Lmst
Login

#Apt

AskUbuntuaskubuntu@ubuntu.social
2026-01-27

Unstable archive.ubuntu.com/ubuntu while running apt update #apt

askubuntu.com/q/1563307/612

VulDB :verified:vuldb@infosec.exchange
2026-01-27

Added indicators for: BianLian (+1), Venom RAT (+1), Quasar RAT (+2), Hajime (+4), Havoc (+2), SmartApeSG (+1) and SmokeLoader (+5). vuldb.com/?actor #apt #cti #ioc

SOC Goulashsoc_goulash@infosec.exchange
2026-01-26

It's been a busy 24 hours in the cyber world with updates on nation-state activity, actively exploited vulnerabilities, new AI-powered malware, and a reminder about data privacy and regulatory efforts. Let's dive in:

Nike Data Theft & Poland Power Grid Attack ๐Ÿšจ

- Extortion group WorldLeaks, believed to be a rebrand of Hunters International, claims to have stolen 1.4TB of internal Nike data, including design and manufacturing workflows. Nike is investigating the potential breach.
- Russia's GRU-linked Sandworm unit is suspected to be behind a December wiper malware attack (DynoWiper) on Poland's power grid, which aimed to disrupt communications between renewable energy installations. The attack was thwarted but described as the strongest in years.
- These incidents highlight the ongoing threat of data exfiltration for extortion and nation-state targeting of critical infrastructure, even if the attacks are unsuccessful.

๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿ—ž๏ธ The Record | therecord.media/russia-eset-sa

Even Cybercriminals Have Security Lapses ๐Ÿคฆ

- Cybersecurity researcher Jeremiah Fowler discovered over 149 million unique login/password combinations from infostealer and keylogging malware exposed online.
- The 96GB dataset contained credentials for social media, dating apps, streaming services, financial services, banking, credit cards, and even government accounts.
- This serves as a stark reminder that even threat actors can fail at basic security, but more importantly, it's a critical prompt for everyone to regularly reset passwords, especially if you've been a victim of infostealer malware.

๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

AI-Generated Malware and Malicious Extensions ๐Ÿค–

- North Korean Konni hackers are using AI-generated PowerShell malware to target blockchain developers and engineering teams in Japan, Australia, and India, expanding their traditional scope.
- Two malicious Microsoft VS Code extensions, "ChatGPT - ไธญๆ–‡็‰ˆ" (1.3M installs) and "ChatGPT - ChatMoss๏ผˆCodeMoss๏ผ‰" (150K installs), were found exfiltrating every opened file and code modification to China-based servers.
- Separately, LayerX Research identified 16 malicious Chrome browser extensions for ChatGPT designed to steal account credentials and session tokens by monitoring outbound requests from chatgpt.com.

๐Ÿ“ฐ The Hacker News | thehackernews.com/2026/01/konn
๐Ÿ“ฐ The Hacker News | thehackernews.com/2026/01/mali
๐Ÿคซ CyberScoop | cyberscoop.com/chatgpt-browser

Critical Vulnerabilities Under Active Exploitation โš ๏ธ

- CISA has flagged a critical VMware vCenter Server RCE flaw (CVE-2024-37079) as actively exploited, stemming from a heap overflow in the DCERPC protocol. Federal agencies have three weeks to patch.
- Microsoft released emergency out-of-band updates for an actively exploited high-severity Office zero-day (CVE-2026-21509), a security feature bypass affecting multiple Office versions. Mitigations are available for unpatched versions.
- Nearly 800,000 Telnet servers are exposed globally, with active exploitation of a critical authentication bypass (CVE-2026-24061) in GNU InetUtils telnetd server, allowing root access without authentication. Patch immediately or disable Telnet.

๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/micr
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu

Pwn2Own Automotive & npm Supply Chain Flaws ๐Ÿ›ก๏ธ

- The Pwn2Own Automotive 2026 competition uncovered 76 unique zero-day vulnerabilities across Tesla infotainment, EV chargers, and Automotive Grade Linux, with over $1M paid out.
- Researchers found "PackageGate" vulnerabilities in JavaScript package managers (pnpm, vlt, Bun, npm) that bypass Shai-Hulud supply-chain defenses via Git dependencies, allowing script execution even with '--ignore-scripts'. NPM has not patched this, stating users are responsible for vetting packages.
- Google has patched a vulnerability in Gemini AI that could expose a user's calendar secrets through prompt injection in malicious calendar invitations, highlighting the need for new security considerations for LLMs.

๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu
๐Ÿ“ฐ The Hacker News | thehackernews.com/2026/01/mali

Winning Against AI-Based Attacks Requires a Combined Defensive Approach ๐Ÿ’ก

- The rise of offensive AI is transforming attack strategies, making them more sophisticated and harder to detect, with LLMs used to conceal code and generate malicious scripts.
- Legacy defences like EDR alone are proving insufficient against AI-fueled attacks, which can operate at higher speeds and scale, and often combine threats across identity, endpoint, cloud, and on-premises infrastructure.
- A combined defensive approach, integrating Network Detection and Response (NDR) with EDR, is crucial for detecting novel attack types, identifying behavioural anomalies, and gaining deeper insights from network data to respond quickly.

๐Ÿ“ฐ The Hacker News | thehackernews.com/2026/01/winn

Privacy Breaches and State-Sponsored Spyware ๐Ÿ”’

- French privacy regulators fined an unnamed company โ‚ฌ3.5M for sharing customer loyalty data (email addresses, phone numbers) with a social network for targeted advertising without explicit consent, affecting over 10.5 million Europeans.
- A London judge awarded a British critic of the Saudi regime over ยฃ3M ($4.1M) in damages, finding "compelling basis" that his iPhones were hacked by Pegasus spyware directed or authorised by Saudi Arabia.
- These incidents underscore the critical importance of informed consent for data sharing and the severe consequences of state-sponsored surveillance and privacy violations.

๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿ—ž๏ธ The Record | therecord.media/london-judge-s

Voluntary Rules for Commercial Hacking Tools โš–๏ธ

- An international effort, the Pall Mall Process, is developing voluntary standards for the commercial cyber intrusion industry, focusing on responsible government use and procurement from ethical vendors.
- Key discussions include the scope of these rules (e.g., reconnaissance tools), incentives for vendor participation, and how to handle companies with a history of irresponsible behaviour.
- Bug bounty platform HackerOne has also published a new safe harbour document for AI security testing, aiming to provide clear, standardised authorisation for researchers and encourage good-faith AI vulnerability discovery.

๐Ÿคซ CyberScoop | cyberscoop.com/industry-govern
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

Cloudflare BGP Route Leak ๐ŸŒ

- Cloudflare experienced a 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, causing congestion, packet loss, and dropped traffic due to an accidental policy misconfiguration on a router.
- The incident, a mixture of Type 3 and Type 4 route leaks, occurred when an overly permissive export policy allowed internal IPv6 routes to be advertised externally from Miami.
- Cloudflare detected and reverted the configuration within 25 minutes and is implementing stricter community-based export safeguards, CI/CD checks, and promoting RPKI ASPA adoption to prevent future occurrences.

๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu

#CyberSecurity #ThreatIntelligence #APT #Ransomware #Malware #ZeroDay #Vulnerability #RCE #SupplyChainAttack #AI #DataPrivacy #IncidentResponse #NetworkSecurity #EndpointSecurity #BGP #InfoSec

CyberNetsecIOnetsecio
2026-01-26

๐Ÿ“ฐ Nation-State Actor 'SteelHydra' (APT47) Deploys 'GeoShifter' ICS Malware to Spy on Geothermal Energy Firms

Nation-state actor 'SteelHydra' (APT47) targets geothermal energy firms with new 'GeoShifter' ICS malware. The campaign uses spear-phishing to steal sensitive operational technology data from companies in the US, Canada, and Iceland. ๐Ÿญ ...

๐Ÿ”— cyber.netsecops.io/articles/ap

infoek.cz :archlinux:infoekcz@mamutovo.cz
2026-01-26

๐Ÿ‡ต๐Ÿ‡ฑ ๐Ÿ‡ท๐Ÿ‡บ Ruskรก skupina Sandworm v roce 2025 รบtoฤila na polskou energetiku

infoek.cz/ruska-skupina-sandwo

๐Ÿ‡ต๐Ÿ‡ฑ ๐Ÿ‡ท๐Ÿ‡บ Russian group Sandworm attacked Polish energy sector in 2025

infoek-cz.translate.goog/ruska

#RussianAPT #Russia #APT #Poland #CyberSecurity #Tech #Sandworm #ESET

securityaffairssecurityaffairs@infosec.exchange
2026-01-26

#Russia-linked #Sandworm #APT implicated in major cyber attack on Polandโ€™s power grid
securityaffairs.com/187309/bre
#securityaffairs #hacking

VulDB :verified:vuldb@infosec.exchange
2026-01-26

New indicators for: Havoc (+1), Shadow RAT (+1), AsyncRAT (+1), NetSupportManager RAT (+1), Quasar RAT (+1), XWorm (+1) and Hajime (+4). vuldb.com/?actor #apt #cti #ioc

Debacledebacle@framapiaf.org
2026-01-25

@Buntwerker

Ist derzeit schwierig.

Als #Debian-User hole ich mir jegliche Software ausschlieรŸlich per #apt direkt von Debian. Auch #Emacs-Packages, von denen fast alle paketiert sind, die mich interessieren.

Als #Debian-Entwickler komme ich aber an #MSGitHub nicht vorbei. Zwar habe ich dort kein Account, aber ich muรŸ mir bei vielen Programmen neue Versionen von dort holen. Gefรผhlt (nicht gezรคhlt) vielleicht die Hรคlfte aller "meiner" Upstreams sind dort.

VulDB :verified:vuldb@infosec.exchange
2026-01-25

Updated threat actors: QakBot (+1), DCRat (+1), Hook (+1), RedLine Stealer (+1), Havoc (+2), SectopRAT (+1) and ValleyRAT (+5). vuldb.com/?actor #apt #cti #ioc

AskUbuntuaskubuntu@ubuntu.social
2026-01-24

Why can't I run two apt commands at once? #apt #updates #sudo #gnupg

askubuntu.com/q/1563231/612

SOC Goulashsoc_goulash@infosec.exchange
2026-01-24

Alright team, it's been a pretty packed 24 hours in the cyber world! We've got updates on some serious threat actor activity, a critical vulnerability under active exploitation, a deep dive into AI agent risks, and some interesting news from CISA. Let's get stuck in:

Recent Cyber Attacks & Threat Actor Activity ๐Ÿ’ฅ

- ShinyHunters is claiming responsibility for widespread voice phishing (vishing) attacks targeting Single Sign-On (SSO) accounts across Okta, Microsoft Entra, and Google.
- Attackers impersonate IT support, tricking employees into providing credentials and MFA codes on dynamic phishing sites, then leveraging compromised SSO access to exfiltrate data from connected SaaS platforms like Salesforce for extortion.
- The group uses previously stolen data to enhance social engineering efforts, with recent breaches confirmed at SoundCloud, Betterment, and Crunchbase.
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu

- The Russian nation-state group Sandworm attempted a significant cyberattack on Poland's power system in late December 2025, deploying a new wiper malware dubbed DynoWiper.
- While the attack on two combined heat and power plants and renewable energy management systems was unsuccessful, it highlights Sandworm's persistent targeting of critical infrastructure, echoing their 2015 Ukraine power grid attack.
- The use of DynoWiper shows their continued development of destructive capabilities, underscoring the ongoing threat to energy sectors.
๐Ÿ“ฐ The Hacker News | thehackernews.com/2026/01/new-

- A sophisticated multi-stage phishing campaign is targeting Russian users, delivering the Amnesia Remote Access Trojan (RAT) and a Hakuna Matata-derived ransomware.
- The campaign leverages social engineering, LNK files, PowerShell, and public cloud services (GitHub, Dropbox) for resilient payload distribution, notably using 'defendnot' to disable Microsoft Defender.
- Amnesia RAT is a comprehensive tool for data theft (browsers, crypto wallets, Discord, Steam, Telegram) and remote control, while the ransomware encrypts files and modifies clipboard crypto addresses, demonstrating full system compromise without exploiting vulnerabilities.
๐Ÿ“ฐ The Hacker News | thehackernews.com/2026/01/mult

- North Korean threat group Konni (APT37, Kimsuky) is targeting blockchain developers and engineers in the Asia-Pacific region with malware showing strong indications of AI-assisted development.
- The attack chain starts with Discord-hosted links delivering ZIP archives containing PDF lures and malicious LNK files, which execute a PowerShell loader and deploy a backdoor.
- The PowerShell backdoor's structured documentation, modular layout, and specific placeholder comments suggest it was generated or heavily assisted by a Large Language Model (LLM).
๐Ÿค– Bleeping Computer | bleepingcomputer.com/news/secu

Critical Vulnerabilities Under Active Exploitation โš ๏ธ

- A critical out-of-bounds write vulnerability, CVE-2024-37079 (CVSS 9.8), in VMware vCenter Server's DCERPC protocol is being actively exploited in the wild.
- Despite being patched by Broadcom in June 2024, CISA has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to patch by February 13, 2026.
- Attackers with network access can send specially crafted packets to achieve remote code execution, and previous vCenter flaws in the same protocol have been exploited by state-backed groups, underscoring the importance of immediate patching and ensuring vCenter is not exposed to the public internet.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿ“ฐ The Hacker News | thehackernews.com/2026/01/cisa

AI Agents and Enterprise Security Risk ๐Ÿค–

- The rapid deployment of AI agents is fundamentally challenging traditional Identity and Access Management (IAM) models, as these autonomous agents often operate with broad, persistent, and ownerless permissions.
- Organisational agents, in particular, pose the highest risk by creating "agentic authorization bypass" paths, allowing users to indirectly perform actions they are not directly permitted to execute.
- Securing AI agents requires a shift towards clear ownership, mapping user-agent interactions, and tracing agent access across all systems to accurately assess risk and prevent misuse.
๐Ÿ“ฐ The Hacker News | thehackernews.com/2026/01/who-

Government Cyber Policy & Engagement ๐Ÿ›๏ธ

- The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed it will not attend the annual RSA Conference in March, citing a focus on its core mission and "good stewardship of taxpayer dollars."
- This decision follows political tensions, including the recent appointment of former CISA director Jen Easterly as RSAC CEO, and marks a significant departure from CISA's historical active participation and speaking roles at the event.
- The move suggests a potential shift in how federal cyber officials engage with the broader cybersecurity industry under the current administration.
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #ZeroDay #Vulnerability #VMware #SSO #Vishing #AI #CyberAttack #Malware #IncidentResponse #CISA #InfoSec

AskUbuntuaskubuntu@ubuntu.social
2026-01-24

Cannot install python3-pyqt6 : Depends: qt6-base-abi (= 6.4.2) #apt #packagemanagement #2404 #dependencies #pyqt

askubuntu.com/q/1563223/612

AskUbuntuaskubuntu@ubuntu.social
2026-01-24

Autoremovable packages after libusb-1.0-0 removal #apt #packagemanagement #2404 #dependencies

askubuntu.com/q/1563218/612

AskUbuntuaskubuntu@ubuntu.social
2026-01-24

Android Debug Bridge installation - error: undefined symbol: libusb_hotplug_register_callback #apt #2404 #symboliclink #adb

askubuntu.com/q/1563214/612

Kurt Kremitzkikkremitzki
2026-01-24

apt-transport-in-toto: "A custom transport method for that verifies the reproducibility of a package before its installation. Verification is performed with in-toto, using a supply chain definition (in-toto layout) and gathering the corresponding evidence (in-toto links) about the of a package from public rebuilders." github.com/in-toto/apt-transpo

VulDB :verified:vuldb@infosec.exchange
2026-01-24

We have improved indicators: RedLine Stealer (+1), QakBot (+1), KongTuke (+1), DCRat (+1), Stealc (+2), XWorm (+1) and TinyNuke (+1). vuldb.com/?actor #apt #cti #ioc

CyberNetsecIOnetsecio
2026-01-23

๐Ÿ“ฐ China-Linked APT 'UAT-8837' Targets North American Critical Infrastructure

๐Ÿ‡จ๐Ÿ‡ณ A China-linked APT group, UAT-8837, is actively targeting North American critical infrastructure, warns Cisco Talos. The group exploits flaws like CVE-2025-53690 and uses tools like Earthworm for espionage.

๐Ÿ”— cyber.netsecops.io/articles/ch

AskUbuntuaskubuntu@ubuntu.social
2026-01-23

Change priority 1000 for /var/lib/dpkg/status #apt

askubuntu.com/q/1563165/612

AskUbuntuaskubuntu@ubuntu.social
2026-01-23

WSL: issue with systemd while updating #apt #updates #2404 #systemd #windowssubsystemforlinux

askubuntu.com/q/1563159/612

SOC Goulashsoc_goulash@infosec.exchange
2026-01-22

It's been a busy 24 hours in the cyber world with critical zero-days, active exploitation of known flaws, nation-state activity, and important updates on regulatory enforcement and government cyber agencies. Let's dive in:

Energy Sector Phishing & Ransomware Leader Guilty ๐Ÿšจ

- Microsoft has detailed a multi-stage phishing and Business Email Compromise (BEC) campaign targeting energy sector organisations. Attackers used compromised Microsoft accounts, SharePoint URLs, and credential harvesting to take over inboxes and send hundreds of phishing emails to internal and external contacts.
- Attackers set inbox rules to delete incoming emails and out-of-office replies, and even responded to queries about the legitimacy of the phish, demonstrating sophisticated social engineering.
- In other news, Russian national Ianis Antropenko pleaded guilty to leading a ransomware conspiracy (Zeppelin, GlobeImposter) that targeted at least 50 victims over four years, causing $1.5 million in losses. Authorities seized over $3.4 million in cryptocurrency and cash from him.

๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿคซ CyberScoop | cyberscoop.com/ianis-antropenk

DPRK Abuses VS Code Tunnels, Malicious PyPI Package Spreads Miner ๐ŸŒ‘

- North Korean actors are deploying spear-phishing campaigns that abuse Microsoft VS Code's built-in tunneling feature to gain full remote control of targeted systems. This technique allows attackers to bypass traditional C2 infrastructure and custom malware, blending in with legitimate developer activity.
- The attacks, primarily targeting South Korean entities, use JSE files disguised as HWPX documents to install VS Code and establish a tunnel, giving attackers interactive access to the VS Code terminal and file browser via trusted Microsoft infrastructure.
- Separately, a malicious PyPI package named `sympy-dev` has been found impersonating the legitimate `SymPy` library to deploy an XMRig cryptocurrency miner on Linux hosts. The malware is designed to trigger only when specific polynomial routines are called and uses memory-backed file descriptors to reduce on-disk artifacts.

๐ŸŒ‘ Dark Reading | darkreading.com/endpoint-secur
๐Ÿšจ The Hacker News | thehackernews.com/2026/01/mali

Cisco Zero-Day Under Active Exploitation โš ๏ธ

- Cisco has released emergency patches for a critical zero-day vulnerability, CVE-2026-20045 (CVSS 8.2), affecting multiple Unified Communications products and Webex Calling Dedicated Instance.
- The flaw allows unauthenticated remote attackers to execute arbitrary commands on the underlying operating system and escalate privileges to root via crafted HTTP requests to the web-based management interface.
- CISA has added CVE-2026-20045 to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies apply fixes by February 11, 2026. No workarounds are available, so immediate patching is crucial.

๐Ÿšจ The Hacker News | thehackernews.com/2026/01/cisc
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

FortiGate SSO Bypass Exploited, SmarterMail Auth Bypass Also Hit ๐Ÿ›ก๏ธ

- Arctic Wolf has warned of automated malicious activity targeting Fortinet FortiGate devices, involving unauthorised firewall configuration changes via compromised SSO accounts. Attackers are creating persistence accounts, modifying VPN/firewall rules, and exfiltrating configuration files.
- This activity aligns with exploitation of CVE-2025-59718 and CVE-2025-59719, SSO authentication bypasses patched in December 2025. However, some administrators report exploitation on fully patched FortiOS 7.4.10, suggesting a patch bypass, with Fortinet reportedly preparing further fixes.
- In other news, a critical authentication bypass (WT-2026-0001) in SmarterTools SmarterMail email software was actively exploited just two days after a patch release. The flaw allows unauthenticated users to reset the system administrator password and then achieve Remote Code Execution (RCE) via a built-in volume mount command feature.

๐Ÿšจ The Hacker News | thehackernews.com/2026/01/auto
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿšจ The Hacker News | thehackernews.com/2026/01/smar

Ancient Telnet Bug Hands Out Root Access ๐Ÿ‘ด

- A critical, 11-year-old vulnerability (CVE-2026-24061, CVSS 9.8) in the GNU InetUtils telnet daemon (`telnetd`) has been disclosed and is being actively exploited.
- The bug allows attackers to trivially gain root access by sending a crafted `USER` environment variable (`-f root`) during connection, bypassing normal authentication.
- Experts strongly recommend decommissioning `telnetd` entirely due to its unencrypted nature, or at minimum, patching immediately and restricting network access to the telnet port to trusted clients only.

๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

AI Agents Pose New Insider Threat, Financial Sector Still Lags on Basics, New CVE System Launched ๐Ÿง 

- A Davos panel highlighted AI agents as a potential "ultimate insider threat," posing new security challenges as they can access sensitive data and perform harmful tasks. Recommendations include implementing zero trust, least-privilege access, and "guard agents" to monitor AI behaviour.
- The UK's 2025 CBEST report revealed that financial organisations continue to miss basic cybersecurity safeguards, with common weaknesses including poor access controls, misconfigured/unpatched systems, and ineffective detection. Social engineering remains a significant threat due to poor staff culture and awareness.
- The Computer Incident Response Center Luxembourg (CIRCL) has launched the Global CVE Allocation System (GCVE), a decentralised alternative to MITRE's CVE program. GCVE allows independent numbering authorities to assign vulnerability identifiers, aiming to address concerns about CVE's governance and sustainability.

๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th
๐Ÿคซ CyberScoop | cyberscoop.com/gcve-vulnerabil

Cellebrite Misused by Jordan, Spain Closes Pegasus Probe โš–๏ธ

- Citizen Lab reported that Jordanian authorities used Cellebrite digital forensic software to extract data from phones of at least seven activists critical of the Gaza war, often during interrogations or detentions. This highlights the ongoing misuse of surveillance technology against civil society.
- Separately, a Spanish judge closed a probe into the use of Pegasus spyware against top government officials due to a lack of cooperation from Israel, which regulates NSO Group's exports. The court found evidence of crimes that "jeopardised the security of the Spanish State."

๐Ÿ—ž๏ธ The Record | therecord.media/jordan-used-ce
๐Ÿ—ž๏ธ The Record | therecord.media/spanish-judge-

GDPR Fines Surge as Breach Notifications Hit Record High ๐Ÿ“ˆ

- DLA Piper's latest survey shows GDPR fines surpassed โ‚ฌ1.2 billion in 2025, bringing the total since May 2018 to โ‚ฌ7.1 billion. Daily data breach notifications surged 22% to an average of 443, the first time exceeding 400.
- Ireland remains the top enforcer, with a โ‚ฌ530 million fine against TikTok being the largest in 2025. The report attributes the rise in breaches to geopolitics, cyber incidents, and new reporting regimes like NIS2 and DORA.

๐Ÿ•ต๐Ÿผ The Register | go.theregister.com/feed/www.th

CISA and NIST Face Staffing Challenges ๐Ÿ“‰

- CISA's acting head, Madhu Gottumukkala, faced intense questioning from lawmakers over significant personnel reductions (nearly 1,000 staff lost since 2017) and reported attempts to fire the agency's CIO. Democrats expressed concern about weakened defences and reassignments, while Republicans suggested CISA was "doing more with less."
- NIST is also grappling with staff cuts (over 700 positions lost since 2025) and a shrinking budget, impacting its critical work on cybersecurity, AI, and post-quantum encryption. The Information Technology Laboratory (ITL) lost 89 employees, forcing a narrower focus and hindering efforts to reduce backlogs in its human-intensive cryptographic validation program.

๐Ÿคซ CyberScoop | cyberscoop.com/cisa-madhu-gott
๐Ÿคซ CyberScoop | cyberscoop.com/encryption-nist

#CyberSecurity #ThreatIntelligence #Vulnerability #ZeroDay #RCE #APT #Ransomware #Malware #DataPrivacy #GDPR #InfoSec #CISA #NIST #AI #SocialEngineering #FortiGate #Cisco #Telnet #CyberAttack

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst