A massive data leak has put the personal information of over 3.6 million app creators, influencers, and entrepreneurs…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Welcome to this week’s edition of the Threat Source newsletter.
I’ve discovered that being a rent guarantor for someone is an involved experience. While I’m glad that I can help out a loved one secure a better rental property, the process of verifying my identity and ability to cover any missed payments required handing over far more personal and financial data than I was comfortable with.
I asked the agent about their information security policies and cybersecurity posture. I was relieved to hear that they delete all the personal data within two weeks of processing, but I was concerned that the person dealing with my dossier didn’t think that they were at risk of a cyber attack. They believed that because they had a low online profile and their organisation was small, they didn’t present as a target.
Not wanting to jeopardise my position as a guarantor, I didn’t argue further beyond offering a few words of advice. The truth is that everyone is a target. Many criminals do not discriminate; they seek to compromise anyone and see how they can make money from a compromise once access is achieved. Sophisticated criminals research their targets and their wider ecosystem of suppliers and partners in depth to identify potential weak points. It only takes a moment’s inattention for anyone to fall for a phishing or social engineering scam.
Cybersecurity training needs to reinforce the fact that anyone can be a victim of a cyber attack. No matter how careful you might be, how insignificant you think that you might be, an attack can still catch you off guard. The good news is that by ensuring basic cyber hygiene, we can make a lot of progress towards preventing harm.
Impressing on users the need to install updates promptly, the importance of having end-point protection and using multi-factor authentication is not a panacea, but it is a basic foundation upon which more advanced protection can be built.
Good cybersecurity begins with an awareness of the threat, an acknowledgement that we are all at risk, and knowing the potential consequences. Nobody is too insignificant, too small or too well hidden to escape the risk of cyber attack. Suitable protection follows from reflecting on what is at risk and what could possibly go wrong.
Talos has uncovered a destructive attack on Ukrainian critical infrastructure involving a new wiper malware, “PathWiper,” deployed through a legitimate endpoint administration framework. Talos attributes this attack to a Russia-linked APT actor, underscoring the persistent threat to Ukraine’s infrastructure amid the ongoing war.
This attack highlights the sophisticated tactics of state-sponsored threat actors and the risks critical infrastructure entities face, which could have global implications for cybersecurity and geopolitical stability.
Organizations, particularly those managing critical infrastructure, should strengthen their endpoint security, monitor for unusual administrative activity, and stay informed on evolving threats to mitigate potential risks.
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
The high-severity flaw is being tracked as CVE-2025-5419 (CVSS score: 8.8), and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. (The Hacker News)
Vanta bug exposed customers’ data to other customers
Compliance company Vanta has confirmed that a bug exposed the private data of some of its customers to other Vanta customers. The company told TechCrunch that the data exposure was a result of a product code change and not caused by an intrusion. (TechCrunch)
Data Breach Affects 38K UChicago Medicine Patients
UChicago Medicine released a statement that the data of 38K patients may have been exposed by a third-party debt collector’s system breach. The exposed data may include SSNs, addresses, dates of birth, medical information, and financial account information. (UPI)
Fake AI installers target businesses. Catch up on the ransomware and malware threats Talos discovered circulating in the wild and masquerading as legit AI tool installers. Read the blog or listen to our most recent Talos Takes to hear Hazel and Chetan, the author, discuss the blog more in-depth.
Talos at Cisco Live 2025. From sessions featuring a live IR tabletop session to learning how to outsmart identity attacks, there’s plenty of Talos to keep you going in San Diego next week. Browse sessions Talos is participating in, and we’ll see you there!
SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
MD5: 7bdbd180c081fa63ca94f9c22c457376
VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91/details
Typical Filename: IMG001.exe
Detection Name: Simple_Custom_Detection
SHA 256:
9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
Typical Filename: VID001.exe
Detection Name: Simple_Custom_Detection
SHA 256: c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0
MD5: 8c69830a50fb85d8a794fa46643493b2
Typical Filename: AAct.exe
Claimed Product: N/A
Detection Name: PUA.Win.Dropper.Generic::1201
Cisco Talos Blog – Read More
The group has been operating since at least 2017, initially breaching systems belonging to the Kurdistan Regional Government and have expanded their reach to the Central Government of Iraq as well as a telecommunications provider in Uzbekistan.
The Record from Recorded Future News – Read More
The goal is to steal large amounts of confidential data in an attempt to extort the victims. Here’s how it works.
Latest stories for ZDNET in Security – Read More
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.
“Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response
The Hacker News – Read More
Cybersecurity experts warn of widespread data exposure as a recent investigation reveals a staggering number of internet cookies…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
ConnectWise issued a patch to stave off attacks on ScreenConnect customers, but the company’s disclosures don’t explain what the vulnerability is and when it was first exploited.
darkreading – Read More
The suspect, a native of the central Ukrainian city of Poltava, had been conducting cyberattacks since at least 2018, police said.
The Record from Recorded Future News – Read More
According to OpenLogic’s “State of Open Source” report, 96% of surveyed organizations use open-source solutions (OSS). Such solutions can be found in every segment of the IT market — including infosec tools. And they’re often recommended for building SIEM systems.
At first glance, OSS seems like a great choice. A SIEM system’s primary function is systematic telemetry collection and correlation, which you can set up using well-known data storage and processing tools. Just gather all your data with Logstash, hook up Elasticsearch, build the visualizations you need in Kibana — and you’re good to go! A quick search will even get you ready-made open-source SIEM solutions (often built on the same components). With SIEMs, adapting both data collection and processing to your organization’s specific needs is always key, and a custom OSS system offers endless possibilities for that. Besides, the license cost is zero. However, the success of this endeavor hinges on your development team, your organization’s specifics, how long your organization is willing to wait for results, and how much it’s ready to invest in ongoing support.
A key question — one whose importance is consistently underestimated — is how long it’ll take before your company’s SIEM not only goes live but actually starts delivering real value. Gartner data shows that even a fully-featured, ready-made SIEM takes an average of six months to fully implement — with one in ten companies spending a year on it. And if you’re building your own SIEM or adapting an OSS, you should expect that timeline to double or triple. When budgeting, multiply that time by your developers’ hourly rates. It’s also hard to imagine a full-fledged SIEM being by a single talented individual — your company will need to maintain an entire team.
A common psychological pitfall is being misled by how fast a prototype comes together. You can deploy a ready-made OSS in a test environment in just a few days, but bringing it up to production quality can take many months — even years.
An SIEM needs to collect, index, and analyze thousands of events per second. Designing a high-load system, or even adapting an existing one, requires specialized and in-demand skills. Beyond just developers, the project would need highly skilled IT administrators, DevOps engineers, analysts, and even dashboard designers.
Another kind of shortage that SIEM builders have to overcome is the lack of hands-on experience needed to write effective normalization rules, correlation logic, and other content that comes out of the box in commercial SIEM solutions. Of course, even that out-of-the-box content requires significant adjustments, but bringing it up to your organization’s standards is both faster and easier.
For many companies, having an SIEM system is a regulatory requirement. Those who build an SIEM themselves or implement an OSS solution have to put in considerable effort to achieve compliance. They need to map their SIEM’s capabilities to regulatory requirements on their own — unlike the users of commercial systems, which often come with a built-in certification process and all the necessary tools for compliance.
Sometimes, management might want to implement an SIEM just to “tick a box”, aiming to minimize the expense. But since PCI DSS, GDPR, and other local regulatory frameworks focus on the actual breadth and depth of SIEM implementation — not just its mere existence — a token SIEM system implemented just for show would fail to pass any audit.
Compliance isn’t something you can consider only at the time of implementation. If, during self-managed maintenance and operation, any components of your solution stop receiving updates and reach end-of-life, your chances of passing a security audit would plummet.
The second most important reason for organizations to consider an open-source solution has always been flexibility in adapting it to their specific needs, along with avoiding reliance on a software vendor’s development roadmap and licensing decisions.
Both of these are compelling arguments, and in large organizations they can sometimes outweigh other factors. However, it’s crucial to make this choice with a clear understanding of its pros and cons:
The relevance of detection and response content is a key factor in an SIEM’s effectiveness. For commercial solutions, updates to correlation rules, playbooks, and threat intelligence feeds are typically provided as part of a subscription. They’re developed by large teams of researchers, undergo thorough testing, and generally require minimal effort from your in-house security team to implement. With an OSS SIEM, you’re on your own when it comes to updates: you need to search community forums, GitHub repositories, and free feeds yourself. The rules then require detailed vetting and adaptation to your specific infrastructure, and the risk of false positives ends up being higher. As a result, implementing updates in an open-source SIEM demands significantly more effort from your internal team.
To launch an SIEM, you need to acquire or lease hardware, and depending on the system’s architecture, this expense can vary dramatically. It doesn’t really matter much whether the system is an open-source or proprietary commercial solution. However, when implementing an open-source SIEM on your own, there’s a greater risk of making sub-optimal architectural decisions. In the long run, this translates into persistently high operational costs.
We cover the topic of evaluating SIEM hardware needs in detail in a separate post.
While the idea of a fully customizable and adaptable platform with zero licensing fees is highly appealing, there is a significant risk that such a project would demand far more time and effort from your internal development team than an off-the-shelf commercial solution. It may also hinder your ability to quickly adopt new innovations and shift your security team’s focus from developing detection logic and response scenarios to dealing primarily with operational issues. This is why a managed, expert-supported, and well-integrated commercial solution often aligns more closely with a typical organization’s goals of effective risk reduction and predictable budgeting.
Commercial SIEMs enable your team to leverage pre-built rules, playbooks, and telemetry parsers, allowing it to focus on organization-specific projects — such as threat hunting or improving visibility in cloud infrastructure — instead of reinventing and refining basic SIEM features, or struggling to pass regulatory audits with a homegrown system.
Kaspersky official blog – Read More
A threat actor has been creating backdoored open source malware repositories to target novice cybercriminals and game cheaters.
The post Backdoored Open Source Malware Repositories Target Novice Cybercriminals appeared first on SecurityWeek.
SecurityWeek – Read More