IdentityIdentity is the new security architecture, says former CISA director EasterlyTom Spring April 10, 2025At CyberArk IMPACT 25, former CISA director Jen Easterly warns that without intelligent identity systems, AI-fueled cyberattacks will outpace defenses.
IdentityMicrosoft warns how domain controllers can be used to spread ransomwareShaun NicholsApril 10, 2025Domain controllers were breached in more than 78% of human-operated cyberattacks, warned Microsoft.
IdentityAmazon EC2 instance metadata targeted in SSRF attacksLaura FrenchApril 10, 2025EC2 instance metadata can include sensitive information such as IAM role credentials.
Government RegulationsTrump orders probe of ex-CISA chief Krebs over 2020 election disputeSteve ZurierApril 10, 2025Krebs is on record saying the 2020 election “was the most secure in American history.”
AI/MLAI-driven state-sponsored cyberattacks worry security professionalsShaun NicholsApril 10, 2025Cyberwarfare is no longer a distant threat as tensions escalate between nations worldwide.
Cloud SecurityGoogle introduces GUS, a unified security platform with MandiantShaun NicholsApril 9, 2025Google will combine existing services bundled with cybersecurity firm Mandiant.
RansomwareRansomHub affiliates scramble amid apparent internal conflictLaura FrenchApril 9, 2025Several RansomHub affiliate chat portals reportedly went offline last week.
Email securityHackers accessed 150,000 emails of 100 US bank regulators at OCCSteve ZurierApril 9, 2025Independent bureau of Treasury notified Congress that hack was a “major incident.”
Vulnerability ManagementMicrosoft fixes 124 flaws, including one under active exploitationShaun NicholsApril 8, 2025An elevation of privilege vulnerability in the Windows Common Log File System was added to CISA's KEV list.
RansomwareScattered Spider persists with use of Spectre RAT, new phishing kitLaura FrenchApril 8, 2025New IoCs and free defense tools for Scattered Spider were made available by Silent Push.
