Nicolas Krassas
@dinosn.bsky.social
📤 717
đź“Ą 1
đź“ť 2932
Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA
https://t.co/NC1orlKrW3
Also at : @dinosn
28th July – Threat Intelligence Report
research.checkpoint.com/2025/28th-ju...
loading . . .
28th July – Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 28th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The US Energy Department, including its National Nucl...
https://research.checkpoint.com/2025/28th-july-threat-intelligence-report/
6 months ago
0
1
0
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
thehackernews.com/2025/06/move...
loading . . .
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
Surge in scanning activity targets MOVEit Transfer systems, raising concerns over possible exploitation.
https://thehackernews.com/2025/06/moveit-transfer-faces-increased-threats.html
7 months ago
0
1
0
BeyondTrust warns of pre-auth RCE in Remote Support software
www.bleepingcomputer.com/news/securit...
loading . . .
BeyondTrust warns of pre-auth RCE in Remote Support software
BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code ex...
https://www.bleepingcomputer.com/news/security/beyondtrust-warns-of-pre-auth-rce-in-remote-support-software/
7 months ago
0
0
1
Asana warns MCP AI feature exposed customer data to other orgs
www.bleepingcomputer.com/news/securit...
loading . . .
Asana warns MCP AI feature exposed customer data to other orgs
Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users a...
https://www.bleepingcomputer.com/news/security/asana-warns-mcp-ai-feature-exposed-customer-data-to-other-orgs/
7 months ago
0
0
0
Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform
labs.watchtowr.com/is-b-for-bac...
loading . . .
Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform
Welcome to June! We’re back—this time, we're exploring Sitecore’s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025. We’ve spent a bit of time...
https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/
7 months ago
0
1
0
Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report
www.securityweek.com/googles-32-b...
loading . . .
Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report
According to reports, the US Department of Justice will assess whether the deal would harm competition in the cybersecurity market.
https://www.securityweek.com/googles-32-billion-wiz-deal-draws-doj-antitrust-scrutiny-report/
7 months ago
0
0
1
Washington Post's email system hacked, journalists' accounts compromised
www.bleepingcomputer.com/news/securit...
loading . . .
Washington Post's email system hacked, journalists' accounts compromised
Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government.
https://www.bleepingcomputer.com/news/security/washington-posts-email-system-hacked-journalists-accounts-compromised/
7 months ago
0
0
1
High-Severity Vulnerabilities Patched in Tenable Nessus Agent
www.securityweek.com/high-severit...
loading . . .
High-Severity Vulnerabilities Patched in Tenable Nessus Agent
Three high-severity Tenable Agent vulnerabilities could allow users to overwrite and delete files, or execute arbitrary code.
https://www.securityweek.com/high-severity-vulnerabilities-patched-in-tenable-nessus-agent/
7 months ago
0
1
0
CISA Releases Ten Industrial Control Systems Advisories
www.cisa.gov/news-events/...
loading . . .
CISA Releases Ten Industrial Control Systems Advisories | CISA
https://www.cisa.gov/news-events/alerts/2025/06/12/cisa-releases-ten-industrial-control-systems-advisories
7 months ago
0
1
0
GitLab patches high severity account takeover, missing auth issues
www.bleepingcomputer.com/news/securit...
loading . . .
GitLab patches high severity account takeover, missing auth issues
GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in futur...
https://www.bleepingcomputer.com/news/security/gitlab-patches-high-severity-account-takeover-missing-auth-issues/
7 months ago
0
1
0
'Major compromise' at NHS temping arm exposed gaping security holes
go.theregister.com/feed/www.the...
loading . . .
'Major compromise' at NHS temping arm never disclosed
Exclusive: Incident responders suggested sweeping improvements following Active Directory database heist
https://go.theregister.com/feed/www.theregister.com/2025/06/12/compromise_nhs_professionals/
7 months ago
0
1
0
Ivanti Workspace Control hardcoded key flaws expose SQL credentials
www.bleepingcomputer.com/news/securit...
loading . . .
Ivanti Workspace Control hardcoded key flaws expose SQL credentials
Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution.
https://www.bleepingcomputer.com/news/security/ivanti-workspace-control-hardcoded-key-flaws-expose-sql-credentials/
8 months ago
0
0
0
OpenAI working to fix ChatGPT outage affecting users worldwide
www.bleepingcomputer.com/news/technol...
loading . . .
OpenAI working to fix ChatGPT outage affecting users worldwide
OpenAI is working to fix an ongoing outage impacting ChatGPT users worldwide and preventing them from accessing the chatbot on the web or via mobile and desktop apps.
https://www.bleepingcomputer.com/news/technology/openai-working-to-fix-chatgpt-outage-affecting-users-worldwide/
8 months ago
0
1
0
Update: Dumping Entra Connect Sync Credentials
posts.specterops.io/update-dumpi...
loading . . .
Update: Dumping Entra Connect Sync Credentials
Recently, Microsoft changed the way the Entra Connect Connect Sync agent authenticates to Entra ID. These changes affect attacker tradecraft, as we can no longer export the sync account credentials…
https://posts.specterops.io/update-dumping-entra-connect-sync-credentials-4a9114734f71?source=rss----f05f8696e3cc---4
8 months ago
0
1
0
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
www.bleepingcomputer.com/news/securit...
loading . . .
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).
https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/
8 months ago
0
0
0
HMRC: Crooks broke into 100k accounts, stole ÂŁ43M from British taxpayer in late 2024
go.theregister.com/feed/www.the...
loading . . .
Crims breached 100k UK tax accounts to steal ÂŁ43M from HMRC
: It’s definitely not a cyberattack though! Really!
https://go.theregister.com/feed/www.theregister.com/2025/06/05/hmrc_fraudsters_broke_into_100k/
8 months ago
0
1
0
US offers $10M for tips on state hackers tied to RedLine malware
www.bleepingcomputer.com/news/securit...
loading . . .
US offers $10M for tips on state hackers tied to RedLine malware
The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected cr...
https://www.bleepingcomputer.com/news/security/us-offers-10m-for-tips-on-state-hackers-tied-to-redline-malware/
8 months ago
0
0
0
Vodafone Germany Fined $51 Million Over Privacy, Security Failures
www.securityweek.com/vodafone-ger...
loading . . .
Vodafone Germany Fined $51 Million Over Privacy, Security Failures
Germany fined Vodafone $51 million for failing to protect user data from partners and unauthorized third-parties.
https://www.securityweek.com/vodafone-germany-fined-51-million-over-privacy-security-failures/
8 months ago
0
0
0
Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs
hackread.com/hackers-leak...
loading . . .
Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
https://hackread.com/hackers-leak-86m-att-records-with-decrypted-ssns/
8 months ago
0
0
0
Sleeper Sound: LayerX Uncovers Malicious “Sleeper” Sound Management Extensions with Nearly 1.5 Million Users Worldwide
layerxsecurity.com/blog/sleeper...
loading . . .
Sleeper Sound: LayerX Uncovers Malicious “Sleeper” Sound Management Extensions with Nearly 1.5 Million Users Worldwide - LayerX
LayerX has unearthed network of malicious “sleeper agent” extensions that appear to serve as infrastructure for future malicious activity, currently installed on nearly 1.5 million users worldwide.  ...
https://layerxsecurity.com/blog/sleeper-sound-layerx-uncovers-malicious-sleeper-sound-management-extensions-with-nearly-1-5-million-users-worldwide/
8 months ago
0
0
0
Vulnerability leaks Vanta customer info
www.scworld.com/brief/vulner...
loading . . .
Vulnerability leaks Vanta customer info
TechCrunch reports that leading trust management platform Vanta had private information from less than 4% of its over 10,000 clients inadvertently exposed to other customers due to a product code chan...
https://www.scworld.com/brief/vulnerability-leaks-vanta-customer-info
8 months ago
0
0
0
Police takes down AVCheck site used by cybercriminals to scan malware
www.bleepingcomputer.com/news/securit...
loading . . .
Police takes down AVCheck site used by cybercriminals to scan malware
An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in th...
https://www.bleepingcomputer.com/news/security/police-takes-down-avcheck-antivirus-site-used-by-cybercriminals/
8 months ago
0
0
1
Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale
hackread.com/threat-actor...
loading . . .
Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
https://hackread.com/threat-actor-tiktok-breach-428-million-records-sale/
8 months ago
0
0
0
Adidas confirms criminals stole data from customer service provider
go.theregister.com/feed/www.the...
loading . . .
Adidas confirms data swiped from customer service provider
: Hackers take personal data bytes from the brand with three stripes
https://go.theregister.com/feed/www.theregister.com/2025/05/27/adidas_confirms_data_theft/
8 months ago
0
0
1
Alleged AT&T breach compromises 31M records
www.scworld.com/brief/allege...
loading . . .
Alleged AT&T breach compromises 31M records
AT&T had a database purportedly including 31 million sensitive user records exposed on a popular hacking forum, reports Cybernews.
https://www.scworld.com/brief/alleged-att-breach-compromises-31m-records
8 months ago
0
0
1
M&S warns of ÂŁ300M dent in profits from cyberattack
go.theregister.com/feed/www.the...
loading . . .
M&S warns of ÂŁ300M dent in profits from cyberattack
: Downtime stings retailer, with technical recovery costs coming at a later date
https://go.theregister.com/feed/www.theregister.com/2025/05/21/ms_cyberattack_disruption/
8 months ago
0
0
0
SK Telecom says malware breach lasted 3 years, impacted 27 million numbers
www.bleepingcomputer.com/news/securit...
loading . . .
SK Telecom says malware breach lasted 3 years, impacted 27 million numbers
SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers.
https://www.bleepingcomputer.com/news/security/sk-telecom-says-malware-breach-lasted-3-years-impacted-27-million-numbers/
8 months ago
0
0
0
Coinbase Extorted, Offers $20M for Info on Its Hackers
www.darkreading.com/cyberattacks...
loading . . .
Coinbase Extorted, Offers $20M for Info on Its Hackers
Coinbase is going Liam Neeson on its attackers, potentially setting a new precedent for incident response in the wake of crypto- and blockchain-targeting cyberattacks.
https://www.darkreading.com/cyberattacks-data-breaches/coinbase-extorted-20m-hackers
8 months ago
0
0
1
The Epoch Times purportedly hacked, 32M records exposed
www.scworld.com/brief/the-ep...
loading . . .
The Epoch Times purportedly hacked, 32M records exposed
International far-right media outlet The Epoch Times was reported by SafetyDetectives cybersecurity experts to have a database of 32 million records allegedly stolen from its systems leaked online, ac...
https://www.scworld.com/brief/the-epoch-times-purportedly-hacked-32m-records-exposed
8 months ago
0
1
0
Broadcom employee data stolen by ransomware crooks following hit on payroll provider
go.theregister.com/feed/www.the...
loading . . .
Broadcom data stolen in payroll provider ransomware raid
EXCLUSIVE: The tech biz was in the process of dropping the payroll company as it learned of the breach
https://go.theregister.com/feed/www.theregister.com/2025/05/16/broadcom_employee_data_stolen_by/
8 months ago
0
2
1
Data broker protection rule quietly withdrawn by CFPB
www.malwarebytes.com/blog/news/20...
loading . . .
Data broker protection rule quietly withdrawn by CFPB
The CFPB has decided to withdraw a 2024 rule that was aimed at limiting the sale of Americans’ personal information by data brokers.
https://www.malwarebytes.com/blog/news/2025/05/data-broker-protection-rule-quietly-withdrawn-by-cfpb
8 months ago
0
0
1
The Good, the Bad and the Ugly in Cybersecurity – Week 20
www.sentinelone.com/blog/the-goo...
loading . . .
The Good, the Bad and the Ugly in Cybersecurity – Week 20
Police disrupt cybercrime ops, malicious NPM package hides malware via Unicode, and spies leverage zero-day in enterprise messaging app.
https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-20-6/
8 months ago
0
0
0
CISA tags recently patched Chrome bug as actively exploited
www.bleepingcomputer.com/news/securit...
loading . . .
CISA tags recently patched Chrome bug as actively exploited
On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser.
https://www.bleepingcomputer.com/news/security/cisa-tags-recently-patched-chrome-bug-as-actively-exploited-zero-day/
8 months ago
0
0
0
Scammers are deepfaking voices of senior US government officials, warns FBI
go.theregister.com/feed/www.the...
loading . . .
Deepfake voices of senior US officials used in scams: FBI
: They're smishing, they're vishing
https://go.theregister.com/feed/www.theregister.com/2025/05/16/fbi_deepfake_us_government_warning/
8 months ago
0
0
0
Commit Stomping
blog.zsec.uk/commit-stomp...
loading . . .
Commit Stomping
Manipulating Git Histories to Obscure the Truth
https://blog.zsec.uk/commit-stomping/
8 months ago
0
0
0
Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)
labs.watchtowr.com/expression-p...
loading . . .
Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)
Keeping your ears to the ground and eyes wide open for the latest vulnerability news at watchTowr is a given. Despite rummaging through enterprise code looking for 0days on a daily basis, our interest...
https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/
8 months ago
0
0
0
Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a breach disclosure…
go.theregister.com/feed/www.the...
loading . . .
Hackers scam Coinbase users and ransom data for $20M
: One expert tells us: 'It is the most unique breach disclosure I've ever seen'
https://go.theregister.com/feed/www.theregister.com/2025/05/15/coinbase_extorted_for_20m_support/
8 months ago
0
6
2
CISA Releases Twenty-Two Industrial Control Systems Advisories
www.cisa.gov/news-events/...
loading . . .
CISA Releases Twenty-Two Industrial Control Systems Advisories | CISA
https://www.cisa.gov/news-events/alerts/2025/05/15/cisa-releases-twenty-two-industrial-control-systems-advisories
8 months ago
0
0
0
Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
thehackernews.com/2025/05/coin...
loading . . .
Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
Insiders bribed at Coinbase leaked customer data (<1% of users), triggering $20M extortion; funds safe.
https://thehackernews.com/2025/05/coinbase-agents-bribed-data-of-1-users.html
8 months ago
0
0
0
Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers
thehackernews.com/2025/05/russ...
loading . . .
Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers
APT28 exploited MDaemon zero-day CVE-2024-11182 in targeted webmail hacks across 10+ nations.
https://thehackernews.com/2025/05/russia-linked-apt28-exploited-mdaemon.html
8 months ago
0
0
0
Kosovo authorities extradited admin of the cybercrime marketplace
BlackDB.cc
securityaffairs.com/177870/cyber...
loading . . .
https://BlackDB.cc
8 months ago
0
0
0
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
thehackernews.com/2025/05/new-...
loading . . .
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
Chrome flaw CVE-2025-4664 enables cross-origin data leaks; active exploit confirmed; update to 136.0.7103.113.
https://thehackernews.com/2025/05/new-chrome-vulnerability-enables-cross.html
8 months ago
0
0
2
Microsoft Restructures: 6,000 Jobs Cut Amid AI Focus
securityonline.info/microsoft-re...
loading . . .
Microsoft Restructures: 6,000 Jobs Cut Amid AI Focus
Microsoft announces a 3% workforce reduction (around 6,000 jobs) as part of a strategic restructuring to align with its AI-driven market strategy.
https://securityonline.info/microsoft-restructures-6000-jobs-cut-amid-ai-focus/
8 months ago
0
0
1
The cryptography behind passkeys
blog.trailofbits.com/2025/05/14/t...
loading . . .
The cryptography behind passkeys
This post will examine the cryptography behind passkeys, the guarantees they do or do not give, and interesting cryptographic things you can do with them, such as generating cryptographic keys and sto...
https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/
8 months ago
0
0
0
Steel giant Nucor Corporation facing disruptions after cyberattack
www.bleepingcomputer.com/news/securit...
loading . . .
Steel giant Nucor Corporation facing disruptions after cyberattack
A cybersecurity incident on Nucor Corporation's systems forced the company to take offline parts of its networks and implement containment measures.
https://www.bleepingcomputer.com/news/security/steel-giant-nucor-corporation-facing-disruptions-after-cyberattack/
8 months ago
0
1
0
North Korean Hackers Stole $88M by Posing as US Tech Workers
hackread.com/north-korean...
loading . . .
North Korean Hackers Stole $88M by Posing as US Tech Workers
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
https://hackread.com/north-korean-hackers-stole-88m-posing-us-tech-workers/
8 months ago
0
0
0
Analyzing the Attack Surface of Ivanti's DSM
code-white.com/blog/ivanti-...
loading . . .
CODE WHITE | Analyzing the Attack Surface of Ivanti's DSM
Ivanti's Desktop & Server Management (DSM) product is an old acquaintance that we have encountered in numerous red team and internal assessments. The main purpose of the product is the centralized dis...
https://code-white.com/blog/ivanti-desktop-and-server-management/
8 months ago
0
0
0
Microsoft to Lay Off About 3% of Its Workforce
www.securityweek.com/microsoft-to...
loading . . .
Microsoft to Lay Off About 3% of Its Workforce
Microsoft began laying off nearly 3% of its entire workforce Tuesday, its largest mass layoff in more than two years.
https://www.securityweek.com/microsoft-to-lay-off-about-3-of-its-workforce/
8 months ago
0
0
0
Siemens RUGGEDCOM Flaws Scored CVSS 9.9: Command Injection Bugs Threaten Industrial Networks
securityonline.info/siemens-rugg...
loading . . .
Siemens RUGGEDCOM Flaws Scored CVSS 9.9: Command Injection Bugs Threaten Industrial Networks
Siemens RUGGEDCOM devices face CVSS 9.9 command injection flaws. Authenticated users can execute root-level code via web tools. Patch to V2.16.5 now.
https://securityonline.info/siemens-ruggedcom-flaws-scored-cvss-9-9-command-injection-bugs-threaten-industrial-networks/
8 months ago
0
1
0
Ivanti warns of critical Neurons for ITSM auth bypass flaw
www.bleepingcomputer.com/news/securit...
loading . . .
Ivanti warns of critical Neurons for ITSM auth bypass flaw
​Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability.
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-neurons-for-itsm-auth-bypass-flaw/
8 months ago
0
0
0
Load more
feeds!
log in
