Nomios

Nomios and Nokia proudly present the second episode of the 𝗧𝗵𝗲 𝗖𝗼𝗻𝗻𝗲𝗰𝘁𝗶𝗻𝗴 𝗘𝘂𝗿𝗼𝗽𝗲 𝗧𝗼𝘂𝗿! Join Nat and Fraser, two young and curious entrepreneurs on an exciting journey across Europe, as they dive into the world of cutting-edge technology and innovation. In this episode they visit Paris and Brussels to talk to: 🔸 Sébastien Kher, CEO at Nomios Group 🔸 Margrethe Vestager, Executive Vice-President, European Commission 🔸 Emmanuelle Pierrard, Head of Nokia Belgium 🔸 Roland Thienpont, Director IP Product Marketing at Nokia Belgium This is a four-episode series, that explores the backbone of European research and education—the GÉANT network. Next up: Amsterdam and Geneva!

𝐍𝐨𝐦𝐢𝐨𝐬 𝐖𝐞𝐞𝐤𝐥𝐲 𝐂𝐲𝐛𝐞𝐫𝐖𝐞𝐝𝐧𝐞𝐬𝐝𝐚𝐲 𝐔𝐩𝐝𝐚𝐭𝐞 (𝟎𝟗.𝟎𝟏 - 𝟏𝟓.𝟎𝟏)🚨 Check out the top 10 cybersecurity updates of this week 👇 𝟏. 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭'𝐬 𝐉𝐚𝐧𝐮𝐚𝐫𝐲 𝟐𝟎𝟐𝟓 𝐔𝐩𝐝𝐚𝐭𝐞 Addresses three critical zero-day vulnerabilities in Windows Hyper-V, urging users to apply fixes immediately. (Source: 𝘵𝘩𝘦𝘩𝘢𝘤𝘬𝘦𝘳𝘯𝘦𝘸𝘴.𝘤𝘰𝘮) 𝟐. 𝐇𝐮𝐢𝐎𝐧𝐞 𝐌𝐚𝐫𝐤𝐞𝐭𝐩𝐥𝐚𝐜𝐞 𝐒𝐮𝐫𝐩𝐚𝐬𝐬𝐞𝐬 𝐇𝐲𝐝𝐫𝐚 The HuiOne Telegram-based marketplace surpasses Hydra in illegal cryptocurrency transactions, expanding its reach despite enforcement efforts. (Source: 𝘵𝘩𝘦𝘩𝘢𝘤𝘬𝘦𝘳𝘯𝘦𝘸𝘴.𝘤𝘰𝘮) 𝟑. 𝐙𝐨𝐨𝐦 𝐑𝐞𝐬𝐨𝐥𝐯𝐞𝐬 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐈𝐬𝐬𝐮𝐞𝐬 Zoom addresses critical and medium-severity vulnerabilities, urging users to update to prevent exploitation of these flaws. (Source: 𝘤𝘺𝘣𝘦𝘳𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺𝘯𝘦𝘸𝘴.𝘤𝘰𝘮) 𝟒. 𝐒𝐚𝐚𝐒 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬 𝐈𝐧𝐭𝐫𝐨𝐝𝐮𝐜𝐞 𝐍𝐞𝐰 𝐑𝐢𝐬𝐤𝐬 The rise of SaaS applications introduces governance and security risks, highlighting the need for continuous monitoring and management. (Source: 𝘵𝘩𝘦𝘩𝘢𝘤𝘬𝘦𝘳𝘯𝘦𝘸𝘴.𝘤𝘰𝘮) 𝟓. 𝐅𝐁𝐈 𝐄𝐫𝐚𝐝𝐢𝐜𝐚𝐭𝐞𝐬 𝐏𝐥𝐮𝐠𝐗 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 The FBI successfully eradicates PlugX malware, a Chinese state-sponsored tool, emphasising the importance of international collaboration. (Source: 𝘥𝘢𝘳𝘬𝘳𝘦𝘢𝘥𝘪𝘯𝘨.𝘤𝘰𝘮) 𝟔. 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐓𝐚𝐫𝐠𝐞𝐭𝐬 𝐖𝐨𝐫𝐝𝐏𝐫𝐞𝐬𝐬 𝐄-𝐂𝐨𝐦𝐦𝐞𝐫𝐜𝐞 𝐒𝐢𝐭𝐞𝐬 A new malware campaign targets WordPress e-commerce sites, stealing payment details by hiding malicious scripts in database tables. (Source: 𝘵𝘩𝘦𝘩𝘢𝘤𝘬𝘦𝘳𝘯𝘦𝘸𝘴.𝘤𝘰𝘮) 𝟕. 𝐈𝐯𝐚𝐧𝐭𝐢 𝐂𝐨𝐧𝐧𝐞𝐜𝐭 𝐒𝐞𝐜𝐮𝐫𝐞 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 Ivanti addresses a critical zero-day vulnerability in its Connect Secure platform, emphasising the need for swift action. (Source: 𝘨𝘰𝘷𝘪𝘯𝘧𝘰𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺.𝘤𝘰𝘮) 𝟖. 𝐁𝐚𝐧𝐬𝐡𝐞𝐞 𝐦𝐚𝐜𝐎𝐒 𝐒𝐭𝐞𝐚𝐥𝐞𝐫 The Banshee macOS Stealer infiltrates devices to steal sensitive data, evading Apple's built-in antivirus and posing risks to users. (Source: 𝘯𝘺𝘱𝘰𝘴𝘵.𝘤𝘰𝘮) 𝟗. 𝐅𝐨𝐫𝐭𝐢𝐧𝐞𝐭 𝐅𝐢𝐫𝐞𝐰𝐚𝐥𝐥𝐬 𝐅𝐚𝐜𝐞 𝐙𝐞𝐫𝐨-𝐃𝐚𝐲 𝐄𝐱𝐩𝐥𝐨𝐢𝐭 Fortinet firewalls face unauthorised access via a suspected zero-day vulnerability, enabling attackers to establish SSL VPN tunnels. (Source: 𝘵𝘩𝘦𝘩𝘢𝘤𝘬𝘦𝘳𝘯𝘦𝘸𝘴.𝘤𝘰𝘮) 𝟏𝟎. 𝐓𝐨𝐩 𝐎𝐓 𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦𝐬 𝐇𝐢𝐠𝐡𝐥𝐢𝐠𝐡𝐭𝐞𝐝 Cyber Magazine highlights 10 top OT platforms, such as Nozomi Networks and Cisco, for securing industrial control systems and critical infrastructure. (Source: 𝘤𝘺𝘣𝘦𝘳𝘮𝘢𝘨𝘢𝘻𝘪𝘯𝘦.𝘤𝘰𝘮) Link to article in first comment ⬇️

Nomios Cybersecurity 2025 Yearly Outlook 🚨 Here are the top 10 cybersecurity trends and predictions for 2025 👇   𝟭. 𝗔𝗿𝘁𝗶𝗳𝗶𝗰𝗶𝗮𝗹 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲: 𝗔 𝗱𝗼𝘂𝗯𝗹𝗲-𝗲𝗱𝗴𝗲𝗱 𝘀𝘄𝗼𝗿𝗱 – AI enhances threat detection but also enables sophisticated attacks like AI-generated phishing scams. 𝟮. 𝗣𝗿𝗼𝗹𝗶𝗳𝗲𝗿𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝗭𝗲𝗿𝗼-𝗗𝗮𝘆 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 – Exploits of unknown software flaws are rising, requiring proactive detection and rapid response. 𝟯. 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗠𝗲𝘀𝗵 𝗔𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲 (𝗖𝗦𝗠𝗔) – A flexible, integrated approach enabling scalable and responsive security across distributed systems. 𝟰. 𝗦𝘂𝗽𝗽𝗹𝘆 𝗰𝗵𝗮𝗶𝗻 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗿𝗶𝘀𝗸𝘀– Attackers increasingly target third-party vendors to infiltrate larger organisations. 𝟱. 𝗛𝘂𝗺𝗮𝗻 𝗲𝗿𝗿𝗼𝗿: 𝗔 𝗽𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝘁 𝘄𝗲𝗮𝗸𝗻𝗲𝘀𝘀 – Phishing, weak passwords, and accidental leaks remain critical vulnerabilities. 𝟲. 𝗔𝗜 𝗮𝘀 𝘁𝗵𝗲 𝗯𝗮𝗰𝗸𝗯𝗼𝗻𝗲 𝗼𝗳 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 – AI-driven tools automate responses and provide predictive insights to counter evolving threats. 𝟳. 𝗖𝗹𝗼𝘂𝗱 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀 – Misconfigurations in cloud environments drive breaches, demanding stricter access controls and audits. 𝟴. 𝗘𝘃𝗼𝗹𝘃𝗶𝗻𝗴 𝗶𝗻𝘀𝗶𝗱𝗲𝗿 𝘁𝗵𝗿𝗲𝗮𝘁𝘀 – Insider risks grow with remote work, requiring stronger monitoring and Zero Trust models. 𝟵. 𝗕𝗮𝗹𝗮𝗻𝗰𝗶𝗻𝗴 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘄𝗶𝘁𝗵 𝘂𝘀𝗮𝗯𝗶𝗹𝗶𝘁𝘆 – Adaptive security ensures protection without sacrificing user experience. 𝟭𝟬. 𝗦𝗲𝗰𝘂𝗿𝗶𝗻𝗴 𝘁𝗵𝗲 𝗘𝗱𝗴𝗲 – Edge computing expands attack surfaces, demanding robust encryption and AI-powered monitoring.   For more in-depth details, check the comments for a link to our dedicated pages! 🚀

In het begin van het nieuwe jaar kunnen we niet anders dan naar de toekomst van cybersecurity kijken. 👀 Gartner voorspelt dat organisaties wereldwijd in 2025 maar liefst 15% meer zullen investeren in cybersecurity. 💰 En dat is hard nodig. Cybercriminelen blijven hun aanvallen verfijnen, waardoor bedrijven zich continu moeten aanpassen tegen steeds geavanceerdere dreigingen. Tegelijkertijd wordt de sector uitgedaagd door een gebrek aan geschoolde professionals. 👩💻 Deze vaardighedenskloof maakt het moeilijk om securityteams volledig te bezetten en zet organisaties onder druk om nieuwe manieren te vinden om beveiligingsmaatregelen effectief te implementeren. Gelukkig biedt technologie ook oplossingen. 🤖 AI, GenAI en ML learning (ML) transformeren de manier waarop we cybersecurity benaderen. Deze technologieën maken realtime dreigingsanalyse en snellere reacties mogelijk, waardoor organisaties beter voorbereid zijn op aanvallen. Maar tegelijkertijd vragen ze om zorgvuldige implementatie om ook de risico’s van deze technologieën te beheersen. 2025 wordt een jaar van uitdaging én innovatie. Wij staan alvast klaar om te werken aan een toekomst waarin cybersecurity sterker staat dan ooit. 🏋️

Z okazji nadchodzących świąt składamy najserdeczniejsze życzenia: szczęścia, wiary, nadziei i wszelkiej pomyślności! Wesołych Świąt! Zespół Nomios Poland 🎄

Nomios Weekly CyberWednesday Update (11.12 - 18.12)🚨 Check here the top 10 cybersecurity updates of this week 👇 𝟭. 𝗜𝗿𝗮𝗻-𝗟𝗶𝗻𝗸𝗲𝗱 𝗜𝗢𝗖𝗢𝗡𝗧𝗥𝗢𝗟 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗧𝗮𝗿𝗴𝗲𝘁𝘀 𝗦𝗖𝗔𝗗𝗔 𝗮𝗻𝗱 𝗜𝗼𝗧 𝗣𝗹𝗮𝘁𝗳𝗼𝗿𝗺𝘀 - Iranian state-sponsored actors deploy IOCONTROL malware targeting SCADA and IoT systems. Exploiting critical infrastructure vulnerabilities, this malware underscores the need for robust OT security. (Source: The Hacker News) 𝟮. 𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵𝗲𝗿𝘀 𝗖𝗿𝗮𝗰𝗸 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗔𝘇𝘂𝗿𝗲 𝗠𝗙𝗔 𝗶𝗻 𝗮𝗻 𝗛𝗼𝘂𝗿 - A critical rate-limit flaw in Microsoft Azure MFA exposed accounts to rapid brute-force attacks. Microsoft has since patched the issue, but the incident raises concerns about cloud authentication. (Source: DarkReading.com) 𝟯. 𝗚𝗲𝗿𝗺𝗮𝗻𝘆 𝗦𝗶𝗻𝗸𝗵𝗼𝗹𝗲𝘀 𝗕𝗼𝘁𝗻𝗲𝘁 𝗼𝗳 𝟯𝟬,𝟬𝟬𝟬 𝗕𝗮𝗱𝗕𝗼𝘅-𝗜𝗻𝗳𝗲𝗰𝘁𝗲𝗱 𝗗𝗲𝘃𝗶𝗰𝗲𝘀 - Germany’s BSI agency sinkholed a botnet of devices infected with pre-installed malware, highlighting supply chain security risks. (Source: Securityweek.com) 𝟰. 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵𝗲𝗿𝘀 𝗦𝗲𝘁 𝗨𝗽 𝗮𝗻 𝗔𝗣𝗜 𝗛𝗼𝗻𝗲𝘆𝗽𝗼𝘁 𝘁𝗼 𝗗𝘂𝗽𝗲 𝗛𝗮𝗰𝗸𝗲𝗿𝘀 - A honeypot revealed that exposed APIs are discovered and exploited by attackers within seconds, emphasising the importance of robust API security practices. (Source: itpro.com) 𝟱. 𝗔𝗻𝗱𝗿𝗼𝗶𝗱 𝗭𝗲𝗿𝗼-𝗗𝗮𝘆 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗲𝗱 𝗶𝗻 𝗦𝗽𝘆𝘄𝗮𝗿𝗲 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻𝘀 - Spyware targeting Serbian journalists exploited an Android zero-day. This highlights the risks of unchecked vulnerabilities and misuse of forensic tools like Cellebrite. (Source: Securityweek.com) 𝟲. 𝗖𝗜𝗦𝗔 𝗜𝘀𝘀𝘂𝗲𝘀 𝗕𝗲𝘀𝘁 𝗣𝗿𝗮𝗰𝘁𝗶𝗰𝗲𝘀 𝘁𝗼 𝗦𝗲𝗰𝘂𝗿𝗲 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝟯𝟲𝟱 𝗖𝗹𝗼𝘂𝗱 𝗘𝗻𝘃𝗶𝗿𝗼𝗻𝗺𝗲𝗻𝘁𝘀 - CISA’s new guidelines for Microsoft 365 security are highly relevant for organisations aiming to bolster their cloud security posture. (Source: cybersecuritynews.com) 𝟳. 𝗔𝗽𝗽𝗹𝗲 𝗣𝘂𝘀𝗵𝗲𝘀 𝗠𝗮𝗷𝗼𝗿 𝗶𝗢𝗦, 𝗺𝗮𝗰𝗢𝗦 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗨𝗽𝗱𝗮𝘁𝗲𝘀 - Apple’s latest updates address significant vulnerabilities, urging enterprises to prioritise system updates. (Source: Securityweek.com) 𝟴. 𝗙𝘂𝗻𝗱𝗶𝗻𝗴/𝗠&𝗔: 𝗔𝗿𝗰𝘁𝗶𝗰 𝗪𝗼𝗹𝗳 𝗕𝘂𝘆𝘀 𝗖𝘆𝗹𝗮𝗻𝗰𝗲 𝗳𝗼𝗿 $𝟭𝟲𝟬𝗠 - Arctic Wolf’s acquisition of Cylance strengthens its managed detection and response capabilities, enhancing endpoint security solutions. (Source: Securityweek.com) 𝟵. 𝗖𝗼𝗵𝗲𝘀𝗶𝘁𝘆 𝗖𝗼𝗺𝗽𝗹𝗲𝘁𝗲𝘀 𝗠𝗲𝗿𝗴𝗲𝗿 𝘄𝗶𝘁𝗵 𝗩𝗲𝗿𝗶𝘁𝗮𝘀 - This $7 billion merger creates the largest global data protection software provider, focusing on AI-driven resilience. (Source: securitybrief.asia) 𝟭𝟬. 𝗖𝘆𝗯𝗲𝗿𝗮𝘁𝘁𝗮𝗰𝗸 𝗗𝗶𝘀𝗿𝘂𝗽𝘁𝘀 𝗖𝗮𝗻𝗮𝗱𝗶𝗮𝗻 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗨𝗻𝗶𝘁 𝗼𝗳 𝗟𝗞𝗤 𝗖𝗼𝗿𝗽𝗼𝗿𝗮𝘁𝗶𝗼𝗻 - LKQ Corporation experienced a cyberattack that disrupted operations in a Canadian unit. (Source: Securityweek.com) For more in-depth details, check the comments for a link to our dedicated pages! 🚀

Our Dutch office is kicking off the week in a festive way! A big thank you to Juniper Networks for the fantastic collaboration this year. Here's to an even more successful 2025! 🚀

After a year of hard work, it was time to celebrate our achievements with a 𝘉𝘭𝘢𝘤𝘬 𝘢𝘯𝘥 𝘵𝘰𝘶𝘤𝘩 𝘰𝘧 𝘨𝘰𝘭𝘥 Christmas party ✨ At the beautiful Miss Jones restaurant, our Dutch teams came together for a delightful evening featuring a tasteful dinner, an exciting award ceremony, and a lively dance party🕺 Thank you all for being such an amazing part of the Nomios team! We can’t wait to see what the future holds as we continue to build a secure and connected 2025 🎆

This week, we uncover 10 critical cybersecurity developments ranging from vulnerabilities in GPU systems and ransomware targeting healthcare to innovative phishing tactics and AI-driven disinformation campaigns. 1️⃣ Critical GPU DDK Vulnerabilities Flaws in GPU Driver Development Kits expose physical memory to attackers. Enterprises must patch immediately to secure AI and data centre systems. Source: Cybersecuritynews.com 2️⃣ Fintech Giant Finastra Data Breach Sensitive data from a major financial software provider is being sold on the dark web. A stark warning for enterprise supply chain security. Source: Krebsonsecurity.com 3️⃣ BootKitty UEFI Malware This first-of-its-kind Linux bootkit exploits firmware vulnerabilities to bypass Secure Boot protections. Linux administrators take note. Source: Bleepingcomputer.com 4️⃣ AWS Launches Incident Response Service A game-changing service to streamline and enhance enterprise-level security event responses. Source: Securityweek.com 5️⃣ Hackers Exploit Webcam Vulnerability Privacy risks emerge as attackers bypass LED indicators to activate laptop webcams covertly. Source: Cybersecuritynews.com 6️⃣ AI-Powered Fake News Campaign A Russian influence operation targets Western support for Ukraine and U.S. elections, amplifying political tensions through AI. Source: TheHackerNews 7️⃣ SpyLoan Malware Hits 8 Million Android Users Malicious apps on Google Play extort and harass victims, showcasing the dangers of unchecked app permissions. Source: TheHackerNews 8️⃣ Banshee Stealer macOS Malware Source Code Leaked Widespread attacks are now possible after the code for this data-theft malware was made public. Source: Securityweek.com 9️⃣ Cyberattacks on UK Hospitals Ransomware disrupts healthcare services, underlining the vulnerabilities in critical infrastructure. Source: Securityweek.com 🔟 Blue Yonder Ransomware Attack Disrupts UK Retailers A ransomware attack on supply chain software provider Blue Yonder is causing significant disruptions for UK supermarkets and retailers, highlighting supply chain vulnerabilities during critical seasons. Source: Computerweekly.com These updates underline the growing complexity of cybersecurity challenges across hardware, software, and infrastructure. Enterprises must remain proactive by adopting robust security measures and staying informed about emerging threats. At Nomios, we provide bespoke cybersecurity solutions tailored to large organisations. If you have any questions or need expert guidance, please contact our team. Together, we can fortify your defences and secure your enterprise in this digital landscape.

Nomios Weekly CyberWednesday Update (20.11 - 27.11)🚨 Check here the top 10 cybersecurity updates of this week 👇 𝟭. 𝗥𝘂𝘀𝘀𝗶𝗮𝗻 𝗛𝗮𝗰𝗸𝗲𝗿𝘀 𝗗𝗲𝗽𝗹𝗼𝘆 𝗛𝗔𝗧𝗩𝗜𝗕𝗘 𝗮𝗻𝗱 𝗖𝗛𝗘𝗥𝗥𝗬𝗦𝗣𝗬 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 - APT28-linked threat actors are targeting European government entities and educational institutions using custom malware. These attacks are part of a broader Russian strategy to destabilise NATO countries. Source: The Hacker News 𝟮. 𝗖𝗵𝗶𝗻𝗮-𝗕𝗮𝗰𝗸𝗲𝗱 𝗛𝗮𝗰𝗸𝗲𝗿𝘀 𝗘𝘅𝗽𝗹𝗼𝗶𝘁 𝗦𝗜𝗚𝗧𝗥𝗔𝗡 𝗣𝗿𝗼𝘁𝗼𝗰𝗼𝗹𝘀 𝘁𝗼 𝗜𝗻𝗳𝗶𝗹𝘁𝗿𝗮𝘁𝗲 𝗧𝗲𝗹𝗲𝗰𝗼𝗺 𝗡𝗲𝘁𝘄𝗼𝗿𝗸𝘀 - Liminal Panda is leveraging deep knowledge of telecom protocols to compromise networks across South Asia, Africa, and beyond. This highlights critical risks for telecom enterprises globally. Source: The Hacker News 𝟯. 𝗡𝗼𝗿𝘁𝗵 𝗞𝗼𝗿𝗲𝗮𝗻 𝗛𝗮𝗰𝗸𝗲𝗿𝘀 𝗦𝘁𝗲𝗮𝗹 $𝟭𝟬𝗠 𝘃𝗶𝗮 𝗟𝗶𝗻𝗸𝗲𝗱𝗜𝗻 𝗔𝗜-𝗗𝗿𝗶𝘃𝗲𝗻 𝗦𝗰𝗮𝗺𝘀 - Using fake recruiter profiles and advanced malware, North Korean hackers are stealing cryptocurrency and credentials, posing a growing threat to enterprises worldwide. Source: The Hacker News 𝟰. 𝗖𝗜𝗦𝗔 𝗪𝗮𝗿𝗻𝘀 𝗼𝗳 𝗩𝗠𝘄𝗮𝗿𝗲 𝘃𝗖𝗲𝗻𝘁𝗲𝗿 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗨𝗻𝗱𝗲𝗿 𝗔𝗰𝘁𝗶𝘃𝗲 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻 - Critical flaws in VMware’s vCenter Server allow remote code execution and privilege escalation. European enterprises are urged to patch immediately to prevent attacks on virtualised infrastructure. Source: CyberSecurityNews 𝟱. 𝗢𝗿𝗮𝗰𝗹𝗲 𝗣𝗮𝘁𝗰𝗵𝗲𝘀 𝗔𝗴𝗶𝗹𝗲 𝗣𝗟𝗠 𝗭𝗲𝗿𝗼-𝗗𝗮𝘆 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗲𝗱 𝗶𝗻 𝘁𝗵𝗲 𝗪𝗶𝗹𝗱 - A zero-day exploit in Agile PLM software risks sensitive data. Update now to secure legacy systems. Source: SecurityWeek 𝟲. 𝗚𝗼𝘃𝗲𝗿𝗻𝗺𝗲𝗻𝘁𝘀 𝗖𝗮𝗹𝗹 𝗳𝗼𝗿 𝗦𝘁𝗿𝗼𝗻𝗴𝗲𝗿 𝗘𝗨 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝗴𝗲𝗻𝗰𝘆 𝗘𝗡𝗜𝗦𝗔 - Governments call for expanded ENISA resources to tackle critical infrastructure threats. Source: Euronews 𝟳. 𝗔𝗽𝗽𝗹𝗲 𝗖𝗼𝗻𝗳𝗶𝗿𝗺𝘀 𝗭𝗲𝗿𝗼-𝗗𝗮𝘆 𝗔𝘁𝘁𝗮𝗰𝗸𝘀 𝗛𝗶𝘁𝘁𝗶𝗻𝗴 𝗺𝗮𝗰𝗢𝗦 𝗦𝘆𝘀𝘁𝗲𝗺𝘀 - MacOS zero-day flaws are being actively targeted. Users are urged to update their systems. Source: SecurityWeek 𝟴. 𝗥𝘂𝘀𝘀𝗶𝗮𝗻 𝗡𝗲𝗮𝗿𝗲𝘀𝘁 𝗡𝗲𝗶𝗴𝗵𝗯𝗼𝘂𝗿 𝗪𝗶-𝗙𝗶 𝗔𝘁𝘁𝗮𝗰𝗸 𝗘𝘅𝗽𝗼𝘀𝗲𝘀 𝗡𝗲𝘄 𝗘𝘀𝗽𝗶𝗼𝗻𝗮𝗴𝗲 𝗥𝗶𝘀𝗸𝘀 - APT28's "Nearest Neighbour Attack" exploits nearby networks, emphasising the need for wireless security. Source: SecurityWeek 𝟵. 𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝗺𝗮𝗻𝗱: 𝗘𝗻𝘀𝘂𝗿𝗶𝗻𝗴 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗦𝘂𝗽𝗽𝗹𝘆 𝗖𝗵𝗮𝗶𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 - Proactive security validation is essential to protect against supply chain attacks. Source: DarkReading 𝟭𝟬. 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗘𝘅𝗽𝗼𝘀𝗲𝘀 𝗢𝗡𝗡𝗫 𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗦𝗲𝗿𝘃𝗶𝗰𝗲, 𝗦𝗲𝗶𝘇𝗲𝘀 𝟮𝟰𝟬 𝗗𝗼𝗺𝗮𝗶𝗻𝘀 - 240 domains seized in a takedown of phishing-as-a-service schemes, exposing key operators. Source: DarkReading For more in-depth details, check the comments for a link to our dedicated pages! 🚀