"House passes bill requiring federal contractors to implement vulnerabilitiy policies."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 06 March 2025, 1615 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Ffeeds.feedburner.com%2FSecurityweek

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

SecurityWeek

85K followers46 articles per week

#security#tech

36

Today

House Passes Bill Requiring Federal Contractors to Implement Vulnerability Disclosure Policies

by Eduard Kovacs / 2h

The House of Representatives has passed a bill aimed at requiring federal contractors to have a Vulnerability Disclosure Policy (VDP). The post appeared first on SecurityWeek .

Nigerian Accused of Hacking Tax Preparation Firms Extradited to US

by Ionut Arghire / 3h

Matthew Akande was extradited to the US to face charges for his role in hacking into Massachusetts tax preparation firms’ networks. The post appeared first on SecurityWeek .

Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation

Banking groups urge CISA to revise cyber rule

•

by Ionut Arghire / 3h

A group of financial organizations is asking CISA to rescind and reissue its proposed implementation of CIRCIA. The post appeared first on SecurityWeek .

BadBox Botnet Powered by 1 Million Android Devices Disrupted

by Ionut Arghire / 3h

A second iteration of the BadBox botnet that affected over one million Android devices has been partially disrupted. The post appeared first on SecurityWeek .

AIceberg Gets $10 Million in Seed Funding for AI Security Platform

by Eduard Kovacs / 5h

AIceberg has launched a solution that helps governments and enterprises with the safe, secure and compliant adoption of AI. The post appeared first on SecurityWeek .

Yesterday

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks

3 TTPs

•

by Eduard Kovacs / 6h

Scans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days. The post appeared first on SecurityWeek .

US Indicts China’s iSoon ‘Hackers-for-Hire’ Operatives

Collection (Enterprise TA0009)

•

by Ryan Naraine / 20h

i-Soon employees charged with conducting extensive hacking campaigns on behalf of Beijing’s security services. The post appeared first on SecurityWeek .

Organizations Still Not Patching OT Due to Disruption Concerns: Survey

TXOne Networks reports growing cybersecurity risks

•

by Eduard Kovacs / 21h

Cyber-physical systems security company TXOne Networks has published its 2024 Annual OT/ICS Cybersecurity Report. The post appeared first on SecurityWeek .

SpecterOps Scores $75M Series B to Scale BloodHound Enterprise Platform

by Ryan Naraine / 23h

SpecterOps has raised an unusually large $75 million Series B funding round to accelerate the growth of its BloodHound Enterprise platform. The post appeared first on SecurityWeek .

China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain

12 TTPs

•

by Ryan Naraine / 1d

•

Silk Typhoon targets IT supply chains

Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks. The post appeared first on SecurityWeek .

Iranian Hackers Target UAE Firms With Polyglot Files

12 TTPs

•

by Ionut Arghire / 1d

An Iranian threat actor was seen targeting UAE organizations with polyglot files to deliver a new backdoor named Sosano. The post appeared first on SecurityWeek .

North Korean Fake IT Workers Pose as Blockchain Developers on GitHub

by Ionut Arghire / 1d

North Korean fake IT workers are creating personas on GitHub to land blockchain developer jobs at US and Japanese firms. The post appeared first on SecurityWeek .

Two Venezuelans Arrested in US for ATM Jackpotting

by Eduard Kovacs / 1d

Several Venezuelans have been arrested and charged in the US in recent months for their role in ATM jackpotting schemes. The post appeared first on SecurityWeek .

Ransomware Group Claims Attack on Tata Technologies

Tata Technologies suffers data breach

•

by Ionut Arghire / 1d

Notorious ransomware group Hunters International threatens to leak 1.4 TB of data allegedly stolen from Tata Technologies. The post appeared first on SecurityWeek .

Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities

Execution (Enterprise TA0002)

•

by Ionut Arghire / 1d

•

CVE-2025-1914 & 8 others

Chrome 134 and Firefox 136 are rolling out across desktop and mobile with patches for multiple high-severity vulnerabilities. The post appeared first on SecurityWeek .

Knostic Secures $11 Million to Rein in Enterprise AI Data Leakage, Oversharing

by Ryan Naraine / 1d

Knostic provides a “need-to-know” filter on the answers generated by enterprise large language models (LLM) tools. The post appeared first on SecurityWeek .

Mar 4, 2025

US Sanctions Iranian Administrator of Nemesis Darknet Marketplace

by Eduard Kovacs / 1d

Iranian national Behrouz Parsarad sanctioned for running Nemesis, a marketplace used for narcotics trafficking and cybercrime. The post appeared first on SecurityWeek .

New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices

4 TTPs

•

by Eduard Kovacs / 1d

•

New DDoS botnet Eleven11bot discovered

The Eleven11bot botnet has been described as one of the largest known DDoS botnets observed in recent years. The post appeared first on SecurityWeek .

ICS/OT Security Budgets Increasing, but Critical Areas Underfunded: Report

TXOne Networks reports growing cybersecurity risks

•

by Eduard Kovacs / 1d

The SANS Institute and OPSWAT have published their 2025 ICS/OT Cybersecurity Budget Report. The post appeared first on SecurityWeek .

Intel TDX Connect Bridges the CPU-GPU Security Gap

by Kevin Townsend / 1d

AI is all about data – and keeping AI’s data confidential both within devices and between devices is problematic. Intel offers a solution. The post appeared first on SecurityWeek .

AI Asset Inventories: The Only Way to Stay on Top of a Lightning-fast Landscape

by Alastair Paterson / 2d

Unauthorized AI usage is a ticking time bomb. A tool that wasn’t considered a risk yesterday may introduce new AI-powered features overnight. The post appeared first on SecurityWeek .

Aryon Security Debuts With Platform to Prevent Cloud Misconfigurations

by Kevin Townsend / 2d

Misconfigurations are the cause of most cloud breaches. Aryon is on a mission to prevent them. The post appeared first on SecurityWeek .

Polish Space Agency Hit by Cyberattack

by Ionut Arghire / 2d

The Polish space agency POLSA says it has disconnected its network from the internet to contain a cyberattack. The post appeared first on SecurityWeek .

Jamf to Acquire Identity Automation for $215 Million

Jamf to acquire Identity Automation

•

by Eduard Kovacs / 2d

Apple device management firm Jamf has entered into an agreement to acquire IAM platform Identity Automation. The post appeared first on SecurityWeek .

Vulnerabilities Patched in Qualcomm, Mediatek Chipsets

Privilege Escalation (Enterprise TA0004)

•

by Ionut Arghire / 2d

Chip makers Qualcomm and Mediatek have released patches for many vulnerabilities across their products. The post appeared first on SecurityWeek .

Broadcom Patches 3 VMware Zero-Days Exploited in the Wild

3 TTPs

•

by Eduard Kovacs / 2d

Broadcom patched VMware zero-days CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226 after Microsoft warned it of exploitation. The post appeared first on SecurityWeek .

Google Patches Pair of Exploited Vulnerabilities in Android

by Ionut Arghire / 2d

Android’s March 2025 security update addresses over 40 vulnerabilities, including two actively exploited in the wild. The post appeared first on SecurityWeek .

Exploitation Long Known for Most of CISA’s Latest KEV Additions

7 TTPs

•

by Eduard Kovacs / 2d

Exploitation has been known for months or years for most of the latest vulnerabilities added by CISA to its KEV catalog. The post appeared first on SecurityWeek .

Mar 3, 2025

CISA: No Change on Defending Against Russian Cyber Threats

by Ryan Naraine / 2d

The CISA public clarification follows news the Trump administration is temporarily pausing offensive cyber operations against Moscow. The post appeared first on SecurityWeek .

Quantum Wars: Google, Microsoft, and Amazon’s Competing Paths to Fault-Tolerant Qubits

Microsoft unveils Majorana 1 chip

•

by Kevin Townsend / 3d

Amazon claims its researchers have combined cat qubit technology and additional quantum error correction components onto a microchip that can be manufactured in a scalable fashion. The post appeared first on SecurityWeek .

Mimic Raises $50 Million to Stop Ransomware Attacks

by Ionut Arghire / 3d

Ransomware defense startup Mimic has raised $50 million in a Series A funding round led by Google Ventures and Menlo Ventures. The post appeared first on SecurityWeek .

US Seizes $31 Million Worth of Crypto Stolen in Uranium Finance Hack

2 TTPs

•

by Ionut Arghire / 3d

The US government has seized roughly $31 million in cryptocurrency stolen in 2021 from Uranium Finance. The post appeared first on SecurityWeek .

Cybersecurity M&A Roundup: 28 Deals Announced in February 2025

by Eduard Kovacs / 3d

Cybersecurity-related merger and acquisition (M&A) deals announced in February 2025. The post appeared first on SecurityWeek .

Vulnerable Paragon Driver Exploited in Ransomware Attacks

2 TTPs

•

by Ionut Arghire / 3d

Ransomware operators exploit a vulnerable Paragon driver in BYOVD attacks to elevate privileges to System. The post appeared first on SecurityWeek .

Indian Stock Broker Angel One Discloses Data Breach

Angel One reports data breach

•

by Ionut Arghire / 3d

Angel One says client information was compromised in a data breach involving its AWS account. The post appeared first on SecurityWeek .

Black Basta Leak Offers Glimpse Into Group’s Inner Workings

6 TTPs

•

by Kevin Townsend / 3d

A massive hoard of internal chats has been leaked from Black Basta, rivalling the Conti leaks of late February 2022. The post appeared first on SecurityWeek .

End of feed