🔊CyberGon

The US Treasury’s OCC disclosed an undetected major email breach for over a year ift.tt/MVDjNRG

While there are many shells, the GNU Bourne-Again Shell (Bash) is a powerful work environment and scripting engine. A competent security professional skillfully leverages Bash scripting to streamline and automate many Linux tasks and procedures.

Shell Scripting Series - Part I The shell is a command interpreter, insulating the operating system kernel from the user. But it is also a powerful programming language. A shell program, called a script, is an easy-to-use tool for building applications.

When not to use shell scripts /4 9. Where you need direct access to system hardware or external peripherals 10. Where you need to perform port or socket input/output operations 11. Where you need to use libraries or interface with legacy code. Credit: Mendel Cooper.

Shell scripts also allow automation of repetitive tasks that do not require the bells and whistles of a full-blown programming language such as python.

When not to use shell scripts /3 6. For project consisting of subcomponents with interlocking dependencies 7. Where extensive file operations are required 8. Where you need to generate / manipulate graphics or GUIs

When not to use shell scripts /2 4. For complex applications, where structured programming is a necessity (type-checking of variables, function prototypes, etc.) 5. For situations where security is important, where you need to guarantee the integrity of your system

When not to use shell scripts /1 1. For resource-intensive tasks, especially where speed is a factor (e.g., sorting, hashing, recursion) 2. For procedures involving heavy-duty math operations 3. When cross-platform portability is required (use C or Java instead)

How SOCs Triage Incidents in Seconds with Threat Intelligence cybersecuritynews.com/how-socs-triag…

✨ Red Canary ➕ @zscaler Today we are announcing Zscaler’s agreement to acquire Red Canary. It’s a major milestone in our journey. This is a significant step forward in our mission to improve security operations, not just for our customers, but for the entire cybersecurity community. 🧵⬇️

Microsoft’s April update patches 126 flaws—but CVE-2025-29824, already exploited in ransomware attacks, has no fix for Windows 10. 🔗 More details: thehackernews.com/2025/04/micros… CISA demands federal agencies patch by April 29.

⚡️ New Malware Alert! Chinese-linked ToddyCat exploited an ESET flaw (CVE-2024-11859) to drop new malware TCESB — bypassing defenses and hijacking devices. Update now | Stay alert. Details 👉thehackernews.com/2025/04/new-tc…

Non-human identities (NHIs) are exploding — and leaking secrets faster than ever. In 2024: • 23.77M secrets leaked on GitHub (+25%) • NHIs outnumber humans 45-to-1 • 70% of leaked secrets still active • Private repos = 8x more leaks than public • Copilot = 40% more leaks • Docker Hub = 100K+ valid secrets exposed The attack surface is out of control. Secrets management must evolve—fast. 🔎 Full 2025 Report: thehackernews.com/2025/04/explos…

Police detains Smokeloader malware customers, seizes servers Read More (bleepingcomputer.com/news/security/…)

#subcat SubCat is a subdomain discovery tool that passively aggregates data from a variety of online sources to identify valid subdomains for websites. Designed with a modular and efficient architecture, SubCat is ideal for penetration testers, bug bounty hunters, and security researchers. check it out at: github.com/duty1g/subcat

Google Pays Out Nearly $12M in 2024 Bug Bounty Program ift.tt/MEDITBN

Multiple vulnerabilities found in ICONICS industrial SCADA software ift.tt/r6JF0WH

#ddos #X_attack X hit by ‘massive cyberattack’ amid Dark Storm’s DDoS claims ift.tt/JrNURIz

Cybercriminals picked up the pace on attacks last year ift.tt/90knzPO