99Articles
8Categories
2025-05-27Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
27 MayArm Mali GPU Vulnerability Enables Bypass of MTE and Arbitrary Kernel Code ExecutionA critical vulnerability, identified as CVE-2025-0072, has been discovered in the Arm Mali GPU driver, posing a significant threat to devices with newer Mali GPUs utilizing the Command Stream Frontend (CSF) architecture, including Google’s Pixel 7, 8, and 9 series. This flaw, rep…GBHACKERS.COM
27 MaySiemens SiPass Flaw Allows Remote Attackers to Cause DoS ConditionsSiemens has released a security advisory (SSA-041082) concerning a critical out-of-bounds read vulnerability, tracked as CVE-2022-31812, affecting all SiPass integrated versions before V2.95.3.18. The flaw, if exploited, could allow unauthenticated remote attackers to trigger a d…GBHACKERS.COM
27 MayGIMP Image Editor Vulnerability Allows Remote Attackers to Execute Arbitrary CodeTwo major security vulnerabilities have been found in the widely used GIMP image editing software, potentially allowing remote attackers to execute arbitrary code on affected systems, according to security researchers. The vulnerabilities, labeled CVE-2025-2760 and CVE-2025-2761,…GBHACKERS.COM
27 MayMozilla Quickly Fixes Firefox Vulnerabilities from Pwn2Own 2025 with Urgent PatchesAt this year’s Pwn2Own Berlin, security researchers successfully demonstrated two new zero-day exploits against Mozilla Firefox, targeting the browser’s content process. The vulnerabilities—CVE-2025-4918 and CVE-2025-4919—were both found in Firefox’s JavaScript engine and allowed…GBHACKERS.COM
27 MayHackers Exploit Craft CMS Vulnerability to Inject Cryptocurrency Miner MalwareThreat actors have exploited a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-32432, in the Craft Content Management System (CMS). Discovered by Orange Cyberdefense in mid-February 2025 and publicly disclosed on April 25, 2025, this flaw carries a maxi…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 32[−]
27 May KEVDiese Social-Engineering-Trends sollten Sie kennenBeim Social Engineering nutzen Cyberkriminelle menschliches Verhalten für ihre Zwecke aus. Dabei lassen sich folgende Trends beobachten. Agor2012 – shutterstock.com Anstatt auf fortschrittliche Tools oder komplexe Skripte zu setzen, dringen erfahrene Angreifer in Systeme ein und …CSOONLINE.COM
27 MayHow CISOs can defend against Scattered Spider ransomware attacksThe UK’s Marks & Spencer suffered a cyberattack in late April that damaged the high-end retailer’s operations and is expected to cost the company over $400 million. That attack was quickly followed by similar incidents that struck two other iconic British retailers, Harrods a…CSOONLINE.COM
27 MayHow Google Meet Pages Are Exploited to Deliver PowerShell MalwareA new wave of cyberattacks exploits user trust in Google Meet by deploying meticulously crafted fake meeting pages that trick victims into running malicious PowerShell commands. This campaign, dubbed ClickFix, leverages advanced social engineering tactics, bypassing traditional s…GBHACKERS.COM
27 MayCritical GitHub MCP Server Vulnerability Allows Unauthorized Access to Private RepositoriesA critical vulnerability in the widely-used GitHub MCP integration, boasting over 14,000 stars on GitHub, has been uncovered by Invariant Labs, posing a severe risk to users’ private repository data. This flaw, identified through Invariant’s automated security scanners, enables a…GBHACKERS.COM
27 MayHackers Exploit HTTP/2 Flaw to Launch Arbitrary Cross-Site Scripting AttacksA groundbreaking study from Tsinghua University and Zhongguancun Laboratory has uncovered critical vulnerabilities in modern web infrastructure, revealing that HTTP/2 server push and Signed HTTP Exchange (SXG) features can be exploited to bypass the Same-Origin Policy (SOP)—a cor…GBHACKERS.COM
27 MayAdidas warns of data breach after customer service provider hackGerman sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. [...]BLEEPINGCOMPUTER.COM
27 MayEarth Lamia Develops Custom Arsenal to Target Multiple IndustriesTrend™ Research has been tracking an active APT threat actor named Earth Lamia, targeting multiple industries in Brazil, India and Southeast Asia countries at least since 2023. The threat actor primarily exploits vulnerabilities in web applications to gain access to targeted orga…TRENDMICRO.COM
27 MayRed Hat and AMD Team Up to Boost AI Processing Power and PerformanceRed Hat, Inc., the global leader in open source solutions, has announced a strategic collaboration with AMD, a pioneer in high-performance and adaptive computing, to revolutionize the way organizations build, deploy, and manage artificial intelligence (AI) workloads. This partner…GBHACKERS.COM
27 MayAI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Ab... - ASW #332ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, developers and security teams cut through the noise, prioritize risks, and make faster,…YOUTUBE.COM
27 MayDragonForce actors target SimpleHelp vulnerabilities to attack MSP, customersRansomware actor exploited RMM to access multiple organizations; Sophos EDR blocked encryption on customer’s networkSOPHOS.COM
27 MayMultiple Vulnerabilities in Hardy Barth EV Station Allow Unauthenticated Network AccessCritical security flaws have been identified in the eCharge Hardy Barth cPH2 and cPP2 charging stations, specifically affecting firmware version 2.2.0. These vulnerabilities, discovered by Stefan Viehböck of SEC Consult Vulnerability Lab, expose electric vehicle (EV) charging inf…GBHACKERS.COM
27 MayAdidas Customer Information Compromised Through Third-Party VendorGerman sportswear giant Adidas has confirmed a data breach after cybercriminals accessed customer data through a third-party customer service provider. The breach, disclosed on May 23, 2025, did not involve sensitive information such as passwords or payment details but did expose…GBHACKERS.COM
27 MayChinese-Owned VPNsOne one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain. A new study found that many commercials VPNS are (often surreptitiously) owned by Chinese companies. I…SCHNEIER.COM
27 MayHackers drop 60 npm bombs in less than two weeks to recon dev machinesThreat actors have likely made off with sensitive host and network information from developers’ systems in a coordinated malware campaign, involving 60 malicious npm packages, that were live for just under two weeks. According to a Socket discovery, these packages were distribute…CSOONLINE.COM
27 MayWer landet im Netz der Cyber-Spinne?Nachdem die Hackergruppe Scattered Spider unter britischen Einzelhändlern gewütet hat, verstärkt sie ihre Kooperation mit RaaS und weitet ihr Jagdgebiet aus. enzozo – shutterstock.com Der britische Einzelhändler Marks & Spencer wurde Ende April durch eine Cyberattacke erhebli…CSOONLINE.COM
27 MayQuantencomputer knacken RSA-Verschlüsselungen noch schnellersrcset="https://b2b-contenthub.com/wp-content/uploads/2025/05/shutterstock_2307333723.jpg?quality=50&strip=all 3349w, https://b2b-contenthub.com/wp-content/uploads/2025/05/shutterstock_2307333723.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
27 MayNew Guidance for SIEM and SOAR ImplementationToday, CISA, in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international and U.S. partners, released new guidance for organizations seeking to procure Security Information and Event Management (SIEM) and Securit…CISA.GOV
27 MayWordPress TI WooCommerce Wishlist Plugin Flaw Puts Over 100,000 Websites at Risk of CyberattackA severe security flaw has been identified in the TI WooCommerce Wishlist plugin, a widely used WordPress extension with over 100,000 active installations. This plugin enables WooCommerce store owners to integrate wishlist functionality into their online shops, often alongside ot…GBHACKERS.COM
27 MayNot Every CVE Deserves a Fire Drill: Focus on What’s ExploitableNot every "critical" vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what's actually exploitable in your environment — so you can patch what matters. [...]BLEEPINGCOMPUTER.COM
27 MayGovernment Calls on Organizations to Adopt SIEM and SOAR SolutionsIn a landmark initiative, international cybersecurity agencies have released a comprehensive series of publications to guide organizations through the implementation and prioritization of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and…GBHACKERS.COM
27 MayDragonForce Ransomware Hackers Exploiting SimpleHelp VulnerabilitiesSophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a managed service provider. The post DragonForce Ransomware Hackers Exploiting SimpleHelp Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayNIST Introduces New Metric to Measure Likelihood of Vulnerability Exploitssubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/nist-metric-lev-likelihood/INFOSEC.PUB
27 MayCISA Releases One Industrial Control Systems AdvisoryCISA released one Industrial Control Systems (ICS) advisory on May 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-146-01 Johnson Controls iSTAR Configuration Utility (ICU) Tool CISA encou…CISA.GOV
27 MayThey Got Hacked... Without Leaving GitHub 😱Developers think they're safe working directly in GitHub — but what happens when a high-severity vulnerability slips into a pull request without warning? This short reveals how cybersecurity teams are shifting left, integrating real-time security checks into developers’ workflows…YOUTUBE.COM
27 MayCode security in the AI era: Balancing speed and safety under new EU regulationsThe rapid adoption of AI for code generation has been nothing short of astonishing, and it’s completely transforming how software development teams function. According to the 2024 Stack Overflow Developer Survey , 82% of developers now use AI tools to write code. Major tech compa…CSOONLINE.COM
27 MayGitHub MCP Server Vulnerability Let Attackers Access Private Repositoriessubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/github-mcp-server-vulnerability/SH.ITJUST.WORKS
27 MayCybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto WalletsCybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT. The campaign indicates a "clear intent to target individuals for fi…THEHACKERNEWS.COM
27 MayThreat Actors Are Using AI-Generated Audio to Impersonate U.S. OfficialsThe FBI is warning that threat actors are impersonating senior US officials in phishing attacks designed to compromise users’ accounts.KNOWBE4.COM
27 MayDragonForce ransomware abuses MSP’s SimpleHelp RMM to encrypt customersThe DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems. [...]BLEEPINGCOMPUTER.COM
27 MayNew Russian APT group Void Blizzard targets NATO-based orgs after infiltrating Dutch policeA new cyberespionage group linked to the Russian government has been targeting organizations from a variety of sectors for over a year. Dubbed Void Blizzard by Microsoft Threat Intelligence and Laundry Bear by Dutch intelligence services, the group leverages compromised credentia…CSOONLINE.COM
27 MayDragonForce ransomware abuses SimpleHelp in MSP supply chain attackThe DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems. [...]BLEEPINGCOMPUTER.COM
27 MayCyberRiskTV Live Coverage from Identiverse 2025 - Day 3CyberRisk Alliance's Security Weekly broadcasting live from the CyberRiskTV Studio on the show floor at Identiverse 2025 at Mandalay Bay in Las Vegas! Schedule (PT): 10:10am - Show Intro ft. Adrian Sanabria & Jackie McGuire 10:40am - Securing Digital Trust: How AI is Redefining O…YOUTUBE.COM
📢 SECURITY ADVISORIES 4[−]
27 MayCISA loses nearly all top officials as purge continuessubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.cybersecuritydive.com/news/cisa-senior-official-departures/748992/INFOSEC.PUB
🔥 INCIDENT REPORTING 16[−]
27 MayWeekly Update 453Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Well, the last few weeks of insane hours finally caught up with me 🤒 Not badly, but I evidently burned enough midnight oil to l…TROYHUNT.COM
27 MayFree - 13,926,173 breached accountsIn October 2024, French ISP "Free" suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical addresses, phone numbers, genders, dates of birth and for many records, I…HAVEIBEENPWNED.COM
27 MayResearchers Uncover macOS ‘AppleProcessHub’ Stealer: TTPs and C2 Server Details RevealedResearchers have identified a novel information-stealing malware dubbed ‘AppleProcessHub,’ designed to infiltrate Apple systems and exfiltrate sensitive user data. This discovery sheds light on an evolving threat landscape where macOS, often considered a secure platfo…GBHACKERS.COM
27 MayRussian Void Blizzard cyberspies linked to Dutch police breachA previously unknown Russian-backed cyberespionage group now tracked as Void Blizzard has been linked to a September 2024 Dutch police security breach. [...]BLEEPINGCOMPUTER.COM
27 MayRussian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra PagesMicrosoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to "worldwide cloud abuse." Active since at least April 2024, the hacking group is…THEHACKERNEWS.COM
27 MayIranian Cybergroup Toufan Targets Organizations to Steal Login CredentialsA pro-Palestinian cybergroup called Cyber Toufan, which means “cyber storm,” has become a serious threat to Israeli groups in the changing digital battlefield of the Israel-Gaza war. Over the past year, this ideologically driven group has orchestrated over 100 breache…GBHACKERS.COM
27 MayVelvet Chollima APTHackers Target Government Officials Using Weaponized PDFsThe DPRK-linked Velvet Chollima Advanced Persistent Threat (APT) group has launched a sophisticated cyberattack campaign targeting South Korean government officials, as well as NGOs, government agencies, and media organizations across North America, South America, Europe, and Eas…GBHACKERS.COM
27 MayMATLAB dev confirms ransomware attack behind service outageMathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage. [...]BLEEPINGCOMPUTER.COM
27 MayDutch Intelligence Agencies Say Russian Hackers Stole Police Data in CyberattackThe agencies said that the group, which they called Laundry Bear, is actively trying to steal sensitive data from EU and NATO countries and is “extremely likely Russian state supported.” The post Dutch Intelligence Agencies Say Russian Hackers Stole Police Data in Cyberattack app…SECURITYWEEK.COM
27 MayHackers Use Fake OneNote Login to Capture Office365 and Outlook CredentialsA recent investigation by security analysts has uncovered a persistent phishing campaign targeting Italian and U.S. users, utilizing a chain of free cloud platforms and Telegram bots for credential harvesting and data exfiltration. The attack typically begins with a phishing page…GBHACKERS.COM
27 MayIranian Man Pleads Guilty to Role in Baltimore Ransomware AttackSina Gholinejad pleaded guilty to computer-fraud and wire-fraud-conspiracy charges linked to the Robbinhood ransomware hit on Baltimore. The post Iranian Man Pleads Guilty to Role in Baltimore Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayAdidas warns of data breach after customer service provider hacksubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/adidas-warns-of-data-breach-after-customer-service-provider-hack/SH.ITJUST.WORKS
27 MayCoca-Cola, Bottling Partner Named in Separate Ransomware and Data Breach Claimssubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/coca-cola-bottling-partner-ransomware-data-breach/SH.ITJUST.WORKS
27 MayIranian pleads guilty to RobbinHood ransomware attacks, faces 30 yearsAn Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span. [...]BLEEPINGCOMPUTER.COM
27 MayMajor AT&T leak exposed 31M records, hackers claimsubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/att-data-breach-millions-records-claimed/SH.ITJUST.WORKS
27 MayAdidas customers’ personal information at risk after data breachLovers of Adidas clothes would be wise to be on their guard against phishing attacks, after the German sportswear giant revealed that a cyber attack had exposed the personal information of customers. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
🕵️ THREAT INTELLIGENCE 30[−]
27 MayISC Stormcast For Tuesday, May 27th, 2025 https://isc.sans.edu/podcastdetail/9466, (Tue, May 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 MayRussia-Linked Hackers Target Tajikistan Government with Weaponized Word DocumentsThe Russia-aligned threat actor known as TAG-110 has been observed conducting a spear-phishing campaign targeting Tajikistan using macro-enabled Word templates as an initial payload. The attack chain is a departure from the threat actor's previously documented use of an HTML Appl…THEHACKERNEWS.COM
27 MayNew Android Malware GhostSpy Grants Attackers Full Control Over Infected DevicesA chilling new Android malware, dubbed GhostSpy, has emerged as a significant threat to mobile security, according to a detailed report by CYFIRMA. This high-risk malware employs advanced evasion, persistence, and surveillance techniques to seize complete control over infected de…GBHACKERS.COM
27 MayLaw Firms Warned of Silent Ransom Group AttacksThe FBI warns US law firms that the Silent Ransom Group (SRG) has been constantly targeting the legal industry. The post Law Firms Warned of Silent Ransom Group Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayNew Russia-affiliated actor Void Blizzard targets critical sectors for espionageMicrosoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void Blizzard’s cyberespionage op…MICROSOFT.COM
27 MaySilver RAT Malware Employs New Anti-Virus Bypass Techniques to Execute Malicious ActivitiesA newly identified strain of malware, dubbed Silver RAT, has emerged as a significant threat to cybersecurity, leveraging sophisticated anti-virus bypass techniques to infiltrate and compromise Windows-based systems. This remote access trojan (RAT), believed to be crafted by a hi…GBHACKERS.COM
27 MayNew Russia-affiliated actor Void Blizzard targets critical sectors for espionagesubmitted by Pro to cybersecurity 1 points | 0 comments https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/INFOSEC.PUB
27 MayNew Russia-affiliated actor Void Blizzard targets critical sectors for espionagesubmitted by Pro to cybersecurity 3 points | 0 comments https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/SH.ITJUST.WORKS
27 MayWindows 11 Notepad Introduces AI-Powered Writing with Copilot IntegrationMicrosoft’s venerable Notepad, a staple of Windows since the 1980s, is undergoing its most significant transformation yet. With the latest Windows 11 Insider builds, Notepad now features integrated generative AI, turning the once-basic text editor into a creative and technical as…GBHACKERS.COM
27 MayInside the $111 Billion Cloud Security Market: Acquisition, Expansion, and Where to Aim NextAs cloud security spending surges to $111 billion, new data highlights Microsoft's dominance, the U.S. market's outsized role, and Google's strategic acquisition of Wiz. The post Inside the $111 Billion Cloud Security Market: Acquisition, Expansion, and Where to Aim Next appeared…SECURITYWEEK.COM
27 MayAPT36 and Sidecopy Hackers Target India’s Critical Infrastructure with Malware AttacksSeqrite Labs, India’s largest malware analysis facility, has uncovered a sophisticated campaign dubbed Operation Sindoor, orchestrated by Pakistan-aligned threat groups APT36 and Sidecopy. Launched on May 7, 2025, this state-sponsored Advanced Persistent Threat (APT) activity, co…GBHACKERS.COM
27 MayMicrosoft Alerts on Void Blizzard Hackers Targeting Telecommunications and IT SectorsMicrosoft Threat Intelligence Center (MSTIC) has issued a critical warning about a cluster of global cloud abuse activities orchestrated by a threat actor tracked as Void Blizzard, also known as LAUNDRY BEAR. Assessed with high confidence to be Russia-affiliated, Void Blizzard ha…GBHACKERS.COM
27 MayOngoing Campaign Uses 60 NPM Packages to Steal DataSecurity firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information. The post Ongoing Campaign Uses 60 NPM Packages to Steal Data appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayRussian Government Hackers Caught Buying Passwords from CybercriminalsMicrosoft flags a new Kremlin hacking team buying stolen usernames and passwords from infostealer markets for use in cyberespionage attacks. The post Russian Government Hackers Caught Buying Passwords from Cybercriminals appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayThreat Actors Use Fake DocuSign Notifications to Steal Corporate DataDocuSign has emerged as a cornerstone for over 1.6 million customers worldwide, including 95% of Fortune 500 companies, and boasts a user base exceeding one billion. However, this widespread adoption has made DocuSign a prime target for cybercriminals. Leveraging the platformR…GBHACKERS.COM
27 MayWhy the Data Center Boom Might Kill Itself 💀As global demand for data storage skyrockets, no one expected the infrastructure to crack under its own weight. In this jaw-dropping short, cybersecurity expert Jackie McGuire exposes the hidden danger behind exponential growth in data centers. From 90-month generator delays to d…YOUTUBE.COM
27 MayNew Attack Bypasses HTTP/2 Security for Arbitrary Cross-Site Scriptingsubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/http-2-security-arbitrary-cross-site-scripting/SH.ITJUST.WORKS
27 MayOver 70 Malicious npm and VS Code Packages Found Stealing Data and Cryptosubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2025/05/over-70-malicious-npm-and-vs-code.htmlSH.ITJUST.WORKS
27 MayThe future of AI agents—and why OAuth must evolveOur industry needs to continue working together on identity standards for agent access across systems. Read about how Microsoft is building a robust and sophisticated set of agents. The post The future of AI agents—and why OAuth must evolve appeared first on Microsoft Security Bl…TECHCOMMUNITY.MICROSOFT.COM
27 MayWhere’s Clippy Now? Microsoft Just Dropped a Bomb at Build 2025At Build 2025, Microsoft stunned developers by announcing a new "Advanced Settings" menu in Windows 11—something that wasn’t even on Doug’s system yet. While joking about Clippy's mysterious whereabouts, Doug dives into what this feature could mean for customizing File Explorer a…YOUTUBE.COM
27 MayMalicious Machine Learning Model Attack Discovered on PyPIsubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/malicious-machine-learning-model/SH.ITJUST.WORKS
27 MayWindows Server emergency update fixes Hyper-V VM freezes, restart issuessubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/microsoft/windows-server-emergency-update-fixes-hyper-v-vm-freezes-restart-issues/SH.ITJUST.WORKS
27 MayNew Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrencysubmitted by kid to cybersecurity 4 points | 0 comments https://thehackernews.com/2025/05/new-self-spreading-malware-infects.htmlSH.ITJUST.WORKS
27 MayBIOS under attack: hackers increasingly focus on boot threatssubmitted by kid to cybersecurity 5 points | 1 comments https://cybernews.com/security/hackers-targeting-uefi-bios-bootloaders/SH.ITJUST.WORKS
27 MayIf I Had Only 20 Seconds To Teach People How To Avoid ScamsHuman risk management involves more than security awareness training , but training is a huge part of the mix.KNOWBE4.COM
27 MayThe Lost Art of Writing Things DownI was once enrolled in a programming module back at university. We had been given a task, to code something, so we all sat banging out whatever code we could on our keyboards.KNOWBE4.COM
27 MayAP Tests, Hyper-V, Notepad, Google, Nova Scotia, NHI, Bond, Josh Marpet, and more... - SWN #480AP Tests, Hyper-V, Notepad, Google, Nova Scotia, NHI, Bond, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-480YOUTUBE.COM
27 MayZscaler to Acquire MDR Specialist Red CanaryZscaler signals a big push into the security-operations market with the announcement of plans to buy Denver-based Red Canary. The post Zscaler to Acquire MDR Specialist Red Canary appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayCyberRiskTV Live Coverage from Identiverse 2025 - Day 2CyberRisk Alliance's Security Weekly broadcasting live from the CyberRiskTV Studio on the show floor at Identiverse 2025 at Mandalay Bay in Las Vegas! Schedule (PT): 12:10pm - The Identity Security Paradox ft. John Pritchard, CEO at Radiant Logic 12:30pm - LUNCH BREAK 1:40pm - Fr…YOUTUBE.COM
27 MayCyberRiskTV Live Coverage from Identiverse 2025 - Day 1CyberRisk Alliance's Security Weekly broadcasting live from the CyberRiskTV Studio on the show floor at Identiverse 2025 at Mandalay Bay in Las Vegas! Schedule (PT): 4:10pm - Show Intro ft. Adrian Sanabria & Jackie McGuire 4:40pm - Imprivata Executive Interview 7:40pm - Show Wrap…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
27 MayNew Self-Spreading Malware Infects Docker Containers to Mine Dero CryptocurrencyMisconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. The attacks, designed to mine for Dero currency, is notable for its worm-like capabilities to propagate the malware to other exposed Docke…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
27 MayThe AI Fix #52: AI adopts its own social norms, and AI DJ creates diversity scandalIn episode 52 of The AI Fix, our hosts watch a non-existent musical about garlic bread, Graham shares a summer reading list of books that don't exist, Mark feels nauseous after watching a video of Sam Altman and Jony Ive waffling about products that don't exist, some non-existent…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 10[−]
27 MayHackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth’s Stealth Phishing CampaignThe U.S. Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over the past two years. The campaign leverages "information technology (IT) themed social engineering calls, and c…THEHACKERNEWS.COM
27 MayWindows Server emergency update fixes Hyper-V VM freezes, restart issuesMicrosoft has released an emergency update to address a known issue causing some Hyper-V virtual machines with Windows Server 2022 to freeze or restart unexpectedly. [...]BLEEPINGCOMPUTER.COM
27 MayEmployees Searching Payroll Portals on Google Tricked Into Sending Paychecks to HackersThreat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud. The activity, first detected by ReliaQuest in May 2025 targeting an unnamed customer in the manufac…THEHACKERNEWS.COM
27 MayThe ChoiceJacking attack: stealing smartphone photos and data while charging via USB | Kaspersky official blogUSB data theft: a new method of hacking smartphones while charging emerges in 2025KASPERSKY.COM
27 MayAI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at ScaleArtificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot’s code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non‑hum…THEHACKERNEWS.COM
27 MayTrend Micro Leading the Fight to Secure AINew MITRE ATLAS submission helps strengthen organizations’ cyber resilienceTRENDMICRO.COM
27 MayA 2% Risk That Could CRASH a Multi-Billion Dollar Empire!A massive company made a simple mistake—ignoring cybersecurity risks in an acquisition. Now, their entire multi-billion dollar empire is at stake! 😱 A 2% risk might not sound like much, but in global revenue, that’s enough to bring a giant to its knees. Watch as experts break dow…YOUTUBE.COM
27 MaySecuring Your SSH authorized_keys File, (Tue, May 27th)This is nothing "amazingly new", but more of a reminder to secure your "authorized_keys" file for SSH. One of the first things I see even simple bots do to obtain persistent access to a UNIX system is to add a key to the authorized_keys file of whatever account they are…ISC.SANS.EDU
27 MayWord to the wise: Beware of fake Docusign emailsCybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate dataWELIVESECURITY.COM