A leading U.S. senator has requested that the Federal Trade Commission (FTC) launch an inquiry into Microsoft, citing what he has termed “gross cybersecurity negligence.” This call to action stems from concerns regarding the company’s continued reliance on the outdated RC4 encryption method, which is set as the default in…
The group known as Silk Typhoon—previously referred to as Hafnium—has shifted its focus from exploiting vulnerabilities in Microsoft Exchange servers to targeting the information technology (IT) supply chain. This change in strategy aims to gain initial access to corporate networks, according to the Microsoft Threat Intelligence team’s recent report. Silk…
Relevant topics include Third Party Risk Management, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Developer Compromised by Phishing Attack Involving a Malicious Email Authored by Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • September 9, 2025 Image: Shutterstock An attacker compromised 18 widely-used npm packages by embedding cryptocurrency theft malware after…
Microsoft recently acknowledged an individual operating under the EncryptHub alias for uncovering and reporting two significant security vulnerabilities in Windows. This acknowledgment depicts a complex profile of a person straddling a legitimate cybersecurity career while engaging in cybercriminal activities. According to a detailed analysis by Outpost24 KrakenLabs, the individual behind…
In recent developments, Microsoft has unveiled critical security patches addressing a staggering array of 125 vulnerabilities across its software platforms. Among these, one vulnerability has been identified as under active exploitation in the wild, raising significant alarms within the cybersecurity community. Of the reported vulnerabilities, 11 are designated as Critical,…
Microsoft has issued a warning regarding a phishing campaign specifically targeting the hospitality sector by masquerading as the online travel agency Booking.com. This campaign employs an advanced social engineering technique known as ClickFix to deliver malware designed to steal user credentials. According to Microsoft’s threat intelligence team, this activity has…
A recently identified unpatched vulnerability in Microsoft Windows has been exploited by a coalition of eleven state-sponsored hacking groups from nations including China, Iran, North Korea, and Russia. This ongoing cyber threat campaign, dating back to 2017, focuses on data theft, espionage, and financially motivated activities. The zero-day vulnerability, cataloged…
This article covers vital topics in cybersecurity, including Application Security, Cyberwarfare / Nation-State Attacks, and Fraud Management & Cybercrime. Also: Software Supply Chain Risks, Cato’s AI Security Acquisition Anna Delaney (annamadeline) • September 6, 2025 Clockwise, from top left: Anna Delaney, Tony Morbin, Michael Novinson, and Chris Riotta This week,…
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a medium-severity security vulnerability in Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog. This decision follows reports indicating that the flaw is actively being exploited in real-world scenarios. The vulnerability, identified as CVE-2025-24054, received a…
