Kirsten Doyle

The House of Representatives has passed a bill that mandates contractors working with the federal government implement vulnerability disclosure policies (VDPs) in alignment with NIST guidelines.    The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025, introduced by Chairwoman Nancy Mace (R-S.C.) and Ranking Member Shontel Brown (D-Ohio), directs the Office of Management and Budget (OMB) to work with CISA, the National Cyber Director’s Office, NIST, and other agencies. The bill also asks the Defense Department to ensure defense contractors adopt similar policies. The Office of Management and Budget and the Department of Defense will be required to update federal acquisition…

New research has revealed that although 86% of employees believe they can confidently identify phishing emails, nearly half have fallen for scams. The study, conducted by KnowBe4, surveyed professionals in the UK, USA, Germany, France, Netherlands, and South Africa and revealed a growing chasm between confidence and competence in identifying cyber threats. Interestingly, South Africa leads with both the highest confidence levels and the highest scam victimization rate, suggesting that confidence is unwarranted and fuels a false sense of security, leaving workers more susceptible to advanced cyber threats. Fluctuating Confidence Levels Across all demographics, confidence levels depended largely on the…

A phishing email pretending to be from Binance, offering people the chance to claim newly created TRUMP coins, has turned out to be a phishing lure. Cofense is warning that if victims follow the email’s instructions and download what is called “Binance Desktop,” they actually install a remote access tool that gives malicious actors control of their computers within two minutes. To make the scam more convincing, the attackers used “Binance” as the sender’s name and included a fake “risk warning” to make the email seem trustworthy. They also fashioned a fake website that closely resembles the Binance site to…

Elon Musk confirmed yesterday that social media platform X was hit by a “massive cyberattack” affecting users since Monday, causing issues like the inability to view posts or profiles properly. “There was (still is) a massive cyberattack against ,” he said. “We get attacked every day, but this was done with a lot of resources. Either a large, coordinated group and/or a country is involved.” DownDetector reported multiple waves of attacks, with tens of thousands of users experiencing outages. Speaking to Fox Business, Musk said the attack involved IP addresses from the Ukraine area and suggested it may have been…

Researchers from Socket have identified an ongoing campaign involving at least seven typosquatted Go packages. These packages impersonate well-known Go libraries and are designed to deploy loader malware on Linux and macOS systems. Typosquatted packages are malicious software components designed to mimic the names of popular, legitimate packages. In the context of Go programming, these packages are created with names that are very similar to widely used Go libraries. The goal is to deceive developers into installing these malicious packages instead of the genuine ones.  According to Socket: “In February 2025, the threat actor released four malicious packages on the…

Microsoft Threat Intelligence has warned of a shift in tactics by Silk Typhoon, a Chinese espionage group that is now exploiting vulnerabilities in common IT solutions—including remote management tools and cloud applications—to gain initial access to target entities. The software giant says it has not observed direct attacks against its cloud services, but has seen the group exploiting unpatched applications to escalate access and conduct malicious activities within compromised networks. Once inside, Silk Typhoon uses stolen credentials to get a foothold in customer environments, abusing a range of deployed applications—including Microsoft services—for cyberespionage.  A Well-Resourced and Expansive Threat Silk Typhoon…

Google has issued an urgent security alert addressing two critical Android vulnerabilities, CVE-2024-43093 and CVE-2024-50302, which are actively being exploited in coordinated attacks targeting devices running Android versions 12 through 15. The vulnerabilities, patched in the March 2025 Android Security Bulletin (security patch level 2025-03-05), could allow malicious actors to bypass lock screens, escalate privileges, and execute remote code. Details of the Vulnerabilities CVE-2024-43093: System Component Privilege Escalation: This vulnerability, with a CVSS score of 7.8, allows malicious applications to bypass Android’s sandboxing through improper validation of inter-process communication (IPC) messages. Attackers can exploit weak permission checks in the System…

A major Microsoft outage on 1 March left tens of thousands unable to access key services like Outlook, Teams, and Office 365 for over three hours. Microsoft has not fully explained the cause but blamed a “problematic code change.” Timeline of the Outage Downdetector data shows issues began around 3:30 p.m. ET, with over 37,000 complaints for Outlook, 24,000 for Office 365, and 150 for Teams. Most reports came from U.S. cities like New York, Chicago, and Los Angeles, though users worldwide also experienced disruptions. Frustrated users took to social media, with some initially fearing a hack. Microsoft acknowledged the…

The Splunk Threat Research Team has uncovered a widespread cyber campaign targeting Internet Service Provider (ISP) infrastructure providers on the West Coast of the United States and in China. Over 4,000 ISP-related IPs were explicitly targeted in this campaign. The attack, believed to have originated from Eastern Europe, uses brute-force tactics to exploit weak credentials. It deploys crypto-mining payloads and info-stealing binaries across compromised networks. Multiple Attack Techniques The observed cyber operation employs multiple attack techniques, including: According to Splunk researchers, the perpetrators are stealthy, operating with minimal intrusion, using scripting languages such as Python and PowerShell—tools that allow them…

A new cyber espionage campaign has been uncovered targeting a select group of entities in the United Arab Emirates (UAE), focusing on aviation, satellite communications, and critical transportation infrastructure. The attack, identified by Proofpoint researchers, used advanced obfuscation techniques and a newly discovered backdoor dubbed Sosano, developed using the Go programming language. The campaign, attributed to an emerging threat cluster labeled UNK_CraftyCamel, used a compromised Indian electronics company to distribute malware-laden emails. These emails, highly tailored to each target, originated from what appeared to be a trusted business relationship, making them particularly effective. Sophisticated Infection Chain The attack, first observed…