CyberSecure Specialist

22 Sep

Mycroft Raises $3.5 Million for AI-Powered Security and Compliance Platform

Information, News

Toronto, Canada-based company Mycroft emerged from stealth on Monday with a solution designed to help organizations manage and operate their security and IT stack with the aid of autonomous AI agents. Mycroft has raised $3.5 million in seed funding in a round led by Luge Capital, with participation from Brightspark Ventures, Graphite Ventures, Ripple Ventures, Developer Capital, Antler, BoxOne Ventures, and angel investors. The company has developed a platform that acts as an AI Security…

Read More
22 Sep

SonicWall Releases Advisory for Customers after Security Incident

Attacks, Insights, Malware

SonicWall released a security advisory to assist their customers with protecting systems impacted by the MySonicWall cloud backup file incident. SonicWall’s investigation found that a malicious actor performed a series of brute force techniques against their MySonicWall.com web portal to gain access to a subset of customers’ preference files stored in their cloud backups. While credentials within the files were encrypted, the files also included information that actors can use to gain access to customers’…

Read More
21 Sep

Airport Cyberattack Disrupts More Flights Across Europe

Information, News

Fallout from a cyberattack that disrupted check-in systems at several European airports extended into a second full day on Sunday, as passengers faced dozens of canceled and delayed flights — and the impact poised to worsen for at least one major airport. Brussels Airport, seemingly the hardest hit, said it asked airlines to cancel nearly 140 departing flights scheduled for Monday because a U.S.-based software system provider “is not yet able to deliver a new…

Read More
20 Sep

Gamaredon X Turla collab

Information

In this blogpost, we uncover the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Key points of this blogpost: In February 2025, we discovered that the Gamaredon tool PteroGraphin was used to restart Turla’s Kazuar backdoor on a machine in Ukraine. In April and June 2025, we detected that Kazuar v2 was deployed using Gamaredon tools PteroOdd and PteroPaste. These discoveries lead us to believe with high confidence that Gamaredon is collaborating…

Read More
19 Sep

Small businesses, big targets: Protecting your business against ransomware

Information

Business Security Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises Phil Muncaster 18 Sep 2025  •  , 5 min. read Think your business is too small to be singled out for digital extortion? Think again. Indeed, if you’re an SMB owner, you’d better assume you’re a potential target. Verizon data reveals that, while ransomware comprises 39% of data breaches at large…

Read More
19 Sep

In Other News: 600k Hit by Healthcare Breaches, Major ShinyHunters Hacks, DeepSeek’s Coding Bias

Data Breaches, Information, News

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.  Here are this…

Read More
19 Sep

Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions

Information, Malware, News

Two Russian state-sponsored threat actors have been working together in recent cyberattacks against Ukrainian targets, evidence collected by ESET suggests. Specifically, the company found that, between February and April 2025, tools that Gamaredon had deployed were used to restart and deploy Turla malware on the systems of select victims in Ukraine. Turla, also known as Krypton, Snake, Venomous Bear, and Waterbug, has been active since at least 2004, focusing on high-profile targets, including diplomats and…

Read More
18 Sep

ChatGPT Targeted in Server-Side Data Theft Attack

Information, News

Researchers at web security company Radware recently discovered what they described as a service-side data theft attack method involving ChatGPT.  The attack, dubbed ShadowLeak, targeted ChatGPT’s Deep Research capability, which is designed to conduct multi-step research for complex tasks. OpenAI neutralized ShadowLeak after it was notified by Radware. The ShadowLeak attack did not require any user interaction. The attacker simply needed to send a specially crafted email that when processed by the Deep Research agent…

Read More
18 Sep

CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems

Attacks, Insights, Malware

Today, CISA released a Malware Analysis Report detailing the functionality of two sets of malware obtained from an organization compromised by cyber threat actors exploiting CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (Ivanti EPMM).   The Malware Analysis Report, Malicious Listener for Ivanti EPMM Systems, provides guidance to help organizations detect and mitigate these threats, including indicators of compromise and YARA and SIGMA rules. Mitigations include highlighting the need to upgrade Ivanti EPMM systems to…

Read More
17 Sep

HybridPetya: The Petya/NotPetya copycat comes with a twist

Information

HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality 16 Sep 2025 ESET researchers have uncovered a new ransomware strain that they have named HybridPetya. While resembling the infamous Petya/NotPetya malware, it comes with a new and dangerous twist – it adds the ability to compromise UEFI-based systems and weaponize CVE‑2024‑7344 in order to bypass UEFI Secure Boot on outdated systems. HybridPetya is not actively spreading in the…

Read More