inionline.net - We're "IN" business to take care of your network, so you can take care of your business!

Blog

CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure

Blog

Moving CVEs past one-nation control

A near-miss episode of attempted defunding spotlights a need for a better way

Blog

Android Phones Pre-Downloaded With Malware Target User Crypto Wallets

The threat actors lace pre-downloaded applications with malware to steal cryptocurrency by covertly swapping users’ wallet addresses with their own.

Blog

Dogged by Trump, Chris Krebs Resigns from SentinelOne

The president revoked the former CISA director’s security clearance, half a decade after Krebs challenged right-wing election disinformation, prompting his eventual resignation.

Blog

PromptArmor Launches to Help Assess, Monitor Third-Party AI Risks

The AI security startup has already made waves with critical vulnerability discoveries and seeks to address emerging AI concerns with its PromptArmor platform.

Blog

CVE Program Cuts Send the Cyber Sector Into Panic Mode

After threatening to slash support for the CVE program, CISA threw MITRE a lifeline at the last minute — extending its government contract for another 11 months. After that, it looks like it’s up to the private sector to find the cash to keep it going.

Blog

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a…

Blog

Cybersecurity by Design: When Humans Meet Technology

If security tools are challenging to use, people will look for workarounds to get around the restrictions.

Blog

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater),

Blog

Artificial Intelligence – What’s all the fuss?

Talking about AI: Definitions Artificial Intelligence (AI) — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning (ML) and Deep Learning. Machine