🐛 COMMON VULNERABILITIES AND EXPOSURES 9[−]
21 MayCritical VMware ESXi & vCenter Flaw Allows Remote Execution of Arbitrary CommandsVMware by Broadcom has released critical security updates to address multiple severe vulnerabilities affecting its virtualization products, with evidence suggesting active exploitation in the wild. The vulnerabilities, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226…GBHACKERS.COM
21 MayCritical Vulnerability in Palo Alto GlobalProtect Gateway & Portal Enables Remote Code ExecutionPalo Alto Networks has assigned the vulnerability a LOW severity rating but urges administrators to apply patches by upgrading to fixed PAN-OS versions, with timelines extending through August 2025. Reflected cross-site scripting (XSS) vulnerability in Palo Alto Network…GBHACKERS.COM
21 MayCritical OpenPGP.js Vulnerability Allows SpoofingAn OpenPGP.js vulnerability tracked as CVE-2025-47934 allows message signature verification to be spoofed. The post Critical OpenPGP.js Vulnerability Allows Spoofing appeared first on SecurityWeek .SECURITYWEEK.COM
21 MayIvanti EPMM 0-Day RCE Vulnerability Under Active AttackIvanti’s Endpoint Manager Mobile (EPMM) contains a critical vulnerability chain that has been actively abused. The vulnerabilities, initially disclosed by Ivanti on March 13th, 2025, combine an authentication bypass (CVE-2025-4427) and a remote code execution flaw (CVE-2025…GBHACKERS.COM
21 MayPowerDNS Vulnerability Allows Attackers to Trigger DoS Attacks Through Malicious TCP ConnectionsPowerDNS has released a critical security update to address a vulnerability in its DNSdist load balancer that could allow remote attackers to trigger denial of service attacks without authentication. The issue, tracked as CVE-2025-30193, was patched in version 1.9.10 released on …GBHACKERS.COM
21 MayCritical flaw in OpenPGP.js raises alarms for encrypted email servicesA newly discovered flaw in OpenPGP.js, a JavaScript cryptography library used by services like Proton Mail, could allow attackers to spoof messages that appear securely signed and encrypted, security researchers said. The flaw, identified as CVE-2025-47934 and assigned a critical…CSOONLINE.COM
21 MayCritical Flaw Allows Remote Hacking of AutomationDirect Industrial GatewayMore than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535. The post Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway appeared first on SecurityWeek .SECURITYWEEK.COM
21 MayBadSuccessor: Unpatched Microsoft Active Directory attack enables domain takeoverResearchers have discovered a new attack path in Active Directory (AD) environments that use Windows Server 2025 in default configuration. By exploiting the weakness, attackers can compromise any user in the environment leading to a full domain compromise. “This issue likely affe…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 42[−]
21 MayPoor DNS hygiene is leading to domain hijacking: ReportThreat actors continue to find ways of hijacking domains thanks to poor DNS record-keeping and misconfigurations by administrators, a hole that CSOs have to plug or risk financial or reputational damage to their organizations. The latest example of the risk came in a report today…CSOONLINE.COM
21 MaySoftware Bill of Material umsetzen: Die besten SBOM-ToolsNur wenn Sie wissen, was drinsteckt, können Sie sich sicher sein, dass alles mit rechten Dingen zugeht. Das gilt für Fast Food wie für Software. Foto: Geka – shutterstock.com Um Software abzusichern, muss man wissen, was in ihrem Code steckt. Aus diesem Grund ist eine Software Bi…CSOONLINE.COM
21 MayThreat intelligence platform buyer’s guide: Top vendors, selection adviceThe bedrock of a solid enterprise security program begins with the choice of an appropriate threat intelligence platform (TIP) and how to use this to design the rest of your program. Without the TIP most security departments have no way to integrate the various component tools an…CSOONLINE.COM
21 MayHazy Hawk Targets DNS Vulnerabilities to Hijack Cloud Resources and Spread MalwareThe threat actor gained attention in February 2025 after successfully hijacking a subdomain of the U.S. Centers for Disease Control and Prevention (CDC). Sophisticated threat actor dubbed “Hazy Hawk” has been exploiting DNS misconfigurations since at least December 20…GBHACKERS.COM
21 MayAttaxion Leads the Way as First EASM Platform to Integrate ENISA’s EU Vulnerability Database (EUVD)Attaxion, the external attack surface management (EASM) vendor with industry-leading asset coverage, announces the integration of the European Vulnerability Database (EUVD) into its platform. Operated by the European Union Agency for Cybersecurity (ENISA), the EUVD is a…GBHACKERS.COM
21 MayRansomware Attack Forces Kettering Health to Cancel ProceduresKettering Health has canceled inpatient and outpatient procedures as it deals with a system-wide outage caused by a ransomware attack. The post Ransomware Attack Forces Kettering Health to Cancel Procedures appeared first on SecurityWeek .SECURITYWEEK.COM
21 MayKettering Health Experiences System-Wide Outage Due to Ransomware AttackKettering Health, a major healthcare provider, has been hit by what appears to be a ransomware attack causing a system-wide technology outage that has severely limited access to critical patient care systems. The attack, which began early Tuesday, May 20, has forced the organizat…GBHACKERS.COM
21 MayCritical Vulnerability in Lexmark Printers Enables Remote Code ExecutionSecurity researchers from DEVCORE discovered the vulnerability through Trend Micro’s Zero Day Initiative (ZDI), marking the third major printer firmware flaw disclosed in 2025 following similar incidents affecting HP and Canon devices. Critical security vulnerability affecting ov…GBHACKERS.COM
21 MayCybercriminals Could Leverage Google Cloud Platform for Malicious ActivitiesA Research by Tenable and Cisco Talos has shed light on a critical vulnerability in Google Cloud Platform’s (GCP) Cloud Functions and Cloud Build services, revealing a potential attack vector for cybercriminals. According to Tenable, the default Cloud Build Service Account …GBHACKERS.COM
21 MayMalicious Hackers Create Fake AI Tool to Exploit Millions of UsersA concerning development in the field of cybersecurity is the initiation of a sophisticated campaign by hostile actors posing as Kling AI, a well-known AI-powered picture and video synthesis platform that has amassed 6 million users since its June 2024 launch. According to the Re…GBHACKERS.COM
21 MayAtlassian Alerts Users to Multiple Critical Vulnerabilities Affecting Data Center ServerAtlassian has released its May 2025 Security Bulletin addressing eight high-severity vulnerabilities affecting multiple enterprise products in its Data Center and Server offerings. The vulnerabilities, discovered through Atlassian’s Bug Bounty program, penetration testing p…GBHACKERS.COM
21 MayCISO Cheat Sheet, as Role Evolves and vCISO is Viable, Cobalt Strike and Resilience - ... - BSW #396In the leadership and communications section, Why Every CISO Should Be Gunning For A Seat At The Board Table, The Innovation We Need is Strategic, Not Technical , The Best Leaders Ask the Right Questions, and more! This segment is sponsored by Fortra. Visit https://securityweekly…YOUTUBE.COM
21 MayWiz Warns of Ongoing Exploitation of Recent Ivanti VulnerabilitiesWiz warns that threat actors are chaining two recent Ivanti vulnerabilities to achieve unauthenticated remote code execution. The post Wiz Warns of Ongoing Exploitation of Recent Ivanti Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
21 MayOver 100 Malicious Chrome Extensions Exploiting Users to Steal Login Credentials and Execute Remote CodeCybersecurity researchers have uncovered a sprawling network of over 100 malicious Chrome extensions actively exploiting unsuspecting users. These extensions, masquerading as legitimate tools for productivity, ad-blocking, and browsing enhancement, are designed with nefarious int…GBHACKERS.COM
21 MayGitHub package limit put law firm in security bindA $1 billion law firm last week learned a critical cybersecurity lesson: Even something as innocuous as the ceiling on the number of packages allowed in GitHub can increase an enterprise’s threat profile by undercutting the least privilege principle. When the problem was initiall…CSOONLINE.COM
21 MayMore AIs Are Taking Polls and SurveysI already knew about the declining response rate for polls and surveys. The percentage of AI bots that respond to surveys is also increasing. Solutions are hard: 1. Make surveys less boring. We need to move past bland, grid-filled surveys and start designing experiences people ac…SCHNEIER.COM
21 MayKettering Health hit by system-wide outage after ransomware attackKettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage. [...]BLEEPINGCOMPUTER.COM
21 MaySideWinder APT Hackers Exploits Legacy Office Vulnerabilities to Deploy Malware UndetectedThe Acronis Threat Research Unit (TRU) has revealed an advanced campaign believed to be orchestrated by the SideWinder advanced persistent threat (APT) group. This operation, running through early 2025, has primarily targeted high-value government and military institutions across…GBHACKERS.COM
21 MayTrust becomes an attack vector in the new campaign using trojanized KeePassA known crew of cybercriminals has weaponized the widely used, open-source KeePass password manager with malware to steal passwords and lock down computers for ransom. Victims were tricked through Bing advertisements to install the trojanized software, KeeLoader, only to have the…CSOONLINE.COM
21 MayVanHelsing Ransomware Builder Exposed on Hacker ForumsThe cybersecurity landscape reveal that the VanHelsing ransomware operation has experienced a significant security breach with its source code being leaked publicly. According to security researchers, this leak occurred after an internal dispute with a former developer who attemp…GBHACKERS.COM
21 MayIBM Warns: One-Third of Cyber Attacks Use Advanced Tactics to Steal Login CredentialsIBM X-Force’s 2024 cybersecurity report, nearly one-third of cyber intrusions now rely on identity-based attacks, exploiting valid login credentials to breach systems. This alarming trend, continuing for the second consecutive year, highlights a shift in threat actor strate…GBHACKERS.COM
21 MayNews alert: Attaxion integrates its EASM Platform with ENISA’s EU Vulnerability Database (EUVD)Dover, Del., May 21, 2025, CyberNewswire — Attaxion , the external attack surface management (EASM) vendor with industry-leading asset coverage, announces the integration of the European Vulnerability Database (EUVD) into its platform. Operated by the European Union Agency …LASTWATCHDOG.COM
21 MayRansomware-Bande BlackBasta hat neuen Malware-FavoritenDie BlackBasta -Bande scheint ihr Repertoire um eine neue, modulare Malware erweitert zu haben. In einem LinkedIn-Post gaben Forscher des Cybersicherheitsunternehmens Prodaft an, dass die berüchtigte Gruppe die Schadsoftware Skitnet in Phishing-Angriffen auf Microsoft Teams einge…CSOONLINE.COM
21 MayDragonForce targets rivals in a play for dominanceNot content with attacking retailers, this aggressive group is fighting a turf war with other ransomware operatorsSOPHOS.COM
21 MayRussian GRU Cyber Actors Targeting Western Logistics Entities and Tech CompaniesToday, CISA, the National Security Agency, the Federal Bureau of Investigation, and other U.S. and international partners released a joint Cybersecurity Advisory, Russian GRU Targeting Western Logistics Entities and Technology Companies . This advisory details a Russian st…CISA.GOV
21 MayNews alert: DataHub secures $35M Series B to enable AI to safely manage and use dataPalo Alto, Calif., May 21, 2025 – DataHub, by Acryl Data, the leading open source metadata platform, today announced it has raised $35 million in Series B funding led by Bessemer Venture Partners. This latest round brings the company’s total … (more…) The post News al…LASTWATCHDOG.COM
21 MayCoinbase Says Rogue Contractor Data Breach Affects 69,461 UsersWhen Coinbase said last week that it had refused to pay a $20 million ransom tied to an insider leak, the company estimated the data theft touched “less than one percent” of monthly transacting users. A mandatory filing to the Maine Attorney General now pins the number at 69,461 …SECURITYWEEK.COM
21 MayThis Dog Pulled a Full Adversarial Simulation—And WonAn 8-pound dachshund survived 540 days alone on Kangaroo Island—home to venomous snakes and predators. When they found her, she wasn’t just alive… she was stronger. This short draws a parallel between the resilience of this tiny dog and the mindset cybersecurity professionals nee…YOUTUBE.COM
21 MayThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability WindowsPatching is basic cyber hygiene — but executing it at scale, securely, and fast? That's the real challenge. ThreatLocker's Patch Management flips the script with control, visibility, and Zero Trust workflows built for today's threat landscape. [...]BLEEPINGCOMPUTER.COM
21 MayWindows 11 Introduces Enhanced Administrator Protection to Strengthen Security Against Elevated Privilege AttacksMicrosoft has unveiled Administrator Protection, a groundbreaking security feature for Windows 11 designed to safeguard systems against privilege escalation attacks. This new capability creates a security boundary around administrative operations, significantly reducing the attac…GBHACKERS.COM
21 May71 Fake Websites Impersonating German Retailer to Steal Payment InformationRecorded Future Payment Fraud Intelligence has uncovered a sprawling network of 71 fraudulent e-commerce domains designed to impersonate a prominent German international discount retailer, with lidlorg[.]com identified as the central node of this scam operation. First detected on…GBHACKERS.COM
21 MayPupkinStealer Exploits Web Browser Passwords and App Tokens to Exfiltrate Data Through TelegramA newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some reports), has surfaced as a significant cyber threat, targeting sensitive data such as web browser passwords and application session tokens. First observed in th…GBHACKERS.COM
21 MayRussian State-Sponsored Threat Actors is Targeting Western Logistics Entities and Technology Companies.submitted by Pro to cybersecurity 3 points | 0 comments https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. T…INFOSEC.PUB
21 MayDocker Zombie Malware Infects Containers for Crypto Mining and Self-ReplicationA novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to spread malicious containers and mine Dero cryptocurrency. Dubbed a “Docker zombie outbreak” by cybersecurity researchers at Kaspersky, this attack leverages …GBHACKERS.COM
21 MayLumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealerOver the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries. Microsoft, partnering with others across i…MICROSOFT.COM
21 MayRussia to enforce location tracking app on all foreigners in MoscowThe Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. [...]BLEEPINGCOMPUTER.COM
21 MayWyden: AT&T, T-Mobile, and Verizon weren’t notifying senators of surveillance requestsSen. Ron Wyden said in a letter that one U.S. phone carrier turned over Senate data to law enforcement without notifying the target.TECHCRUNCH.COM
21 MayRussian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid LogisticsRussian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to …THEHACKERNEWS.COM
21 MayCrawl-O-Matic Was THIS Close to Exploding WordPress 🔥A critical remote code execution flaw was just patched in Crawl-O-Matic — a WordPress plugin designed to scrape content like weather reports, job listings, and news. Created by Code Revolution and sold over 1,100 times, this plugin had a type validation error that let attackers p…YOUTUBE.COM
21 MayCritical Samlify SSO flaw lets attackers log in as adminA critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. [...]BLEEPINGCOMPUTER.COM
21 MayESET takes part in global operation to disrupt Lumma StealerOur intense monitoring of tens of thousands of malicious samples helped this global disruption operationWELIVESECURITY.COM
21 MayRisky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers nowOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: TeleMessage memory dumps show up on DDoSecrets Coinbase contractor bribed to hand over user data Telegram does seem to be actually cooperating with law enforcement Britain’s legal aid service…RISKY.BIZ
📋 SECURITY BULLETINS 1[−]
21 MayMicrosoft Emergency Patch, Pwn2Own Berlin 2025 Highlights, and Emerging Cybersecurity ThreatsIn this episode of 'Cybersecurity Today,' host Jim Love discusses several urgent cybersecurity topics. Microsoft has released an emergency patch after a recent Windows update caused BitLocker recovery mode on certain systems, locking users out without warning. The issue stems fro…CYBERSECURITYTODAY.LIBSYN.COM
📢 SECURITY ADVISORIES 10[−]
21 MayJoint advisory on Russian cyber campaign targeting logistics providers and IT companiesCYBER.GC.CA
21 Mayhttps://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141asubmitted by Pro to security 2 points | 0 comments https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141aPROGRAMMING.DEV
21 MayRussian State-Sponsored Threat Actors is Targeting Western Logistics Entities and Technology Companies.submitted by Pro to cybersecurity 2 points | 0 comments https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141aSH.ITJUST.WORKS
21 MayThreat Actors Target U.S. Critical Infrastructure with LummaC2 MalwareToday, CISA and the Federal Bureau of Investigation released a joint Cybersecurity Advisory, LummaC2 Malware Targeting U.S. Critical Infrastructure Sectors . This advisory details the tactics, techniques, and procedures, and indicators of compromise (IOCs) linked to threat actors…CISA.GOV
21 MayThreat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizationssubmitted by Pro to cybersecurity 1 points | 0 comments https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141bINFOSEC.PUB
21 MayThreat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizationssubmitted by Pro to security 1 points | 0 comments https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141bPROGRAMMING.DEV
21 MayThreat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizationssubmitted by Pro to cybersecurity 1 points | 0 comments https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141bSH.ITJUST.WORKS
21 MayCISA Says Russian Hackers Targeting Western Supply-Lines to UkraineRussian military intelligence hackers intensify targeting of Western logistics and technology companies moving supplies into Ukraine. The post CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine appeared first on SecurityWeek .SECURITYWEEK.COM
🔥 INCIDENT REPORTING 21[−]
21 MayGoogle Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In ManagerGoogle has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user's password when it detects the credentials to be compromised. "When Chrome detects a compromised password during sign in, Google Password Manager prompts t…THEHACKERNEWS.COM
21 MayCoinbase says recent data breach impacts 69,461 customersCoinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals [...]BLEEPINGCOMPUTER.COM
21 MayVirtual Event Today: Threat Detection & Incident Response (TDIR) SummitSecurityWeek’s 2025 Threat Detection & Incident Response (TDIR) Summit takes place as a virtual summit on Wednesday, May 21st. The post Virtual Event Today: Threat Detection & Incident Response (TDIR) Summit appeared first on SecurityWeek .SECURITYWEEK.COM
21 MayMarks & Spencer faces $402 million profit hit after cyberattackBritish retailer giant Marks & Spencer (M&S) is bracing for a potential profit hit of up to £300 million £300 million ($402 million) following a recent cyberattack that led to widespread operational and sales disruptions. [...]BLEEPINGCOMPUTER.COM
21 MayCellcom Service Disruption Caused by CyberattackWireless carrier Cellcom has confirmed that a week-long widespread service outage is the result of a cyberattack. The post Cellcom Service Disruption Caused by Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
21 MayLockBit Internal Data Leak Reveals Payload Creation Methods and Ransom DemandsThe notorious ransomware group LockBit inadvertently suffered a major data breach, exposing the inner workings of their ransomware-as-a-service (RaaS) operations. This leak, which surfaced on the internet after remaining undetected for months, has offered invaluable insights into…GBHACKERS.COM
21 MayUS Student to Plead Guilty Over PowerSchool HackMatthew Lane allegedly hacked PowerSchool using stolen credentials and admitted to extorting a telecoms provider. The post US Student to Plead Guilty Over PowerSchool Hack appeared first on SecurityWeek .SECURITYWEEK.COM
21 MayCellcom Confirms Cybersecurity Breach After Network FailureCellcom/Nsight has officially confirmed a cyberattack as the cause of a five-day service disruption affecting customers across its network. In an official statement released today, company leadership acknowledged the incident while assuring customers that sensitive personal infor…GBHACKERS.COM
21 MayHow to Detect Phishing Attacks Faster: Tycoon2FA ExampleIt takes just one email to compromise an entire system. A single well-crafted message can bypass filters, trick employees, and give attackers the access they need. Left undetected, these threats can lead to credential theft, unauthorized access, and even full-scale breaches. As p…THEHACKERNEWS.COM
21 May19-Year-Old Hacker Admits Guilt in Major Cyberattack on PowerSchoolMassachusetts college student stands accused of orchestrating a sweeping cyberattack on PowerSchool, a widely used educational software provider, resulting in the theft of confidential data from millions of students and teachers. The accused, Matthew D. Lane, age 19, has agreed t…GBHACKERS.COM
21 MayCoinbase says its data breach affects at least 69,000 customersThe crypto giant said the unauthorized access to customer data dates back to late December 2024.TECHCRUNCH.COM
21 MayCyberangriff auf Arla DeutschlandDas deutsche Arla-Werk in Upahl wurde von Cyberkriminellen angegriffen. Arla Foods Deutschland Arla Foods mit Hauptsitz in Dänemark zählt weltweit zu den größten Molkereien. Berichten zufolge haben Cyberkriminelle die IT des Unternehmens in Deutschland angegriffen. „Vor einigen T…CSOONLINE.COM
21 MayEuropean Union sanctions Stark Industries for enabling cyberattacksThe European Union has imposed strict sanctions against web-hosting provider Stark Industries and the two individuals running it, CEO Iurie Neculiti and owner Ivan Neculiti, for enabling "destabilising activities" against the Union. [...]BLEEPINGCOMPUTER.COM
21 MayUS student agrees to plead guilty to hack affecting tens of millions of studentsProsecutors say the hacker stole information on 60 million students, an incident that matches the data breach at PowerSchool.TECHCRUNCH.COM
21 MayNew Scan Uncovers 150K Industrial Systems Worldwide Vulnerable to CyberattacksA groundbreaking study leveraging advanced application-layer scanning has exposed approximately 150,000 industrial control systems (ICS) worldwide that are directly accessible on the public internet, posing severe risks of catastrophic cyberattacks. Conducted over a year from Jan…GBHACKERS.COM
21 May3AM ransomware uses spoofed IT calls, email bombing to breach networksA 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. [...]BLEEPINGCOMPUTER.COM
21 MayThe Pharmacist Behind 2 Billion Deepfakes 😳A hospital pharmacist living outside Toronto has been exposed as the mastermind behind Mr. Deepfakes — the world’s largest non-consensual deepfake porn site. With over 70,000 AI-generated videos featuring celebrities, influencers, and private individuals, the platform has shocked…YOUTUBE.COM
21 MayM&S says it will respond to April cyberattack by accelerating digital transformation plansWeeks after suffering one of the most disruptive cyberattacks in UK history, UK retailer Marks & Spencer (M&S) said it will respond by accelerating a planned two-year overhaul of its digital operations to bring it to completion in only six months. Given that the company e…CIO.COM
21 MayVeracode Just Found Something Terrifying in Google CalendarCybersecurity pros won't believe this one... Veracode uncovered a shocking technique where hackers used Google Calendar and Unicode steganography to hide malicious code inside invisible characters. It's a clever attack that went unnoticed and could easily bypass casual inspection…YOUTUBE.COM
21 MayRussian hackers breach orgs to track aid routes to UkraineA Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. [...]BLEEPINGCOMPUTER.COM
21 MaySmashing Security podcast #418: Grid failures, Instagram scams, and Legal Aid leaksIn this week’s episode, Graham investigates the mysterious Iberian Peninsula blackout (aliens? toaster? cyberattack?), Carole dives in the UK legal aid hack that exposed deeply personal data of society's most vulnerable, and Dinah Davis recounts how Instagram scammers hijacked he…GRAHAMCLULEY.COM
🕵️ THREAT INTELLIGENCE 16[−]
21 MayCSO30 Australia Awards 2025: Nominations now openNominations are officially open for the 2025 CSO30 Australia Awards , celebrating the country’s most effective and inspiring cybersecurity leaders. This year’s CSO30 Awards will once again be held alongside the CIO50 Awards, bringing together the nation’s top technology and secur…CSOONLINE.COM
21 MayISC Stormcast For Wednesday, May 21st, 2025 https://isc.sans.edu/podcastdetail/9460, (Wed, May 21st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
21 MayNew Phishing Attack Uses AES & Malicious npm Packages to Office 365 Login CredentialsFortra’s Suspicious Email Analysis (SEA) team uncovered a highly sophisticated phishing campaign targeting Microsoft Office 365 (O365) credentials. Unlike typical phishing attempts, this attack stood out due to its intricate use of modern technologies and developer infrastructure…GBHACKERS.COM
21 MayUp to 25% of Internet-Exposed ICS Are Honeypots: ResearchersMany of the industrial control system (ICS) instances seen in internet scanning are likely or possibly honeypots, not real devices. The post Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers appeared first on SecurityWeek .SECURITYWEEK.COM
21 MayGoogle DeepMind Unveils Defense Against Indirect Prompt Injection AttacksGoogle DeepMind has developed an ongoing process to counter the continuously evolving threat from Agentic AI’s bete noir: adaptive indirect prompt injection attacks. Indirect prompt injection (IPI) attacks are a serious threat to agentic AI. They interfere with the inference stag…SECURITYWEEK.COM
21 MayWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
21 MayRSAC Fireside Chat: Enterprise browsers arise to align security with the modern flow of workA quiet but consequential shift is underway in enterprise workspace security. The browser has effectively become the new operating system of business. Related: Gartner’s enterprise browser review It didn’t happen all at once. But as SaaS took over, remote work … (more…LASTWATCHDOG.COM
21 MayDero miner spreads inside containerized Linux environmentssubmitted by cm0002 to cybersecurity 3 points | 0 comments https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/INFOSEC.PUB
21 MayCortex Cloud — Unified Efficiency, Now with Dual FedRAMP AuthorityCortex Cloud achieved FedRAMP High and Moderate authorizations since its Feb 2025 launch, highlighting its secure cloud commitment. The post Cortex Cloud — Unified Efficiency, Now with Dual FedRAMP Authority appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
21 MayGenAI Security Is the New BYOD 🚨Businesses didn’t get to choose if mobile devices or the cloud became part of their ecosystem—and now GenAI is forcing the same conversation. In this short, cybersecurity expert Katie breaks down why GenAI security isn’t optional anymore and why it's the new BYOD-level business r…YOUTUBE.COM
21 MayHackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from EmployeesReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate payroll fraud against a manufacturing sector customer. This deceptive strategy involves crafting fake authentication portals that mirror legitimate organizational login pa…GBHACKERS.COM
21 MayHackers Target Mobile Users Using PWA JavaScript to Bypass Browser SecurityA sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript to deliver a Chinese adult-content Progressive Web App (PWA) scam. This attack, which redirects users to sites like hxxps://xjdm166[.]com, leverages the uniq…GBHACKERS.COM
21 MayMicrosoft Sinkholes Domains, Disrupts Notorious ‘Lumma Stealer’ Malware OperationRedmond’s threat hunters found 394,000 Windows systems talking to Lumma controllers, a victim pool included global manufacturers. The post Microsoft Sinkholes Domains, Disrupts Notorious ‘Lumma Stealer’ Malware Operation appeared first on SecurityWeek .SECURITYWEEK.COM
21 MayNew Variant of Crypto Confidence Scamsubmitted by Pro to cybersecurity 1 points | 0 comments https://isc.sans.edu/diary/rss/31968INFOSEC.PUB
21 MayGenAI Adoption Just Doubled — Are You Falling Behind?GenAI adoption jumped from 12% in 2024 to 22% in 2025 — that’s nearly double in just one year. In this clip, cybersecurity pros Matthew Alderman and Ben Carr break down what that explosive growth means for security teams. As more organizations appoint Chief AI Officers (CAIOs) wh…YOUTUBE.COM
21 MayLumma infostealer malware operation disrupted, 2,300 domains seizedsubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/security/lumma-infostealer-malware-operation-disrupted-2-300-domains-seized/SH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 3[−]
21 MayFake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential VictimsCounterfeit Facebook pages and sponsored ads on the social media platform are being employed to direct users to fake websites masquerading as Kling AI with the goal of tricking victims into downloading malware. Kling AI is an artificial intelligence (AI)-powered platform to synth…THEHACKERNEWS.COM
21 MayPureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian FirmsRussian organizations have become the target of a phishing campaign that distributes malware called PureRAT, according to new findings from Kaspersky. "The campaign aimed at Russian business began back in March 2023, but in the first third of 2025 the number of attacks quadrupled…THEHACKERNEWS.COM
21 MayLumma infostealer malware operation disrupted, 2,300 domains seizedEarlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains, part of its infrastructure backbone worldwide. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 11[−]
21 MayResearchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam AppsCybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult-content Progressive Web App (PWA) scam. "While the payload itself is nothing new (yet another adult gambling scam),…THEHACKERNEWS.COM
21 MaySecuring CI/CD workflows with WazuhContinuous Integration and Continuous Delivery/Deployment (CI/CD) refers to practices that automate how code is developed and released to different environments. CI/CD pipelines are fundamental in modern software development, ensuring code is consistently tested, built, and deplo…THEHACKERNEWS.COM
21 MayData-stealing Chrome extensions impersonate Fortinet, YouTube, VPNsA Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. [...]BLEEPINGCOMPUTER.COM
21 MayHow One Idea Transformed Network Virtualization!He saw a major flaw in network virtualization and decided to fix it. Instead of relying on traditional computing virtualization, he built a completely virtualized network at the infrastructure level. The result? A revolutionary technology that’s transforming cloud connectivity as…YOUTUBE.COM
21 MayNew Variant of Crypto Confidence Scam, (Wed, May 21st)In February, we had a few diaries about crypto wallet scams. We saw these scams use YouTube comments, but they happened via other platforms and messaging systems, not just YouTube [1]. The scam was a bit convoluted: The scammer posted the secret key to their crypto wall…ISC.SANS.EDU
21 MayThis Company Almost Hired a Ghost Employee! 👻This company just uncovered a shocking case of job fraud! 😱 After interviewing what seemed like a real candidate, the CEO quickly realized something was off. The applicant struggled to answer basic location questions, giving vague responses like "West Coast" instead of a specific…YOUTUBE.COM
21 MayWhat is cyber-resilience, and how to start implementing itKey components of a cyber-resilience strategy, and practical aspects of its implementation.KASPERSKY.COM
21 MaySophos Firewall v21.5: Streamlined managementHow to make the most of the new features in Sophos Firewall v21.5.SOPHOS.COM
21 MaySignal resorts to “weird trick” to block Windows Recall in Desktop appEven after its refurbishing, Recall provides few ways to exclude specific apps.ARSTECHNICA.COM
21 MayOpenAI hints at a big upgrade for ChatGPT Operator AgentChatGPT's Operator, which is still in research preview, will soon become a "very useful tool," according to Jerry Tworek, VP of Research at OpenAI. [...]BLEEPINGCOMPUTER.COM
21 MayAnthropic web config hints at Claude Sonnet 4 and Opus 4Anthropic is secretly working on two new models called Claude Sonnet 4 and Opus 4, which are believed to be the company's most advanced AI models. [...]BLEEPINGCOMPUTER.COM