🚨 CastleLoader Attacks Government Agencies, Compromising up to 400+ Devices at Once
Its unusual process hollowing via an AutoIt3 script is hard for EDR to detect.
See full analysis from #ANYRUN with extracted runtime config, C2s, and #IOCs 👇
Read the full blog article — click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
Its unusual process hollowing via an AutoIt3 script is hard for EDR to detect.
See full analysis from #ANYRUN with extracted runtime config, C2s, and #IOCs 👇
Read the full blog article — click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
ANY.RUN's Cybersecurity Blog
CastleLoader Malware Analysis: Full Execution Breakdown
Read full-cycle technical analysis of CastleLoader malware, covering its entire multi-stage execution by ANY.RUN.
❤4
The 5 Critical Cybersecurity Controls Every Organization Needs
Administrative accounts represent your organization’s “keys to the kingdom”.
Regular reviews ensure that only necessary personnel have elevated privileges.
Failure to minimize admin accounts and/or eliminate shared accounts can lead to accountability issues during security incidents.
Ensuring all activities are logged and traceable to a single user aids investigations and deters potential compromises.
Cyber_Security_Channel
Administrative accounts represent your organization’s “keys to the kingdom”.
Regular reviews ensure that only necessary personnel have elevated privileges.
Failure to minimize admin accounts and/or eliminate shared accounts can lead to accountability issues during security incidents.
Ensuring all activities are logged and traceable to a single user aids investigations and deters potential compromises.
Cyber_Security_Channel
AZ Big Media
The 5 critical cybersecurity controls every organization needs
Choosing to supplement your cybersecurity insurance with key internal controls and strategic business practices can significantly enhance your ability to deflect potential attacks.
❤4👍3🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
ℹ️ Join ImmuniWeb AI Platform 2026 Webinar: New Products and Capabilities to enhance your ImmuniWeb® AI Platform skills, earn CPE credits, and qualify to become ImmuniWeb® Certified Professional.
✔️ Key Insights that Will be Covered:
• Useful and novel product features, functionalities and integrations
• New cybersecurity and compliance products by ImmuniWeb
• Practical use of ML and AI by ImmuniWeb in year 2026
• Cybersecurity cost reduction with ImmuniWeb
• Cybersecurity compliance with ImmuniWeb
• Live demo of ImmuniWeb AI Platform
• Full 2026 product map
Date & Time: January 29 at 10am and 5pm CET
Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.
✅ Register Now:
Session 1 – January 29, 2026 – Geneva 10am | Dubai 1pm | Singapore 5pm
👉 Click here.
Session 2 – January 29, 2026 – Geneva 5pm | New York 11am | California 8am
👉 Click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
✔️ Key Insights that Will be Covered:
• Useful and novel product features, functionalities and integrations
• New cybersecurity and compliance products by ImmuniWeb
• Practical use of ML and AI by ImmuniWeb in year 2026
• Cybersecurity cost reduction with ImmuniWeb
• Cybersecurity compliance with ImmuniWeb
• Live demo of ImmuniWeb AI Platform
• Full 2026 product map
Date & Time: January 29 at 10am and 5pm CET
Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.
✅ Register Now:
Session 1 – January 29, 2026 – Geneva 10am | Dubai 1pm | Singapore 5pm
👉 Click here.
Session 2 – January 29, 2026 – Geneva 5pm | New York 11am | California 8am
👉 Click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
❤2👍2
120 Data Breach Statistics for 2026
So, here are the 120 data breach stats for 2025.
All the sources we mentioned applies its own methodology, so numbers vary, and we include them all so readers can judge for themselves.
Cyber_Security_Channel
So, here are the 120 data breach stats for 2025.
All the sources we mentioned applies its own methodology, so numbers vary, and we include them all so readers can judge for themselves.
Cyber_Security_Channel
Bright Defense
120 Data Breach Statistics for 2026
Explore 130 critical data breach statistics for 2025 that reveal the latest trends, costs, attack methods, and industry impacts.
👍2❤1
❗️Cyber Security News is looking for VOLUNTEERS to join our Team: Round 5
Our community is continuously growing and we are looking to further expand the internal Team of Content Authors.
Responsibilities
• Browse news on Internet
• Format and publish posts to the channels of our community
• Offer creative ideas to enhance content
Requirements
• Research skills
• Stable Wi-Fi connection
• Interest in cybersecurity
• Mobile device with Telegram app
• Up to date knowledge about trending topics, current events
Offerings
• Exchange of knowledge with industry colleagues
• Experience as a manager of a large cybersecurity community (for CV)
• Influence a growing community with a large audience
Contacts
If you are interested in the above position or have any questions, feel free to reach out directly → @cybersecadmin
P.S. Apologies if we have not responded to everybody from previous Rounds. This cycle will be managed more closely.
Send this post to a friend/colleague!
- - - - -
@Cyber_Security_Channel
Our community is continuously growing and we are looking to further expand the internal Team of Content Authors.
Responsibilities
• Browse news on Internet
• Format and publish posts to the channels of our community
• Offer creative ideas to enhance content
Requirements
• Research skills
• Stable Wi-Fi connection
• Interest in cybersecurity
• Mobile device with Telegram app
• Up to date knowledge about trending topics, current events
Offerings
• Exchange of knowledge with industry colleagues
• Experience as a manager of a large cybersecurity community (for CV)
• Influence a growing community with a large audience
Contacts
If you are interested in the above position or have any questions, feel free to reach out directly → @cybersecadmin
P.S. Apologies if we have not responded to everybody from previous Rounds. This cycle will be managed more closely.
Send this post to a friend/colleague!
- - - - -
@Cyber_Security_Channel
👍10❤9🔥4
LastPass Warns Backup Request is Phishing Campaign in Disguise
Company warned of a phishing campaign with false claims that the company is conducting maintenance and asking customers to back up their vaults in the next 24 hours, according to an alert released by the company.
“This campaign is designed to create a false sense of urgency, which is one of the most common and effective tactics we see in phishing attacks,” a spokesperson for LastPass said in a statement.
The spokesperson added that LastPass would never ask customers for their master passwords or demand action under a tight deadline.
@Cyber_Security_Channel
Company warned of a phishing campaign with false claims that the company is conducting maintenance and asking customers to back up their vaults in the next 24 hours, according to an alert released by the company.
“This campaign is designed to create a false sense of urgency, which is one of the most common and effective tactics we see in phishing attacks,” a spokesperson for LastPass said in a statement.
The spokesperson added that LastPass would never ask customers for their master passwords or demand action under a tight deadline.
@Cyber_Security_Channel
Cybersecurity Dive
LastPass warns backup request is phishing campaign in disguise
Customers received deceptive emails over the holiday weekend claiming the company was doing maintenance.
❤3👍2
⚡️149 Million Usernames and Passwords Exposed by Unsecured Database
Security researcher Jeremiah Fowler discovered an unsecured database with 149 million credentials, including 48M Gmail accounts and 17M Facebook logins.
Fowler suspects the massive collection was assembled using info-stealing malware — malicious software that infects devices and uses techniques like key-logging to capture everything victims type into websites.
Users who reuse passwords across multiple services face compounded risk, since criminals can test stolen credentials against dozens of platforms to find matches.
@Cyber_Security_Channel
Security researcher Jeremiah Fowler discovered an unsecured database with 149 million credentials, including 48M Gmail accounts and 17M Facebook logins.
Fowler suspects the massive collection was assembled using info-stealing malware — malicious software that infects devices and uses techniques like key-logging to capture everything victims type into websites.
Users who reuse passwords across multiple services face compounded risk, since criminals can test stolen credentials against dozens of platforms to find matches.
@Cyber_Security_Channel
www.techbuzz.ai
149M Credentials Leaked in Massive Unsecured Database Breach
Gmail, Facebook, banking logins exposed via infostealer malware in sprawling breach
❤7👍6🤯6
🔥 Malware Trends Report 2025 From @anyrun_app is Live!
Key Takeaways:
• Phishing, driven by MFA-bypassing PhaaS kits like Tycoon2FA and EvilProxy, evolved into an advanced malicious vector.
• Lumma and XWorm stayed on top, showing how mature and scalable modern malware ecosystems have become.
• Stealers and RATs still dominate, with activity nearly 3x higher than in 2024.
👨💻 See which malware families, TTPs, and phishing techniques defined 2025 and what they mean for your security strategy.
Read the full report — click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
Key Takeaways:
• Phishing, driven by MFA-bypassing PhaaS kits like Tycoon2FA and EvilProxy, evolved into an advanced malicious vector.
• Lumma and XWorm stayed on top, showing how mature and scalable modern malware ecosystems have become.
• Stealers and RATs still dominate, with activity nearly 3x higher than in 2024.
👨💻 See which malware families, TTPs, and phishing techniques defined 2025 and what they mean for your security strategy.
Read the full report — click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
❤8👍1🔥1👏1
Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices
"As an additional workaround we recommend disabling the FortiCloud SSO feature.
This will prevent abuse via that method but not a third-party SSO system, so this is recommended only in conjunction with the local-in policy" — Fortinet notes.
Cyber_Security_Channel
"As an additional workaround we recommend disabling the FortiCloud SSO feature.
This will prevent abuse via that method but not a third-party SSO system, so this is recommended only in conjunction with the local-in policy" — Fortinet notes.
Cyber_Security_Channel
SecurityWeek
Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices
Similar to recent FortiCloud single sign-on (SSO) login vulnerabilities, the attacks bypass authentication.
❤3🔥3🥰1
⚡️ ShinyHunters Phishing Spree Steals MFA, Breaches SaaS Apps via SSO attacks
Mandiant says a surge in advanced voice phishing (vishing) tied to ShinyHunters-linked clusters is harvesting single sign-on credentials and multi-factor authentication codes to breach cloud SaaS platforms and siphon sensitive data for extortion, abusing spoofed corporate login flows and bogus credential pages from targeted victims (see vishing breaches and extortion techniques).
“While this methodology of targeting identity providers and SaaS platforms is consistent with our prior observations… the breadth of targeted cloud platforms continues to expand as these threat actors seek more sensitive data for extortion,” Mandiant noted in its threat intelligence report.
Cyber_Security_Channel
Mandiant says a surge in advanced voice phishing (vishing) tied to ShinyHunters-linked clusters is harvesting single sign-on credentials and multi-factor authentication codes to breach cloud SaaS platforms and siphon sensitive data for extortion, abusing spoofed corporate login flows and bogus credential pages from targeted victims (see vishing breaches and extortion techniques).
“While this methodology of targeting identity providers and SaaS platforms is consistent with our prior observations… the breadth of targeted cloud platforms continues to expand as these threat actors seek more sensitive data for extortion,” Mandiant noted in its threat intelligence report.
Cyber_Security_Channel
❤4👍2🔥2🤩1
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
"The extension does block ads as advertised, but its primary function is hidden: it automatically injects the developer's affiliate tag (10xprofit-20) into every Amazon product link and replaces existing affiliate codes from content creators," Socket security researcher Kush Pandya said.
📸 Credit: The Hacker News
Cyber_Security_Channel
"The extension does block ads as advertised, but its primary function is hidden: it automatically injects the developer's affiliate tag (10xprofit-20) into every Amazon product link and replaces existing affiliate codes from content creators," Socket security researcher Kush Pandya said.
📸 Credit: The Hacker News
Cyber_Security_Channel
❤6👍2🔥1😱1
Moltbook API Flaw Exposes Millions of User Records Publicly
Researchers found that Moltbook exposed sensitive customer information after an unauthenticated API endpoint allowed bulk access to user profiles, email addresses, and related metadata without proper authorisation.
According to Infosecurity Magazine, the incident was caused by insufficient access controls in the backend API, enabling large-scale data harvesting before the company limited access and launched an internal investigation.
Cyber_Security_Channel
Researchers found that Moltbook exposed sensitive customer information after an unauthenticated API endpoint allowed bulk access to user profiles, email addresses, and related metadata without proper authorisation.
According to Infosecurity Magazine, the incident was caused by insufficient access controls in the backend API, enabling large-scale data harvesting before the company limited access and launched an internal investigation.
Cyber_Security_Channel
Infosecurity Magazine
Vibe-Coded Moltbook Exposes User Data, API Keys and More
Wiz Security claims Moltbook misconfiguration allowed full read and write access
🔥9❤2
Cyber Security News
⚡️149 Million Usernames and Passwords Exposed by Unsecured Database Security researcher Jeremiah Fowler discovered an unsecured database with 149 million credentials, including 48M Gmail accounts and 17M Facebook logins. Fowler suspects the massive collection…
🔐 Amidst Recent News — Use This Tool as a Check-Up
We have partnered with LeakAI Bot to help you stay safe online.
Above instrument provides a handful of resources:
• Email & Username Leak Scanning
• AI-Powered Threat Insights
• Domain Security Check
• Zero Data Storage
Test it out for yourself.
Click here to try.
-----
@Cyber_Security_Channel
We have partnered with LeakAI Bot to help you stay safe online.
Above instrument provides a handful of resources:
• Email & Username Leak Scanning
• AI-Powered Threat Insights
• Domain Security Check
• Zero Data Storage
Test it out for yourself.
Click here to try.
-----
@Cyber_Security_Channel
5❤6🔥4👍2
Join the Webinar "Choosing Your Dark Web & CTEM Vendor in 2026"
Best practices to enhance your ImmuniWeb® AI Platform skills, earn CPE credits, and qualify to become ImmuniWeb® Certified Professional.
✔️ Key Insights:
• Dark Web Monitoring, prevent data breaches in 2026
• OWASP Top 10 for LLMs, role in CTEM solutions
• Novel risks from AI & LLMs
• Attack Surface Management (ASM) strategy and cost reduction
• Automated testing of attack surface
• Data sovereignty, third-party risk management (TRPM)
• Response to phishing & malware
• Ransomware & cyber insurance pitfalls
• Regulatory landscape in 2026
• CTEM with ImmuniWeb
Date & Time: February 19th @ 10am and 5pm CET
Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.
✅ Register Now:
Session 1 – February 19, 2026 – Geneva 10am | Dubai 1pm | Singapore 5pm
👉 Click here.
Session 2 – February 19, 2026 – Geneva 5pm | New York 11am | California 8am
👉 Click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
Best practices to enhance your ImmuniWeb® AI Platform skills, earn CPE credits, and qualify to become ImmuniWeb® Certified Professional.
✔️ Key Insights:
• Dark Web Monitoring, prevent data breaches in 2026
• OWASP Top 10 for LLMs, role in CTEM solutions
• Novel risks from AI & LLMs
• Attack Surface Management (ASM) strategy and cost reduction
• Automated testing of attack surface
• Data sovereignty, third-party risk management (TRPM)
• Response to phishing & malware
• Ransomware & cyber insurance pitfalls
• Regulatory landscape in 2026
• CTEM with ImmuniWeb
Date & Time: February 19th @ 10am and 5pm CET
Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.
✅ Register Now:
Session 1 – February 19, 2026 – Geneva 10am | Dubai 1pm | Singapore 5pm
👉 Click here.
Session 2 – February 19, 2026 – Geneva 5pm | New York 11am | California 8am
👉 Click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
❤5👍2🔥2
AI-Generated Code is Fast Becoming the Biggest Enterprise Security Risk as Teams Struggle with the ‘Illusion of Correctness’
“The real risk of AI-generated code isn’t obvious breakage; it’s the illusion of correctness.
Code that looks polished can still conceal serious security flaws, and developers are increasingly trusting it,” said Black Duck CEO Jason Schmitt.
Cyber_Security_Channel
“The real risk of AI-generated code isn’t obvious breakage; it’s the illusion of correctness.
Code that looks polished can still conceal serious security flaws, and developers are increasingly trusting it,” said Black Duck CEO Jason Schmitt.
Cyber_Security_Channel
IT Pro
AI-generated code is fast becoming the biggest enterprise security risk as teams struggle with the ‘illusion of correctness’
Security teams are scrambling to catch AI-generated flaws that appear correct before disaster strikes
👍8🥴2
⚡️ In 2026, Phishing is All About Full Attack Chains. MFA Bypass, Delayed Payloads, and Human Verification Traps
The only way for SOCs to detect it early without running hour-long investigations is interactive sandboxing.
It lets analysts execute the flow end-to-end in real time and exposes real risk before it hits the business.
👉 Try it for your team and see how your detection rate gets a massive boost → click here for access.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
The only way for SOCs to detect it early without running hour-long investigations is interactive sandboxing.
It lets analysts execute the flow end-to-end in real time and exposes real risk before it hits the business.
👉 Try it for your team and see how your detection rate gets a massive boost → click here for access.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
👍7❤2👎1
AI Agents Leak Data via Messaging App Link Previews as AI Adoption Has Outpaced Security Governance
Tests revealed that configurations such as Microsoft Teams running Copilot Studio and Slack utilizing specific bots were susceptible to this data exfiltration method.
Because the link preview mechanism functions as a trusted system process, it bypasses standard user-level security checks.
Cyber_Security_Channel
Tests revealed that configurations such as Microsoft Teams running Copilot Studio and Slack utilizing specific bots were susceptible to this data exfiltration method.
Because the link preview mechanism functions as a trusted system process, it bypasses standard user-level security checks.
Cyber_Security_Channel
TechNadu
AI Agents Leak Data via Messaging App Link Previews - TechNadu
New research reveals how AI agents' data leaks occur via zero-click prompt injection in messaging applications such as Microsoft Teams and Slack.
👍4❤1
Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens
That said, the cybersecurity company said the data capture was not facilitated by a custom OpenClaw module within the stealer malware, but rather through a "broad file-grabbing routine" that's designed to look for certain file extensions and specific directory names containing sensitive data.
It's worth noting that the theft of the gateway authentication token can allow an attacker to connect to the victim's local OpenClaw instance remotely if the port is exposed, or even masquerade as the client in authenticated requests to the AI gateway.
📸 Credit: The Hacker News
@Cyber_Security_Channel
That said, the cybersecurity company said the data capture was not facilitated by a custom OpenClaw module within the stealer malware, but rather through a "broad file-grabbing routine" that's designed to look for certain file extensions and specific directory names containing sensitive data.
It's worth noting that the theft of the gateway authentication token can allow an attacker to connect to the victim's local OpenClaw instance remotely if the port is exposed, or even masquerade as the client in authenticated requests to the AI gateway.
📸 Credit: The Hacker News
@Cyber_Security_Channel
❤9👍1🥰1
The Picus Security RED Report 2026: Top 10 MITRE ATT&CK Techniques
The report dissected 1.15 million files and 15.5 million adversarial actions, revealing a massive shift from noisy breaches to stealthy, long‑term residency.
Attackers now blend into legit processes defense‑evasion, persistence, and C2 dominate ≈ 80% of top techniques, exposing why many stacks miss hidden threats.
@Cyber_Security_Channel
The report dissected 1.15 million files and 15.5 million adversarial actions, revealing a massive shift from noisy breaches to stealthy, long‑term residency.
Attackers now blend into legit processes defense‑evasion, persistence, and C2 dominate ≈ 80% of top techniques, exposing why many stacks miss hidden threats.
@Cyber_Security_Channel
Picussecurity
Red Report 2026
Red Report 2026 analyzes 1.1M+ files and 15.5M adversarial actions to show how attackers shift from noisy breaches to long-term residency.
❤7👍4
⚡️French Government Says 1.2 Million Bank Accounts Exposed in Breach
The breach occurred in late January and impacted 1.2 million accounts, including IBANs, account holder names, addresses, and in some cases tax identifiers.
The attacker’s access has been terminated and impacted individuals are being notified.
Cyber_Security_Channel
The breach occurred in late January and impacted 1.2 million accounts, including IBANs, account holder names, addresses, and in some cases tax identifiers.
The attacker’s access has been terminated and impacted individuals are being notified.
Cyber_Security_Channel
SecurityWeek
French Government Says 1.2 Million Bank Accounts Exposed in Breach
The Ministry of Economy reported discovering unauthorized access to the national bank account registry FICOBA.