The notorious cybercrime group Scattered Spider has shifted its focus to the airline industry, prompting a warning from the FBI after confirmed cybersecurity breaches at Hawaiian Airlines and Canada’s WestJet.
According to a recent FBI advisory, the group exploits social engineering tactics, often impersonating internal staff or contractors, to manipulate IT help desks into granting unauthorized access. These techniques have enabled the attackers to circumvent multi-factor authentication (MFA) by registering their own MFA devices on compromised accounts.
The FBI emphasized that large corporations and third-party IT vendors within the aviation ecosystem are at heightened risk. Once inside, the hackers are known to steal sensitive information for extortion and often launch ransomware attacks.
Following the breach, Hawaiian Airlines acknowledged a cyber incident affecting parts of its IT infrastructure. Despite the attack, operations continued without disruption. The airline confirmed that it had engaged law enforcement and cybersecurity experts and is working toward a complete system restoration.
Similarly, WestJet recently reported a cybersecurity issue that restricted access for several users. The airline is actively investigating the breach with support from digital forensics and cybersecurity specialists.
While the perpetrators behind these attacks haven’t been officially confirmed, cybersecurity firm Halcyon attributed recent aviation, food, and manufacturing sector incidents to Scattered Spider, noting the group’s aggressive and fast-paced approach.
The aviation sector has faced increasing warnings about such threats. Experts from Palo Alto’s Unit 42 and BlackFog have both flagged the industry as a high-risk target due to its global operational impact and the vast amount of sensitive passenger data it handles.
“With international travel peaking, cybercriminals are taking advantage of the industry’s pressure to maintain smooth operations,” said Darren Williams, CEO of BlackFog. “Airlines must act swiftly to reinforce their cybersecurity defenses and protect both their data and customer trust.”
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
As generative AI tools rapidly reshape digital workflows, security teams are struggling to keep up with emerging threats. A recent study by penetration testing firm Cobalt reveals that over a third of cybersecurity leaders and practitioners admit GenAI is advancing faster than their teams can secure it.
Nearly 48% of respondents called for a ‘strategic pause’ to better align defenses against evolving AI-driven attacks—though most acknowledge this pause is unlikely to materialize. Alarmingly, 72% identified GenAI-related threats as their top IT risk, yet one-third are not performing regular security assessments like penetration testing for their large language model (LLM) deployments.
“Threat actors aren’t waiting, and neither can we,” said Gunter Ollmann, CTO at Cobalt. “AI is redefining both productivity and risk. Security frameworks must evolve or risk becoming obsolete.”
The report also highlights a divergence in priorities between executive leaders and frontline security practitioners. While 76% of C-suite and VP-level respondents voiced concern over long-term threats like adversarial attacks, practitioners (45%) showed more immediate worry over operational risks such as inaccurate outputs.
Security leaders appear more inclined to adapt defense strategies for GenAI-specific threats, with 52% considering structural changes compared to 43% of practitioners.
Top concerns across all respondents include:
- Sensitive data exposure (46%)
- Model poisoning or theft (42%)
- Inaccurate outputs (40%)
- Training data leaks (37%)
Additionally, 50% of participants demand greater transparency from software vendors regarding vulnerability detection and mitigation, underscoring a widening trust gap within the AI supply chain.
Cobalt’s internal pentesting data also sheds light on vulnerabilities in LLM implementations. While 69% of all high-priority issues are addressed across categories, that figure drops to a mere 21% for LLM-specific high-severity issues—despite their significant risk level.
Interestingly, while serious GenAI issues are resolved faster—with a mean time to resolution (MTTR) of just 19 days, the lowest among all test types—this likely reflects a focus on simpler fixes, rather than comprehensive mitigation.
“Just like the early days of cloud, GenAI has exposed a critical gap between innovation and security readiness,” Ollmann warned. “We need to shift from reactive audits to proactive, programmatic AI testing—urgently.”
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
In its annual State of Ransomware report, Sophos revealed that while nearly 50% of organizations paid a ransom in the past year—the second-highest rate in six years—over half managed to settle for less than the hackers’ initial demand. In 71% of these cases, firms either negotiated directly or leveraged third-party experts to cut down the price.
Chester Wisniewski, Field CISO at Sophos, emphasized that ransomware threats have become a routine part of business risk. However, he noted a shift in how victims respond. “With greater awareness, companies are increasingly hiring incident responders who not only minimize ransom costs but also accelerate recovery and sometimes even halt attacks midstream,” Wisniewski stated.
The report highlighted a 33% drop in median ransom demands between 2024 and 2025, while the actual amount paid halved to $1 million. Yet, not all negotiations favor the victims—28% of organizations ended up paying more than originally asked, often due to delayed responses, lack of backups, or hackers pressing for higher demands.
Ransom costs also varied across sectors. State and local governments faced the highest median payouts at $2.5 million, while healthcare organizations paid as little as $150,000. Larger companies, especially those with over $1 billion in revenue, encountered steeper demands—typically around $5 million—compared to smaller firms, which saw demands under $350,000.
Sophos identified exploited vulnerabilities as the leading technical cause of attacks for the third consecutive year. Alarmingly, 40% of victims admitted the breach stemmed from security gaps they hadn’t even known existed. Staffing issues were also widespread—63% of companies cited limited resources as a critical weakness, with larger firms blaming lack of expertise, while mid-sized organizations pointed to insufficient capacity.
Despite these challenges, recovery is improving. Nearly 44% of organizations intercepted attacks before data encryption—a record high—while just half experienced encrypted data, the lowest in six years. Even though only 54% restored their data from backups, overall recovery costs plummeted from $2.73 million in 2024 to $1.53 million in 2025.
Most notably, 53% of companies now recover from ransomware attacks within a week, a sharp rise from 35% the previous year. Only 18% needed over a month, down from 34% in 2024—a promising sign of growing preparedness and resilience across industries.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
The UK’s National Cyber Security Centre (NCSC) is calling on users to adopt password managers and passkeys, highlighting them as the future of secure authentication.
In its latest guidance, the NCSC emphasizes the ease and security offered by browser-integrated password managers like those built into Chrome, Safari, Edge, and Firefox. These tools, deeply embedded into operating systems, offer a practical option for users.
The agency also recognized the role of long-standing third-party password managers, stating their continued existence is likely due to their strong commitment to security. Despite some high-profile breaches in the past, many of these services now rely on robust protection methods, including encryption, secure device chips, and biometric authentication like facial or fingerprint recognition.
The spotlight, however, is on passkeys—a newer, more secure login method developed by Apple, Google, and Microsoft. Passkeys replace traditional passwords with a cryptographic key pair. One part stays on the user’s device, while the other is shared with the service during account creation. When logging in, the device authenticates the user through standard unlock methods and confirms identity without transmitting the key itself.
According to the NCSC, passkeys are not only faster—up to eight times quicker than typing a password and 2FA code—but also more secure. They’re already supported by major platforms such as Google, eBay, and PayPal.
When choosing a password management tool, the NCSC advises users to assess the provider’s reputation and follow cyber hygiene practices. These include enabling updates, securing devices with biometrics, and setting up recovery methods such as trusted contacts or backup keys.
Greg Wetmore, VP of Product Development at Entrust, supported the agency’s call for change. He noted that passkeys address the core issues of password security—forgetfulness, complexity, and vulnerability to phishing attacks.
“Passwords are outdated and insecure. Passkeys offer a phishing-resistant solution that’s both easier to use and more effective,” Wetmore stated. “It’s time we all move forward.”
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
The rise of artificial intelligence, particularly Large Language Models (LLMs), has opened new frontiers for innovation—but also for cybercrime. Threat actors are now systematically misusing these advanced tools to develop and scale sophisticated hacking operations, according to recent research from Cisco Talos.
LLMs, widely used for legitimate tasks, are being repurposed to automate phishing, malware generation, vulnerability scanning, and exploitation. Cybercriminals are no longer relying solely on traditional methods; instead, they’re leveraging AI to reduce technical barriers and reach a broader base of bad actors.
Platforms like Hugging Face now host over 1.8 million models, offering fertile ground for malicious use. Despite safety measures built into mainstream models, hackers employ a range of tactics to bypass these restrictions. These include using uncensored or custom-built models like FraudGPT and DarkestGPT, which offer subscription-based access to tools designed specifically for cybercrime.
Cisco Talos reports that these criminal AI tools are being openly promoted on dark web forums. Some LLMs are integrated with external tools such as Nmap, enabling attackers to automate everything from reconnaissance to exploitation in a seamless manner.
A critical technique in this growing threat is jailbreaking—a process that tricks LLMs into ignoring their ethical safeguards. Cybercriminals use methods like Base64 encoding, character substitution (L33t speak), multi-language prompts, and role-play scenarios to bypass restrictions. In one case, models like WhiteRabbitNeo were observed generating uncensored malicious code with no safety filters.
Tactics such as meta-prompting, context manipulation, and disguising harmful code as mathematical problems allow attackers to exploit the LLMs’ core functionality. These prompts often confuse the models into responding as if the malicious request were educational or harmless.
What’s more, AI-driven hacking platforms offer attackers not just technical assistance but also scale—enabling low-skilled users to launch effective cyberattacks while maintaining operational anonymity. With tools like DarkestGPT charging as little as 0.0015 BTC per month, access to powerful, unrestricted AI is becoming increasingly democratized within the cybercrime world.
This new wave of AI-enhanced hacking marks a dramatic evolution in the threat landscape, underscoring the urgent need for tighter controls, real-time monitoring, and responsible AI deployment to prevent widespread abuse.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: Cybersecuritynews.com
At the RSAC 2025 Conference, while AI dominated the headlines, the spotlight also turned to a growing cybersecurity concern — quantum computing’s potential to undermine current encryption standards. Industry leaders and cryptography experts issued a strong warning: the time to secure data against quantum threats is now.
Central to these discussions was the emerging threat known as “harvest now, decrypt later” (HNDL). This tactic involves malicious actors collecting encrypted data today, anticipating that future quantum computers will be able to break these encryptions. Sensitive information such as government records, health data, intellectual property, and financial documents stolen now could become readable in the future, making this not a future concern, but a present-day vulnerability.
Asymmetric cryptographic systems like RSA and Elliptic Curve Cryptography (ECC)—critical for web security and digital signatures—face the highest risk. Symmetric encryption, though also vulnerable, offers more resistance and can be strengthened with larger keys.
To combat this, experts at RSAC 2025 strongly advocated for the adoption of Post-Quantum Cryptography (PQC). These next-generation algorithms are being designed to resist both classical and quantum attacks. The U.S. National Institute of Standards and Technology (NIST) is leading this global transition and is close to finalizing its PQC standards. Experts advised organizations to stay aligned with NIST’s progress and prepare for a sweeping cryptographic overhaul.
The road to PQC won’t be simple. It involves identifying where cryptography is currently applied within an organization, assessing risk, and developing a phased migration plan. Creating a cryptographic inventory is seen as the foundational step, followed by testing PQC algorithms in controlled environments to ensure compatibility and performance.
RSAC 2025 also emphasized the importance of crypto-agility—building systems that can quickly adapt to future algorithm changes without full redesigns.
Though no one can pinpoint when quantum computers will mature enough to break encryption, the consensus was clear: the threat is real and imminent. Organizations that act now will be better positioned to protect their data and digital infrastructures in the quantum era.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
Artificial intelligence is no longer a futuristic concept in cybersecurity—it’s a driving force behind today’s defense strategies. At the RSA Conference 2025, experts and industry leaders confirmed that AI is transforming how organizations detect, respond to, and anticipate cyber threats.
AI’s integration into cybersecurity operations is proving vital, particularly in Security Operations Centers (SOCs), where it helps manage large volumes of alerts and significantly speeds up incident response. Discussions at RSAC underscored how AI plays both an offensive and defensive role, requiring security teams to adapt faster than ever.
One of AI’s standout contributions lies in its advanced threat detection capabilities. Machine learning models can process vast amounts of real-time data, identifying anomalies that signal potential breaches or malware—often before traditional tools can detect them. AI-driven predictive analytics is also gaining traction by forecasting vulnerabilities based on historic patterns, while natural language processing (NLP) helps uncover phishing attempts hidden in everyday communication.
Beyond detection, AI is driving automation across cybersecurity infrastructures. Through platforms like SOAR (Security Orchestration, Automation, and Response), organizations can now isolate compromised systems, apply patches, or block threats in seconds—allowing human teams to focus on higher-level threat analysis. Tools such as agentic AI assistants, highlighted during the conference, are further pushing boundaries by independently investigating and addressing threats, reducing manual workloads.
AI also strengthens vulnerability management by continuously scanning for security gaps and flagging critical issues. Using User and Entity Behavior Analytics (UEBA), these systems detect abnormal behaviors that could indicate compromised accounts or insider threats, enabling prompt intervention.
Despite its benefits, the RSAC panels also stressed the need for responsible use. Since bad actors are equally capable of leveraging AI, there’s a growing call for explainable AI (XAI) that ensures transparency and trust. Experts agree that AI works best not as a replacement but as a force multiplier—supporting human judgment with speed and scale.
In an era where cyberattacks grow more complex and frequent, AI’s evolving role in cybersecurity is not just helpful—it’s indispensable.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
Cybersecurity experts at RSA Conference 2025 emphasized collaboration across sectors and shared intelligence as vital tools for tackling the evolving landscape of digital threats. Hugh Thompson, RSAC’s executive chairman, opened RSAC Conference 2025, declaring, “Community. It’s what makes us strong in cybersecurity.” He repeatedly underscored the cybersecurity community’s collective strength, highlighting collaboration as an essential defense against escalating digital complexity and sophisticated attackers.
The security community and industry leaders at the conference consistently agreed: a united front combats sophisticated, often globally coordinated digital disruptions. As ITPro reported, collaboration can begin simply by pairing cybersecurity employees with data scientists to share insights. The era of isolated defense quickly gives way to the understanding that shared knowledge and coordinated action are paramount for collective resilience.
Strengthening Public-Private Partnerships
The call for community strongly resonates with ongoing efforts to bolster public-private partnerships (PPPs). At RSAC Conference 2025, discussions around PPPs highlighted the critical link between government agencies, responsible for national cyber defense, and private sector entities, which manage critical infrastructure and vast data repositories.
These partnerships facilitate a bidirectional flow of information. Government agencies provide declassified intelligence on emerging digital challenges and attacker tactics, while private enterprises share real-time observations of malicious activities on their networks. This aims to build a more comprehensive understanding of the digital environment, enabling faster, more coordinated responses to protect critical services and the broader digital ecosystem. Experts stressed overcoming traditional barriers, including speed, trust, and delivering actionable intelligence within these frameworks.
Advancing Intelligence Sharing Ecosystems
Security intelligence sharing forms a cornerstone of collaborative defense, and RSAC Conference 2025 showcased advancements that enhance these ecosystems’ effectiveness. The focus moved beyond simply exchanging indicators of compromise (IoCs) to sharing richer, contextual intelligence, including comprehensive tactics, techniques, and procedures (TTPs), often aligned with standardized frameworks like MITRE ATT&CK. This approach helps organizations shift from reactive blocking to proactive defense strategies, informed by attacker behavior insights.
Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs), tailored to industries like finance, healthcare, and energy, continue to evolve, offering valuable sector-specific intelligence. Furthermore, automating intelligence sharing through standardized protocols like STIX/TAXII becomes crucial for disseminating critical information at machine speed, a necessity when countering fast-moving digital disturbances.
Thompson’s guidance on learning from everyone encompasses both internal and cross-sector collaboration. Within organizations, leaders must foster a security-aware culture where IT, security, development, and business units collaborate effectively. Externally, exchanging best practices across industries strengthens defenses against common digital issues, thereby enhancing overall resilience, as Thompson recommended.
Fostering Internal and Cross-Sector Cooperation
Collaboration is not only an external endeavor; it proves equally vital within organizations. RSAC Conference 2025 sessions underscored the need to break down internal silos, fostering closer cooperation among cybersecurity teams, IT operations, legal departments, and business units. Cultivating a culture where cybersecurity is seen as a shared responsibility, rather than solely the security team’s domain, becomes essential. This includes integrating security considerations throughout the entire lifecycle of products and services, often referred to as DevSecOps.
Beyond individual organizations, cross-sector collaboration also gains traction. Attackers frequently reuse tools and techniques across different industries. By sharing experiences, best practices, and lessons learned, organizations in one sector can better prepare for challenges that have already impacted others. This broader learning loop enhances the entire business community’s defensive posture.
RSAC Conference 2025 delivered an overarching message on collaboration in cybersecurity: it represents an urgent necessity and a practical application. While challenges related to trust, data sensitivity, and operationalizing shared intelligence persist, the fundamental understanding is clear – the benefits of working together far outweigh the difficulties. Building these collaborative bridges is no longer a strategic option; it stands as a foundational requirement for navigating the modern cybersecurity landscape.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
In a worrying new tactic, cybercriminals are now exploiting Google Ads to manipulate search results, displaying fraudulent customer service numbers instead of legitimate ones. The scam, discovered by researchers at Malwarebytes, involves a deceptive method that uses real corporate websites to deceive users.
Unlike conventional phishing schemes that direct victims to counterfeit sites, this approach uses sponsored ads that link to authentic company websites. However, the twist lies in the contact details shown—scammers tamper with search result snippets to insert their own phone numbers.
Once a user searches for support and clicks the sponsored link, they land on the genuine site. With the authentic domain visible in the address bar, the setup appears legitimate, leading users to trust the information presented. Victims then unknowingly call the scammer’s number, believing they are speaking with official customer support.
Malwarebytes highlighted that these scams are especially dangerous because of the multiple layers of authenticity. “The illusion is nearly perfect,” their June 18, 2025, report stated.
The real risk comes after users place the call. Believing they are interacting with a verified support team, they may share personal data, payment details, or even grant remote access to their devices. This can lead to severe outcomes such as ransomware attacks, data breaches, and system compromise.
Technically, this method does not rely on common tactics like DNS hijacking or browser-based attacks. Instead, scammers exploit how Google’s ad platform renders structured data during redirects. By manipulating certain parameters in the redirect chain, they manage to alter how contact details are cached and displayed in search results.
This sophisticated trick has been used against high-profile targets like Netflix, banks, and tech support services—sectors where users are quick to seek help and more likely to divulge sensitive information.
Experts warn that the seamless blend of real websites, trusted platforms, and fake contact data represents an evolution in social engineering tactics, one that traditional security training may not yet fully address.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: Cybersecuritynews.com
The UK government significantly boosts the nation’s cybersecurity sector, allocating up to £16 million through a new Cyber Growth Action Plan. This initiative aims to strengthen the UK’s £13.2 billion cyber industry by channeling funds to startups, scale-ups, and university spinouts.
The University of Bristol and Imperial College London’s Centre for Sectoral Economic Performance (CSEP) will spearhead a project to analyze the supply and demand of cyber goods and services, including protective monitoring and encryption. This research will identify growth opportunities and explore emerging technologies like AI and quantum computing.
Chancellor of the Duchy of Lancaster Pat McFadden stated, “Today’s investment transforms innovative ideas into successful businesses nationwide. New research will support our mission to grow the economy. Recent cyber attacks underscore the importance of fostering this sector, delivering high-paying jobs and strengthening the country’s cybersecurity.”
The government commits an additional £10 million to the CyberASAP program over the next four years. This funding empowers the UK’s academic cyber sector to commercialize research. The program has already facilitated 34 spin-out companies, attracting over £43 million in investment. The new funding targets an additional 25 spin-outs by 2030 and aims to secure £30 million in further investment.
Professor Simon Shiu, project leader and professor of cybersecurity at the University of Bristol, commented, “The UK cyber sector thrives and expands, but challenges intensify, as recent events affecting businesses and consumers demonstrate. This project, based on input from across the cyber sector, will provide independent recommendations to accelerate cyber growth and enhance cyber-resilience in other critical sectors vital to UK security, industry, and prosperity.”
Furthermore, up to £6 million will support cyber startups and SMBs, complementing the existing Cyber Runway accelerator. This funding will help businesses scale, access new markets through trade missions, and bolster the UK’s broader cyber ecosystem.
The government also established a new Government Cyber Advisory Board, drawing experts from the defense industry, major tech firms, AI labs, and academia. Executives from BAE Systems, Santander, Amazon Web Services, Microsoft, and Google DeepMind will serve on the board. This group will advise on public sector cybersecurity and expects to report later this summer.
This vital work will support the upcoming cyber resilience bill, which Parliament will introduce later this year. The bill includes proposals to safeguard the UK’s supply chains, critical national services, and IT service providers, with specific support for hospitals and energy suppliers.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
