A watering hole attack was discovered involving malicious versions of CPU-Z and HWMonitor, where targeted individuals downloaded tampered versions of these programs from compromised websites, leading to potential infections on their systems.

Iran's internet blackout has become the second-longest in history, lasting over 1,000 hours. Starlink terminal possession is punishable by death, and the country is using military-grade jamming to counter the service.

The Reddit post requests mods to introduce a "built with A.I" tag for tools shared on the site. The user criticizes the influx of substandard projects claimed as "I built," suggesting they often involve minimal effort and rely heavily on AI, leading to insecure and low-quality outcomes.

Hackers reportedly seized control of the anti-flood pumps at Venice's San Marco, according to a group's statement.

A Reddit post questions if vulnerability scanners generate excessive noise or if the issue lies with users. It suggests that the overwhelming amount of data might dilute the value of these tools, indicating a need for better filtering or management of scanner outputs.

A FAANG security engineer is preparing for potential layoffs by studying for the OSAI OffSec certification, practicing easy/medium LeetCode problems, focusing on system design, threat modeling, and appsec concepts. They are seeking additional advice from senior members.

Blue team question: How would you detect a low-and-slow attacker blending into normal traffic?

ShinyHunters claims they accessed Rockstar Games' data via a Snowflake integration, allegedly using stolen authentication tokens rather than a direct exploit. They've threatened a data leak, with a deadline set for mid-April.

Is LinkedIn actually worth it, or does it just make you feel behind?

A cybersecurity professional expresses concern over the Mythos announcement about an AI that autonomously discovers and exploits zero-days in major OSs and browsers. The professional fears it could render human expertise less relevant and questions the future of human-oriented security platforms.

I've developed Claude Skills for nine GRC frameworks including ISO 27001 and GDPR, offering expert compliance guidance. Seeking feedback from community experts. Check the project on GitHub and the live site for details.

A new employee at a company without a VPN is questioning the security of this approach, as the company relies on strict IAM controls and cloud monitoring instead. They wonder if this method, part of a Zero Trust Architecture, is becoming more common and whether their unease is outdated.

The CPUID website was compromised to distribute malware instead of legitimate HWMonitor downloads.

Mythos Is Likely Not As Great As Claimed But That Doesn’t Matter

Claude Mythos Thread

SANS classes cost over $8,700 for a week/weekend session, sparking outrage about affordability amid inflation and tech layoffs. Questions arise on whether corporations are willing to pay such high fees for short-term training with industry instructors.

After seven years in cybersecurity, OP quits due to frustration with thankless work, management undervaluing security, and reliance on AI. They criticize the industry's focus on certifications over skills and warn juniors about challenges, emphasizing that their decision is personal.

Anthropic Model Scare Sparks Urgent Bessent, Powell Warning to Bank CEOs

A zero-day vulnerability in Acrobat Reader has been exploited by hackers since December.

Chrome is implementing hardware-bound session protection to combat infostealer malware, aiming to enhance security by tying session data to specific hardware, making it harder for attackers to misuse stolen credentials.

Recycled phone numbers pose a major security risk today and should not be tolerated despite their downsides.

The post asks for recommendations on job sites for finding cybersecurity or IT jobs, mentioning LinkedIn and Indeed as known options. It seeks suggestions for other or possibly better platforms.

Hackers steal and leak sensitive LAPD police documents

Microsoft accidentally flagged WireGuard, VeraCrypt, and others in an email, causing temporary concern. It's seen as a trivial mistake blown out of proportion.

Hungarian government passwords, including weak ones like "Snoopy," "Adolf," and "Password," have been leaked online, exposing vulnerabilities due to poor password choices.

The FBI accessed a suspect's iPhone notification database to read Signal messages.

A properly authorized red team test should include a detailed authorization letter held by legal, protecting both the red and blue teams. It defines actions at each detection stage, preventing blame and legal issues. It's crucial for both teams’ protection, not just the red team's.

Former heads of CISA and NCSC now work for a program funded by a Ukraine-sanctioned billionaire who owns Warner Music.

AI has led to a significant increase in cybersecurity workloads instead of reducing them. While AI boosts efficiency, it also accelerates output, resulting in more code and application reviews. Consequently, the team is expanding to manage the increased workload.

Russian state hackers APT28 are compromising TP-Link and MicroTik routers to intercept and steal Outlook credentials. They achieve this by manipulating DNS settings to redirect user traffic to attacker-controlled servers, warns a cybersecurity center.