Updates

Fake news threat response by PCO; Malaysia $10USD million ransom demand; Oracle cloud compute data breach; Check Point cybersecurity breach; Nginx, Next.js, Firefox vulnerabilities; more cybersecurity tools

Multiple APT groups using Windows shortcut exploit; Chain of compromised GitHub Actions; MS365 accounts targeted via OAuth; Apache Tomcat remote code execution; Velociraptor triage collector for Windows; Threat hunting for suspect M365 OAuth Apps

Philippine Army confirms hack; Chinese Lotus Panda threat-group targeting APAC; FBI confirms Lazarus responsible for Bybit heist; Remote Code Execution in Microsoft Windows KDC; VMware actively exploited zero-day vulnerabilities; more cybersecurity tools and engineering

7,000 people rescued from scam-centres; AI-powered threat detection and continuous scanning; Ghidra, AWS-Key-Hunter, AI ASCII-Smuggling-Hidden-Prompt-Injection; China sponsored Salt Typhoon threat actors continue to breach organizations; Threat actors tricking users linking Signal

AI technologies; Malicious VPN installers; Fake wedding invites and Android malware; Thai arrest in $182m romance scam; Cracked and Nulled forums seized; Juniper backdoors in the wild; SonicWall critical vulnerability

Claimed NBI data compromise; Chinese national for spying on critical infrastructure; 15,000 FortiGate VPN credentials leaked; CISA playbook for MS365 logs; CISA bad product practices; Another Fortinet authentication bypass vulnerability

Chinese threat-actors target Philippine Executive branch and US Treasury; 30+ Chrome plugins hack, millions of users at risk; GuardDog PyPi/NPM scanner; Critical vulnerabilities in Apache, Oracle, Mitel, Ivanti and SonicWall

Salt Typhoon targeting Southeast Asia telecoms; POGOs re-spawning as BPOs; Predatory money loan apps; Solana web3.js backdoor; Safeline self hosted WAF; Critical vulnerabilities in SailPoint, Veeam, WhatsUp and Cleantalk

eGovPH hack not real; US and PH military information sharing; China abusing GSM to infiltrate telecom networks; Five eyes provide top-15 exploits; Critical Windows Kerberos vulnerability; Apple Releases urgent patches; Palo Alto Authentication bypass; Wordpress plugin exploit enables admin access

Multi-cloud security testing tool; Awesome GPT agents for cybersecurity; DocuSign abused to send authentic looking invoices; Synology urges updates for critical zero-click RCE; 22k addresses taken down in INTERPOL operation; Signed Remote Desktop Protocol files from Russia; Google Researchers ...