Lloyds and Nationwide to use UK finance sector LLM
Lloyds Banking Group and Nationwide Building Society are set to roll out a generative AI (GenAI) tool that has been specifically designed for the UK…
Author: Cybernoz
Attackers Abuse TikTok and Instagram APIs — API Security
It must be the season for API security incidents. Hot on the heels of a developer leaking an API key for private Tesla and SpaceX…
Chinese hackers breach US local governments using Cityworks zero-day
Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States. Trimble Cityworks is a Geographic Information…
New NIST Security Metric Aims to Pinpoint Exploited Vulnerabilities
Researchers from the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) have introduced a new security metric designed…
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
May 22, 2025Ravie LakshmananCybersecurity / Vulnerability A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise…
Attackers Exploit BIND DNS Server Vulnerability to Crash Servers Using Malicious Packets
The vulnerability in BIND DNS server software allowed attackers to crash DNS servers by sending specifically crafted malicious packets. This flaw, identified as CVE-2023-5517, could…
Who’s Patching Your Network?
According to Cybersecurity Ventures, cybercrime cost the world an estimated $9.5 trillion last year. Cybercriminals are no longer focused on big targets alone. They want reach.…
Lumma information stealer infrastructure disrupted
The US Department of Justice (DOJ) and Microsoft have disrupted the infrastructure of the Lumma information stealer (infostealer). Lumma Stealer, also known as LummaC or…
Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program
May 22, 2025The Hacker NewsSecurity Framework / Cyber Defense It’s not enough to be secure. In today’s legal climate, you need to prove it. Whether…
Security Theater or Real Defense? The KPIs That Tell the Truth
A critical step in maturing any cybersecurity program is the ability to measure and report on its performance. Yet measuring cybersecurity remains notoriously difficult, often…
FTC finalizes order requiring GoDaddy to secure hosting services
The U.S. Federal Trade Commission (FTC) has finalized an order requiring web hosting giant GoDaddy to secure its services to settle charges of data security…
Linux kernel SMB 0-Day Vulnerability Uncovered Using ChatGPT
Security researcher Sean has successfully identified a zero-day vulnerability in the Linux kernel using OpenAI’s o3 model. The discovery, designated as CVE-2025-37899, represents a significant…