94Articles
8Categories
2025-05-19Date
🚨 CISA KEV 1[−]
19 May KEVCISA Adds Six Known Exploited Vulnerabilities to CatalogCISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation.  CVE-2025-4427 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability CVE-2025-4428 Ivanti Endpoint Manager Mobile (EPMM) Code…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
19 MayGNU C(glibc) Vulnerability Let Attackers Execute Arbitrary Code on Millions of Linux SystemsSecurity researchers have disclosed a significant vulnerability in the GNU C Library (glibc), potentially affecting millions of Linux systems worldwide. The flaw, identified as CVE-2025-4802, involves statically linked setuid binaries that incorrectly search library paths, potent…GBHACKERS.COM
19 MayCritical Firefox 0-Day Flaws Allow Remote Code ExecutionMozilla has urgently patched two critical 0-day vulnerabilities in its popular web browser Firefox, both of which could allow remote attackers to execute malicious code on user systems. The flaws, tracked as CVE-2025-4918 and CVE-2025-4919, were disclosed on May 17, 2025, and are…GBHACKERS.COM
19 MayConfluence Servers Under Attack: Hackers Leverage Vulnerability for RDP Access and Remote Code ExecutionThreat actors exploited a known vulnerability, CVE-2023-22527, a template injection flaw in Atlassian Confluence servers exposed to the internet. This exploit facilitated remote code execution (RCE), enabling attackers to gain initial access and establish a foothold within target…GBHACKERS.COM
19 MayFirefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in RewardsMozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution. The vulnerabilities, both of which were exploited as a zero-day at Pwn2Own Berlin, are liste…THEHACKERNEWS.COM
19 MayActive Exploitation of Ivanti EPMM Zero-Day Vulnerability in the WildSecurity researchers at The Shadowserver Foundation have identified active exploitation attempts targeting a critical zero-day vulnerability in Ivanti’s Enterprise Mobility Management (EPMM) platform. The vulnerability, tracked as CVE-2025-4427, can be chained with CVE-2025…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 27[−]
19 MayPasswortfreie Authentifizierung: So gelingt der Umstieg auf PKIDie zertifikatsbasierte Authentifizierung mit PKI erfolgt via physischen Token statt Passwort. Momentum studio – shutterstock.com Die Bedrohungslage im Cyberraum verschärft sich stetig. Immer mehr Unternehmen sind mit Angriffen konfrontiert – von Phishing-Kampagnen bis hin zu Ran…CSOONLINE.COM
19 MayExploiting dMSA for Advanced Active Directory PersistenceSecurity researchers have identified new methods for achieving persistence in Active Directory environments by exploiting Delegated Managed Service Accounts (dMSAs), a new security feature introduced in Windows Server 2025. Despite being designed to enhance security through autom…GBHACKERS.COM
19 MayOperation RoundPress: Cyber security firm ESET uncovers Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities to spy on Ukrainesubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://web.archive.org/web/20250516121245/https://www.welivesecurity.com/en/eset-research/operation-roundpress Archived In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulne…INFOSEC.PUB
19 MayOperation RoundPress: Cyber security firm ESET uncovers Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities to spy on Ukrainesubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://web.archive.org/web/20250516121245/https://www.welivesecurity.com/en/eset-research/operation-roundpress cross-posted from: lemmy.sdf.org/post/34854863 Archived In Operation RoundPress, the compromise vector i…SH.ITJUST.WORKS
19 May KEV8 security risks overlooked in the rush to implement AIIn their race to achieve productivity gains from generative AI, most organizations overlook the security implications of doing so, instead favoring hopes of game-changing innovations over sound security practices. According to a study from the World Economic Forum conducted in co…CSOONLINE.COM
19 MayHackers Earn Over $1 Million at Pwn2Own Berlin 2025Pwn2Own participants demonstrated exploits against VMs, AI, browsers, servers, containers, and operating systems. The post Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 appeared first on SecurityWeek .SECURITYWEEK.COM
19 MayPwn2Own Day 3: Zero-Day Exploits Windows 11, VMware ESXi, and FirefoxThe Pwn2Own Berlin 2025 last day ended with impressive technological accomplishments, bringing the total prize money over one million dollars. Security researchers demonstrated sophisticated exploitation techniques against high-profile targets including Windows 11, VMware ESXi, a…GBHACKERS.COM
19 MayHackers Exploit RVTools to Deploy Bumblebee Malware on Windows SystemsA reliable VMware environment reporting tool, RVTools, was momentarily infiltrated earlier this week on May 13, 2025, to disseminate the sneaky Bumblebee loader virus, serving as a sobering reminder of the vulnerabilities present in software supply chains. This incident, detected…GBHACKERS.COM
19 MayAirBorne: attacks on devices via Apple AirPlay | Kaspersky official blogThe AirBorne family of vulnerabilities allows attacks on AirPlay-enabled devices – including wormable zero-click exploits.KASPERSKY.COM
19 May⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and MoreCybersecurity leaders aren’t just dealing with attacks—they’re also protecting trust, keeping systems running, and maintaining their organization’s reputation. This week’s developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow.…THEHACKERNEWS.COM
19 MayA spoof antivirus makes Windows Defender disable security scansWindows Defender can be tricked into disabling itself by faking the presence of another antivirus solution–a behavior that threat actors can abuse to run malicious code without detection. In a proof-of-concept, a security researcher known as “es3n1n” demonstrated how the Windows …CSOONLINE.COM
19 MayVMware Hacked As $150,000 Zero-Day Exploit Droppedsubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.forbes.com/sites/daveywinder/2025/05/17/vmware-hacked-as-150000-zero-day-exploit-dropped/INFOSEC.PUB
19 MayMozilla fixes Firefox zero-days exploited at hacking contestMozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition. [...]BLEEPINGCOMPUTER.COM
19 MayHackers earn $1,078,750 for 28 zero-days at Pwn2Own BerlinThe Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning $1,078,750 after exploiting 29 zero-day vulnerabilities and encountering some bug collisions. [...]BLEEPINGCOMPUTER.COM
19 MayThe State of Cybersecurity Readiness for the Next Big Emergency - Bri Frost, David Avi... - ESW #407Segment 1: Fastly Interview In this week's interview segment, we talk to Marshall Erwin about the state of cybersecurity, particularly when it comes to third party risk management, and whether we're ready for the next big SolarWinds or Crowdstrike incident. These big incidents ha…YOUTUBE.COM
19 MayRansomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote AccessSeveral ransomware actors are using a malware called Skitnet as part of their post-exploitation efforts to steal sensitive data and establish remote control over compromised hosts. "Skitnet has been sold on underground forums like RAMP since April 2024," Swiss cybersecurity compa…THEHACKERNEWS.COM
19 MayMY TAKE: Semantics aside, “agentic AI” is already reshaping how we work, think, envision what’s nextStephen Klein didn’t just stir the pot. He lit a fire. Related: Klein’s LinkedIn debate In a sharply worded post that quickly went viral on LinkedIn, the technologist and academic took direct aim at what he called the “hype-as-a-service” business … (more…) The post MY…LASTWATCHDOG.COM
19 MayMicrosoft open-sources Windows Subsystem for Linux at Build 2025Microsoft has open-sourced the Windows Subsystem for Linux (WSL), making its source code available on GitHub, except for a few components that are part of Windows. [...]BLEEPINGCOMPUTER.COM
19 MayMicrosoft extends Zero Trust to secure the agentic workforceAt Microsoft Build 2025, we’re taking important steps to secure the agentic workforce. We are excited to introduce Microsoft Entra Agent ID which extends industry-leading identity management and access capabilities to AI agents. The post Microsoft extends Zero Trust to secure the…MICROSOFT.COM
19 MayRansomware gangs increasingly use Skitnet post-exploitation malwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/ransomware-gangs-increasingly-use-skitnet-post-exploitation-malware/SH.ITJUST.WORKS
19 MayAuth0-PHP Vulnerability Enables Unauthorized Access for AttackersCritical security vulnerability has been discovered in the Auth0-PHP SDK that could potentially allow unauthorized access to applications through brute force attacks on session cookie authentication tags. The vulnerability specifically affects versions 8.0.0-BETA1 and newer of th…GBHACKERS.COM
19 MayRussian APT Exploiting Mail Servers Against Government, Defense Organizationssubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/russian-apt-exploiting-mail-servers-against-government-defense-organizations/SH.ITJUST.WORKS
19 MayFirefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewardssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.htmlSH.ITJUST.WORKS
19 MayHackers Exploit AutoIT Scripts to Deploy Malware Targeting Windows SystemsCybersecurity researchers have unearthed a sophisticated attack leveraging AutoIT, a long-standing scripting language known for its deep integration with Windows operating systems. Often compared to .NET for its persistence in malicious campaigns, AutoIT’s simplicity and ab…GBHACKERS.COM
19 MayCache Timing Techniques Used to Bypass Windows 11 KASLR and Reveal Kernel BaseCache timing side-channel attacks have been used to circumvent Kernel Address Space Layout Randomization (KASLR) on fully updated Windows 11 PCs, which is a startling discovery for cybersecurity aficionados and Windows kernel developers. KASLR, a critical security mechanism, rand…GBHACKERS.COM
19 MayThe Future of Science is... Artificial?The future of scientific research might not be human... In this short, Aaran reacts to Future House’s bold move to release open-source AI tools aimed at accelerating science. Their goal? To create an AI scientist that could push the boundaries of innovation within the next decade…YOUTUBE.COM
19 MayNo Resources Left? Time for Strategic Refusal!When everything is urgent, cybersecurity professionals need to master the art of saying “no.” In this short, Matthew Alderman breaks down the brutal truth: not everything can be a top priority. With limited time, tools, and talent, it’s all about choosing what to defend first — a…YOUTUBE.COM
📋 SECURITY BULLETINS 2[−]
19 MayCISA to Stop Publishing Cybersecurity Alerts and Advisories on WebpagesCybersecurity and Infrastructure Security Agency (CISA) has announced significant changes to how it communicates cybersecurity updates and guidance to stakeholders. In a recent announcement, CISA revealed plans to shift away from listing advisories on its webpage to focus on more…GBHACKERS.COM
19 MayWindows 10 emergency updates fix BitLocker recovery issuesMicrosoft has released out-of-band updates to fix a known issue causing Windows 10 systems to boot into BitLocker recovery after installing the May 2025 security updates. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 4[−]
19 MayHealth Care Data Breach Costs BreachForums Admin $700,000 FineConor Brian Fitzpatrick, the 22-year-old former administrator of cybercrime forum Breachforums, will forfeit approximately $700,000 to settle a civil lawsuit stemming from a healthcare data breach. The settlement marks a rare instance where a cybercriminal’s assets will dir…GBHACKERS.COM
19 MayBotnet Dismantled in International Operation, Russian and Kazakhstani Administrators Indictedsubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.justice.gov/usao-ndok/pr/botnet-dismantled-international-operation-russian-and-kazakhstani-administratorsINFOSEC.PUB
19 MayJapan passed a law allowing preemptive offensive cyber actionssubmitted by kid to cybersecurity 2 points | 0 comments https://securityaffairs.com/178056/laws-and-regulations/japan-passed-a-law-allowing-preemptive-offensive-cyber-actions.htmlSH.ITJUST.WORKS
🔥 INCIDENT REPORTING 15[−]
19 May200,000 Harbin Clinic Patients Impacted by NRS Data BreachHarbin Clinic says the information of over 200,000 patients was stolen in a July 2024 data breach at Nationwide Recovery Services. The post 200,000 Harbin Clinic Patients Impacted by NRS Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
19 MayUK Legal Aid Agency Finds Data Breach Following CyberattackThe UK’s Legal Aid Agency was targeted in a cyberattack in April and it recently determined that hackers have stolen sensitive data. The post UK Legal Aid Agency Finds Data Breach Following Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
19 MayPharma giant Regeneron to buy 23andMe and its customers’ data for $256M23andMe was sold by bankruptcy auction, a year after the company had a massive data breach.TECHCRUNCH.COM
19 MayUK Legal Aid Agency confirms applicant data stolen in data breachThe United Kingdom's Legal Aid Agency (LAA) has confirmed that a recent cyberattack is more serious than first believed, with hackers stealing a large trove of sensitive applicant data in a data breach. [...]BLEEPINGCOMPUTER.COM
19 MayGoogle Reveals Hackers Targeting US Following UK Retailer AttacksThe Google Threat Intelligence Group (GTIG) recently revealed that the well-known hacker collective UNC3944, which also overlaps with the widely publicized Scattered Spider, is a persistent and dynamic cyberthreat. Initially focused on telecommunications for SIM swap operations, …GBHACKERS.COM
19 May$4.8M or a Few Laptops? Why Companies Still GambleMost companies say cybersecurity is a priority… until it’s time to spend money. In this short, cybersecurity experts Jackie McGuire and Jason Wood break down why businesses still choose short-term savings over long-term protection. When the average data breach costs $4.8 million,…YOUTUBE.COM
19 MayCocospy stalkerware apps go offline after data breachThe trio of spyware apps — hacked earlier this year — no longer work.TECHCRUNCH.COM
19 MayHacker Arrested for Taking Over SEC Social Media to Spread False Bitcoin NewsAlabama man has been sentenced to 14 months in prison for orchestrating a sophisticated SIM swap attack that allowed him to hijack the U.S. Securities and Exchange Commission’s (SEC) social media account on X, formerly known as Twitter. The unauthorized access was used to p…GBHACKERS.COM
19 MayRansomware gang INC claims recent attack on South African Airways - Comparitechsubmitted by kid to cybersecurity 1 points | 0 comments https://www.comparitech.com/news/ransomware-gang-inc-claims-recent-attack-on-south-african-airways/SH.ITJUST.WORKS
19 MayRVTools Official Site Hacked to Deliver Bumblebee Malware via Trojanized InstallerThe official site for RVTools has been hacked to serve a compromised installer for the popular VMware environment reporting utility. "Robware.net and RVTools.com are currently offline. We are working expeditiously to restore service and appreciate your patience," the company said…THEHACKERNEWS.COM
19 MayNew Report Finds 67% of Organizations Experienced Cyber Attacks in the Last YearA disturbing 67% of businesses in eight worldwide markets—the US, UK, Spain, the Netherlands, Germany, France, Belgium, and Ireland—reported having experienced cyberattacks in the previous 12 months, according to the 2024 Hiscox Cyber Readiness Report. This marks the fourth conse…GBHACKERS.COM
19 MayArla Foods confirms cyberattack disrupts production, causes delaysArla Foods has confirmed to BleepingComputer that it was targeted by a cyberattack that has disrupted its production operations. [...]BLEEPINGCOMPUTER.COM
19 MayBreachRx Lands $15 Million as Investors Bet on Breach-Workflow SoftwareSan Francisco incident response coordination startup banks $15 million in a Series A funding round led by Ballistic Ventures. The post BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software appeared first on SecurityWeek .SECURITYWEEK.COM
19 MayHave I Been Pwned 2.0 is Now Live!Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite This has been a very long time coming, but finally, after a marathon effort, the brand new Have I Been Pwned website is now live ! Feb …TROYHUNT.COM
19 MayFake KeePass password manager leads to ESXi ransomware attackThreat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 33[−]
19 MayISC Stormcast For Monday, May 19th, 2025 https://isc.sans.edu/podcastdetail/9456, (Mon, May 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 MayRAT Dropped By Two Layers of AutoIT Code, (Mon, May 19th)Like .Net, AutoIT&#;x26;#;x5b; 1 &#;x26;#;x5d; remains a popular language for years in the malware ecosystem. It&#;x26;#;39;s a simple language that can interact with all the components of the Win…ISC.SANS.EDU
19 MayRussian hackers are interested in chaos and money, says NATO cyber defense directorsubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://news.err.ee/1609687160/russian-hackers-are-interested-in-chaos-and-money-says-nato-ccdcoe-director cross-posted from: lemmy.sdf.org/post/34853591 Archived The world is in a cyberwar in every sense except a le…INFOSEC.PUB
19 MayRussian hackers are interested in chaos and money, says NATO cyber defense directorsubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://news.err.ee/1609687160/russian-hackers-are-interested-in-chaos-and-money-says-nato-ccdcoe-director Archived The world is in a cyberwar in every sense except a legal one because no side has declared war, said …SH.ITJUST.WORKS
19 MayPrison Sentence for Man Involved in SEC X Account HackEric Council Jr. was sentenced to prison for hacking SEC’s official X account and publishing fraudulent posts increasing Bitcoin value. The post Prison Sentence for Man Involved in SEC X Account Hack appeared first on SecurityWeek .SECURITYWEEK.COM
19 MayNew ModiLoader Malware Campaign Targets Windows PCs, Harvesting User CredentialsAhnLab Security Intelligence Center (ASEC) has recently uncovered a malicious campaign distributing ModiLoader (also known as DBatLoader) malware through phishing emails. These emails, crafted in Turkish and impersonating a Turkish bank, urge recipients to open a malicious attach…GBHACKERS.COM
19 MaySpiking Neural Networks: Brain-Inspired Chips That Could Keep Your Data SafeNeuromorphic computing is moving from theory to reality, with brain-inspired processors offering real-time intelligence, low power consumption, and built-in privacy—ushering in a new era for edge devices and cybersecurity. The post Spiking Neural Networks: Brain-Inspired Chips Th…SECURITYWEEK.COM
19 MayThe NSA’s “Fifty Years of Mathematical Cryptanalysis (1937–1987)”“ Fifty Years of Mathematical Cryptanalysis (1937-1987) ,” by Glenn F. Stahly, was just declassified—with a lot of redactions—by the NSA. I have not read it yet. If you find anything interesting in the document, please tell us about it in the comments.SCHNEIER.COM
19 May480,000 Catholic Health Patients Impacted by Serviceaide Data LeakServiceaide exposed a database containing personal and medical information belonging to Catholic Health patients. The post 480,000 Catholic Health Patients Impacted by Serviceaide Data Leak appeared first on SecurityWeek .SECURITYWEEK.COM
19 MayHow Scattered Spider TTPs are evolving in 2025submitted by kid to cybersecurity 3 points | 0 comments https://pushsecurity.com/blog/scattered-spider-ttp-evolution-in-2025/SH.ITJUST.WORKS
19 MayThe AI Fix nominated for top podcast award. Vote now!Bloomin' eck! I'm delighted to share with you that "The AI Fix" is up for an award!GRAHAMCLULEY.COM
19 MayMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
19 MayDetecting malicious Unicodesubmitted by cm0002 to cybersecurity 4 points | 0 comments https://daniel.haxx.se/blog/2025/05/16/detecting-malicious-unicode/INFOSEC.PUB
19 MayUSN-7292-1: Dropbear vulnerabilities | Ubuntu security notices | Ubuntusubmitted by cm0002 to cybersecurity 3 points | 0 comments https://ubuntu.com/security/notices/USN-7292-1INFOSEC.PUB
19 MayMassives Datenleck in Cloud-Speichernsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/05/shutterstock_2560922485.jpg?quality=50&strip=all 5771w, https://b2b-contenthub.com/wp-content/uploads/2025/05/shutterstock_2560922485.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
19 MayNew 'Defendnot' tool tricks Windows into disabling Microsoft Defendersubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/microsoft/new-defendnot-tool-tricks-windows-into-disabling-microsoft-defender/SH.ITJUST.WORKS
19 MayYou're Securing Code, Not People… And That’s the Problem.Most dev teams focus on blocking XSS and SQL injection, thinking that’s enough. But in this short, Mike exposes the real danger — ignoring how features can be abused by users to steal data or harm others. Threat modeling isn’t just about securing the code... it’s about protecting…YOUTUBE.COM
19 MayMassive data leak: 200 billion files exposed in cloud bucketssubmitted by kid to cybersecurity 0 points | 0 comments https://cybernews.com/security/misconfigured-cloud-buckets-leaking-200-billion-fil/SH.ITJUST.WORKS
19 MaySkitnet Malware Employs Stealth Techniques to Execute Payload and Maintain Persistence TechniquesA new and highly sophisticated multi-stage malware, known as Skitnet (or Bossnet), has been uncovered, showcasing advanced stealth techniques to execute its malicious payload and maintain persistent access on infected systems. Developed by the threat group LARVA-306, Skitnet has …GBHACKERS.COM
19 MayInvestigating Cobalt Strike Beacons Using Shodan: A Researcher’s GuideSecurity researcher has revealed a robust method for gathering threat intelligence on Cobalt Strike beacons using Shodan and PowerShell, filling the gap left by the popular @cobaltstrikebot Twitter account that went offline in June 2023. The technique allows security professional…GBHACKERS.COM
19 MayVolkswagen Car Hack Exposes Owner’s Personal Data and Service RecordsTech-savvy Volkswagen owner has uncovered critical security flaws in the My Volkswagen app that potentially exposed sensitive personal data and vehicle information of thousands of customers. The vulnerabilities, which have since been patched, allowed anyone with access to a vehic…GBHACKERS.COM
19 MayPrinter Company Procolored Served Infected Software for MonthsProcolored’s public website served dozens of software downloads containing information stealer malware and a backdoor. The post Printer Company Procolored Served Infected Software for Months appeared first on SecurityWeek .SECURITYWEEK.COM
19 MayTop 5 Advances in Unsupervised Learning for Cybersecuritysubmitted by Rackenzik to cybersecurity 2 points | 0 comments https://rackenzik.com/top-5-advances-in-unsupervised-learning-for-cybersecurity/INFOSEC.PUB
19 MayHow Much Do CEOs Really Know About Cyber Risk?When Ben Carr, a seasoned CISO, looked at a report showing only 57% of the C-suite was concerned about cybersecurity, his response was brutally honest. In this short clip, he breaks down why comparing CISOs to the rest of the C-suite misses the point — and why alignment with the …YOUTUBE.COM
19 MayShadow AI Is The New Shadow IT… And It’s WorseShadow AI is slipping into organizations under the radar—just like Shadow IT once did, but with even more risk. In this short, a cybersecurity expert explains how companies are now shifting their focus from trying to stop AI use to simply discovering where it's being used at all.…YOUTUBE.COM
19 MayNew Hannibal Stealer Uses Stealth and Obfuscation to Evade DetectionA newly identified piece of malware, dubbed the “Hannibal Stealer,” has emerged as a significant cybersecurity threat due to its advanced stealth mechanisms and obfuscation techniques designed to bypass modern detection systems. This modular .NET info-stealer and cred…GBHACKERS.COM
19 MayChinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB DrivesAdvanced persistent threat (APT) groups with ties to China have become persistent players in the cyber espionage landscape, with a special emphasis on European governmental and industrial entities, according to a thorough disclosure from ESET’s APT Activity Report for Q4 20…GBHACKERS.COM
19 MayNew Phishing Attack Poses as Zoom Meeting Invites to Steal Login CredentialsA newly identified phishing campaign is targeting unsuspecting users by masquerading as urgent Zoom meeting invitations from colleagues. This deceptive tactic leverages the familiarity and trust associated with workplace communications to lure victims into a trap designed to stea…GBHACKERS.COM
19 MayBeware of Coinbase ScamsI got this Coinbase-related scam in my personal inbox last week.KNOWBE4.COM
19 MayWarning: Phishing Kits Can Auto-Generate Tailored Login PagesCommodity phishing kits are increasingly serving dynamically generated phishing pages, according to researchers at ESET.KNOWBE4.COM
19 MayThe who, where, and how of APT attacks in Q4 2024–Q1 2025ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity ReportWELIVESECURITY.COM
19 MayESET APT Activity Report Q4 2024–Q1 2025An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025WELIVESECURITY.COM
19 MayFake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload ChainWe have detected a new tactic involving fake CAPTCHA pages that trick users into executing harmful commands in Windows. This scheme uses disguised files sent via phishing and other malicious methods.TRENDMICRO.COM
📡 INFOSEC NEWS 7[−]
19 MayWhy CTEM is the Winning Bet for CISOs in 2025Continuous Threat Exposure Management (CTEM) has moved from concept to cornerstone, solidifying its role as a strategic enabler for CISOs. No longer a theoretical framework, CTEM now anchors today’s cybersecurity programs by continuously aligning security efforts with real-world …THEHACKERNEWS.COM
19 MayMicrosoft confirms new "Advanced" Settings for Windows 11At the Build 2025 developer conference, Microsoft announced a new 'Advanced Settings' feature to help users and developers personalize the OS experience. [...]BLEEPINGCOMPUTER.COM
19 MayHow Data Science Can Fix Your CMDB Accuracy!Most companies trust their CMDB, but how accurate is it really? 🤔 When auto-discovery tools like Tenable and Qualys scan your network, they often find surprises—assets that aren’t even listed! 📊 Using a data science approach, comparing CMDB data to real-time discoveries can revea…YOUTUBE.COM
19 MayMicrosoft unveils Windows AI Foundry for AI-powered PC appsMicrosoft is replacing 'Copilot Runtime' with Windows AI Foundry to help developers build, experiment, and reach users with AI experiences in their apps. [...]BLEEPINGCOMPUTER.COM
19 MayThe Dev Security Dilemma: Speed vs. Safety 🚀🔒Mature developers always think about security—but at the same time, they’re under pressure to deliver fast. Can local-first development be the solution? 🤔 In this clip, Dan Moore (@mooreds) breaks down how it gives devs control while balancing security concerns. But is it enough …YOUTUBE.COM
19 MayO2 UK patches bug leaking mobile user location from call metadataA flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. [...]BLEEPINGCOMPUTER.COM
19 MayOpenAI plans to combine multiple models into GPT-5OpenAI is planning to combine multiple products (features or models) into its next foundational model, which is called GPT-5. [...]BLEEPINGCOMPUTER.COM