CyberSecure Specialist

10 Aug

Android adware: What is it, and how do I get it off my device?

Information

Mobile Security Is your phone suddenly flooded with aggressive ads, slowing down performance or leading to unusual app behavior? Here’s what to do. Phil Muncaster 08 Aug 2025  •  , 5 min. read There are various bad things that could end up on your smartphone. Spyware designed to turn your phone into a secret surveillance device. Trojans that could harvest your banking logins or credit card data, possibly via a novel method that relays NFC…

Read More
10 Aug

Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s?

Information

Business Security A sky-high premium may not always reflect your company’s security posture Tony Anscombe 08 Aug 2025  •  , 3 min. read When a cyber risk insurance quote lands on your desk and the premium is sky high, it’s natural to assume that the insurer is judging your environment to be high risk. So, when the next quote lands and is more acceptable, does it mean they viewed your risk differently? According to one…

Read More
09 Aug

Black Hat USA 2025: Policy compliance and the myth of the silver bullet

Information

Business Security Who’s to blame when the AI tool managing a company’s compliance status gets it wrong? Tony Anscombe 07 Aug 2025  •  , 3 min. read If you put a group of CISOs in a room, they are all likely to wait for one of them to declare they have the answer, the silver bullet, that solves the issue of the day. In reality, however, what needs to happen is that all the CISOs…

Read More
09 Aug

Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow?

Information

Business Security Success in cybersecurity is when nothing happens, plus other standout themes from two of the event’s keynotes Tony Anscombe 07 Aug 2025  •  , 3 min. read The 2025 edition of the Black Hat USA conference kicked off with an address from founder Jeff Moss that featured several thought-provoking comments. Among other things, he remarked that technology has become political and pointed to geopolitical sanctions and bans that limit cooperation and hit revenues,…

Read More
08 Aug

KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series

Information, Insights

A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort the clinic and its patients. The documentary, “Most Wanted: Teen Hacker,” explores the 27-year-old Kivimäki’s lengthy and increasingly destructive career, one that was marked by cyber…

Read More
08 Aug

Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for Enterprise

Information, News

Two different firms have tested the newly released GPT-5, and both find its security sadly lacking. After Grok-4 fell to a jailbreak in two days, GPT-5 fell in 24 hours to the same researchers. Separately, but almost simultaneously, red teamers from SPLX (formerly known as SplxAI) declare, “GPT-5’s raw model is nearly unusable for enterprise out of the box. Even OpenAI’s internal prompt layer leaves significant gaps, especially in Business Alignment.” NeuralTrust’s jailbreak employed a…

Read More
08 Aug

In Other News: Nvidia Says No to Backdoors, Satellite Hacking, Energy Sector Assessment

Information, News

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.  Here are this…

Read More
07 Aug

CISA Issues ED 25-02: Mitigate Microsoft Exchange Vulnerability

Attacks, Insights, Malware

Today, CISA issued Emergency Directive (ED) 25-02: Mitigate Microsoft Exchange Vulnerability in response to CVE-2025-53786, a vulnerability in Microsoft Exchange server hybrid deployments.   ED 25-02 directs all Federal Civilian Executive Branch (FCEB) agencies with Microsoft Exchange hybrid environments to implement required mitigations by 9:00 AM EDT on Monday, August 11, 2025.  This vulnerability presents significant risk to all organizations operating Microsoft Exchange hybrid-joined configurations that have not yet implemented the April 2025 patch guidance.…

Read More
07 Aug

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

Information

Threat actors are embracing ClickFix, ransomware gangs are turning on each other – toppling even the leaders – and law enforcement is disrupting one infostealer after another ESET Research 05 Aug 2025  •  , 1 min. read “It’s all fun and games until someone gets hurt” could well be the title of the latest ESET Threat Report, as cybercriminals play new mind games with their victims, wage full-on deathmatches among themselves, and become the hunted…

Read More
06 Aug

Who Got Arrested in the Raid on the XSS Crime Forum?

Information, Insights

On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by…

Read More