, the perpetrators attempted to extort Coinbase for $20 million, claiming possession of sensitive information about specific customer accounts and internal documents. In response, Coinbase confirmed that the compromised agents, based in India, have been terminated. The firm assured customers that no passwords, private keys, or funds were at risk.

Coinbase Faces Breach After Insider Compromise; User Data Exposed in Extortion Attempt May 15, 2025 In a recent security disclosure, Coinbase revealed that an unauthorized breach of its systems has resulted in the theft of account information pertaining to a small percentage of its user base. The cryptocurrency exchange stated…

Read More

Coinbase Exposed: Agents Bribed, Data of ~1% of Users Compromised; $20M Extortion Bid Fails

May 15, 2025
Cryptocurrency / Threat Intelligence

Coinbase has reported a data breach involving a small fraction of its users after cybercriminals targeted its overseas customer support agents. The company revealed that these criminals offered cash incentives to a limited number of insiders, who then extracted data concerning less than 1% of Coinbase’s monthly active users. The attackers aimed to compile a list of customers to impersonate Coinbase and trick them into surrendering their cryptocurrency assets. On May 11, 2025, the perpetrators attempted to extort Coinbase for $20 million, claiming possession of sensitive information about specific customer accounts and internal documents. In response, Coinbase confirmed that the compromised agents, based in India, have been terminated. The firm assured customers that no passwords, private keys, or funds were at risk.

Accounting Firm Settles for $175K with Federal Authorities Over HIPAA Ransomware Breach

Data Privacy, Data Security, Healthcare <span class=”article-sub-title”>Settlement Includes Corrective Action Plan Aimed at Enhancing Risk Analysis</span> <span class=”article-byline”> <a class=”author-link” href=””>Marianne Kolbasuk McGee</a> (<a href=””><i class=”fa fa-twitter”/>HealthInfoSec</a>) • <span class=”text-nowrap”>August 18, 2025</span> <a href=””/> </span> <figure> <img src=”” alt=”Accounting Firm Pays Feds $175K for HIPAA Ransomware Breach” class=”img-responsive”/> <figcaption>Image: BST</figcaption>…

Read MoreAccounting Firm Settles for $175K with Federal Authorities Over HIPAA Ransomware Breach

⚡ Weekly Highlights: Zero-Day Vulnerabilities, Insider Risks, APT Activity, Botnet Threats, and More

May 19, 2025
Threat Intelligence / Cybersecurity

Cybersecurity experts are not only combating attacks—they’re also safeguarding trust, ensuring system functionality, and upholding their organization’s reputation. This week’s events underscore a significant concern: as we deepen our reliance on digital tools, unseen vulnerabilities can silently intensify. Addressing issues isn’t sufficient anymore; resilience must be integrated from the ground up. This requires improved systems, fortified teams, and enhanced visibility across the organization. What we’re witnessing is not merely risk; it’s a clear indication that prompt action and informed decision-making are crucial, often more than striving for perfection. Here’s what emerged this week, along with key issues security teams need to prioritize.

Threat of the Week
Microsoft Addresses 5 Actively Exploited Zero-Day Flaws — In its May 2025 Patch Tuesday update, Microsoft remedied a total of 78 security vulnerabilities, five of which are currently being exploited in the wild. Noteworthy vulnerabilities include CVE-2025-30397, CVE-2025-…

Weekly Cybersecurity Recap: Zero-Day Exploits, Insider Threats, and Emerging Cyber Risks Date: May 19, 2025 In the ever-evolving landscape of cybersecurity, professionals face a dual challenge: defending against aggressive attacks while safeguarding trust, ensuring operational continuity, and preserving their organization’s reputation. Recent events have underscored a critical issue stemming from…

Read More

⚡ Weekly Highlights: Zero-Day Vulnerabilities, Insider Risks, APT Activity, Botnet Threats, and More

May 19, 2025
Threat Intelligence / Cybersecurity

Cybersecurity experts are not only combating attacks—they’re also safeguarding trust, ensuring system functionality, and upholding their organization’s reputation. This week’s events underscore a significant concern: as we deepen our reliance on digital tools, unseen vulnerabilities can silently intensify. Addressing issues isn’t sufficient anymore; resilience must be integrated from the ground up. This requires improved systems, fortified teams, and enhanced visibility across the organization. What we’re witnessing is not merely risk; it’s a clear indication that prompt action and informed decision-making are crucial, often more than striving for perfection. Here’s what emerged this week, along with key issues security teams need to prioritize.

Threat of the Week
Microsoft Addresses 5 Actively Exploited Zero-Day Flaws — In its May 2025 Patch Tuesday update, Microsoft remedied a total of 78 security vulnerabilities, five of which are currently being exploited in the wild. Noteworthy vulnerabilities include CVE-2025-30397, CVE-2025-…

Critical RCE Threat from Hard-Coded ‘b’ Password in Sitecore XP Exposes Enterprises

June 17, 2025
Vulnerability / Enterprise Software

Cybersecurity experts have identified three significant vulnerabilities in the widely-used Sitecore Experience Platform (XP) that could be exploited to achieve pre-authenticated remote code execution (RCE). Sitecore XP is an enterprise software solution that offers tools for content management, digital marketing, and analytics.

The vulnerabilities are as follows:

  • CVE-2025-34509 (CVSS score: 8.2) – Use of hard-coded credentials
  • CVE-2025-34510 (CVSS score: 8.8) – Post-authenticated RCE via path traversal
  • CVE-2025-34511 (CVSS score: 8.8) – Post-authenticated RCE via Sitecore PowerShell Extension

Researcher Piotr Bazydlo from watchTowr Labs pointed out that the default user account “sitecore\ServicesAPI” has a hard-coded single-character password set to “b.” Notably, Sitecore’s documentation advises against altering default credentials. Although the user account lacks roles and permissions, the vulnerabilities still pose a serious risk.

Critical Security Flaws Discovered in Sitecore XP Could Lead to Remote Code Execution Risks On June 17, 2025, cybersecurity researchers revealed several significant vulnerabilities in the widely-used Sitecore Experience Platform (XP), posing a grave risk of remote code execution (RCE) in enterprise environments. Sitecore XP, renowned for its capabilities in…

Read More

Critical RCE Threat from Hard-Coded ‘b’ Password in Sitecore XP Exposes Enterprises

June 17, 2025
Vulnerability / Enterprise Software

Cybersecurity experts have identified three significant vulnerabilities in the widely-used Sitecore Experience Platform (XP) that could be exploited to achieve pre-authenticated remote code execution (RCE). Sitecore XP is an enterprise software solution that offers tools for content management, digital marketing, and analytics.

The vulnerabilities are as follows:

  • CVE-2025-34509 (CVSS score: 8.2) – Use of hard-coded credentials
  • CVE-2025-34510 (CVSS score: 8.8) – Post-authenticated RCE via path traversal
  • CVE-2025-34511 (CVSS score: 8.8) – Post-authenticated RCE via Sitecore PowerShell Extension

Researcher Piotr Bazydlo from watchTowr Labs pointed out that the default user account “sitecore\ServicesAPI” has a hard-coded single-character password set to “b.” Notably, Sitecore’s documentation advises against altering default credentials. Although the user account lacks roles and permissions, the vulnerabilities still pose a serious risk.

IBM Discovers Inadequate Controls in 97% of AI-Related Data Breaches

Recent research from IBM highlights a significant “AI oversight gap” among organizations that have experienced data breaches. According to findings from the company’s Cost of a Data Breach Report, an alarming 97% of these organizations reported a lack of adequate AI access controls, underscoring potential vulnerabilities in their cybersecurity frameworks.…

Read MoreIBM Discovers Inadequate Controls in 97% of AI-Related Data Breaches

State Settles for $2M with Dental Insurer Over Cybersecurity Breaches – Crain’s New York Business

State Settles for $2 Million with Dental Insurer Over Cybersecurity Breaches In a significant development within the realm of cybersecurity compliance, a settlement has been reached between state authorities and a dental insurance provider concerning serious violations of data security protocols. The agreement, totaling $2 million, highlights the legal and…

Read MoreState Settles for $2M with Dental Insurer Over Cybersecurity Breaches – Crain’s New York Business

Chinese Hackers Leverage Ivanti EPMM Vulnerabilities in Widespread Global Attacks

May 22, 2025
Enterprise Security / Malware

A recently patched duo of security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-linked threat actor to target various sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, identified as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), can be combined to run arbitrary code on vulnerable devices without needing any authentication. Ivanti addressed these flaws just last week. According to a report from EclecticIQ, the vulnerability chain has been misused by UNC5221, a Chinese cyber espionage group known for targeting edge network devices since at least 2023. Most recently, this group has also been linked to exploitation attempts on SAP NetWeaver instances affected by CVE-2025-31324. The Dutch cybersecurity firm noted that the first exploitation activities began on May 15, 2025, with attacks focused on healthcare, telecommunications, and aviation sectors.

Chinese Cyber Actors Target Global Enterprises Through Ivanti EPMM Vulnerabilities May 22, 2025 – Enterprise Security / Malware Recent developments in the cybersecurity landscape have revealed that a pair of vulnerabilities within Ivanti Endpoint Manager Mobile (EPMM) software, identified as CVE-2025-4427 and CVE-2025-4428, have been exploited by a China-based threat…

Read More

Chinese Hackers Leverage Ivanti EPMM Vulnerabilities in Widespread Global Attacks

May 22, 2025
Enterprise Security / Malware

A recently patched duo of security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-linked threat actor to target various sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, identified as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), can be combined to run arbitrary code on vulnerable devices without needing any authentication. Ivanti addressed these flaws just last week. According to a report from EclecticIQ, the vulnerability chain has been misused by UNC5221, a Chinese cyber espionage group known for targeting edge network devices since at least 2023. Most recently, this group has also been linked to exploitation attempts on SAP NetWeaver instances affected by CVE-2025-31324. The Dutch cybersecurity firm noted that the first exploitation activities began on May 15, 2025, with attacks focused on healthcare, telecommunications, and aviation sectors.