"Cisco warns of credential vulnerability on AWS, Azure, Oracle Cloud."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 06 June 2025, 1331 UTC.

Content and Source:  "Dark Reading" email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml

Please check email link or scroll down to read your selections.  Thanks for joining us today.  

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

139K followers39 articles per week

#security#tech

71

Most popular

Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloud

3 TTPs

•

by Kristina Beek, Associate Editor, Dark Reading / 16h

•

CVE-2025-20286

The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same.

MSFT-CrowdStrike 'Rosetta Stone' for Naming APTs: Meh?

3 TTPs

•

by Robert Lemos, Contributing Writer / 27min

Microsoft and CrowdStrike announced an effort to deconflict the overlapping names of threat groups and reduce confusion for companies, but we've been here before.

Prep for Layoffs Before They Compromise Security

by Mercedes Cardona / 2h

Mass layoffs create cybersecurity vulnerabilities through dormant accounts and disgruntled employees.

Yesterday

SecOps Need to Tackle AI Hallucinations to Improve Accuracy

by Arielle Waldman / 14h

AI is increasingly embedded into threat detection and response tools, but hallucinations can lead to false positive and inaccurate guidance. The AI-associated risk can't be completely eradicated, but SecOps teams can take steps to at least limit the effects.

'PathWiper' Attack Hits Critical Infrastructure In Ukraine

5 TTPs

•

by Rob Wright / 16h

•

PathWiper malware targets Ukraine infrastructure

Cisco Talos researchers observed the new wiper malware in a destructive attack against an unnamed critical infrastructure organization.

Digital Forensics Firm Cellebrite to Acquire Corellium

Cellebrite acquires Corellium for $170M

•

by Alexander Culafi, Senior News Writer, Dark Reading / 16h

Cellebrite, a controversial digital forensics firm, is set to acquire virtualization vendor Corellium in a $170 million deal.

Backdoored Malware Reels in Newbie Cybercriminals

IoC > 2 domains

•

by Kristina Beek, Associate Editor, Dark Reading / 18h

•

Backdoored malware targets novice criminals

Sophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August 2022.

Vishing Crew Targets Salesforce Data

8 TTPs

•

by Jai Vijayan, Contributing Writer / 20h

•

Vishing attacks target Salesforce customers

A group that Google is tracking as UNC6040 has been tricking users at many organizations into installing a malicious version of a Salesforce app to gain access and steal data from the platform.

Questions Swirl Around ConnectWise Flaw Used in Attacks

by Rob Wright / 22h

ConnectWise issued a patch to stave off attacks on ScreenConnect customers, but the company's disclosures don't explain what the vulnerability is and when it was first exploited.

Finding Balance in US AI Regulation

by John Hurley / 23h

The US can't afford to wait for political consensus to catch up to technological change.

Jun 4, 2025

Iranian APT 'BladedFeline' Hides in Network for 8 Years

by Alexander Culafi, Senior News Writer, Dark Reading / 1d

ESET published research on the Iranian APT "BladedFeline," which researchers believe is a subgroup of the cyber-espionage entity APT34.

Cybersecurity Training in Africa Aims to Bolster Professionals' Ranks

by Robert Lemos, Contributing Writer / 1d

The United Nations, Carnegie Mellon University, and private organizations are all aiming to train the next generation of cybersecurity experts, boost economies, and disrupt pipelines to armed groups.

35K Solar Devices Vulnerable to Potential Hijacking

by Kristina Beek, Associate Editor, Dark Reading / 1d

A little more than three-quarters of these exposed devices are located in Europe, followed by Asia, with 17%.

Vishing Crew Targets Salesforce Data

8 TTPs

•

by Jai Vijayan, Contributing Writer / 1d

•

Vishing attacks target Salesforce customers

A group Google is tracking as UNC6040 has been tricking users into installing a malicious version of a Salesforce app to gain access to and steal data from the platform.

How Neuroscience Can Help Us Battle 'Alert Fatigue'

by Boaz Barzel / 1d

By understanding the neurological realities of human attention, organizations can build more sustainable security operations that protect not only their digital assets but also the well-being of those who defend them.

Researchers Bypass Deepfake Detection With Replay Attacks

6 TTPs

•

by Alexander Culafi, Senior News Writer, Dark Reading / 1d

•

Replay attacks bypass deepfake detection

An international group of researchers found that simply rerecording deepfake audio with natural acoustics in the background allows it to bypass detection models at a higher-than-expected rate.

Attackers Impersonate Ruby Packages to Steal Sensitive Telegram Data

9 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 1d

•

Malicious RubyGems steal Telegram data

Malicious RubyGems pose as a legitimate plug-in for the popular Fastlane rapid development platform in a geopolitically motivated attack with global supply chain reach.

Beware of Device Code Phishing

11 TTPs

•

by Stu Sjouwerman / 1d

Hackers are exploiting trusted authentication flows — like Microsoft Teams and IoT logins — to trick users into handing over access tokens, bypassing MFA and slipping undetected into corporate networks.

How to Approach Security in the Era of AI Agents

by Chris Betz / 2d

Organizations need to implement these five essential security controls to safely harness the power of autonomous AI agents while still protecting enterprise assets.