Cybersecurity

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang 

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang 

The FBI and authorities in The Netherlands this week seized a number of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors 

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors.
The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA

Top 5 AI-Powered Social Engineering Attacks 

Top 5 AI-Powered Social Engineering Attacks 

Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.

Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns 

Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns 

Italy’s data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek’s service within the country, citing a lack of information on its use of users’ personal data.
The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data.
In particular, it wanted

Google Bans 158,000 Malicious Android App Developer Accounts in 2024 

Google Bans 158,000 Malicious Android App Developer Accounts in 2024 

Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps.
The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft 

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft 

Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information.
The list of identified flaws, which impact versions 8.x of the software, is below –

CVE-2025-22218 (CVSS score: 8.5) – A malicious actor with View Only Admin

Infrastructure Laundering: Blending in with the Cloud 

Infrastructure Laundering: Blending in with the Cloud 

In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network tied to Chinese organized crime gangs and aptly named “Funnull” — highlights a persistent whac-a-mole problem facing cloud services.

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations 

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations 

Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations.
“Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities,” Google Threat

Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown 

Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown 

An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP.
The effort has targeted the following domains –

www.cracked.io
www.nulled.to
www.mysellix.io
www.sellix.io
www.starkrdp.io

Visitors to these websites are now greeted by a seizure banner that says they were confiscated

Lightning AI Studio Vulnerability Allowed RCE via Hidden URL Parameter 

Lightning AI Studio Vulnerability Allowed RCE via Hidden URL Parameter 

Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could allow for remote code execution.
The vulnerability, rated a CVSS score of 9.4, enables “attackers to potentially execute arbitrary commands with root privileges” by exploiting a hidden URL parameter, application security firm Noma said in a

NEW CUSTOMERS CALL TODAY: 720.221.6804  |  EXISTING CUSTOMERS REQUIRING SUPPORT: 303.617.6442

X