"Actively exploited ChatGPT bug puts organizations at risk."

Views expressed in this cybersecurity, cyber crime, and security assessment are those of the reporters and correspondents.  Accessed on 18 March 2025, 1706 UTC.

Content and Source:  Email subscription via https://feedly.com.

https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybesecurityjournal.net).

Dark Reading

165K followers35 articles per week

#security#tech

91

Today

Actively Exploited ChatGPT Bug Puts Organizations at Risk

3 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 1h

A server-side request forgery vulnerability in OpenAI's chatbot infrastructure can allow attackers to direct users to malicious URLs, leading to a range of threat activity.

Orion Security Startup Tackles Insider Threats With AI

Orion Security secures $6M funding

•

by Arielle Waldman / 1h

The data loss prevention company emerges from stealth with an AI-powered platform to help organizations distinguish between legitimate and risky activity.

3 AI-Driven Roles in Cybersecurity

by Aimei Wei / 3h

For candidates with a cybersecurity background who want to stay competitive, now is the time to invest in obtaining AI skills.

Yesterday

OAuth Attacks Target Microsoft 365, GitHub

7 TTPs

•

by Jai Vijayan, Contributing Writer / 19h

•

Microsoft 365 OAuth phishing attacks

In a cyber twist, attackers behind two of the campaigns are using the apps to redirect users to phishing and malware distribution sites.

ClickFix Attack Compromises 100+ Car Dealership Sites

6 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 19h

•

Over 100 dealerships hit by malware

The ClickFix attack tactic seems to be gaining traction among threat actors.

Lexmark Expands Print Security Services Worldwide

19h

[no content]

Varonis Acquires Cyral to Reinvent Database Activity Monitoring

19h

[no content]

Denmark Warns of Increased Cyber Espionage Against Telecom Sector

Denmark raises telecom cyber threat

•

by Alexander Culafi, Senior News Writer, Dark Reading / 19h

A new threat assessment from the Danish Civil Protection Authority (SAMSIK) warned of cyberattacks targeting the telecommunications sector after citing a wave of incidents hitting European organizations the past few years.

Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit

7 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 21h

The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.

RansomHub Taps FakeUpdates to Target US Government Sector

9 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 1d

•

SocGholish deploys RansomHub ransomware

A ransomware activity wave using the SocGholish MaaS framework for initial access also has affected banking and consulting firms in the US, Taiwan, and Japan since the beginning of the year.

How 'Open Innovation' Can Help Solve Problems Faster, Better & Cheaper

by Javvad Malik / 1d

Cybersecurity is not just a technical challenge but also a very human one. The more humans that organizations can get involved, the more diverse perspectives and experiences that can be tapped into.

How Economic Headwinds Influence the Ransomware Ecosystem

by Alexander Culafi, Senior News Writer, Dark Reading / 1d

Inflation, cryptocurrency market volatility, and the ability to invest in defenses all influence the impact and severity of a ransomware attack, according to incident response efforts and ransomware negotiators.

Mar 16, 2025

Intel's Secure Data Tunnel Moves AI Training Models to Data Sources

by Agam Shah / 1d

The chipmaker's Tiber Secure Federated AI service creates a secure tunnel between AI models on remote servers and data sources on origin systems.

Mar 14, 2025

Threat Actor Impersonates Booking.com in Phishing Scheme

9 TTPs

•

by Alexander Culafi, Senior News Writer, Dark Reading / 3d

•

Phishing campaign targets hospitality sector

Microsoft detailed a sophisticated campaign that relies on a social engineering technique, "ClickFix," in which a phisher uses security verification like captcha to give the target a false sense of safety.

Man-in-the-Middle Vulns Threaten Car Security

by Kristina Beek, Associate Editor, Dark Reading / 3d

A pair of researchers plan on digging into the effectiveness of vehicle cybersecurity at the upcoming Black Hat Asia conference in Singapore.

Ransomware Developer Extradited, Admits Working for LockBit

LockBit ransomware developer extradited

•

by Kristina Beek, Associate Editor, Dark Reading / 3d

Law enforcement discovered admin credentials on the suspect's computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder.

Threat Actor Tied to LockBit Ransomware Targets Fortinet Users

2 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 3d

•

CVE-2025-24472

The Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit.

CISA Cuts $10M in ISAC Funding & 100s of Employees

CISA cuts funding for cybersecurity ISACs

•

100+by Nate Nelson, Contributing Writer / 4d

President Trump has long complained about perceived threats to election security. Now his DHS has kneecapped the agencies designed to support it. Experts are worried about what comes next.

Biggest Cyber Threats to the Healthcare Industry Today

Abu Dhabi enhances healthcare cybersecurity

•

by Bhavya Jain / 4d

Healthcare organizations must enhance their cybersecurity arsenal. Doing so can help them prevent financial, compliance, and reputational damage.

Remote Access Infra Remains Riskiest Corp. Attack Surface

13 TTPs

•

by Robert Lemos, Contributing Writer / 4d

•

Ransomware attacks driven by perimeter breaches

Exposed login panels for VPNs and remote access systems leave companies open to attack, sometimes tripling the risk of ransomware and making it harder to get cyber insurance.

Consumer Groups Push IoT Security Bill to Address End-of-Life Concerns

by Arielle Waldman / 4d

Consumer Reports, Secure Resilient Future Foundation (SRFF), and US Public Interest Research Group (PIRG) have introduced a model bill to increase transparency around when Internet of Things devices no longer have manufacturer support.

Mar 13, 2025

OBSCURE#BAT Malware Highlights Risks of API Hooking

18 TTPs

•

by Rob Wright / 4d

•

OBSCURE#BAT malware evades detection

Researchers discovered an attack chain that uses several layers of obfuscated batch files and PowerShell scripts to deliver an advanced and persistent rootkit.

FBI, CISA Raise Alarms As Medusa Ransomware Attacks Grow

Medusa ransomware activity surges 2025

•

by Kristina Beek, Associate Editor, Dark Reading / 4d

Medusa developers have been targeting a wide variety of critical infrastructure sectors, from healthcare and technology to manufacturing and insurance, racking up its victim count as it seemingly adds to its numbers of affiliates.

Car Exploit Allows You to Spy on Drivers in Real Time

4 TTPs

•

by Nate Nelson, Contributing Writer / 5d

Just like with any regular computer, researchers figured out how to crack into, force restart, and upload malware to an aftermarket in-vehicle infotainment system.

Salt Typhoon: A Wake-up Call for Critical Infrastructure

by Gabrielle Hempel / 5d

The Salt Typhoon attacks underscored the need for unity, innovation, and resilience in the face of an increasingly sophisticated cyber-threat landscape.

F5 Integrates API Security and Networking to Address AI Onslaught

by Jeffrey Schwartz / 5d

The new F5 Application Delivery Controller and Security Platform combines BIG-IP, NGNIX, and Distributed Cloud Services, plus new AI gateway and AI assistants.

OpenAI Operator Agent Used in Proof-of-Concept Phishing Attack

8 TTPs

•

by Alexander Culafi, Senior News Writer, Dark Reading / 5d

Researchers from Symantec showed how OpenAI's Operator agent, currently in research preview, can be used to construct a basic phishing attack from start to finish.