In 2025, cloud attacks became quieter — not simpler.

Rinki Sethi, Chief Security & Strategy Officer at Upwind Security, explains how valid identities, automation, and static controls reshaped cloud risk.

Full interview:
https://www.technadu.com/the-shift-that-broke-cloud-security-in-2025-as-valid-identities-became-the-primary-attack-surface/618335/

#CloudSecurity #IAM #Automation #AIinCyber

GHOSTCREW is an AI-assisted, open-source red team toolkit designed to coordinate established penetration testing tools through conversational prompts, task trees, and structured workflows.

Its approach reflects a broader shift toward agent-supported security testing - emphasizing orchestration, repeatability, and reporting rather than fully autonomous exploitation.

For security teams, this highlights the need to understand how AI-enhanced tooling changes both testing efficiency and defensive assumptions.

How should organizations account for agent-assisted red teaming in their security strategy?

Source: https://cybersecuritynews.com/ghostcrew-red-team-toolkit/

Follow @technadu for objective infosec reporting and analysis.

#InfoSec #RedTeamTools #Pentesting #AIinCyber #ThreatModeling #OpenSourceSecurity #TechNadu

Hello everyone! It's been a busy day in the cyber world with significant breaches affecting cryptocurrency users and national services, new insights into nation-state APT activity, and a look at how AI is reshaping both attacks and defences. Let's dive in:

Trust Wallet Chrome Extension Breach ⚠️
- Trust Wallet's Chrome extension version 2.68.0 was compromised, leading to an estimated $6-7 million in cryptocurrency losses for users.
- Malicious code was embedded in the extension, exfiltrating mnemonic phrases to an attacker-controlled server, api.metrics-trustwallet[.]com, which was registered shortly before the incident.
- Trust Wallet has confirmed the incident, urged users to update to version 2.69 immediately, and committed to refunding all affected users, while a parallel phishing campaign exploited the panic.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/trust-wallet-chrome-extension-hack-tied-to-millions-in-losses/
📰 The Hacker News | https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html

French Postal Service Hit by Pro-Russian Hackers 🚨
- Pro-Russian group NoName057(16) claimed responsibility for a DDoS attack that disrupted France's national postal service, La Poste, and its banking arm, La Banque Postale, just before Christmas.
- The attack temporarily knocked key digital systems offline, affecting parcel tracking and slowing mail distribution, though La Poste stated no customer data was compromised.
- French authorities have opened an investigation, with the domestic intelligence agency DGSI taking over the probe, focusing on the deliberate disruption of a data processing service.

🗞️ The Record | https://therecord.media/pro-russia-hackers-claim-attack-la-poste

GrubHub Phishing Scam via Legitimate Subdomain 🎣
- Grubhub users received fraudulent emails from a legitimate company subdomain (b.grubhub.com) promising a tenfold return on sent cryptocurrency as part of a "Holiday Crypto Promotion."
- This is a classic crypto reward scam, luring victims to send Bitcoin to a specified wallet with the false promise of a larger return.
- Grubhub has acknowledged "unauthorized messages" to merchant partners, stating they have contained the issue and are working to prevent future occurrences, though the exact cause (e.g., DNS takeover) remains unconfirmed.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fake-grubhub-emails-promise-tenfold-return-on-sent-cryptocurrency/

Evasive Panda APT Uses DNS Poisoning for MgBot Malware 🐼
- China-linked APT group Evasive Panda (also known as Bronze Highland, Daggerfly, StormBamboo) conducted a highly targeted cyber espionage campaign using DNS poisoning.
- The group manipulated DNS requests to deliver its MgBot backdoor, masquerading as updates for legitimate software like SohuVA, Baidu's iQIYI Video, IObit Smart Defrag, and Tencent QQ.
- MgBot is a modular implant capable of extensive data harvesting, including keystrokes, clipboard data, audio streams, and browser credentials, allowing for long-term stealthy persistence.

📰 The Hacker News | https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html

Hacker Mindset for Cyber Defence 🧠
- Remedio CEO Tal Kollender, a former video game hacker, advocates for adopting a "hacker mindset" to effectively defend against cyber threats, stating that understanding adversarial thinking is crucial.
- Her company uses AI to proactively identify and auto-remediate vulnerabilities, misconfigurations, and compliance gaps across corporate devices.
- The increasing use of AI by attackers to accelerate reconnaissance and exploitation means defenders must also leverage AI to keep pace, making cybersecurity a battle of AI versus AI.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/26/video_game_hacker_turned_ceo/

AI's Impact on Cybersecurity Tabletop Exercises 🛡️
- Cybersecurity tabletop exercises are evolving to account for AI, both in terms of how attackers use AI to find and exploit bugs faster, and how defenders can integrate AI into their response strategies.
- Organisations need to simulate scenarios involving rapid exploitation of CVEs (within minutes of publication) and AI-powered phishing, while also securing their own AI systems against prompt injection and data exfiltration.
- Experts recommend incorporating "analog friction" like mandatory out-of-band verification for deepfake-driven requests and practising offline business operations, emphasising process over technology when trust in digital information is compromised.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/26/end_of_year_tabletop_exercises/

#CyberSecurity #ThreatIntelligence #CryptoHack #DDoS #Phishing #APT #EvasivePanda #MgBot #AIinCyber #TabletopExercises #InfoSec #IncidentResponse

Crystal Morin (Sysdig) says:
“Closing the human latency gap requires integrated real-time security tooling and automation.”

Learn how defenders can evolve from IOC-based detection to behavioral analysis in the full interview: https://www.technadu.com/between-legacy-limits-and-real-time-demands-the-new-cloud-defense-equation/612961/

#CloudSecurity #DevSecOps #AIinCyber #Sysdig #IncidentResponse

In our latest TechNadu Q&A, David Muse, CEO at ZeroFox, shares how AI, automation, and integrated threat intelligence are reshaping executive protection and turning personal security into enterprise resilience.

“Every social media post, podcast appearance, or real estate listing can be weaponized”. Most modern threat actors operate fluidly between these worlds, using online communities to plan or amplify attacks that have offline consequences.

Muse draws attention to the following key insights from the discussion:

🔷 When executives lead by example, protecting their digital presence, they set the tone for the entire organization.
🔷 A doxxing incident, or a viral post can quickly escalate from digital harassment to physical confrontation.
🔷 Apps like Strava, Zillow, and LinkedIn, while harmless, can be weaponized for digital and physical attacks.
🔷 When teams operate as one, organizations can detect early signals, connect the dots, and neutralize risks.

Together, these insights reinforce Muse’s call for unity between digital and physical security teams.

🔗Read the full Q&A: https://www.technadu.com/safeguarding-a-leaders-digital-identity-why-its-central-to-corporate-security-today/612633/

#Doxxing #SocialMedia #ExecutiveSecurity #OnlinePrivacy #AIinCyber #DigitalFootprint #CyberThreat

Spyware, ransomware, and AI-driven defense - this week’s cyber stories covered it all.
Full breakdown: https://www.technadu.com/from-spyware-to-infrastructure-attacks-a-week-of-cyber-crackdowns-and-resilience/612359/

#Cybersecurity #Infosec #ThreatIntel #AIinCyber

Grab your beverage of choice ☕, because there's a LOT to recap from the last 24 hours. Check it out here 👉 https://opalsec.io/daily-news-update-friday-april-4-2025-australia-melbourne/

There's a lot to digest, so if you're running between meetings or scoffing down a quick lunch before the next - here's the TL;DR on the key points:

🚨 Urgent Ivanti Patch Alert: A critical RCE zero-day is being actively exploited by suspected China-nexus group UNC5221, who are deploying new malware (TRAILBLAZE, BRUSHFIRE).

🌐 Fast Flux is Back in the Spotlight: Five Eyes agencies dropped a joint advisory on the increased use of this evasion technique by sophisticated actors (ransomware gangs, state-sponsored groups). It makes tracking C2s & phishing sites a real headache by rapidly changing IPs/nameservers.

🔗 GitHub Supply Chain Attack Deep Dive: Remember that complex attack targeting Coinbase via GitHub Actions? Unit 42 traced its origin back to a single leaked SpotBugs Personal Access Token from late 2024! A huge reminder about token hygiene, the risks of mutable tags, and those cascading dependency threats. Rotate secrets if you use SpotBugs, Reviewdog, or tj-actions!

🤔 Oracle's Cloud Breach Saga Continues...: Oracle reportedly admitted a breach to customers, framing it as a "legacy" (pre-2017) environment issue, yet, the actor leaked data allegedly from late 2024/2025. The focus on "Oracle Cloud Classic" vs. OCI feels like damage control over transparency. As I put it in the blog, their handling doesn't exactly inspire confidence – trust is earned, folks.

🔄 Rethinking Disaster Recovery in the Ransomware Era: DR is way more than just backups now. With hybrid environments sprawling and ransomware the top threat, recovery is Incident Response (detect, isolate, wipe, reinstall, restore). Homogeneity might simplify recovery, but beware of single points of failure (hello, CrowdStrike outage!).

📡 Mass Scanning Alert: Seeing increased probes against Juniper devices (looking for default 't128' creds - change 'em!) and Palo Alto GlobalProtect portals. Motives are unclear – could be recon, botnet building, or sniffing for vulnerabilities. Keep those edge devices patched and hardened!

🇺🇦 New Malware 'Wrecksteel' Hits Ukraine: CERT-UA warns of a new espionage malware targeting state agencies and critical infrastructure via phishing. Deployed by UAC-0219, Wrecksteel exfiltrates documents and takes screenshots.

⚖️ INC Ransomware Claims State Bar of Texas: The second-largest US bar association confirmed a data breach after INC ransomware listed them on their leak site.

Stay informed, stay vigilant, and let me know your thoughts in the comments! What's catching your eye this week?

#CyberSecurity #InfoSec #ThreatIntel #VulnerabilityManagement #ZeroDay #Ransomware #DataBreach #CloudSecurity #SupplyChainSecurity #DNS #MalwareAnalysis #IncidentResponse #CyberAttack #CyberDefense #CISA #Ivanti #GitHub #Oracle #Ukraine #AIinCyber #Privacy #CyberNews

HIRING: Sr. Product Manager / Remote, US

👉 https://infosec-jobs.com/J123841/

#InfoSec #infosecjobs #CyberSecurity #CyberCareer #cyber #security #jobs #cyberjobs #jobsearch #techjobs #hiring #productmanagement #SOC #SIEM #XDR #Remote #remotejob #STEMjobs #Datalake #SaaS #AIinCyber #AI #RemoteFirst