🚨 CISA KEV 1[−]
2 Jul KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-6554 Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
2 JulAnthropic MCP Inspector Vulnerability Lets Hackers Run Arbitrary Code RemotelyA newly disclosed vulnerability in Anthropic’s Model Context Protocol (MCP) Inspector tool has sent shockwaves through the AI development community, exposing a critical attack vector that could allow hackers to execute arbitrary code on developers’ machines—simply by luring them …GBHACKERS.COM
2 JulOver 600K WordPress Sites at Risk Due to Critical Plugin VulnerabilityA critical security flaw in the popular Forminator WordPress plugin has put more than 600,000 websites worldwide at risk of remote takeover, according to recent disclosures from security firm Wordfence and independent researchers. The vulnerability, tracked as CVE…GBHACKERS.COM
2 JulNessus Vulnerabilities on Windows Enables Arbitrary System File OverwritesA critical security vulnerability has been discovered and patched in Tenable’s Nessus vulnerability scanner for Windows, potentially allowing non-administrative users to overwrite any system file with SYSTEM-level privileges. This flaw, tracked as CVE-2025-36630, impacts all Ness…GBHACKERS.COM
2 Jul KEVCISA Issues Alert on TeleMessage TM SGNL Flaws Actively ExploitedThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert after adding two newly discovered vulnerabilities in the TeleMessage TM SGNL messaging platform to its Known Exploited Vulnerabilities (KEV) Catalog. These flaws CVE-2025-48927 and C…GBHACKERS.COM
2 JulCritical RCE flaw in Anthropic’s MCP inspector exposes developer machines to remote attacksA critical remote code execution (RCE) bug in Anthropic’s Model Context Protocol (MCP) inspector tool could allow attackers to run arbitrary commands on developer machines when they visit a malicious website. MCP inspector is a tool that helps developers test and debug AI agent i…CSOONLINE.COM
2 JulYONO SBI Banking App Vulnerability Exposes Users to Man-in-the-Middle AttackA critical security flaw has been discovered in the widely used YONO SBI: Banking & Lifestyle app, potentially exposing millions of users to man-in-the-middle (MITM) attacks and putting sensitive financial data at risk. The vulnerability, catalogued as CVE-2025-45080, affects…GBHACKERS.COM
2 Jul KEVAuf der Suche nach Alternativen zum CVE-ProgrammSollte das CVE-Programm eingestellt werden, wäre die Bewertung und Behebung von Sicherheitslücken schwieriger. Dave Hoeek – shutterstock.com Der jüngste kurze Panikausbruch wegen der möglichen Einstellung des Common Vulnerabilities and Exposures ( CVE )-Programms hat die starke A…CSOONLINE.COM
2 JulCVE-2025-49713 Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityAccess of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
2 JulVercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at ScaleUnknown threat actors have been observed weaponizing v0, a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts. "This observation signals a new evolution in the weaponization of Generative AI by thr…THEHACKERNEWS.COM
2 JulHow cybersecurity leaders can defend against the spur of AI-driven NHIMachine identities pose a big security risk for enterprises, and that risk will be magnified dramatically as AI agents are deployed. According to a report by cybersecurity vendor CyberArk, machine identities — also known as non-human identities (NHI) — now outnumber humans by 82 …CSOONLINE.COM
2 JulFileFix Attack Exploits Windows Browser Loophole to Evade Mark-of-the-Web SecurityA newly identified attack vector, dubbed the “FileFix Attack,” has surfaced, exploiting a subtle yet critical loophole in how modern browsers like Google Chrome and Microsoft Edge handle saved web content. This technique cunningly sidesteps the Windows Mark-of-the-Web…GBHACKERS.COM
2 JulChinese Houken Group Exploits Ivanti CSA Zero-Days to Install Linux RootkitsThe French National Agency for the Security of Information Systems (ANSSI) has uncovered a sophisticated cyberattack campaign orchestrated by a threat group dubbed “Houken.” This group, suspected to be linked to the Chinese intrusion set UNC5174, exploited multiple ze…GBHACKERS.COM
2 Jul KEVCISA Warns of Two Exploited TeleMessage VulnerabilitiesCISA says two more vulnerabilities in the messaging application TeleMessage TM SGNL have been exploited in the wild. The post CISA Warns of Two Exploited TeleMessage Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulWhy every company needs a travel security programIn today’s heightened geopolitical climate, business travel is no longer a routine operational necessity — it’s a strategic exposure. Whether you’re operating across six continents or sending one specialist to a trade show abroad, travel carries risk. Corporate espionage, digital…CSOONLINE.COM
2 JulForminator WordPress Plugin Vulnerability Exposes 400,000 Websites to TakeoverA vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites. The post Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulScattered Spider shifts focus to airlines as strikes hit Hawaiian, WestJet — and now QantasA data breach at Qantas via a third-party service is typical of the Scattered Spider attack group, experts say. “Qantas’ cyber breach bears the hallmarks of Scattered Spider, the same group behind recent attacks on Hawaiian Airlines, WestJet, and Marks & Spencer — likely thro…CSOONLINE.COM
2 JulUbuntu Disables Spectre/Meltdown ProtectionsA whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops…SCHNEIER.COM
2 JulSecuring the next wave of workload identities in the cloudIt was a moment of realization for our mid-size law team. As we were constructing a new cloud-native analytics pipeline that spanned our private data center and public clouds, we found ourselves distributing API keys and identity and access management (IAM) roles with abandon. In…CSOONLINE.COM
2 JulHackers Target Linux SSH Servers to Deploy TinyProxy and Sing-Box Proxy ToolsHackers are exploiting poorly managed Linux servers, particularly those with weak SSH credentials, to install proxy tools such as TinyProxy and Sing-box. The AhnLab Security Intelligence Center (ASEC) has been closely monitoring these intrusions through honeypots mimicking vulner…GBHACKERS.COM
2 JulSecond espionage-linked cyberattack hits ICC, exposing persistent threats to global justice systemsThe International Criminal Court (ICC) has fallen victim to another sophisticated cyberattack, the second major cyber espionage attempt targeting the war crimes tribunal in just two years. The latest incident occurred last week during the same period that The Hague hosted a high-…CSOONLINE.COM
2 JulEsse Health Data Breach Exposes Personal and Medical Information of 263,000 PatientsEsse Health, a prominent healthcare provider, disclosed a data breach that has potentially exposed the personal and medical information of approximately 263,000 patients. The breach, detected on April 2025, involved unauthorized access to the organization’s network by a cyb…GBHACKERS.COM
2 JulCritical Vulnerability in Microsens Devices Exposes Systems to Hackerssubmitted by kid to cybersecurity 3 points | 0 comments https://gbhackers.com/critical-vulnerability-in-microsens-devices/SH.ITJUST.WORKS
2 JulChrome Zero-Day, 'FoxyWallet' Firefox Attacks Threaten Browserssubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/browsers-targeted-chrome-zero-day-malicious-firefox-extensionsSH.ITJUST.WORKS
2 JulCybercriminals Use Malicious PDFs to Impersonate Microsoft, DocuSign, and Dropbox in Targeted Phishing AttacksCisco’s Talos security team has uncovered a surge in sophisticated phishing campaigns leveraging malicious PDF payloads to impersonate trusted brands like Microsoft, DocuSign, and Dropbox. According to a recent update to Cisco’s brand impersonation detection engine, these a…GBHACKERS.COM
2 JulCl0p data exfiltration tool found vulnerable to RCE attacks • The Registersubmitted by kid to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/07/02/cl0p_rce_vulnerability/SH.ITJUST.WORKS
2 JulCitrix warns of login issues after NetScaler auth bypass patchCitrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gateway appliances. [...]BLEEPINGCOMPUTER.COM
2 JulSixfold surge of ClickFix attacks threatens corporate defensesIncidents of ClickFix — the social engineering attack technique that tricks users into executing malicious code — are skyrocketing. ClickFix attacks typically involve displaying a fake error or counterfeit CAPTCHA verification with the intent of tricking a prospective victim into…CSOONLINE.COM
2 JulCisco warns that Unified CM has hardcoded root SSH credentialsCisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. [...]BLEEPINGCOMPUTER.COM
2 JulForced to Use Edge? Blame Big Daddy Microsoft!Microsoft Edge just wants a little love… but cybersecurity pros aren't buying it. In this hilarious short, Doug White compares Edge’s clingy behavior to a desperate ex — even imagining it crying on a TraumaTok with candy corn in hand. Meanwhile, Big Daddy Microsoft is out here tr…YOUTUBE.COM
2 JulNorth Korean crypto thieves deploy custom Mac backdoorNorth Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. The attackers are also using AppleScript for early stage payloads, including a fake Zoom update. “North Korean-alig…CSOONLINE.COM
2 JulA Vulnerability in Google Chrome Could Allow for Arbitrary Code ExecutionA Vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Successful exploitation of the the vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the use…CISECURITY.ORG
📢 SECURITY ADVISORIES 5[−]
2 JulMicrosoft Intune Update Wipes Custom Security Baseline Tweaks – Admins AlertedMicrosoft has confirmed a significant issue affecting its Intune security baseline update process, causing concern among IT administrators worldwide. The problem, acknowledged by Microsoft in late June, results in custom security baseline configurations being lost when updating t…GBHACKERS.COM
🔥 INCIDENT REPORTING 23[−]
2 JulU.S. Treasury Sanctions Bulletproof Hosting Firm Fueling Ransomware CampaignsThe U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sweeping sanctions on Aeza Group, a Russia-based bulletproof hosting (BPH) provider, for its pivotal role in enabling global cybercrime, including ransomware attacks, data theft, and il…GBHACKERS.COM
2 JulCyberangriff auf australische Fluggesellschaft QantasDie australische Fluggesellschaft Qantas ist Opfer einer Cyberattacke. Ryan Fletcher – shutterstock.com Die australische Fluggesellschaft Qantas ist Opfer eines Cyberangriffs geworden. Hacker hätten sich Zugang zu wichtigen Daten von bis zu sechs Millionen Kundinnen und Kunden ve…CSOONLINE.COM
2 JulQantas Data Breach Impacts Up to 6 Million CustomersAustralian airline Qantas says personal information stolen from systems hosting the service records of 6 million customers. The post Qantas Data Breach Impacts Up to 6 Million Customers appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulCyberattack Targets International Criminal CourtThe International Criminal Court (ICC) has detected and contained a sophisticated and targeted cyberattack. The post Cyberattack Targets International Criminal Court appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulAustralian Airline Qantas Hacked – Attackers Gained Access to Customers Personal DataQantas Airways, Australia’s flagship carrier, has confirmed a major cyberattack that compromised the personal data of up to six million customers, marking one of the largest data breaches in the country’s aviation history. The breach, discovered earlier this week, targeted a thir…GBHACKERS.COM
2 JulWeekly Update 458Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I'm in Austria! Well, I was in Austria, I'm now somewhere over the Aussie desert as I try and end this trip on top of my &quo…TROYHUNT.COM
2 JulU.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind RansomwareThe U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the …THEHACKERNEWS.COM
2 JulInternational Criminal Court Hacked via Sophisticated Cyber CampaignThe International Criminal Court (ICC), the global tribunal responsible for prosecuting serious international crimes, has been targeted by a sophisticated and highly focused cyberattack late last week. The Court confirmed that the incident, which marks the second such breach in r…GBHACKERS.COM
2 JulKelly Benefits Data Breach Impacts 550,000 PeopleAs Kelly Benefits’s investigation into a recent data breach progressed, the number of impacted individuals continued to grow. The post Kelly Benefits Data Breach Impacts 550,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulThat Network Traffic Looks Legit, But it Could be Hiding a Serious ThreatWith nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting the most important…THEHACKERNEWS.COM
2 JulRansomware Reshaped How Cyber Insurers Perform Security Assessmentssubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/cybersecurity-operations/ransomware-reshaped-how-cyber-insurers-perform-security-assessmentsSH.ITJUST.WORKS
2 JulUS Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’The United States has warned of continued Iranian cyberattacks following American strikes on Iran’s nuclear facilities. The post US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’ appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulLike Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective ResponseRansomware is a major threat to the enterprise. Tools and training help, but survival depends on one thing: your organization’s muscle memory to respond fast and recover stronger. The post Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response appe…SECURITYWEEK.COM
2 JulKelly Benefits says 2024 data breach impacts 550,000 customerssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/kelly-benefits-says-2024-data-breach-impacts-550-000-customers/SH.ITJUST.WORKS
2 JulQantas data breach to impact 6 million airline customerssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bbc.com/news/articles/cd6gnyl9923oSH.ITJUST.WORKS
2 JulData breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phonesThe spyware operation's exposed customer email addresses and passwords were shared with data breach notification service Have I Been Pwned.TECHCRUNCH.COM
2 JulWhy “Default Allow” Is A Cybersecurity Disaster Waiting To HappenMost cybersecurity tools still run on a “default allow” model—but that’s exactly how modern threats slip through. In this short, Danny Jenkins explains why “deny by default” isn’t just more secure, it’s actually easier to manage. From hospital networks to airports, critical syste…YOUTUBE.COM
2 JulDrug cartel hacked FBI official’s phone to track and kill informants, report says - Ars Technicasubmitted by kid to cybersecurity 4 points | 0 comments https://arstechnica.com/security/2025/06/mexican-drug-cartel-hacked-fbi-officials-phone-to-track-informant-report-says/SH.ITJUST.WORKS
2 JulSwiss government warns attackers have stolen sensitive data, after ransomware attack at RadixThe Swiss government has issued a warning after a third-party service provider suffered a ransomware attack, which saw sensitive information stolen from its systems and leaked onto the dark web. Read more in my article on the Fortra blog.FORTRA.COM
2 JulDOJ investigates ex-ransomware negotiator over extortion kickbacksAn ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals. [...]BLEEPINGCOMPUTER.COM
2 JulThis Malware Creates a Fake Contact—And You’ll Pick Up the Call!Malware just took social engineering to the next level. In this short, Doug White explains how a new strain of malware can instantly add fake contacts to your phone—so when it calls, the name looks like your bank or a trusted company. Cybersecurity pros, beware: this isn't a futu…YOUTUBE.COM
2 JulAgentic AI Is Cool… Until It Gets You HackedAgentic AI is revolutionizing how code gets written—faster, cleaner, more scalable. But cybersecurity expert Joshua Marpet drops a chilling warning: this same AI doesn’t know how to avoid writing SQL injections, cross-site scripting, or cross-site request forgery vulnerabilities.…YOUTUBE.COM
2 JulWelcoming Truyu to Have I Been Pwned's Partner ProgramPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I always used to joke that when people used Have I Been Pwned (HIBP), we effectively said "Oh no - you've been pwned! Uh, goo…TROYHUNT.COM
🕵️ THREAT INTELLIGENCE 27[−]
2 JulPro-Iran hacktivists borrow from Russia's cyber playbooksubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.axios.com/2025/07/01/iran-hacktivist-israeli-us-strikesINFOSEC.PUB
2 JulThe Value of Zero Trust - Rob Allen - BSW #402New research estimates the value of Zero Trust. Using the Marsh McLennan Cyber Risk Intelligence Center’s proprietary cyber losses dataset from the past eight years, researchers estimated that overall cyber losses could have been potentially reduced by up to 31% had the organizat…YOUTUBE.COM
2 JulBots Now Account for 30% of Global Web Traffic, Surpassing Human Activity in Some RegionsThe Internet, once dominated by human interaction, is undergoing a seismic shift as bots now constitute approximately 30% of global web traffic, according to recent Cloudflare Radar data. In certain regions, automated traffic even outpaces human activity, signaling a transformati…GBHACKERS.COM
2 JulDCRat Targets Windows Systems for Remote Control, Keylogging, Screen Capture, and Data TheftA sophisticated email-based attack distributing a Remote Access Trojan (RAT) known as DCRat has been recently identified by the FortiMail IR team, specifically targeting organizations in Colombia. The campaign, impersonating a Colombian government entity, leverages advanced evasi…GBHACKERS.COM
2 JulHackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing CampaignsCybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. "A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled ph…THEHACKERNEWS.COM
2 JulOffice 365 Introduces New Mail Bombing Detection to Shield UsersMicrosoft has announced a significant security upgrade for its Office 365 platform, introducing a new Mail Bombing Detection feature within Microsoft Defender for Office 365. This enhancement, rolling out globally from late June through early July 2025, is designed to automatical…GBHACKERS.COM
2 JulMicrosoft Ends Authenticator App’s Password Management Support From 2025Microsoft has announced it will discontinue password management features in its widely used Authenticator app, marking a significant shift in its approach to digital security. Starting July 2025, the app’s autofill capability will be disabled, and by August 2025, all saved passwo…GBHACKERS.COM
2 JulCybersecurity M&A Roundup: 41 Deals Announced in June 2025Forty-one cybersecurity merger and acquisition (M&A) deals were announced in June 2025. The post Cybersecurity M&A Roundup: 41 Deals Announced in June 2025 appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulIDE Extensions Like VSCode Allow Attackers to Bypass Trust Checks and Deliver Malware to Developer SystemsOX Research conducted a ground-breaking study in May and June 2025 that revealed concerning security flaws in the extension verification procedures of some of the most popular Integrated Development Environments (IDEs), such as Visual Studio Code (VSCode), Visual Studio, IntelliJ…GBHACKERS.COM
2 JulNew macOS Malware Uses Process Injection and Remote Access to Steal Keychain CredentialsA sophisticated campaign by North Korean (DPRK)-aligned threat actors targeting Web3 and cryptocurrency businesses has been uncovered, showcasing an alarming evolution in macOS malware tactics. According to detailed analysis by SentinelLABS, alongside corroborating reports from H…GBHACKERS.COM
2 JulCyber Insurance Is NOT a Strategy 🚫Most companies think cyber insurance is the strategy. But in this short, Mandy breaks it down: mitigating, transferring, or accepting risk are all part of a bigger cybersecurity picture. Insurance isn’t the plan — it’s just a piece of it. Whether your threat model evolves or your…YOUTUBE.COM
2 JulNessus Vulnerabilities on Windows Enables Arbitrary System File Overwritessubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/nessus-vulnerabilities-on-windows/SH.ITJUST.WORKS
2 JulCrypto Operation Using Fake Investment Platforms Dismantled in Spainsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bitdefender.com/en-us/blog/hotforsecurity/fake-investment-platforms-spainSH.ITJUST.WORKS
2 Julfwd:cloudsec NA 2025submitted by ashar to security_cpe 1 points | 0 comments https://youtube.com/playlist?list=PLCPCP1pNWD7M-hHBOymDR5vkPib0tkZd9 fwd:cloudsec NA 2025 fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud pl…INFOSEC.PUB
2 JulAnalysis of Attacks Targeting Linux SSH Servers for Proxy Installation - ASECsubmitted by kid to cybersecurity 2 points | 0 comments https://asec.ahnlab.com/en/88749/SH.ITJUST.WORKS
2 JulCybersecurity in 2025 Feels Like Pure ChaosIn this short, Paul Nguyen paints a chaotic picture of today’s cybersecurity landscape — where cloud sprawl, third-party vendors, and lack of visibility have turned once-contained networks into tangled spaghetti. Gone are the days of a “hard outer shell.” Everything’s outside the…YOUTUBE.COM
2 JulDozens of fake wallet add-ons flood Firefox store to drain cryptosubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/dozens-of-fake-wallet-add-ons-flood-firefox-store-to-drain-crypto/SH.ITJUST.WORKS
2 JulVim Users Watching Microsoft Like… 😤 #hackerlifeWhen Microsoft announced AI Copilot for Notepad, the cybersecurity community had one reaction: "Seriously?" In this clip, Doug White breaks down the bizarre update with a touch of sarcasm and a whole lot of nostalgia for the good ol’ days of cold, keyboard-driven editors like Vim…YOUTUBE.COM
2 JulGamaredon Unleashes Six New Malware Tools for Stealth, Persistence, and Lateral MovementGamaredon, a Russia-aligned advanced persistent threat (APT) group attributed by Ukraine’s Security Service (SSU) to the FSB’s 18th Center of Information Security, has exclusively targeted Ukrainian governmental institutions throughout 2024, abandoning prior attempts to hit NATO …GBHACKERS.COM
2 JulChinese Student Charged in Mass Smishing Campaign to Steal Victims’ Personal InformationRuichen Xiong, a student from China, has been sentenced to over a year in prison at Inner London Crown Court for orchestrating a large-scale smishing (SMS phishing) campaign. Xiong deployed a sophisticated SMS Blaster device from the boot of his Black Honda CR-V to target tens of…GBHACKERS.COM
2 JulCybersecurity’s New Problem: AI FOMO from the TopThe boardroom is catching AI fever—and cybersecurity teams are feeling the heat. In this short, Jason and Summer Craze Fowler break down a growing trend: executives are mandating AI adoption, often without a clear strategy. The pressure is real, the stakes are high, and cybersecu…YOUTUBE.COM
2 JulNorth Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark CampaignThreat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics. "Unusually for macOS malware, the threat actors employ a proces…THEHACKERNEWS.COM
2 JulCyber Hoarders Anonymous: Confessions from the SOC 🔐Inside every Security Operations Center, there’s always that one analyst who insists on collecting everything. In this brutally honest short, cybersecurity pros joke about the “just in case” mindset that leads teams to hoard logs, threat reports, and every data point under the su…YOUTUBE.COM
2 JulNimDoor crypto-theft macOS malware revives itself when killedNorth Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. [...]BLEEPINGCOMPUTER.COM
2 JulNavigating Heightened Cyber Risks from Iranian ThreatsRecent geopolitical tensions have elevated the global cybersecurity risk landscape and the potential for increased cyber operations demands attention. The post Navigating Heightened Cyber Risks from Iranian Threats appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
2 JulIf ELSA is AI for Health... What’s Next for National Security?The FDA just launched its own large language model called ELSA—and cybersecurity pros are taking notice. In this short, Doug White explains how the U.S. government is now using AI to accelerate clinical protocol reviews and identify high-priority inspection targets. But when AI g…YOUTUBE.COM
2 JulGamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolsetESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024WELIVESECURITY.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
2 JulSmashing Security podcast #424: Surveillance, spyware, and self-driving snafusA Mexican drug cartel spies on the FBI using traffic cameras and spyware — because "ubiquitous technical surveillance” is no longer just for dystopian thrillers. Graham digs into a chilling new US Justice Department report that shows how surveillance tech was weaponised to deadly…GRAHAMCLULEY.COM
🎙️ PODCASTS 1[−]
2 JulRisky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnessesOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Australian airline Qantas looks like it got a Scattered Spider-ing Microsoft works towards blunting the next CrowdStrike disaster Changes are coming for Microsoft’s default enterprise app con…RISKY.BIZ
📡 INFOSEC NEWS 10[−]
2 JulQantas hack results in theft of 6 million passengers’ personal dataQantas, the largest airline in Australia, confirmed the theft of 6 million customers' personal information.TECHCRUNCH.COM
2 JulGrok 4 spotted ahead of launch with special coding featuresElon Musk-funded xAI is skipping Grok 3.5 and releasing Grok 4 after Independence Day in the United States. [...]BLEEPINGCOMPUTER.COM
2 JulMicrosoft: DNS issue blocks delivery of Exchange Online OTP codesMicrosoft is working to fix a DNS misconfiguration that is causing one-time passcode (OTP) message delivery failures in Exchange Online for some users. [...]BLEEPINGCOMPUTER.COM
2 JulDozens of fake wallet add-ons flood Firefox store to drain cryptoMore than 40 fake extensions in Firefox's official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data. [...]BLEEPINGCOMPUTER.COM
2 JulMicrosoft fixes ‘Print to PDF’ feature broken by Windows updateMicrosoft has fixed a known bug that breaks the 'Print to PDF' feature on Windows 11 24H2 systems after installing the April 2025 preview update. [...]BLEEPINGCOMPUTER.COM
2 JulForminator plugin flaw exposes WordPress sites to takeover attacksThe Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. [...]BLEEPINGCOMPUTER.COM
2 JulSpain arrests hackers who targeted politicians and journalistsThe Spanish police have arrested two individuals in the province of Las Palmas for their alleged involvement in cybercriminal activity, including data theft from the country's government. [...]BLEEPINGCOMPUTER.COM
2 JulSAFECOM Releases the Emergency Communications System Lifecycle Planning Guide Suite RefreshCISA.GOV
2 JulIndia’s Max Financial says hacker accessed customer data from its insurance unitThe insurance giant is one of the largest insurers in India.TECHCRUNCH.COM