CISA Names Karen Evans as Executive Assistant Director for Cybersecurity
The Cybersecurity and Infrastructure Security Agency (CISA) has appointed Karen Evans as the executive assistant director for cybersecurity.
Evans, a former assistant secretary for cybersecurity at the Department of Energy, will lead CISA’s efforts in critical infrastructure protection and cyber resilience. She previously served as CIO of the Department of Homeland Security (DHS) and managing director of the Cyber Readiness Institute before joining CISA in January 2025.
DragonForce Ransomware Hits Saudi Firm, 6TB of Data Leaked
A Riyadh-based real estate and construction company has fallen victim to a ransomware attack by DragonForce, resulting in the theft of 6TB of sensitive data.
The attackers initially set a February 27 ransom deadline, one day before the start of Ramadan, but upon non-compliance, published the stolen data on a dedicated leak site (DLS).
DragonForce operates as a Ransomware-as-a-Service (RaaS) group, equipping cybercriminals with attack tools in exchange for a share of ransom payments. Their leak platform also employs advanced CAPTCHA mechanisms to evade security firms.
XSS Vulnerability in Popular Framework Hijacks 350+ Websites
A critical cross-site scripting (XSS) flaw in the Krpano framework, widely used for 360° virtual tours, has led to the compromise of over 350 websites.
Security researcher Oleg Zaytsev uncovered the attack, dubbed “360XSS”, after spotting a malicious ad on Google Search linked to a Yale University subdomain.
Hackers exploited the vulnerability to inject malicious scripts, manipulate search engine results, and spread spam advertisements. The flaw originates from improper handling of XML parameters in URLs within Krpano.
