Cyber Security News

F5 Acquires Fletch, a San Francisco Cybersecurity Start-Up that Helps Companies Flag Threats Seattle-based application delivery and security giant F5 has acquired Fletch, a San Francisco startup founded in 2020 that uses AI to help companies spot threats and reduce alert fatigue. Terms of the deal were not disclosed. Cyber_Security_Channel

'Everest Group' Extorts Global Orgs via SAP's HR Tool Besides Coca-Cola, Everest's most notable May victims have been the Mediclinic Group. It's a multibillion-dollar hospital group managing locations in Namibia, South Africa, Switzerland, and the United Arab Emirates (UAE). Additionally, the Department of Tourism and Culture in Abu Dhabi (DCTA). It has also struck smaller outfits, like the Brooklyn-based medical imaging company PDI Health and a small bank based in Jordan called Jordan Kuwait Bank. Cyber_Security_Channel

Czech Government Condemns Chinese Hack on Critical Infrastructure The Government of the Czech Republic strongly condemns this malicious cyber campaign against its critical infrastructure,” the statement read. “Such behavior undermines the credibility of the People’s Republic of China and contradicts its public declarations. Cyber_Security_Channel

Nova Scotia Power Confirms Ransomware Attack, 280k Notified of Data Breach In the latest update, shared on its website on May 23, Nova Scotia Power confirmed that it has been targeted in what it described as a “sophisticated ransomware attack”. “No payment has been made to the threat actor,” the utility clarified. “This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance.” Cyber_Security_Channel

Phony Hacktivist Pleads Guilty to Disney Data Leak In 2024, a hacker group called NullBulge posted on a hacking forum that it had stolen 1.1TB of data from Disney's internal Slack channels. This prompted Disney to launch an investigation into the matter, which allegedly involved information on unreleased projects as well as source code and login credentials. Cyber_Security_Channel

Forget the Stack; Focus on Control This debt doesn't happen overnight. It builds slowly: — Outdated tools — Incomplete configurations — Assumptions that controls are working It's not caused by negligence. It's the cost of business priorities moving faster than security can adapt. Cyber_Security_Channel

🎉 ANY.RUN Turns 9 — Claim Your Special Offer! Grab extra Sandbox licenses or double the TI Lookup search request quota. — Reduce incident response costs — Get control over the privacy — Improve SOC efficiency ➡️ Hurry up to get ANY.RUN's Birthday deals. *Ending May 31st → here is the link. ----- #ad #paidpromotion #sponsored @Cyber_Security_Channel

Play Ransomware Group Used Windows Zero-Day During the attack, the Balloonfly operators deployed a variety of samples and hacktools in addition to the Grixba infostealer and the exploit for CVE-2025-29824 on this machine," the security vendor noted. "Some of the samples aren't available to us at the moment of writing, but they were located in the Music folder with suspicious names masquerading as Palo Alto software (paloaltoconfig.exe, paloaltoconfig.dll) or, for example, 1day.exe. Cyber_Security_Channel

Coinbase Warns of Up to $400 Million Hit From Cyberattack The company received an email from an unknown threat actor on May 11, claiming to have information about certain customer accounts as well as internal documents. While some data — including names, addresses and emails — was stolen, the hackers did not get access to login credentials or passwords, Coinbase said. It would, however, reimburse customers who were tricked into sending funds to the attackers. @Cyber_Security_Channel

👨‍💻 SOCs waste hours on manual triage & slow response times Gain better visibility into threats, speed up incident response, and improve team coordination with ANY.RUN Interactive Sandbox.   Join ANY.RUN's free webinar to explore actionable strategies for your SOC 🚀 📅 Wednesday, May 14 Register here click this link. -----   #ad #paidpromotion #sponsored @Cyber_Security_Channel

Paper Werewolf Threat Actor Targets Flash Drives With New Malware The threat actor has been singling out organizations in mass media, telecommunications, construction, government entities, and energy sectors from July to December of 2024 before shifting its tactics with the introduction of PowerModul, according to Kaspersky researchers. Cyber_Security_Channel

Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000 The Medusa ransomware group announced hacking Bell Ambulance in early March, claiming to have stolen more than 200 Gb of data from its systems. The second healthcare organization to confirm a data breach impacting more than 100,000 people is Birmingham, AL-based ophthalmology practice Alabama Ophthalmology Associates. Cyber_Security_Channel

NetSTAR Strengthens Leadership in Encrypted Traffic Categorization of URLs, Web Applications and Internet Threat Intelligence The latest advancements to NetSTAR's encrypted traffic intelligence capabilities further enhance what's already regarded as one of the most effective and scalable solutions in the industry. By leveraging advanced AI models, real-time behavioral analysis, and NetSTAR's unmatched global telemetry, OEM partners can confidently classify encrypted traffic of URLs, IP addresses, and web applications without relying on outdated inspection techniques. Cyber_Security_Channel

EU Commission to Invest €1.3bn in Cybersecurity and AI The Strategic Technologies for Europe Platform (STEP), an EU-wide mechanism launched in 2024 to support tech initiatives, is set to drive innovation further by introducing the STEP Seal, a quality label that will be awarded to promising projects. Cyber_Security_Channel

MITRE-Backed Cyber Vulnerability Program to Lose Funding The CVE Program provides a standardized system for identifying and cataloging publicly known cybersecurity vulnerabilities. Each vulnerability is assigned a unique identifier, designed to help security researchers, vendors and officials communicate consistently about the same issue. Agencies like the Cybersecurity and Infrastructure Security Agency regularly issue vulnerability alerts using CVE standardized language. Cyber_Security_Channel

👨‍💻 Best Way to Detect Phishing and Malware? There is a solution for you... Learn how Automated Interactivity from @anyrun_app streamlines malware and phishing detection, detonation, and analysis. What is the Tool's Functionality? — Solves CAPTCHAs — Extracts URLs from QR codes — Scans documents for malicious embeds Bonus: Automated Interactivity auto-executes payloads to reveal behaviors like C2 communication and credential harvesting, providing earlier detection and deeper visibility. Don't miss out, explore the use cases → here is the link. -----   #ad #paidpromotion #sponsored @Cyber_Security_Channel

OpenAI's New Image Generator Is Incredible for Creating Fraudulent Documents Case in point, Menlo Ventures principal Deedy Das tweeted a photo of a fake receipt for a lavish meal at a real San Francisco steakhouse, as spotted by TechCrunch. Cyber_Security_Channel

Data Doctors: Signal vs WhatsApp — Should you Switch? If you’re concerned about privacy, Signal is the clear winner. It’s not trying to monetize your activity, and its technology is purpose-built to limit what anyone, including the app itself, can know about your usage. Signal and WhatsApp may look similar on the surface, but their philosophies couldn’t be more different. One is backed by a data-collecting corporation; the other is run by a nonprofit that exists solely to protect your privacy. Cyber_Security_Channel

Halo ITSM Vulnerability Exposed Organizations to Remote Hacking “As an IT Support Management tool, Halo is often integrated with various internal and external systems and cloud providers, as well as containing sensitive information such as configuration files and credentials,” said Shubham Shah, SVP of Engineering and Research at Searchlight. Cyber_Security_Channel

Data Privacy Experts Call DOGE Actions ‘alarming’ DOGE has been able to access sensitive information from the Treasury Department payment system, information about the headcount and budget of an intelligence agency and Americans’ Social Security numbers, health information and other demographic data. Musk and department staffers are also using artificial intelligence in their analysis of department cuts. Cyber_Security_Channel