With a $500 radio setup, someone could remotely trigger the End-of-Train device, a wireless system attached to the last car, able to enable remote emergency braking, potentially triggering train brake failures or derailments - by neils securityaffairs.com/179940/hacking… #InfoSec

Never forget #NTLM relay attacks, it's here and most organizations are vulnerable: #SMB servers, #LDAP/#LDAPS, and ADCS web enrollment (#ESC8). This paper remembers what to check, so put a reminder for next week ;) helpnetsecurity.com/2025/07/04/ntl… #InfoSec #CyberSecurity #NTLMRelay

Researchers from DomainTools spotted #malware binaries stored within DNS TXT records, broken up into hundreds of chunks within DNS record of hundreds of subdomains, bypassing security controls arstechnica.com/security/2025/… #InfoSec #CyberSecurity

Recent #ransomware attacks show us the targets are now recovery points. This #article brings #zeroTrust for storage might be the only thing standing between you and disaster. csoonline.com/article/406182… #infoSec #CyberSecurity

The #Sneaky2FA phishing-as-a-service kit has introduced a browser-in-the-browser #BitB attack to steal Microsoft credentials, allowing bypassing two-factor authentication protections, posing a heightened threat to accounts. #InfoSec #CyberSecurity bleepingcomputer.com/news/security/…

#ImperialKitten conducted cyber reconnaissance on maritime Automatic Identification System before missile strikes on Red Sea shipping in Feb-2024, where cyber operations provide target reconnaissance for physical attacks #cyberwarfare #cybersecurity csoonline.com/article/409337…

CISA's top 25 most dangerous software weaknesses is now published. Shouldn't be a surprise but we all know it's still a pain to remediate those timely: #XSS #SQLi #CSRF #noAuthorization #OoBWrite #PathTraversal #UseAfterFree #CodeInjection #BufferOverflow cwe.mitre.org/top25/

#CyberSecurity skills matter more than headcount in the #AI era - The latest ISC2 workforce study reveals that skills gaps are increasing as cybersecurity professionals adopt AI tools and report critical staffing needs across organizations csoonline.com/article/410827… #InfoSec

⚠️ Update: Check Point says CVE-2025-37164 is being mass-exploited to spread the RondoDox botnet, with 40,000+ attacks on Jan 7. The activity targeted government, finance, and industrial sectors, prompting same-day KEV inclusion. 🔗 Read → thehackernews.com/2026/01/cisa-f…

Hacktivists and cybercriminals expand attacks on exposed #ICS, #OT, and #AI systems across critical infrastructure, #ransomware is still the big player industrialcyber.co/reports/hackti… by CRIL (Cyble Research and Intelligence Labs) #InfoSec #CyberSecurity

New #AWS Console Supply Chain Attack Allows Hijack of AWS #GitHub Repositories cybersecuritynews.com/aws-console-su… by Wiz #InfoSec #Cybersecurity

2025 #ransomware attacks soared by 32%, with manufacturing emerging as the top target; Transportation attacks increased 34%; The average ransom demand for manufacturers doubled from $523,000 to nearly $1.2 million. industrialcyber.co/reports/global… by Comparitech #infoSec #CyberSecurity

#Notepad++ #SupplyChainBreach: Attackers compromised developer's update infrastructure from June to December 2025, altering execution chains for malware delivery. Three distinct chains identified, with notable changes in tactics and payloads securelist.com/notepad-supply… #CyberSecurity

The 2025 Threat Roundup report highlights the expanding global cyber #threatLandscape in 2026. #Amazon and #Google infrastructure abuse accounted for over 15% of attacks while #WebApplications accounted for 61% of attacks. industrialcyber.co/reports/foresc… by Forescout #InfoSec #cyberSec

First known malicious Microsoft Outlook add-in #AgreeToSteal exploits employee trust. This attack highlights vulnerabilities in Microsoft’s add-in distribution, where abandoned domains can be hijacked to serve #phishing pages thehackernews.com/2026/02/first-… #cybersecurity #InfoSec

As part of the FBI #cyberResilience campaign, Operation #WinterShield focused on the transportation and logistics sector, strong cybersecurity helps ensure these systems operate safely and without disruption youtu.be/ov8rqj-Xw4c?si… #infoSec #cyberSecurity

#Ransomware payment rates drop: Despite a surge in attacks, 28% of victims paid ransoms last year. Chainalysis notes a 50% increase in attacks but stable payment numbers, forecasting total payments to reach $900 million. bleepingcomputer.com/news/security/… #InfoSec #CyberSecurity

More than 32 million #phishing emails were flagged by Darktrace in 2025: - 8.2 million targeted VIPs - 1.6 million came from new domains - 1.2 million included malicious QR codes. - 70% passed DMARC authentication infosecurity-magazine.com/news/32m-phish… #InfoSec #cyberSecurity

🚨 Four actively exploited flaws flagged. CISA warns SimpleHelp, Samsung, and D-Link bugs are already used for ransomware and botnets, including admin takeovers and remote command execution. 🔗 See what to patch or replace → thehackernews.com/2026/04/cisa-a…

Incomplete #patch for a #Windows #SmartScreen and Windows Shell security prompts bypass created a new bug enabling #zeroClick attacks securityweek.com/incomplete-win… by Akamai Security Intelligence Group #vulnerability #infoSec #cybersecurity