BuzzSec

A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a "conflicted" individual straddling a legitimate career in cybersecurity and pursuing cybercrime. In a new extensive analysis published by Outpost24 KrakenLabs, the Swedish security company unmasked the up-and-coming from The Hacker News https://thehackernews.com/2025/04/microsoft-credits-encrypthub-hacker.html

The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader. "These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation from The Hacker News https://thehackernews.com/2025/04/north-korean-hackers-deploy-beavertail.html

Check out the 58 new pieces of training content added in March, alongside the always fresh content update highlights, new features and events.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-march-2025

New RCEs Metasploit added four new modules this week, including three that leverage vulnerabilities to obtain remote code execution (RCE). Among these three, two leverage deserialization, showing that the exploit primitive is still going strong. The Tomcat vulnerability in particular CVE-2025-24813 garnered a lot of attention when it was disclosed; however, to function, the exploit requires specific conditions to be met, which may not be present in many environments. AD CS / PKCS12 Improvements With the popularity of exploiting AD CS misconfigurations over the past couple of years, Metasploit has been continuing to iterate over our support. This week saw two improvements; one added additional error handling, which notably calls out authorization errors more clearly to the user. These errors, now labeled no-access failures , are encountered when the user is successfully authenticated but lacks authorization privileges to enroll on either the certificate template or the certificate ...

During a recent Vector Command operation, I had the chance to sit down with one of our red teamers to hear firsthand how they identified and exploited an N-Day vulnerability in a customer’s environment. It’s a clear example of how continuous red teaming can uncover and validate real-world risks before attackers do. While the organization involved remains anonymous, the events described are real. This story reflects how our always-on testing approach closely mirrors the creativity and persistence of actual threat actors. Initial Recon: Spotting an N-Day in the Wild Vector Command engagements begin with one core question: If someone wanted to break in, where would they start? That’s the mindset our red team brings to every operation. A red team is a group of security professionals who simulate real-world adversaries. Their goal isn't to check boxes or run automated scans, but to think and act like attackers—uncovering weaknesses that traditional assessments often miss. They com...

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. "The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool for from The Hacker News https://thehackernews.com/2025/04/spotbugs-access-token-theft-identified.html

In case you need proof that anyone , even people who do cybersecurity for a living, Troy Hunt has a long, iterative story on his webpage about how he got phished. Worth reading. from Schneier on Security https://www.schneier.com/blog/archives/2025/04/troy-hunt-gets-phished.html

There’s a virtuous cycle in technology that pushes the boundaries of what’s being built and how it’s being used. A new technology development emerges and captures the world's attention. People start experimenting and discover novel applications, use cases, and approaches to maximize the innovation's potential. These use cases generate significant value, fueling demand for the next iteration of from The Hacker News https://thehackernews.com/2025/04/have-we-reached-distroless-tipping-point.html

In the first timeline of December 2024, I collected 115 events (7.67 events/day) with a threat landscape dominated... from HACKMAGEDDON https://www.hackmageddon.com/2025/04/04/1-15-december-2024-cyber-attacks-timeline/

Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection," Microsoft said in a report shared with The from The Hacker News https://thehackernews.com/2025/04/microsoft-warns-of-tax-themed-email.html

Phishing attacks are driving a surge in “double brokering” scams in the shipping industry, according to Christian Reilly, Cloudflare’s Field CTO for EMEA. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-attacks-lead-to-theft-in-the-shipping-industry

Attackers are using new tactics in QR code phishing (quishing) attacks, according to researchers at Palo Alto Networks’ Unit 42. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/warning-qr-code-phishing-is-evolving

Internet memes and viral content have become a universal language of online culture. They're easily shareable, often humorous, and can spread rapidly across various platforms. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/malicious-memes-how-cybercriminals-use-humor-to-spread-malware

The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by from The Hacker News https://thehackernews.com/2025/04/lazarus-group-targets-job-seekers-with.html

The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it's also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed. And here's the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind. But you’re not alone—and from The Hacker News https://thehackernews.com/2025/04/ai-threats-are-evolving-fast-learn.html

AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this all-too-familiar scenario: A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security from The Hacker News https://thehackernews.com/2025/04/ai-adoption-in-enterprise-breaking.html

If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known as the  CIA triad . When we talk about a system being secure, that’s what we’re referring to. All are important, but to different degrees in different contexts. In a world populated by artificial intelligence (AI) systems and artificial intelligent agents, integrity will be paramount. What is data integrity? It’s ensuring that no one can modify data—that’s the security angle—but it’s much more than that. It encompasses accuracy, completeness, and quality of data—all over both time and space. It’s preventing accidental data loss; the “undo” button is a primitive integrity measure. It’s also making sure that data is accurate when it’s collected—that it comes from a trustworthy source, that nothing important is missing, and that it doesn’t change as it moves from format to format. The ability to restart your computer...

Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull private Google Artifact from The Hacker News https://thehackernews.com/2025/04/google-fixed-cloud-run-vulnerability.html

You may have read some of our previous blog posts on Artificial Intelligence (AI). We discussed things like using PyRIT to help automate attacks. We also covered the dangers of […] The post Getting Started with AI Hacking: Part 1 appeared first on Black Hills Information Security, Inc. . from Black Hills Information Security, Inc. https://www.blackhillsinfosec.com/getting-started-with-ai-hacking-part-1/

Co-authored by Yaniv Allender and Anna Sirokova A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At Rapid7, we actively monitor new cyber threats, keeping an eye on ransomware groups and their changing tactics. In early 2025, we came across a channel promoting itself as Babuk Locker. Since the original group had shut down in 2021, we decided to investigate whether this was a rebrand or a new threat. Several underground forums and Telegram channels started mentioning ‘Babuk Locker 2.0,’ with some actors taking credit for recent attacks. Since Babuk’s leaked source code in 2021 had led to many spin-off ransomware strains, we wanted to find out whether this was a real comeback or just another group using Babuk’s name...

It seems like only yesterday that we launched the Compliance Plus training library as a result of customers asking us to address their needs beyond security awareness training. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/compliance-plus-library-reaches-800-pieces-of-content

Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis from The Hacker News https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html

John Kelsey and I wrote a short paper for the Rossfest Festschrift : “ Rational Astrologies and Security “: There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identified by Randy Steve Waldman [Wal12], the term refers to something people treat as though it works, generally for social or institutional reasons, even when there’s little evidence that it works—­and sometimes despite substantial evidence that it does not. […] Both security theater and rational astrologies may seem irrational, but they are rational from the perspective of the people making the decisions about security. Security theater is often driven by information asymmetry: people who don’t understand security can be reassured with cosmetic or psychological measures, and sometimes that reassurance is important. It can be better understood by considering the many non-se...

Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a malware strain dubbed PG_MEM. The campaign has been attributed to a threat actor Wiz tracks as from The Hacker News https://thehackernews.com/2025/04/over-1500-postgresql-servers.html

On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email inbox in a few clicks. The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an organization, with plans to send E2EE emails to any Gmail inbox in the coming weeks and to any email inbox from The Hacker News https://thehackernews.com/2025/04/enterprise-gmail-users-can-now-send-end.html

The volume of common vulnerabilities and exposures (CVEs) identified has now reached a level that even the organization tasked with managing them can no longer keep up. The National Vulnerability Database (NVD) announced in February 2024 that it would no longer provide common vulnerability scoring system (CVSS) scores for all CVEs . This decision was down to resource constraints and an inability to keep up with the volume of newly-disclosed vulnerabilities. The NVD has now shifted its focus to processing vulnerabilities more efficiently by relying on vendor-provided and third-party scores rather than scoring each CVE independently. The Growing Vulnerability Challenge In 2024, there were over 40,000 Common Vulnerabilities and Exposures (CVEs) published, which is a 38% increase from 2023 . All of this is before organisations begin looking at other non-CVE vulnerabilities (configuration issues, outdated systems, elevated privileges etc) that can be just as important as vulnerabilitie...

A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. Lucid's unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms. "Its scalable, from The Hacker News https://thehackernews.com/2025/04/lucid-phaas-hits-169-targets-in-88.html

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-15-13-why-password-security-matters-the-danish-and-swedish-password-problem

At Rapid7, we started off the year focused on delivering new features and advancements across our products and services to bring you the context needed to prioritize exposures, visualize your attack surface, and accelerate incident response. Read on for Q1 2025 release highlights across the Command Platform, from Exposure Command to Managed Threat Complete. Eliminate blind spots with Exposure Management Discover and protect sensitive data across hybrid environments Keeping sensitive data secure across hybrid and multi-cloud environments isn’t easy—especially without clear visibility. Data gets misplaced, duplicated, or left exposed, making risk assessment and compliance difficult. Sensitive Data Discovery , our latest feature delivering clarity and control to your security data, can help. Available as part of  Exposure Command and InsightCloudSec, Sensitive Data Discovery gives security teams real-time visibility into sensitive data, such as PII, financial data or customer rec...

Are your security tokens truly secure? Explore how Reflectiz helped a giant retailer to expose a Facebook pixel that was covertly tracking sensitive CSRF tokens due to human error misconfigurations. Learn about the detection process, response strategies, and steps taken to mitigate this critical issue. Download the full case study here.  By implementing Reflectiz's recommendations, the from The Hacker News https://thehackernews.com/2025/04/new-case-study-global-retailer.html

I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it still recoverable? That is, does the reset erase the old encryption key, or just sever the password that access that key? When the phone is rebooted, are deleted files still available? We need answers for both iPhones and Android phones. And it’s not just the US; the world is going to become a more dangerous place to oppose state power. from Schneier on Security https://www.schneier.com/blog/archives/2025/04/cell-phone-opsec-for-border-crossings.html