キタきつね

@kitafox.bsky.social

13 hours ago

Rapid Exploitation of CVE-2026-21962 Hits Oracle WebLogic Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study

攻撃者がOracle WebLogicの重要なリモートコード実行（RCE）を急速に悪用していることが、ハニーポット調査で判明

Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds #InfosecurityMagazine (Mar 27)

www.infosecurity-magazine.com/news/critica...

キタきつね

@kitafox.bsky.social

3 days ago

Cloud Phones Linked to Rising Financial Fraud Threat Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts

クラウド電話が金融詐欺の脅威の高まりと関連している

Cloud Phones Linked to Rising Financial Fraud Threat #InfosecurityMagazine (Mar 26)

www.infosecurity-magazine.com/news/cloud-p...

キタきつね

@kitafox.bsky.social

3 days ago

Hackers Exploit Compromised Enterprise Identities at Industrial Scale SentinelOne's annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials

SentinelOneが警告：ハッカーが侵害された企業IDを大規模に悪用

Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne #InfosecurityMagazine (Mar 26)

www.infosecurity-magazine.com/news/hackers...

キタきつね

@kitafox.bsky.social

4 days ago

Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory

Citrix社、NetScalerの重大な脆弱性に対する即時パッチ適用を強く推奨

Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities #InfosecurityMagazine (Mar 25)

www.infosecurity-magazine.com/news/citrix-...

キタきつね

@kitafox.bsky.social

4 days ago

Experts Sound Alarm Over “Prompt Poaching” Browser Extensions Expel has warned of malicious Chrome extensions stealing users’ AI conversations

専門家が「ユーザー引き抜き」を目的としたブラウザ拡張機能に警鐘を鳴らす

Experts Sound Alarm Over “Prompt Poaching” Browser Extensions #InfosecurityMagazine (Mar 25)

www.infosecurity-magazine.com/news/experts...

キタきつね

@kitafox.bsky.social

4 days ago

Enterprise Cybersecurity Software Fails 20% of the Time, Warns Report Poor patch management, increasingly complex IT environments and continued use of obsolete software puts organizations at risk from cyber threats, says the Absolute Security 2026 Resilience Risk Index

企業向けサイバーセキュリティソフトウェアは20％の確率で失敗すると、Absolute Security社が警告。

Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security #InfosecurityMagazine (Mar 24)

www.infosecurity-magazine.com/news/cyberse...

キタきつね

@kitafox.bsky.social

4 days ago

RSAC: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards The head of the UK’s NCSC is calling the cybersecurity industry to “seize the disruptive vibe coding opportunity” to make software more secure

RSAカンファレンス：英国NCSC責任者が業界に対し、Vibeコーディングの安全対策を開発するよう促す

RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards #InfosecurityMagazine (Mar 25)

www.infosecurity-magazine.com/news/rsac-uk...

キタきつね

@kitafox.bsky.social

5 days ago

High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks High tech was the most frequently targeted industry in Mandiant investigations in 2025, overtaking financial services which led in 2023 and 2024

マンディアントの報告によると、ハイテク分野が金融業界を抜いてサイバー攻撃の標的トップに

High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports #InfosecurityMagazine (Mar 24)

www.infosecurity-magazine.com/news/high-te...

キタきつね

@kitafox.bsky.social

5 days ago

New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data

新しいnpm「ゴーストキャンペーン」は、偽のインストールログを使用してマルウェアを隠蔽する

New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware #InfosecurityMagazine (Mar 24)

www.infosecurity-magazine.com/news/npm-gho...

キタきつね

@kitafox.bsky.social

5 days ago

Cybersecurity Staff Don’t Know How Fast They Could Cyber-Attacks on AI ISACA survey found that confusion over responsibility and lack of understanding around AI cyber-attacks makes containing them difficult

ほとんどのサイバーセキュリティ担当者は、AIシステムへのサイバー攻撃をどれだけ迅速に阻止できるかを知らない

Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems #InfosecurityMagazine (Mar 24)

www.infosecurity-magazine.com/news/cyber-s...

キタきつね

@kitafox.bsky.social

6 days ago

UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs 35% of security leaders working in the UK’s critical infrastructure said regulatory requirements are the primary influence on their security programs

英国：規制が重要インフラ組織のサイバー支出を促進

UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs #InfosecurityMagazine (Mar 19)

www.infosecurity-magazine.com/news/uk-regu...

キタきつね

@kitafox.bsky.social

6 days ago

FCA Updates Cyber Incident and Third-Party Reporting Rules The UK’s financial regulator has issued new rules to make incident and third-party reporting clearer

FCAがサイバーインシデントおよび第三者報告に関する規則を更新

FCA Updates Cyber Incident and Third-Party Reporting Rules #InfosecurityMagazine (Mar 19)

www.infosecurity-magazine.com/news/fca-upd...

キタきつね

@kitafox.bsky.social

6 days ago

Financial Brands Targeted in Global Mobile Banking Malware Surge Mobile banking malware targets over 1200 financial apps globally, shifting fraud to user devices

世界的なモバイルバンキングマルウェアの急増で金融ブランドが標的に

Financial Brands Targeted in Global Mobile Banking Malware Surge #InfosecurityMagazine (Mar 19)

www.infosecurity-magazine.com/news/financi...

キタきつね

@kitafox.bsky.social

6 days ago

Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics

ランサムウェア関連組織が「ザ・ジェントルメン」作戦の詳細を暴露

Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation #InfosecurityMagazine (Mar 20)

www.infosecurity-magazine.com/news/ransomw...

キタきつね

@kitafox.bsky.social

6 days ago

CISA Orders US Government to Patch Maximum Severity Cisco Flaw CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns

CISA、米国政府に対しシスコシステムの深刻な脆弱性に対するパッチ適用を命令

CISA Orders US Government to Patch Maximum Severity Cisco Flaw #InfosecurityMagazine (Mar 23)

www.infosecurity-magazine.com/news/cisa-or...

キタきつね

@kitafox.bsky.social

6 days ago

NCA Boss Warns That Teens Are Being “Radicalized” Online The National Crime Agency’s director general warns that technology is rapidly reshaping crime

NCA長官、10代の若者がオンライン上のサイバー犯罪に「過激化」されていると警告

NCA Boss Warns That Teens Are Being “Radicalized” Into Cybercrime Online #InfosecurityMagazine (Mar 20)

www.infosecurity-magazine.com/news/nca-bos...

キタきつね

@kitafox.bsky.social

6 days ago

AI-Enabled Adversaries Compress Time-to-Exploit Rapid7 says median time from publication to CISA KEV inclusion dropped to five days

AIを活用した攻撃者は、脆弱性の開示後、悪用までの時間を短縮する

AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure #InfosecurityMagazine (Mar 18)

www.infosecurity-magazine.com/news/exploit...

キタきつね

@kitafox.bsky.social

1 week ago

Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears Armis reveals that “mutually assured disruption” is no longer preventing state-backed attacks

サイバー戦争への懸念が高まる中、英国企業に対する国家主導の攻撃が急増

Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears #InfosecurityMagazine (Mar 17)

www.infosecurity-magazine.com/news/nation-...

キタきつね

@kitafox.bsky.social

1 week ago

Average Number of Daily API Attacks Up 113% Annually Akamai says 87% of organizations suffered an API-related security incident last year

API攻撃の1日あたりの平均件数が前年比113%増加

Average Number of Daily API Attacks Up 113% Annually #InfosecurityMagazine (Mar 17)

www.infosecurity-magazine.com/news/average...

キタきつね

@kitafox.bsky.social

1 week ago

Android OS-Level Attack Bypasses Mobile Payment Security Android’s LSPosed-based attack hijacks payment apps via runtime manipulation and SIM-binding bypass

Android OSレベルの攻撃によりモバイル決済のセキュリティが回避される

Android OS-Level Attack Bypasses Mobile Payment Security #InfosecurityMagazine (Mar 18)

www.infosecurity-magazine.com/news/android...

キタきつね

@kitafox.bsky.social

1 week ago

Law Enforcement Dismantles SocksEscort Proxy Network Operation Lightning sees international law enforcement partners shut down ‘SocksEscort,’ a major malicious proxy service used by cybercriminals worldwide

法執行機関が「オペレーション・ライトニング」でSocksEscortプロキシネットワークを解体

Law Enforcement Dismantles SocksEscort Proxy Network in Operation Lightning #InfosecurityMagazine (Mar 13)

www.infosecurity-magazine.com/news/sockses...

キタきつね

@kitafox.bsky.social

1 week ago

Security Flaw in AWS Bedrock Code Interpreter Raises Alarms DNS-based attack in AWS Bedrock AgentCore lets AI sandboxes exfiltrate cloud data

AWS Bedrockコードインタープリタのセキュリティ上の欠陥が懸念を引き起こす

Security Flaw in AWS Bedrock Code Interpreter Raises Alarms #InfosecurityMagazine (Mar 18)

www.infosecurity-magazine.com/news/securit...

キタきつね

@kitafox.bsky.social

1 week ago

Interpol Nets 94 Arrests in Major Cybercrime Sweep A new law enforcement operation against phishing and ransomware operators led to the takedown of 45,000 malicious IP addresses

インターポールの「オペレーション・シナジアIII」で大規模なサイバー犯罪摘発作戦を実施、94人を逮捕

Interpol's 'Operation Synergia III' Nets 94 Arrests in Major Cybercrime Sweep #InfosecurityMagazine (Mar 14)

www.infosecurity-magazine.com/news/interpo...

キタきつね

@kitafox.bsky.social

2 weeks ago

Critical Zero-Click Flaw in n8n Allows Full Server Compromise The critical vulnerability affecting both cloud and self-hosted n8n instances requires no authentication or even n8n account to be exploited

n8nの致命的なゼロクリック脆弱性により、サーバー全体が侵害される可能性

Critical Zero-Click Flaw in n8n Allows Full Server Compromise #InfosecurityMagazine (Mar 13)

www.infosecurity-magazine.com/news/critica...

キタきつね

@kitafox.bsky.social

2 weeks ago

CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws CISA issued urgent directive as attackers exploit Cisco SD-WAN flaw granting admin access to networks

CISA、Cisco SD-WANの脆弱性を悪用した緊急指令を発行

CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws #InfosecurityMagazine (Mar 12)

www.infosecurity-magazine.com/news/cisa-ci...

キタきつね

@kitafox.bsky.social

2 weeks ago

Critical Zero-Click Flaw in n8n Allows Full Server Compromise The critical vulnerability affecting both cloud and self-hosted n8n instances requires no authentication or even n8n account to be exploited

n8nの重大なゼロクリック脆弱性によりサーバー全体が侵害される

Critical Zero-Click Flaw in n8n Allows Full Server Compromise #InfosecurityMagazine (Mar 13)

www.infosecurity-magazine.com/news/critica...

キタきつね

@kitafox.bsky.social

2 weeks ago

Cyber-Attacks on UK Firms Increase at Four Times Global Rate Check Point data shows attack volumes are growing much faster in the UK than worldwide

英国企業へのサイバー攻撃が世界平均の4倍に増加

Cyber-Attacks on UK Firms Increase at Four Times Global Rate #InfosecurityMagazine (Mar 11)

www.infosecurity-magazine.com/news/cyberat...

キタきつね

@kitafox.bsky.social

2 weeks ago

Researchers Discover Major Security Gaps in LLM Guardrails Palo Alto Networks’ Unit 42 has developed a successful attack to bypass safety guardrails in popular generative AI tools

研究者らがLLMガードレールにおける重大なセキュリティギャップを発見

Researchers Discover Major Security Gaps in LLM Guardrails #InfosecurityMagazine (Mar 11)

www.infosecurity-magazine.com/news/major-s...

キタきつね

@kitafox.bsky.social

2 weeks ago

BlackSanta EDR-Killer Targets HR Teams in CV-Themed Campaign BlackSanta malware targets HR staff with fake resumes, kills EDR and steals system data

BlackSanta EDRキラー、履歴書をテーマにしたキャンペーンで人事部門を標的に

BlackSanta EDR-Killer Targets HR Teams in CV-Themed Campaign #InfosecurityMagazine (Mar 11)

www.infosecurity-magazine.com/news/blacksa...

キタきつね

@kitafox.bsky.social

2 weeks ago

France's Cybersecurity Agency Reports Ransomware Attack Drop in 2025 French small and medium businesses remained the organizations most targeted by ransomware in 2025

フランス：国家サイバーセキュリティ機関、2025年にランサムウェア攻撃が減少すると報告

France: National Cybersecurity Agency Reports Ransomware Attack Drop in 2025 #InfosecurityMagazine (Mar 12)

www.infosecurity-magazine.com/news/france-...