CU InfoSecurity
Unknown date
Security
• Web-based client of Idis surveillance management software can be exploited through a one-click attack leading to code execution. • This vulnerability allows hackers to escalate privileges and execute arbitrary code on the host.
Web-Based Client on Local Host Didn't Sanitize Inputs Video camera surveillance management software made by South Korean manufacturer Idis is susceptible to a one-click attack giving hackers the power to execute arbitrary code. The vulnerability allows an attacker to escalate beyond the browser sandbox and achieve code execution on the host.
CU InfoSecurity
Unknown date
Security
The webinar explains the risks associated with unsanctioned AI tools and how they can lead to data loss. It highlights the importance of identifying and managing these tools within an organization.
CU InfoSecurity
Unknown date
Security
- ShinyHunters campaign uses voice phishing to bypass multifactor authentication and steal corporate data.
- At least 150 organizations, including some in the financial sector, are targeted by this active and ongoing campaign.
ShinyHunters Campaign Uses Voice Phishing to Bypass MFA and Steal Corporate Data Security experts warn that "an active and ongoing campaign" being waged by ShinyHunters extortionists has at least 150 organizations in its sights across a range of sectors, with attackers using live voice phishing to bypass multifactor authentication, steal cloud data and hold it to ransom.
CU InfoSecurity
Unknown date
Security
The article discusses the importance of modern Privileged Access Management (PAM) and audit-ready access controls for credit unions in 2026. It emphasizes the need for robust security measures to protect sensitive information.
CU InfoSecurity
Unknown date
Security
Memcyco raised $37 million for its AI-powered scam detection platform; plans to expand sales and develop new features.
Digital Risk Protection Startup to Expand Preemptive Scam Detection Tools With brand impersonation and account takeover attacks surging, Memcyco raised $37 million in Series A funding to scale its preemptive scam detection platform. The firm plans to grow its sales team, develop AI-based features and support new product launches in the coming year.
CU InfoSecurity
Unknown date
Security
A legacy client-server application protocol vulnerability allows unauthenticated users to gain root access; more than 800,000 servers could be targeted. Credit unions should assess their systems for open telnet ports.
Telnet Flaw Allows Unauthenticated Users to Gain Root Access Hackers are on the hunt for open telnet ports in servers after discovering that a version of legacy client-server application protocol is vulnerable to an authentication bypass vulnerability. More than 800,000 servers could be actively targeted in the wild.
CU InfoSecurity
Unknown date
Guidance
The webinar discusses how Agentic AI can enhance compliance and security decisions by providing context. It highlights the benefits of using AI in understanding complex regulatory environments.
CU InfoSecurity
Unknown date
Security
The webinar discusses how Agentic AI can enhance compliance and security decisions by providing context. It emphasizes the importance of understanding the 'why' behind decisions, which can improve overall decision-making processes.
CU InfoSecurity
Unknown date
Security
- The article discusses how the reliance on point solutions for security is breaking down due to consolidation.
- CISOs and CIOs need to rethink their security architecture to address new challenges.
How Consolidation Is Forcing CISOs and CIOs to Rethink Security Architecture For more than a decade, enterprise security has relied on point solutions. Companies invested in separate tools - endpoint detection, firewalls, cloud security and IAM - each designed to address a specific threat or compliance requirement. But that approach is starting to break down.
CU InfoSecurity
Unknown date
Security
The webinar discusses the transition from continuous controls monitoring to continuous assurance through the use of a security data fabric. It highlights how this approach can enhance compliance and risk management.
CU InfoSecurity
Unknown date
Security
The webinar discusses how a Security Data Fabric can enhance continuous controls monitoring and move towards continuous assurance. It highlights the importance of integrating data from various sources for effective compliance management.
CU InfoSecurity
Unknown date
Security
• High-assurance identity proofing combining biometrics, liveness detection, and verified IDs is crucial to prevent impersonation in remote work environments.
• The article highlights the growing threat of stolen and synthetic identities driven by deepfakes.
The Urgency of High-Assurance Identity Proofing Amid Growing Identity Fraud Remote work has fueled a new crimewave built on stolen and synthetic identities. As deepfakes scale, high-assurance identity proofing - combining biometrics, liveness detection and verified IDs - becomes essential to verify users, prevent impersonation and protect enterprise access.
CU InfoSecurity
Unknown date
Security
• A security flaw in 'WhisperPair' technology could allow hackers to covertly record conversations and track users. • This vulnerability may persist for years, posing a significant risk to credit union members.
'WhisperPair' Flaw Likely to Endure for Years A hacker could secretly record phone conversations, track users' locations and blast music through headphones due to a flaw in implementations of a Google-developed low-energy technology for discovering nearby Bluetooth devices.
CU InfoSecurity
Unknown date
Security
• Okta warns of a surge in voice-phishing attacks targeting single sign-on access.
• These attacks bypass some types of multifactor authentication and allow attackers to manipulate what the target sees in their browser.
Okta Alerts Customers' CISOs to Malicious Campaigns Seeking Single Sign-On Access A surge in attacks that bypass some types of multifactor authentication has been tied to a new generation of voice-phishing toolkits that give attackers the ability to orchestrate what a target sees in their browser, warns a new report from Okta, which is among the services being targeted.
CU InfoSecurity
Unknown date
Security
A Russia-linked ransomware group stole and leaked data from 72.7 million Under Armour customers after a failed extortion attempt; the incident highlights cybersecurity risks for large organizations.
Russia-Linked Ransomware Group Dumps Customer Data After Failed Extortion Attempt Under Armour may trade on the "blood, sweat, respect" slogan, but a Russia-linked ransomware group hasn't been abiding, after they stole data pertaining to 72.7 million of the athleisure giant's customers, then leaked it on darkweb sites after saying the retailer refused to pay a ransom.
CU InfoSecurity
Unknown date
Security
The webinar focuses on minimizing outages through reliability and AI-driven API protection. It aims to help credit union compliance officers enhance their cybersecurity measures.
CU InfoSecurity
Unknown date
Security
The webinar focuses on strategies for preventing data breaches and securing cloud environments. Attendees will learn about best practices in cybersecurity to protect against attackers.
CU InfoSecurity
Unknown date
Security
DOGE uploaded sensitive data including Social Security numbers to an outside server; a phishing attack affected 750,000 Canadians.
Also, CIRO Phishing Breach, Ingram Micro Ransomware and CVE Surge This week, DOGE posted sensitive data on an outside server. A phishing attack affected 750,000 Canadians. A hacktivism warning from the U.K. NCSC. An Ingram Micro breach. CVEs surged in 2025. SK Telecom challenged a fine. Researchers disclosed Chainlit flaws. North Korean hackers abused VS Code.
CU InfoSecurity
Unknown date
Security
- South Korea dismantled a $102 million money laundering ring.
- Saga paused SagaEVM after a $7 million exploit, and Makina Finance lost $5 million.
Also: $7M Saga and $5M Makina Finance Exploits This week, South Korea dismantled a $102 million money laundering ring, Saga paused SagaEVM after a $7 million exploit, Makina Finance lost $5 million, a Utah man sentenced to three years for fraud and illegal cash conversion and a software flaw let traders win ethereum transaction auctions for free.
CU InfoSecurity
Unknown date
Security
- A zero-day vulnerability in Cisco's Unified Communications and Webex products allows remote code execution and root-level access.
- Cisco has released emergency patches, but no workarounds exist.
Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System Compromise Attackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.
CU InfoSecurity
Unknown date
Security
Machine identities continue to grow as automation and AI initiatives expand. Lack of governance and visibility create new security vulnerabilities.
CISOs Grapple With AI Blind Spots, Excessive Permissions and Governance Issues Machine identities continue to multiply as organizations push automation, cloud services and AI-driven initiatives deeper into core operations. This rapid growth creates new vulnerabilities, especially when non-human identities lack governance or are completely invisible to security teams.
CU InfoSecurity
Unknown date
Enforcement
Veradigm agreed to pay $10.5 million to settle a hack lawsuit involving a breach affecting more than a dozen healthcare clients and 2.5 million patients; the incident was discovered in mid-2025 after it occurred in December 2024.
Breach Affected More Than a Dozen Healthcare Clients, 2.5M Patients Electronic health records vendor Veradigm agreed to pay $10.5 million to settle consolidated class action litigation involving a December 2024 hacking incident discovered in mid-2025 that affected more than a dozen healthcare provider clients and about 2.5 million of their patients.
CU InfoSecurity
Unknown date
Security
Check Point identifies VoidLink as the first 'advanced' AI-generated malware framework; a single developer created it in less than a week. This challenges assumptions about development timelines for complex malware.
Check Point Identifies VoidLink Framework First 'Advanced' AI-Generated Threat A single developer built a Linux malware framework in less than a week using artificial intelligence, said security researchers. Check Point researchers say this is a case of AI-generated malware reaching operational maturity at a pace that challenges assumptions about development timelines.
CU InfoSecurity
Unknown date
Security
Key points include the importance of balancing AI innovation with robust security practices and the need for ongoing monitoring and adaptation. The webinar also highlighted successful strategies and common pitfalls in implementing AI systems.
CU InfoSecurity
Unknown date
Guidance
The article discusses the benefits of using a unified platform for improving visibility and response in compliance operations. It highlights how such platforms can enhance data management and streamline regulatory reporting processes.