Five fundamentals for a cyber-resilient future
How to stay adaptive and reduce risk in an evolving threat landscape.
Similar Posts
GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities
Bys sA previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and…
Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats
Bys sA Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity. The extension in question is Urban VPN Proxy, which has a 4.7…
Sompo Japan Insurance submits improvement plan after info leakage
Bys sInsurance Asia reports: Sompo Japan Insurance has submitted a business improvement plan to the local Financial Services Agency (FSA). The FSA had earlier ordered the insurer to submit the plan on 24 March 2025, in relation to the leakage of customer information. In a statement, Sompo Japan Insurance apologized for “any inconvenience and concern caused to…
Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites
Bys sA cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign –…
Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
Bys sCybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges,
Overcoming Risks from Chinese GenAI Tool Usage
Bys sA recent analysis of enterprise data suggests that generative AI tools developed in China are being used extensively by employees in the US and UK, often without oversight or approval from security teams. The study, conducted by Harmonic Security, also identifies hundreds of instances in which sensitive data was uploaded to platforms hosted in China,…