Microsoft and CrowdStrike Partner to Link Threat Actor Names

Article link: https://www.bleepingcomputer.com/news/security/microsoft-and-crowdstrike-partner-to-link-hacking-group-names/    

• Microsoft and CrowdStrike have announced a coordinated approach to naming threat actor groups, aiming to resolve confusion caused by conflicting identifiers. The goal is shared clarity across industry platforms.
• The new taxonomy uses a two-tier structure: an actor’s primary name (e.g., Forest Blizzard) and cross-mapped aliases used by other vendors. This helps unify incident analysis and reporting.
• Microsoft’s threat-actor reference guide details 150 mapped actor names, including links to vendor definitions. The list is set for regular updates as new intel surfaces.
• Intelligence teams are encouraged to cross-reference these mappings for consistency across reports. Mismatched labels have long complicated incident response; clarity brings sharper focus.
• Reference guide: https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming

Why IAM Should Be the Starting Point for AI-Driven Cybersecurity

Article link: https://www.helpnetsecurity.com/2025/06/06/benny-porat-twine-security-ai-driven-security-decisions/     

• In an interview with Help Net Security, Benny Porat, CEO of Twine Security, advocates for initiating AI integration within cybersecurity through Identity and Access Management (IAM). He emphasizes that IAM, being a critical attack surface, is ideal for both AI augmentation and eventual automation.
• Porat suggests beginning with AI-assisted tasks such as identity hygiene and account verification. As trust in AI agents grows, organizations can progress to automating more complex processes like audit remediation and user access reviews, maintaining human oversight where necessary.
• He stresses the importance of auditability in AI-driven decisions. Unlike with human decisions, AI agents can provide complete, immutable audit trails, capturing every decision point and action. This transparency facilitates compliance and builds trust in AI systems.
• For evaluating the performance and ROI of human-AI collaboration, Porat recommends starting with essential projects that would proceed regardless of AI involvement. This approach allows organizations to measure improvements in efficiency and effectiveness attributable to AI integration.

6 Rising Malware Trends Every Security Pro Should Know

Article link: https://www.csoonline.com/article/3997388/6-rising-malware-trends-every-security-pro-should-know.html      

• A new report identifies six dominant malware trends shaping threat activity in 2025, from AI-powered obfuscation to supply chain infection paths. The threat landscape is growing in speed and precision.
• Examples include fileless malware using legitimate tools, evasion techniques targeting endpoint detection, and malware-as-a-service kits packaged for non-technical actors. Each trend reflects lowered barriers to entry.
• One key observation is that custom-built ransomware payloads are now being tailored to verticals such as healthcare and manufacturing. Attackers are investing in research to target systems with higher leverage.
• Defenses should adjust by focusing on behavioral analysis and lateral movement detection. Relying on signature-based tools alone will fall short as malware grows more context-aware.

Attackers Fake IT Support Calls to Steal Salesforce Data

Article link: https://www.helpnetsecurity.com/2025/06/04/salesforce-vishing-attacks/       

• The UNC6040 threat group has engaged in phone-based phishing (vishing) campaigns to gain access to companies’ Salesforce instances. Victims are coached to grant remote access or divulge credentials.
• The attackers, acting as IT support staff, craft believable support scenarios, tricking employees into connecting a malicious application—a modified version of Salesforce’s legitimate Data Loader app—to an organization’s Salesforce environment.
• Once having gained access via the malicious version of Data Loader, the attackers have been exfiltrating sensitive information from the victim companies. It has been speculated that UNC6040 is working with a second threat actor in extortion activities.
• Call verification protocols, restricted access to admin functions, and staff social engineering training may help reduce exposure. Salesforce has also been sharing best practices and features to help companies defend themselves.

Meta and Yandex Are De-Anonymizing Android Users’ Web Browsing Identifiers

Article link: https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/       

• Researchers have discovered that analytics scripts from Meta and Russian-based search engine Yandex are using Android system APIs to access web browsing identifiers, effectively de-anonymizing users in spite of privacy controls. The activity affects users across browsers and apps.
• These identifiers, passed through the Android WebView and Custom Tabs APIs, allow companies to link traffic data back to individual devices and correlate user activity across platforms. While neither disclosed this publicly, Yandex and Meta purportedly began doing this in 2017 and 2024, respectively.
• The research team developed a proof-of-concept app that showed Chrome, Firefox, and Edge browsers were susceptible to “browsing history leakage in both default and private browsing modes”, while DuckDuckGo was only minimally affected and Brave was completely unaffected.
• App developers and privacy advocates are calling for tighter restrictions around device-level identifiers. Users are encouraged to opt for browsers blocking the sharing of identifiers. Platform owners may need to reevaluate what constitutes meaningful consent in a mobile environment.
• Detailed research disclosure: https://localmess.github.io/

Chrome Extensions Leak API Keys and User Data

Article link: https://thehackernews.com/2025/06/popular-chrome-extensions-leak-api-keys.html        

• Researchers have found that multiple popular Chrome extensions are leaking API keys, authentication tokens, and user data due to poor code handling. These vulnerabilities expose connected services to misuse.
• With several identified extensions, data was being transmitted over simple HTTP, leaving their users susceptible to adversary-in-the-middle attacks, while another set of extensions saw “API keys, secrets, and tokens directly embedded in the JavaScript code,” which an attacker could use maliciously.
• Once exposed, tokens could be used to access email platforms, cloud storage, or third-party services without triggering alarms. No evidence of active exploitation was disclosed, but the risk remains.
• Review of extension permissions and sandboxing of sensitive data are necessary precautions. Users and admins are urged to vet browser add-ons and monitor for anomalous behavior linked to cloud services.

Breaking Encryption with Quantum Computers May Be Easier Than We Thought

Article link: https://www.techradar.com/pro/security/breaking-encryption-with-quantum-computers-may-be-easier-than-we-thought       

• A research team has proposed a quantum algorithm that could accelerate the decryption of widely used RSA encryption. The method, if proven viable, would lower the quantum hardware threshold required for key cracking.
• It is believed the algorithm could function with as few as 1 million quibits instead of 20 million, making the quantum threat more imminent than many projected. The claims are still undergoing peer review.
• The article explains that while practical application remains out of reach today, the cryptographic community is taking the proposal seriously. Transition planning toward quantum-safe algorithms is now seen with fresh urgency.
• Organizations are urged to assess their readiness for quantum transition. Researchers at Google Quantum AI are also recommending all vulnerable systems with current encryption standards be deprecated after 2030 and disallowed after 2035.
• Google Quantum AI Research: https://arxiv.org/pdf/2505.15917

Replay Attacks Bypass Deepfake Detection

Article link: https://www.darkreading.com/cybersecurity-analytics/researchers-bypass-deepfake-detection-replay-attacks       

• University researchers from Germany, Poland, and Romania, as well as from Resemble AI in the U.S., have demonstrated how replay attacks can defeat leading deepfake detection systems. By replaying AI-generated audio recordings rather than streaming them live, attackers evade detection logic.
• The test environment comprised 132.5 hours of rerecorded audio including various altered acoustic conditions. Recordings were tested across multiple trials using six open-source detection models, all of which were found to be less accurate with the replayed audio.
• The study found the modified audio saw detection error rates increase from 4.7% to 18.2%. Detection tools were tuned for stream artifacts, not real-world presentation flaws.
• Replay attacks compromising deepfake detection require such checks as liveness detection, contextual prompts, and multi-layer verification. The article reminds readers that vishing is a subset of social engineering attacks, and the best practices for those types of attacks are all applicable here.
• Research: https://arxiv.org/pdf/2505.14862

Good-Guy Leaker Outs Conti Kingpins in Ransomware Data Dump

Article link: https://www.theregister.com/2025/05/31/gangexposed_coni_ransomware_leaks/  

• An anonymous leaker operating under the alias “GangExposed” released detailed profiles of the leadership behind the now-defunct Conti ransomware group. The data, published via Telegram, connects the figures to past operations.
• The leak includes names, photos, internal chat logs, and cryptocurrency wallet addresses, offering insight into Conti’s command structure and tactics. Some security researchers believe this is an inside job, with the leaker possibly having been a former Conti operator “looking to burn his bosses.”
• While Conti was dismantled in 2022, its core members are thought to be operating under new banners. This exposure reopens questions about accountability and safe harbor for threat actors.
• Organizations may revisit existing threat models involving successor groups. The incident also demonstrates the value—and volatility—of whistleblowers in shaping threat intelligence landscapes.