News

CISA Releases Cybersecurity Performance Goals 2.0 for Critical Infrastructure

Bys s December 23, 2025

Ashden Fein, Caleb Skeath, John Webster Leslie, and Krissy Chapman of Covington and Burling write: On December 11, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) released its Cybersecurity Performance Goals 2.0 (“CPG 2.0”), an update to its core set of recommended cybersecurity practices for critical infrastructure owners and operators, which we previously wrote about here. Established by the…

Source

News

How To Automate Ticket Creation, Device Identification and Threat Triage With Tines
Bys s July 9, 2025

Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty….

Read More How To Automate Ticket Creation, Device Identification and Threat Triage With Tines
News

CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries
Bys s February 26, 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a remote access trojan named DCRat (aka DarkCrystal RAT). The Ukrainian cybersecurity authority said it observed the latest attack wave starting in mid-January 2025. The activity is…

Read More CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries
News

FBI Warns of Scattered Spider’s Expanding Attacks on Airlines Using Social Engineering
Bys s June 28, 2025

The U.S. Federal Bureau of Investigation (FBI) has revealed that it has observed the notorious cybercrime group Scattered Spider broadening its targeting footprint to strike the airline sector. To that end, the agency said it’s actively working with aviation and industry partners to combat the activity and help victims. “These actors rely on social engineering…

Read More FBI Warns of Scattered Spider’s Expanding Attacks on Airlines Using Social Engineering
News

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Bys s January 27, 2025

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user’s Git credentials. “Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper,” GMO Flatt Security researcher Ry0taK, who discovered the…

Read More GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
News

North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack
Bys s February 12, 2025

The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. “To execute this tactic, the threat actor masquerades as a South Korean government official and over time…

Read More North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack
News

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
Bys s December 12, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-58360 (CVSS score: 8.2), an unauthenticated XML External Entity (XXE) flaw that affects all versions prior…

Read More CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

Similar Posts