Paul Shread

Baltimore

International Editor, The Cyber Express at The Cyber Express by Cyble

Featured in: Favicon

technologyadvice.com Favicon

channelinsider.com Favicon

time.com

bostonglobe.com Favicon

serverwatch.com Favicon

webopedia.com Favicon

internetnews.com Favicon

esecurityplanet.com Favicon

enterprisenetworkingplanet.com Favicon

thecyberexpress.com + 2 more

Articles

SafePay, DevMan Emerge As Major Ransomware Threats

3 weeks ago | thecyberexpress.com | Paul Shread

SafePay’s journey to the top of the ransomware leaderboard was a quick one. The SafePay ransomware group first emerged in the fall of 2024, and last month took the top spot among ransomware groups in the number of victims claimed on their data leak site, according to a Cyble blog post published today. Cyble reported that ransomware groups claimed 384 victims in May, a number that may rise somewhat as all data is processed.
Victoria’s Secret Website Down After Security Incident

4 weeks ago | thecyberexpress.com | Paul Shread

The U.S. website of Victoria’s Secret is down after an unspecified security incident, the latest in a series of cyber incidents hitting retailers. A status message on the Victoria’s Secret website says the company “identified and are taking steps to address a security incident. We have taken down our website and some in store services as a precaution. Our team is working around the clock to fully restore operations.”Victoria’s Secret and PINK stores remain open, the status message reads.
Post-Quantum Cryptography Migration Should Start Now

1 month ago | thecyberexpress.com | Paul Shread

As estimates of the quantum computing power needed to crack current public key encryption algorithms continue to drop, a group of technology companies and organizations is urging users to begin migrating toward post-quantum cryptographic standards now. To help organizations with the transition to post-quantum cryptography, the Post-Quantum Cryptography Coalition (PQCC) released a migration roadmap today to guide companies through the phases of that journey.
New Russian Cyber Threat ‘Laundry Bear’ Hits Western Targets

1 month ago | thecyberexpress.com | Paul Shread

Dutch intelligence officials and Microsoft warned today of a new Russian threat actor targeting Western organizations in what appears to be a military and high-tech espionage campaign. The new threat group – called Laundry Bear by the Dutch and Void Blizzard by Microsoft – was the subject of separate advisories today.
FBI Warns About Silent Ransom Group Targeting Law Firms

1 month ago | thecyberexpress.com | Paul Shread

The FBI is warning that a threat group is using IT-themed social engineering calls and callback phishing emails to gain remote access to systems and steal sensitive data. The Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, will then use the stolen data to extort the law firms, the advisory from the FBI’s Cyber Division said.
Versa Patches 3 Concerto SD-WAN Vulnerabilities, Including a Perfect 10.0

1 month ago | thecyberexpress.com | Paul Shread

Versa Networks has patched three vulnerabilities in its Concerto network security and SD-WAN orchestration platform, including one that scored a 10.0, the highest possible severity rating. The Versa Concerto vulnerabilities were revealed by Project Discovery in a blog post earlier this week, which said Versa hadn’t responded to the researchers’ disclosures that were first made in February. The researchers said they had “not received any response or indication of a forthcoming patch.
Commvault Nation-State Campaign Could Be Part of Broader SaaS Threat: CISA

1 month ago | thecyberexpress.com | Paul Shread

Nation-state threat actors targeting Commvault applications hosted in Microsoft Azure may be part of a broader campaign targeting Software-as-a-Service (SaaS) applications, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned in an advisory this week.
Active Directory DMSA Attack Detailed By Researchers

1 month ago | thecyberexpress.com | Paul Shread

The delegated Managed Service Account (dMSA) feature was introduced in Windows Server 2025 as a secure replacement for legacy service accounts and to prevent credential attacks like Kerberoasting, but an Akamai researcher discovered a privilege escalation vulnerability in dMSA that could allow an attacker to compromise any user in Active Directory (AD).
CISA, NIST Researchers Develop Metric to Determine Likelihood of Vulnerability Exploitation

1 month ago | thecyberexpress.com | Paul Shread

Researchers from the U.S. National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) have developed a new security metric to determine the likelihood that a vulnerability has been exploited.
NHS Charter Urges Vendors To Improve Cybersecurity

1 month ago | thecyberexpress.com | Paul Shread

The UK’s National Health Service (NHS) is asking its IT suppliers to commit to better cybersecurity by signing a public charter. In a May 15 open letter to suppliers, top UK and NHS cyber officials urged suppliers to sign the NHS charter and pledge to adopt cybersecurity best practices that could help address a wave of crippling ransomware attacks that have hit NHS hospitals and healthcare facilities. A self-assessment form will be launched in the fall allowing suppliers to sign the NHS charter.