Cybersecurity News | CyberSecured 24x7

11 Dec

Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece

Business Security Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience. 10 Dec 2025 • , 7 min. read Skip to the next paragraph if your eyes glaze over at the long, long titles of industry reports: the AV-Comparatives Endpoint Prevention and Response Comparative Report 2025, MITRE ATT&CK Evaluations Enterprise 2025, or the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. Despite their wordy…

11 Dec

2025 CWE Top 25 Most Dangerous Software Weaknesses

Attacks, Insights, Malware

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by the MITRE Corporation, has released the 2025 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical weaknesses adversaries exploit to compromise systems, steal data, or disrupt services. Prioritizing the weaknesses outlined in the Top 25 is integral to CISA’s Secure by Design and Secure by Demand…

11 Dec

CISA Releases 12 Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released 12 Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-345-01 Johnson Controls iSTAR ICSA-25-345-02 Johnson Controls iSTAR Ultra ICSA-25-345-03 AzeoTech DAQFactory ICSA-25-345-04 Siemens IAM Client ICSA-25-345-05 Siemens Advanced Licensing (SALT) Toolkit ICSA-25-345-06 Siemens SINEMA Remote Connect Server ICSA-25-345-07 Siemens Building X – Security Manager Edge Controller ICSA-25-345-08 Siemens Energy Services ICSA-25-345-09 Siemens Gridscale X Prepay ICSA-25-345-10 OpenPLC_V3 ICSMA-25-345-01 Grassroots DICOM (GDCM) ICSMA-25-345-02…

10 Dec

The big catch: How whaling attacks target top executives

Information

Business Security Is your organization’s senior leadership vulnerable to a cyber-harpooning? Learn how to keep them safe. Phil Muncaster 09 Dec 2025 • , 5 min. read When a hedge fund manager opened up an innocuous Zoom meeting invite, he had little idea of the corporate carnage that was to follow. That invite was booby-trapped with malware, enabling threat actors to hijack his email account. From there they moved swiftly, authorizing money transfers on Fagan’s…

09 Dec

Microsoft Patch Tuesday, December 2025 Edition

Information, Insights

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities. Despite releasing a lower-than-normal number of security updates these past few months, Microsoft patched a whopping 1,129 vulnerabilities in 2025, an 11.9% increase from 2024. According to Satnam Narang at Tenable, this year marks…

09 Dec

Opportunistic Pro-Russia Hacktivists Attack US and Global Critical Infrastructure

Attacks, Insights, Malware

CISA, in partnership with Federal Bureau of Investigation, the National Security Agency, Department of Energy, Environmental Protection Agency, the Department of Defense Cyber Crime Center, and other international partners published a joint cybersecurity advisory, Pro-Russia Hacktivists Create Opportunistic Attacks Against US and Global Critical Infrastructure. This advisory, published as an addition to the joint fact sheet on Primary Mitigations to Reduce Cyber Threats to Operational Technology (OT) released in May 2025, details that pro-Russia hacktivist groups are…

06 Dec

Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

Information, Insights

A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious ties to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine. The Nerdify homepage. The link between essay mills and Russian attack drones might seem improbable, but understanding it begins with a simple question: How does a human-intensive academic cheating service stay relevant in an era when students can simply ask AI…

05 Dec

Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture

Information

Business Security Identity is effectively the new network boundary. It must be protected at all costs. Phil Muncaster 04 Dec 2025 • , 4 min. read What do M&S and Co-op Group have in common? Aside from being among the UK’s most recognizable high street retailers, they were both recently the victims of a major ransomware breach. They were also both targeted by vishing attacks that elicited corporate passwords, providing their extorters with a critical…

04 Dec

SMS Phishers Pivot to Points, Taxes, Fake Retailers

Information, Insights

China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points. Over…

04 Dec

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems

Attacks, Insights, Malware

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of ongoing intrusions by People’s Republic of China (PRC) state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows environments.3 Victim organizations are primarily in the Government Services and Facilities and Information Technology Sectors. BRICKSTORM enables cyber threat actors to maintain stealthy access and provides capabilities for initiation, persistence, and secure command and control.…

CyberSecurity Updates

Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece

2025 CWE Top 25 Most Dangerous Software Weaknesses

CISA Releases 12 Industrial Control Systems Advisories

The big catch: How whaling attacks target top executives

Microsoft Patch Tuesday, December 2025 Edition

Opportunistic Pro-Russia Hacktivists Attack US and Global Critical Infrastructure

Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill

Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture

SMS Phishers Pivot to Points, Taxes, Fake Retailers

PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources