1010.cx

  • Bob Flores, Former CTO of the CIA, Joins Brinker

    ·

    Delaware, United States, November 4th, 2025, CyberNewsWire

    Brinker, the narrative intelligence company dedicated to combating disinformation and influence campaigns, announced today that Bob Flores, former Chief Technology Officer of the U.S. Central Intelligence Agency, has joined its advisory board.

    His appointment strengthens Brinker’s mission to transform the fight against disinformation, moving from detection to real-time, technology-driven mitigation at global scale.

    “Most disinformation efforts fail because they rely on manual operations that can’t match the speed and scale of today’s influence campaigns,” said Bob Flores.

    “Brinker’s AI-native approach enables responses that were previously impossible, turning real-time analysis and large-scale mitigation into a reality.”

    Founded by Benny Schnaider, Daniel Ravner, and Oded Breiner, Brinker was built from the ground up as a Native AI platform that identifies, analyzes, and neutralizes harmful narratives across platforms, languages, and geographies.

    Its proprietary, battle-proven LLM traces how stories evolve and spread over time, uncovering connections that traditional tools take weeks to detect.

    “Bob’s expertise in intelligence and technology will help Brinker accelerate its global impact,” said Daniel Ravner, CEO of Brinker.

    Oded Breiner, CTO, added: “Bob’s technological experience and understanding of mission-critical systems can help take Brinker’s automated OSINT technology to the next level, ensuring our platform continues to meet the operational demands of U.S. and global government partners, turning what was once a reactive process into a real-time defense capability.”

    Flores brings decades of experience in national security and enterprise technology innovation. As the CIA’s former CTO, he led digital transformation and information-sharing initiatives across U.S. intelligence agencies.

    He currently serves as Founder and President of Applicology Inc., a Virginia-based security advisory firm.

    This appointment follows the addition of Avi Kastan, former CEO and Co-Founder of Sixgill (acquired in 2024), further strengthening Brinker’s advisory board with deep expertise in intelligence, cybersecurity, and threat analysis.

    About Brinker

    Brinker is an award-winning disinformation threat mitigation platform built to combat malicious narratives and influence campaigns using proprietary narrative intelligence technology.

    The SaaS platform delivers AI-powered detection, context analysis, and automated OSINT investigations.

    A suite of mitigation tools is available at the press of a button, including pre-legal actions, media publications, content removal, and counter-narratives. Brinker serves governmental intelligence agencies, major enterprises, law firms, and NGOs.

    More information is available at www.brinker.ai

    Contact

    Daniel Ravner

    Brinker

    daniel@brinker.ai

    The post Bob Flores, Former CTO of the CIA, Joins Brinker appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Bob Flores, Former CTO of the CIA, Joins Brinker

    ·

    Delaware, United States, November 4th, 2025, CyberNewsWire Brinker, the narrative intelligence company dedicated to combating disinformation and influence campaigns, announced today that Bob Flores, former Chief Technology Officer of the U.S. Central Intelligence Agency, has joined its advisory board. His appointment strengthens Brinker’s mission to transform the fight against disinformation, moving from detection to real-time, […]

    The post Bob Flores, Former CTO of the CIA, Joins Brinker appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Can Exploit Microsoft Teams Vulnerabilities to Manipulate Messages and Alter Notifications

    ·

    , , ,

    Critical vulnerabilities in Microsoft Teams, a platform central to workplace communication for over 320 million users worldwide, enable attackers to impersonate executives and tamper with messages undetected.

    These vulnerabilities, now patched by Microsoft, allowed both external guests and insiders to spoof identities in chats, notifications, and calls, potentially leading to fraud, malware distribution, and misinformation.

    Check Point disclosed the issue to Microsoft responsibly in March 2024. The issues highlight how trust in collaboration tools can be weaponized by sophisticated threat actors targeting remote work infrastructure.

    Launched in 2017 as part of Microsoft 365, Teams integrates chat, video calls, file sharing, and apps, making it indispensable for businesses from startups to Fortune 500 companies.

    Check Point’s investigation focused on the web version’s JSON-based architecture, where messages include parameters like content, messagetype, clientmessageid, and imdisplayname.

    Attackers exploited these to edit messages without the “Edited” label by reusing clientmessageids, effectively rewriting history without traces.

    Notifications could be manipulated by altering imdisplayname, making alerts appear from high-level executives like CEOs, exploiting users’ instinctive trust in urgent pings.

    In private chats, modifying conversation topics via a PUT endpoint changed display names, misleading participants about the sender’s identity, as shown in before-and-after screenshots of altered interfaces.

    Call initiations via POST /api/v2/epconv allowed forging displayName in participant sections, spoofing caller identities during audio or video sessions.

    One flaw, notification spoofing, was tracked as CVE-2024-38197, a medium-severity issue (CVSS 6.5) affecting iOS versions up to 6.19.2, where sender fields lacked proper validation.​

    Microsoft Teams Vulnerability Attack Scenarios

    These vulnerabilities erode the core trust in Teams, turning it into a deception vector for advanced persistent threats (APTs), nation-state actors, and cybercriminals.

    External guests could infiltrate as insiders, impersonating finance leads to harvest credentials or push malware-laden links disguised as executive directives.

    Insiders might disrupt briefings by spoofing calls, spreading confusion in sensitive discussions, or enabling business email compromise (BEC) schemes.

    Real risks include financial fraud, where fake CEO notifications prompt wire transfers; privacy breaches from falsified conversations; and espionage via manipulated histories in supply chain attacks.

    Threat actors, including groups like Lazarus, have long targeted such platforms for social engineering, as seen in recent reports of Teams abuse in ransomware and data exfiltration.

    The ease of chaining these flaws, for instance, spoofing a notification followed by a forged call, amplifies dangers, potentially fooling users into revealing secrets or executing harmful actions.​

    Check Point disclosed the flaws on March 23, 2024, with Microsoft acknowledging them on March 25 and confirming fixes progressively.

    The message editing issue was resolved by May 8, 2024; private chat alterations by July 31; notifications (CVE-2024-38197) by September 13, after an August rollout; and call spoofing by October 2025.

    All issues are now addressed across clients, requiring no user action beyond updates. However, organizations should layer defenses: implement zero-trust verification for identities and devices; deploy advanced threat prevention to scan payloads in Teams; enforce data loss prevention (DLP) policies; and train staff on out-of-band validation for high-stakes requests.

    Critical thinking remains key to always verifying suspicious communications, even from apparent trusted sources. As collaboration tools evolve, securing human trust is as vital as patching code.​

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Hackers Can Exploit Microsoft Teams Vulnerabilities to Manipulate Messages and Alter Notifications appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

    ·

    Details have emerged about a now-patched critical security flaw in the popular “@react-native-community/cli” npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions. “The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli’s

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Stolen Over $100 Million by Exploiting Balancer DeFi Protocol

    ·

    , , ,

    Hackers have successfully stolen more than $100 million by exploiting a critical vulnerability in the Balancer protocol.

    Balancer, a leading DeFi platform known for its automated market-making pools, confirmed that only its V2 Composable Stable Pools were affected by the exploit. The remainder of its pools, including Balancer V3 and other older pools, remain untouched and fully secure.

    The impacted pools had been active on the blockchain for several years and, due to their age, many were outside of Balancer’s “pause window” a built-in feature allowing emergency halts to prevent damage during attacks.

    Balancer DeFi Protocol Exploited

    The pools that could be paused were quickly taken offline and are currently in recovery mode while the investigation continues.

    The Balancer team responded rapidly, working in collaboration with experienced security researchers to analyze the incident. A full post-mortem report with technical details will be provided once the investigation has progressed.

    Balancer emphasized its longstanding commitment to security, highlighting extensive third-party audits and robust bug bounty programs designed to encourage independent researchers to uncover vulnerabilities before hackers do.

    Legal and security professionals are now working closely to enhance protection for users and to track down the attackers. In the wake of the incident, the Balancer team issued an urgent warning about fraudulent communications.

    Malicious actors are already sending fake messages pretending to represent the Balancer Security Team, seeking to further exploit concerned users. Balancer stressed that official updates will be shared only through its official X (Twitter) account and Discord server.

    Users are strongly cautioned not to trust unsolicited messages or click on unknown links, as these could be part of phishing schemes aimed at stealing more funds.

    As the investigation proceeds, Balancer has reassured the community that they are devoted to operational security and user protection.

    The DeFi community and partners are actively supporting the team. Users are encouraged to stay tuned for further updates as more details surrounding the exploit and future preventive measures are released.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Hackers Stolen Over $100 Million by Exploiting Balancer DeFi Protocol appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • 2025 Insider Risk Report Finds Most Organizations Struggle to Detect and Predict Insider Risks

    ·

    Baltimore, USA, November 4th, 2025, CyberNewsWire

    The new 2025 Insider Risk Report, produced by Cybersecurity Insiders in collaboration with Cogility, highlights that nearly all security leaders (93%) say insider threats are as difficult or harder to detect than external cyberattacks.

    Yet only 23% express strong confidence in stopping them before serious damage occurs.

    The report warns that most organizations remain reactive despite a surge in AI-driven risks and the increasing prevalence of decentralized workforces.

    The report, which surveyed 635 CISOs and cybersecurity professionals, highlights an urgent industry contradiction: while there is high awareness of insider risks, the capabilities to anticipate and prevent them are dangerously limited.

    Without stronger behavioral intelligence and predictive modeling, organizations risk being blindsided by trusted insiders misusing powerful new tools.

    Key findings include:

    • Flying blind against insiders: 93% of organizations find insider attacks as hard or harder to detect than external threats. At the same time, fewer than one in four are confident in preventing them before major damage.
    • Behavioral blind spots: Only 21% extensively integrate HR, financial stress, or psycho-social signals into detection, leaving most programs relying solely on technical anomalies.
    • Predictive defenses are missing: Only 12% have mature predictive risk models, leaving the majority in reactive mode, while AI-enabled insider risks accelerate.

    “Insider threats don’t announce themselves with alarms – they unfold quietly, in plain sight,” said Holger Schulze, founder of Cybersecurity Insiders.

    “Without context like financial stress or behavioral shifts, security teams are watching shadows on the wall while the real danger moves unchecked. If organizations fail to evolve, they’ll be reading about their data on the dark web before they ever see it in their logs.”

    The full report can be read here.

    About Cybersecurity Insiders

    Cybersecurity Insiders is the trusted intelligence source for CISOs and cybersecurity decision-makers seeking strategic clarity in a complex, fast-moving industry.

    Backed by more than a decade of analyst-led research and a global community of over 600,000 cybersecurity professionals, we deliver evidence-based insights, original data, and expert commentary to help leaders navigate threats, assess emerging technologies, and shape forward-looking security strategies. More: https://cybersecurity-insiders.com

    About Cogility

    Cogility’s continuous Decision Intelligence Platform, Cogynt, provides an advanced decision intelligence and decision support streaming analytic solution for government and commercial organizations — allowing our customers to get left of harm or ahead of opportunity.

    A cloud-scalable, proven solution, Cogynt enables organizations to efficiently and effectively manage complex intelligence challenges with high-confidence, predictive, and explainable insights required to become proactive versus reactive in highly complex and high consequence environments.

    To learn more, users can visit www.cogility.com.

    Contact

    Head of Research

    Holger Schulze

    Cybersecurity Insiders

    contact@cybersecurity-insiders.com

    The post 2025 Insider Risk Report Finds Most Organizations Struggle to Detect and Predict Insider Risks appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • 2025 Insider Risk Report Finds Most Organizations Struggle to Detect and Predict Insider Risks

    ·

    Baltimore, USA, November 4th, 2025, CyberNewsWire The new 2025 Insider Risk Report, produced by Cybersecurity Insiders in collaboration with Cogility, highlights that nearly all security leaders (93%) say insider threats are as difficult or harder to detect than external cyberattacks. Yet only 23% express strong confidence in stopping them before serious damage occurs. The report […]

    The post 2025 Insider Risk Report Finds Most Organizations Struggle to Detect and Predict Insider Risks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft Entra Credentials in the Authenticator App on Jail-Broken Devices to be Wiped Out

    ·

    , ,

    Microsoft is implementing a significant security enhancement to its Authenticator app, introducing automatic detection of jailbroken and rooted devices for Microsoft Entra credentials.

    Beginning in February 2026, the company will automatically delete all Microsoft Entra credentials stored on jailbroken iOS devices and rooted Android devices to prevent unauthorized access and strengthen the organization’s security posture.

    The move represents Microsoft’s commitment to protecting enterprise credentials from potential compromise on compromised devices.

    Jailbroken and rooted devices bypass built-in security controls, making them vulnerable to credential theft and malicious software installation.

    By wiping credentials on these devices, Microsoft eliminates a significant attack vector that threat actors could exploit to gain unauthorized access to sensitive organizational resources.

    Jailbreak and Rooted Device Detection

    The security feature will be automatically deployed across all Authenticator installations and requires no administrative configuration or IT team control.

    This means organizations don’t need to adjust settings or deploy policies to activate the protection. The change applies uniformly to both iOS and Android platforms, ensuring consistent security across all mobile operating systems.

    Microsoft designed this capability as secure by default, meaning the protection activates immediately without any manual intervention.

    This approach reduces the burden on IT administrators while ensuring that all users receive the same level of protection regardless of their organization’s technical readiness or configuration.

    Importantly, this change applies only to Microsoft Entra credentials and will not affect personal Microsoft accounts or third-party accounts stored in the Authenticator app.

    This targeted approach allows users to maintain access to personal accounts on their devices while protecting organizational credentials from compromise.

    The distinction ensures that the security enhancement doesn’t unnecessarily restrict access to non-enterprise accounts that don’t require the same level of protection. Microsoft emphasizes that organizations should notify end users about this upcoming change before February 2026 arrives.

    Users currently relying on Authenticator for Microsoft Entra credentials on jailbroken or rooted devices must understand that their credentials will cease functioning once the update deploys.

    This advance notification prevents confusion and support tickets when users suddenly find themselves unable to authenticate with their organizational accounts.

    Organizations should provide clear guidance to users about the options available, including upgrading to non-jailbroken devices or removing the jailbreak or root modifications to maintain access to corporate resources. The notification period gives users adequate time to prepare and adjust their device management practices.

    This update aligns with industry best practices for securing mobile device credentials. Jailbreaking and rooting devices fundamentally compromise the security model that protects stored credentials and sensitive data.

    By preventing Microsoft Entra credentials from functioning on these devices, Microsoft reinforces that enterprises require baseline device security standards for organizational access.

    The implementation reflects growing recognition that mobile devices serve as critical access points to corporate networks and sensitive information.

    Protecting credentials at the application level represents a practical security measure that organizations can enforce without relying on complex MDM policies or user compliance.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Microsoft Entra Credentials in the Authenticator App on Jail-Broken Devices to be Wiped Out appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed

    ·

    Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks. The vulnerabilities “allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications,” Check Point said in a report shared with The Hacker News. Following responsible disclosure in March

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • SesameOp Leveraging OpenAI Assistants API for Stealthy Communication with C2 Servers

    ·

    , ,

    A sophisticated new backdoor named SesameOp has emerged with a novel approach to command-and-control communications that fundamentally challenges traditional security assumptions.

    Discovered in July 2025 by Microsoft’s Incident Response and Detection and Response Team, this malware represents a significant shift in how threat actors exploit legitimate cloud services for covert operations.

    Rather than relying on dedicated infrastructure or suspicious network connections, SesameOp ingeniously abuses the OpenAI Assistants API as a disguised command relay, allowing attackers to issue instructions and receive results through what appears as legitimate traffic to a trusted service.

    The malware’s discovery emerged during a complex incident investigation where attackers had maintained operational presence within a compromised environment for months.

    The investigation revealed an intricate architecture comprising internal web shells strategically positioned throughout the network.

    These shells operated under control of persistent malicious processes that leveraged compromised Microsoft Visual Studio utilities through .NET AppDomainManager injection—a technique that circumvents traditional detection mechanisms by hiding malicious code within legitimate system processes.

    Microsoft analysts identified the infection chain as a two-component system. The first component consists of Netapi64.dll, a heavily obfuscated loader designed to identify and execute the primary backdoor.

    Netapi64.dll enumerates files in Temp directory (Source – Microsoft)

    The second component, OpenAIAgent.Netapi64, contains the core functionality that orchestrates C2 communications through the OpenAI platform.

    Rather than utilizing OpenAI’s agent software development kits or model execution features, the backdoor weaponizes the Assistants API purely as a message storage mechanism.

    Commands arrive compressed and encrypted, which the malware decrypts and executes locally before returning results back through the same OpenAI infrastructure.

    Communication and Execution Mechanisms

    The technical sophistication underlying SesameOp extends beyond simple API misuse. Upon execution, the backdoor initiates sophisticated command retrieval by first establishing contact with OpenAI’s vector store infrastructure.

    The malware encodes the infected machine’s hostname in Base64 format and queries the Assistants API to identify corresponding vector stores and assistants previously created by the operator.

    The configuration embedded within the backdoor contains a hardcoded OpenAI API key, a dictionary key selector, and optional proxy information.

    Once communication establishes, the malware enters a polling loop where it periodically checks for new commands marked with either “SLEEP” or “Payload” designations within the assistant descriptions.

    When a payload command appears, the backdoor retrieves encrypted content from OpenAI threads using thread IDs and message identifiers.

    The payload undergoes multi-layered decryption: first, a 32-byte AES key is extracted and decrypted using an embedded RSA private key, then the command payload is decrypted with this AES key and decompressed using GZIP.

    The decrypted message transforms into a dictionary structure that the backdoor passes to a dynamically loaded .NET module using the JScript evaluation engine.

    This module executes the command and generates results that are compressed, encrypted with a randomly generated AES key, and posted back to OpenAI as a new message.

    The backdoor then creates a new Assistant record with the execution results marked as “Result,” signaling the operator that tasks have completed.

    This bidirectional communication channel remains virtually invisible to network monitoring tools since all traffic appears as routine connections to a legitimate, trusted service.

    The OpenAI Assistants API has been deprecated by the platform and will be retired in August 2026.

    Microsoft and OpenAI jointly investigated this threat, leading OpenAI to identify and disable the API key and associated account used by the threat actor.

    However, this case underscores a critical vulnerability in how emerging technologies can be weaponized before security communities fully understand their implications.

    Follow us on Google NewsLinkedIn, and X to Get More Instant UpdatesSet CSN as a Preferred Source in Google.

    The post SesameOp Leveraging OpenAI Assistants API for Stealthy Communication with C2 Servers appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶