-
The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov and Volen Kayo said in a report published in collaboration with Ukuk, a state enterprise under the
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Alisa Viejo, CA, USA, November 27th, 2025, CyberNewsWire
Gartner has recognized One Identity as a Visionary in the 2025 Gartner Magic Quadrant for Privileged Access Management (PAM).
In a rapidly transforming market, innovation and demonstrated performance continue to shape expectations.
The placement as a Visionary reflects what the company observes across its customer and partner ecosystem, highlighting a collective emphasis on simplified security, accelerated adoption and intelligence-driven identity protection.
Definition of the Visionary Classification
According to Gartner, Visionaries are “noted for their innovative approaches to PAM technologies, methodologies, and means of delivery.”
Being named a Visionary validates their strategy – blending AI-driven administration, flexible deployment and customer-first design – as we continue building the next era of privileged access management.
They believe the focus on streamlined innovation, automation and value is exactly what modern organizations demand.
Analyst Observations on One Identity Safeguard for PAM
One Identity has seen analyst support for several key strengths across the One Identity Safeguard and Cloud PAM Essentials portfolio:
- Product excellence: The products received among the highest scores for privileged session management and PEDM for UNIX/Linux and macOS, confirming the depth and reliability of our core platform.
- Customer experience: Praised for ease of use, intuitive UI, deployment simplicity, and management features, backed by responsive, multi-tier support.
- AI-driven innovation: With Azure AI-powered natural-language search and AI-assisted configuration, we’re helping security teams move faster, respond smarter and simplify at scale.
- Pricing & value: Although some of the top PAM solutions are seen as costly, One Identity was recognized specifically for below the market average pricing, particularly for SaaS offerings – delivering enterprise-grade security at exceptional value.
These strengths extend beyond functional capabilities and reflect how customer feedback influences development priorities, including usability and affordability.
Visionary recognition also reflects the company’s current trajectory, indicating external validation of a path oriented toward leadership and sustained advancement.
Key Innovations in One Identity Safeguard for Modern PAM
To meet the pace of identity-driven enterprises, PAM continues to transition from static control to adaptive intelligence.
The following seven innovations remain central to modern privileged access management and illustrate how One Identity Safeguard supports evolving requirements:
Unified, comprehensive PAM
Enhanced control over privileged access with integrated password vaulting, session recording, and analytics – all within the One Identity Safeguard platform.
Flexible deployment
Expanded support for cloud, on-prem, and hybrid models with scalable, cost-efficient licensing.
Streamlined implementation
Simplified setup through automation tools and cloud-ready configurations that reduce time-to-value.
Improved usability
One Identity Safeguard has a modernized UI, with ease of use, smoother workflows, and in-product help minimizes complexity and training needs.
Consistent, top-notch support
Standardized professional services and strong implementation guidance ensure excellence everywhere.
AI-powered administration and documentation
Contextual in-product guidance and intelligent search deliver faster answers, fewer support tickets and smarter administration.
Continuous optimization
Agile, customer-driven updates in our solutions enhance speed, usability and value across releases.
Outlook for Privileged Access Management
As organizations secure both human and machine identities, the future of PAM demands clarity, automation and intelligence.
One Identity is uniquely positioned to deliver all three – helping customers protect privileged access, simplify operations and accelerate digital transformation with confidence.
The 2025 Gartner Magic Quadrant for Privileged Access Management outlines how vision, innovation and customer success continue to influence the evolution of privileged access.
About One Identity
One Identity delivers unified identity security solutions that help customers strengthen their overall cybersecurity posture and protect the people, applications, and data essential to business.
Their Unified Identity Security Platform encompasses a variety of identity access and management tools, including AI-driven security solutions.
One Identity brings together the 4 pillars of IAM: Identity Governance and Administration (IGA), Access Management (AM), Privileged Access Management (PAM), and Active Directory Management (AD Mgmt) capabilities to enable organizations to shift from a fragmented to a holistic approach to identity security.
One Identity is trusted and proven on a global scale – managing more than 500 million identities for more than 11,000 organizations worldwide.
Users can find more information here: https://www.oneidentity.com
Contact
Global Corporate Communications
Liberty Pike
One Identity LLC
liberty.pike@oneidentity.com
The post One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Alisa Viejo, CA, USA, November 27th, 2025, CyberNewsWire Gartner has recognized One Identity as a Visionary in the 2025 Gartner Magic Quadrant for Privileged Access Management (PAM). In a rapidly transforming market, innovation and demonstrated performance continue to shape expectations. The placement as a Visionary reflects what the company observes across its customer and partner ecosystem, […]
The post One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence Quttera today announced major enhancements to its Web Malware Scanner API that transform static security scanning into automated compliance evidence. The update introduces real-time evidence streaming and compliance mapping, directly addressing the manual burden of audit […]
The post Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence
Quttera today announced major enhancements to its Web Malware Scanner API that transform static security scanning into automated compliance evidence. The update introduces real-time evidence streaming and compliance mapping, directly addressing the manual burden of audit preparation that costs organizations 30-40 hours per audit cycle.
The announcement includes two integrated capabilities: API-driven compliance automation that feeds structured security evidence into GRC platforms (https://quttera.com/quttera-web-malware-scanner-api), and the Quttera Threat Encyclopedia (https://threats.quttera.com/), an AI-powered resource providing instant context for detected threats.
Automating the Manual Evidence Chase
Organizations preparing for SOC 2, ISO 27001, and PCI DSS v4.0 audits traditionally spend dozens of hours manually collecting security evidence—exporting reports, capturing screenshots, and mapping findings to compliance controls. This approach creates outdated evidence, doesn’t scale across frameworks, and fails to prove continuous monitoring.
“Security teams are exhausted by the manual ‘evidence chase’ required before every audit,” said Michael Novofastovsky, CTO of Quttera. “We’re transforming malware detection into ‘Evidence-as-Code’—structured, real-time security data that flows automatically into compliance workflows. Whether organizations use Drata, Vanta, or custom GRC systems, our API provides continuous proof without human intervention.”
Quttera’s API converts threat detection into structured JSON with embedded compliance metadata, mapping findings to controls across SOC 2 (CC6.1, CC7.2), PCI DSS v4.0 (Requirements 6.4.3, 11.6.1), ISO 27001, and GDPR simultaneously.
Addressing PCI DSS v4.0’s New Requirements
The update specifically targets PCI DSS v4.0 requirements mandatory since March 2025, particularly Requirements 6.4.3 (script authorization on payment pages) and 11.6.1 (file integrity monitoring). These requirements demand continuous automated detection—capabilities manual processes cannot provide at scale.
“PCI DSS v4.0 requires real-time detection of unauthorized changes to payment scripts,” Novofastovsky explained. “Our API provides timestamped evidence that monitoring is active 24/7, changes are detected automatically, and controls are continuously validated.”
AI-Powered Threat Intelligence
The Threat Encyclopedia addresses the context gap security teams face when responding to detections. Integrated directly into scan reports, it provides:
- Technical breakdown of malware behavior
- Business impact and risk classification
- Step-by-step remediation guidance
- Connections to known attack campaigns
“We’re automating both sides of the problem,” said Novofastovsky. “The API handles compliance proof. The Threat Encyclopedia handles operational response. Together, they eliminate manual evidence collection and research overhead.”
The Encyclopedia currently documents 80+ web malware categories, with AI-assisted expansion based on emerging threats.
Key Capabilities
- Automated Control Mapping: Detections tagged for multiple compliance frameworks simultaneously
- Real-Time Evidence Streaming: Continuous JSON feeds replace static PDF reports
- Behavioral Detection: Heuristic scanning identifies zero-day and polymorphic threats
- Integration Flexibility: Works with existing GRC platforms via standard REST API
Availability
Enhanced capabilities are available immediately to all Quttera API subscribers.
- API Documentation: https://quttera.com/quttera-web-malware-scanner-api
- Integration Help: https://quttera.com/quttera-anti-malware-api-help
- Threats Library: https://threats.quttera.com/
About Quttera
Quttera provides automated website security and malware detection solutions, delivering compliance-ready evidence for organizations across financial services, healthcare, e-commerce, and technology sectors. Its comprehensive suite includes advanced heuristic scanning, blacklist monitoring, and remediation services, helping businesses worldwide protect their digital assets and reputation.
For more information, users can visit https://quttera.com
Contact
CTO
Michael Novofastovsky
Quttera
michael@quttera.comThe post Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0V appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The software supply chain is under siege from “Shai Hulud v2,” a sophisticated malware campaign that has compromised 834 packages across the npm and Maven ecosystems.
This new wave specifically targets GitHub Actions workflows, exploiting pull_request_target triggers to inject malicious code into widely used libraries.
The attack has impacted major projects like PostHog, Zapier, and AsyncAPI, leveraging compromised automation tokens to infect downstream dependencies systematically.
The infection process relies on a stealthy two-stage loader initiated by a pre-install script named setupbun.js.
This script installs the Bun runtime to execute an obfuscated payload, bunenvironment.js, while suppressing standard output to avoid detection during build logs.
By pivoting through compromised CI pipelines, the malware gains privileged access to repository secrets, enabling it to modify source code, increment patch versions, and republish infected packages to public registries.
Socket.dev security analysts identified the malware’s unique persistence mechanism, noting its use of a beacon phrase, “Sha1-Hulud The Second Coming,” effectively searching GitHub to re-trigger infections.
This ensures that even if individual repositories are cleaned, the attackers can locate and re-compromise vulnerable endpoints.
Campaign’s impact
The campaign’s impact is extensive, exposing sensitive credentials from tens of thousands of repositories and marking a dangerous evolution in automated supply chain attacks.
Once entrenched in a CI environment, the malware executes a comprehensive credential harvesting routine. It captures all available environment variables, specifically targeting GITHUB_TOKEN, NPM_TOKEN, and AWS_ACCESS_KEY_ID, while simultaneously deploying a TruffleHog binary to scan the local filesystem for embedded secrets.
.webp)
Sha1-Hulud – The Second Coming (Source – Socket.dev) Unlike typical scrapers, this payload aggressively enumerates cloud infrastructure, cycling through every region in AWS, Google Cloud, and Azure to extract secrets from managed vaults.
All stolen data is obscured using three layers of Base64 encoding before being exfiltrated to a randomly generated GitHub repository created within the victim’s account.
Furthermore, the malware attempts privilege escalation on Linux runners by manipulating sudoers or executing Docker run –privileged commands to gain root access.
If no valid credentials are found to propagate the worm, the malware executes a destructive wiper function that deletes the files.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at “login.microsoftonline[.]com” by only letting scripts from trusted Microsoft domains run. “This update strengthens security and adds an extra
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The “Korean Leaks” campaign has emerged as one of the most sophisticated supply chain attacks targeting South Korea’s financial sector in recent memory.
This operation combined the capabilities of the Qilin Ransomware-as-a-Service (RaaS) group with potential involvement from North Korean state-affiliated actors known as Moonstone Sleet.
The attackers leveraged a compromised Managed Service Provider (MSP) as their initial access vector, enabling them to breach multiple organizations through a single point of entry.
In September 2025, South Korea suddenly became the second most-targeted country for ransomware attacks, with 25 victims claimed in a single month.
This unusual spike was attributed exclusively to the Qilin ransomware group, which focused almost entirely on financial services firms, specifically asset management companies.
Of the 33 total victims, 28 are currently public, with documented cases confirming the theft of over 1 million files and 2 TB of data.
.webp)
Monthly count of ransomware victims in South Korea (September 2024 – September 2025) (Source – Bitdefender) Bitdefender security researchers identified that Qilin operates like a gig economy, where main operators provide branding, software, and infrastructure while taking 15% to 20% of profits.
The actual hacking is executed by affiliates who earn the majority of the money. What makes this campaign particularly concerning is the early 2025 partnership between Qilin and Moonstone Sleet, a hacking group tied directly to North Korea, blurring the lines between cybercrime and state-sponsored espionage.
The attackers rolled out their campaign in three distinct publication waves. Wave 1 released 10 victims on September 14, 2025, framing the attacks as a public-service effort to expose systemic corruption.
Wave 2 escalated threats against the entire Korean stock market, while Wave 3 concluded with nine additional victims before returning to standard extortion messaging.
MSP Compromise as the Attack Vector
The root cause analysis revealed that the tight clustering of victims within a single financial niche pointed to a shared vulnerability connecting all targets.
%20(Source%20-%20Bitdefender).webp)
Initial Qilin DLS listing for a Korean target that contains a direct North Korean reference (Source – Bitdefender) Press reporting on September 23, 2025, confirmed that more than 20 asset management firms suffered breaches after their servers were hacked through a common domestic IT service provider.
This MSP compromise granted attackers simultaneous access to multiple client networks, explaining the speed and precision of the attack waves.
Defense recommendations include implementing multi-factor authentication, network segmentation, and adopting EDR/XDR/MDR solutions to minimize adversary dwell time.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post Qilin RaaS Exposed 1 Million Files and 2 TB of Data Linked to Korean MSP Breach appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab’s Vulnerability Research team has uncovered a large-scale supply chain attack spreading a destructive malware variant through the npm ecosystem.
The malware, an evolved version of “Shai-Hulud,” contains a dangerous feature that threatens to destroy user data if attackers lose control of their infrastructure. The malware spreads through infected npm packages using a multi-stage process.
When developers install a compromised package, a script automatically downloads what appears to be a legitimate version of the Bun JavaScript runtime.
Affected npm Packages
However, this is a disguise for the malware’s actual payload. This heavily obfuscated 10MB file executes on the victim’s system.
Once running, the malware aggressively harvests credentials from multiple sources, including GitHub tokens, npm authentication keys, and accounts for AWS, Google Cloud, and Microsoft Azure.
It even downloads Trufflehog, a legitimate security tool, to scan the entire home directory for hidden API keys and passwords stored in configuration files.
Attack Work Flows Using stolen npm tokens, the malware automatically infects all other packages maintained by the victim.
It modifies the package.json files to include malicious scripts, increments version numbers, and republishes everything to npm.
This worm-like behavior means the attack spreads exponentially across the ecosystem. The stolen credentials are exfiltrated to attacker-controlled GitHub repositories marked with “Sha1-Hulud: The Second Coming.”
These repositories create a resilient botnet-like network in which compromised systems share access tokens.
Most critically, the malware includes a destructive payload designed to protect the attack’s infrastructure. If an infected system simultaneously loses access to both GitHub and npm, it triggers immediate data destruction.
On Windows systems, the malware attempts to delete all user files and overwrite disk sectors. On Linux and Mac systems, it uses advanced wiping techniques to make file recovery impossible.
This creates a dangerous scenario: if GitHub removes malicious repositories or npm revokes compromised tokens, thousands of infected systems could simultaneously destroy user data across the internet.
GitLab recommends enabling Dependency Scanning in your projects to detect compromised packages before they reach production automatically.
Security teams should also monitor for suspicious npm preinstall scripts and unusual version increments in their dependencies.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Dead Man’s Switch – Widespread npm Supply Chain Attack Driving Malware Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An urgent security update for its DGX Spark AI workstation after discovering 14 vulnerabilities in the system’s firmware that could allow attackers to execute malicious code and launch denial-of-service attacks.
The most severe flaw has a CVSS score of 9.3 and affects all DGX Spark devices running versions before the new OTA0 update.
The vulnerabilities reside in multiple firmware components of the DGX Spark GB10, including SROOT, OSROOT, and hardware resource controls.
NVIDIA’s Offensive Security Research team identified these flaws, which expose the AI workstation to serious security risks.
Attackers with local access can exploit these weaknesses to bypass security protections, modify hardware controls, and gain unauthorized access to protected areas of the system-on-chip.
The critical vulnerability, tracked as CVE-2025-33187, allows attackers with privileged access to breach SoC-protected areas.
CVE ID Base Score CWE Potential Impacts CVE-2025-33187 9.3 CWE-269 Code execution, information disclosure, data tampering, denial of service, escalation of privileges CVE-2025-33188 8.0 CWE-269 Information disclosure, data tampering, denial of service CVE-2025-33189 7.8 CWE-787 Code execution, data tampering, denial of service, information disclosure, escalation of privileges CVE-2025-33190 6.7 CWE-787 Code execution, data tampering, denial of service, escalation of privileges CVE-2025-33191 5.7 CWE-20 Denial of service CVE-2025-33192 5.7 CWE-690 Code execution, denial of service, information disclosure CVE-2025-33193 5.7 CWE-354 Code execution, denial of service, information disclosure CVE-2025-33194 5.7 CWE-180 Information disclosure, denial of service CVE-2025-33195 4.4 CWE-119 Data tampering, denial of service, escalation of privileges CVE-2025-33196 4.4 CWE-226 Information disclosure CVE-2025-33197 4.3 CWE-476 Code execution, denial of service CVE-2025-33198 3.3 CWE-226 Information disclosure CVE-2025-33199 3.2 CWE-670 Data tampering CVE-2025-33200 2.3 CWE-226 Information disclosure Potentially leading to code execution, data theft, system manipulation, denial-of-service attacks, or privilege escalation. This flaw requires immediate attention due to its critical severity rating and comprehensive impact on system integrity.
All NVIDIA DGX Spark systems running versions before OTA0 are vulnerable. The security update addresses all 14 CVEs simultaneously.
NVIDIA urges customers to download and install the latest DGX OS version immediately from the official NVIDIA DGX website.
Users can also visit the NVIDIA Product Security page to subscribe to security bulletins and report potential security issues. The vulnerabilities primarily require local access to exploit, though some can be triggered without privileges.
Organizations using DGX Spark workstations for AI development and machine learning workloads should prioritize this update to prevent potential compromise of sensitive AI models and training data.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post NVIDIA DGX Spark Vulnerabilities Let Attackers Execute Malicious Code and DoS Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
