365 Blog

🔐 1. Microsoft to Block Unauthorized Scripts in Entra ID Logins Microsoft’s rolling out a new Content Security Policy that will block any “external / unauthorized script injection” during browser‑based Entra ID (login.microsoftonline.com) authentication flows, starting late 2026.  Why it matters: Phishing and script‑injection via login flows has been a pain‑point — this move could neutralize a…

🧪 1. Digital Fraud Hits Industrial Scale in 2025 According to a recent report, 2025 has seen a massive surge in digital fraud — AI‑enabled deepfakes, identity scams, and automated fraud tools are fueling what some are calling “industrial‑scale” cyber‑fraud.  Why it matters: Fraud isn’t just opportunistic anymore — it’s automated and highly scalable. As…

⚠️ 1. Cyber‑enabled Targeting — Iran Blends Cyber Recon with Real‑World Strikes According to recent reporting, Iran‑aligned APTs are using cyberattacks to scope out physical targets — ships, critical infrastructure, CCTV networks — ahead of kinetic/missile strikes, and also post‑strike to assess damage.  Why it matters: The line between cyber and physical warfare is collapsing.…

Today’s stories weave together exploitation of AI workloads, deep‑cloud misconfiguration, and regulatory turbulence—all signals of where the terrain is shifting. 🧠 1. ShadowRay 2.0 Hijacks Exposed AI Clusters Attackers are exploiting the open‑source AI framework Ray (CVE‑2023‑48022) in exposed clusters—turning them into crypto‑mining botnets and DDoS platforms. More than 230,000 Ray servers are still internet‑facing. …

🔍 1. Agentic AI Driving Innovation in Cloud Security Agentic AI (systems that act, not just respond) is transforming cloud security by automating posture reduction, anomaly detection, and even remediation.  Why it matters: As you work with security automation & strategy, this signals a shift: your tools will need to think, not just alert. Challenge: Which…

Today’s threat landscape revolves around geopolitical espionage, application layer risks, and organizational responses to global pressure. 🕵️ 1. APT31 (China-Linked) Targets Russian Tech Sector via Cloud Providers APT31 has been exploiting cloud services to carry out stealth intrusions into Russian IT companies. The campaign uses living-off-the-land techniques and targets government-adjacent infrastructure. Why it matters: Nation-state…

Day 323: Supply Chain Disruption, Infrastructure Risk & Privilege Escalation Today’s stories stack up big: trusted SaaS integrations weaponised, global infrastructure fragility exposed, and high‑severity identity flaws in star‑platform software. 🔐 1. Salesforce Customers Hacked via Gainsight Integration This breach involved a third‑party integration (Gainsight) being used to siphon data from Salesforce customer instances.  Why it…

Dug into three impactful stories revealing how cyber threats are shaping the ecosystem: strategy from Iran, dev‑tool partnerships ending, and new botnets using gaming lures. 🎯 1. Iran’s Cyber Objectives: What Do They Want? Analysts lay out how Iran’s cyber strategy in 2025 is focusing on dual‑use targets (military + political), supply‑chain access, and leveraging…

Today’s readings spotlight: large‑scale fraud operations, China‑nexus espionage, endpoint visibility evolution, and the WAF fault line keeps widening. 🕵️‍♂️ 1. U.S. Strike Force Targets Southeast Asian Scam Centers A multi‑agency U.S. initiative is going after large scam compounds in Southeast Asia—combining enforcement, infrastructure seizures, and international partner cooperation.  Why it matters: Fraud isn’t only phishing—it’s…

A blend of state‑linked targeting, credential risk and operational impact today. 🎯 1. UNC1549 (Iran‑nexus) Takes Aim at Aerospace & Defense This Iran‑linked espionage group is increasingly targeting aerospace/defense firms across the US, Middle East and beyond — leveraging supplier/partner compromise and job‑lure phishing tactics.  Why it matters: High‑maturity targets aren’t safe — attackers pivot…

Today’s threats highlight: exploit floods, mis‑trusted infrastructure, and phishing evolving into new channels. 🧠 1. Google Issues Security Fix for Actively Exploited Chrome Vulnerability Google patched two critical V8 engine flaws (including CVE‑2025‑13223) already being exploited.  Why it matters: When the browser core is under attack, your entire endpoint fleet is vulnerable—from dev machines to…

Today’s round hits on Microsoft’s monthly patch wave, guidance for on‑prem infrastructure, legacy cloud errors, and big investment signals in the next‑gen tech frontier. 🛠️ 1. November Patch Tuesday 2025 – Microsoft’s Big Update Microsoft released updates addressing 60+ vulnerabilities, including at least one zero‑day currently being exploited. ([turn0search20]) Why it matters: A live exploit + large…

It’s a wide spread today—web apps and dev forums under attack, identity misuse for state‑backed gain, and Kubernetes controls hitting new versions. 🧱 1. RondoDox Exploiting Unpatched XWiki Servers RondoDox is actively exploiting CVE‑2025‑24893 (a critical XWiki vulnerability) to recruit devices into its botnet.  Why it matters: Web‑applications commonly used for collaboration (like XWiki) provide…

Dug into four solid reads today — the attack surface keeps expanding, internal tools get weaponized, and dev ecosystems are getting baited. 1. Akira RaaS Hits Nutanix AHV VMs This ransomware‑as‑a‑service group is now going after Nutanix VM disk files (AHV) — showing that virtualisation platforms are high‑value stuff.  Why it matters: If you’re using…

Today’s focus: law‑enforcement hits, identity shifts, and how even the big AI players are leaking the keys to their kingdom. 1. Operation Endgame Dismantles Infrastructure The coordinated takedown disrupted three major tools: Rhadamanthys infostealer, VenomRAT, and Elysium botnet — 1,025 servers seized and 20 domains taken down.  Why it matters: The infrastructure layer of cybercrime…

Today we’re hitting on phishing‑as‑a‑service, critical infrastructure exploits, and the growing risk from dev/AI‑secret leakage. 🎣 1. Lighthouse Phishing‑as‑a‑Service Operation It’s a massive SMS/text‑phishing kit being turnkey‑sold to criminals, enabling fake sites, brand mimicry, and large‑scale credential harvests.  Why it matters: Easy access to phishing tools means attackers scale faster — your users might be…

Strong lineup today — zero‑days, app platform abuse, and dev ecosystem contamination. 🛠️ 1. Microsoft Issues Critical Zero‑Day & Patch Wave One zero‑day (CVE‑2025‑62215) already being exploited in the wild, plus a critical RCE in GDI+ (CVE‑2025‑60724) with a CVSS of 9.8. Patch now. Why it matters: If your org hasn’t prioritized this update, you’re…

Today’s batch highlights three supply‑chain shocks, one mass‑phish‑click operation, and how trust is being weaponized across dev tools, code extensions, and hotel stays. 🧩 1. OWASP Releases New Top 10 – Supply Chain Risks Prominent The updated OWASP Top 10 shifts focus heavily onto software supply‑chain failures and systemic faults, not just code bugs.  Why it matters:…

Dug through today’s feeds. Big themes: the hardware we trust, the software we build from, and the shadows beneath both. 🏠 1. Government Considers Banning TP‑Link Gear The U.S. government is reportedly preparing to ban the sale of TP‑Link routers and networking gear — citing national‑security risks tied to the company’s China‑roots and massive small‑business/home‑market…

Today’s stories center around deception — from human-like malware behavior to silent data exfiltration. Whether it’s keystrokes or firewall configs, the theme is clear: your systems aren’t the only ones being watched. 🕶️💻 🕵️ 1. Microsoft Uncovers “Whisper” Leak Attack Microsoft revealed a new stealth attack method dubbed “Whisper”, which uses background audio capture and…