Kirsten Doyle

An advanced persistent threat (APT) group dubbed Earth Kurma is behind a stealthy, multi-year cyber-espionage campaign targeting government and telecommunications organizations across Southeast Asia. According to Trend Micro researchers Nick Dai and Sunny Lu, the campaign has been active since at least 2020. Sophisticated Toolsets and Cloud Abuse Earth Kurma has shown a high level of operational maturity, blending advanced malware with living-off-the-land binaries and trusted infrastructure. It uses a custom suite of malware, including TESDAT, DMLOADER, SIMPOBOXSPY, and KRNRAT, which facilitate stealthy data collection, persistence, and communication with command-and-control (C&C) servers. The malicious actors leverage public cloud platforms to…

Verizon has unveiled its 2025 Data Breach Investigations Report (DBIR), which revealed a dramatic increase in cyberattacks. The report showed that third-party breaches have doubled to 30%. Also, exploitation of vulnerabilities has increased by 34%. This creates a serious threat for businesses worldwide. The latest report shows a steep rise in zero-day exploits and ransomware—bad news for the cybersecurity landscape. Human error, weak credentials, and the abuse of GenAI continues to be major vulnerabilities. Unfortunately, bad actors only grow more cunning. The report analyzed over 22,000 security incidents, including 12,195 confirmed data breaches. It discovered that credential abuse (22%) and the exploitation of vulnerabilities (20%) remain the leading initial attack vectors,…

A new Android spyware campaign is targeting Russian military personnel by hiding malicious code inside a popular mapping app, says cybersecurity firm Doctor Web. The spyware, identified as Android.Spy.1292.origin, is embedded in a modified version of the Alpine Quest mapping application. It is being distributed through unofficial app sources, including a Russian Android app catalog and a fake Telegram channel posing as the app’s developer. Alpine Quest is widely used for topographic mapping in both online and offline modes. While it’s popular among outdoor enthusiasts, it’s often used by Russian soldiers in active combat zones, too. The attackers appear to…

Proving there are no depths they won’t plum, cybercriminals have begun exploiting the news of Pope Francis’s passing in a range of malicious campaigns. This tactic has been popular for some time. Bad actors are the first to jump on the bandwagon during major world events—from global disasters to the deaths of famous people. From disinformation and scams, to malware, there is no tragedy they won’t take advantage of. According to Check Point Research, “They typically begin with disinformation campaigns on social media platforms like Instagram, TikTok, or Facebook, uploading fake images generated by AI.” These campaigns aim to grab…

A critical security vulnerability has been discovered in the Commvault Command Center, that could enable malicious actors to remotely to execute arbitrary code without authentication,” Commvault said in an advisory. “This vulnerability could lead to a complete compromise of the Command Center environment. Fortunately, other installations within the same system are not affected by this vulnerability,” the advisory added. The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 10.0 – the highest possible. A researcher from watchTowr Labs, Sonny Macdonald, is credited with discovering and reporting the flaw on 7 April. He said it could be exploited to achieve…

At this year’s RSA Conference, the theme “Many Voices. One Community” is a reminder that cybersecurity isn’t just about technology—it’s about people. In a field driven by constant innovation and rapid response, the strength of our defenses often depends on the breadth of perspectives behind them.   We asked our panel of cybersecurity experts two key questions: Is the community doing enough to elevate individual voices and welcome diverse perspectives? And how can we create more space for those who aren’t always heard? Their candid responses highlight both the progress we’ve made—and the opportunities still ahead.  Identifying Gaps in Security Cybersecurity…

ReliaQuest has uncovered a serious vulnerability in SAP NetWeaver, a popular software platform used by many businesses around the world. In April 2025, the company investigated several customer incidents involving SAP NetWeaver, a technology integration platform. Bad actors were able to upload unauthorized files and run malicious programs. ReliaQuest found that attackers had placed “JSP webshells” into public directories, similar to what happens with a remote file inclusion (RFI) vulnerability. Notably, many of the affected systems were already up-to-date with the latest SAP service packs and patches. This, said ReliaQuest, posed the questions, if attackers were exploiting an old vulnerability…

In 2024 alone, the FBI’s Internet Crime Complaint Center (IC3) received a staggering 859,532 complaints, with reported losses surging to an all-time high of $16.6 billion—a 33% increase over 2023. Of those complaints, more than 256,000 involved actual financial losses, with an average loss of $19,372 per incident. These were some of the findings from the IC3’s 2024 Internet Crime Report—the agency’s 25th report that tracks cyber-enabled crime across the US. Its message is clear: online crime is more pervasive, more damaging, and more sophisticated than ever before. “The criminals Americans face today may look different than in years past,…

CISA has published five advisories alerting of critical vulnerabilities in Industrial Control Systems (ICS) manufactured by Siemens, Schneider Electric, and ABB.   The advisories detail high-severity flaws that could enable malicious actors to access sensitive systems, disrupt industrial operations, or execute malicious code Firstly, CISA warns that multiple SQL injection vulnerabilities have been discovered in Siemens’ TeleControl Server Basic SQL, with the potential to grant attackers unauthorized database access and code execution capabilities. Affected internal methods include: Each vulnerability could allow bad actors to bypass authorization mechanisms and manipulate backend databases, threatening the integrity of industrial systems. Another advisory details a…

Marks & Spencer (M&S) has confirmed it is managing a cyber incident that has caused minor disruptions to its store operations in the last few days. Despite the security breach, the British retailer reassured customers that all stores remain open and that its website and mobile app are operating as normal. In a statement released today, M&S said: “As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business and we are sorry for any inconvenience experienced. Importantly, our stores remain open and…